hacker news with inline top comments    .. more ..    29 May 2014 Best
home   ask   best   5 years ago   
TrueCrypt suggesting migration to BitLocker? sourceforge.net
697 points by dewey  20 hours ago   352 comments top 88
BoppreH 12 hours ago 5 replies      
- Signature is valid, so it's not a defacement. ( http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_dev... )

- The version there works and does not seem to have a trojan, so probably not a regular hacker. ( https://news.ycombinator.com/item?id=7813373 )

- Instructs to migrate to dubious alternatives, so it's not a legit security effort.

- License change, precise instructions and decrypt-only version indicate it's not a completely rushed press release. (license change: https://github.com/warewolf/truecrypt/compare/master...7.2#d... )

- On the other hand the Linux instruction is a joke, so it's not completely well thought either. ( http://truecrypt.sourceforge.net/OtherPlatforms.html )

- The security audit was so far ok, so it's not a sudden vulnerability discovered there. ( https://twitter.com/matthew_d_green/status/47174183672207360... )

- No details whatsoever other than a "may contain unfixed security issues", so it might be an automated release (doesn't know what happened) or gagged reaction (can't say what happened).

- Source code includes unrelated changes, so it probably comes from a developer. ( https://news.ycombinator.com/item?id=7812674 )

If I had to wager a crazy bet, I would go with newly developed Dead-Man's-Switch gone wrong.

Edit: someone on Reddit has an interesting view that it may be a halfhearted attempt at complying with an NSA request ( http://www.reddit.com/r/sysadmin/comments/26pxol/truecrypt_i... ).

Adaptive 19 hours ago 15 replies      
In order of likelihood:

    * Defaced site, timed to screw up a big announcement    * Rogue content maintainer    * Phase II of audit turned up something rather bad      (edit: NO - see tptacek below)
edit: Variations on "developer forced to do this" (cf simmerian's comment):

    * Developer was big brother all along and they are shutting it down    * Security vuln about to be disclosed, dev scrambles to inform (albeit poorly)    * Legally or otherwise compelled to compromise source code,      dev complies and/or nukes project from orbit
The last alternative would be suggested in part by the strange content of the page, assuming it is legit from the developer: Normally I'd expect at least something like "there's a major vuln that is unfixable and we'll disclose formally in a week/two, migrate now.".

timothya 18 hours ago 1 reply      
I just came across this on Twitter: https://github.com/warewolf/truecrypt/compare/master...7.2

This is supposedly the commit for the 7.2 release. Just looks like a bunch of code replaced with the app aborting as insecure.

I'm not sure how legit this is, the repository was just created a few minutes ago. Apparently there is a new binary release that goes along with this, though.

[I've created a fork here just in case the original goes down: https://github.com/timothyarmstrong/truecrypt/compare/master...]

dkokelley 15 hours ago 2 replies      
Is it possible that this is the result of a "dead man's switch" (DMS) set by the developer(s)? Perhaps a (continually updated) process was set up so that TrueCrypt would shut itself down if the developer were unable to prove he or she was still actively maintaining the software.

I can see a couple of scenarios where this would be wise:

A) The developer passes away, leaving nobody else to maintain TrueCrypt. Zero-day 1234 is discovered which compromises TrueCrypt. The DMS activates, depreciating the software and advising users to migrate to another alternative (why BitLocker, I have no idea).

B) The developer(s) is(are) coerced into compromising TrueCrypt in some way. As a part of the coercion, the developer(s) is(are) unable to demonstrate proof of life to the DMS, so the system nukes itself.

Sephr 18 hours ago 4 replies      
Interestingly enough, they also changed the TrueCrypt license.

    -TrueCrypt License Version 3.0    +TrueCrypt License Version 3.1
This lead me to think about the legal implications of changing a software license using stolen signing keys, when signing keys are all that you have to verify that the software is official (such is the case with TrueCrypt and its anonymous authors). If the license is changed, and the package is signed with the same signing keys, can I legally use the new license in derivative software?

The new license removes the following restrictions regarding attribution:

    -    c. Phrase "Based on TrueCrypt, freely available at    -    http://www.truecrypt.org/" must be displayed by Your Product    -    (if technically feasible) and contained in its    -    documentation. Alternatively, if This Product or its portion    -    You included in Your Product constitutes only a minor    -    portion of Your Product, phrase "Portions of this product    -    are based in part on TrueCrypt, freely available at    -    http://www.truecrypt.org/" may be displayed instead. In each    -    of the cases mentioned above in this paragraph,    -    "http://www.truecrypt.org/" must be a hyperlink (if    -    technically feasible) pointing to http://www.truecrypt.org/    -    and You may freely choose the location within the user    -    interface (if there is any) of Your Product (e.g., an    -    "About" window, etc.) and the way in which Your Product will    -    display the respective phrase.

Moral_ 15 hours ago 2 replies      
A very interesting comment from netsec: http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_dev...

This is very strange. I have another theory since I don't believe in coincidences. We don't know the real author of TrueCrypt. I think someone found his identity (cough NSA) and made him an offer like lavabit.com received. This time probably with security classification so he can't talk about that. HOWEVER, if we take a look on diff of his code, we can see two interesting things:

    messages about TrueCrypt not being secure    and the second thing he changed everywhere U.S. text to United States
Do you think that somoene who is closing a project would pay attention to doing such thing? I don't think so. I think that he tried to point a real reason of closing his project by that. I won't be surprised when truecrypt fork appears in TOR network soon...

dewiz 15 hours ago 3 replies      
Suppose that the author received a secret order from a secret court that required the author keep secret the secrecy of the secret order from the secret court. Furthermore, the author was secretly required to turn over his secret signing key to a secret third party.If you were the author, what would you do? Consider your options.One is that you could issue an update with a warning that the program is no longer secure. Even though the program really is, at this moment, secure. The only source code changes are to insert the warnings. But what the warnings are warning you about, but cannot just come out and say, is that the program will not be secure in the future because a third party now has the keys to sign authentic new insecure versions.This wouldn't be unlike Lavabit shutting down. The author is choosing to fall on his sword for the good of everyone.
scott_karana 18 hours ago 1 reply      
Sourceforge seems to have recently updated their password hashing algorithm, so that might hint at the cause of a compromise.Here's the body of the email sent to me on the 22nd:

  Greetings,    To make sure we're following current best practices for security, we've  made some changes to how we're storing user passwords. As a result, the  next time you go to login to your SourceForge.net account, you will be  prompted to change your password. Once this is done, your password will be  stored more securely. We recommend that you do this at your earliest  convenience by visiting the SourceForge website and logging in.    And, as always, be vigilant about password security. Use a secure password,  never include your password in an email, and don't click on links for  unsolicited password resets.    If you have any concerns about this, please contact SourceForge support at  sfnet_ops@slashdotmedia.com    Best regards,  SourceForge Team    ----------------------------------------------------------------------  SourceForge.net has made this mailing to you as a registered user of  the SourceForge.net site to convey important information regarding  your SourceForge.net account or your use of SourceForge.net services.    We make a small number of directed mailings to registered users each  year regarding their account or data, to help preserve the security of  their account or prevent loss of data or service access.    If you have concerns about this mailing please contact our Support  team per: http://sourceforge.net/support

msantos 17 hours ago 1 reply      
Are you sure about the domain www.trucrypt.org ? there's a typo there, no?
david_shaw 19 hours ago 2 replies      
Well - this comes as a pretty big surprise.

Is this real? Is there a known vulnerability that catalyzed this? Money from Microsoft? Threats?

I'm not buying into conspiracy theories, but it does seem pretty out of place.

UVB-76 19 hours ago 1 reply      
8 hours ago on the IndieGoGo TrueCrypt Audit page [1]

> p.s. We hope to have some big announcements this week, so stay tuned.

[1] https://www.indiegogo.com/projects/the-truecrypt-audit#activ...

Torgo 18 hours ago 0 replies      
I tried sending a message to their contact email PGP-encrypted to their public key, asking them for a PGP-signed confirmation. And it came back:

550 5.1.1 <contact@truecrypt.org>: Recipient address rejected: User unknown in local

If they got hacked, it's not just their sourceforge account.

andrewcooke 14 hours ago 0 replies      
i just wanted to say thanks to the truecrypt devs for a decade of largely unthanked and criticised work that, as far as i can tell, has been impressively reliable.

[kinda disappointed that, despite arriving so late to this thread, no-one seems to have said this.]

rgaloppini 17 hours ago 1 reply      
Providing some details from SourceForge:

1. We have had no contact with the TrueCrypt project team (and thus no complaints).

2. We see no indicator of account compromise; current usage is consistent with past usage.

3. Our recent SourceForge forced password change was triggered by infrastructure improvements not a compromise. FMI see http://sourceforge.net/blog/forced-password-change/

Thank you,

The SourceForge Teamcommunityteam@sourceforge.net

tptacek 19 hours ago 1 reply      
Well, if red Times New Roman on a Sourceforge page says so...
computer 18 hours ago 2 replies      
> WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

I see many readers here and on Twitter who interpret that as "TrueCrypt has security issues". That's not what it says. It says that it might be insecure. That does not make too much sense right now, but considering this webpage would be meant to stay up, unchanged, for years, that makes a lot more sense: security problems may be found, and will not have been fixed in the version on the page.

So, it's a deprecation warning, not a security issue warning.

eli 19 hours ago 1 reply      
The advice for Linux is "Search available installation packages for words encryption and crypt, install any of the packages found and follow its documentation."

So... just any of them, then? Sure, ok.

dpeck 19 hours ago 0 replies      
Best advice is for everyone to sit tight and not do anything for at least 24 hours. You'll be saving yourself a world of heartburn.
toyg 16 hours ago 3 replies      
Interestingly, an Infoworld review of the recent TrueCrypt audit [1] says: "One major issue was how compiling TrueCrypt from source required the use of an older Windows build environment that's noticeably out of date [...] using a shockingly old version of Microsoft Visual C++ released in 1993."

Align this with what the TC website says now: "development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP."

Could it be that the original developer is somehow unable to update the build process to work on newer OSes, or unwilling to do so? Maybe they don't trust any VC++ released after 1993, and that version is probably not going to work on Windows 7 or 8.

[1] http://www.infoworld.com/t/encryption/sloppy-secure-open-sou...

andre 19 hours ago 0 replies      
Wikipedia entry was edited and reversed with similar message: https://en.wikipedia.org/w/index.php?title=TrueCrypt&action=...

By "Truecrypt-end" user: https://en.wikipedia.org/wiki/Special:Contributions/Truecryp...

ctb_mg 42 minutes ago 0 replies      
From Matt Green's twitter. "This is Truecrypt's advice on creating an encrypted Mac disk image. Encryption: none."


Netcob 19 hours ago 1 reply      
This is creepy as hell.

No mention of why it's supposed to be not secure - it's an open source project so it would be easy to point to a specific vulnerability. All of this shortly after passing audit. There are detailed steps towards switching to supposedly secure closed-source solutions by companies known to be working closely with the NSA.

Also, since when do open source projects suddenly decide they are not as good enough as a closed-source alternative and then stop the project? Are we in danger of seeing a similar message on the homepage of LibreOffice and OpenOffice, declaring that you should switch to Microsoft Office?

I can't even begin to imagine a valid scenario in which something like this would be put up by the developers, with no pressure other than some fatal security flaw about which they just really don't want to talk.

harrystone 19 hours ago 1 reply      
Call me paranoid but this just looks like really good evidence that Truecrypt was secure.
ACow_Adonis 19 hours ago 1 reply      
I remember TrueCrypt from several years ago when I was looking into various options for encryption. Haven't used encryption for a while, but if this is true, is there now an encryption software/service that doesn't involve being authored by a large corporation in the country that gave us the NSA, and which allows things like hidden volumes/partitions, algorithm choices, and use with various portable devices?
filmgirlcw 19 hours ago 0 replies      
This doesn't pass the smell test. Either there was some underlying political reason for this migration or someone hijacked the DNS.

Anyone know who the main committers/project leads are so we could reach out for comment/clarification?

tachion 4 hours ago 0 replies      
Time for OpenTrueCrypt AKA LibreTrueCrypt? Theo, we're ready and we're waiting! ;)
sp8 17 hours ago 1 reply      
I'll leave others more knowledgeable in such things to comment on the legitimacy of this, but one practical thing I'll note: the assertion on the site that Windows Vista/7/8 has support for encrypted disks is only half true. Quoting from Wikipedia [1] "BitLocker is available in the Enterprise and Ultimate editions of Windows Vista and Windows 7. It is also available in the Pro and Enterprise editions of Windows 8."

Since a lot of domestic users will be using Home or Home Premium versions of Windows, and as one of those users who uses Truecrypt for full disk encryption, this does not leave us with as easy a migration path as this site now suggests.

[1] https://en.wikipedia.org/wiki/BitLocker_Drive_Encryption

notlisted 19 hours ago 0 replies      
I recently came across this link (Apr 15 2014) [1] which references [2]. Wonder what happened.

[1] http://www.infoworld.com/t/encryption/sloppy-secure-open-sou...

[2] https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_A...

braum 19 hours ago 1 reply      
I'm really confused. Which isn't unusual really, but in this case I think it is understandable.
Tomte 19 hours ago 3 replies      
Turning on Bitlocker has been on my TODO list for quite some time now, but to me the real value of Truecrypt wasn't full disk encryption, it was having encrypted volumes and mounting them on a as-needed basis.

And how do I handle sensitive stuff wrt backups? I could burn a Truecrypt volume to a DVD or Blu-ray. I cannot do this in any way with Bitlocker, can I?

UVB-76 18 hours ago 1 reply      
Suspicion this could be related to the NBC News Snowden interview to be aired tonight?
dewey 19 hours ago 0 replies      
OP here, I came across this link via this Tweet [0] and it's probably a good idea to stay away from the linked TrueCrypt version on the site. It's version 7.2 and afaik the last version for Mac was 7.1.1 (At least that's what I installed recently).

I really hope it's "just" a defacement/DNS issue.

[0] https://twitter.com/maclemon/status/471727027356434432

Edit: Just saw the comment that they are properly signed. I'll just sit tight and wait for an announcement then.

lawl 18 hours ago 1 reply      
If this is true it's time to fork I guess. Though I remember TC having a weird license. Anyone knows to what extent TC would be forkable?
kirab 18 hours ago 1 reply      
Could it be related to this announcement from yesterday: "just yesterday we added the ability to extract cached Truecrypt passphrases from Linux memory dumps."


tux3 6 hours ago 0 replies      
Repost from 4chan, there's a silly coincidence in the warning.

>WARNING: Using TrueCrypt is not secure as it may contain unfixed security issuesThat's worded awkwardly.>Not Secure AsEmphasis on the NSA in "not secure as">WARNING: Using TrueCrypt is NSA it may contain unfixed security issues.

lucb1e 17 hours ago 1 reply      
The interesting thing about this is how everyone is going on about there being no cross-platform alternative. Really, is Truecrypt the only available option? Because that's a pretty sad state of affairs then; there needs to be only one unnoticed bug and pretty much all full disk encryption is broken. Unless you want to chain your data to Microsoft, that is.
Canada 15 hours ago 1 reply      
I've always found it sketchy how the maintainers remove old versions.

Now seems like a good time to:git clone https://github.com/DrWhax/truecrypt-archive.git

evunveot 18 hours ago 0 replies      
According to this http://dnshistory.org/dns-records/truecrypt.org the A record for www.truecrypt.org hasn't changed (still resolves to So not a DNS hijack.
mschuster91 19 hours ago 3 replies      
In case this is legit: Bitlocker so far so good, but neither Bitlocker nor any other crypto solution offer plausible deniability (aka hidden volumes).
dpeck 19 hours ago 0 replies      
Site seems to be getting close to bandwidth quota and returning error occasionally. image mirror from @FiloSottile, https://pbs.twimg.com/media/Bov18I1IYAEGFEb.png:large
jshb 17 hours ago 0 replies      
Perhaps the TC devs were ticked off that this audit kickstarter/indiegogo has netted so much money none of which goes to the devs. And this is their way of not playing along with the whole shenanigan.
Shorel 12 hours ago 0 replies      
It is the only full disk encryption software currently used that offers plausible deniability.

Plausible deniability is the key here.

It think the FBI and/or the NSA bullied the developers and forced them to this.

yk 18 hours ago 0 replies      
Just trying to make sense of the news, ( did I miss something, or is this the current state of the rumor mill?)

1. Truecrypt.org redirects to TrueCrypt's sourceforge account.

2. The sourceforge page is defaced.

3. There is a signed(?) binary which can only be used to migrate.

Sounds remarkably bad ( and remarkably much effort for the lu1z.) So is there a defined version for the audit? ( Such that there is a known good version to roll back to?)

ParkerK 10 hours ago 0 replies      
I'm not too up to date on TrueCrypt, but are the authors of the project known? Or is their identity unknown? Can they be contacted in any way, or is there anywhere they post often?
secfirstmd 4 hours ago 0 replies      
This entire situation creates a real headache for people who train human rights defenders, activists and journalists. Quite a lot of the material, lessons etc rely on TrueCrypt (even though many of us had suspicions about it.)
Tomte 19 hours ago 3 replies      
Is that real? Is the web page just defaced?
edwintorok 19 hours ago 3 replies      
So what was the point of raising money to audit TrueCryptif they knew they would shut it down once XP was EOL?In fact why didn't they announce this earlier?
brunorsini 13 hours ago 0 replies      
Can't help but think of Marco Arment's point about free applications... Sigh. Just wish I could throw a bit of money at them now to stop whatever the heck is going on here (and yeah, I know I probably could have donated before but fact is I didn't).
enscr 10 hours ago 1 reply      
If I take this message at face value and decide to switch to BitLocker, can someone answer this.

Dropbox + Truecrypt take full advantage of block sync & block encryption i.e. if a tiny piece of data is modified inside an encrypted container, only the relevant blocks are synced on update. Dropbox does not need to sync the entire container each time. This is a very useful feature. I know Google Drive & OneDrive aren't that smart.

Will bitlocker + Dropbox work the same way?

rian 13 hours ago 1 reply      
If you're looking for actively developed cross platform free software alternative: http://www.getsafe.org/
myth_buster 18 hours ago 0 replies      
Screenshot before the site went down.


jpswade 6 hours ago 0 replies      
This is a call to look at BitLocker very closely.
opendais 18 hours ago 0 replies      
It doesn't appear to be related to the Audithttps://twitter.com/matthew_d_green/status/47174183672207360...
ChrisAntaki 18 hours ago 1 reply      
Perhaps it's time for a fork.
nodata 7 hours ago 0 replies      
My money is on setting a very weak password on the sf.net account to allow trust in the project to be reduced. This allows them to comply with an NSA order.
Ayaz 8 hours ago 0 replies      
I was wondering: That page on SourceForge with the warning wasn't put up only yesterday, was it? Because, I could've sworn I came across that page several days ago (or even more) and when I saw people talk about the page allegedly being a hoax yesterday, I couldn't help but wonder why it was discovered all of a sudden only yesterday and not before.
morepyplease 19 hours ago 1 reply      
A significant concern of mine with this is that Windows 8 has support for syncing your bitlocker encryption keys with microsoft. If privacy is something a user is seeking, how easy would it be to subpoena bitlocker keys for a user under duress?
thrillgore 19 hours ago 2 replies      
I missed the part where this document lists the vulnerabilities in TrueCrypt.
zufallsheld 19 hours ago 0 replies      
Must be fake/ a hack. It wants you to download Truecrypt 7.2, but according to Wikipedia[0] and other download-portals the most recent version is 7.1a.[0}https://en.wikipedia.org/wiki/TrueCrypt
x0jar 18 hours ago 0 replies      
Just did a quick search and came across this:


I find it very odd that this person also mentions BitLocker... Anyone know who this Peter Kleissner is?

tehabe 16 hours ago 0 replies      
For me the most weird thing is, that the authors of the current text on the website are mentioning the end of the XP support as a reason.

Am I the only one who things that is odd?

redfhendrix 17 hours ago 2 replies      
Back and forth speculation is great and all, but does anyone know of a solid alternative to TrueCrypt? Perferably open-source but at the very least not a potential government lap-dog like Microsoft?
zomg 19 hours ago 0 replies      
wow this is a kick in the nuts. i've been using truecrypt for years. i probably won't stop just because development has ceased... but i'm still curious to know what the real story is behind this. seems sketchy.
jamesgeck0 19 hours ago 2 replies      
I'm seeing a message, "This project has been temporarily blocked for exceeding its bandwidth threshold."

Does anyone have a cached version?

unsignedint 19 hours ago 1 reply      
One thing I have noticed is that the version they have on this site is 7.2, and if I remember this correctly, it was 7.1a that was on the truecrypt.org (checked a few days ago...)

So they've put up a new version and telling us it's for migration only?

N0joke 14 hours ago 0 replies      
If the developer wanted to 1) motivate a fork, 2) maybe abandon the license under the guise of "he dare not reveal himself for the purpose of enforcing it", and 3) still keep the TC-hugging ciphernerd throngs willing to use the forked software by suggesting an alternative so unpalatable, then he might take actions like we've seen here; and the results might be that he could 1) come out of hiding as some "new" project lead, 2) license it differently, and 3) have a huge, loyal user base. This means he might now be able to participate in funding campaigns like the Audit's and make money from licensing it to, for example, commercial enterprises, without generating too much outrage.
mrmattyboy 19 hours ago 2 replies      
Why have they only talk about how to secure a partition in Windows. Would the developers, or persons who took over the project, not care about other operating systems?!

Of course, by 'they', I mean the fake development team that the hijacker of the site wanted to portray... no way this is real

thorrr 12 hours ago 0 replies      
Interesting github project:


od9 17 hours ago 0 replies      
Maybe it wasn't someone's account being compromised, maybe some of the developers got into a huge disagreement and one of them did this as a kind of "fuck you, I'm done" to the rest of the team.
aaron695 16 hours ago 0 replies      
State sponsored hacking?

I'd think it's to organised for a defacement (re-written code, signed binaries, two sites compromised). I can't see money being made, so can't see criminal.

That kinda leaves a state sponsor with the organisation skills and commitment. It gets to create doubt about the product and slow it's uptake down.

Or it's real :/

therealmarv 17 hours ago 1 reply      
Maybe it is time for LibreTruecrypt ;) like LibreSSL !
ioseph 11 hours ago 0 replies      
The OSX instructions are particularly hilarious: encryption - none..
luciusf 4 hours ago 0 replies      
Why not turn this around (for fun):It was developed by agencies all the time, and someone from within (snowden fanboy) decided now to blow it up.

So it's not defacing, but dedefacing -or so ..

cr4zy1 10 hours ago 0 replies      
I just hope that light will be shed on this sometime soon so the speculation will stop. If you guys have looked at the audits you can see that if there are any ones that can cause harm you need administrator level access, and by that point why try to break into truecrypt by screwing with volume headers when you could just install a bloody ASM keylogger and call it a day.

I honestly think that the government is behind this fiasco, nobody just ups and leaves a massive project used by millions without leaving a valid note.

pasbesoin 17 hours ago 1 reply      
So... the best course is likely a bit of patience. However, is there any way to establish some trustworthy mirrors of 7.1a for those who need it while this is still in the course of blowing over?

(I'm just bringing up some new machines, myself -- I'll have to hunt a bit for local copies from the last time I downloaded (legitimate copies of) the 7.1a version.)


P.S. For two recognizable names/sites (to me, at least) near the top of a Google search, FileHippo and CNET are hosting Windows .exe intallers for 7.1a . No signature files, though. And with CNET (download.com), as I seem to recall and last I heard, they practice wrapping the actual product installers inside their own crapware installer.

dewiz 19 hours ago 0 replies      
This doesn't make any sense, and why just MS ?
ausjke 18 hours ago 0 replies      
what about the enterprise-class ecryptfs? it works at the filesystem level instead of block(hard-drive partition) level though.
EGreg 17 hours ago 0 replies      
What about for the Mac?
bak3dj0 19 hours ago 0 replies      
Wow this is a real surprise
rx4g 19 hours ago 0 replies      
inb4 LibreCrypt
Technophobe 18 hours ago 0 replies      
Even if this is not real, it reduces my trust in the TrueCrypt team (since they were able to get hacked).
xenadu02 16 hours ago 0 replies      
Seems like a state-financed targeted attack. It only has to last long enough to get the target (a user of truecrypt) to switch off it. My guess is whoever they are going after is being inundated with links to the page. They must also be a Windows user, since they took great pains to demo how to move the data.
Ihmahr 19 hours ago 0 replies      
The poor Czech guy who wrote TrueCrypt and had the pgp keys will be found hanged with his finger nails removed.
gldsmth 18 hours ago 2 replies      
I don't see why so many are jumping onto conspiracy theories. Truecrypt, like the page states, has become redundant with built-in OS offerings. While it could be used for other things, the main reason/drive behind its development was the Full Disk Encryption feature, which has only ever worked on Windows, and has only ever truly been "necessary" for Windows XP users. Windows had bitlocker for FDE since Vista, Mac OS X had FDE built-in with Filevault 2 since Lion, and linux since installers started shipping with dm-crypt built-in. Like it or not, with Windows XP being obsoleted there isn't much drive left to develop something like Truecrypt. Just use the built-in OS features.
diminoten 19 hours ago 2 replies      
There's no way this is legit, but if it is, what other kind of cross-platform solution is available? I need to be able to encrypt/decrypt on all 3 major OSes.
Just press go: designing a self-driving vehicle googleblog.blogspot.com
484 points by cloudwalking  1 day ago   304 comments top 43
revelation 1 day ago 7 replies      
The comments here are rather disappointing. It doesn't have manual controls? Well thats the point! I want to leave my crap in it and paint it some ugly color? Get with the times, young people already opt to not own cars. I can't double park in the city? Why are you imposing your steel box on people living in cities, many of which do not own cars and want walkable streets?

I mean, this is the news website for a startup accelerator. If you are on here, have some appreciation for new ways of doing things. To disrupt the status quo is the very goal. If you ask for perfection from day one, we will never get anywhere.

These cars have the potential to massively reduce traffic fatalities (one of the biggest remaining killers) and make cities useful again to the people that actually live in them.

rquantz 1 day ago 18 replies      
It seems like a mistake to remove manual controls entirely, not necessarily because of safety concerns, but because there are a fair number of times when you need the car to go somewhere without having a route. I'm thinking of things like:

Moving your car ten feet so somebody else can get out of the driveway; handling double parking during alternate side parking hours; moving the car because you were waiting to pick someone up in a no-standing zone and a cop just pulled up behind you; moving the car to just the right spot so grandma doesn't have to walk any more steps than absolutely necessary; parking on a lawn for a party or concert; backing up to just the right spot so you can hitch up a trailer.

The list could go on forever, and that's the point -- you can surely automate away some of these tasks, but there is an infinite multiplicity of things that need to be done with a car, and having to point them out on a map in order to get the car to do them, or even use a joystick to do it, sounds like an obnoxious chore.

Edit: to those who disagree with me by pointing to a utopian future of car sharing for everyone and no one even being able to drive, that's fine I guess, but this seems to be suggesting that the very first generation of these will be without a steering wheel, when very few people will have these cars and all of the problems I listed will still exist. Even if your ultimate goal is for passengers to be completely dependent on the AI for navigation, that's just not going to be an option when these things roll off the lot as soon as 2016.

jpatokal 1 day ago 4 replies      
Given that they're capped at 25 mph, these are legally "low-speed vehicles", not cars, which means they're way less regulated.


dustinupdyke 1 day ago 3 replies      
When the man with glasses gives his perspective, the enablement hits you. If you've any humanity, you feel the potential this technology brings to so many.
noahl 1 day ago 1 reply      
I think the biggest news was this sentence:

    If all goes well, wed like to run a small pilot program here in California in the next couple of years.
This is the next step in their very slow but, apparently, very steady march towards real self-driving cars that anyone can buy.

c23gooey 1 day ago 5 replies      
I feel as though they really havent embraced the driverless concept with their prototype.

Why have seats that are fixed and facing forward?What about a couch?Why is there a dash?

The people in the video are essentially watching the car drive itself, when they could be doing anything else.

There are probably a multitude of reasons why the things above are the way they are. However, the prototype seems like just another car to me.

Also, off-topic, but can we have a google/product launch video without the corny piano soundtrack.

Oculus 1 day ago 4 replies      
Tesla (or insert company willing to go big on electric cars) and Google really need to team up on this. Self driving cars have the potential to completely do away with owning personal cars. Imagine a new public/private service that allows people to travel where & when they want without having to deal with the hassles or cost of owning a car. With the added centralization, the headaches that electric cars cause can be eliminated with a bit of logistics planning (cars are interchangeable so low battery cars can go straight to a charging station instead of wait for their owners to take them to one).
bitL 1 day ago 4 replies      
One of the few pleasures of modern world is now slowly being removed! :-D

I guess I will treasure my memories of driving Lamborghini Murcielago over 200mph forever and will tell my grandchildren there was a time when you actually could drive a car yourself!

And to those that argue young people don't want to own the car - it's mostly about not wanting to spend your life commuting, hunting parking spots or in traffic jams, and frankly, daily driving to work in the States is as boring as it can get.

I don't own a car, I rely on public transport which is usually faster in European cities than driving your own car, allowing me to work on a lot of stuff while traveling. Whenever I need I rather rent a car - it's newer, serviced, no hassles and I can try different cars at will. From that point of view self-driving vehicle is wonderful (if it becomes eco-nomical/logical), though as a car-geek and F1/CART fan I really love to drive for pleasure.

socrates1998 1 day ago 1 reply      
This is going to change the world.

No more car insurance. Vastly fewer driving fatalities. Shared cars. Less parking problems.

I can't wait. Just take my money already.

moca 1 day ago 0 replies      
It is easy to explain no manual control. Google will include insurance cost into the service itself. If there is any accident, Google's insurance plan will cover it. If there is manual control, the insurance cost will be a mess, since you have to factor in the driving record of the person who is in the car. This alone would be a show stopper.
beefman 1 day ago 1 reply      
Looks like it has no trunk, which is a huge use case for self-driving cars. How many trips do you make just to move things around? How much of what you own would you rather rent if you could have it delivered within 15 minutes? Then there's the economics of prepared meal delivery... I'll be surprised if passengerless cars don't outnumber passenger cars in 20 years.

As for moving people, a significant part of city bus fares goes to driver salaries. And other vehicles tend to avoid buses / don't rely on making eye contact with bus drivers. And buses follow predefined routes. So it's surprising to me that Google is going for private cars instead of city buses as a first market.

Mister_Snuggles 1 day ago 3 replies      
This will eventually make non-automated driving sort of like a manual transmission (in North America) - something you get because you either specifically want one or because it's all you can afford (I'm probably way over-generalizing). Eventually, just like the automatic transmission, the self-driving car will be the default for most people.

I don't imagine that we'll get away from people who drive because they find it enjoyable any time soon.

kibwen 22 hours ago 0 replies      
Without manual controls, what mechanism do they use to drive it into and out of the trailer as seen at the beginning of the video?
furyg3 1 day ago 1 reply      
In Amsterdam, I'm a big user of car2go.

These are little electric smart cars which you can rent by the minute. For times when I don't have my bike nearby, or the public transport is not handy.

These are basically little smart cars which drive themselves, which would be perfect.

WalterBright 12 hours ago 0 replies      
I'm going to be sorry the day they outlaw manually driving a car.
enscr 1 day ago 3 replies      
The video shows a rotating camera at the top of the car that's scanning for objects (I guess). What's the advantage of a mechanical rotary movement over an array of cameras that give a continuous 360 degree view (e.g. the street view cars)?

Update : Found a link : http://www.pcmag.com/article2/0,2817,2402516,00.aspIn an interview last week, Stuart Woods, the executive vice president of Velodyne, which manufactures the LIDAR (Light Detection And Ranging) rotating module that sits atop Google's autonomous vehicles, said that his company has started developing prototype security systems that could be trialed within the next year. The Velodyne LIDAR HDL-64E and HDL-32E modules use an array of either 64 or 32 lasers to electronically "see" the environment, Woods said. On Google's car, the module is set inside a rotating drum. Its lasers complement Google's own mapping software and GPS data, which help orient the car on the road. The LIDAR provides additional positional data, but also identifies other cars, bicycles, pedestrians, and road hazards.

jabelk 1 day ago 2 replies      
I wonder whether they will first become available as a product that individual people can buy, or if Google will open some sort of service where you can sign up for a monthly "car plan" for X miles. Or maybe partner with a taxi company/Uber, where you pay per ride but the cars are driverless. I imagine all 3 models will be tried at some point, and it'll be interesting to watch their development and which one eventually dominates.

Also, commuting could be done so much more efficiently. Imagine a fleet of 1 person cars that pick you up in the morning, drop you off at a more central location (than your house), at which point you get on a higher capacity (driverless?) vehicle - bus or van maybe - for the trip into the city. And the bus unloads into another central area, with another bunch of small cars taking people to their offices. I'd use the bus if it never stopped, and that system would be almost as fast as driving yourself. Heck, it'd probably be much faster, because the hordes of people people sitting alone in their sedans would be consolidated and eliminate a lot of highway congestion. Not to mention cheaper, and better for the environment (less gas).

I haven't heard much about addressing the legal and regulatory issues driverless cars are going to have to overcome, does anyone have more information on that? Obviously something will have to be done for when the car wrecks or malfunctions and damages something.

spankalee 1 day ago 6 replies      
So far Google's self-driving cars have been designed to have the driver take over in certain situations. I wonder how that works without a steering wheel and pedals. Are the cars manually drivable at all?
MichaelMoser123 1 day ago 1 reply      

right now google already knows where we have been; with the car they will know where we are going to;

The car as a tracking device, pure genius.

artumi-richard 1 day ago 1 reply      
Will there come a time when you can just cross the road whenever you choose knowing that all traffic will stop, without fail, automatically?

I think the driverless car will actually make more of a difference to the typical pedestrian than the typical car occupier.

allochthon 22 hours ago 1 reply      
They wont have a steering wheel, accelerator pedal, or brake pedal because they dont need them.

I like the self-driving prototype. But this comment brings to my mind a situation where police operators or organized crime override the car's controls and reroute it to an alternative destination. A manual override, perhaps no more than an emergency brake, would be really nice if you thought something weird was going on.

tjmc 1 day ago 1 reply      
I think Google could reach their goal faster if they started with more controlled environments - such as baggage vehicles at airports or mining trucks. There are plenty of people in my part of the world who are paid six figures to drive a truck up and down the same road of a mine all day.
kamaal 1 day ago 1 reply      
It will be good if we can see these cars tested on the streets here in India. India is an amazing test bed for this kind of an application. Narrow roads, haphazard traffic, undisciplined crowd and driver behavior, kids playing on the roads, obstructions, potholes, animals on the roads etc etc.

This will make an amazing place to test this set up.

Plus India is an amazing business opportunity, given the overall scale of the economy here.

josefresco 1 day ago 0 replies      
Best part of the embedded video, and a moment sure to bring a smile to the engineer's faces is at 1:45. No amount of data can give you that sort of useful feedback.
sown 1 day ago 3 replies      
It seems like they would eventually have a four-seater version but the bench seats could face each other.

What a simple thing but so different. Maybe like suicide-doors used to be common in the US but they're such a novelty now.

gdas 1 day ago 4 replies      
I'm thinking about this basic idea: We have, in this case, a machine that is doing the job that a human driver would do - A machine replacing a man.

My question is: Should we be happy about this? Or should we be sad?

This time, we have a machine replacing a driver. In the future we may have machines replacing teachers, doctors, carpenters, artists... even lovers and machine makers.

So, my question remains: Should we be happy? Or should we be sad?

Normally, in science fiction movies, when the machines become intelectually smarter than humans, they try to destroy humanity.

But if, in the real world, they just become smarter than us, and just replace us in every activity. Then, what would we do?

abc123xyz 1 day ago 1 reply      
Am I the only who actually enjoys driving (good cars)?
rollthehard6 1 day ago 1 reply      
Personally, I find it disappointing that this is perpetuating the inherent inefficiencies of the car concept, carrying a small number of people, usually a single person. The ultimate end game where cities are full of autonomous taxi vehicles that aren't owned, but paid for by usage makes sense though. You fire up an app / web link or SMS and a car appears within 5 minutes, drops off someone else and takes you on your way. Provided folk don't leave too many empty beer cans in the back seat...
malandrew 1 day ago 0 replies      
One question I'm curious about is whether or not we will shift to having seats in a different configuration such as having people sit facing each other. Furthermore I'm curious what factors will contribute to one configuration over another.

factors that may matter:(1) safety

(2) situational interaction (meeting, road trip with family)

(3) social norms (what are we used to. e.g. the french sit next to each other in cafes, but americans sit across from each other)

(4) motion sickness

(5) ???

nether 21 hours ago 0 replies      
I wonder if they'll ever get the vehicle below $200k with the 64-beam 360-degree FOV LIDAR.
jstclair 1 day ago 1 reply      
Anyone else wonder why a self-driving car needs side-view mirrors?
dba7dba 22 hours ago 1 reply      
I think many people against Google self-driving vehicle are worried about privacy issue. Well I say please bring out the self-driving cars asap.

IMHO, big part of the first wave of customers to buy self-driving cars will be older drivers who are not allowed (or choose to) drive on their own. My parents are able to drive on their around now but are already getting worried about the day when they can't drive around on their own. They would appreciate a self-driving car.

Only issue for google would be that they won't be providing any useful data to google with their destinations and they are not really online but oh well...

dave1619 1 day ago 1 reply      
Hmmm, will Google go into manufacturing their own cars or will they stick with software and license it to other manufacturers?
waterlesscloud 1 day ago 0 replies      
It's so cute! Look at it! It's even got a happy face! It's totally not a life-threatening robot of doom!

And it promotes family talking time! Just like fast food restaurants in recent episodes of Mad Men!

Sorry. It really is a slick ad for a neat product, I just can't resist noticing how they position it.

doc_holliday 1 day ago 0 replies      
Can't wait till these work on country roads!

Would really free me up from living in the city I work. Can get work and other things done on the commute to work. Or live miles away and telecommute work most days then travel overnight whilst sleeping for times I need to be in the office.

Best yet, I can go on nights out without worrying about driving home / paying taxi.

The other maniacs and safety of country roads has always put me off commuting from rural areas, but this really changes that!

bluthru 1 day ago 0 replies      
I can't believe I didn't realize this earlier: When you have nothing in front of you, there's no need for an airbag!
whyleym 1 day ago 0 replies      
The biggest problem I see here is that if all cars on the road were self driving then you have more control. The issue is when you mix human behaviour and error into the mix. The first fatal or near fatal accident with self driving cars could be the end before it's even started.
sidcool 1 day ago 0 replies      
>They wont have a steering wheel, accelerator pedal, or brake pedal because they dont need them. Our software and sensors do all the work

This sounds amazing.

tejaswiy 1 day ago 1 reply      
I find it cute how most of the people still are not comfortable taking their eyes off the road.
petercoolz 1 day ago 0 replies      
This warmed my heart. And thinking about it from a business perspective, not everybody needs to own their own self-driving car. Ie. it can self-drive itself home for use by the next person. Which means economically, the car price can be many multiples of the cost of current cars (imagine a $100k car that is shared between five families rather than five families each with their own car).
higherpurpose 1 day ago 0 replies      
White one looks better. Overall design not too bad, especially if they want them to be immediately recognizable.
stephengillie 1 day ago 0 replies      
Please hire me!
SilasX 1 day ago 3 replies      
Forgive my crankiness, but: Does this say anything that the casual follower of self driving cars doesn't already know? All I got out of this was:

- Self driving cars would be awesome, for well known reasons.

- We have to use a lot of good sensors to make this work.

- It's an interesting problem.

Introducing Socket.io 1.0 socket.io
410 points by rafaelc  21 hours ago   70 comments top 37
tlrobinson 20 hours ago 2 replies      
I like the separation of the transports into engine.io, however it would be even better if it exposed a standard Node.js Stream interface so that it played nicely with the growing ecosystem of Stream-related modules.

Dominic Tarr, substack, and others have been advocating this idea for awhile: https://github.com/substack/stream-handbook

Gluing together various types of streams and stream transformers is a really nice way to build certain types of applications.

Fortunately it should be easy to write a Stream compatible wrapper.

laxk 32 minutes ago 0 replies      
As I understand if I want to use socket.io client API I have to run node.js as a container for socket.io server side code and then I can create a new emmiter for my server language (similar to PHP example in the article) Is it correct?

Is it possible to create own implementation of socket.io server side code?

Oculus 18 hours ago 2 replies      
The undoubtable mention of SockJS will appear multiple times in this thread. Socket.io has been plagued with scalability issues since its original release (can't speak on the new version) and Engine.io is suppose to be fix that. The main difference between SockJS & Socket.io is their connection establishment. SockJS begins by attempting to use Websockets and regress to long polling while Engine.io starts with long polling and slowly works its way up to Websockets.

For a good debate on this with the creator of SockJS: https://groups.google.com/forum/#!topic/sockjs/lgzxVnlth54

lucidrains 21 hours ago 1 reply      
I've since switched to SockJS for all of my projects (after struggling with memory issues in Socket.io 0.9.*). Any compelling reasons to give Socket.io another try?
evantahler 20 hours ago 2 replies      
Congrats on the release! I know this was a long time coming.

A scalability question:

You note "Turn on sticky load balancing (for example by origin IP address). This ensures that long-polling connections for example always route requests to the same node where buffers of messages could be stored."

I read this to mean that we are responsible (in our load balancer/proxy/etc) to keep connections from clients returning to the same server. This is OK, but what about nodeJS clusters? How should I ensure that client A always connects to cluster-node member 3?

Related section of the blog post: http://socket.io/blog/introducing-socket-io-1-0/#scalability

woah 21 hours ago 2 replies      
Have you guys dealt with the 3-year clustering bug? https://github.com/Automattic/socket.io/issues/438

Would be pretty hesitant to use it until there's some sort of closure on this.

ivank 20 hours ago 0 replies      
You need mandatory ACKs in both directions if you want to implement a reliable stream over HTTP requests. Otherwise, data can get lost in several scenarios, including: server responds to a long-poll request, connection breaks before client receives it, server assumes the data arrived, user never sees the message. Instead of having an ACK for every message in both C2S and S2C directions, socket.io implements some kind of bizarre optional-per-message ACK functionality that you manage with callbacks. There are libraries/protocols that do this right, including Closure Library's BrowserChannel.
uses 20 hours ago 2 replies      
Something about this site just kills both Firefox and Chrome on my Windows 7 computer: everything becomes choppy and laggy, even outside the browser. On both browsers, things return to normal when I close the tab.

Task Manager shows no unusual CPU activity beyond the initial page load.

xhrpost 20 hours ago 1 reply      
I've used Socket.IO quite a bit, congrats on shipping! Did the issue/"lack of feature" get fixed where not all transport methods fire a disconnect event? That was especially a pain on a recent project, ended up forcing websocket only to get around it.EDIT: Ack, I should probably clarify this better. The issue is that a client disconnected is not determined by the server. The server waits for the client to send a disconnect event to it prior to leaving the page. This is particularly a problem on iPad where the event will not fire for certain transports so disconnect doesn't fire when you shut off an iPad unless websockets are actively used.
liamk 21 hours ago 0 replies      
This was a long time coming! I'm very happy to see socket.io 1.0 finally released. Pre-1.0 had some deal-breaking technical issues, such as starting with websockets and falling back to polling. I think the new approach is starting with polling and then seeing if a) websockets are supported by the current browser and b) messages sent via websocket are received by the server (a firewall might prevent this).
mmcclure 18 hours ago 0 replies      
I knew things were changing in 1.0, but there are a lot of things mentioned in that blog post that seriously make me giddy. I'm really, really excited to play with this tonight.

Also, incredible job on the new website. Seriously love it. All around great work, if there was a Gittip button on the website I would have already clicked it.

Timmmmbob 20 hours ago 2 replies      
This seems like a good place to ask: Does anyone know of a library (preferably C++/Emscripten) that simplifies using WebRTC to create real time network games?
emp_ 20 hours ago 1 reply      
I wish there was more info on the CS 1.6 demo, is there an address to look at it?

EDIT: found it at http://socket.io/demos/computer/

talyssonoc 4 hours ago 0 replies      
Seems pretty good, and faster than the previous version, but:

- Changed some things (method names, and so on) with no reason- It's not possible to use a custom logger anymore- I can't access the list of rooms anymore (or it changed and they didn't documented it yet)

Somebody else ?

mkoryak 11 hours ago 1 reply      
demo on http://socket.computer - err, I knew new TLDs might be fairly annoying but didnt think they would totally break my brain's URL parser.

At first I thought that the article's author forgot to replace an intranet link.. nope its a new tld here to mess with our heads!

jeffasinger 18 hours ago 0 replies      
I'm really excited about this.

Anyone know of any projects working towards getting this new version to work on native iOS/Android?

ef4 20 hours ago 0 replies      
I've been using engine.io directly in production for quite a while, and it's been stable and reliable. Glad to see this release, having the option of going back to the higher-level socket.io api is welcome.
8ig8 14 hours ago 1 reply      
It sounds like Automattic deserves some thanks for their support on this. Thank you.
rationalthug 19 hours ago 0 replies      
How does the binary support/performance and streaming support (with socket.io-stream) compare to other web socket libs like https://github.com/binaryjs/binaryjs, https://github.com/einaros/ws and https://github.com/maxogden/websocket-stream ?
buckbova 21 hours ago 0 replies      
This is exactly how I've always wanted the web to work. i've spent some time with socket.io working through "nodejs in action" and I can't wait to use it for new apps.
arbus 19 hours ago 1 reply      
A kind of OT question related to socket.io.

I am trying to develop an application that can be horizontally scaled. I understand using the socket.io-redis package seems to allow you to emit to a particular socketid from one instance while that connection itself is connected to another machine and the redis connection will take care of the communicating. This in a sense abstracts away the fact that there are multiple servers by just taking care of it transparently.

Are there any provisions within socket.io or another package that allows you to sync normal js objects across servers as well? The alternative as I see it is to use redis pub/sub to keep the state in sync but this feels like it should be a solved problem that one need not reinvent the wheel for.

lpinca 19 hours ago 0 replies      
Congrats for the release, but i will keep using https://github.com/primus/primus.

No module lock-in!

Yes i'm a bit biased.

ChrisGaudreau 20 hours ago 0 replies      
Finally! It's been a long time coming. Thanks for your hard work!
rootuid 1 hour ago 0 replies      
socket.io has 635 open issues.Seriously !
cridenour 10 hours ago 1 reply      
Might I suggest you not hijack the "DEBUG" environment variable? It will almost certainly cause issues down the line when you could be using SOCKETIO_DEBUG.
frik 20 hours ago 1 reply      

offtopic: please fix your blog, it breaks the browser history in IE 11 (spammed with hash entries)

eob 21 hours ago 0 replies      
Congrats Guillermo and gang!
mmanfrin 20 hours ago 0 replies      
Congrats Guillermo and everyone involved!
level09 20 hours ago 0 replies      
wow that is cool. last time I tried it I had a hard time struggling with HAProxy and trying to fix the sticky session thing.

Would be great to see some benchmark of how this can scale especially with the new redis integration.

granttimmerman 18 hours ago 0 replies      
Awesome!!! Can't wait for the future of IO.
bedane 21 hours ago 0 replies      
Excellent news, looking forward to using it.socket.io is awesome !
chunkstuntman 20 hours ago 0 replies      
This library was intuitive enough to learn in a few hours and allowed me to make a fun toy project in half a day. Highly endorsed.
brianzelip 18 hours ago 0 replies      
woah, the weplay pokemon node.js emulation's chat [0] is off the chain. Everyone controls the guy and the cursor.

[0] http://weplay.io/

dydx 20 hours ago 0 replies      
I've been waiting for this for so long. Thanks Guillermo!
EGreg 21 hours ago 0 replies      
Finally!! I was going to switch to naked engine.io because it can handle many more connections without going crazy. Now I can get it without changing my code. Woo hoo!
spb 19 hours ago 0 replies      
sirdogealot 11 hours ago 0 replies      
>The Socket.IO Server is now only 1234 lines of code

I prefer to think in standardized terms like KBs, not lines of code.

EDIT: For the downvoters, I am just saying that it would have been more beneficial to myself had they of addressed their improvement in terms of a percentage of code reduction or actual measurable size of their code. I was not trying to be snarky.

Python 3 can revive Python medium.com
351 points by coldtea  2 days ago   233 comments top 43
neumann 2 days ago 3 replies      
My perspective is as a researcher in academia. From here Python is far from needing to be revived, it is gaining ground. Also, Python 2 is still king and I suspect will remain popular - researchers rarely have the luxury/incentive to go back and improve it to comply with a language update.

A few reasons Python is gaining ground in academia. Firstly, Python is _great_ for teaching undergraduate programming (see [0] for a good perspective), and many institutions are only now catching on and migrating from Matlab. Secondly it is a charitable language allowing scientists to concentrate on their research and not the CS implementation they are using. It is easy to learn, flexible, has lots of scientific libraries, interfaces to fortran/C libs. Julia is supposedly the future with speed being cited as the primary advantage[1], but it far from taking over. From a preliminary investigation into Julia it had less lib support, but most importantly, less inertia. The popularity and relative 'newness' of Python (compared to fortran/C) has meant that docs, blogs, forums, stackoverflow allow anyone to get involved and quickly overcome beginner hurdles and learn best practices. Finding which module interface for a C lib is easy. Comparatively, finding information on Julia's library support is much harder. As to why not use Fortran/C - well, if I need to suddenly share part of my data in JSON, make a plot in matplotlib, or generate a PDF/website for my data all the tools are easily accessible.

Python often gets a bad rap for speed, but this is rarely the problem it is made out to be. Python is best when used as a high level manager sitting on top of low level routines written in C/Cython. Following best practices means I do not a deep understanding of how compilers work to speed up my code, I just need to know how to pass off my data to an existing routine interfacing with LAPACK/BLAS or what have you where some really really smart CS people have already done all the optimisation.

Finally, it has a massive advantage over many other languages: Great documentation and a large community. This gives Python an inertia that the Go and Julia can't achieve yet. Julia, Go, and Closure all have dedicated communities (based on the number of mentions on HN), but the size of the community and their distribution biasing developer interests mean the barrier of entry is higher.

As these languages and their communities mature and grow, Python's advantage might diminish, but then we will just have more tools to choose from, and that would be great.

[0] http://lorenabarba.com/blog/why-i-push-for-python/[1] http://julialang.org/benchmarks/

rdtsc 2 days ago 3 replies      
That pretty much reiterates my points from last time we discussed (not many hours ago).


Besides what already was said. It is also important to emphasize that Python 2 is already pretty good. So it is not that Python 3 is bad, it is just that it is very hard to improve on 2.

Ironing out the warts is good, but this was not the right time. This should have happened 7-10 years ago.

Nowadays I can't imagine a lot of people discounting Python because of the print statement, unicode support, division rules, or lack of yield from statement.

It will be performance, concurrency, ability to create web back-ends, installing packages, testing frameworks, IDE support.

Apart from allowing optional type annotation syntax I just don't see Python 3 providing a good enough carrot to force many projects to switch to it.

Imagine you go to a manger and tell him. "Oh this 800K line project we have in Python 2 will be ported to Python 3, can we have 1 month to do that?". Ok then the manager might say "Well we have these features to implement but if you all say so. But what will we gain by it, to offset the time spent (opportunity cost) and risk of breakages". And if the answer if "oh you know print is not a statement anymore, and many dictionary and sequence methods are not iterators not returning values, and this new Twisted-like async library...' Well you can imagine many a manager might just say "well that is just not enough".

If in turn the dev team came back said "Oh yeah they integrated PyPy, STM module, requests module. Static type checking via annotations, 3x speed improvement, no more GIL so can do some CPU intensive work if need to.". I can easily see this proverbial manager OK-ing that.

gexla 2 days ago 2 replies      
Python needs to be revived?

I always thought of Python as being a great utility programming language. It's not really a specialist, more of a jack of all trades.

For example PHP is all about web development. Ruby is probably most well known for Rails and also widely used for web development. Python is widely used for web development, but that's not necessarily the first thing you think of for Python.

What's going to keep any programming language alive is the libraries that become so well entrenched that a competing library would have a serious uphill battle to even come close to matching functionality. Python has a lot of libraries like this for scientific tools.

I'm always skeptical to hear that a developer has moved from X programming language to Go. I wonder how many of these tales are from developers who are actually referring to what they do in their spare time rather than their day jobs. Go is still early enough that doing the sorts of things which create the most jobs is still more painful than it needs to be (and so you would probably be doing these things in a different ecosystem.) It seems that the real Go job generating stories are from start-ups which have hit some momentum, received funding and are rewriting parts of their stack in Go.

The mass job generators are still at the Rails / Django / PHP / JS levels.

overgard 2 days ago 2 replies      
At this point, I think python 3 just has a severe branding issue. I bet if you took python 3.4, removed the stuff that will egregiously break things (IE, lack of a print statement and new exception syntax), and just called it python 2.8 everyone would be pretty happy with it.

All the same, I'm continuously amazed at the arrogance of the people that maintain the language and set its direction. It's no wonder it's been a colossal failure. You know why I'm not running python 3? Because it doesn't solve a single problem I have. It doesn't solve anyone's problems. It solves imaginary problems, while creating real problems.

chrishenn 2 days ago 13 replies      
One pain point I've really felt recently with Python is in the deploy step. pip installing dependencies with a requirements.txt file seems to be the recommended way, but it's far from easy. Many dependencies (such as PyTables) don't install their own dependencies automatically, so you are left with a fragile one-by-one process for getting library code in place.

It was all fine once I got it worked out but it would so much nicer to provide a requirements.txt file and have pip figure out the ordering and dependency stuff. That and being able to install binary packages in a simple way from pip would make me much happier with python (no more waiting 10 minutes for numpy or whatever to compile).

As far as actual language features go however, I still find python a joy to work in.

keypusher 2 days ago 0 replies      
Nailed it. The problem with Python 3 wasn't that it was too radical, it was that it jumped at the chance to introduce backwards-breaking changes for minimal benefit. Trying to convince teams to port code to python3 just because it has better unicode is hardly compelling. They should have taken a few more years and made python 3 a target people were drooling to port for.

Further, the author's priorities seem to line up exactly with my own thoughts on Python's shortcomings. Async, speed, types, stdlib, repl. If they had spent 5 years working on those things they would be done right now, and Python would be one of the most compelling languages out there. Instead, and I hate to say this, Python feels like it is falling off rather quickly. It certainly has a future as a teaching language, and it will survive as linux glue for a long time, but beyond that I think it will be replaced by other up and coming languages with better discipline and design.

peter-row 2 days ago 3 replies      
Python 3 isn't really good. It's not really bad, either. There's really not that many magic bullets (other than proper functional programming, maybe, which isn't about to happen in Python).

People are leaving Python for Go because people have always left Python for fast compiled languages. Google ditched Python for C++ and Java. Java! I've seen a lot of projects get re-written in Java from Python, but no-one worried then.

Python 3 adds some cool stuff (async, in particular), and fixes some warts. It's a bit rude of them to force people to upgrade, but that will eventually pay off. It will add more things in the future.

The people who start new projects in Python 3 will have some short-term pain, as some libraries take time to port. There will be a long term benefit, though - future libraries will be better for Python 3, and they won't have to port their project.

The only controversial thing was the use of unicode. IMO, Python 3 made the right choice - you should make everything unicode where-ever it's feasible, because it's just a mess otherwise.

hmsimha 2 days ago 1 reply      
As much as I wanted to like this article (I remain optimistic about the future of Python as Python 3) wouldn't most of the compelling additional features suggested break backwards compatibility with current versions of Python 3? This strikes me more as a proposal for a Python 4 than a revitalization of Python 3.

edit: I wanted to respond to this myself, since upon rereading I no longer get the impression the proposed changes need 'break' backwards compatibility per se. For the suggestion on removing the GIL specifically, this would completely necessitate a revolution in the design of python programs such that even if, say, the libraries that had already been ported at the time of 3.2 still work in 3.9, their implementation would be senseless by 3.9 conventions.

agentultra 2 days ago 1 reply      

Wow... that was 2006. Everything I've read in the PEP and mailing lists seems to imply that the contributors were doing their best to limit the scope of the backwards-incompatible changes to those parts that were deemed absolutely necessary.

The point wasn't to break backwards compatibility to add new, competitive features. It was to make the incremental improvements to the language while strategically correcting some poor, historical decisions. In other words it wasn't a rewrite or a new language.

That there are still prominent, influential Python programmers who are complaining about the bytes object is a shame. However it's a battle that is slowly coming to an end.

The real problem is that the community has been dragging its feet and many frustrated developers are complaining loudly and publicly about it. It's distorting what Python 3 is.

eevee 2 days ago 1 reply      
"Nowadays stuff like proper closures, immutability, a good async story, etc, is considered a necessity by discerning hackers."Python has proper closures; I would hope discerning hackers know the difference between a closure and an anonymous function. asyncio is fantastic.

"Remove the GIL." Do you think no one's thought of that before? Remove it how?

"Make it speedy." As you note, that's what PyPy is doing, but this is a hard problem that doesn't have quite the same glamor as JavaScript, so there aren't multiple giants with deep pockets throwing money at it in a race to the top. Maybe throw some cash PyPy's way.

annnnd 2 days ago 0 replies      

+1 just for mentioning requests (versus urllib). If someone hasn't tried this library yet, they really should. I replaced tons of libcurl / urllib / ... blocks with simple and legible oneliners. Incredible API!

EDIT: url for those who don't know the library yet: http://docs.python-requests.org/en/latest/(I am not affiliated, just really impressed)


e12e 2 days ago 1 reply      
Why doesn't anyone seem to think the full number tower in python 3 is great? It seems to always be left out of discussions like this ... but I think it is a great and very "pythonic" thing to add to the language.

[edit: because the numeric tower wrt integers wasn't new in python3, just other parts of the number hierarchy... see below]

In that light I think unicode also makes more sense: text is text and numbers are numbers. Done. No need to think about it.

Yes, it does break with python2 -- but python2 isn't going anywhere.

As for the GIL -- is it really such a big deal any more? I know that forking processes on Windows used to be hopelessly slow -- maybe it still is? But it's been pretty lightweight on Linux for the longest time -- and as we're getting more and more (logical and physical) cores -- with all the cache-coherency issues that come with it -- isn't multiprocess a pretty sane programming model?

Yes, a solid actor framework would be nice -- but that would also mandate some form of change to python.

If there's something I'd like to see, it's a clean interface between rust and python (rather than having to fall back to c for high performance code).

But I don't understand the people that hold up Go as the terrible threat to python -- sure there are a lot of people that will move from one to the other -- but the languages are so different that the comparison really doesn't make any sense. The one thing they do have in common is a strong vision and focus on simplicity -- but they articulate that vision and focus quite differently.

For those that want "faster" python -- why not use nimrod? If you want something "faster" and "more embeddable" why not use lua? I can't see a good pythonX that is better at either of these two in the areas where they excel. If you want actors, why not use Elexir?

Personally I'd probably enjoy a Smalltalk/Strongtalk that had a slightly more complicated syntax than traditional Smalltalk -- borrowing from python (say indentation for blocks, some way to define infix messages/operations) -- but I'm not under any illusion that such a language would be a better python.

analog31 2 days ago 3 replies      
This isn't intended to be obstreperous, but I'm genuinely curious: How many Python developers are in a position to really care about 2 vs 3?

The people I know who use Python, including myself, range from utter beginners to experienced programmers, but are using a relatively small subset of the available libraries, and are just using whichever version we started with. I could translate my code to version 3 in a heartbeat, but have no particular reason to do so. I've translated some of my most important stuff from BASIC to Python after all.

Professional developers will do whatever is right for their projects.

My concern would be for the folks who develop and maintain the libraries -- for whose generosity I'm grateful. If there were some sort of consensus on the direction of Python, I'd hop on the bus just to make life easier for those developers. Their time would be better spent adding useful features or just combing the code for bugs, than coping with multiple Python versions.

Could a single Python interpreter somehow manage a mixture of 2 and 3 code?

pekk 2 days ago 6 replies      
The idea that people move from Python specifically to Go is one of those chestnuts of conventional wisdom that never receives any kind of backing in actual data.

If you think that Python and Go are made for the same tasks then you're really confused.

hbbio 2 days ago 0 replies      
When reading both stories, I can't help but think the greatest problem with Python 2/3 is that there are supporters of both and that it splits somehow (not necessarily evenly) the community.

JavaScript, in the meantime, buried its proper version to prevent just that.

https://developer.mozilla.org/presentations/xtech2006/javasc... 2006)

kerkeslager 22 hours ago 0 replies      
I pretty much agree with this article.

Anyone who complains about updating their code hasn't done it: upgrading code from Python 2 to Python 3 is dead simple. I've migrated a few large projects manually (not using 2to3 because I wanted to be sure relevant areas of the code were tested). None of these took more than a few hours. Writing code that is compatible with both Python 2 and 3 is a little bit harder, but it's still not prohibitively difficult.

The fact that difficulty of migration is still cited as the main reason for not migrating shows that people simply aren't trying it. So we really have to look at why people aren't trying to migrate. It seems pretty clear to me that people don't see incentives for the change. There's just not enough different about Python 3.

And the author is spot on talking about improving the standard libraries, although I think where they could really get a big win is not necessarily by improving the existing libraries, but by adding new libraries. The thing that got me excited about Python in the first place was the "batteries included" nature of the standard library: so much of what I wanted to do was just an import away. And I'm not the only one who felt that way[1]. But there are tons of holes in the standard library that could be filled with simple wrappers around existing open-source tools or by implementing public standards. Just ones I've run into recently: BSON, AES, RSA. Python supporst SQLite, but what about baking in support for PostgreSQL or MySQL? What about building in a templating engine?

[1] http://xkcd.com/353/

tragic 2 days ago 0 replies      
The best thing Python has going for it is that it's an exceptionally good learning language. It's very easy to go from zero coding experience at all to making a simple hangman type game, and from there introduce OO concepts and so on.

And if you stick with it, unlike with most 'proper' educational languages, by the end you've learned a language that's actually useful for all kinds of stuff.

I don't think there's any other language out there with such a nice, even learning curve, with that kind of payoff. Javascript is, let's be honest, a bit weird. PHP is enough rope for anyone to hang themselves. Ruby is quick to get started on, but gets conceptually dense pretty quickly. (Sure, we all complain about having to write 'self' everywhere in Python, but compared with the way 'self' dances around in a Ruby class definition, it's much easier to learn.)

I note, on topic, that most newer beginner's Python books etc target 3.x nowadays - maybe the RPi generation will force things along. Maybe not.

allendoerfer 2 days ago 2 replies      
Python is not dying and if so, Go would not be the reason why. Sure, Python is not functional, not compiled, not mobile, not Rails and not in the browser.

But I can not imagine the languages, which are all this, to spread so nice and readable from command line scripts to scientific computing to big server applications.

Python's use cases will not go anywhere, so don't panic: Python is doing just fine and improving in many areas while holding on to its core values.

scrollaway 2 days ago 0 replies      
> Add types. Well, opt-in types. That you can use to speed some code up (a la Cython), or to provide assurances and help type-check (a la Dart). And add type annotations to everything in the standard library.

I think this will happen eventually, what with some of the recent PEPs; I just wish it could happen faster. Optional typing is the best of both worlds and there is no reason not to have it.

kunstmord 2 days ago 3 replies      
> Newer programmers are not that impressed with either version of Python.

Any evidence? If it's personal experience, then mine is exactly the opposite.

I don't know if such a thing exists, but maybe a big list of the main changes would help convince people more (type annotations, yield from, the forthcoming @ operator). From what I've seen and read, of course all this is somewhere in the docs and release notes, but I've never seen a clean concise list of the main new features, fixes and reasons why these features are cool.

laichzeit0 2 days ago 1 reply      
Breaking backwards compatibility is a sure way to kill off a language / alienate a user base. That's a big reason why c++, Linux, PHP, etc. still exist and are used today.

Python 3 seems hellbent on taking the Perl 6 approach. How's that working out? Languages should evolve, not break off into new species.

shiven 2 days ago 1 reply      
As far as I am concerned, a mere user, hacking python for 'academic research' in multiple aspects of structural biology and bioinformatics, I have yet to see a single practical argument for switching to or even investing time in learning Python 3 'right now'. Maybe in six years it'll be a different story, but from where I stand, python vs python 3 is a remote and ephemeral distinction, created by the grand poobahs, of zero to little significance for me.

Why should I even bother with Python 3?

samirmenon 2 days ago 0 replies      
Python is still, by far, the most friendly language for beginners. The single biggest factor in this is the powerful data structures that Python has, especially lists. As so many others have said, Python is almost "executable pseudocode".

Python remains the language of choice for introducing programming because it is so simple. It isn't fast, and it might not be very well suited for large-scale, long-term use. That's okay.

This appeal to beginners, which the article claims is waning, is the vital force of Python; as long as it is the de facto language for beginners, it will never go the way of Perl.

marcosdumay 2 days ago 0 replies      
Well, Python does have optional type systems. What is missing on that bullet is choosing one, and making the standard library support it.
mangecoeur 2 days ago 1 reply      
The biggest problem with python 3 as i see it is that it seems to cause people to air grand opinions unencumbered by any actual data.

I have seen neither evidence that python is "dieing" in any way, nor that people are dropping it because it lacks radical new feature X. Things may be more competitive now but I don't see any stagnation in the community - and that's always been one of python's strongest points.

Dowwie 2 days ago 0 replies      
A little more than a year ago I had to choose a programming language that I would use to create a platform and I chose Python. It's a mature, evolved language. There's a deep bench of talent that can use it. It's a practical language for someone to learn because of the resources available-- books, blog posts, community forums, IRC, open source. The heavy hitters in Tech seriously use it. Not only do they seriously use it but their teams release their work into the wild if it can benefit more than themselves in the process (Facebook's Tornado, for instance). Aside from commercially supported Python-related open source, there's an abundance of grass-root open source libraries and frameworks that are absolutely phenomenal. Take, for instance, SQL Alchemy or the Pylons projects, such as Pyramid. I attended my first PyCon this year (2014). More than 3000 people, from all over the world, attended the event in Montreal. I got to meet some great people and feel closer to the community. I watched the PSF award Raymond Hettinger for a lifetime of contribution to Python. He received a loud, standing ovation.

All of the things that make Python great didn't happen over night. It can take years before an idea becomes popular among just a few evangelists. Rarely does technology have a chance to transcend before it is replaced by something more powerful, flexible, and fun. Python has brought society-changing, community-supported innovation. It's not a fly-by-night language. So, if you choose to use it, whether as a newbie or by upgrading, you will not fail at your work nor be disappointed as a lone wolf.

Upgrading technical skillsets isn't easy -- I can speak from experience. People get naturally set in their ways, excel at their craft, and take offense to anyone rocking their boat. So, I can empathize with the devout 2.7 users who are unhappy with migrating. Your baby has grown up without you.But, you can trust that the broad Python community has your best interests at heart, and adopt 3.4.

Best of all, if you choose to continue using Python, there is absolutely nothing stopping anyone from working towards core development. Be the change that you wish to see in the world. You don't have to wait for any benevolent dictator to feed you.

yarrel 2 days ago 0 replies      
If Python needs reviving then Python 3 is the reason.

But I suspect what needs reviving is Python 3. If functioning unicode support isn't getting people to switch, it's got an uphill battle on its hands.

okso 2 days ago 0 replies      
> Its not like anyone is using Python 3 anyway, so take some chances. Break things.

Well, people start using it now. I'm teaching Python classes exclusively in Python 3, and do all my personal projects in Python 3 and love it.

I would like to finally have a "stable" Python 3 with forward compatibility. This is important for the future of the language, else no-one would invest in it.

_navaneethan 2 days ago 0 replies      
I think double the efforts needed to convert all third party modules more than the amount of developing efforts for Python 3.x.

Since, third party libraries are benched more for Python 3.x migration.

Would we have any possible ways as a community to allocate more resources for ONLY the third party libraries re-implementation? Is it possible to start from scratch for 3.x series? otherwise back porting should be made as standard for 2.x

current scenario,

Loving python ~= amount of third party support.

So, 2.x series never dies.

nightcracker 2 days ago 0 replies      
Almost all the things you suggest are breaking changes that would require Python 4.
apples2apples 2 days ago 1 reply      
I love how you call Julia a wannabe but then go on to list features it has to build up the newer greater Python =P
zobzu 2 days ago 0 replies      
Can't disagree much. I think itd be nice if python become all that. easier for programmers to transition to it than to, say, go.
mixmastamyk 2 days ago 0 replies      
Agreed, I would find a python 4 with built in pypi, cython, and bpython analogues compelling.
myoffe 1 day ago 0 replies      
Python doesn't need any reviving. It's a fantastic and very popular language in both web development and scripting. And plenty of jobs exist for it in the market.
ForHackernews 2 days ago 0 replies      
Is Python in need of revival? It seems to be doing pretty well. I think it's a great workaday language. It's probably not the Absolute Best at any particular domain but it's easy to learn and use, and it serves fairly capably for sysadmin scripting, web development, scientific computing, etc.
Polarity 2 days ago 1 reply      
Why do people tend to just stick to one tool? I mean i try everything i can and what works works. Its not actually bad if somethings dying. There are always new/better stuff on the horizon.
mimighost 2 days ago 0 replies      
So how about starting from introducing a reasonable JIT into Python? Does anyone know why BFDL opposes to the idea of having a JIT, like Psyco?
pyfish 1 day ago 0 replies      
I get way more recruiter spams for Python jobs these days than I did just two years ago.
ulam2 2 days ago 0 replies      
I would love to contribute to make it faster.
dvl 2 days ago 2 replies      
I only want print as statement again
jqm 2 days ago 1 reply      
Is Python really dying? I think the original article proclaiming it's death was written by a MS guy (aren't they coming out with a new version of asp or .net or something?).

I use it every day and even though I love JS (and have been thinking about looking into Go because of all the positive noise) I don't see Python going anywhere for me at least. It is simply too handy and familiar. Maybe it just will be used slightly less by some?

I'd have to see some real stats that Python is dying to believe it.

kolev 2 days ago 1 reply      
Reminds me of "Waiting for Godot" by Samuel Beckett...
eudox 2 days ago 1 reply      
Alternatively, all the effort spent reviving Python could be spent making Python go away.
Bring Reading Rainbow Back kickstarter.com
343 points by oddevan  23 hours ago   85 comments top 27
zmitri 22 hours ago 3 replies      
I once met LeVar at a bar at a restaurant. As a fan of Star Trek, I wanted to go up to him, but figured he must get bothered by a lot of intense trekkies so I broke the ice with a conversation about Reading Rainbow.

He talked about Reading Rainbow with me for a good 15 minutes straight. He was unbelievably proud and passionate about the work he did on that show, and so I'm very pleased to see this video today.

Proof https://twitter.com/dmitric/status/405038964001996800

ChuckMcM 21 hours ago 4 replies      
I observe that of all the things I did with my kids when they were growing up, reading to them every night has had the most profound impact. Early in their lives they liked being read to because it was 'time with mom' or 'time with dad', later when they were early readers, it was a way to 'be the mom' and read to us. And of course once they became facile readers it took them to places and introduced them to people they would never have met in their day to day lives. To this day I have fond memories of my daughter correcting errors in Egyptian mythology on Star Gate because she had absorbed a giant tome on it in her fascination with the stories.

If you have kids, read to them, if they have heard the story before and are bored ask them what the characters in the story are thinking, if they feel like they know that ask them how the story might go differently based on different outcomes. Get them reading, and thinking about what they are reading, and be tolerant of them sneaking a light under the covers so they can finish a book.

benihana 22 hours ago 8 replies      
I grew up with this show, I always looked forward to watching it in school, and I'd watch it at home as well. I loved the adventures and special effects, and just adored watching it.

Having said that, this show did absolutely nothing for me when it came to reading. It didn't inspire me to read, it didn't get me reading, it didn't make reading exciting for me. None of those elementary school programs (Book-it, book fairs, Reading Rainbow) did. I didn't start reading books until I found books that didn't condescend to and patronize children. When I discovered there were books with real situations and characters that acted real (and featured violence and sex and bad language), that's when I realized that books were good.

It's odd, enjoying this show for its entertainment value, but realizing it was completely ineffective in its goal, especially when so many people seem to think this is the greatest thing since sliced bread.

bradly 22 hours ago 4 replies      
"1 out of every 4 children in America will grow up illiterate"

Is that really true? According to Wikipedia, 99% of the U.S. population is literate.


hkarthik 22 hours ago 0 replies      
I can attest to the effectiveness of the iPad app on my 5 year old. This app stimulated her interest in reading even more than us reading to her every night. She now reads at close to a 2nd grade level.

I was amazed to find out that she had been discovering books via the app completely on her own. She would have the app read a book to her, then turn off the auto-reading and learn to read it by herself. Now she uses the app to read to her little sister.

Kudos to Levar Burton and all those involved in bringing Reading Rainbow to the next generation on a new medium!

silencio 21 hours ago 2 replies      
Excited to see this! I have such fond memories of watching Reading Rainbow.

I would love to see a similar kickstarter for other shows I also enjoyed - The Magic School Bus first in my mind. I just rediscovered all the shows on Netflix and I've been watching all the episodes.... I _just_ discovered that a lot of the guests on the show are celebrities like Dom DeLuise, Elliott Gould, Alex Trebek and more, and I can't find another show quite like it. It dates itself here and there - like the series finale was about computers and features floppy drives - but The Friz is unparalleled on so many levels. She was a great role model while I was young.

dkhenry 22 hours ago 1 reply      
if this were a kickstarter to public domain all of reading rainbow. I would gladly donate, but to fund yet another closed garden that I would need a subscription for is a non starter for me. Best Of Luck to those who back it.
tdicola 22 hours ago 2 replies      
Great cause that I'm happy to support. Now I just wish somebody would bring back 3, 2, 1 Contact! and Mr. Wizard (ancient HERO robot and all).
tjbarbour 22 hours ago 0 replies      
Glad to see them working to promote reading! Though I wonder...

Why didn't they start with the web to begin with?You can use a web-based solution on a tablet (given a decent design), but you can't use a tablet-based solution on the web. Now they're trying to fight that 'limitation.'

I understand the 'novelty' and the sheer boom of tablets at the time and the better physical mapping from tablet experience to reading a book, but technologically there's doesn't seem to be much of a reason for them going with an iPad app first. Possibly offline support (valid) or performance (shouldn't be a problem...). There's probably a much more practical answer such as: their technical team had experience in app development OR maybe Burton just really liked his iPad and that's where the movement started.

On another note, I loved the show growing up and like they're trying to continue it. I'm a bit conflicted about the subscription part of the service. I want it to be sustainable, but wish there was a larger free offering. Maybe latest content is free, archived content requires a subscription (ala Hulu)? At least they'll offer it for free to needy schools that's nice.

hysan 15 hours ago 0 replies      
How effective do people think this will be as a way to help students in foreign countries learn to read English as a second language? Specifically in countries where the school system mandates learning English (ex: Japan).

Of course, I'll be trying out the app myself if I can to see what it's like, but I'm interested to hear from people who have used their existing app for a similar purpose. I'm trying to decide if that $5000 reward is worth it (it would be a hell of a chunk of my savings but I love the students at my school).

mrfusion 22 hours ago 2 replies      
Ironically I'm probably reading the kickstarter page poorly. Are they raising money to buy the license of old episodes, or to make new ones?
Xdes 10 hours ago 1 reply      
I dislike books. There are better mediums, like games, for conveying knowledge.
gajeam 18 hours ago 0 replies      
I had the good fortune to see Levar Burton receive award for children's media at my university. At the end of the ceremony, he brought two dozen children from an associated preschool up on stage and read them a story (I think it was called "Enemy Pie".)

I can say without exaggeration that it was the best public reading of anything I've seen in my life. Watching children so deeply engage with an icon that they probably don't even recognize was a wonder.

drawkbox 17 hours ago 0 replies      
This show and Cap'n O.G. Readmore did help make books adventurous for me. Hopefully OG will do a kickstarter. http://en.wikipedia.org/wiki/Cap'n_O._G._Readmore
donatj 22 hours ago 0 replies      
Working for a company that is a direct competitor of Reading Rainbow's app, yet growing up with Reading Rainbow my feelings are mixed and diverse.
stefan_kendall3 21 hours ago 3 replies      
Only "underprivileged" schools will get the content for free, which implies they intend to sell the software to schools, which implies business.

You're not supposed to be able to kickstart a business. You shouldn't get a pass just because you're Reading Rainbow and levar burton.

joelgrus 22 hours ago 2 replies      
I've read the Kickstarter page twice, and I still can't figure out what they are going to spend the $1M on (or how they arrived at that number). I know it doesn't cost $1M to build a website.
Crito 22 hours ago 0 replies      
I remember going to the library when I was a kid to pick up copies of books I saw on this show. I had no idea it had such a long and successful run; I hope they succeed in continuing it.
adsfasdf23f23f 22 hours ago 0 replies      
As a kid I never liked this show. I loved reading books. I always thought, "why do I want to watch tv about reading books?"
voltagex_ 15 hours ago 0 replies      
Just hit the goal, still rising fast.
satellitecat 21 hours ago 0 replies      
My phone's ring tone is the reading rainbow theme
isa 22 hours ago 0 replies      
Who can sing the theme song? And, are you singing it now either in your head or out loud? *raises hand
mrfusion 22 hours ago 1 reply      
Are the old episodes available on Netflix or Hulu?
era86 22 hours ago 0 replies      
This is pretty neat! Work that nostalgia magic!
woopdy 20 hours ago 0 replies      
Yes, can't quite get season 5, or 4-9th.
Hario 22 hours ago 0 replies      
In for $50 and a T-shirt.
mjolk 22 hours ago 2 replies      
I really feel like this is off-topic.
A Hackers Guide to Git wildlyinaccurate.com
341 points by sidcool  2 days ago   116 comments top 20
lloeki 1 day ago 4 replies      
Every tutorial I read falls in two camps:

1. try to be helpful and simplify commands to the extreme, possibly resulting in an subverted (in both the actual and software sense) and damaging explanation (e.g git add)

2. describe in succinct, painful accuracy git internals (the OCD hacker way) when no git newcomer actually cares about tree objects first hand.

Both equally fail at making people get git.

Having explained git an inordinate number of times to various people, I started writing here all I ever needed to introduce people to git in a few minutes, but it takes longer to write than to explain hands-on and face to face. I'll complete this and make a gist out of it.

For varying definitions of "few" and possibly "minutes", but honestly much less than people make it sound about git being a horrendous, unlearnable, complex system with a broken UI. It's simple, it's brilliant, you just have to set the bar right in between 1. and 2. when teaching it.

wmt 1 day ago 1 reply      
"Once you start talking about branching, merging, rebasing, multiple remotes, remote-tracking branches, detached HEAD states Git becomes less of an easily-understood tool and more of a feared deity. Anybody who talks about no-fast-forward merges is regarded with quiet superstition, and even veteran hackers would rather stay away from rebasing just to be safe."

"Thats why trying to understand Git in this way is wrong. Git doesnt work like Subversion at all. Which is pretty confusing, right?"

These kind of assumptions of the reader can be quite off-putting. If you don't relate to assertions like this in the introduction, you start to wonder if the rest of the article is based on these assumptions.

I user SVN happily for years before moving to Git a number of years back, and the conceptual migration felt really smooth. It was just like SVN, but with some nice new native branching tools and features, like in SVN you were forced to merge trunk changes to feature branches, whereas in Git you also have the option to "move" i.e. rebase the branch onto a newer commit.

The rest of the article was very good!

EinLama 2 days ago 5 replies      
I'd recommend another guide. "Pro Git" by Scott Chacon is excellent and welcomes patches, source for the book and its translations are on GitHub http://www.git-scm.com/book
username42 2 days ago 0 replies      
I like very much this introduction to git. Most of the other tutorials considers git as a magic black box. Here, it explains what is performed internally by most of the commands, without going into tiny useless details. This is probably not a good tutorial for build management processes and not enough to rewrite git, but it fits perfectly well my "hacker" mind. Thank you very much.
jammycakes 2 days ago 7 replies      
What disappoints me most about this, as well as almost every other Git tutorial that I've seen, is that it uses the command line almost exclusively. Even those tutorials that I've seen that do refer to GUI options pay lip service to them at best.

This is a shame because I personally found GUI front ends for Git and Mercurial critical to understanding how they work in the first place, and in fact some tasks (such as advanced branch manipulation or hunk selection as with git add -p) are considerably harder with the command line than with GUI tools, simply because the command line doesn't give you a full enough picture of what you're doing.

mateuszf 2 days ago 0 replies      
Introduction with very similar approach: search for "Git from bottom up".
fauria 2 days ago 1 reply      
I would add "git - the simple guide. just a simple guide for getting started with git. no deep shit ;)": http://rogerdudler.github.io/git-guide/
huhtenberg 2 days ago 5 replies      
Does anyone else find this to be quite hard to read? Just visually. Especially length of the lines and thinness of the font.
kevinpaladin 2 days ago 0 replies      
I would recommend this guide here too : http://www.sbf5.com/~cduan/technical/git/
tieTYT 1 day ago 1 reply      
I've got the right level of understanding of Git to grok this article. I really liked how you talked about cherry picking before you talked about rebaseing. I'd like to request you include a section on why/when you need the rebase --onto argument.
seren 2 days ago 5 replies      
Quick question for people using git daily : do you push the features branches to a central repo or you simpy merge with --no-ff on a common dev branch ?

(There is no necessarily a right answer, but I'd like to know what is more usual)

avinash240 1 day ago 0 replies      
My biggest issue with git is it's CLI design. It's absolutely inconsistent. I don't believe the internals are an issue. If you really want to make git better, destroy the CLI and build a new one. Instead there are a million of these tutorials(the fact that there are a million tutorials should already hint at something being wrong), talking about internals.
yuribit 1 day ago 1 reply      
After learning Git, it is important to follow a branching model, I really appreciate the one proposed here http://nvie.com/posts/a-successful-git-branching-model
kasperset 2 days ago 0 replies      
I found this video helpful as a beginner: http://vimeo.com/46010208
alarra9 1 day ago 0 replies      
Really good-looking illustrations. How did you make them?
stephengillie 2 days ago 4 replies      
Where I work we just moved off Git to TFS. Our coders had a lot of trouble understanding Git, actually our whole company has had trouble with Git. We decided to leave it when we realized any individual coder could wipe out our local repository with a wrong command.

We moved into TFS, and while we're working to get our DLLs to not be circularly referencing, we have an actually verifiable copy of our source code. Maybe it's because we use MS technologies (IIS, .NET, MSSQL) but we were on TFS in a matter of weeks while Git still confused us after a month of use.

Many of my coworkers feel it's a "piece of Git" (if you get my expletive). Several also think it's a waste of time. I don't disagree with them. I supported Git because I saw it on here. This solution doesn't our solve problems in our situation.

juggty_dev 2 days ago 0 replies      
Worth for pro..
Dowwie 2 days ago 0 replies      
I don't know about you but when I see signs that read, "Do not Enter" I tend to take that into consideration. With that given, a site called "Wildly Inaccurate" may be just that.
NDizzle 2 days ago 2 replies      
Try not to take this as snark, but aren't hackers early adopters that do things on their own?

What's the point of a hackers guide to a thing that has been a thing for years?!

anton_gogolev 2 days ago 3 replies      
How many more tutorials on Git do we need? It's like article authors find it a "rite of passage" of sorts to explain Content-Addressable Storage, references and all kinds of whacky command-line keys.
How Apple Cheats marksands.github.io
316 points by libovness  1 day ago   223 comments top 37
dilap 1 day ago 10 replies      
It's totally reasonable for Apple to use APIs internally that it's not ready to make public -- making an API public is a serious decision with lots of downsides! You've got to support the API forever, and future design directions are constrained.

To expect Apple to make all code it uses internally available publicly is silly.

(If you want some great examples of the extreme amount of work it can be to support legacy APIs, and why it's really important to prevent devs from using private APIs, check out Raymond Chen's blog.)

gioele 1 day ago 4 replies      
Let's contrast with Android's take on a private API: private Content Providers.

> The problem is, there are more Content Providers in the system than are documented in that package, and while you can use them, you probably shouldnt. Theyre there because some of the Google-provided apps use them internally to access their own data resources. Because Android is an open-source project, its easy enough to find them just by running shell commands like find and grep over the source tree.

> [...]

> Back to Content Providers. For example, theres one inside the built-in Messaging (A.K.A. texting or SMS) app that it uses to display and search your history. Just because its there doesnt mean you should use it. The Android team isnt promising that itll be the same in the next release or even that itll be there in the next release.

> So, go ahead and look at the undocumented Content Providers; the code is full of good ideas to learn from. But dont use them. And if you do, when bad things happen youre pretty well on your own.


The main point here is that you are on the same level of Google: if you want you can use those private APIs, but be ready to do a lot of work to keep your application working fine.

matthewmacleod 1 day ago 3 replies      
Like others, I'm fairly convinced that this is simply not enabled because Apple haven't done the necessary amount of work to ensure that the UIPopoverController on an iPhone is stable, API-compliant, and well-tested.

Specific use-cases under their control can be extensively tested, and it may be the case that e.g. iBooks only uses a subset of the functionality.

More to the point, there's nothing to be gained from this example. UIPopoverController is a relatively boring UI element which it's not too complex to implement by hand, and there are a bunch of open replacements. It was also only relatively recently (Lion?) introduced into MacOS. If they are trying to find a competitive advantage here, they're not doing a good job of it

chrisdevereux 1 day ago 1 reply      
This is a fairly straightforward, boring UI class which you could easily implement yourself, or use one of the many open source replacements[1]. Whatever the reasons for making this API private on the iPhone, I seriously doubt that it's because they are trying to give their own apps an unfair advantage.

If that was their game here, I can think of many other parts of the iOS frameworks that would be kept private before UIPopoverController.

[1]: https://www.cocoacontrols.com/search?utf8=&q=popover

callumjones 1 day ago 2 replies      
Isn't the argument that Apple makes use of private APIs as a beta test? That is, Apple will first introduce these private API restrictions, build apps around them and release the API as public once they are confident on its reliability. My understanding this is the approach with XPC and TouchID.

Maybe Apple aren't confident with UIPopovers on iPhone and are awaiting its maturity until they let it loose. I highly doubt holding back a popover would be malice on Apple's part.

EDIT: Imagine if Apple released APIs as soon as they used them, we'd see more blog posts complaining about the reliability of an API they were promised.

martinnormark 1 day ago 3 replies      
This reminds me of how Microsoft added specific code to Windows 95 to ensure SimCity would run.

This is from Joel Spolsky's Strategy Letter II: Chicken and Egg Problemshttp://www.joelonsoftware.com/articles/fog0000000054.html

So Windows 3.x on Intel 80386s was the first version that could run multiple DOS programs respectably. (Technically, Windows 386 could too, but 80386s were rare and expensive until about the time that Windows 3.0 came out.) Windows 3.0 was the first version that could actually do a reasonable job running all your old software.

Windows 95? No problem. Nice new 32 bit API, but it still ran old 16 bit software perfectly. Microsoft obsessed about this, spending a big chunk of change testing every old program they could find with Windows 95. Jon Ross, who wrote the original version of SimCity for Windows 3.x, told me that he accidentally left a bug in SimCity where he read memory that he had just freed. Yep. It worked fine on Windows 3.x, because the memory never went anywhere. Here's the amazing part: On beta versions of Windows 95, SimCity wasn't working in testing. Microsoft tracked down the bug and added specific code to Windows 95 that looks for SimCity. If it finds SimCity running, it runs the memory allocator in a special mode that doesn't free memory right away. That's the kind of obsession with backward compatibility that made people willing to upgrade to Windows 95.

rjknight 1 day ago 3 replies      
There is definitely a need for private APIs that normal apps cannot use - they might have security implications, for instance. The App Store or Settings apps clearly need to be able to do things that other apps cannot do - for instance, any app that had the same privileges as the App Store would be able to install/uninstall other apps.

Further, Apple's position is that the App Store, Settings etc. are akin to natural monopolies - it only ever makes sense to have one of each. The fact that it's not possible to implement a third-party Settings app isn't a problem because nobody should ever need to do this. This is arguable, but it's an easily defensible position for Apple and most iOS users would be happy with this (and those who aren't can jailbreak).

Having private APIs that are available to apps like iBooks, when competitors to iBooks exist, seems a bit shadier and much closer to the example of Microsoft Office using hidden/unpublished Windows APIs in the 90s. iBooks isn't some essential system service, and should be replaceable by a third-party app according to user preference. If Apple are making it even slightly more difficult for a third-party app to replace iBooks then this would appear to be anti-competitive.

IANAL, but I doubt that there is a legal case to answer. However, there does seem to be a moral case to answer. Sure, it's Apple's product and they can do what they like, but we have seen what happens when essential software vendors do what they like, and it's generally not pretty.

poolpool 1 day ago 2 replies      
Too many people here are way too furious at anything apple/closed source to discuss anything.

1) you still own your phone. Don't be silly. Jailbreak and builds apps to your hearts content. Vendors can choose who and what they allow in their store. Physical or otherwise.

2) apple makes virtually all the profits on consumer hardware, but has Tiny market share. Really. It's no an abuse of a monopoly if 20 percent of people can't use a private API on their telephone.

3)equating access to private APIs in a private store with morality is a truly warped view of the world and a disservice to actual issues with morality society faces.

nateabele 23 hours ago 0 replies      
I think it's a little silly to make a vast conspiracy about this.

When you put yourself in the shoes of the people on the product teams building the apps and maintaining the APIs, it's easy to see this for what it's much more likely to be: a hack that was implemented so that someone could leave the office at a reasonable hour.

yalogin 1 day ago 3 replies      
I would not consider the default applications on the iphone "apps" even. They are written by Apple to provide a certain functionality and that is what they do. They can use any API they need. Why should they not use private API? I would not consider iBooks to be somehow different from say the phone or system preferences "app". They are there because they are provided by the system.
zackboe 1 day ago 0 replies      
Google does a similar thing with Chrome and the Hangouts extension[0].

They have two APIs that are available behind a flag or in a dev branch. Panels[1], the always-on-top type windows Hangouts uses, and the notification area icon[2].

Google hardcodes Hangout's extension id in Chromium to allow it to use these features before they're available to the public.[3]


[1] http://www.chromium.org/developers/design-documents/extensio...

[2] https://code.google.com/p/chromium/issues/detail?id=142450

[3] https://code.google.com/p/chromium/codesearch#chromium/src/c...

xuki 1 day ago 1 reply      
This is how to use this on iPhone - https://gist.github.com/xuki/f66e4d77b682dbb0960d

This won't pass Apple's automatic check for private API, but you could do some clever swizzle. IMO it's ok to use this in production (if you can get pass the app review), Apple is using them in their app anyway.

S_A_P 1 day ago 0 replies      
I can't really call this cheating. It maybe slightly inelegant or inconvenient but there are many reasons to keep an API private. There could be security implications, un finalized functionality. The fact is that there are probably hundreds of API calls in iOS that can be used improperly which can harm ux or security is a damn good reason to disallow them.
interpol_p 1 day ago 0 replies      
I don't think it's a big deal that Apple reserves some API functionality for their own apps you can always re-create this from scratch, after all. They just aren't ready to fully support the popover controller API on iPhone. I'd rather that Apple be committed to every public API they publish (they aren't, but anything in that direction is a good thing).

What I don't like about this is how they chose to implement the restriction. Messy, hacky and inelegant.

mitosis 1 day ago 0 replies      
Those of us old enough to remember the early days of the Macintosh know that this is nothing new. Apple programs used undocumented calls to QuickDraw and did all kinds of yucky stuff with the upper 8 bits of the address (in the early days, the Mac processor used 24-bit addresses but the registers were 32-bit), which lead to the "32-bit clean" problems that plagued the first Macs to use 32-bit addressing.

Apple also did this in the Apple II days, calling undocumented ROM monitor routines from their own programs and operating systems. In fact, several companies made a list of those entry points and considered them "semi-official", the reasoning being that Apple wouldn't change entry points used by their own programs.

0x0 1 day ago 0 replies      
I don't mind this particular example. They could have shipped a copy-pasted reimplementation of the class in the app and nobody would have bat an eye.
fpgeek 1 day ago 0 replies      
This is old news, especially with regards to iBooks:http://www.marco.org/2010/04/06/ibooks-and-private-apis
ehurrell 1 day ago 0 replies      
Of course Apple 'cheats' with regard to its own closed product, it's hardly surprising. Interesting to read about the exact mechanisms by which they do, but I'm always reminded of Jeff Atwood's article 'Serving at the pleasure of the king'[0]. It's Apple's party and they can define the rules however they like. Enough people seem to be okay with this that it's a viable method of doing business, even if it isn't desirable.

[0]: http://blog.codinghorror.com/serving-at-the-pleasure-of-the-...

jasallen 1 day ago 1 reply      
As others are pointing out, yes, it's reasonable to not publish an API that you've chosen not to invest in supporting forever.

But it still feels like this is wrong even though we know the above. The reason it feels wrong comes back, as it always does, to Apple's walled garden. If we could 'use it at our own risk' as we might with an unpublished Android API or an unpublished Windows API, everyone would be fine with it.

But when 'unpublished API' means 'if you go near it your app is dead' that is a much less reasonable thing.

tlrobinson 23 hours ago 1 reply      
So who will be the first to override "bundleIdentifier" to inspect the stack and return @"com.apple.iBooks" if UIPopoverController is calling it?
ksec 10 hours ago 0 replies      
Apple using Private API is cheating?

Are these Dev Apple new comers? Apple has a history of dogfooding its own API internally until it think it is good enough before releasing it to the public.

nemasu 1 day ago 1 reply      
Interesting, couldn't we document the private APIs and use them ourselves? Or would Apple just reject the app then?
DanBC 1 day ago 2 replies      
I'm not trying to suggest any kind of equivalency here, but what's the difference between hidden api functionality for Apple and Microsoft's undocumented function calls?
eli 1 day ago 0 replies      
The way the check is implemented looks bad, but this doesn't tell us anything we didn't already know.

If you're surprised that Apple can use non-public APIs in its apps, you'll be shocked to learn that Apple actually controls the whole ecosystem and can block apps that compete with its own apps regardless of what APIs they use.

goblin89 23 hours ago 0 replies      
One of the things why Firefox OS looks appealing to me: Mozilla is being so open about every part of its architecture that situation such as this one is hard to imagine.
taumhn 1 day ago 0 replies      
That's a pretty boring way of preventing someone from using the API. You could easily swizzle the _popoversDisabled method and get away with it.

I remember trying to use a private API on Mac OS X and having my app receive a SIGKILL prompty after calling the function. It took me a while to find the fix: my app had to be signed. Mind you, it could be codesigned by a self-signed certificate and the system would be fine with it... these were fun times :)

ant_sz 1 day ago 0 replies      
It is strange that Apple allows this API on iPad but not iPhone. What if you want to write an iPad/iPhone universal app? Although there are many 3rd party replacement, I prefer a native API anyway.

As for this popover API, I don't think it's a trick of anti-competive, It matters not so much. But there are no official explanation at all, the same as many other questions about Apple. It will be better if Apple becomes more open-----not nessesary open source, but be open to these questions to avoid guesses.

whyleym 1 day ago 0 replies      
It's understandable that Apple locks down private API's, however given that developed these often they move from the private state (beta testing for their own apps?) to public and available for developers to develop against once they are happy with them.
ninininini 1 day ago 1 reply      
Almost everyone on here is defending Apple. For any other company there would be crying that someone is planting these Apple supporters or its Apple's marketing department making these comments or a hundred other reasons why these supportive comments shouldn't be trusted.
lepunk 1 day ago 0 replies      
It perfectly makes sense for me for this API. It is an element which could result in bad user experience if used on the small phone screen. So their choice was: "We either a, restrict it for iPad only or b, rejects apps using it badly on the ground of bad user experience"
bluesign 1 day ago 0 replies      
I don't think this is something new, actually there are plenty of places in UIKit code checking for bundle identifier prefix for "com.apple". Also it may be possible for them to plan this APIs public but not yet matured enough/finished to release.
DanielBMarkham 1 day ago 2 replies      
Might be time for the Apple PR machine to crank up some more stories about developers making millions writing apps. As every casino in Vegas knows, watching some guy hit it big is a great way to take your mind off how many resources you're losing.

I wonder, though, if there's going to be an end-game to this walled-garden nonsense. On one hand, people (tech-minded people) seem to be slowly getting it.

On the other hand, industry has somehow set up this insane legal system where the product you buy? You don't actually own it. So I go to the store and buy an iPhone. I give them money and I leave. This process is the same as if I bought a regular, land-line phone. Only with the iPhone, I don't own the box, the software, the O/S, or control what the phone does. Carrier wants me to have new software? It pushes it out and I have it. Apple wants to get rid of a favorite app I use? Poof, it's gone. They seem to be doing this without any major push-back from the user community.

I am prone to think both the "educated tech user" community and the "Joe Sixpack" community are going to meet up at some point, but I'm not sure. Maybe the strategy with this and all the other dystopian bullshit we're seeing is to try to run out the clock; keep things the way they are long enough so that the argument can then be made "but it was always like this!"

It's weird. I keep reading these articles about how various services suck, but it only seems like tech people know/care about it. That can't go on. Something's gotta give somewhere.

wsgeek 1 day ago 0 replies      
This seems to be the same anti-competitive behavior that Microsoft was often found guilty of and chastised for. Come on Apple, please don't become an Evil Empire.
xuesj 1 day ago 0 replies      
Good job!
tempodox 1 day ago 0 replies      
That's not cheating. And every other shop would do it the same way. You don't give away anything for free. Ever.
chj 1 day ago 0 replies      
Mozilla can't port their browser to iOS, isn't that a bigger issue than this?
siphr 1 day ago 4 replies      
I am surprised that this is so shocking to the author. Stuff like this is expected and only logical, as wrong as it may be. Apple has been desperately trying to tie people into their eco-system and every move the company makes is a step in that direction whether it may be immediately obvious to other people or not. Also I should mention that I believe Apple is probably not the only company that promotes the use of its own apps on its own platforms. Regardless, it is nice to see some concrete indicators like this article to actually show how that is being done.
Git 2.0 iu.edu
312 points by pantalaimon  15 hours ago   120 comments top 9
ultimoo 14 hours ago 6 replies      
I find git's growth and adoption remarkable. It was only 5 years ago that as a young programmer I was first exposed to git and the concept of version control. I remember that every other team I knew at my organization was using svn and no one really understood how git could improve their workflow or how it worked and what it brought to the table.

Now that I look around, almost everyone in the programming world (at least the part I'm exposed to) is familiar with git as a version control software and github as a social-coding/code-hosting site.

justinmk 13 hours ago 1 reply      
> "git rebase" learned to interpret a lone "-" as "@{-1}", the branch that we were previously on.

Cool, I was just looking for something like this with "git merge". Turns out "git merge" already supports it, and I need to get better at using the reflog (@{...}).

> "git add <path>" is the same as "git add -A <path>" now.

> The "-q" option to "git diff-files", which does NOT mean "quiet", has been removed

More intuitive.

> The bitmap-index feature from JGit has been ported, which should significantly improve performance when serving objects from a repository that uses it.

Improves clone performance if you're pulling lots of history, but there still doesn't seem to be a way to sparse-checkout without fetching the entire .git repo.

dj-wonk 12 hours ago 2 replies      
I can't tell if Git, the project itself, uses semantic versioning. Is 2.0 considered a major (backwards-compatibility-breaking) release?
joemaller1 14 hours ago 1 reply      
So I'm excited this is finally here. But I'm also terrified. You go first.
ww520 14 hours ago 1 reply      
Is there a summary for the new features in 2.0?

One feature I really hope git to add is an easy way to clean up deleted files in the repository. Some times I accidentally check in some large zip files or built files and that really blows up the repository size. Those files stay in there even if I've deleted them. It's a pain to clean them up.

jc123 10 hours ago 0 replies      
Git is remarkably deep in its functionality that its possible to learn something new about it on a weekly or even daily basis: if you have the time. Whenever you are trying to manipulate code, there is usually a clean way of doing it in git if one takes the time to master its power. Next time you have such a problem, if you have the time, take the opportunity and you'll probably pleased at learning something new instead of using what you currently know about git plus a workaround or two.
zobzu 14 hours ago 0 replies      
I wanted the auto gpg sign for a while. I wonder if itll get more adoption.
yeukhon 13 hours ago 2 replies      
For me the amazing thing about writing VCS is that a subtle bug or change could destroy someone's history and future commits. For example, in some old Mercurial release, hg mv had a bug (something affects history integrity) and the bug is fixed in recent release (the default version install on Ubuntu 12.04 should see that bug).

Maybe I lack of the domain knowledge, but writing VCS must be a very difficult task if you care about preserving history.

_RPM 11 hours ago 3 replies      
I'm about to graduate with CS degree, and my first question to potential employers is going to be "Do you use source control, and is it Git?"
Apple Confirms Its $3 Billion Deal for Beats Electronics nytimes.com
306 points by bedhead  18 hours ago   329 comments top 42
abalone 18 hours ago 12 replies      
The most interesting reveal from Tim Cook's quote is that he only mentions the music service and the talent, not the headphones.

That's super interesting. It basically means Apple looked at this like a typical Apple aquihire / component technology purchase (of the service), that just happened to have a multi-billion dollar profitable accessories business attached to it. That makes it a very unique kind of deal.

callmeed 16 hours ago 16 replies      
Honest question: is there a statute of limitations on what the tech world will tolerate with regards to misogynistic behavior (or bad behavior in general)? Or do people just pick and choose what they want to fight?

I ask because everyone rallied behind RadiumOne's CEO being canned after he beat up his girlfriend [0]. Similar with the Mozilla CEO (granted, the offense was different ... but it's interesting to point out that his transgression happened 6 years ago).

But now Dr Dre is about to become an executive at the largest tech company in the world and people seem to be lauding the move despite the fact of (A) misogyny in his lyrics since his NWA days and [1] (B) him beating the crap out of a female reporter, doing probation and settling a civil suit out of court [2].

Am I comparing apples and oranges here? (pun intended!)

[0] http://techcrunch.com/2014/04/27/ceo-gurbaksh-chahal-fired-f...

EDIT: spellling

[1] http://rapgenius.com/Dr-dre-bitches-aint-shit-lyrics

[2] http://en.wikipedia.org/wiki/Dee_Barnes#Dr._Dre_incident

gareim 18 hours ago 16 replies      
Apple redefined the mp3 player market, the ultraportable laptop market, the smartphone market, the tablet market, and now they're buying a company that reinvented the higher-end headphone market. Is it smart of a brand that has traditionally created their own iconic images to buy another cultural icon for $3 billion? I don't think so.

Maybe this gets used a lot, but would Steve Jobs have done this? Or would he have created his own headphones and music streaming service?

I'm willing to bet anything this is going to be seen as where Apple's golden age began to wane.

EDIT: I said "higher-end" because it's perceived to be, even though audiophiles would never agree. The consumer market believes that Beats and Bose are king though. That's another reason that I'm against this purchase; Apple isn't even buying anything technically higher end (Sennheiser, Beyerdynamic, HiFiMan, what have you).

JumpCrisscross 18 hours ago 6 replies      
The meat of this deal isn't likely the streaming service. Beats Music had only 111,000 subscribers as of March [1]. Compare that to Spotify's 10 million paying subscribers, 30 million non-paying users, and $4 billion valuation.

The deal's financial logic is driven by Beats's $1.3 billion business (in 2013) of selling high-priced headphones. Given Apple's P/E ratio of 14.9x earnings [2], the acquisition would make sense so long as Beats were running at least a 15% profit margin on those headphones. That's a surer basis for a $3 billion bet than a nascent streaming service.

[1] http://nypost.com/2014/05/27/apple-cuts-purchase-price-of-be...

[2] https://www.google.com/finance?q=aapl&ei=_0qGU5C_BabzsgeenYH...

asimpletune 17 hours ago 4 replies      
I just want to go on record with an entirely different idea as to why Apple is buying beats. They're going to make a label.

Why Apple doesn't do streaming: Apple hates committing to something unless it's absolutely perfect. There are numerous examples, but NFC technology is a good one that comes to mind. Granted, they've made mistakes, like Mobile Me, but that was due to poor implementation, rather than immature technology and infrastructure.A similar problem has been in their way as far music streaming goes. The obstacle in their path to connecting consumers to content are labels (the same applies to cable companies and iTV, but that's a different story). Labels are greedy, difficult to deal with, and a general nuisance who provide little or no value. Meanwhile, the actual content providers, i.e. songwriters and performers, view labels as a necessary evil, but no one believes for a second that needing them is ideal.

The vision: The idea is that Apple is looking to buy Beats to start their own label so they can cut out the label, who is an unnecessary middleman. My reasoning behind this is that Beats is a very strong brand, mainly because it's been run by two very savvy music industry veterans who know how to "produce", in every sense of the word. They're more of a household name than any other headphone maker can claim. If any company had the power, skill, and recognition to pull off disrupting the record industry, it would be beats. The only problem is they don't have enough money, do you know who does? Boom. It's as simple as that.Just take a look at this http://cdn.macrumors.com/article-new/2014/05/beats-royalty-s.... and tell me, from Apple's perspective, what the problem is with a music streaming service? The labels get all the money and the artists get none. All Beats has to do is say, "Boom, we're starting a label and we own the streaming service, so you can have a 30% cut per play and we'll keep 70%". If you were an artist and you could literally improve your earnings by 10x wouldn't you? $248K vs $22K is criminal.

Just imagine, from Apple's perspective, what this would open up? Essentially, it's total vertical integration, a pipe from artist to audience, unadulterated by stupid bullshit. For example they could have complete coordination of everything from the original recording quality of an album to specialized super high end digital to analog converters in the hardware - from lossless media formats that were recorded especially for that format to headphones that are tuned to provide optimal performance.This is a complete bargain and no ones talking about it. It will serve as a prototype for what Apple would love to do to the television industry (think Apple acquires HBO, a win win for both), and they're doing right under everyone's noses because no one can think big enough. Apple would never, in a million years, purchase a company like that for so much money if they didn't have a very good idea of how it would pay off 10x.

And remember, this is the same company that seriously considered becoming a carrier, in order to launch the iPhone.

onedev 17 hours ago 2 replies      
The amount of people in this thread who are unable to understand the brilliance of this deal is astounding.

What they bought is not one thing, but all the components that came together in the right way, at the right time.

* Beats Music, a music service that is truly different from the others and is in my opinion better in many ways.

* Legendary founder of Interscope records Jimmy Iovine (who then ran it for 25 years) as part of Apple management.

* Dr. Dre, enough said.

* The amazing people behind the curation of the playlists on Beats Music.

* A powerful brand, though this part is still a grey area for me. It remains to be seen how they handle the brand.

* A strong command of the market. In 2012, NPD Group reported that Beats had a market share of 64% in the U.S for headphones priced higher than $100. It's likely even higher now.

* Hardware that's flying off the shelves as noted above. They have the opportunity to improve the engineering of this hardware to make a truly great product while retaining the amazing branding.

All of those things came together into one place in one deal. It's incredibly smart.

k-mcgrady 18 hours ago 3 replies      
An important quote from the article:

>> Could Eddys team have built a subscription service? Of course, he said. We couldve built those 27 other things ourselves, too. You dont build everything yourself. Its not one thing that excites us here. Its the people. Its the service.

From my usage of the Beats streaming service it stands head and shoulders above everyone else because of the people it has creating playlists. They are really fantastic especially when compared with Spotify. Apple could build a streaming music service but they need the right people to build a good one.

bedhead 16 hours ago 1 reply      
Poor Logitech, a company I've always had a soft spot for. They used to be the king of the peripherals and even bought Ultimate Ears for $34 million back in 2008. Their audio business is probably their lowest margin segment and now Beats gets acquired for almost double Logitech's enterprise value. The power of brands...
KVFinn 12 hours ago 0 replies      
There's a lot of comments in here about the business case. Beats is undeniably moving a lot of product. Speaking purely for my personal feelings though this purchase makes me value Apple less.

While people say Apple is merely overpriced hardware bought because marketing makes it cool, I think this is wrong, it's also really good hardware. But Beats is that criticism of Apple come true -- overpriced crap made popular with marketing. Ironically I don't even mind the sound profile of Beats -- high fidelity cans are too flat for me personally. But even for someone like me I can get that same sonic effect for a fraction of the price with other brands.

Smulv 2 hours ago 0 replies      
It's well established that Apple is one of the pioneers in the digital distribution of music; however, iTunes hasn't been keeping pace. The portion of Apple's online services revenue from iTunes has been steadily declining since Q1 of 2011 [1]. The Beats' headphones product is definitely profitable and responsible for a big chunk of that $3 billion valuation; however, I doubt that was Apple's main motivator.

It seems as if Apple is doing this to both acquire the talent involved as well as the Beats' streaming service. As mentioned in the article Apple usually prefers the smaller segmented purchases, so I'm guessing Beats approached negotiations with an all-in-one mindset. As to the why Beats instead of another streaming service, it has to be some combination of the talent being just that good or the Beats' streaming service has something that distinguishes itself from others. What that is I don't know. I've heard about their mood based playlist feature and find that pretty interesting. I would like to see what happens when the physiological effects of certain music genres are researched, and then applied to develop this mood playlist concept even further. Thoughts?

[1] http://www.macrumors.com/2014/05/28/beats-key-declining-itun...

danhak 18 hours ago 1 reply      
So, Apple acquires music streaming service lala.com in late 2009 for $80 million and shuts it down unceremoniously.

Less than 5 years later pays $3 billion for Beats electronics, largely for their music streaming service.

saaaaaam 13 hours ago 1 reply      
I don't know the etiquette of posting here, but I just wrote quite a long response to a comment by JumpCrisscross who says that the meat of the deal is the headphones business rather than the streaming business. I don't know if that comment best lost in a tree of other comments, so I thought I'd repost it here. But I disagree absolutely with that point of view.

The meat of this deal is absolutely the streaming service. Apple NEEDS streaming. I buy an iPhone: I pay $100 to have ALL THE MUSIC ALL THE TIME with that phone, for the lifetime of the device. Awesome! It's like Amazon Prime but better.

And Apple NEEDS that; for them to negotiate their own streaming service with the majors + merlin it would have cost them dear - probably some sort of huge advance or equity stake (because that is the basis that streaming deals are done on these day). Apple is too rich to do that, so it's probably cheaper for them to spend $3bn on a pre pack streaming service than it is to negotiate their own deals. They are sitting on $170bn in cash. The majors don't budge on streaming - they want big fat advances, and they want equity. There is NO WAY that Apple can pay a percentage advance that will satisfy the majors ("we can't do this for 0.1% of your cash on hand, because that means that next time someone comes to us, they will want the same terms but they will only have $100m on hand") and they can't give them equity - because they value their equity too highly. It's no surprise that this deal is 90% cash and 10% stock, or thereabouts. The Spotify/Echonest deal was absolutely the reverse - 90% stock, 10% cash, because the value to Spotify of that defensive acquisition was worth way more to the Echonest investors in an upside dictated on a future Spotify IPO. $90m of Spotify stock today turns into a whole lot more in a year when they float.



For the headphones, Beats did $1.5bn in revenue last year. Let's assume that the average revenue per unit is somewhere in the mid to late hundreds - $150 - $180 per unit. At $150 - $180 per unit that means they sold somewhere around 8,500,000 pairs of headphones. Gosh. Check my maths there, because I thought it was insane too.

In 2010 Billboard reckoned the global headphones market was worth about $670m on 70.8m units sold - so that's about $9.50 per unit. Beats have massively outperformed this expectation. And thhis means Beats owns 10% of the headphones market, give or take.

There have been various tears-down/BOM costings of Beats which have brought them in at about $20 - $30 per pair - or less. A huge part of the cost of Beats is in the marketing - the endorsements, the adverts (hello, Super Bowl spot at a supposed $8m) the billboard campaigns, the product placements. None of this comes cheap. So let's assume that of their 8,500,000 pairs of headphones they spent maybe $200m - $225m or thereabouts to actually buy the pieces, and manufacture the cans. Let's also assume that - yes - they made 15% margin. On revenue of $1.5bn that means they are making $225m profit. So the manufacturing costs and the profit are about the same - which is fair enough; a 100% markup is pretty decent. But that means that a HUGE element of the value of Beats (and a huge element of that $225m profit on $1.5bn sales) is created in the aspirational value created through marketing - and the marketing costs LOTS money. Remove that marketing spend, and you have a business that doesn't look so shiny. If 90% of the value of the headphones is created by the marketing, then suddenly headphones that can retail at $180 or so per unit, on a per unit cost of $25 need to drop down and retail at $40 or so - which, coincidentally, is about the price point for SkullCandy and other fashion/aspirational headphone brands. So I think the headphones business is worth about 10% - 15% of what Apple is paying in that $3bn transaction. At most. Let's call it $450m, to be generous.

So yeah. I really don't think the headphones business is a thing.

I imagine for a while they may either incorporate Beats into a "premium" Apple headphones range - or they will drop the Beats brand almost entirely and sell the consumer headphones business off to someone else. Whatever happens, I'd doubt Apple will be using "Beats by Dre" as a brand. It'll be entirely integrated into the Apple brand - "iTunes On Demand" or something else.

Whatever they bought, it was not the headphones business. It probably wasn't the streaming business either - if we assume that maybe the Beats Super Bowl commercial netted them some more subscribers for the Beats streaming service and we call it a very generous 200k subscribers, that means that Apple has paid (once we deduct the $450m for the headphones business) something like $12750 per streaming user.

Spotify is worth something like $4.5bn at the moment (or, at least, it was until tonight, before Apple potentially decimated that market) and they have 10m paying subscribers. So that's a cost per user of $450 to buy that business. Spotify pays out 70% of every dollar of revenue to rights holders, giving them 30% of their revenue to cover their costs and make a profit. They say that they will pay out $1bn to rights holders this year. Which means that they are expecting to bring in about $1.4bn in revenue. So they have $400 to run their business and make a profit - only, of course, they don't make a profit. So the 10m subscribers + ad-supported users bring them $1.4bn.

If you want to buy Spotify today, it's going to cost you $450 per subscribing user.

Let's assume that there comes a point that Spotify has maybe 40m subscribers and they bring in $5bn in revenue a year. That gives them $1.5bn to run their business, and maybe at that point they turn a profit. If they return 15% also, then they're making $225m a year profit. That's $5.63 profit per subscriber per year. It's going to take a long time to make back the $450 you spent per user.

The value to the Spotify in buying the Echonest was that nobody else could have it.

The value to Beats in being bought by Apple is that nobody else wanted it.

The value to Spotify in all of this is that it makes it a three (or maybe four) horse race: them, Apple and whichever of the remaining players Amazon buys and bundles into Amazon Prime Instant Music. And then we'll see what Google does with YouTube Streaming.

For everyone else, it's a race to the bottom: so long as Apple can offer "iTunes On Demand" for a dollar less than anyone else, they win: they have a one click route to market, and they have a product that becomes more appealing to more people by the addition of a streaming service.

Basically, as far as streaming music goes, we're all fucked.

Here are some links to vaguely back up some of what I've said above. It's late, though, and I can't reference everything. You can pretty much Google it all though.





nashequilibrium 11 hours ago 0 replies      
Bottom Line, if this was beats by Jack Dorsey, everyone would be jumping up and down but its a black rapper and everyone is confused. The first thing everyone said was a difference in culture. My experience at a fortune 50 marketing firms let's me know right away that this is a premium brand across the globe. Their headphones are priced at such a high premium and their brand recognition as cool and worn by celebrities and top sports stars, across sporting lines from european soccer to swimmers coming out at the olympics.

Lets cut the bullshit, we all know why everyone is scratching their heads, because this is not a 22yr old hoodie wearing white hacker. Close your eyes and picture "Beats by Jack Dorsey" and u will know what i am talking about. Some fool will post how this is not true, downvote the post et cetera, but it is what it is!

malchow 17 hours ago 0 replies      
Apple paid ~10% of its $35b 2013 free cash flow* for Beats, a company with a software-side growth story and actual positive free cash flow of its own driving investment in the software piece.

Apple: spinning off cash, buying companies that themselves spin off cash.

A delight to see P. Oppenheimer's conservative approach thriving. Financially, Apple is a thrilling company to watch.

* N.B. That's actual GAAP free cash flow. It is pure cream. What better than to accrete to FCF while acquiring, as noted by @onedev, some terrific assets, personnel, and goodwill. This is a smart and cheap move.

nostromo 18 hours ago 3 replies      
Is music even still important to Apple?

The iPod is in a longterm decline. Low margin music streaming has replaced purchased mp3s. I think music has changed from the main event in the Apple ecosystem to a minor attraction.

It seems like Apple is looking backwards and defensively, not forward and offensively on this one.

balbaugh 11 hours ago 0 replies      
I don't understand why everyone has focused so much on the beats headphones side of the acquisition instead of the fact the this is a way for apple to get into the streaming market without having to negotiate from the get go with labels who have been weary of them gaining even more control in the music market. When they negotiated the deals for iTunes they were not even a blip on the radar in the eyes of record labels. Sure, the headphones are the immediate value with the price margin, etc. But, in the end, I see the biggest benefit being gained from an apple backed streaming service.

REMEMBER, Apple didn't create iTunes, they bought it.

sciguy77 12 hours ago 0 replies      
I have to say my Beats completely suck. I've had to get them replaced twice and I still get these annoying buzzing sounds. Forum-reading has led me to believe that this is a really common problem.I'm disappointed that Apple would buy such a crappy product, and pay so much for it.
ladzoppelin 17 hours ago 0 replies      
This is smart and as a non-apple user it could suck if Apple starts blocking cross-platform compatibility. Beats is actually MOG which is an amazing services that specialized in streaming 320's mp3's. It sounded amazing and I think it currently sounds better than Spotify at high quality. What sucks is what do people do if they currently have a beats sub but really don't have anything to do with Apple.
zacinbusiness 17 hours ago 0 replies      
The headphones are crap, way too much bass and the build quality is pretty bad even for low-end headphone. But they have fooled people into thinking they are a premium product, somehow. Is that why Apple bought them? I hope we don't start getting "iPad with Beats audio" gimmicks.
nikunjk 17 hours ago 0 replies      
"Its going to be accretive in fiscal year 2015" Damn, http://recode.net/2014/05/28/tim-cook-explains-why-apple-is-...
6thSigma 18 hours ago 2 replies      
I would have never guessed that Apple's largest acquisition ever would be Beats.
sayemm 17 hours ago 0 replies      

  "Still, I stay close to the heat   And even when I was close to defeat, I rose to my feet   My life's like a soundtrack    I wrote to the beat"
- Dr. Dre, http://rapgenius.com/412394

andy_ppp 16 hours ago 1 reply      
Check out my beats phone yo... Apps, iOS and a different demographic of people to sell cheaper iOS devices to. Watch the iPhone 5c quietly disappear from ever being an Apple product, it's not one.
evo_9 17 hours ago 2 replies      
I think the 3B would have been put to better use by buying HBO.
jsz0 17 hours ago 0 replies      
I think the key to this deal was the Beats brand. Apple was facing a very difficult task in trying to modernize/redefine the iTunes Store. They attempted to bolt on various new things like Ping, iTunes Match, iTunes Radio, etc but it ended up being a convoluted mess. Too much legacy baggage there. I suspect Apple will preserve the Beats brand and use it as the launching pad for all their next-generation media services/products. iTunes Store will continue on as the place you go to buy things while Beats will clearly be the place you go to stream things.
johnohara 17 hours ago 1 reply      
The question is not "why is Apple buying?" The question is why is Geffen/Interscope/A&M selling?
joshferg 17 hours ago 0 replies      
Wonder if Dre will join Apple's Board
jaxytee 18 hours ago 3 replies      
Depending on the details of the deal, this may make Dr Dre hip hop's first billionaire.
smackfu 18 hours ago 2 replies      
Interesting that they closed the deal and announced it before the WWDC Keynote on Monday.
return0 16 hours ago 0 replies      
An interesting thing about the deal is that people are coming up with positive stories and opinions about Beats just to justify the price, believing that Apple can't ever be wrong. We 'll see about that ...
pauletienney 15 hours ago 0 replies      
Beats = a bit of cool, a bit of cash, a bit of hardware, a bit of music streaming, a bit of new, a bit of music = good target for Apple.
insky 7 hours ago 0 replies      
Are the headphones any good? Stylistically, they look like something that you'd pick up from Poundland (UK), for a pound.
melvinmt 16 hours ago 1 reply      
My 3 billion dollar theory is that they want to shut it down to make room for their own high-end headphones.
justinlink 17 hours ago 1 reply      
This could have a mobile angle too. The HTC One was branded with Beats speakers and headphones.

Maybe they'll do an iphone with "Beats Audio" rather than wait for another Android phone to have partnered with Beats.

programminggeek 18 hours ago 0 replies      
Why didn't Apple just buy MOG when it was a separate thing? Or, why not just buy rdio now?

This is more than an acquihire or however you want to spin it. I'm sure right now Beats headphones are printing money and the people at beats are good at marketing youth culture.

Apple needs the ability to sell expensive tech to teens to be cool. Beats manages to sell overpriced headphones to teenagers all the time in huge numbers, even if it doesn't make financial sense. It's like designer jeans or Oakley sunglasses or... the iPod.

lstroud 17 hours ago 1 reply      
Will Beats be a wholly owned subsidiary or integrated into Apple?

I would imagine corporate structure will provide the answers on why Apple made this decision.

kerbs 14 hours ago 0 replies      
Can somebody humor me that there is a non-zero chance he will be the WWDC Bash performer?
eip 16 hours ago 1 reply      
Marketing geniuses that sell mediocre hardware for premium prices. Sounds like a good fit.
wnevets 17 hours ago 0 replies      
this the beginning of the end.
jotm 18 hours ago 0 replies      
Two companies that succeeded at selling overpriced, under-featured hardware to consumers mostly based on the brand name? A match made in heaven. :-
izzydata 18 hours ago 8 replies      
"Apple, the company that turned digital music into a mainstream phenomenon"

Is this guy serious?

For Hire: Dedicated Young Man With Down Syndrome aljazeera.com
305 points by mr_tyzic  11 hours ago   87 comments top 17
GuiA 10 hours ago 4 replies      
I worked with mentally handicapped kids a lot as an educator when I was younger (albeit in a different country). This wonderful article captures perfectly how, in the right environment, children with Down Syndrome can blossom, but how hard it can be for them as adults once society & red tape & bureaucracy all come into play. (I also worked with children who had Down Syndrome and had not grown up in the right environment- think abusive/dead/incarcerated/etc. parents. That got very depressing very fast, and I'm not sure I could do it again).

I think this also highlights how the increasingly geographically fragmented familial unit is problematic: in a culture where several generations of the same family lives under the same roof, the situation wouldn't be as dire. However, in our culture it is typical to have only small portions of a family living together, and for children to move away and live on their own, potentially hundreds of miles away. No situation is perfect, of course - but it's still something to ponder (and it affects other social groups as well, for instance the elderly).

There was a wonderful American Life a while back on a similar topic, about a mother dealing with her adult son who had a mental disability (can't remember if it was autism or Down), and fearing for what would happen once she passed away. Can't find it right now; will edit this post if I do.

sdrothrock 11 hours ago 0 replies      
I was afraid that this would be a tacky post hinging around hiring a guy solely because of his disability (i.e., charity) and instead it's a really thoughtful, insightful post about what it's like as a father of a young man with a disability and how hard it can be for people with disabilities to get hired.

One thing I wonder (and I don't know if the author comes here): is there no Office of Vocational Rehabilitation or something similar? The author mentions Penn State and I know Pennsylvania has an OVR, even though it can be very hard to communicate with them sometimes.

I had this problem when I was younger and had just gotten a cochlear implant. I always fretted about whether or not I would be able to get a job somewhere since I couldn't hear in moderately noisy environments (think fast food, movie theaters), couldn't use the telephone, and sometimes had difficulty understanding people I'd never met before. It was really scary thinking that I would have to live with my mother for the rest of my life, unable to get a job.

Being rejected from all of the entry-level jobs I applied to at the time only made my fears worse.

I found some good jobs and have a great one now, but I feel for this young man.

caublestone 9 hours ago 1 reply      
I barely made it through this article. After the 10th minute of pushing through my tears to read, I had to resolve that nothing would stop me.

On HN we dream big. And we all agree that we can dream big and maybe hit it big. Imagine what it feels like to realize at a young age that you DONT get to go after your dreams because you are missing the tools. Imagine what it feels like to believe something is wrong with you because you talk to yourself sometimes. Now get back to starting your company.

And yet, you can be happy to commute, to have co workers, to have some freedom from our parents.

hkmurakami 10 hours ago 2 replies      
I remember when I worked in an auto-industry factory (as part of my training) in Japan, we wore caps with colored bands that denoted rank/category. New employees were dark blue. Equipment/facility maintenance people wore yellow bands. "Management" inside the factory, as well as the white-collar employees had light blue. Outside guests wore red.

Amidst this, workers with disabilities wore caps with green bands. Many were hearing impaired, but there were some with leg issues and others with some form of mental illnesses.

This kind of categorization perhaps wouldn't fly in the States, but it seemed to aid the company's goal of having 5% of their factory workforce composed of people with various forms of disability (iirc).

As knowledge workers, it's easy for us to dismiss bluecollar positions like these, but working at a enormous Toyota group company, receiving a great deal of training and a respectable wage (you can make quite a bit with overtime), and being part of something that produces countless goods into the world is a pretty good deal for people in a country where it's not illegal for potential employers to ask about your existing medical conditions during the interview process.

pling 8 hours ago 1 reply      
Not downs, but we had a guy with a pretty bad speech impediment interview with us a while back. He had a well controlled stutter which resulted in pauses of 10s+. The guy was awesome (better than the average across our team) and had wonderful written communication skills. That's all we need as we email each other all day (we're a very disparate team). Unfortunately my asshat boss decided that he wasn't suitable for the position due to a number of made up concerns and vetoed our acceptance.

Pisses me off every time I think about it but that's how a lot of companies operate.

weinzierl 7 hours ago 1 reply      
In Germany another young man with Down syndrome is currently much talked and written about. It is about eleven year old Henri who took part in a model experiment to attended regular school classes.

Now that some of his classmates are about to go to high school, his parents try to get him also into high school. Their reasoning is that it would be cruel and against the idea of the original experiment to separate him from his friends again. They don't argue that does not have the abilities to graduate. The whole argument is if a high schools should accept someone for other reasons than graduating.

The following article is not very good, but the only one I could find in English:


Much better one, but in German:


mike_h 8 hours ago 3 replies      
Would something like a google glass app, or another semi-automated assistant work for augmenting his capabilities?

Sounds like he's totally motivated and capable to do e.g. the janitorial work, but his capability needs to be paired with intensive supervision. Could that supervision be implemented as wearable interactive instruction or cheat-sheets?

dougjordan 7 hours ago 1 reply      
I took french class with Jamie back in high school. He is a great guy, and works incredibly hard. I loved working in groups with him; his french was much better than mine.
digitalengineer 4 hours ago 2 replies      
I enjoyed reading this article, strangely enough by Aljazeera. That did made me want to know how a child like this would grow up in the Middle East. I found this: http://media-dis-n-dat.blogspot.nl/2009/03/saudi-mother-trie...
personlurking 8 hours ago 0 replies      
If anyone is interested in a good film about a young man with Down Syndrome and how he gets on in life (work and love), check out the Spanish film Yo Tambien (Me Too). Here's the trailer, with subs.


bayesianhorse 2 hours ago 1 reply      
Maybe in Taxonomy? Taxonomists are scientists who can catalogue specimens of animals and plants into species, and argue about what is a species and what is two species.

However, he might be quite good at learning to classify specimens and classifying them. Not in the more academic/scientific role, but it would be valuable work. He might even be able to discover things about taxonomy nobody else has found yet.

Suncho 3 hours ago 4 replies      
I found this article disturbing.

Why are we forcing developmentally disabled people -- or anyone, for that matter -- to get jobs? Is there a dire shortage of low-skilled labor that I'm not aware of?

"Whenever we talked about his employment prospects after the age of 21, we reminded Jamie that he did not want to live a life of watching YouTube, wrestling videos and Beatles Anthology DVDs in the basement."

Would there have been anything wrong with watching YouTube videos all day if Jamie's father had never told him that it was wrong?

And if the purpose of sheltered workshops is to provide busy work for developmentally disabled people, why should it matter whether they pay below minimum wage?

rcthompson 7 hours ago 0 replies      
It's difficult to imagine how hard it must be the be mentally handicapped yet fully aware of that fact.
tatianajosephy 9 hours ago 3 replies      
I have a strong sense that online work - on CrowdFlower, Mechanical Turk, or Elance - could be the path forward for someone like Jaime. Please do note: I work for CrowdFlower.

The beauty of online work is its promise of operating as a meritocracy. Access to the labor market is not about who you know, or how you appear, but about your ability to perform. Everything about Jaime, from his diligence to his incredible cataloguing memory, struck me as a perfect fit for the type of work that's readily available online: data collection, cleaning and labeling.

Even better, this type of work is going to become a larger and larger part of labor market as the machine learning field grows and the need for clean training data grows along with it.

zilian 3 hours ago 0 replies      
Very interesting and moving article. I was surprised by his incredible self-awareness and self-acceptance. Now it makes me wonder about all the reasons why you can't fit in our busier-than-ever society. Why bother trying joining the workforce when it's already broken for most of us? Maybe he could learn to grow his own food, learn to make things at his own pace and become more 'independent' while doing so?
BorisMelnik 9 hours ago 0 replies      
very touching young story - I bet this kid is a lot of fun to work with. The fact that he was on time every day for 6 months probably whips all the other employees into shape from an HR perspective. "If this kid can be on time and take the bus, then so can you."
jeremyperson 7 hours ago 0 replies      
Reminds me of these videos which I think HN will enjoy. Meet Anthony -> https://www.youtube.com/watch?v=Yv5nzgrYBIQ and Tim's Place -> https://www.youtube.com/watch?v=y6He0FWoFj0
HipChat is now free for unlimited users hipchat.com
296 points by rbres  1 day ago   203 comments top 41
aspir 1 day ago 4 replies      
People are making the valid comparison of Hipchat and Slack, which is to be expected. But, this is a deeper move by Atlassian.

Atlassian's business model is still "All roads lead to JIRA/Confluence." It's why so many of their products are free. This isn't as much a Hipchat v. Slack/IRC/Google/Campfire move, as adding another road to JIRA.

Deestan 1 day ago 3 replies      
Be aware that Hipchat are now rolling out a new "feature" in which the account admin can read all private 1-to-1 chat: http://help.hipchat.com/forums/138883-suggestions-ideas/sugg...

This could be a significant issue for some, both morally and legally.

If you are using / are going to use Hipchat with this enabled, at least make sure you are aware of any legalities you need to conform to because of this. E.g. gather consent from employees.

joeblau 1 day ago 12 replies      
HipChat is probably under fire from Slack. That's why I think they are making this change, because I just made the transition a few weeks ago and Slack has been amazing. Once you go Slack, you never go back.
ak217 1 day ago 3 replies      
We switched to Flowdock and never looked back. The SNR advantages of the integrated conversation threads and "email-like" inbox model are amazing. I never knew what I was missing with IRC/hipchat.
TallGuyShort 1 day ago 3 replies      
My company recently started using HipChat and I really like it. I expected to prefer IRC because of the standard, open protocol and the choice of clients, but the HipChat application works much more smoothly on my Linux desktop than any IRC client I've tried, and it's been adopted more widely across my organization than IRC ever was - making it much more useful, even if that really just comes down to marketing it to appear more accessible. It's working really well.
hoopism 1 day ago 0 replies      
I tried to sign up. I really did.

First I entered in my own details but neglected my lastname... didn't say I had to. It's a single name field. It rejected my submission and zero'd out the fields. Strike one.

Then it asked for my team members names and email addresses. It had a skip button, that was nice. I added their emails and used again their first names... let them add their last name or preferred name. Again it failed and removed all the data I entered. Strike two.

Then I attempted to download the client. It wouldn't let me till I verified my account. It will let me send solicitation emails to team members... but not download a client. Ok. Odd. I downloaded the client to my mac entered credentials and after about 4 minutes it failed to launch with a debug window displayed. Strike three.

I did try.

IgorPartola 1 day ago 4 replies      
Last I tried HipChat, it was a terrible experience simply because I wanted to not run yet another application and instead use Adium. They do support XMPP but to get it working you have to do magic. After I did the magic, I had chat up and running but lo and behold: file transfers did not work. Thankfully, this is when our team decided the experiment was over. We went back to using IRC. What fundamental problem do these new chat protocols solve that are not already addressed by IRC and XMPP?
ChikkaChiChi 1 day ago 0 replies      
I just recently compared Slack and Hipchat and Slack seems to be the more advanced of the two at this point.

The magic bullet in collaborative chat like this seems to be presence awareness. We used to use GTalk for this but since moving to hangouts we can't ever tell who is at there desk when we need them.

Here's to hoping one of them gets it right; especially when you install on your desktop and your mobile device.

phamilton 1 day ago 1 reply      
I've found Video Chat to be pretty terrible. I find it weird to market that as the upsell. Most of the time, we give up with Hipchat Video and switch to a Google Hangout.
OoTheNigerian 1 day ago 3 replies      
Slack surely is putting HipChat on its toes. Competition is really good.

I use and enjoy HipChat. The feature I love about it is the ability to temporarily invite someone (edit: a non organization person) to a room.

It would be nice if it was possible to have it open all day and have it like an IRC. It would be perfect for having support rooms for an app.

One thing i'd like HipChat to improve on is the timeout that happens to their desktop app. As long as it is open, I do not want to have to "reconnect".

Nice one guys. And Nice one Slack. Surely, no slackers.

jedisct1 1 day ago 8 replies      
I don't get the point of HipChat. It's a closed, proprietary Jabber server, with closed-source clients, intentionally no OTR support but the explicit ability to spy one-on-one conversations instead.

And people used to pay for that?

kolev 1 day ago 4 replies      
My biggest issue with HipChat is the inability to run multiple organizations on the same client. The video and audio "premium" features are really a terrible idea as there's Skype, Google Hangouts, UberConference, and similar for that and they are free and core businesses and Atlassian cannot and should not attempt to compete with those!
bokglobule 1 day ago 3 replies      
Do you guys worry about confidentiality with these services?
jitbit 15 hours ago 0 replies      
The only reason my team prefers HipChat over Slack is because Slack doesn't have a Windows-client
fekberg 1 day ago 0 replies      
HipChat is great, but I've found myself much more often on JabbR (https://jabbr.net/) to be honest. Might be because I am a sucker for SignalR.

JabbR is also free to use, you can have private team rooms if you so like and it integrates with a bunch of auth services.

smethod 1 day ago 4 replies      
I know it sounds ridiculous but for me the one thing HipChat's got over Slack is the ability to have custom emoticons https://blog.hipchat.com/2012/05/21/custom-emoticons-everywh.... Admittedly we use it mainly for banter and fun but its a sticky feature currently keeping me migrating over to Slack...
skizm 1 day ago 0 replies      
Maybe I haven't read enough about HipChat, but what is the advantage over google's chat? That you don't need a google account?

EDIT: ah, integration with other Atlassian products. got it.

Dorian-Marie 1 day ago 0 replies      
I think they should learn from Slack and make all the integrations at least as awesome as them, and also have some kind of more modern interface.
Fizzadar 1 day ago 2 replies      
We use HipChat at work, and I use Slack for some other projects; both pale in comparison to the simplicity, flexibility and client-options of IRC. But for those less technical it's a fantastic and easy to setup alternative. Pointless in an all-dev company, but anywhere else, priceless.
JGuo 1 day ago 0 replies      
Just moved our team to slack as well. Has definitely been a better experience.
gaoshan 1 day ago 1 reply      
We use a bunch of Atlassian products (Jira, Bitbucket, Tempo, Sourcetree, IDE Connector, Jira Agile, ) but while HipChat never caught on with us, Slack hit a home run.

That said, once someone includes video group chat (a la Skype) for free we will likely jump for whoever offers it.

rdschouw 1 day ago 0 replies      
We moved from HipChat to Slack. HipChat desktop clients on OSX were crashing all the time. Most notably after waking up from a suspend. Slack is much more stable. The transition was pretty smooth.
mavci 1 day ago 0 replies      
I'm still with Slack. Can't make a webhook with HipChat, it shouldn't be hard this much.
ansimionescu 1 day ago 0 replies      
Two questions, if I may:

What are HipChat's advantages over other chat services?

What's a good, mainstream-ish, secure/encrypted chat service?

Thaxll 1 day ago 0 replies      
Is Slack cloud based? If so it's a big problem for a lot of compagnies, most of them don't want to host their chat service to an external provider, that's where Hipchat is very useful. You can host your own server in-house.
larrybolt 1 day ago 0 replies      
I wonder if this has at least a little bit to do with the recent post about HackerChat [1], since even though it wasn't by the people at Slack themselves, but by someone else (Gianluca and Steven), it's pretty much a very good way to get the word out about Slack. I actually couldn't think of a better way than what HackerChat did to show to developers, entrepreneurs and people that would need such tool "Here's how it works!". I don't think any landing page can do that.

I think it's what some smaller businesses might do, or some people applying for a job: look what the startup/client does or needs, make something that's relevant to demo your skills/features and show it to them.

[1]: http://hackerchat.co/

bmurphy1976 1 day ago 0 replies      
I like HipChat but I really really wish it integrated with an irc client. I've spent hours trying to get a good experience with BitlBee and, well, it's anything but smooth. The single biggest thing they could do to help me and my coworkers out would be to allow our IRC clients to connect to the service. Other than that I love it.
machbio 1 day ago 0 replies      
Slack has a problem with retrieving deleted team URLs, seems like they have not covered all the test cases for the signup process..
gorax 1 day ago 0 replies      
I wonder what the hosted pricing will be when it comes out of beta. At my work we will not even entertain something that cannot be hosted by us.Hipchat has saved 3 members of our 15 man team countless hours by integrating it into our workflow.

I if slack could be self hosted I would consider it but Hipchat has our support.

jess1003 1 day ago 0 replies      
Has anyone checked out Hall? It's chat, text, and file-sharing for teams. Free for teams for an unlimited time. But with the added bonus of being able to talk with ANYONE from ANY email address, instead of switching in and out of teams like on Slack. Try it out: hall.com
dahdum 1 day ago 0 replies      
This is awesome, we've been paying $100+/month for our company but never use video chat or screen share (nor did we want them) and have turned off history retention since day 1. Sounds like we can downgrade and pay nothing now.
torbica 1 day ago 1 reply      
What would be best HipChat alternative for self-hosting?At my organization we are not allowed to use any external service.
rahilsondhi 1 day ago 0 replies      
That's great HipChat. Now can you do emoji autocomplete?
CMCDragonkai 1 day ago 0 replies      
We moved from Hipchat to Kato, mainly due to the bugs and frequent servers going offline.
mutant 1 day ago 0 replies      
this still doesn't fix the fact that there is no longer private 1 on 1: https://news.ycombinator.com/item?id=7649524
programminggeek 1 day ago 0 replies      
The biggest feature HipChat lacks is chat room sounds. That was my favorite feature of Campfire. Otherwise, HipChat is pretty cool, I guess.

I really miss chat sounds.


notwhyships 1 day ago 0 replies      
Hard to imagine that Google isn't going to weigh in soon with its own offering.
EGreg 1 day ago 1 reply      
We just use Hangouts and everything integrated into Google Apps. What is the advantage here?
tomkin 1 day ago 4 replies      
Is HipChat really a good thing? Constant distractions all day means I get nothing done, so I'm pretty much against any kind of constant stream of communication when you're trying to think. Call me crazy.

On to the service itself:

I can't join in on my client's conversation without creating a whole new account with a different email address. Annoying and incredibly short-sighted. I know that the people over at HipChat never work with anyone outside of their office, but unfortunately this is not the case for most people.

Honestly, I can get an IRC server up and running in the time it takes to get a HipChat account activated. It's annoying that so many people are hyping HipChat, as if it were some groundbreaking thing.

DanBlake 1 day ago 1 reply      
It feels like they are pulling a amazon, ala diapers.com fiasco. *

Only issue is, they are doing it to their core business vs amazon who was doing it with just one segment and could afford to cannibalize profits in that sector


Whitewood Under Siege: Wooden Shipping Pallets cabinetmagazine.org
291 points by drjohnson  2 days ago   70 comments top 14
MisterBastahrd 2 days ago 1 reply      
Note: I worked for a large grocery chain for 7 years

Plastic pallets are vastly superior in the long run to wooden pallets in terms of durability, and many companies have used them for almost two decades interchangeably with wooden pallets. One of the issues here is that once a pallet enters the supply chain, who knows if or when you'll get them back. When I first started working for the grocery chain, there were over 30 pallets of back inventory sitting in the warehouse (this is a very bad thing and I corrected it during my time with the company).

The main problem with wooden pallets is that they are largely made with inferior wood that can't stand up to the stresses applied to them for a long period of time. If any of the center slats break, there's no problem. If one of the ends break, then you're probably going to be cleaning up a warehouse floor from whatever was on the pallet. People are also more likely to walk away with a wooden pallet since they have plenty of utility and are very inexpensive.

That isn't to say that plastic pallets are without fault, even if they are virtually indestructible. Most plastic pallets are manufactured with a diamond plate pattern. That's nice and all, but it's still plastic and therefore, slippery. Place some frozen or refrigerated food on a pallet destined for a windy area and have fun cleaning bananas out of the back of the truck.

So the best of both worlds would be a plastic pallet with a non-slip coating on the top of the pallet and the feet.

dewey 2 days ago 2 replies      
There's also an interesting system in Europe called EUR-pallet. [0]

They are usually made out of higher quality wood and quite durable. The system works by trading pallets for pallets, so if you receive some goods on a EUR pallet the driver takes an empty EUR pallet from your stack and it'll be reused at the other company.

[0] http://en.wikipedia.org/wiki/EUR-pallet

dustin1114 2 days ago 1 reply      
I've worked in grocery logistics for several years, and can tell you from experience just how political CHEP, PECO, and iGPS pallet distribution can be. Because of the size of my organization's warehouses, CHEP especially requires stringent audits, and if a truck sent out with CHEP when it was not supposed to, the gestapo comes after you.

I will admit, though, that CHEP are the best when it comes to quality (other than iGPS, perhaps). They are far less likely to have splinter, warp, and degrade. They are also much more resilient to the abuse that the supply chain puts on them.

An important point to remember is automation. The logistics industry is becoming more and more automated. Consistent, high quality pallets are becoming a must. The typical hi-lo is becoming less and less common, while in its place are robotic automated guided vehicles, distribution conveyors, and high-bay storage and retrieval machines. I know from experience how much pain and frustration is caused by broken stringers, splinters, and warped whitewood (in our industry, we call them GMA pallets [Grocery Manufacturers Association]]. Literally days of lost time annually, which can equate to millions of dollars.

I have no real opinion about what the best direction is. You either fork out more up front for the good stuff (with all of its politics), or you just deal with the bad quality and inconsistencies of whitewood.

I have to say, this was a very interesting article...a nice change from Python 2.7 vs. 3.X!

davidbanham 2 days ago 0 replies      
CHEP and Bunnings (the dominant hardware retailer here) had a big spat over this recently.


They now refuse to allow any CHEP pallets on to any Bunnings site. LOSCAM, whitewood or nothing.

quinndupont 2 days ago 2 replies      
Stunning to see Cabinet Magazine being referenced on HN. For those that don't know, Cabinet is an excellent magazine that covers many topics, but has something of a philosophy and art focus. Great article, as always.
stephengillie 2 days ago 0 replies      
Interestingly, this article completely leaves out soda (aka pop aka coke) pallets. All of the major soft drink bottlers use about the same size and shape pallet, and it's much smaller than the traditional whitewood pallet. Often, they'll put their pallet onto a square pallet, then that one a whitewood pallet, when they deliver to grocery stores.

Pepsi, Coke, and other soft drink and beer distribution companies even have their own, smaller, powered pallet jacks. The powered pallet jacks that grocery and other retail stores use are usually too big for these smaller pallets.

These companies have been slowly moving to plastic pallets over the past decade, and wooden pallets of those dimensions are hard to find today. The plastic pallets offer some level of 4-way access as well.


Edit: I had forgotten about these full-size plastic pallets. They are so much cleaner and easier to use. Even new whitewood pallets leave behind a cloud of splinters and wood dust. These leave behind some shipping dust as there are no cracks for dust to fall through. They stack more securely and don't get heavier when wet like wooden pallets. And you can stack about twice as many in the same space.


GFischer 2 days ago 4 replies      
A really compelling read.

How many hidden industries like the pallets one are out there, waiting for software (or hardware) aid or disruption? I mean, 3.5 billion in pallet-related revenues :) , and millions in losses due to lack of tracking... is RFID really the best solution?

jessaustin 2 days ago 3 replies      
Maybe this is a rare streak of jingoism for me, but it seems odd that a foreign company has been able to come in and dictate through the courts that the whole industry should work on a completely different model. Perhaps the reason "blue" is such a good deal for shippers is because much of the real cost has been transferred to third parties. ISTM the courts should force CHEP to include a significant deposit in its contracts, or else forgo the discounted forced labor of the recyclers. It wouldn't have to be a 100% deposit, but it would have to be high enough so that shipping destinations were no longer indifferent to whether the pallet was returned to CHEP or recycled or stolen.
acomjean 2 days ago 2 replies      
One of the theories on how the Asian Long Horn Beetle (an invasive insect that is also a wood boring bug) came to the US was in wood used in shipping. Either palettes (skids is the term I've heard), or wood bracing in shipping containers.

Plastic doesn't seem so bad.

Cthulhu_ 2 days ago 1 reply      
One major downside of the wooden pallets is the ever-present risk of fire. I worked at a food/vegetable processing plant once, it'd get vegetables from the field, we'd pack them, chuck 'em in boxes and stack them on pallets. (vacation job, yay)

Next to the plant were huge stacks of wooden pallets. Years after I worked there, the whole plant burned down; a fire started in the pallet stack, and since they're awesome fire material they took the whole factory with them. Not sure if it was accidental or intentional though.

Bonfires and world record attempts for bonfires often involve large amounts of wooden pallets. Cheap, very open, stable/stackable, ideal fire material. There's a picture of the world bonfire record in Norway where they build a giant tower out of pallets.

vacri 2 days ago 1 reply      
The article is stacking the deck pretty heavily:

After all, collecting these stray pallets takes a lot of labor, a lot of miles, and a lot of trucks.


they receive blue pallets whether they want them or not

So the recyclers' hands are tied because they receive pallets mixed in with white pallets when delivered by the truckload, but then they get to turn around and talk of all the effort collecting them. It's not hard - just educate your customers - "I won't pay for blue pallets, because they're rented equipment. You can ship them to me, but I'll reduce the payout for a truckload by the number of blues". What the article is promoting is that the recyclers get to play the innocent... then directly profit off it.

Don't get me wrong, I think the idea of renting pallets is stupid, but then again, I'm not making $3.5B/year. But the article seems to gloss over the fact that selling something you do not own is not legal, regardless of how much labour you put into it (otherwise burglary and fencing would be legal). These pallets are clearly marked; it's not like they're hard to confuse.

gohrt 2 days ago 0 replies      
YC application question: "How have you hacked a system in real life?"

> What is most vexing to many recyclers is the belief that the accumulation of blue pallets in their yards is not an accident, but a deliberate CHEP strategy. After all, collecting these stray pallets takes a lot of labor, a lot of miles, and a lot of trucks. If you are CHEP, why do this work yourself if you can get someone else to do it for you, at a price that you dictate?

> In 2008, a group of recyclers filed a class action lawsuit, claiming that CHEP was leveraging its dominant market position, and violating anti-trust law, by transferring its operational costs onto recyclers. The recyclers argued that CHEP had made them into a conscripted collection army.

lotsofmangos 2 days ago 2 replies      
You could easily make a cheap machine that could make pallets to order out of plastic packaging scrap on-site. Judging from this article though, that might annoy a hell of a lot of people.
gadders 2 days ago 0 replies      
Typical: https://news.ycombinator.com/item?id=7672923

No-one talks about it when I submitted it.

The Internet With A Human Face idlewords.com
250 points by NelsonMinar  2 days ago   63 comments top 25
Karunamon 1 day ago 1 reply      
This is going to be a fairly controversial opinion, and I fully expect this text to end up about one shade off white approximately five minutes after posting (at least if my last few attempts mean anything, hence the following wall of text), but I notice a few things, without fail, whenever this topic comes up.

1) The advocates for all of these restrictions on data are incapable of doing so without resorting to flawed arguments, if not outright scaremongering.

A couple selected pieces from this article:

* "If you've ever wondered why Facebook is such a joyless place.."

Can't say I have. Perhaps your Facebook interactions are all dour and joyless because the people you interact with are dour and joyless online? In any case, it's hardly proper to speak this opinion as if it were fact.

* Comparison of ad targeting data to the "pink files" collected for the express purpose of destroying LGBTs, or data collected by various secret police.

Why this is problematic is left as an exercise for the reader.

I'm going to coin a phrase here. You know "reductio ad absurdum"? I'm going to call this "reductio ad missionem malum" - reduction to the worst case scenario. A close relative of the slippery slope.

In this case, the thesis appears to be "Lots of data is collected, therefore burn it all to the ground because it can be misused by the bad guys with guns."

2) Their arguments are not followed to their logical conclusion.

Much hand wringing is done (not by the author necessarily, but in general) about the world when everyone's "youthful indiscretions" and "every mistake" are available online, permanently, for the world to see. Fast forward a decade or so after that line is crossed. What happens when everyone has dirt on everyone? Does that not greatly lessen this impact? It's pretty hard for the guys in suits and dark glasses to blackmail you for something when that information is already out there.

It would be a type of "post-privacy" society, in other words. It is fundamentally different from what we have now, where we have a public personality and a private personality. This carries some positives, some negatives, and I feel it has yet to be discussed in an objective way.

3) Instead of advocating for greater privacy controls that make sense, they instead advocate for measures like the EU's misaimed and "feel good" "right to be forgotten" law.

Look at what the author advocates for:

* "Limit what kind of behavioral data websites can store. When I say behavioral data, I mean the kinds of things computers notice about you in passingyour search history, what you click on, what cell tower you're using."

I for one GREATLY LOOK FORWARD</s> to the day when bureaucrats tell me how my nginx access logs must be formatted and stored (after all, they contain, fairly explicitly "what you click on"). I also look forward with the same enthusiasm to how such a thing will ever be enforced and to find out how much money will be allocated to this particular measure.

I think this is approaching the problem from the wrong angle.

The author says that this is an implementation problem. I, for one, do not want that implementation decided by people who don't understand how technology works. Unfortunately, that seems to be the case whenever you have tech-by-legislative-diktat.

Let me give you an example by way of the next item:

* "Enforce the right to delete. I should be able to delete my account and leave no trace in your system, modulo some reasonable allowance for backups."

Remember how I said the EU law was misaimed and "feel good"? A case where this would do more harm than good: Hacker News. Or indeed any other discussion forum or mailing list archive. Imagine a prolific and quality contributor here, like such as tpacek or even PG. Now imagine that for whatever reason, one of these people want to be "forgotten" and invoke this law.

Imagine what this would do to every single thread that person has ever participated in. Context would be utterly annihilated. This would eviscerate, in the most disgusting sense of the word, most any discussion forum.

I came up with this edge case in less than 60 seconds of thought, and I don't even begin to rank on the list of smartest people on HN. If I can locate such a problem with so little effort, that means both that the people who wrote this law don't know what the fuck they're on about, and it also means that worse edge cases probably exist.

I would say that the legislation needs to target behavior, not tech. Ensuring that private data remains so even after mergers, acquisitions, etc? Excellent. Penalties on companies that misstep? Great idea. Ensuring that government types have to go through the full judicial processes (none of this secret-court-rubber-stamp malarky) to access this data? Awesome!

Making me destroy my website because someone wants to disappear themselves? Less so.

pja 2 days ago 0 replies      
This is a great quote, and very timely with the recent metafilter kerfuffle:

"If you don't run your own ad network, advertising is a scary business. You bring your user data to the altar and sacrifice it to AdSense. If the AdSense gods are pleased, they rain earnings down upon you."

"But if the AdSense gods are angry, there is wailing, and gnashing of teeth. You rend your garments and ask forgiveness, but you can never be sure what you did wrong. Maybe you pray to Matt Cutts, the intercessionary saint at Google, who has been known to descend from the clouds and speak with a human voice."

ronaldx 2 days ago 1 reply      
I'm now more hard-line than this on data privacy:

I have come to believe that businesses should not be legally allowed to store any consumer data unless it's obvious to the consumer that it's absolutely required for the primary function of the service, and they should only be allowed to store data for that one function, with an exception if the consumer explicitly and voluntarily opts-in for each additional function.

Large internet companies have been collecting swathes of data with the claim that they are secretly using it to improve people's lives. But it seems to me that A/B testing has failed to improve anyone's life.

Example:I use search engines to search for something I'm looking for.

I do not benefit from being shown 'targeted' ads, nor from the search engine identifying the most populist answers which it uses to spoon-feed me later rather than serve what I asked for, nor from the search engine identifying which particular arrangement of pixels will leave me personally more addicted.

Businesses are welcome to use my data in ways which are in my interest, but they should not get to decide which of these uses are in my interest.

moultano 2 days ago 1 reply      

I thought it worth noting that Google does strip personal identifiers after 18 months which is in line with one of his proposed fixes.

gammarator 2 days ago 2 replies      
The thesis the talk pivots around is this one, in my reading:

"Investor storytime only works if you can argue that advertising in the future is going to be effective and lucrative in ways it just isn't today. If the investors stop believing this, the money will dry up."

woah 2 days ago 0 replies      
We read this, nod wisely, and go back to working on our centralized services for VC's who hope to own part of a monopoly. "One day, this will change" we think to ourselves.
coldtea 2 days ago 1 reply      
>There was an ad for the new Pixies album. This was the one ad that was well targeted; I love the Pixies. I got the torrent right away.

I laughed very hard on this!

In all, an excellent article. I disagree with blind faith in technology to solve all our problems and not create new ones

People often forget that technology is tools (and not always neutral tools, as is another naive belief: some inventions have larger inherent "harm potential"), and that policy matters as much, or even more, as does the kind of cultural landscape we guide our use of the tools.

(Remember the classic xkcd comic: http://xkcd.com/538/ ).

thaumaturgy 2 days ago 1 reply      
This was excellent. It described some of the reluctance I've had towards social networks since 2000 at least.

It's also a little bit funny that it was written by the guy behind pinboard.in, a nice social bookmarking service (where many people went when del.icio.us died). But that makes me trust the service more, not less.

Which probably means I am stupid.

marknutter 2 days ago 0 replies      
This is how you share slides!
corford 2 days ago 1 reply      
Fantastic as always. Every time I read one of Maciej's talks or essays I get a little closer to throwing in the towel and pursuing a more meaningful existence. It's going to happen one day and I can't wait to read the post that forces it.
lightyrs 2 days ago 0 replies      
Ditto the kudos on the formatting. This piece really resonated with me. As for solutions, I have none. Hopefully someone smarter and more resourceful than me will be inspired by this talk.
gone35 2 days ago 1 reply      
This festive map shows seismic hazard in Northern California, where pretty much all the large Internet companies are based, along with a zillion startups. The ones that aren't here have their headquarters in an even deadlier zone up in Cascadia. (...)

So even if you don't agree with my politics, maybe you'll agree with my geology. Let's not build a vast, distributed global network only to put everything in one place!

That slide[1] hits close to home. I'm painfully aware of how hard (and almost pointless/powerless) it is to reason about long-term geological risks, esp compared to less catastrophic and more (short-term) predictable hazards like hurricanes, tornadoes or blizzards; but from time to time I idly question the wisdom, from a civilizational point of view, of having so many concentrated, incredibly talented people living directly atop one of the most dangerous fault regions on earth[2].

But again, it's pointless to think about it as an individual, so better get back to work and keep living day by day, I guess. Wovon man nicht sprechen kann...

[1] https://static.pinboard.in/bt14/bt14.069.jpg

[2] http://peer.berkeley.edu/pdf/Senate_testimonial-8-07.pdf

bambax 2 days ago 0 replies      
Very well written, but a little unconvincing: he does a great job showing the ads he's bombarded with on Youtube are completely irrelevant to his personal situation.

Of course, it could be that advertisers are inept. That's what he implies.

But it could be, they don't have access to all the data he/we fear they do. Maybe this data doesn't even exist in the first place, or is downright unusable.

dkarapetyan 2 days ago 0 replies      
One issue is that big data is just too big for the small minds that are tasked with gaining insights from it. It is a really weird hysteria that I can't explain. Even network engineers are starting to collect every packet and archive it in some kind of distributed data store like HDFS. What insights are they going to gain from it exactly? If the goal is security then work on better network infrastructure and tools, e.g. libressl. Collecting all that data is not going to get you any closer to making better/smarter networks or allow you to fight DDoS attacks any better because the underlying network infrastructure is what makes it possible in the first place.
ChrisNorstrom 2 days ago 7 replies      
The formatting of this article itself is something worth studying. It's brilliantly seductive to read and read all of it. The pictures/slides by each paragraph were like rewards, continually luring me to the next paragraph. For the first time in a long time. I read every single word. Not skimmed.

Although I disagree with the idea of regulating how long behavioral data is saved. Not all behavioral data is sensitive. Rather we should consider fully disclosing to users either how long their data will be saved or what data has been collected on them or both. Any other regulations may be too burdensome to the startup.

=== Examples ===

His suggestion that all behavioral data be deleted after a certain period of time means every little piece of data collected must also have a timestamp. Inflating databases and costing money.

A program must be written that seeks out timestamped data ready to expire and delete it.

If the deleted data is connected with other pieces of data or reports elsewhere we're going to run into complex problems.

These obligations must be handed down from company to company during acquisitions. A company selling data about to expire will get acquired for a lot less than a company with fresh data. This may in turn cause a series of unforseen consequences in the acquisition market.

=== Solution ===

Rather than controlling and manipulating what can and cannot be done, it may be best to just create transparent policies and let the free market converse its way towards a compromise.

angersock 2 days ago 1 reply      
There's a rather hilarious portion (in an otherwise soul-crushing deck): the author is trying to figure out what this massive dragnet and mining of their information has actually gotten, and so they look at all of the ads they get served. This bring forth this gem:

"There was an ad for the new Pixies album. This was the one ad that was well targeted; I love the Pixies. I got the torrent right away. "

bowlofpetunias 2 days ago 1 reply      
Much of what the author suggests in terms of regulation already exists in most European countries, and most of it pre-dates the commercial rise of the internet.

Sure, much of the wording and enforcement is lagging behind today's reality, but the principles are clear: data about me is my data. Companies are not free to collect, collate and keep anything that they can get their hands on.

Facebook, Google et al are breaking the laws of countries they operate in on a massive scale. The backlash is being tempered by massive lobbying from those companies and the US government.

Not to mention the media propaganda (media are part of the advertising mafia), as seen in the recent wave of scaremongering bullshit about the "right to be forgotten" verdict.

twvance 1 day ago 0 replies      
Amazing post. Thank you!
sirdogealot 1 day ago 0 replies      
Just a note about the whole "buying $500 triggered the police to be alerted because of money laundering" notion...

The actual quote from the mashable article was:

>When her husband tried to buy $500 worth of Amazon gift cards with cash in order to get a stroller, a notice at the Rite Aid counter said the company had a legal obligation to report excessive transactions to the authorities.

So in reality, they made a big stink about the fact that they noticed that Rite Aid practices safe KYC laws and would report suspicious money-laundering activities to the government. As they must. Lest they expose themselves to money laundering charges as well.

That isn't to say that the clerk who sold them the $500 gift cards immediately picked up the phone as they were walking out the door and called the cops... that just means that if they notice you regularly buying $10,000+ worth of gift cards with cash only AND they just don't like the look of you in general, that they may pick up the phone and call the police.

pradeep89 2 days ago 0 replies      
> America built 75,000 kilometers of interstate highways

Liked the of use of kilometers over miles

davidhariri 2 days ago 0 replies      
I really like this essay
L_Rahman 2 days ago 1 reply      
Still reading the talk, but as an aside wanted to point out that the way the transcript is formatted with the words alongside the slides is probably the best way I've seen a talk presented in text form on the internet.
nl 2 days ago 3 replies      
It's too bad that Maciej Ceglowski (the author) is banned on HN, over some infraction I never understood.
quadrangle 2 days ago 0 replies      
This tells the truth.
quadrangle 2 days ago 0 replies      
One thing: this guy says he couldn't figure out how to block YouTube ads. Ridiculous. It was years before I learned they even had any. Adblock Plus or Adblock Edge both fully block them if you have EasyList (the default).
Pre-orders start today for Flame, the Firefox OS developer phone mozilla.org
238 points by diggan  1 day ago   128 comments top 29
soapdog 1 day ago 1 reply      
guys, this is not aimed at the general public. These are unlocked phones for developers. They have features to make it easier to simulate different memory constraints and run different versions of Firefox OS.

This is not a plan or a move or an intention of Mozilla to get into hardware making. This is just a program to empower developers to have the tools to better develop and test their apps.

valarauca1 1 day ago 4 replies      
A lot of the misgivings most developers seem to have in this thread have to do with the physical hardware specs. Which I hate to use this term but this is a side effect of "1st world privilege". FireFoxOS/Phones were designed for emerging markets [1]. In the West dropping $500+ USD on a smartphone is not uncommon (Or to sell retail phones for this price). While in 'emerging markets' like China/India/Brazil/etc. 500 dollars can be 4-6 months worth of rent [2].

[1] FireFoxOS presentation at mobile conference circa 2013

[2] numbeo.com

asadotzler 1 day ago 0 replies      
The phone cost is $145 plus S&H which is $25.

This phone has the precise set of hardware specs that Mozilla is developing Firefox OS against this year. It's more phone than some need (not everyone needs dual SIM, but it's in there) and less than others need but that's what you get with a reference device.

fred_durst 1 day ago 0 replies      
There seems to be a fair amount of comments comparing the specs of this phone to other phones etc.

To clarify, this is a reference device. Meaning that having all of the functionality, like a front facing and rear facing camera, is the primary goal. They cannot make comprises by removing features of the phone, like many lower end phones do, because the point of the phone is to test how these things work in your application. A faster phone or higher screen resolution is much less important for this device than including all of the hardware functionality a developer would be targeting with their application.

ww520 1 day ago 3 replies      
What is a good cross platform development framework and stack that works well on Flame, Android, and iOS?

Does this list work ok?

- PhoneGap/Cordova for native access- jQuery Mobile for UI widget- Bootstrap3 for responsive layout- jQuery for DOM access- Knockout for dynamic update- Toastr for non-blocking alerts- Amplify for data/storage/messaging- Underscore for general

Is html template system needed? Given that jQuery Mobile widgets are already used to build the UI.

hardwaresofton 1 day ago 2 replies      
Software-configurable RAM? Hopefully the device comes with 1GB and you can just limit your RAM to 256MB if you wanted to?
jareds 1 day ago 2 replies      
Any idea what the state of accessibility would be at the welcome screen if I ordered this phone? The last update I saw is several months old.http://www.marcozehe.de/2014/02/23/accessibility-in-firefox-...
ojii 1 day ago 2 replies      
Does anyone know why this "ships free to anywhere in the world except for Japan"? The Japanese landing page seems to only state that it'll be available soon, though I might've missed something on there as my Japanese isn't that strong yet.
rwmj 1 day ago 2 replies      
Does anyone know what ARM core is in the Snapdragon MSM8210? Is it the Cortex-A5 or the Cortex-A7? A7 would be interesting because it supports virtualization (although memory is a little tight for that).
bttf 1 day ago 3 replies      
An unlocked phone with an open OS, tailored for development. Good.
gcb0 1 day ago 2 replies      
firefox phones for devs are a scam.

i have several in the drawer. all beyond useless.

i use the emulator mostly. when i have to test multitouch or perf, i use an old-top-of-the-line-android that cost me $50ish on craigslist. why? because all the official firefox phones are useless. crappy touch screen. etc.

yeah, they say we should use the device people are using, but the point is, nobody uses them if not for firefox devs! also no hardware drivers when you want to flash some other kernel. just like with a android phone repurposed. so, why???

and if anyone thinks real people buy those, i challenge you. take a plane to mexico where the alcatel one is even advertised on billboards... and buy one. i tried. if you manage to find one at any store, i will reimburse your trip. they dont even sell it! nobody buys it.

in the end, those phones only secure a tiny margin for a manufacturer that would otherwise fail on the android ecosystem. a small royalty fee/donation for mozilla. and lots and lots of wasted time for the dev comunity having to document how to work around the annoyances and binary blob crap of yet another cheap phone.

not to mention the environmental impact of producing yet more phones that will not be used for a few years and then be disposed.

laichzeit0 1 day ago 1 reply      
Dual-sim is awesome. Is there a way to have 1 SIM be soley used for data? The reason is that here you can buy a SIM package that's only data for a lot cheaper than a voice/data combined SIM. It would be awesome for me to buy pre-paid voice for when I call people (very seldom) and use the data SIM for anything data (which I use 99% of the time). Would save me a lot of money on cellphone fees.
callahad 1 day ago 0 replies      
I'm not privy to the details, but to the best of my recollection, Mozilla's contract with T2Mobile is explicitly designed to avoid the problem of stagnant updates. Namely, they're required to "provide the the Flame with updates to each new major version of Firefox OS and a simple mechanism for switching between different release channels" for quite some time.

This is also the device that Mozilla's own employees will be standardizing on for the next year or more, so it should have a relatively long useful life.

drewda 1 day ago 2 replies      
Looks like the frequencies correspond with AT&T 3G service but not T-Mobile. Can anyone with experience with US-based GSM carries confirm?
pearjuice 1 day ago 2 replies      
Firefox OS will be dead on arrival. No apps, no OEMs on board, no innovation, HTML platform which is highly questionable and a typical developer-oriented ecosphere instead of beung user-centric.

It's nice they are trying but it's a desperate attempt to grow Mozilla beyond a company which is known for its browser. With Google Chrome becoming the de-facto web browser, Firefox hastily attempting to mirror it yet loosing market share by the day, Mozilla its future doesn't look bright. At all.

jablan 1 day ago 0 replies      
Will this phone be available through other channels? I feel very reluctant to buy it through everbuying, which looks very shady.
sleepyhead 1 day ago 0 replies      
Hope the touch works better than the GeeksPhone I have.
badman_ting 1 day ago 1 reply      
The purchasing flow is confusing as shit. I paid with PayPal and entered all my info, now I'm going through again and adding the same info again, and it's asking me for payment info? Arggggggh.

And the only reason I went with Paypal was so I wouldn't have to create an account with whatever the hell "EverBuying.com" is. Argghghghgh.

Edit: I gave up. So probably, I will be charged for this phone because I completed the PayPal payment but didn't complete the crazy-ass purchasing flow. I'm kind of blown away by how shitty this is.

JVIDEL 1 day ago 0 replies      
Knowing the emerging marketa this OS is too little too late. 3 or 2 years ago maybe, but now you got android phones with better specs going for that price, and now that the big ones like motorola are jumping in its only going to get even cheaper.

Then there's the popularity factor and the consequential app availability that makes customers go for the market leader because all their friends use that one and they are afraid of possible compatibility issues.

brianbreslin 1 day ago 0 replies      
Are any of you currently or planning on developing for Firefox OS?
maxk42 1 day ago 2 replies      
How can I tell if it will work with my network?

Does it support 4G / LTE?

polskibus 1 day ago 0 replies      
I cant find information on whether the price includes all taxes and customs if ordering to Europe. I really dont want to log into everbuying.com to ask that question though.Can one order it with a VAT-EU invoice?

A thought on the specs, it's a pity it doesn't support Bluetooth LE. Getting Flame to work with beacons would put it on the forefront of mobile development.

aet 1 day ago 0 replies      
I guess we should take it for granted that all new phones have a 0.99 probability of looking exactly like the iPhone.
callesgg 1 day ago 2 replies      
I care more about battery time than battery size.

How often do I need to plug it in to the wall.

Btw it looks cool.

timmclean 1 day ago 0 replies      
As a bonus, the website accepting pre-orders (everbuying.com) emails you your password in cleartext after registering!
ollymorgs 1 day ago 1 reply      
bluetooth 3? Is that a typo?
orkoden 1 day ago 1 reply      
It's a shame that Firefox OS is still pretty much unusable.
yarrel 1 day ago 0 replies      
With Firefox's new support for DRM this will be a killer piece of hardware!

Said no-one ever.

gfosco 1 day ago 3 replies      
Even though it's intended to be 'mid-tier' hardware, that screen is super disappointing in 2014 and, because of that, I'm out.
True Goodbye: Using TrueCrypt Is Not Secure krebsonsecurity.com
227 points by panarky  10 hours ago   117 comments top 21
abcd_f 3 hours ago 3 replies      
That's LavaBit 2.

I've been a long time TC user and if there's the trait it has it's the quality and a high degree of polish. And now looking at the diff and the screenshot of that in-app "Not secure" message, the polish is just not there. It feels like it was something that was slapped together in a rush or by someone who's not an original developer. The SF page alone is a big red flag. If you compare its nearly hysterical tone and ridiculous BitLocker advice to the tone and content of the actual app, they don't add up at all.

This leaves us with a handful of discrepancies between the last good state of the project and what's out there now. So it's either someone else's hackjob or it is original and the discrepancies are intentional. Then, factor in the .exe sig match, and it pretty much leaves only the latter option - the original devs made an absurdly non-TC-like release. The question is "why?"

AhtiK 6 hours ago 2 replies      
"BitlLocker, the proprietary disk encryption program that ships with every Windows version since Vista."

This is misleading - Windows 7 product line has Bitlocker only for Ultimate and Enterprise. Even Windows 7 Professional users cannot use Bitlocker without upgrading to Ultimate. Very unfortunate.

blueskin_ 8 hours ago 3 replies      
This seems highly suspicious, especially the recommendation of BitLocker, a product we have little to no evidence does what it says and after PRISM, have no reason to trust[2]; not to mention it being limited to a (very small subset of) Windows platforms vs. TrueCrypt's cross-platform functionality. If this was legit[1], it'd probably be directing people to one of the other TrueCrypt-like programs.

[1]The new version posted is almost certainly compromised; don't download it, or at the very least, run it in a VM on non-networked hardware you can reimage after finishing using.

[2]Edit: Forgot this before, but BitLocker is definitely completely broken as it sends your recovery key to MS anyway ( https://twitter.com/TheBlogPirate/status/471759810644283392/... ).

panarky 10 hours ago 3 replies      
"[Matthew] Green last year helped spearhead dual crowdfunding efforts to raise money for a full-scale, professional security audit of the software."

"'I think the TrueCrypt team did this,' Green said in a phone interview. 'They decided to quit and this is their signature way of doing it.'"

"Im a little worried that the fact we were doing an audit of the crypto might have made them decide to call it quits.

codeulike 6 hours ago 5 replies      
Are there any decent alternatives to TrueCrypt for Windows that aren't Bitlocker?


AhtiK 6 hours ago 1 reply      

"Sorry. This URL has been excluded from the Wayback Machine." :-)

cornholio 6 hours ago 2 replies      
Truecrypt is dead, long live ChipCrypt: a Truecrypt fork with TRESOR and scrypt built in.

TRESOR is a technique that keeps the volume key strictly in the CPU registers and not in RAM. This completely prevents RAM freezing and related attacks. A running computer that is locked cannot be trivially decrypted anymore by dumping it's RAM.

Scrypt is an advanced password derivation function that makes even trivial passwords very hard to bruteforce. A scrypt derived key is 20000 times harder to crack than the equivalent PBKDF2 derived key of the same password.

The TrueCrypt license is not GPL compatible but it allows redistribution in source form as long as the software is not called "TrueCrypt".

Who's up for it ?

neves 15 minutes ago 0 replies      
Maybe it is because Bruce Schneier uses and recomends it: https://www.schneier.com/cgi-bin/mt/mt-search.cgi?tag=TrueCr...
pling 7 hours ago 2 replies      
Well this is good for me. I currently use a TrueCyrypt encrypted exFAT volume for backups. My motivation is now to move this to an open source system (probably dm-crypt). This and RDP is the only reason I'm hanging onto windows and that's purely out of apathy. The suggestion of using BitLocker is a bit insulting (this might just be comedy value from TC though). Every other bit of software I use is portable or in a Linux VM already.

So my weekend project is now to move all my stuff to Debian.

mhogomchungu 7 hours ago 0 replies      
TrueCrypt encrypted volume format is well known and there are tools out there that can create TrueCrypt volumes and open them.

There is tcplay[1]. This project can create and open TrueCrypt volumes.

There is cryptsetup[2].This is a linux native solution for block device encryption and supports opening of TrueCrypt volumes.

The above two projects and command line based and there is a third project called zuluCrypt[3] that gives a GUI front end to the two projects.

I am not aware of any alternative solutions in windows or OSX that does support TrueCrypt encrypted format but adding support for it should not be that hard.

This maybe the end of line for TrueCrypt as a project,but its encrypted volume format may still be used as a "universal cross platform encrypted volume format".

Somebody should file a bug report in projects that deal with block device encryption in windows and OSX and ask them to support this format as i think the format should live on as its the only one that is widely used and supported.

[1] https://github.com/bwalex/tc-play

[2] https://code.google.com/p/cryptsetup/

[3] https://code.google.com/p/zulucrypt/

personalcompute 7 hours ago 0 replies      
Previous discussion from earlier today: https://news.ycombinator.com/item?id=7812133
gcv 37 minutes ago 0 replies      
Now that this party is over, does anyone know any wrappers for using gpg-zip with some of the degree of convenience of TrueCrypt at least, for the limited case of keeping directories conveniently encrypted and useable?
mhogomchungu 6 hours ago 1 reply      
Somebody who has been following TrueCrypt closely seem to think the project lost momentum and they just decided to call it quit.Their comment is on slashdot and the link is: http://it.slashdot.org/comments.pl?sid=5212985&cid=47115785
nness 8 hours ago 5 replies      
Out of curiosity, wouldn't the open-source TrueCrypt be better than the closed BitLocker? (assuming, of course, that TrueCrypt was not already compromised)
dan_bk 8 hours ago 0 replies      
Sounds like what happened to LavaBit (some sort of gov't pressure).
sekasi 5 hours ago 2 replies      
Is this a warrant canary?
ambrop7 8 hours ago 2 replies      
So what's the (Windows compatible and open source) software to transition systems to?
stefan 1 hour ago 0 replies      
Any opinion on "Tomb"? http://www.dyne.org/software/tomb/It tries to be a nice LUKS wrapper with container and key files.
bak3dj0 6 hours ago 2 replies      
Maybe the developers were Americans and they decided to bail before they get caught for exporting cryptographic software.
Eye_of_Mordor 6 hours ago 1 reply      
Perhaps TrueCrypt was an NSA scam all along, 'retiring' before they're found out? Worse still, a Russian/Chinese scam!
zaroth 8 hours ago 2 replies      
Why isn't BitLocker open source? If the new CEO wants to show he's serious about user privacy, I think opening up BitLocker and letting everyone look inside would be a great start.

One of the reasons I like iPhone is the idea that the security system and drive encryption is not hopelessly broken. It would be great to have the same level of confidence in BitLocker.

Headroom.js hide your header on scroll nillia.ms
226 points by WickyNilliams  1 day ago   93 comments top 26
bbx 1 day ago 3 replies      
FYI, this UI pattern is called "Quick Return": http://www.androiduipatterns.com/2012/08/an-emerging-ui-patt...

I had been looking for this pattern's name after having seen Chrome on Android implementing it for their navbar. I find it useful on mobile where scrolling a long distance can be laborious.

jblow 1 day ago 9 replies      
Just get rid of the damn headers. Users don't want them. They are just misguided ways of trying to raise retention, but really what they do is make your site less pleasant to use, which then makes me not want to come back later.
veesahni 1 day ago 0 replies      
From the tagline, I thought this was a joke.. since "hide your header on scroll" implies default browser behaviour (i.e. position:static)
dhawalhs 1 day ago 1 reply      
I haven't tried it out, but this is how you make it work with bootstrap 3


AlexanderZ 1 day ago 1 reply      
Great job! How about adding an option of showing the header when the users moves the cursor to the top of the window? Just like http://lyst.com are doing it.
WickyNilliams 1 day ago 3 replies      
I've previously submitted this link, but given the interest in the pattern with yesterday's article [0] I thought it appropriate to post again. Hopefully someone finds it useful. Happy to answer any and all questions

[0] https://news.ycombinator.com/item?id=7799687

keeran 1 day ago 1 reply      
When I scroll away from the top of the page it makes the header disappear, then reappear when I scroll back up to the top of the page.

Isn't that what scrolling does? :)

pyrocat 1 day ago 1 reply      
Kind of odd that if you scroll slowly the header never disappears.
benaston 1 day ago 0 replies      
Great, so having previously suffered a rash of sites that permanently took up valuable vertical screen space with fixed headers, they now will all have headers that disappear whenever you scroll down and appear when you scroll up, with slightly buggy behavior on iOS. Has anyone considered what non-technical users will think of this UX idiom?

The effect is exacerbated on mobile devices whose browser chrome follows this very same idiom (for arguably better reasons - at least it's not buggy). So you now have two "competing" user interface effects.

callinyouin 1 day ago 0 replies      
I really, really like this behavior on mobile, especially on sites that dynamically load new content as I scroll down. I honestly don't understand the harsh criticism I'm seeing in the comments here, because this really is a super functional way of giving the user easy access to navigation controls without having to scroll all the way to the top of a page. That said, I suppose I can understand criticism if this were being used in cases where there generally wasn't a lot of content to scroll through. I guess my point is, like all design decisions, it completely depends on the use case as to whether or not this is useful or functional.
filearts 1 day ago 1 reply      
Whether or not you are a fan of disappearing/reappearing headers, this is clearly a well-thought-out bit of code that will be useful to someone. The docs also appear clear and concise.

I like that it is not a jQuery plugin by default, but does provide the option. Even better (for me) is an Angular directive ready for immediate integration.

Well done and keep up the good work!

yogo 1 day ago 0 replies      
It would be nice to have it where after scrolling up it can disappear after a certain amount of time. Very useful for scrolling back up to re-read something, versus scrolling up for navigational elements.
hiphopyo 1 day ago 0 replies      
See http://ux.stackexchange.com/questions/57990/how-usable-are-b... for more.

> I admit, it's quite genius. And I bet that if Apple could, they would have patented it.

felipebueno 1 day ago 0 replies      
I don't like fixed headers at all and I dislike even more fixed headers that hide on scroll... it's too distracting and useless.

A couple of years ago, when fixed headers became "cool", I'd write scripts for Greasemonkey just to get rid of them. Today I'm too lazy for that :D.

But nice project.

asadlionpk 1 day ago 0 replies      
Facebook should implement something like this for their mobile site. When I have scrolled too deep into the newsfeed, I find that refreshing the page is a better option than trying to scroll back up.
pwenzel 1 day ago 0 replies      
Disa-pp-pp-pp-ointed by the lack of Max Headroom references on the linked site.
automatthew 1 day ago 0 replies      
Once upon a time, there was a town that had a severe rat problem. They imported a large number of cats, and soon the rats were gone.

Now the town had a cat problem. They imported a large number of dogs, and soon the rats were gone. But now they had a dog problem.

The town imported a large number of lions...

OutThisLife 1 day ago 1 reply      
What's the point of this?
ottertown 1 day ago 0 replies      
I really like this but I wish the documentation included recommended DOM structure / css styles... it's not as plug and play as the docs suggest
cvrajeesh 1 day ago 1 reply      
Completely hiding the main navigation bar - is this a UX problem?. Now I have to scroll back again to top just for seeing the navigation bar.

Minor tweak will be to allow swiping from top to show it or when user moves mouse to top.

lukasm 1 day ago 0 replies      
Here is an example with bootstrap 3 http://firestartr.co/
vitalus 1 day ago 0 replies      
Didn't test it as much in other browsers, but seemed to be buggy w/ Safari 7.0.1 on OS X - wasn't seeing the header appear again while scrolling up.
thathonkey 1 day ago 2 replies      
Didn't work in iOS Chrome or Safari (the header remains fixed at the top regardless of scroll behavior).

Cool effect for desktop but if you can get it working as a responsive solution I think it would be a lot more useful to people!

druska 1 day ago 0 replies      
I hate the design of disappearing headers.
filipedeschamps 1 day ago 0 replies      
This is why I love open source. Amazing job, congratulations.
alttab 1 day ago 2 replies      
Why an entire js dependency for what can be accomplished with 10 lines of jquery?
You shouldnt use a spreadsheet for important work lemire.me
224 points by ot  2 days ago   188 comments top 51
seanstickle 2 days ago 5 replies      
Felienne Hermans has done some very interesting work examining how to refactor spreadsheets. (http://www.felienne.com/publications)

Her PhD dissertation on the subject "Analyzing and Visualizing Spreadsheets" (http://www.felienne.com/archives/2534) is particularly detailed.

Much though some people might think that spreadsheets are not for serious work, they're being used for that right now, and that is unlikely to change. Better to figure out how to improve the tooling, rather than undertake the quixotic quest to get business people to abandon their perfectly viable programming tool.

There is an excellent video with her on InfoQ, explaining her spreadsheet formula refactoring tool Bumblebee (and the F# code behind it): http://www.infoq.com/presentations/spreadsheet-refactoring

panarky 2 days ago 4 replies      
JP Morgan's $6.2 billion "London Whale" trading loss:

  An unnamed overworked staffer in London copied and pasted the  wrong figures into an Excel spreadsheet, throwing the firm's  risk models out of whack.

Spreadsheet errors are reaching epidemic proportions globally. What we need is a transnational organization to contain the threat with research, best practices and conferences!


Love their compendium of horror stories. Did you know the US Securities and Exchange Commission has weak accounting because they rely on spreadsheets?


  As we have reported in prior audits, SEC's general ledger system  and certain software applications and configurations are not  designed to provide the accurate, complete, and timely  transaction-level data needed to accumulate and readily report  reliable financial information...  Many of the agencys financial reporting processes are still  manual in nature and reliant on spreadsheets and databases to both  initiate transactions and perform key control functions.

piokoch 2 days ago 0 replies      
Very often Excel is a "programmer in a hostile environment" last hope. By programmer I mean someone who works in sales, bussiness analysis, finances, etc. but knows how to write programs.

In a typical non-IT company someone who needs to automate something has to wait for IT department to purchase software which would do the task. And very often it turns out that in software purchase process the purpose of that software is lost, requirments are comming from a wrong person and at the end that software is pretty useless.

It is not that someone can just download Python or Ruby or Java and start coding. No, no, company IT would never allow for this because they fear about security, patents, licences, etc. (and it does not matter that these doubts are not justified, very often it is just forbidden and that's all).

But chances are that such company has MS Office. Excel is just an interface to a better or worst programming languge. That's just better then nothing.

pinaceae 2 days ago 4 replies      
Wrong end of the correlation/causation pattern.

Human beings make mistakes.

A lot of humans use Excel.

Hence a lot of errors in Excel.

Would all those humans program their logic in Python - we'd have a lot of wrong calculations in Python code and an article stating to not use Python.

thatthatis 1 day ago 2 replies      
Spreadsheets ARE software, anyone arguing differently has insufficient experience in at least one of the fields to have an informed opinion. I've worked professionally in both, and the argument in this article is bunk.

Spreadsheets are a different kind of software with advantages and disadvantages compared to compiled/scripted languages.

How do you treat a spreadsheet as real software:

* One operation per cell

* Inputs, processing, and display separated into distinct sheets

* Every formula checked twice (or three times)

* Write row and column check sums

* Treat row and column locking ($F4 or F$4) as the footguns they are.

* Name constants

Testing spreadsheets requires a different set of tools and behaviors, but to say that "quick and dirty" spreadsheets are less durable than "well engineered software" is really to say that "quick and dirty analysis" is less durable than "well engineered analysis."

Spreadsheets are remarkably easy to learn to use and to use correctly compared to scripted/compiled software. Not the least benefit being that they force abstraction in a way that is extremely intuitive to most people -- spacial context with the labels and state simultaneously displayed leads to much much lower context loading cost (for the human brain) than keeping all the abstract variables in your head when writing code.

Mr. Lemire seems to treat the tool as a toy then claim it is only good as a toy. Flub and not Flub languages alike can be run quite easily without unit tests, in which case they are no more durable to errors than excel (and arguably less as they don't display intermediate state).

jasode 2 days ago 5 replies      
(Since the blog's website is not responding, I had to read the article from google's cache[1])

The author has well-intentioned advice about avoiding MS Excel but it's misguided. The criticism fails to accommodate the reason why MS Excel was used. MS Excel is the lingua franca of non-programmers. Thomas Piketty is a trained economist, not a programmer. It's not realistic to expect Mr. Piketty to set aside months (years) of his time to master C++/Python/Scala/Fortran/etc to avoid using Excel. It's more realistic for an economist to use MS Excel to back his thesis than for a Python programmer to write a bestselling book about economics.

If we then tweak the advice to be, "if Piketty is not a programmer, he should have hired a compsci graduate student as a programmer", well... you've only shifted the (human source of) errors somewhere else. Plenty of examples where software not written in Excel had fatal errors: Therac-25[2], Mars Climate Orbiter[3]

Lastly, some of Piketty's errors were transcription errors. In other words, GIGO (Garbage In Garbage Out). Therefore, using Python while there were GIGO issues isn't going to solve the data problem.




filearts 2 days ago 1 reply      
The beauty of Excel is its ability to do many things 'well enough' in a way that is accessible to a lot of people.

My dad put together his architectural plans for a new house in Excel because it is a tool with which he felt comfortable. Some people do calendars in Excel while others try and recreate a full General Ledger system. Because it works well enough, people don't see the need to invest the time in learning a new application and instead invest their time in pushing the limits of the tool.

As someone who builds financial models and who audits those built by others (and is a competent programmer by night), I think that the key source of risk in Excel models is that the tool has no knowledge of intentions. What I mean by this is that if I'm building a cash flow model or if I'm doing a pixel drawing, Excel doesn't care; as users, we are forced to create our own structure and build in our own checks and balances. If I make a balance sheet in Excel that doesn't balance, Clippy won't show up and let me know that things are broken.

I've often thought that it would be really amazing if a semantic layer could be built that uses Excel as the calculation backend. This sort of tool could understand the sorts of concepts of financial statements, projections, time-series and other concepts that often show up in financial models. It would have a built-in understanding of the domain-specific models that would let it leverage that understanding to reduce risk in the building of financial models. If I told it that I wanted to add a revenue stream that is tied to the output of production, the tool would connect the dots between the production schedule, any inflation and/or foreign exchange assumptions and would feed changes in working capital according to the associated collection terms, etc...

Before I get too carried away, the point is that this type of semantic layer would be much better at preventing and detecting anomalies and potential errors in the development of a high-risk financial model. Does anyone have experience with any such tools?

barrkel 2 days ago 1 reply      
Billions are made in the finance industry from Excel spreadsheets. Whole funds have been run from a single spreadsheet making buy / sell calculations, with a whole IT infrastructure designed to automate the execution of that single spreadsheet file.

Sure, it may be stupid, but it's democratized programming. That's why spreadsheets work.

eggoa 2 days ago 2 replies      
Yet spreadsheets do not allow testing.

This is an absurd claim. Any good spreadsheet will contain multiple self-tests, either in live formulas or via macros.

notacoward 2 days ago 1 reply      
Also, you shouldn't use an unstable-at-load web server for important writing.
jimmcslim 2 days ago 3 replies      
There have been a number of efforts to build a better spreadsheet. One that I was quite familiar with (I bought a license!) was Resolver One [1] that was trying to build a spreadsheet with support for Python at the cell-level. Unfortunately it didn't take off, and the team moved onto Python Anywhere [2]. Excel clearly has strong network effects!

I loved this article [3] from 2008, that argues that Excel and VBA were responsible for the credit crunch, that later possibly lead to Reinhart/Rogoff's flawed research using Excel... its spreadsheets all the way down!

[1] http://www.resolversystems.com/products/resolver-one/ but link appears to be dead[2] https://www.pythonanywhere.com[3] http://www.theregister.co.uk/2008/01/21/vba_office_victory/

Pxtl 2 days ago 3 replies      
Honestly, I don't have a problem with the fact that Excel is used in so many cases - programming for non-programmers is important.

My problem is that Excel is terrible. Its formula system is painful and the formulas are invisible.

It's not that a light user DB/spreadsheet program is a bad idea, it's that Excel made a lot of terrible decisions 20 years ago and now they're married to them.

danielweber 2 days ago 3 replies      
It makes programmers' heads spin, but the business world is totally used to doing all its stuff in Excel.

If Excel code is hard to audit, that's means someone could write a tool to show all the calculations being performed to get to a result. I'm giving this idea away for free because I'm pretty sure someone has already done it.

Writing a new program from scratch has issues, too.

jackbravo 1 day ago 0 replies      
The errors are not produced by using excel, according at lest to the financial times. But to manipulation of data.


Other people have praised the statistical work done on the book:

- http://www.nytimes.com/2014/03/24/opinion/krugman-wealth-ove...- http://www.telegraph.co.uk/culture/books/bookreviews/1081616...

So given the controversial nature of the subject, I wonder if we could point to an objective analysis of the work.

wikwocket 1 day ago 1 reply      
Let me get this straight. It is hard to review, test and maintain code in Excel workbooks, so we should instead write custom software for these tasks?!

Custom software is, to a non-hacker, the definition of "difficult to review, test, and maintain." You may as well suggest they input their data into a mystery box with some pixies inside who will crunch the numbers for them. :)

Remember, Excel (and spreadsheets in general) ARE custom software, written for this exact need, and with decades of polish and bug-fixing so that even non-wizards can use them.

I agree that we should not fly the space shuttle from an Excel macro. But I feel that suggesting economists should write software instead of use spreadsheets is not only throwing out the baby with the bathwater, but also throwing out the bathtub and the whole bathroom too. Specialty tools exist for this very use case. Let's discuss how to improve them instead of indulging our hacker instinct and reinventing a hammer every time we need to drive a nail.

mgkimsal 1 day ago 0 replies      
Biggest issue I've had with excel and spreadsheets in general has been "put this on the web". People spend hours/days/weeks building a spreadsheet tool that does all their calculations, then say "put this on the web" to me, and I can't do it. Not in their budget. To them, it should just be some sort of magic, but... I don't know of tools to just 'put' something like that on the web. They want people to be able to interact with it, but 'not download it'. They won't use Google spreadsheets or any office365 online stuff.

Maybe there are some tools that can take an xlsx file and make it secure, interactive and loggable and are also free (or nearly so?) Am I missing something?

ghshephard 2 days ago 1 reply      
I'll buy that - the fact that the pretty essential vlookup function defaults to guessing when it can't find a value, rather than defaulting to "Couldn't find the value you were looking to" - has been the source of endless errors.

Explicit really reduces the number of errors you run into - there's a lot of implicit going on in a spreadsheet.

laurencei 1 day ago 0 replies      
I'm pretty sure patio11 says on one of his blogs that anywhere anyone is using an excel file for important work is a SaaS waiting to be born.

edit: found it:

"My favorite symptom of an unmet need for software is any Excel spreadsheet which is ever updated by one employee, sent to a second employee, updated, and then sent back. Every time that happens a SaaS angel gets its wings."


opium_tea 2 days ago 1 reply      
In my experience most civil engineering organisations use spreadsheets for the majority of design calculations. Some large organisations even still insist on engineers writing out calcs by hand. For example, a calculation that determines whether or not a retaining wall is of sufficient size more often than not will be completed in excel. Ditto with the calculation that checks the weight bearing capability of a column or beam in a large building.

Bespoke tools will be bought for tasks too complex or important for excel - finite element analysis, problems involving non-linear springs etc. Some time-consuming, repetitive tasks may also be deemed worthy of more automated tools, but on the whole the engineering industry is very much in the dark ages when it comes to modern software approaches. I often wonder what you'd end up with if you introduced a team of computer scientists into a civil/structural engineering company and told them to assist with analysis. I imagine you'd get some pretty innovative approaches to concept screening/design/cost-optimising etc.

kubiiii 2 days ago 0 replies      
Maybe the problem with Excel is that errors are more likely to stay under the radar. You can refer to the wrong cell, extend formulas with relative reference where it should be absolute (or the opposite) whithout noticing. When programming logical errors will more often lead to fatal errors upon running the program.

If anything, it's more a matter of using Excel correctly. Tools like slate for excel make it easier to audit spreadsheet especially other people's.

DanBC 1 day ago 0 replies      
People here don't seem to inderstand wuite why people use spreadsheets.

I knew someone who ised the spreadsheet supplied with MS Works (a truly hateful piece of software) to create fax cover sheets and notice signs and printed letters.

The spreadsheet was also used to creat Bills of material for electronic subcontracting. These would be printed out and then only the paper copy was relevant. (This worked better than you might think - that paperwork system had been refined over years and all the kinks ironed out. Everyone knew if a part had been ordered, arrived, booked in, kitted, issued to the shop floor, paid for by us and paid for as a final product by the customer. Moving from that paperwork system to sage line 100 was painful and produced a lot of confusion and kludges.

So, people like spreadsheets because they can get stuff done. To you it might seem like they're hammering in nails with the handle of a screwdriver, but the answer is to make better documentation and better software.

(Also I see people using screwdrivers and other handtools and I wonder why noone ever told them how to do it properly.)

sitkack 1 day ago 0 replies      
The problem with spreadsheets to counter was Chris Granger is saying, is that they are NOT observable from a software maintenance perspective, the code is invisible but the entire heap and the intermediate values are visible.

I cannot easily swap out one set of data for another, making it hard to confirm my models are running correctly.

How do I diff a spreadsheet?

How do I refactor a spreadsheet?

chrisBob 2 days ago 0 replies      
Error prone? I haven't found an IDE yet with syntax highlighting as nice as Excel's when I am punching in a formula that references a few cells.
felienne 23 hours ago 0 replies      
I wrote an answer to this on my blog http://www.felienne.com/archives/3355

and @seansickle Thanks for linking to my stuff!

rurban 18 hours ago 0 replies      
Same problem for any graphical programming environment which doesn't provide proper software tools, like diff's for updates, tests, coverage, debugging.But nevertheless they are used and recommended very successfully.

Matlab Simulink is a very similar environment used professionally to a much higher degree.There are extensions in some toolbox for graphical diffs, but who uses it? Who can review the diffs in a version control system?

And those systems are pretty hard to debug also. In a 10Khz loop you cannot step through or set breakpoints and hardly do printf debugging.

endlessvoid94 1 day ago 1 reply      
This is all fine, but he doesn't suggest an alternative. Which, of course, there aren't any. Which is the reason it's a problem.
habosa 1 day ago 0 replies      
I think tools like MATLAB could bridge the gap between spreadsheets and general-purpose programming/data analysis. It has the huge standard library Excel users want, a REPL for prototyping, visual data inspection, and the ability to very quickly create charts and figures. The scripts are also easy to share and it doesn't involve use of the command line unless you want it to.

Anyone want to teach "MATLAB for Bankers"?

bjoerns 1 day ago 1 reply      
"The fact that they use spreadsheets suggests that they spend very little time worrying about accuracy." I don't get it. Why does the fact that a person uses a particular piece of software suggest that they don't care about accuracy? Does this mean that just because I use R or Python I worry more about accuracy? Really? I think it has more to do with loss of control - real developers hate Excel because it gives business people something they can work with straight away. Every time there's a bug which could remotely be related to spreadsheets, people start another wave of Excel-hate. As if this was entirely impossible in a real programming language. Don't get me wrong, spreadsheets are not perfect by any means. But neither is anything else in this world. It purely comes down to choosing the most suited tool for a given problem. And in Piketty's case there's nothing wrong with choosing Excel.
mathattack 20 hours ago 0 replies      
What's scary here is how much of Finance is based on Excel. Tons and tons of spreadsheets. Pretty much every bank's risk measurements go through a spreadsheet at some point. So do most trades. High frequency may get executed in C++, but somewhere along the way it gets aggregated in Excel.

The only thing worse than being able to see all these convoluted spreadsheets, is not being able to see the code behind non-spreadsheet systems.

polskibus 1 day ago 0 replies      
" but I will not use Microsoft Excel to run a bank "

obviously you never worked in a big bank. Most traders use Excel a lot, if not in every moment of their work. It depends on the bank of course but in some banks even the trades are made from Excel spreadsheets.

ganeumann 1 day ago 0 replies      
Although I agree with the author, using Piketty as the example seems counter to his argument: the FT found the errors in the spreadsheet in a few weeks. They were obviously not very difficult to find. Sounds like Piketty's problem was a lack of peer-review, not the tools he used.
dccoolgai 2 days ago 1 reply      
Data in arrays, exports to CSV, facile API... what's not to love?
n00b101 1 day ago 1 reply      
I've worked for many large financial institutions as a quant and am intimately familiar with use of spreadsheets in critical functions. I believe this is a multi-billion dollar opportunity. If someone is interested in start-up ventures in this space, I would be very interested in discussing further.
neotrinity 2 days ago 1 reply      
having worked for Investment Banking clients I can see what the author intended to address.

I have seen a lot of abuse/ over use of excel/VBA

I once had to write CRUD front-end with Excel/VBA activeX components retrieving data from Sybase / SQL Server databases.

Which could have been easily engineered as a simple web-app. "But NO .. IT HAD TO BE A FUCKING SPREADSHEET"

davidgerard 2 days ago 0 replies      
Pretty much nobody will be getting right onto fixing this one, you can rest assured.

Those millions and billions of pounds and dollars and euros swishing back and forth in the financial centres? Yeah, Excel macros. BE AFRAID.

rlvesco7 1 day ago 1 reply      
While spreadsheets are sub-optimal, the work was OPEN so people could find those bugs. We need to stop beating scientists who share their data because currently there is little incentive for them to do so.

Most scientists do not make their code and resources easily available. I'd prefer an open excel sheet to a closed python analysis which is only slightly less likely to be wrong.

ianamartin 2 days ago 0 replies      
Meh, use the right tool for the right job. Sometimes that tool is a spreadsheet. My biggest complaint about Excel is that it fails gracefully when I would prefer that it pitch a fit.
kristianp 1 day ago 0 replies      
Interesting that the article on wealth concentration (linked from the article), doesn't mention Piketty (yet). It needs some work.


catwork 1 day ago 0 replies      
The problem with spreadsheets is not a simple issue of good vs. bad. Spreadsheets have an extremely flexible and well accepted if not intuitive interface. The problem is that they do not provide visibility into what processing is occurring, require a lot of error-prone manual manipulation, and are difficult to audit. As such, they are not really designed for testing and disciplined business processes that ensure accuracy and data integrity. You can't have complete flexibility as well as rigid controls.

One solution is to recognize when a given spreadsheets usage has increased to a point where it - or some portion of its functionality - would be better embedded in an application. Another is to have some users adopt a environment/language like R which addresses the short-comings listed above at the expense of being more complicated and less user-friendly. But there is no simple solution that is going to result in spreadsheets disappearing from use.

nilsimsa 1 day ago 0 replies      
We use a spreadsheet to do gantt charts at work. Although Microsoft project is available, not everyone has installed it or knows how to use it. Everyone knows how to do basic Microsoft Excel. These schedules are only to a week granularity so we use one column for each week and each row becomes a task.
pronoiac 1 day ago 0 replies      
I've done a bit of work building a complex Excel spreadsheet, because that was the job - and what I wanted afterwards was an automated way to turn it into a Python script. Collaborating in Excel is tricky - it was a large enough spreadsheet that 32-bit Excel would sometimes crash, and version tracking was entirely manual.
bhartzer 2 days ago 1 reply      
Excel can only handle a certain amount of records. I've personally found it hard to deal with more than 100,000 rows in Excel.
_pmf_ 2 days ago 1 reply      
A thought experiment: is it advisable to save mission critical, structured information as a loose collection of schemaless text files?

If it is not advisable, why is it accepted for software engineering professionals to manage their source code this way?

cratermoon 1 day ago 0 replies      
Bahaha. I know of multi-million complex international 3-party deals in the oil and gas business that were worked out on a spreadsheet. Insurance actuaries I know of refuse to move away from their spreadsheets that do business-critical risk table calculations.

It's idiocy, but I've seen the poor spreadsheet program warped into even worse uses, but not for business-critical stuff.

eddyparkinson 1 day ago 1 reply      
The process NOT the tool.

Yes spreadsheets have errors, but the only method I know of that is able to get error rates down to near zero is due process. There are good processes that reduce error rates to near zero, but there are no tools that reduce error rates to near zero. The problem is the process, not the tool.

bhewes 1 day ago 0 replies      
I look forward to the day when F# is a first class citizen in Excel. That will make my life much easier.
brianbarker 1 day ago 0 replies      
TLDR: Use the right tool for the right job.
joe_the_user 1 day ago 1 reply      
Just a default note that the whole "he got stuff wrong" claim itself might not stand up to scrutiny.


Edit:Also regarding the Rogoff data. Sure, those findings really were crap but surprise, surprise, it was crap that policy makers were oh so eager to hear. One might blame the falsity on the dumb use of spreadsheet but it seems more likely it was a case of "let's fudge data in a crap fashion till we come up with what people want to hear". Then when someone points out how it's crap, we always blame the spreadsheets.

mantrax5 1 day ago 0 replies      
We've done business with pen and paper for thousands of years.

I think we can handle spreadsheets. While I'm a programmer and often find it easy to whip up a program to do what many would do in a spreadsheet, I don't have the arrogance to tell people to not use spreadsheets for serious work.

On the contrary, I encourage it. It's a wonderful tool, and, in the end, superior to pen and paper.

pasbesoin 1 day ago 0 replies      
I've observed disasters created in spreadsheets. I've also observed -- and occasionally created -- robust models and calculations.

One flipside is that, if you know what you're doing, it's very easy to created orthogonal calculations and comparisons in order to check your work. And, if something doesn't compare or look right, to track back step by step and through all the precedents to find the fault(s).

Databases can also create and hide problems, particularly if they are not understood and/or designed and set up properly. And some problems thusly created can be rather opaque, particularly to those without a good understanding of or access to the underlying design and the principles upon which it rests.

As with many things, ultimately I found that the problems lay not with spreadsheets, per se, but with the people using them and with the organizations that tasked those people without consideration for their capabilities (and limits thereof) and without adequate resources to do the job right.

Personally, there has been a time or three where -- in significant measure due to such resource constraints -- I would have been sunk without the flexibility that a spreadsheet -- often in combination with some programming and database work -- provided me. For example, I could quickly and programmatically deal with the 95% that was clean enough, and then manually go through and figure out and adjust the crap.

Ideal? Perhaps not. But then, "business" seldom is. (Nor "life", for that matter.)

Mark Russinovich, Microsoft Critic, Is Now Building Azure wired.com
221 points by omnibrain  2 days ago   113 comments top 25
AaronFriel 1 day ago 6 replies      
There are a handful of people worth watching at Microsoft conferences - no matter what they're doing. My list is:

* Anders Hejlsberg

* Mark Russinovich

* Scott Hanselman

They have the clout and the job security to speak their mind - and they do. They all work on neat projects and are interested in talking about the internals. I saw Mark at Build this year and his talk was about the "fails" of Azure. It was an honest breakdown of how they've had failures that have taken down customers, taken down Microsoft services, and hurt the reputation of Azure.

I've followed Mark's blog since before he became a Technical Fellow at Microsoft, and he deserved it, no doubt. Very few people could write or speak with such precision about the internals of Microsoft kit. His interviews on Channel9 are all fascinating, before Azure he did work on the NT Kernel (and who knows what else) and he spoke candidly about dealing with issues scaling up the operating system. He has given interviews solely about removing global locks from the kernel, because that's his domain and he's good at it. If that reminded me of anyone else, it would be Linus Torvalds and his intimate knowledge of the Linux kernel.

ryanackley 1 day ago 3 replies      
I feel like this article mischaracterizes sysinternals as something of a Microsoft critic and watchdog which just wasn't the case. They were more like a valued and vital member of the Microsoft ecosystem.

If you did development on a Windows machine in the last 20 years, you probably downloaded a sysinternals tool at one point. Many Microsoft KB articles pointed to their tools and articles and when Microsoft announced their acquisition, most people were like "That makes sense".

Touche 2 days ago 6 replies      
> I ranted at some of the architects when I was at Microsoft. They were constraining the sorts of things you could do, Brown told us in 2012. Microsoft likes to do a really big up-front design, where they define the physics of a new universe. They birth this new universe, and they say: This is how you do itinstead of starting out with something simple and letting people show them how it should be done.

I really hope this advice is taken by others, particularly the Windows team. Powershell is a golden example of this. Great idea, piping around objects instead of text, but wait, they must be .NET objects. So the entirety of the language community cannot participate other than Microsoft languages.

I'm hoping they revitalize the command line taking this advice, start with something simple and let others build on top of it.

GFischer 2 days ago 1 reply      
Mark Russinovich is the author of the Sysinternals tools, which have long been essential utilities for troubleshooting Microsoft environments.

His blog has some pretty good reads for anyone that wants an in-depth view of Microsoft products:


weinzierl 1 day ago 0 replies      
If I remember correctly then Mark Russinovich is an Azure architect since at least 2011 and I think he had a leading role even back then. He is with Microsoft since when Sysinternals was bought in 2006.

A little off topic, but if you ever wondered what all those numbers shown by Task Manager really mean, Mark did a video[1] that really explains it well.

[1] http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/WCL...

timthorn 2 days ago 3 replies      
> Cloud computing was invented by Amazon

That's a bit of a journalistic stretch.

akandiah 2 days ago 2 replies      
I really like him for his contribution towards creating the Sysinternals set of utilities. I'm surprised that Windows doesn't include them by default nowadays.
stpe 2 days ago 0 replies      
For background, this is Mark Russinovich's original blog post from 2006 about Microsoft acquisition of Sysinternals/Winternals.


"Im joining Microsoft as a technical fellow in the Platform and Services Division, which is the division that includes the Core Operating Systems Division, Windows Client and Windows Live, and Windows Server and Tools. Ill therefore be working on challenging projects that span the entire Windows product line and directly influence subsequent generations of the most important operating system on the planet. From security to virtualization to performance to a more manageable application model, theres no end of interesting areas to explore and innovate."

kubov 2 days ago 1 reply      
I recommend watching "Case of the unexplained". Mark is showing practical examples of using sysinternals tools, it really gives a glimpse of how skilled he is.


jessriedel 2 days ago 3 replies      
I could use a summary.

(New idea for facebook: allow users to submit abstracts/summaries of articles, and show me the one written by someone least removed from me by friendships.)

lnanek2 2 days ago 1 reply      
I definitely found Sysinternals useful, and I was impressed when I saw Azure with easy to run Linux images way back when. I didn't realize they are becoming a better player. Props to them for hiring the guy.
pdknsk 1 day ago 0 replies      
> So hes now working to merge the platform service and the infrastructure service, giving people the power to run any software while still ensuring this software operates in an automatic way. We want to blend the two worlds, he says.

That sounds very much like App Engine Managed VMs.


dang 1 day ago 0 replies      
Can anyone please suggest a more neutral, less baity title?

Edit: No takers? Ok, I'll try to come up with one.

krmmalik 1 day ago 0 replies      
I don't know how closely Nadella and Russinovich are working, but all being well this could be the start of a new collaboration and wave of dominance not much unlike the Jobs-Ive duo. For new product development that is, not for aesthetic design or hardware brilliance.

I had been following Mark for quite some time in the early 2000s and was a big fan of his tools but hadn't seen him speak or anything like that. He then did talk on work he was going for the next Microsoft OS, which at the time was Windows 7. His talk was easily the best talk that day. He was confident, knew his subject and was passionate about what he was doing. No one else that day was as authentic and enthusiastic as he was. I'm not sure how many people in that particular audience recognised his drive and talent though.

I'm glad to see him written up about and if he's a big part of driving Microsoft into the future, then Microsoft could very well become exciting and relevant again.

euroclydon 1 day ago 0 replies      
I find it strange that Wired would spend several paragraphs describing standard software licensing practices as a "fraud".
ed_blackburn 1 day ago 0 replies      
Interested to read the comments about IaaS and re-visiting PaaS. I expect PaaS services to be the differentiator that make people ship their new open source .NET vNext stack to Azure / Microsoft servers as opposed to alternative clouds / hosts. Seamless scaling of web servers, persistence stores, monitoring, analytics etc...
ww520 1 day ago 0 replies      
He's a very smart man, a true hacker in the technical sense. His set of free tools revealed amazing details about Windows internal. Those have helped me tremendously back in the days when I work on Windows kernel internals as an outsider. Thanks to Mark.
bashmohandes 1 day ago 0 replies      
As someone who worked for Microsoft for years (left few years back), everybody in Microsoft criticize Microsoft, there is no red lines to cross.The bad things usually come from the fanboys of Microsoft inside Microsoft, especially if one of them is guarding a pretty strategic area, and the good thing is, these people have been leaving (or asked to leave) for quite some time now, the likes of Steve Ballmer & Sinofsky, while other super geeks like Satya Nadella, Scott Guthrie, Qi Lu are taking over.
mh_yam 2 days ago 0 replies      
It was interesting to find out who the people behind Sysinternals were.

The article, though, has an embarrassing number of typos...

curiousDog 1 day ago 0 replies      
He also auctions rides in his Ferrari 458 for charity!
Zigurd 2 days ago 1 reply      
Without an attractive, desirable suite of cloud services, their endpoint devices and OSs are going nowhere.

WITH world-class cloud services, Microsoft could derive revenue from Apple and Android users.

It appears that Microsoft's biggest problem was egos. People wanted to "leave their mark" rather than play to strengths and achieve the possible. Microsoft could readily be 3X bigger if they focus on what they are good at and on the customers most likely to welcome Microsoft products.

wnevets 2 days ago 0 replies      
his Sysinternals stuff was pretty solid.
malkia 1 day ago 0 replies      
procmon/procexp are my power-tools. Thank you Mr.Russinovich.
mgleason_3 1 day ago 0 replies      
616c 1 day ago 1 reply      
Well, those Sysinternals tools were open source before MSFT acquired them.

If you want to see the magic before MSFT force it behind the wall, here you go.


And fuck you, Microsoft, and long live Russinovich. Could not have done without them in sysadmin work, open or closed.

Canada's Pitch to Tech Entrepreneur: We'll Pay 80% of Your Salaries wsj.com
205 points by gabbo  1 day ago   167 comments top 18
CoolGuySteve 1 day ago 18 replies      
One of the worst things about tech in Canada is that the salaries are ridiculously low compared to the US. I made 2-3x as much by moving to California and then another integer coefficient greater than one when I moved to New York.

But really, I want to say this: as a Canadian, I find that image of poutine extremely offensive. What is that yellow stuff on top, Curry? Are those even proper cheese curds? They're not melted. Is that scallion?

How can this article be trusted when their choice of stock photo is so wrong I question if they've ever even had the dish?

brennanm 1 day ago 6 replies      
A lot of the talk is on SRED credits. SRED is a large part of the credit program for startups in Canada. Though it's not as simple as "Canada pays 80% of your salaries"

You can get up to (off the top of my head) 75% of salaries paid back on hours worked "advancing technology". That means it's only for true R&D. That means UI, business logic, API, App anything, expenses, costs, etc... don't count. It's only for when you embark on a project that truly advances the worlds state of technology where you can really reap the benefits of SRED.

Most startups, as sad as it may be, don't truly advance technology. A lot create value, yes, but advance technology? not really. Certainly not all year. So they'll only get 75% of salaries paid for the hours they worked on advancing technology.

You'll get that back at the end of the year as one lump sum. It's awesome. However, it goes to the company and the company has to have already funded the salaries -- it wont fund salaries, it will reimburse them.

On top of that the system is so hard to navigate that you'll end up requiring a consultant to navigate it. They'll take a cut, between 10-20%, of the return.

It's not as simple as the article states, and our poutine doesn't look like that.

hluska 1 day ago 1 reply      
This article is light on facts (which is surprising to see in the wsj). This program is called Scientific Research and Experimental Development Tax Incentive Program. And, qualifying for a full SR&ED isn't as easy as they make it sound. To learn more, visit:


VonGuard 1 day ago 2 replies      
Canada was already doing this for the games industry, though not at 80%. It worked. Look at all the studios in Montreal. Perhaps it could work again for the startup culture. It's cold enough up there in the winter that going outside is horrible, so why not stay inside and code!
pugsawakening 1 day ago 10 replies      
I'm currently a beneficiary of SRED in a startup context in Canada.

The first thing to note is that it doesn't solve many major problems. The lack of development talent is the biggest one; trying to get someone to move from California to Canada isn't something that's solved as simply as offering more money. And in my experience (as a recent graduate), the talent that would have studied computer science or has an interest in programming moves onto "safer" education and career options (in the local context) - usually engineering or commerce/finance.

There's simply a lack of talent, or more realistically, a lack of talent with no better options.

The money here is being used to attempt to make up for the extreme economies of scale that places like Silicon Valley have. It's not enough to make Canada a competitive place to start a startup, really, but it may have some effect on the total amount of expatriation by talented individuals.

kelvin0 1 day ago 1 reply      
"The downside is a more European attitude toward work less intense, less ambitious, more likely to have wine with lunch, Mr. Adelman says"

As a Montrealer and a Sotware Engineer having worked at various size companies in this city, I can say I've NEVER seen my collegues have wine at lunch. Working in video game industry and sleeping at the office at crunch time (back in the days) I couldn't say my collegues or I 'lacked' the famed Silicon Valley work ethos ... This article is fraught with stereotypes and coated with a few fragment of facts ...

gotrecruit 1 day ago 4 replies      
I'm moving to Vancouver, BC soon to found a startup, so it's good to hear this. But from comments here, i'm hearing a lot of comments pertaining to Toronto and Waterloo region, but not much about Vancouver or BC in general. Why is that? Is Vancouver/BC not a good place for startups? Am I heading in the wrong direction? I'm still in a position to switch back to Toronto if necessary, so if someone can enlighten me that would be greatly appreciated.
jgh 1 day ago 1 reply      
The kill or be killed attitude they mention in this article is interesting because I almost immediately noticed the difference when moving from Canada to California. It's a different animal, that's for sure.
oldspiceman 1 day ago 1 reply      
1. Is it this? http://www.cra-arc.gc.ca/txcrdt/sred-rsde/menu-eng.html

2. If I were to start a new company, can I use this rebate when paying myself?

xux 1 day ago 1 reply      
So... what's the catch? Sounds too good to be true. Can anyone think why they would do that?

Can I just move there and get the benefit?

sxcurry 23 hours ago 1 reply      
A caution if you're considering Quebec. You might be caught off guard by the draconian French language laws, and restrictions on where you can send your children to school. (Ex-Quebecer here
arecurrence 1 day ago 0 replies      
We're talking about a program that dates back to 1944 as if it's some new idea...
myth_drannon 1 day ago 2 replies      
Although I worked for several startups that benefited from SRED credits, I always found the system appalling and prefer the way it works in US with VCs.No government should take hard working folks's money and give them to white middle-upper class, well educated founders that will possibly just get wealthy even more and the class division cycle will continue.I would bet if you pay this money directly to the engineers themselves they will create much more value.

Anyways I found that writing everyday what I did in a way it looks more as a research just so SRED accountants don't question the company, as extremely annoying to my day flow.

slajax 1 day ago 0 replies      
My co-founder was one of the first 3 people accepted to Canada from the US via the Startup Visa program (I'm Canadian, made him move) - We're fully realizing the benefits of operating in Canada as a CCPC. This article doesn't even touch on how much is actually going on here. Not only was the cover photo offensive, I question if they even researched the topic because they barely touched on IRAP which is just as beneficial as SRED.

Talk to any founder from Canada and you'll likely get more reliable info then was in this article. The compelling reasons to start a company here are many and they are no secret.

perfunctory 1 day ago 0 replies      
Do I get it right? I set up a startup. Declare my own salary to be $100. Canadian gov pays me $80. I take $20 of that amount and pay it to myself as the remainder. Sounds like basic income.
amscanne 1 day ago 0 replies      
Perhaps he used a technique known as "fraud".

It sucks when programs like this are abused.

api 1 day ago 1 reply      
It'll be interesting to see how well this works. Silicon Valley did not pop into existence from nowhere.


general_failure 1 day ago 1 reply      
I don't understand why all countries require startups to have investment. For one, most tech start ups don't need significant investment and can be boostrap. The average 30 year old has enough saving to get by for a year or two without any investment. I feel require investment is really a cruft of the past and shouldn't be a necessity for visas.
Massimo Vignelli, 1931-2014 creativereview.co.uk
190 points by mortenjorck  1 day ago   16 comments top 9
L_Rahman 1 day ago 0 replies      
If you're unfamiliar with Massimo's work, take some time to read The Vignelli Canon. It's a short work narrating his design principles and an influential design document.


e15ctr0n 1 day ago 0 replies      
The documentary 'Helvetica'[0] featured an interview with Massimo Vignelli. You can watch him talk about typography[1] and how he came to design his iconic 1972 New York City subway map[2].

[0] http://www.imdb.com/title/tt0847817/

[1] http://www.youtube.com/watch?v=El8jDI_ZuiI

[2] http://www.helveticafilm.com/vignellimap.html

sshanky 1 day ago 2 replies      
I didn't know the A series of paper sizes was built around the golden rectangle. Vignelli had some strong opinions on the US standard:

The international Standard paper sizes, called the A series, is based on a golden rectangle, the divine proportion. It is extremely handsome and practical as well. It is adopted by many countries around the world and is based on the German DIN metric Standards. The United States uses a basic letter size (8 1/2 x 11) of ugly proportions, and results in complete chaos with an endless amount of paper sizes. It is a by-product of the culture of free enterprise, competition and waste. Just another example of themisinterpretations of freedom.

The A4 is the basic size for stationary. Two thirds of it is a square, a nice economical happenstance resulting from the golden rectangle. It is one of the reasons we tend to use as much as possible the DIN sizes: proportions are always leading to other nice proportions. This does not happen with the American basic size which leads to nothing. I counted 28 different standard sizes in USA!. The only reason we use it is because everybody in USA uses it, all stationary in USA is that size, so are manilla folders, files and office equipment! The repercussion of ugliness is endless.

YAYERKA 1 day ago 0 replies      
This man was an absolute giant of design. (Along with his wife, who is also an amazing designer).

For those of you unfamiliar with his work. He created a lot iconic imagery -- including the signage and maps for the subway system in New York City.

A quick google search or visit to [0] will reveal his talent. Btw, I always thought this website was quite poorly designed considering the Vignelli's abilities.

[0] http://vignelli.com/home.html

Rest in peace Massimo!

hyperion2010 1 day ago 0 replies      
"If you do it right, it will last forever." Words to live by.
theIV 1 day ago 1 reply      
This is really sad to hear.

If you haven't read it, I suggest taking a look at The Vignelli Canon [0]. Some great insight into how he thought about design.

[0] http://www.vignelli.com/canon.pdf

_broody 1 day ago 0 replies      
How sad to hear this. As he dies, the design principles he championed are taking over the interface design world with a vengeance. The visual language in iOS 7, Windows 8 Modern UI, and even Google Now owes a lot to designers like him.

Rest in peace.

BasDirks 1 day ago 0 replies      
f*ck. This makes me very sad. My hero in black. RIP Massimo.
jqm 1 day ago 1 reply      
As a developer I have realized people often take so much for granted. For example, roads. You drive on them everyday and don't even think about it. For most people they are a given...almost a natural part of the world. But, someone decided where to put that road. They engineered the grade. They decided the specifications. Then crews came and worked building the road. The only time they are noticed is when the annoyances of road repair or closures occur. Otherwise, it's just like the sun coming up the morning. An accepted given. I think for most people the internet and associated applications have become the same thing.

So how much of our "reality" do key figures like Vignelli actually create? Something to think about.

HN Hiring hnhiring.me
188 points by yitchelle  1 day ago   33 comments top 12
necubi 1 day ago 6 replies      
Hey everyone, I'm the creator of hnhiring.me. Surprised to see it pop up now, as I haven't done much with the site in the past couple of years. It's still being updated every month with the latest "Who's Hiring?" post, though, so hopefully people have found it useful. The source is also on GitHub (http://github.com/mwylde/hnhiring).

As an aside, I've been meaning for ages to do analysis of hiring trends based on the data. If anybody is interested in this, I have the past year of posts available in JSON available at http://hnhiring.me/data/comments-{thread-id}.json. The thread ids for fulltime/freelancer for each month are here: http://hnhiring.me/data/threads.json.

lwhalen 1 day ago 2 replies      
It might be useful to add a filter to specify remote-only, local-only, or some combination of the two.
yaur 1 day ago 3 replies      
hnhire.me (available at this moment) would be a better domain hack IMO. Also deceptive title, but nice idea.
mxxx 1 day ago 1 reply      
hey, the regex filter is great but if i hit control-F I'm trying to use the browser search function, you shouldn't be capturing and overriding that.
orware 1 day ago 0 replies      
I posted this earlier this month (contains MySQL database exports of the threads and comments going back to 2011):https://news.ycombinator.com/item?id=7687128

In the link above you can get a copy of the threads/comments data up until May 2014 for the HN Hiring threads (I didn't do anything for the Freelancers ones).

My initial goal was to do the same (do an analysis of the data) so I also have an additional schema created that would allow us to associate the variety of programming languages, tools, locations, and companies together in a structured way.

I have an idea of how I want to create a frontend that users could contribute to (I'd like to gamify it a bit so contributors can get some props on the site for helping get the data analyzed, since that is a pretty manual process), but haven't had the time to work on it.

mschuster91 1 day ago 0 replies      
Technical issue: clicking randomly in the text areas scrolls the page up to the post heading. Highly annoying.
jaaron 1 day ago 0 replies      
Thanks for this. It's a useful reminder that I need to post some job openings in the next thread.
josephjrobison 1 day ago 0 replies      
Awesome aggregation, this is useful, thanks.
kull 1 day ago 0 replies      
You Know What Really Grinds My Gears? When on any job website I search for H1B and I am getting plenty of results... with "XXX is unable to provide sponsorship for H1B Visas at this time."
matiasb 1 day ago 0 replies      
Thanks, I'm looking for work :)
himanshuy 1 day ago 0 replies      
Thanks for building this.
piratebroadcast 1 day ago 0 replies      
This seems an appropriate place to mention that I do Rails and Front-End in Boston and am looking for a full-time Jr Dev position somewhere- I can be reached at my username at gmail. Thanks!
RubyMotion 3.0 Sneak Peek: Android Support rubymotion.com
182 points by blacktulip  18 hours ago   69 comments top 18
danielsju6 17 hours ago 3 replies      
Maybe it's petty but I've lost confidence in Ruby Motion since I've had a pull request open against it for whole year because they don't support enterprise deployment out of box. The fix is pretty damn simple too https://github.com/HipByte/RubyMotion/pull/64/files

You'd think enterprise would be a prime use case here. Sucks to have to keep your own fork up to date.

Moral of the story, if you have a Github repo please accept pulls; and if you don't you loose customers.

bratsche 17 hours ago 3 replies      
"The object model of RubyMotion for Android is based on Java. Ruby classes, objects, methods and exceptions are Java classes, objects, methods, and exceptions, and vice-versa. No bridge is involved."

But then later it says "The runtime uses the Java Native Interface (JNI) in order to integrate with Java".

And then later it says, "RubyMotion Android apps are fully compiled into optimized machine code, exactly like their iOS and OS X counterparts."

Does any of this make any sense? They seem to be contradicting themselves left and right on the same page.

mfkp 17 hours ago 3 replies      
"RubyMotion for Android features a completely new Ruby runtime specifically designed and implemented for Android development."

That is huge, very excited to check this out!

I would love being able to write ruby instead of java (whereas objc doesn't bother me that much).

scoot 17 hours ago 3 replies      
I just wish they'd release an LOC limited trial version. I'd love to give it a spin, but I'm not about to fork out that much money just to try it...
dimillian 2 hours ago 1 reply      
Hey, when it comes to mobile, I develop them in pure Objective-c for iOS, and pure Java for Android. I use tools provided by both compagnies. So yeah, I do the jobs twice, but I think it's ok.

Anyone have feedbacks coming from what I do to something like RubyMotion or Xamarin? These solutions sound very interesting, but I've yet to try them. I think I'm too attached to my Objective-c and workflow.

Also, is there peoples who originally used RubyMotion or Xamarin and went to use OC and Java?

andyl 16 hours ago 0 replies      
This is fantastic news. I love RubyMotion and can't wait to try it on Android. Especially want to learn how easy it will be to create wrapper objects to have a common API across platforms.
lnanek2 10 hours ago 0 replies      
I was impressed that even with all this translation and Java compatibility going on, the sample code still shows some situations where the nice clean, concise nature of Ruby is still up and running. E.g.:

> @paths.each { |path, paint| canvas.drawPath(path, paint) } if @paths

From: https://github.com/HipByte/RubyMotionSamples/blob/master/and...

And: @activity.handler.post -> { @activity.updateTimer }

From: https://github.com/HipByte/RubyMotionSamples/blob/master/and...

These things take a lot of lines in Java for Android where we don't have lambdas and function references yet and often have to define anonymous classes just to pass a method in to a handle to be run later.

crashandburn4 15 hours ago 1 reply      
I was just looking at the rubymotion licences [0]. does anyone know if you will get future releases with the licence? do you only get them for one year?

[0] http://sites.fastspring.com/hipbyte/product/rubymotion

sciguy77 18 hours ago 1 reply      
I am elated. Rubymotion is awesome. It has the ease of PhoneGap with the speed of native Obj-C.
yulaow 17 hours ago 0 replies      
Surely today with this news, the one on xamarin and that on codenameone it is likey orgasm-day for all the crossplatform tools lovers.
mark_l_watson 17 hours ago 1 reply      
Does anyone know if the RubyMotion price of $200 will include Android support, or will that be a separate product?
octopus 18 hours ago 1 reply      
This is great news, it will boost the adoption of Ruby and RubyMotion in the huge Android market.

Finally I have a reason to give RubyMotion a try. I'm curious how much productivity gain can one achieve with a language like Ruby once it is compiled (which will ensure the speed of the resulting application).

Karunamon 17 hours ago 0 replies      
Some code samples already available on Github: https://github.com/HipByte/RubyMotionSamples/tree/master/and...
rahilsondhi 17 hours ago 2 replies      
Are mobile apps written with RubyMotion on par with the native equivalent? For example, I've heard a lot of people dislike PhoneGap, AppAccelerator, etc because the final app isn't as polished as something that is built natively.
fuddle 17 hours ago 2 replies      
I'm curious if the XML views will remain the same?
mmanfrin 17 hours ago 0 replies      
Pretty damn cool.
gary4gar 17 hours ago 0 replies      
does this work on all android versions?
higherpurpose 17 hours ago 2 replies      
Is there something similar for other languages?
Google's XSS game xss-game.appspot.com
171 points by morphics  7 hours ago   80 comments top 22
al2o3cr 1 hour ago 1 reply      
"There will be cake at the end of the test."

That's what the computer said LAST time. But I'm still alive... ;)

skoob 5 hours ago 1 reply      
For those interested in XSS challenges, there's also http://escape.alf.nu , which I think has a slightly better UI.
aendruk 15 minutes ago 0 replies      
Their background image is successfully reproducing the nauseating effects of this monitor test [1]. I can't look at it for long without experiencing physical discomfort.

Perhaps disabling it is part of the game.

[1]: http://www.lagom.nl/lcd-test/inversion.php

jevin 29 minutes ago 0 replies      
This is great!XSS is one of the hardest things to get right when it comes to security. I'll be sure to complete all the challenges, because I'm working on a product that could use some good HTML sanitizing.
michaelx386 1 hour ago 2 replies      
Does anyone know how to submit corrections to Google? I've not been able to find a way after noticing a few mistakes on Google's XSS help page. There are a few examples using an image tag but the tags haven't been closed properly:


e.g. "Now, enter <img src='' onerror="alert(document.cookie);" and hit 'Share status!'."

neil_s 51 minutes ago 1 reply      
Level 4 has a bug. Entering a string in the text box for the timer solves the problem, but putting that string directly as the get parameter in the URL doesn't. Anyone know how to report this?
heri0n 26 minutes ago 0 replies      
on level 5 i tried to modify the url, but my quotes are automatically encoded, also tried encoding it using %22.. but didn't work.. I'm using chrome on osx, could it be a browser thing, i managed to get it to work by manually modifying the html using the developer tools :p
laurencei 3 hours ago 5 replies      
I asked this question once on SO and never really got a "great" answer I was after.

If my site will only ever allow users to see their own submitted data, and never ever data another user has submitted (i.e. no general 'posts' etc) - then is there actually a XSS risk on my site?

So I'm curious if an attacker can gain anything by looking at their own XSS attack?


instakill 2 hours ago 2 replies      
What is lvl2's answer? I'm trying:

<img src='invalid_link.png' onerror="this.src='alert(1);'">

thomasahle 4 hours ago 0 replies      
I'm only trying to solve it for the cake.
lazyjones 4 hours ago 3 replies      
Nice one; I gave up trying to solve the last with the http-only google.com/jsapi and hosted my own with https, but then it occurred to me that it's even more trivial than I thought!

Checking our stuff for this mistake now ...

SimeVidas 2 hours ago 0 replies      
Ah, I'm supposed to toggle the "Target code" box :) Ugh, I used DevTools to look at the <iframe> code for the first 3 steps.
johnadam 4 hours ago 3 replies      
How do you solve lv4?
riffraff 5 hours ago 1 reply      
I completed the game, but I honestly don't know: why wouldn't inject a script tag directly in level 2 work?
myfonj 2 hours ago 0 replies      
Wee, cake is not a lie this time. Nice!
gpvos 2 hours ago 0 replies      
Finally, cake.
octatone2 3 hours ago 0 replies      
That was super fun!
0x4139 3 hours ago 5 replies      
can someone share theirs hosted script that echos and alert? :D
mavfly 1 hour ago 0 replies      
Someone solved the level 6?
sebastianavina 5 hours ago 1 reply      
tristanperry 2 hours ago 0 replies      
I had fun with this; definitely a good mini game to learn more about XSS, although it's a pitty that you can cheat-pass a level simply by appending '/record' to the end of the URL. (Granted it's just a game)

I.e. https://xss-game.appspot.com/level1/record allows you to go straight onto level 2.

Anywhoo, HackThisSite is similar & worth checking out (albeit it covers a wider range of web app security issues)

Absolute Zero damninteresting.com
171 points by jqm  12 hours ago   36 comments top 16
Stratoscope 6 hours ago 2 replies      
I've complained about changing titles in the past, but here's a case where the submitted title ("Absolute Zero") doesn't hold a candle to the original title:


Much, much better. 0K?

Jun8 11 hours ago 3 replies      
I didn't knwo about this site, a true find: the writing and witticisms are fantastic, e.g.

"As [sic] unspecified assistant with quick reflexes reversed the helium valve, but he turned it either the wrong way or too far, because instead of halting the flow of helium, he caused it all to be vented into the laboratory. Dewar's notes do not indicate whether a high-pitched apology was offered."

(Although some proofreading would have been useful.)

Someone 4 hours ago 0 replies      
"The municipality of Leiden has made objections as to my working with condensed gases and has not been content with asking that additional means of precaution are taken, but is gone so far to claim in August last that my cryogenic laboratory be removed from the city!"

Kamerlingh Onnes' laboratory was built in the space that was created in 1806 when over 15,000 kg of gunpowder stored in a ship exploded, killing 151 people and destroying over 200 houses (http://www.pieterskerk.com/en/explore/19e-eeuw/1807/

That must have made the Leiden city council more cautious when hearing about potential explosions in this laboratory.

DrStalker 8 hours ago 1 reply      
It's worth pointing out that it's possible to get below absolute zero: http://www.mpg.de/6776082/negative_absolute_temperature

It's a bit of a definitional thing; once you get that cold measuring how fast atomes move is less useful than looking at enthalpy and entropy and the way atoms give or receive energy.

from http://en.wikipedia.org/wiki/Absolute_zero

> It is commonly thought of as the lowest temperature possible, but it is not the lowest enthalpy state possible

Monkeyget 10 hours ago 2 replies      
In Our Time episode regarding absolute zero : http://www.bbc.co.uk/programmes/b01r113g
cottonseed 9 hours ago 0 replies      
There was a good NOVA episode, Aboslute Zero, on the race for cold:


coldcode 11 hours ago 2 replies      
Now this is real hard nosed science, rarely done today. I spent 6 years studying chemistry and decided to switch to programming because computers seemed unlikely to explode in my face. But I miss messing with liquid gases at cold temperatures.
kbart 2 hours ago 0 replies      
Very well written and interesting article. I'm still laughing at this:"his London lab was rattled by yet another minor explosion which deprived yet another lab assistant (James Heath) of yet another eye."
crash78 6 hours ago 0 replies      
What technique would they have used to measure the temperatures?
nicholassmith 2 hours ago 0 replies      
This is fascinating, I really enjoy the turn of the century science stories that come up. Big egos, big risks, fantastic results.
davidw 5 hours ago 1 reply      
> If one physically scoops up a portion of the superatom, the elevated portion acquires more gravitational potential energy than the rest, and since this is not a sustainable equilibrium for the superfluid, it will flow up and out of its container to pull itself all back into one place

Is this actually doable/observable?

Angostura 6 hours ago 0 replies      
Beautifully written, informative and witty. I did not know about the cascade of gasses method before now.
quarterwave 11 hours ago 0 replies      
A discussion of the Third Law and the Nernst unattainability principle can be found in: http://benthamscience.com/open/totherj/articles/V006/1TOTHER...
pistle 10 hours ago 0 replies      
"ambiguous smears of quantum probabilities"

Oh phlogiston.

shaan7 9 hours ago 0 replies      
That was awesome :)
rcthompson 7 hours ago 0 replies      
My friend had himself cooled to absolute zero once. He was 0K.

(Source: The internet)

Mary Meeker's 2014 Internet Trends kpcb.com
170 points by rkudeshi  23 hours ago   45 comments top 13
mikepmalai 15 hours ago 0 replies      

1. Still more runway for smartphone usage - 30% mobile penetration

2. Tablets growing with plenty of penetration opportunity - 400M+ tablets vs. 800M Laptops and 1.6B smartphones

3. Mobile internet install base will be 10x desktop install base

4. More mobile, more security problems

5. Things aren't so bubbly when compared to 2000

6. Youtube is teaching your kids and that's a good thing (my words)

7. Healthcare will hopefully get better with technology

8. People love chat apps and sharing videos + pics

9. Apps are unbundling: "There's an app for that..."

10. Turn all your content into lists and you will strike social distribution gold (my words)

11. Apps will save you time, money, find your next love, and do everything else for you same day by removing the friction of human interaction.

12. Any bitcoin based chart looks like a hockey stick (my words)

13. Big data slides - real time, sensors, cloud, data mining

14. Hardware costs down, cloud usage up

15. Online video is big and will be on your TV too

16. China

17. Drones

vii 15 hours ago 0 replies      
Once again, awesome analysis. Highlights for me

- great breakdown of timespent/adspend per medium showing huge potential for ads on mobile and overspend on print

- the tablet/phone boundary is being stretched by Korea with very low 'tablet' use but high phablet use

- clear age division on transition to online on-demand TV

- music switching to subscription with collapse of pay per track

- video consumption grows and grows on mobile

sutterbomb 20 hours ago 2 replies      
Tablet growth still booming, while iPad growth has slowed considerably and is causing analysts to rethink importance of iPad/tablets.

Slide 96 helps tell the story - cheap generic tablets market in underdeveloped countries as tv supplement/replacements.

iandanforth 22 hours ago 1 reply      
Such poor design for mobile. Almost unusable on a nexus 4. Ironic given the emphasis mobile gets in the presentation.
conorh 22 hours ago 2 replies      
I figured this might appear on hacker news soon enough. If anyone has any questions about the tech behind this microsite (although it is pretty straightforward) let me know. We developed the site and the hosting to account for an enormous amount of traffic in a very short period of time. So far everything is working fine.
tmsh 20 hours ago 1 reply      
'Ain't bout what you walk away from, it's bout what you walk away with.' -Lil Wayne

I'd summarize the end of this report (which for me is the best part with):

a) it doesn't matter if you're first-generation or second-generation as a founder b) if your app or site or service can participate in China, you have 10x booster thrusters.

callmeed 20 hours ago 3 replies      
From Slide 9: mobile usage as a % of web usage is now 25%. It was 14% last year.

This seems contrary to what we hear about native apps dominating smartphone usage. Obviously that web usage isn't "HTML5 Apps" per se and I'm sure apps dominate services like Facebook, Yelp, etc ... but that number and growth seems very significant.

patkai 5 hours ago 1 reply      
If this is called "analysis" then there is no hope.
mathattack 20 hours ago 3 replies      
An open question - is Mary Meeker still taken as seriously as she was 15 years ago? I don't talk to enough people in the investor community to know either way.
egfx 14 hours ago 0 replies      
not a word about soundcloud, one of the fastest growing trends in 2014
eevilspock 20 hours ago 1 reply      
The Made in USA slide (10) is nonsense. It shows a shift from non-USA OSes, Symbian and Linux to 'Made in USA' OSes, Android, iOS and Windows phone. But Android is built on Linux!

"USA controlled" may be a better way of putting it.

allard 13 hours ago 0 replies      
It's a nit perhaps but being as this is technical stuff I'd prefer the standard SI prefixes rather than MM and the like used in some beancounting.
PHP Next Generation php.net
173 points by maratd  1 day ago   50 comments top 6
gopalv 1 day ago 0 replies      
Speaking as someone who's hit the barriers of PHP performance for many years, this is a good start.

But I wish it was done a little nicely from the community point of view (the >4gb strings stuff).

I'm considerably less talented than Dmitry and I spent several months of my life trying to unsuccessfully write a JIT for PHP - most of what stopped me was the rest of the Zend engine itself.

While I was maintaining PHP-APC, I spent many weeks trying to write a basic block JIT for php, when Zend is using the CGOTO core (FYI, if you are still using APC, switch to Zend OpCache).

This would compile code which didn't have any jumps into a native chunk and swap out the opcode's handler location into my native chunk.

The little I did actually do ended up being fairly involved assembly rewrites of the inner loop.


No matter what I did, the issues of the bytecode organization (the ->result reference) and the lack of type verifiability in the code generation resulted in me slowly throwing away every prototype somewhere between the for loop and running the default benchmark.php.

I haven't read through all the changes yet, but IMHO the Zend engine will be an absolute pain to deal with until we get to type inference/verifiability into the bytecode format so that integers get integer register ops in the JIT instead of always being zval_* based.

But a cleanup was due. And a faster VM (either HHVM or PHPng++) is good news for the regular PHP users.

chx 1 day ago 4 replies      
Pierre Joye from Microsoft started a big refactor in the open (make string length size_t everywhere) meanwhile Dmitry Stogov of Zend worked in total secret on an even bigger refactor which is phpng, completely ignoring the size_t work (also known as 64 bit). A feud in PHP Internals followed not the first heated debate there... that mailing list is very useful as a textbook example of how not to run an open source community. At the end, Pierre have decided it's better to cooperate and now http://news.php.net/php.internals/74352 there's a vote that seems to pass and so on top of phpng size_t is also coming.
skywhopper 1 day ago 4 replies      
There's some seriously missing context to this post. It sounds like they are responding to some expectations posted elsewhere, but they don't link to what they're responding to. Or perhaps it's an update to something announced earlier, but they don't link to the past announcement. It's not clear what PHPng's relationship, if any, is to 5.5 or 5.6 in this post.

Anyone have any pointers to the conversation they are participating in with this post?

(mavci's link is an O'Reilly summary of the state of the PHP ecosystem and I didn't see any mention of PHPng.)

UPDATE: Perhaps this link is what started the confusion the php.net post appears to be trying to address: http://grokbase.com/p/php/php-internals/1455aesx7r/phpng-%04...

1ris 1 day ago 6 replies      
Isn't Hack the PHP of the future, aviable today? For me it seems with hack there are no excuses anymore to still use php. I'd be glad if someone tell me some downsides of hack, it seems to good to be true. And how do the JITs compare?
atulatri 1 day ago 0 replies      
I think it will be great if PHP's internal developers start focusing on HHVM.

From comments it seems like some people are afraid that FB will keep driving HHVM project in it's own way. But this fact is dependent on contribution. FB may loose grip on HHVM if If people outside FB start contributing more on it.

Announcing Xamarin 3 xamarin.com
167 points by vdepizzol  1 day ago   99 comments top 32
supermatt 22 hours ago 9 replies      
I tinkered around with Xamarin, and a very basic app (using some 3rd party libraries) or even using the tutorial/sample apps was immediately outside of their free tier.

Now I would like to understand the logic behind the 30 day free trial. If you are preventing app distribution (binaries are only valid for 24hrs when compiled in the trial version) why restrict it to 30 days? Why not allow people to tinker around as much as they want? I see no negatives to having an unlimited trial, and then simply charge to remove the '24hr binary' restriction.

As it is, the little free time I had over those 30 days to play with Xamarin equated to around 5 hours, most of which was going through the tutorials and sample apps (which you cant use in the free mode). I certainly haven't experienced enough to commit to a purchase, and now I likely never will.

I spoke with one of your colleagues about this. He offered me 20% discount on the business tier if I purchased iOS and Android (~$1600 'value') within 4 days... All i wanted to do was evaluate the damn thing...

I think what you are doing is great, but please try and apply some common sense to your evaluations.

keithwarren 23 hours ago 1 reply      
I have been working with Xamarin stuff for a couple years now, released about 7 apps with them and honestly cannot imagine another approach. I mainly work with smaller startups in specific line of business scenarios and it has become a necessity to not only have viable mobile offerings, but they have to have parity across platforms and support both phone and tablets. When I go into a sales meeting and pitch the idea that I can build for Android and iOS using the same language and sharing much of that code - I usually crush my competitors on price - which saves the customer money and makes more money for me (yipeee!)

The Forms work in Xamarin 3 seems lined up to make that pitch even easier and will likely help Xamarin grow into the enterprise even faster as ease of management in the code base is going to be a major driver in decisions for IT shops that now have to support a much more diverse platform set than they did in the days when a website was good enough.

natfriedman 23 hours ago 3 replies      
Thanks for all the kind words, everyone! This release was the result of a lot of hard work; especially the new visual designer for iOS, which took two years to build.

You can read more about our platform here:


And our new Xamarin.Forms library is explained here:http://xamarin.com/forms

gum_ina_package 23 hours ago 3 replies      
Now all they have to do is make it free. Seriously though, as a student I can't shell out $299 for a license and even at the $99/year student rate (with proof of relevant course work), I can't see myself paying $99/year to write/maintain apps I've built. Especially considering the $99/year Apple app store fee.

Please, Xamarin, show us young C# devs some love!

update: not really sure why the down votes. I'm big fan of Xamarin and C# in general. All I was doing was pointing out that there's no way I can afford/am willing to buy their software and that I think I speak for the majority of student developers.

untog 23 hours ago 1 reply      
Kind of amazing that Xamarin now seems to have better dev tools for iOS than Apple do.

I was badly burnt by buying a Xamarian dev license a couple of years ago for $499 then not using it (my own fault entirely) so I've been hesitant to jump back in to Xamarin-world, but it's really only a matter of time. I'm very impressed.

revelation 23 hours ago 1 reply      
Awesome work! I wonder how responsive the UIs created are? The workflow looks a lot like Windows Forms (dropping elements in the editor and resize to match), and there it wasn't exactly easy to produce interfaces that could scale or even adapt.

So, in short: is this more Forms or WPF?

(I've looked at the subpage for Forms now, and the widgets presented there tend to lean heavily towards WPF.. so yay!)

soapdog 21 hours ago 0 replies      
I've never played with C# or Xamarin but this tool set is looking really good, specially the F# thing.

Anyone care to share their stories about F#? it appears to be a nice functional language.

mkal_tsr 22 hours ago 0 replies      
Man, as much as I'd love to use Xamarin w/ VS, 3 platforms for a single developer (myself) is $3000. It looks like a great product but wow, I can't swing that solo while bootstrapping. Have you considered a free-until-release approach? Don't get me wrong, you guys need to make money, I'm just wondering if there is a more optimal / appealing approach for those that are between Indie and Business.
jordan0day 22 hours ago 0 replies      
Xamarin.Forms looks very compelling. In a former life I was a .NET person, and so I've always kept my eye on Xamarin, but the only real mobile stuff I've done has been native cocoa touch dev on iOS.

Even though Xamarin.Forms might be a lowest-common-denominator type of thing, being able to build basically "universal" apps looks awesome.

The indie license really isn't very expensive, but I wish the starter version allowed bigger apps (but maybe stripped out publishing to app stores or something), so you could really thoroughly check it out without spending $300.

danabramov 1 day ago 1 reply      
Beautiful work. Congrats to Miguel, Nat and everyone on the team.

Funny that IB stinks so much they had to basically rewrite it.

Also, I like the (minor) redesign. Looks more solid now.

WorldWideWayne 30 minutes ago 0 replies      
The per-platform pricing is ridiculous.

Would someone please build an open source competitor and put these jerks out of business?

evo_9 19 hours ago 1 reply      
It's a real shame that Xamarin has a such a prohibitive pricing structure.

My employer would love for me to use this on projects but they simply won't pay that much for a tool EACH YEAR.

Considering Visual Studio, if you actually pay for it and don't go to an event and get a free copy, is a one time cost that a company can semi-easily justify (we've been on VS2010 for over 4 years now, with 5 developers, that's a major expense if we have re-subscribe each year).

But with Xamarin, unlike Visual Studio, it's a 1 year subscription. I hate to say it but I agree with my employer, as much as I LOVE using Xamarin to build mobile/cross platform apps, the current pricing model is just crazy.

I'd say drop the subscription only option (maybe have that as one of the choices), and add some 'buy it, you own it forever' options, hopefully without raising the price (ideal world you'd drop the price, too).

martinald 23 hours ago 1 reply      
This looks amazing. Especially Xamarin forms.

Surely Microsoft will acquire them soon? They'd be totally nuts not to.

andyjohnson0 23 hours ago 1 reply      
I appreciate that this is an initial announcement, but does anyone know what the situation is with upgrades for existing users?

Edit: Forgot to say that this new version looks really good - congrats to the Xamarin team! Not having to launch XCode is going to massively improve my quality of life.

jedahan 23 hours ago 2 replies      
Looks cool, but why translate to native UI elements at run-time as opposed to compile-time? Does it help with debugging?

Forgive my ignorance as I have not used Xamarin.

ternaryoperator 22 hours ago 0 replies      
Detailed review of the v. 3.0 Enterprise Edition here:http://www.drdobbs.com/240168321
jasallen 23 hours ago 1 reply      
Looks great, love designer and Forms sounds epically wonderful (wonder if I can export my ios designs to forms for easier porting :-) )

First ten minutes experience:I've got a little weirdness with the differences in generated code from x-code vs new designer (an outlet name went from upper case to lower for instance).

iOS designer is giving prominent error "Custom components are not being rendered because problems were detected".. Though everything seems fine and log doesn't particularly help.

p_papageorgiou 23 hours ago 1 reply      
Hey Guys,

I'm the co-founder of Avocarrot (http://www.avocarrot.com/) and we were wondering for a while whether to build a dedicated plugin for Xamarin. How easily can you integrate an native Android or iOS SDK with your Xamarin apps? Would it make a big difference for you if a Xamarin plugin was available?

buster 22 hours ago 0 replies      
But as always, no Linux support, sadly and a no go for me :(
egeozcan 22 hours ago 0 replies      
Xamarin is great. I saw a colleague of mine developing apps with it and was simply amazed. I think it definitely deserves all they're asking for it. Just one thing though: Why do I have to pay 700$ difference per year just for VS support? Is it really that hard to integrate?
SneakerXZ 19 hours ago 0 replies      
They aim on enteprise clients otherwise I cannot justify the pricing.

I cannot imagine spending 600 USD for both platforms just to build hobby project (and with missing Visual Studio support) and if I cannot build a hobby project, how can I propose it to my employer when I don't have any experience with it?

I would love to use Xamarin and would be willing to pay (I could justify 300 USD for all platforms (iOS, Android, Mac) with Visual Support for my hobby and indie projects. I hope Microsoft buys them or they will be more friendly to indie and hobby developers.

paulsmith 23 hours ago 1 reply      
Site looks hosed, is there a summary of what was announced, specifically?
romanovcode 19 hours ago 1 reply      
I don't understand how come that Indie license does not include Visual Studio support? I think the biggest issue with Xamarin for me is this: http://i.imgur.com/wmdaLL7.png
adl 21 hours ago 1 reply      
I know that the official comment regrading Linux support is that there are no plans to support it right now, I just want to say that there are people on Linux that are willing to pay for your product!

I'm developing cross platform mobile apps with HTML5 and I would jump at the chance of using Xamarin instead (I was a C# developer in another life).

I might just end up running it in a VM, but it would be great running Xamarin Studio on Linux.

Thanks :-)

yawn 23 hours ago 1 reply      
How well does the new Forms stuff play with existing MTD? How hard would it be to transition from MTD to Forms?
bigdubs 23 hours ago 1 reply      
Can I show two files open at once vertically split yet?

Follow Up: The answer is no. This is a pretty big productivity killer, and the ticket to implement this feature has been around forever. This is the last major gripe that is keeping me from using Xamarin Studio in lieu of VS2k12.

miguelrochefort 23 hours ago 1 reply      
Awesome work guys! Can't wait to give Xamarin.Forms a try!

I'm wondering how well Xamarin.Forms will work with MVVM and bindings.

hamstu 23 hours ago 0 replies      
This is cool. I didn't know about Xamarin until now. I use Rdio a lot, and it's generally a very good, smooth-running app on my Nexus 4. Didn't realize it was built cross-platform like this!
thebouv 23 hours ago 0 replies      
Looking forward to giving this a try. I've built many mobile solutions in various languages / frameworks / platforms, but being new to C#, I'm eager to give this a go.
Zigurd 23 hours ago 0 replies      
Xamarin is the cross-platform solution I would consider first for developing mobile apps, and I can't think of a second one that's close. If your team is mostly experienced in C# or if F# is your thing, I would really seriously consider it versus training for iOS and Android. It's an very hard problem, and Xamarin has successfully gone from "That's neat but weird" to what looks like a practical tool that isn't going to leave you stranded with an oddball code base.
nbevans 23 hours ago 1 reply      
Is this available to download or what? Even as a beta?
fakir 23 hours ago 1 reply      
Looks Great! Do you have any plans to integrate this with an MBaaS ( Azure looks like a great fit)?
One man single-handedly built a 550 hectare forest and brought back wildlife thebetterindia.com
166 points by dhimant  4 hours ago   19 comments top 12
spodek 1 hour ago 1 reply      
How did "tree-hugger" become an insult?

> The education system should be like this, every kid should be asked to plant two trees, Payeng says.

Damn straight! That idea works in so many ways I can't believe we don't inscribe it on every school building.

xefer 2 hours ago 3 replies      
This immediately brought to mind:

"The Man Who Planted Trees" the book which was adapted into an animated film that won the Acadamy Award for Best Animated Short Film and Short Film Palme d'Or in 1987


sdfjkl 2 hours ago 0 replies      
Having planted some trees myself as a teenager (under the supervision of my grandfather, a forest warden), I can tell you it is very rewarding to do so[1]. It is also a lot of work. The young pines we planted (bought from a tree nursery) needed protection from deer, who like to munch on them while they're small, from boars who destroy the bark by rubbing their itching hide against it, and from bark beetles who decimate entire forests if left unchecked. From humans they were protected legally.

[1] Here's a series of shots of an apple tree growing up: https://plus.google.com/photos/114301087219148980063/albums/...

zacinbusiness 2 hours ago 1 reply      
This is amazing. "...I knew I had to make the planet greener." Yes! I love how he saw a problem and just set out to solve it because he knew no one else would. He's a real hacker.
ohwp 58 minutes ago 0 replies      
Wow, his friends created houses for themselves. He created a forest for everyone...
denzil_correa 2 hours ago 0 replies      
There's a Wikipedia page for the forest [0] and the man (Jadav Payeng) too [1].

[0] http://en.wikipedia.org/wiki/Molai_forest

[1] http://en.wikipedia.org/wiki/Jadav_Payeng

smackay 2 hours ago 0 replies      
John Wamsley is another colourful character with a very hands-on approach to conservation.



tren 1 hour ago 1 reply      
Willie Smits gave an interesting talk about a more systematic way of restoring a rainforest on TED: http://www.ted.com/talks/willie_smits_restores_a_rainforest
davidw 2 hours ago 0 replies      
Makes me think of this story about Darwin:


jotm 1 hour ago 0 replies      
Now here's a glimpse of what's possible when it's an organized effort: http://www.terradaily.com/reports/Macedonia_plants_three_mil...

3 million trees in 1 day.

fiatjaf 55 minutes ago 0 replies      
This not an area so big, but it is good for those who think that only the government can preserve the environment (while, well, the government mostly destroys it).
dhruvpathak 2 hours ago 0 replies      
Truly inspiring. An unsung hero.
Link shorteners hurt the user experience and destroy the Web t37.net
154 points by fdevillamil  2 days ago   89 comments top 29
saurik 2 days ago 6 replies      
> Link shorteners appeared as a consequence of the rise of Twitter. With a 140 characters limitation, sending full links over the micro blogging network was almost impossible.

No. The first extremely popular link shortener was TinyURL, and it launched in 2002, years before Twitter existed. Link shorteners became popular because URLs for some websites are extremely long and unweildy, and are thereby difficult to type; they also have tons of puncutation, and are at danger of being mangled by various transports due to line wrapping, escaping, and character mapping.

ipsin 2 days ago 1 reply      
Link shorteners are bad for usability, but they're also a potential attack vector for targeted attacks. A link might go to the right site 99.9% of the time, and redirect a user to a malicious site the rest of the time.

You can redirect based on the browser fingerprint, IP address, or any number of things.

I have a proof-of-concept of this at http://brokenthings.org/

It redirects to a "friendly" site for preview scanners, etc., and to a "bad" site (Youtube videos, with some stale ones) for users.

It's blocked by Facebook, but still works on G+.

nicky0 2 days ago 3 replies      
A useful service to "unshorten" links is http://longurl.org/

Paste in a shortened link and it will tell you the original URL, listing all the intermediate steps on the way. It also has an API.

pdkl95 2 days ago 1 reply      
> t.co -> j.mp -> pocket.co -> getpocket.com -> bit.ly -> $PROPER_URL

Wow, so many different people tracking a single link.

These are super annoying once they changed to storing the actual URL on the server. The old "redirect?to=http%3A%2F%2Fwww.example.com" style could be re-written on the client to remove the click-tracking, but by storing it on the server, you have to be tracked to get the URL. These seriously need to go away - that's way too many tracking databases just waiting to get a subpoena or "national security letter".


side note: The only time I ever used a url shortener was for a meme that unfortunately never went anywhere:


edit: typo

buro9 2 days ago 4 replies      
Not all link shorteners are evil and are destroying the web.

Here are some scenarios in which I like link shorteners:

1) Removal of the referrer (the anonymising redirect)

2) Redirects within a site when content moves, but the redirect service offers a permalink shortened URL. As only they can generate the URL you can trust that the destination is as safe as the source (the intra-site trusted redirect with vanity URLs)

3) Self-healing of the web, if a URL becomes broken the redirect service may be able to figure out or suggest a replacement, or offer a cached version of the destination or a link to the web archive (the self-healing redirect)

4) Protect users against malware and spam by cancelling a redirect if the URL is reported (the 'for the user' gateway redirect)

Not all redirects and shorteners are inherently bad. I suspect the author just dislikes the tracking side of things, but there's always http://unshort.me/

chrisBob 2 days ago 2 replies      
Long URLs hurt the user experience and destroy the Web.

If I want to send you a link to a washingtonpost.com article the link looks like:http://www.washingtonpost.com/opinions/ej-dionne-jr-the-root...

The same url could just as easily be user readable, and something that I could tell me office-mate verbally from 10 feet away. Most people just expect bad URLs now and have given up trying to remember the name of the page they want to see. I used to love NBC.com because they would let me type things like nbc.com/parks to get to http://www.nbc.com/parks-and-recreation, but that is no longer true. Now everyone just assumes that they need to google something to find it, and they can't even imagine that apple.com/ipad would be the page they are looking for.

spinchange 2 days ago 1 reply      
So literally scheduling the automated sharing of links from a "read it later" app is a common enough workflow, but simply using a link shortening service is automatically indicative of spam? Come on.

Another nit: j.mp and bit.ly are different domains for the same service. If you append a "+" to either URL you see how many times the destination has been shared, clicked, and by all shortened versions of the destination. So it's like both of those are the same link.

Final nit: The Internet was designed to survive nuclear war. The "X destroys the Web" trope is popular, but getting incredibly tired. That's not to say there aren't totally legitimate criticisms of URL shorteners - there are! - but their use clearly pre-dates Twitter and obviously has numerous legitimate use cases as lots of comments here attest to.

WillKirkby 2 days ago 1 reply      
It's even more annoying on mobile (I'm using Android).

If I click an Instagram link in a tweet (since Instagram images no longer show up inline on Twitter), it loads the t.co link in my web browser, and then launches the instagram app to show me the photo. If I then press my phone's "back" button, it takes me back to my web browser, and I have to press "back" again to get back to the Twitter app. It also leaves the t.co link in my web browser's list of active tabs, so the next time I open my web browser, it hijacks me and launches me back into Instagram. It would not be difficult for the Twitter app to resolve t.co links before launching anything, mitigating this issue entirely.

userbinator 2 days ago 0 replies      
If I have to repost content that contained shortened links, I always replace them with what they redirect to, and scrub out what's unneeded (e.g. session IDs, referer querystrings). I wish more people would do this, as it will help in reducing the amount of nested redirections. IMHO link shorteners are only for extremely space-constrained applications like Twitter.

As for some sites having extremely long required URLs: Sometimes they are necessary, e.g. parametric searches, but many other times they could've been better designed to be either shorter or more informative. Whatever the form, I don't think link shorteners should be used to hide them, if there is enough space available to hold the full URL.

oneeyedpigeon 2 days ago 5 replies      
Why doesn't t.co (and, in fact, any URL shortener) follow the redirect chain first, before shortening the URL?
chrismorgan 2 days ago 1 reply      
Pet peeve: articles that start with the word why where how is what they meant.

Why link shorteners do this is a completely different question with completely different answers.

lisael 2 days ago 0 replies      
Anything that silently sends informations about your users to a third party is nasty by nature, including google analytics, gravatar, disqus, +1/like buttons and many more. Please, web designers, think twice before selling all your users to gain little convenience.
myfonj 2 days ago 1 reply      
Another evil that roams interwebs are "farewell" gates for outgoing links; eg dA [1].

Unlike URL shorteners which could be in rare cases useful [2] I see not a single benefit of this.

[1] http://www.deviantart.com/users/outgoing?http://www.devianta...[2] http://tinyurl.com/selfcontained-editable-datauri (yes, this one is a misuse, but whatewer)

endgame 2 days ago 1 reply      
My favourite link shortener was mug.gd, which could also manipulate the page it was being sent. I remember seeing a version of a PG essay trumpeting the benefits of learning Visual Basic over Lisp :).

It's dead now, demonstrating another problem with URL shorteners.

gedrap 2 days ago 1 reply      
There's a few more genuine use cases for shorteners, one of them is using links offline (e.g. print advertisements). I noticed my university does that and I kind of like it.

It definitely won't remember company.com/section/potentially_a_subsestion/page?someParamters=mayyybe if I see it somewhere. But I might remember bit.ly/CompanyCampaign.

Some might say that it's the developers/company fault, they should have made the URLs more friendly/configurable. Yeah maybe, but it's often easier just to use a shortener, let's be realistic.

I also use them when I know I will need to open some link directly (i.e. by typing in URL). For example, I prefer bit.ly/myPresentation to logging into google drive, getting 2FA text, finding the presentation...

So yeah, while they are evil in some cases, they have a bunch of genuine use cases.

alkonaut 2 days ago 1 reply      
Wouldn't it be quite easy for a link shortener to find the final target url and just point to that instead of pointing to another shortener url? It could even heuristically try to search further if the pointed to url looks like an already shortened one (i.e. it's shorter than a treshold).
lazyjones 2 days ago 0 replies      
Link shorteners fix one apparent problem with Microsoft Outlook: people sending text emails with long links will typically break them for the recipient and the common workaround, setting the line length setting very high, is terrible too.
devolute 2 days ago 0 replies      
In my experience, from working amongst marketeers, bit.ly is still used not because of its link-shortening abilities. It's used because of the analytics and insight it can provides.

Even on sites with comprehensive analytic packages integrated, bit.ly (and services like it) will be used because the people doing the "social media" work an the people responsible for the performance of the website online are sitting in different places and not talking to each other.

The result is this division of statistical data for each party to beat each other with.

chanux 2 days ago 0 replies      
I'm not quite sure it's a URL shortener but http://linkis.com shortens the URL anyway (as ln.is). I never click a ln.is url anymore. It takes you to an intermediary page that only worsens your^H^H^H^H my life.

PS: Can anyone see what's the point of this service?

marcin 2 days ago 0 replies      
URL shorteners provide one of the two values.

- short link that is easier to share/doesn't break in the process (when you send it via email, need to copy-paste on your mobile or just want a cleaner FB message

- tracking that will give the poster insight on the number of clicks and other performance indicators of the message

No one in their right mind would use 302 redirect, because you then loose things like Twitter share counts, or card implementation.

There is an odd case of someone using the shortener for marketing purposes (I do it for my product), but it usually will be a by-product of something deeper that offers value to the user. And, as many of those services are free (as your referred Pocket), it's a small price to pay for an otherwise great product IMO.

czottmann 2 days ago 0 replies      
Here's one reason for me to use an URL shortener in my (German-language) newsletter: URL length. When you send out HTML + plain text emails, some URLs will break the text layout.

So I shorten them sparingly, for simple layout reasons. But I don't track the clicks or anything. I might be in the minority here, tho.

gulbrandr 2 days ago 1 reply      
This scripts [1] searchs for links in the user timeline and replaces shortned URLs with the original (stored in the data-expanded-url attribute).

[1] http://userscripts.org/scripts/show/186801

drixle 2 days ago 0 replies      
Not to mention it's a great way to spread other unwanted nasties.
DanielBMarkham 2 days ago 0 replies      
They use a URL shortener to track trafic and engagement to their content: how much clicks were generated from Twitter, Facebook, Linkedin without an access to the sites Google analytics. Thats because figures are more important than people who read their content. In other words: spam.

Okay, I know that ranting content beats happy or deep-thought-out content, but we got into hand-waving territory a little early here and without, well, knowing what the hell we're talking about.

I use bit.ly, and gad, I hope I don't spam. There are a dozen good reasons. I just like knowing in real-time how many people are re-using the links I share online. Gives me some idea if anybody is paying attention. Over time, I can go back and look at all the links I've shared, from my own stuff to MSM material, and see what my friends liked and what they didn't. That's great feedback for me -- just like a "like" on Facebook, except it's entirely passive on the consumer's part.

I'm not saying there isn't a problem. The problem here is that everybody and their brother want as much data as possible from the user, so there's this cascading thing going on where you almost never click on a link that actually describes where you're going. Many times the redirect can be several deep, as the author points out.

So yes, there's a problem. But please don't jump from "there's a problem" to "Spam! Spam! It's all about spam!"

No, it's not. There can be a problem with something without there having to be an evil villain involved.

_asciiker_ 2 days ago 0 replies      
The problem is not the link shorteners but the amount of (often slow) redirects that come with them.

Getting users to long URLs is a good thing if done directly.

hakcermani 1 day ago 0 replies      
Link shortners are useful. There is possibly one other simple way to avoid the latency. t.co can resolve the link all the way to the end at the time a tweet is posted (ie run through 1-5). The latency hit is taken once and and not on every access to the shortened link.
morituri 2 days ago 0 replies      
Short URLs are not just for the web - they are incredibly useful for sending links via broadcast SMS.
hellbreakslose 2 days ago 1 reply      
It is true at least for me. I never click on a shortened URL, whatever it might be...

I tend not to trust it.

Apple Developer Indifference forecast.io
153 points by anu_gupta  1 day ago   76 comments top 17
natch 18 hours ago 0 replies      
>We shot off an email to Apple Technical Support one of the two free emails Apple allows developers to send (after which they cost $99 for a 2-pack).

Wow, this statement is such drama.

There is no "allowance" for how many emails you can send to Apple. The Apple developer evangelist email is public and emails to it are not limited. The author is confusing emails and TSIs (Technical Support Incidents).

You can also call the developer support line, which picks up after a couple rings with a live human. And you can file bugs. And you can tweet to the developer evangelists, which may be the fastest, most effective way to get an urgent problem like this on their radar.

The two TSIs that are free with your developer account (and then cost after that, if you ever even use your first two) are for code-level support, meaning "how do I accomplish this with code." This is clearly spelled out (see https://developer.apple.com/support/technical/submit/).

They will get your question answered, if an answer is possible. Apple pulls out all the stops to get these resolved, and it's a huge misunderstanding of their purpose to use them for an outage report, and further to claim that you can only send two emails to Apple without paying.

Far from being indifferent, the Apple developer relations team is hitting it way out of the park. Yes, outages happen, and that's unfortunate. But there's no need to make something out of it that it's not.

IBM 22 hours ago 1 reply      
I'm not a developer, but I think it's clear that as a developer you should expect your relationship with Apple to be similar to Google's relationship to users. They rely on both to be successful, but their bread gets buttered by someone else. In Apple's case that's consumers, so you're not going to get the love that consumers would get.
locopati 23 hours ago 0 replies      
This has been Apple's way of 'working' with developers for over 20 years.
osipovas 23 hours ago 0 replies      
A similar problem exists on the Android Platform. The Geocoding (forward and backward service) is non-reliable, sometimes requiring a device reboot. But, at least there is a public issue tracker!



thebooktocome 23 hours ago 2 replies      
I don't have a product on the market so perhaps I'm being incredibly naive, but why didn't the OP throw Apple under the bus? It seems to me a better response than panicking, using up all your free support e-mails (to no avail), and etc.
smackfu 22 hours ago 1 reply      
Seems odd they have a Developer System Status board, but not an API System Status:https://developer.apple.com/system-status/
DenisM 22 hours ago 2 replies      
While we're on the subject - any personal recommendations for a fallback Geocoding service?
coldtea 13 hours ago 1 reply      
>How does that happen? How does such an important service the geolocation of addresses just stop working for three days? And as of the writing of this post, five days after the fact, we have yet to get a response to our support inquiries.

It's not like there could be any other response than "It will be fixed as soon as we can". So, what exactly were they expecting to hear?

Regarding their customers, I'm not sure if this is an American vs Europe thing, but I never, ever, contact software companies for support. Nor do I know many (if any) people that do. It's 2014. You can read the manual or search for help online. And if a service is down, you wait it out and assume it will get back up. It's not like they don't know it's down, or telling them will make it go up faster. That's just like honking while on a traffic jam. Just adds noise.

Were those users really that dependent on a $1 dollar weather app that they had to "deluge" its developers in a 3-day service disruption?

I would either wait it out, or download another comparable app.

jsz0 20 hours ago 0 replies      
> when it comes to small developers, Apple just doesnt give a damn

I don't understand the connection to the geocoding problem. Did it only impact small developers? Was the problem fixed faster for large developers?

twotwotwo 17 hours ago 0 replies      
Rather than indifference, could also be a sign of how far Apple has to go to become great at networked services. The processes you need to maintain quality (including uptime) for a service with variable load, potentially frequent releases, actual racks of servers to keep humming, etc. is much different from the way you ensure quality in yearly hardware and OS upgrades. It's not counting Apple out or discounting the strides they've already made to note that Google and other Web-native companies still have a leg up on them here.
higherpurpose 23 hours ago 5 replies      
So why not develop your app for Android first (Dark Sky isn't available on Android)? I'm starting to see this too many times. Developers developing for Apple first, and then complaining about how badly Apple treats them. Maybe if iOS wasn't the default platform for all the hipster developers, Apple would start giving a damn about small developers.
alexrbarlow 22 hours ago 0 replies      
This has happened to me before many times, we were working on a large app recently that used in app purchases and the sandbox was down for two whole weeks. Try explaining that someone who is paying you by the hour..

The only reply I ever really had was on an forum with "We're looking into it" and that was a few days before a fix was made

jgh 22 hours ago 0 replies      
I've had a bug in Apple's bugtracker open since February 2013. I just rechecked the behavior of the bug and while it seems like it's no longer causing a crash, it is now messing up OpenGL's state.
loumf 23 hours ago 3 replies      
A server being down is not a bug -- the app should expect 500 is a possibility and deal with it. In this case, why does Dark Sky need to geocode? My Lat/Long is enough to know my weather.
ebbv 22 hours ago 0 replies      
It's unfortunate that Apple was so slow to respond to this but since it's not a money making service for them, I'm also not surprised.

This more underlines the fact that, as others have pointed out, Dark Skies should have better fallback behavior.

gress 20 hours ago 2 replies      
Concluding that Apple doesn't care about developers has become a vogue statement to make partly because Marco has taken to saying it routinely.

It's not totally unreasonable to needle at Apple because there are lots of things they could do to improve developer relations, and openness about service status and reliability is clearly one of them.

On the other hand, taking it as true that they are actually indifferent takes a bizarre leap of logic, given how much effort they put into the tooling, the documentation, WWDC itself, making WWDC content available to those who can't attend, etc.

It's obvious that they are overloaded and are having problems scaling support for their developer community. It's far from obvious that they are indifferent.

[edit: downvotes - of course, because I'm not vehemently attacking Apple. Bear in mind that I don't think it's bad to needle at Apple, but I think it's only because people know that Apple does care about what developers think that it's worthwhile. Meanwhile let's not get things out of perspective.]

markgraveline 23 hours ago 0 replies      
       cached 29 May 2014 15:11:01 GMT