hacker news with inline top comments    .. more ..    7 Sep 2014 Best
home   ask   best   5 years ago   
Standard Markdown
1162 points by hglaser  3 days ago   361 comments top 54
eslaught 2 days ago 5 replies      
I'm a little surprised at the level of negativity in the majority of the comments here. I understand our cultural need for criticism here, but the critics here have touched almost everything (and note that the most insubstantial of claims have bubbled up to the top of the comments here):

    Naming [2] [5]    Closed (initial) development [1]    Lack of formal grammar [3]    Lack of tables [4]    Just use another format (e.g. asciidoc) [6]    Ambiguity is a feature [7]
Can we please take a moment to appreciate the achievement here? As opposed to fulfilling our own sense entitlement?

Markdown is a popular language with an ambiguous, poorly specified spec and buggy default implementation (so buggy that the vast majority of Markdown users have probably never used it, if they even know it exists). Now, we have a much more well-specified English language spec that explicitly addresses the challenges of the grammar, with a test suite that does a much better job of covering the corner cases, and much better default implementations. These improvements are by no means perfect, but they are improvements.

Yes, we need a formal grammar. Yes, we need tables, and other features. Yes, the naming is unfortunate, though frankly I don't feel sorry for Gruber given that Atwood posted a public letter calling for change two years ago. Yes, these are all issues. But it is an achievement nevertheless, and let's celebrate that.

And then we can get back to work.


More generally, I think we have issues with entitlement here on HN. Frankly, we have no fundamental right to either the original Markdown or this new version. But when posts like this come up, we hack away at them as if we had a right for better, as if the authors should be working to please us personally. We need to stop acting like we have a right to sentence judgement over what others release as open source.

[1]: https://news.ycombinator.com/item?id=8265469

[2]: https://news.ycombinator.com/item?id=8266370

[3]: https://news.ycombinator.com/item?id=8264828

[4]: https://news.ycombinator.com/item?id=8265299

[5]: https://news.ycombinator.com/item?id=8266073

[6]: https://news.ycombinator.com/item?id=8264895

[7]: https://news.ycombinator.com/item?id=8266121

bpierre 3 days ago 5 replies      
This is really great, but I dont understand why everything has been made privately. Following the first post[1], people were waiting for a move, and as far as I know, it was a complete silence during two years, not even a we are working on it.

A Markdown Community Group[2] has been created on w3.org, and people have started to push some effort in it[3][4][5], but it has been totally ignored since the beginning, despite the communication attempts.

Maybe I dont have all the informations, but it looks like a waste to me, and I find it disrespectful for the people who worked on the project. All of this could have easily been avoided with a simple communication about the status of the project.



[3] http://www.w3.org/community/markdown/wiki/Main_Page

[4] http://lists.w3.org/Archives/Public/public-markdown/2014Mar/...

[5] http://lists.w3.org/Archives/Public/public-markdown/2014Jul/...

peterkelly 3 days ago 5 replies      
Is there a formal grammar defined? I don't see one here. They mention peg-markdown which does use a formal grammar - or at least, multimarkdown does, which is the one I've looked at.

Here's the link to MultiMarkdown's grammar:


It's littered with implementation code, but with this stripped out it would make a good basis from which people can write parser generators from (that don't depend on the specific implementation details of MultiMarkdown's internal representation).

As far as I'm concerned, a formal definition should be an absolute requirement for any official spec. The "spec" as presented simply looks like a large collection of examples, informally specified in prose.

What's really needed is a grammar you can use for parser generators, corresponding to a schema for an object model.

It's late here, I may have missed something, so feel free to correct me if if this is the case ;)

neya 2 days ago 2 replies      
This reminds me of a similar issue that happened within the Scala community. David Polak, the creator of the Lift framework (which is used in production in many top sites), had originally worked hard to create the framework (along with others) and make it production worthy.

Later, he realized that the releases of the framework he had created were happening without his involvement. But, instead of accusing the community, he said something remarkable which only multiplied my original respect for him:

    I never "left" the Lift community.     Yes, I have other project and work in different languages.     What I did was cease to be Lift's benevolent dictator for life.     Lift has grown way beyond one person and the fact that     the 2.5-M4 release was done without me is a strength, not a weakness.

Because, that's the spirit of open source. When you release something to the public, for public consumption, then you must understand that someone is eventually going to fork it up and assign it a different nomenclature, sometimes even a nomenclature that you may not like. In this case, this particular project had no standardization and a part of the community decided to just standardized it. If you don't like this standardization, then simply don't use it. Use what resonates with you. If you feel the standardization has some flaws, then fork it and fix what's wrong. IF people agree with you, eventually they will end up using your fork. It's as simple as that.

What is funny is to see John Gruber who appears to be butthurt about this, when his contributions have grown negligent (https://news.ycombinator.com/item?id=8266574), inconsistent and his recent focus has been more on other (personal) things.[2]

This reminds me of Luca Pasani[3], who released the much popular WURFL repository as open source in a liberal license first, then one fine day, cried foul because other people (including companies) were using it for profit (in accordance with the license), deleted all online repositories and instances of the project released under the old liberal license [4], then re-released the project with a comparatively restrictive license.[5]

In my opinion, releasing something for open, public consumption means you have to develop an honest mindset of accepting that other people WILL benefit from your creation eventually. If you don't get that right, then open source is probably isn't for you. (And crying foul later, is a double standard, if you do)

[1] http://stackoverflow.com/questions/12424617/comparing-lift-w...

[2] like writing controversial Apple articles at daringfireball.

[3] http://en.wikipedia.org/wiki/Luca_Passani

[4] http://en.wikipedia.org/wiki/WURFL#License_update

[5] http://yro.slashdot.org/story/12/01/09/169216/wurfl-founders...

ChuckMcM 3 days ago 2 replies      
Nicely done, and needed! But pretty much everyone I know who has used markdown has wandered into the swamp that is known as 'tables of despair'.

Michael Fortin's syntax is pretty useful and quite close to the spirit of Gruber's original efforts. (who hasn't done ascii tables with | and - right?) Until tables are 'standard' I do not hold out a lot of hope for widespread adoption.

That said, I really love taking it Markdown to this next level. And am moderately amused by the recurrence of the themes over time. I'm a old RUNOFF user from back in the day.

saosebastiao 3 days ago 3 replies      
I'm super excited that JGM (of Pandoc) is heading this and has some cooperation from Github and Reddit (both the largest users of Markdown that I'm familiar with). This is something I've hoped to happen for a long time.
jader201 3 days ago 3 replies      
Gruber's first (that I know of) public response to this:


pessimizer 3 days ago 2 replies      
How about a minimal set of asciidoc markup that gives people whatever warm feeling they get out of markdown, but has the benefit of being pretty consistently specified, allowing you to set variables (like multimarkdown), and allowing you to create finished documents in the same style in which you created your scratch documents?


I'm probably tone-deaf on something here, because I simply don't understand the appeal of the format.

edit - asciidoc talk: https://plus.google.com/114112334290393746697/posts/CdXJt6hV...

edavis 3 days ago 0 replies      
It's amazing how similar this is already to the RSS/Atom format wars:

Widely read blogger independently develops a simple file specification that addresses a real world problem. Simple file format becomes a de facto standard. Developers gripe about ambiguities in the specification. Effort to create a formal, standardized specification is launched. This new effort is publicly denounced by the original specification author.

buro9 3 days ago 1 reply      
I'm finding some bits odd.

Such as this:http://jgm.github.io/stmd/spec.html#html-blocks

The tags listed are not a complete list of section elements (missing `address` and `nav`), nor the grouping elements (missing `main`), nor the embedded content elements (missing `area`, `audio`, `iframe`, `img`, `param`, `picture`, `source`, and `track`), and doesn't scratch the form elements (but yet the "HTML blocks" include `form`, `fieldset`, `textarea` and `progress`).

The tags listed also include child elements, rather than just the topmost parent elements that were listed in the original Markdown syntax: http://daringfireball.net/projects/markdown/syntax#html

So we have a list of arbitrary HTML elements that have been declared as "HTML blocks", some of these are not really "blocks", and some are clearly other things, and some things that perhaps should be included are not.

And reading through why this list exists creates a sense that the implementation difficulty (of having to produce a balanced tree) is dictating how Markdown must now be experienced by the users.

Example 99 is a great example of surprising a user by not doing what they think will happen and leaving them with a game of "Guess why it's not working.".


kuon 3 days ago 4 replies      
I don't really see the point of this. Being vague is one of the biggest strength of Markdown.

Markdown is being used by very different products to fulfill different requirements. Having no specification means you can inspire yourself from Markdown and just do your own thing, which is what is relevant.

Markdown is being used by comments systems, issue trackers, documentation programs. Those have very different needs, and having a liberal non-specification is what helped Markdown to be popular.

Coming with a new standard, not called "Standard Markdown" (which I think is very presumptuous, even for a big company) and providing new features (arranging/aligning images, variables, include, mathematic notation...) would have been much more productive.

I mean, who cares of those little differences? When I edit a comment or something, I just hit the preview button (or see the preview real time). I'm not going to learn a specification, and if markdown has to look different on stackoverflow or github or <insert doc system>, so be it.

Markdown is also mean for people who have no idea what a "syntax error" is, I know the specification is meant for implementations, good, but if I want to write an implementation, I want it to be fast and this kind of complicated spec is exactly what prevent me from writing something lighting fast.

I'm really sorry, I don't want to insult your work (which is great), but it looks like a waste of energy to me.

loup-vaillant 3 days ago 0 replies      
This spec is not strict enough.

Okay, that came out wrong. While I understand why one would want any input to pass (web comment from non-technical users), I have experienced several failures (wrong emphasis, missing link, weird unintended brackets) just because the original markdown.pl didn't warn me about some obvious mistake I made.

We need a strict mode, where paragraphs cannot be interrupted, where fenced code blocks must end by a fence (not just the end of the file), duplicate or missing references must be signalled That, and many other precautions could turn Markdown into a serious and reliable document format.

Besides, this tolerance is complicating the grammar. I don't mind context sensitivity nor ambiguity (parser generators can now deal with both), but I do mind the sheer size. If you ask me, a formal spec (one that can be treated as a DSL and translated mechanically into a parser), should not take more than 300 lines. More than that is probably too complicated to implement, or even use.

pron 3 days ago 1 reply      
So it seems like this spec covers a minimum implementation, "basic" markdown. I think extensions to (footnotes, tables, definition lists etc.) should also be standardized, even if their implementation remains optional.
filmgirlcw 3 days ago 0 replies      
Yeah, I'm going to just go ahead and say that Fletcher's MMD has been my "standard" for years. Yes, yes, Github flavored is fine. You can adapt it. But since Gruber doesn't want to set a more specific "spec," I default to what I grew up on. And in this case, the last 7 years of my life have been spent writing 95% of everything I publish (keep in mind, this is how I make my living) with MultiMarkdown.

A for effort though.

01walid 3 days ago 2 replies      
How a group (of whoever they are) claim they're the standard about something in nowadays without even caring about localization ?

2 years of 'complete specs' without a mention for RTL and how it should be supported/written in markdown....

A bit disappointed tbh... even though it's a nice initiative...

vjeux 3 days ago 0 replies      
I modified the renderer to output React DOM instead of an HTML string if anybody's interested


smackfu 3 days ago 2 replies      
It seems like an obviously missing thing is a page that describes how users should write markdown, in a few sentences. Otherwise you are just going to get incorrect summaries of the spec.

You certainly can't point users to the spec, which is incredibly lengthy.

phren0logy 2 days ago 0 replies      
The most surprising thing in here is the ire toward Gruber. Even if you disagree with someone who writes a piece of software, they don't owe you anything. You use and benefit from their work, and you are angry when they don't agree with you? What a bunch of whiny, entitled nonsense.

Gruber has stated he wants to keep it ambiguous. You may disagree. But Gruber owes you nothing, and you are in his debt if Markdown has been useful to you. Draw inspiration from his project and make your own.

thomasfoster96 3 days ago 2 replies      
This sounds like a great idea in theory, but the execution seems to be a little scratchy.

It sounds as though this is very much a unilateral decision from one of the many sites that use Markdown to standardise it, masked by what seems to be a call for other companies with an interest in Markdown to join.

It seems a little questionable to me for John Gruber to have been ignored in this process. Afterall, he made Markdown and it probably would have been a better idea to take his rather ambiguous spec, develop it into a proper standard, and then call that version 1.0.

No doubt Jeff Atwood deserves some credit for trying to initiate a standards process for Markdown, but I think he's doing it the wrong way.

RubyPinch 3 days ago 0 replies      
it seems weird to have HTML as a non-optional part of the spec in two separate locations, and then "Because we might be targeting a non-HTML format"

it would make more sense to just have some way to dedicate a block of text to not be parsed in any form.

regardless, I'm 99% sure I'm intentionally missing the point here, as I can imagine reddit's, github's, stackoverflow's, et al.'s implementations would not support html tags at all (and anything for a personal site would have less restrictions on usable html tags). So in practice, it is going to be optional to some degree for implementers. but it seems weird to have that implied, when the handling of info-lines for codeblocks is explicitly left ambiguous

jaredmcateer 3 days ago 0 replies      
Thanks, this has been long coming and sorely needed.
roryokane 3 days ago 0 replies      
There is a typo on the main page http://standardmarkdown.com/, in the section How can I help?:

Read the spec, run the test suite, and exercise our reference impementations.

impementations implementations

I couldnt find a GitHub repository for the code of the website itself, or I would have made a pull request.

Edit: I see there is already a thread about this: http://talk.standardmarkdown.com/t/site-typo-s-one-to-start-...

archagon 2 days ago 0 replies      
This is an arrogant power play that's lost me a lot of respect for the perpetrators. They clearly don't respect Gruber enough to honor his intent for the language. And don't give me that "it's successful in spite of its ambiguity" nonsense. A standard inevitably makes people find ways to work "within the rules" while doing crazy stuff that the language is not intended for (like many people in these comments). Markdown's lax specification ensures that people honor the intent, not the implementation, and keeps it immediately understandable and grokkable. Also, it's genericized? Are you kidding me?

They could have called it anything else, but they just had to go for full ownership of the spec. I hope all the indie App Store developers that Gruber is friends with shut this "standard" out.

Xeoncross 3 days ago 2 replies      
Wait, the spec doesn't even address things like tables.
josegonzalez 3 days ago 0 replies      
+1. I hope that book publishing tools (leanpub for one) also subscribe to the standard once it's been formalized/ported.
kennethfriedman 3 days ago 7 replies      
would love to hear Gruber's take on this.
gregoire 2 days ago 0 replies      
On a related note, Marked and Ulysses (two applications that use Markdown) recently launched TextBundle [0], a package file format that allows to include the images referenced in a Markdown file with the Markdown file itself.

I would be interested in what the team behind Standard Markdown thinks about this problem, it does not seem addressed in their spec (but it might be beyond their scope).

[0]: http://textbundle.org/

reconbot 3 days ago 0 replies      
I think this is great, I'm all for extending markdown for specific situations but I think the base h1, li, and p tags should be clearly defined. It appears that most parsers could adopt most of the spec without breaking backwards compatibility. (I'm probably wrong.)

There's an obvious annoyance with markdown like this, where a lack of a blank line after the headlines causes problems but only in a few parsers. I'm glad to see most of them do the right thing.


izietto 2 days ago 0 replies      
One extension I love is for HTML definition lists (I'm actually the author of [this comment][0]). They are great for instance with changelogs; consider this:

  ## ChangeLog    1.0.2  : Update README  : Update of the script comment in order to reflect the README  1.0.1  : Fix minor bug  1.0.0
[0] http://talk.standardmarkdown.com/t/the-inevitable-markdownex...

gravicle 2 days ago 0 replies      
Here is my take on this: http://spinhalf.net/omg-markdown/
aikah 3 days ago 1 reply      
Personally the first time I used markdown was when I signed up for SO.I used to be a BBCode guy. But there are other formats, like rst.Strangely they are not as popular,despite the fact that they have a spec.
ilaksh 3 days ago 2 replies      
Does stackoverflow allow ```ruby now? I thought their thing was different. There is a stackexchange person on this, so does that mean we will be able to ````mylanguage on stackoverflow sites?
thu 3 days ago 0 replies      
Cool, was wondering if John MacFarlane was part of it (and he is). The standard implementation is in C[0]. I guess this is a good middle ground (from a social perspective, not from a technical one). This is a very nice initiative. In particular we can hope that all those markdown editors will be perfectly compatible with each others, or that any deviation from the standard will be very well approachable.

[0]: https://github.com/jgm/stmd

esolyt 2 days ago 0 replies      
I don't think this is an attempt to claim ownership of Markdown, but it may eventually turn out like that.

Why is Gruber not included in the group?

Siecje 3 days ago 1 reply      
In the demo http://jgm.github.io/stmd/js/

Why do <h3> tags have font-size: 100%?

sherjilozair 2 days ago 0 replies      
A very useful addition to markdown would be the ability to put anchor links, and "open in new tab" links. Both of these are not link defaults, but are perfect examples of common cases that should work nicely.

Markdown is often used for one-page webpages due to its simplicity, and thus anchor links become important in this usecase.

p8952 3 days ago 1 reply      
Your Discuss button seems to be overflowing: http://i.imgur.com/8s9O3DA.png
stevekinney 3 days ago 2 replies      
It appears to me that this is a blatant violation of Markdown's license.


igl 2 days ago 0 replies      
markdown is awesome! Why ruin it by design by committee?Standard Markdown will go down as fascist markdown!
mortdeus 2 days ago 0 replies      
Ooo, ooo I just thought of the cutuest name for this project.... xmarkdown! Get it guys? You know like XHTML... Cute right?
bachmeier 3 days ago 0 replies      
I don't see anything about math and in particular embedding equations via MathJax. Is it considered unimportant or did I just miss it?
evv 3 days ago 0 replies      
So instead of simply removing HTML from markdown, this spec impossibly and incorrectly attempts to include it. How frustrating..
robotmlg 3 days ago 2 replies      
Relevant xkcd: http://xkcd.com/927/
serencial 2 days ago 0 replies      
Honestly, I don't see the point of all the negative comments. If there's something you can improve, why you can't do it? Even when big Markdown backers are taking the lead. I guess what pissed Gruber is the naming stuff.
pronoiac 3 days ago 2 replies      
If using that name seems rude, I suggest the name "MarkUp."
Fastidious 2 days ago 0 replies      
Markdown is dead. Long live kramdown! :-)
_pmf_ 2 days ago 0 replies      
For a project that aims to replace a fluffy specification with a real specification, this is not very good at all.
tomphoolery 3 days ago 2 replies      
upvoted because the test implementation is called a "dingus"
phpnode 3 days ago 0 replies      
Next step W3C standard?
happyscrappy 2 days ago 0 replies      
Atwood could have been more of an ass and called it Vanilla Markdown.
otikik 2 days ago 0 replies      
I like this. Kudos to everyone involved.
dang 3 days ago 6 replies      
Which post should we keep, this one or https://news.ycombinator.com/item?id=8264718, which has the story?

Edit: since this thread has all the discussion, we'll keep this one.

jamesrom 3 days ago 1 reply      
I never, ever, once have had a problem writing markdown on any website that supports it.

This standard seems totally pointless.

moeedm 3 days ago 1 reply      
See, there you go again. Making shit complicated for no reason.
The Road Ahead
534 points by bhauer  7 days ago   60 comments top 31
passive 7 days ago 2 replies      

I'm also 32, and when Anandtech started I was building PCs for myself and others. It was an incredible resource, and it's been incredibly consistent in the years since. What always struck me was his discipline and dedication, even in those early years.

Whenever there's some nifty gear announced, I always wait for the Anandtech review to purchase, and whenever I want to compare something new with something old, I know the old Anandtech review will have just the details I'm looking for.

There have been other sites that dove into particular details in more depth, but none that provided a consistently deep level across so many topics.

As much as Anand may have received an education through this journey, I know he has educated so many of us, and through that, strengthened the tech community in ways that will reverberate for years to come.

Thanks for all you have done, Anand, and please let us know what comes next for you!

throwaway000002 7 days ago 0 replies      
My gushy, heart-felt comment thanking Anand:

Thanks so very much for your leadership over the years Anand.

You kept the tech industry honest, called them out on their benchmarketing, and championed the consumer. From display quality, to poor NAND performance, and questionable frequency unthrottling, you've been there the whole time calling them out on their shenanigans.

I want the staff of AnandTech to hold on to your integrity and this resolve of yours for decades to come.

I've been proud to be a reader of yours for over a decade, from my first Abit (what a sweet board) through to the crazy world of walled-gardens and locked down devices that we now inhabit.

Thank you oh so very much for everything. You are a shining star and a damn fine gentleman. And now you've made me all sappy and sentimental... :)

Shine brightly, good sir!

bhaile 6 days ago 0 replies      
Thanks for all the in depth articles that I've read since '98.

For some perspective, here is a link to a 1999 feature on 17 year old Anand. http://money.cnn.com/magazines/fsb/fsb_archive/1999/12/01/27...

"Despite the disparity in size, this David has had some winning moments against the Goliaths. Just a year ago, Anand scooped everyone in reporting on a new processor from AMD, the K6-3, well before its release. AMD officials say they don't know how he got the chip, and Anand sure isn't telling. The incident drew considerable attention to AnandTech, including a sniffy reference in PC Magazine to tests "purported to have been run with a prototype of the K6-3.""

ghshephard 7 days ago 0 replies      
Anandtech filled (continues to fill) an important place in the industry that opened up when Byte magazine fell down. It's the one place where you always know that the hobbyist can go to to get great technical details, in an entertaining and approachable manner.

I'm super interested in seeing what Anand is up to next - I'm sure it will be something interesting.

bstar77 7 days ago 0 replies      
I've been following Anandtech since my obsession with the first Athlons. Lasting 17 years as a public figure in an extremely divisive industry with the level of integrity he consistently maintains is an amazing accomplishment. Looking forward to seeing what comes next.
glhaynes 7 days ago 1 reply      
I don't think I've ever seen a single thing at anandtech that would qualify as "controversial". I can think of very few other journalistic endeavors for which that's true.
borkt 7 days ago 0 replies      
Thank you Anand, you honestly helped me select parts for so many PC's over the years. Your work was filled with so much depth yet concise at the same time. I always looked forward to your intel chipset reviews on pins and needles back when I was in college. Your writing was literally one of a kind and really helped so many people, even if it wasn't the most important work in the grand scheme of things. I am confident no one can fill the void you will leave. This is reminiscent of the loss of Huell Howser, in the sense that your work could only have been done by you. Good luck with your future, and if you are ever in the north bay I owe you a beer!
pervycreeper 7 days ago 2 replies      
I didn't notice any mention of "why?".

He strikes me as a very clever fellow. I wonder what's next for him.

skyhatchash 1 day ago 0 replies      
Amazing to see Anand stay in the game for so long. I remember reading his first few articles about memory very hazy - I think Pentium 100Mhz CPUs. Look where he is - persistence works.
base698 7 days ago 0 replies      
He was a legend when I was going to NC State. Rumors By 2000 were that he had a Ferrari and multiple homes. He was around the social group I was in but never got a chance to meet him.

Good for him to move on.

apu 7 days ago 1 reply      
Crazy that it's been so long. Did any site used to have as in-depth reviews as AnandTech regularly does? My impression is that AT is what pushed other sites into having such detailed hardware reviews...
DanBC 6 days ago 2 replies      
I'm kind of surprised noone has mentioned nowhere mom yet.

That's an early reported example of people faking extreme circumstances - usually cancer but in this case a relationship, marriage, then road traffic accident.


Some of it it tucked away in the archives. http://web.archive.org/web/20010624115154/http://forums.anan...

anigbrowl 7 days ago 0 replies      
Wow - I think it's us readers that should be thanking Anand for raising the bar on technical journalism over the last 20 years. I'll miss his hands-on contributions but look forward to seeing what he turns his hand to next.
hrabago 7 days ago 0 replies      
I don't read AnandTech a whole lot, but whenever I did, I got the impression that the site was credible and can be trusted. I hope this continues as their leadership changes.
fudgy73 6 days ago 0 replies      
Happy for this guy. It's almost like his 17 year old is going off to a college designed just for him. Got to be a good feeling.

Being a week younger than Anand, and brown, and a tech head since around the same age has been great (for me). We both made our first Geocities site around the same time, although mine was dedicated to the Chicago Bulls and filled with animated gifs. Does anyone else feel strange kinship to other members of their (00) high school class? Britney is looking good right?

We've really entered into a review economy these days; it's almost like no one spends time or money on anything without reading a review of it first. Anand's "reviews" have always been so thorough that even though something's rating may be high, he might tell us why the product might not be the right one for us. It's a great life lesson; the best _______ may not be the best _______ for YOU.

Thanks, Anand. Wish you all the best!

msh 7 days ago 2 replies      
Anyone knows what happened to the previous smartphone editor Brian Klug?
ricw 7 days ago 0 replies      
Wow. I was wondering how the last couple of months had fewer and fewer articles by anand himself. And how they also became less and less relevant to what I'm interested in. I've been particularly interested in their / Anands analysis of CPUs which has been somewhat lacking. Why was nvidias Denver CPU not mentioned at all?! Where has the analysis of upcoming arm64 CPUs been?! While the quality of the tech reviews might have been the same, the direction hasn't. Let's hope they can keep on revealing and analysing CPU designs such as apples A8, nvidias Denver or qualcomms comm chips. I'm doubtful they will.. Or at least the last half year they haven't.

Last but not least, hats off to an amazing accomplishment by anand. The number of times he has revealed some deep tech info/cheating/etc which was seemingly superbly hidden is unbelievable.

tedajax 6 days ago 0 replies      
I went to the same high school that Anand went to (albeit several years after he attended).

It was always interesting listening to my C.S. teachers talk about Anand and how he had gotten started and everything. It was the kind of thing that inspired me to keep working and improving my skills.

calinet6 6 days ago 0 replies      
Wow. He deserves a really good vacation, and I'm really curious to see what he does next.

AnandTech has been an amazing resource, and fostered a lifelong fascination that turned into a career. Sure, there were other sites, but Anand himself showed me that a true deep understanding of the hardware made it even more interesting. And he explained in such a great way as to open up the wonder and beauty within everything he wrote about.

That was the other key teaching from Anand: that good writing and good communication make everything better. He showed us that in earnest through his great work.

Three cheers!

mythz 7 days ago 0 replies      
Damn, the one-of-a-kind Anand will be missed, he's been delivering the most analytical and technically in-depth content for new hardware, several years running.

Tech journalism has just lost one of its best technical writer greats.

dmunoz 7 days ago 0 replies      
I agree with Anand, the other writers have indeed been doing a tremendous job.

I've been wondering for awhile now what exactly was going on with Anand at anandtech. It was either that he was locked away writing some epic articles, or he was stepping away from the site. Good to see the issue settled publicly.

Regardless, with it also being the case that David Kanter no longer produces pieces for Real World Tech [0], I'm a bit apprehensive about the future of in-depth architecture coverage.

[0] http://www.realworldtech.com/

kapilvt 7 days ago 0 replies      
thanks for all the fish.

for ssd and cpu arch, anandtech was/is has been delivering the best articles for years.

elyrly 7 days ago 0 replies      
Been a long time fan of the site. Content always surpasses my expectation and quality of hardware reviewed is amongst the best in the PC market.
peg_leg 7 days ago 2 replies      
mtdewcmu 6 days ago 0 replies      
Think there's any significance in the title echoing Bill Gates' book?

I have appreciated Anandtech a great deal over the years; the coverage of AMD's rise to the top with hammer was especially gripping. Thanks and best wishes, Anand.

qq66 7 days ago 0 replies      
Best wishes to Anand. I do think the site has a little to worry about though. Whenever I read a particularly well written article on the site, I think "this must be Anand" and when I jump to the byline I'm correct. He sets a quality bar by example.
blinkingled 6 days ago 0 replies      
Thanks for all the great reviews Anand.

You can tell the site is in good hands by reading recent SSD reviews from Kristian Vtt. Great stuff.

staunch 7 days ago 0 replies      
We would all be lucky to have contributed as much to technology. I hope you start your next project out of the same sense of joy. Thank you!
nash11 6 days ago 0 replies      
The Kernel will be missing from the AnandTech system.
cyberstone 7 days ago 0 replies      
blutoot 6 days ago 1 reply      
I wish he retired after the review of the iWatch? :-/
Why Amazon Has No Profits and Why It Works
550 points by taylorbuley  1 day ago   241 comments top 26
exelius 1 day ago 7 replies      
I listened to a talk by Amazon's CTO, Werner Vogels, where he was explaining that Amazon's entire strategy is to build an infrastructure for itself, then rent that infrastructure out to its competitors. That way, increased competition can actually fuel your growth. The talk was about APIs, but Amazon views APIs as a general term: "Fulfilled by Amazon" is an example of a non-technical API.

Likewise, I think Amazon's self-funded retail operations are largely a break-even enterprise. Other businesses have been successful with this -- Costco comes to mind -- but the scope of capabilities Amazon is looking to develop is staggering.

If they can build a completely vertically integrated retail platform from procurement to payment to delivery, basically they're operating a retail enterprise without taking any inventory risk on themselves. Which is what this article means by "capture a significant portion of US retail": if they can provide merchant services to investors, it turns Amazon into basically an investment bank. Amazon takes a retailers money, turns it into inventory, sells it, takes a cut, then returns money. The only inputs and outputs into the Amazon machine are money, and it turns retail operations into an investment product.

cm2012 1 day ago 2 replies      
Interesting note: Over 50% of the volume and driving force of Amazon's huge merchandise growth mentioned in the article is from small ($100k - $20m a year) mom and pop businesses around the country selling on Amazon. I wrote a blog post about it a while ago - http://www.kevinlordbarry.com/amazons-little-known-world-cha....

a16z touches on this, but it has wider reaching implications than just Amazon's revenue.

AndrewKemendo 1 day ago 5 replies      
With Amazon, Bezos is deferring that profit-producing, investor-rewarding day almost indefinitely into the future. This prompts the suggestion that Amazon is the worlds biggest lifestyle business Bezos is running it for fun, not to deliver economic returns to shareholders, at least not any time soon.

Sorry but that is ridiculous. Look at the stock price for Amazon. Anyone who has invested in Amazon has seen an amazing unprecedented ride upward, institutional benefiting the most.

I also take umbrage with the idea that Bezos is running Amazon for "fun" as though it is frivolous. Bezos seems to have a grand vision and that is not something that matches with the ridiculously short term and arguably irresponsible thinking of the vast majority of investors.

We collectively need to get away from the idea that the only valid fiduciary duty for a for-profit organization is to make profit for their shareholders instead of creating value for humanity.[1]

[1] This is refuting the broader point that Benedict Evans is making, and does not necessarily apply to Amazon perfectly.

clamprecht 1 day ago 0 replies      
Isn't this similar to Berkshire Hathaway's strategy - never pay dividends, but reinvest everything into growth opportunities? Although Berkshire Hathaway likes to hold a pig pile of cash until the right growth opportunities can be found, while I'm not sure about Amazon's cash reserves.

* Also, this means no capital gains taxes until you sell your shares, because there are no dividend payments.

philip1209 1 day ago 4 replies      
Excellent analysis.

> Amazon has perhaps 1% of the US retail market by value

> With Amazon, Bezos is deferring that profit-producing, investor-rewarding day almost indefinitely into the future. This prompts the suggestion that Amazon is the worlds biggest lifestyle business Bezos is running it for fun, not to deliver economic returns to shareholders, at least not any time soon.

hoprocker 1 day ago 0 replies      
Reading this article reminded me of Steve Yegge's summary of Amazon's overall strategy: build a platform, not a product[0]. My takeaway here is that Amazon keeps reinvesting in making itself the platform through which sales run (warehouses, media, AWS, third-party storefronts). With the octo-copter idea[1] -- especially in combination with its third-party seller services -- it skirted the surface of becoming a physical delivery platform as well.

Anyways, fascinating post, really enjoyed the different cross sections of perspective presented.

[0] https://plus.google.com/112678702228711889851/posts/eVeouesv...[1] http://www.amazon.com/b?ie=UTF8&node=8037720011

Estragon 1 day ago 0 replies      
This is a familiar argument, but you have to admit there's a lot of wishful thinking involved because Amazon is so opaque about its operations and finances. Bezos is basically saying "Trust me." I don't blame people who do, he's an amazing guy. Still, it's interesting to see how widely views about the company can differ, based on apparently rational analysis of exactly the same financial reports.


While this guy seems to have lost his shirt betting against AMZN over the past couple of years, his bearish analyses of its valuation are quite precisely articulated and make interesting reading.

Alibaba may eat the 3P revenue: http://seekingalpha.com/article/2263623-this-is-amazon-coms-...

Amazon.com's profitability decline is structural and tied to its sales mix: http://seekingalpha.com/article/2169003-the-latest-developme...

I wouldn't short this monster, though, at least not until QE ends.

bengali3 1 day ago 1 reply      
Investing in themselves is the right thing to do from a finance perspective as long as they continue to have an overall internal rate of return greater than their cost of capital (IRR > WACC)

according to thatswacc.com, AMZNs Weighted avg Cost of Capital is 10.05%

So until their overall growth slows down to less than 10% per year they will have less pressure to return dividends.

AMZN (WACC 10.05%) net sales growth: 22% (2011-2012) vs 18% (2012-2013)

AAPL (WACC 9.45%) net sales growth: 31% (2011-2012) vs 8% (2012-2013)

From Wikipedia:"The WACC is the minimum return that a company must earn on an existing asset base to satisfy its creditors, owners, and other providers of capital, or they will invest elsewhere"

"a corporation will evaluate an investment in a new [x] versus an extension of an existing [y] based on the IRR of each project. In such a case, each new capital project must produce an IRR that is higher than the company's cost of capital"

For more info, see sources:http://en.wikipedia.org/wiki/Weighted_average_cost_of_capita...http://thatswacc.com/http://www.investopedia.com/walkthrough/corporate-finance/4/...

johnrob 1 day ago 2 replies      
From: http://paulgraham.com/good.html:

In Patrick O'Brian's novels, his captains always try to get upwind of their opponents. If you're upwind, you decide when and if to engage the other ship...

In this case, Amazon is upwind of becoming a giant, profitable company. They could have taken profits earlier but it would have shrunk their overall pie.

arbuge 4 hours ago 0 replies      
The fly in the ointment that I see is that if shareholders become disillusioned and decide to return Amazon stock to a more reasonable valuation, alot of things could come apart in a company which bases a significant portion of its employee compensation on stock/stock options, as Amazon does.
uptown 1 day ago 2 replies      
It'll be interesting to see how their profitability trends as they adjust their prices. I've seen a trend over the past year or more of dramatically higher prices for things I've previously purchased from Amazon. I can do a 1-for-1 comparison on receipts, and see the huge bump. In some cases, those products are more expensive everywhere, but in most cases, I'm able to find those items at a price close-to or better than what I'd originally paid at Amazon if I shop around. It'll be interesting to see if they've trained consumer mindsets enough to retain them as customers if more shoppers notice a similar trend.
ctdonath 1 day ago 1 reply      
TL;DR - No matter how you squint at it, Amazon drives all profits back into growing capacity and market coverage. Amazon alone accounts for around 1% of US retail revenue.
toasted 21 hours ago 0 replies      
I've stopped buying much at all off amazon because I get it all from Aliexpress.

They package up and address individual items in shenzhen/guanzhou, stick them all in big containers, then when they reach the US/europe they deliver them by the cheapest means possible in a totally commoditised fashion. What competitive advantage does amazon.com have now? Why do all those small sellers need to exist? everything they sell is made in china anyway.

jeffreyrogers 1 day ago 0 replies      
The real question is this: does the dollar of earnings Amazon retains generate more than a dollar of value for owners of the company (i.e. shareholders)?

I don't know either way, and I don't want this post to seem like a criticism of Amazon. I know some people who work in upper level management there and they all speak very highly of the way the company is run (very meritocratic). But reinvesting earnings is only a good strategy if those earnings are put to good use, otherwise they should be paid out as a dividend.

Anyways, just something to think about whenever the topic of Amazon's profits/earnings comes up.

aeturnum 1 day ago 2 replies      
Am I the only one shocked that online sales make up only ~8% of US retail activity? I buy everything I can online, and expect to maintain that trend as much as possible. Is this just a case of me being relatively young and affluent, or are there sectors of the economy that will never go online?
jusben1369 1 day ago 1 reply      
I found this fascinating to read but made very difficult in part due to the overuse of commas. Maybe the folks at a16 could have this proof read.

Investors in Amazon typically look to selling their stock for higher than they bought it as the way they "get their money out of their investment" So not sure why the fascination on profits. Profits are important if they become the means to achieving a higher stock price. But lack of profits hasn't hurt AMZN's price over the years or made it an unattractive stock.

pbreit 1 day ago 1 reply      
So basically, companies that switch to profit-making are indicating that they no longer know how to generate new acceptable returns on investment.
stuaxo 15 hours ago 0 replies      
While they pay so little tax, their smaller competitors that do, effectively subsidise them.
known 18 hours ago 1 reply      
$20 million income is generating $160 billion market capitalization which is very high IMO
pinkyand 1 day ago 0 replies      
Great analysis with lots of details.I wonder thought: what percentage of u.s. eCommerce orders are done through amazon's warehouses? and what percentage is using their store(even though it's 3rd party) ?
jaunkst 1 day ago 0 replies      
Defending against last man advantage here. The more they self invest the more their competitors will have to invest to compete or enter one of their markets.
QuantumChaos 1 day ago 0 replies      
At the risk of being boring, Amazon's "no profit" model works because profit is an accounting measure, not an economic measure.

Amazon is increasing in value, but because they are investing in themselves, on paper (i.e. according to accounting measures) they are not profitable.

All companies have a "book to market" ratio that indicates they are worth more as a company than accounting measures would suggest.

notastartup 1 day ago 0 replies      
This part worries me a lot

    With Amazon, Bezos is deferring that profit-producing,     investor-rewarding day almost indefinitely into the     future. 
It kind of sounds like never.

jgalt212 1 day ago 0 replies      
Software is eating Andressen Horowitz's brain.
mck- 1 day ago 0 replies      
Can't see the graphs on mobile :(
tinkerrr 1 day ago 1 reply      
Original: https://news.ycombinator.com/item?id=8274319

Wonder why that didn't garner any traction. Perhaps it has something to do with the fact that this duplicate link is from a16z?

Failing the startup game at Unbabel
532 points by andreasgonewild  4 days ago   233 comments top 43
vasco_ 4 days ago 13 replies      
For the record

I am a co-founder and CEO of Unbabel. I feel that I should respond to these allegations.

1 - The contract we had with Andreas was full time employee contract. The first three months were "at will" which means that either one was free to terminate the relation at any time. We have a signed contract to prove it and I am happy to share a sample of the contract to anyone that wants. When we fired him, we not only paid him what we owed, but we paid him an extra 15 days of work in addition to $1000 dollars to offset any unexpected costs. Which we didn't have to. We also have receipts of all the transactions, If need be.

2 - We fired him because he was a terrible fit to Unbabel. It became clear very quickly that it would not work. In the end the responsibility of hiring him was ours, and we are really sorry it did not make the right choice. This made it clear that we have room for improvement in our hiring processes.

3 - He did really well on interviews and we went to considerable lengths to bring him to Portugal. We paid his airplane ticket, we lent him money for rent, we helped him search for a house, amongst other things. I am personally really proud that Unbabel is an example of how we can capitalize on excellent talent in Europe and Andreas was the first person from Sweden. We have people from 5 nationalities at Unbabel and we pride ourselves in having a great environment to work with.

4 We believe that the culture of the company is extremely important and we devote a lot of energy to it. Everyone in Unbabel is expected to participate actively in the company Meaning that they are part of the planning, and encouraged to be autonomous in creating the best products possible. We truly enjoy working with each other and spending time together. For example, every week we go surfing on Wednesday morning in the beautiful beaches of Lisbon. It is not mandatory, but every one has loved it so far. It is an amazing way make sure that every week we hang out together outside the company.

We try really hard to make sure that working at Unbabel is an amazing experience. We pay well above average for Portugal, which means that you get a really good life here. We offer health insurance, surf lessons, catered lunches once a week and beers on Friday afternoon. We give you autonomy and agency, we are transparent about the company every employee has a chance to make a difference. Come and see for yourself what it is like to work at the best Translation Startup in the world. A position just opened up :)

linker3000 4 days ago 2 replies      
I feel for you too. It wasn't a startup and the job was local, but I took a salary drop and swapped a cosy-but-unrewarding role with a global corporate to join a 40-strong SaaS development company that wanted someone to come in and sort out their internal and customer support infrastructure - they had no strategy, procedures or hierarchy and were constantly firefighting - shuffling resources between projects according to which customer complained the loudest.

It became clear very quickly that the two founders who brought me in wouldn't embrace any change that didn't come from them, and they had a total fear of empowering anyone else to make executive decisions - even about their own team members; I constantly found my guys being assigned to firefighting for other teams without my knowledge, so workload planning and scheduling knowledge sharing periods was impossible - we had information silos all over the place and if someone went on vacation they would often be called or emailed frequently because they were the only ones who knew about a specific part of a project or system. I wasn't allowed to attend support review meetings with the customers - the Directors went alone and told me what had been agreed, and they constantly dealt directly with one of my guys (the company 'guru'), assigning him work and making it impossible for me to grab his time so he could share his skills with the rest of the team - I highlighted it as a serious business risk that this guy was the only person who knew some of the tricks with some of our internal and customer infrastructures, and that he wasn't encouraged to document or share his knowledge, but they dismissed my concerns.

When we had that Friday afternoon talk after 9 months of trying to bring in some best practices and semblance of organisation, I left the office for the last time with a sense of great relief that I was out of the clusterfuck.

It only took me a few weeks to find a much better role and I hope things work out for you too.

Edit: Looking back at what I wrote, it might be that the OPs circumstances just offered the opportunity for a bit of a personal rant, which was not the intention. My main point was based on the fact (not explained at all by me in my post) that when I met the two Directors (twice), prior to joining, the setup and opportunity for me looked very positive, and I was convinced I was going to be empowered to fulfil the role. Things turned out very differently, and I clearly did not fit in with the company culture the founders wanted to both leave and stick with simultaneously (it was their comfort zone, and although they knew is was not the best was to run a business, they ultimately couldn't leave it). Moral: Shit happens, despite due dilligence, but that doesn't make it right.

qxmat 4 days ago 3 replies      
I feel for you.

I made a similar leap from an OK-paying regional job at an established niche cashcow to a London start-up. The perks: a coffee machine, senior pay cheque.

The reality: a shit coffee machine, low moral, no realistic prospect of a profit and no willingness to pivot. 80% of costs have been sunk on a Facebook clone 'with a spin' while the owners try to sell snake oil to investors. We operate like the bad slides of 'Good vs Bad Startup' are a blueprint for success. The owners, almost weekly, come up with an idea someone has to coach them away from - a long ironically drawn out confrontational meeting of: "we don't have the resources". The bit I expected to pay off (medical monitoring hardware) turn out to be crappy I2C/SPI bridges any e.eng graduate could whip out in a month :(

I've had long look at myself: how could I turn down other offers yet accept this?! I'm still unsure why. For a while I feared that I deserved this - I'm one of them, one of the guys who decided to create their own header based HTTP authentication system key by a timestamp: a crap programmer.

It's been 4 months. Poor tests are still committed despite my best efforts to teach the one doing it that they should test a result not implementation (only 1 test damn it!). We don't use any JS frameworks on the front-end (yet alone my other true love: Typescript) because the last lead dev couldn't understand the immeasurable benefits of model binding. I've done - by no means single handedly - an incremental rewrite of the entire code base (front, middle and back). Although they're paying me on time, they missed my post probation increase :( I could go on but this is probably not the right forum.

In short: it's not worked out for me either. Thankfully I've got an excellent track record so I'm off in 3 days to a proper PLC. I heard large companies, like the BBC have 15 (FIFTEEN) designers in their News division alone... I can't wait to have just one designer unencumbered, available and talented.

The whole saga has left me with the strong suspicion most startups are a joke (no I don't want to be a DBA/CSS/JS and C# guru who maintains the iOS codebase!).

Inept owners who're unwilling to pivot, often trapped by the sunk cost fallacy, or owners expect to create a market with their 'one true solution [to a problem you no-one has]' plague the startup scene. No product should ever be a Facebook clone :(

For what it's worth, if I was hiring now I'd interview you solely on your written language skills (which are better than most native English speakers, myself included).

malanj 4 days ago 4 replies      
It seems that given Andreas' move to join the startup - if his explanation is accurate and complete - the level of responsibility of the founders does increase. I've been a founder asking people to move before and I've always felt that it adds a significant extra responsibility. You need to be quite a lot more certain it'll be a good fit before asking someone to move to join your company.

In my mind "culture fit" is the responsibility of the founder. If you're recruiting someone, you need to make the call if they fit into your culture. You can't really blame the person you're recruiting for not fitting in. You can (and should) fire them if they're not a fit, but it's still your hiring mistake, and you need to take the responsibility for it.

If a mudslinging contest can somehow be avoided, it'll be great to have a response from the Unbabel founders. There are probably some good lessons for both coders and founders here.

onion2k 4 days ago 2 replies      
A really big problem for startups lies in attracting high quality coding talent. There aren't many experienced developers who're in a position to take the necessary risk joining a startup and working for a reduced income for a while. Consequently any startup that screws over a developer isn't just hurting their own rep, but they're damaging the chance of success of every other startup by reducing the size of the talent pool.

Whether or not Unbabel did something wrong here is a matter of speculation without more details, but there's still a lesson in it for every startup founder - developers are necessary and important to your success so being nice (especially if the relationship isn't going well) is a Good Idea.

BSousa 4 days ago 1 reply      
I feel sorry for you, I really do!

Not knowing the details of your contract I can't say for sure, but with the recent changes in employment law in Portugal, I think legally (not ethically) they maybe in the right. I can put you in contact with a lawyer that specialises in this kind of situations, but honestly, for 1.5 months salary, it isn't probably worth it for you (justice system in PT is very very slow, though they do tend to stick with the employee in these situations, even when the law isn't on their side).

If you don't mind me asking, what made you move from Sweden to Portugal to work at this startup? Was it Portugal that attracted you? Knowing the salaries and economic situation of the country, specially compared to Sweden, it confuses me a bit why you would do it, but if it is Portugal as a country that interests you, shoot me an email, I maybe able to help you out.

Best of luck

Turukawa 4 days ago 2 replies      
There was a great piece of advice I was given about 20 years ago by the South African guru of franchising, Eric Parker:

"Run your small business as if it was a large business", or, "Start as you mean to go on".

There is a great deal of bullshit in the tech industry; that chaos is somehow normal and that planning and the principles of good management can wait "till we're big". It should be painfully obvious that once chaos has set in, then that is the business environment and it cannot change.

If that environment includes hiring in panic and treating people badly, and the organisation survives anyway, then that organisation becomes one in which toxic relationships are rewarded indefinitely. It will be unsurprising that people like the OP will find it horrifying and be forced out.

mmgm 4 days ago 1 reply      
In the Portuguese labour law the default "experimental" period lasts a minimum of 90 days (for both employer and employee).

During the experimental period any of the parties may void the contract without any compensation (except for the time already worked) unless noted otherwise in your contract ...

Also there is no notice period required.

As a disclaimer, I note that I am friends with one of the founders of Unbabel. I don't know their side of the story and I am sad this happened to you.

Still, from what you say, as far as I can tell, they acted within the boundaries of the portuguese labour code.

teraflop 4 days ago 3 replies      
Is this a good place to ask why the title of this link was changed? It was originally the same as the title of the blog post, including "(YC/2014)".

I've noticed this kind of alteration a number of times on stories about YC-backed companies, and I don't recall ever seeing it when the story was positive.

EDIT: And now the post is getting rapidly demoted on the front page, below links that are older and have fewer votes.

ehurrell 4 days ago 1 reply      
I have to say I admire your courage in writing this. I've been put in a not dissimilar situation in the recent past. I said nothing. I'm hoping one day the situation will resolve itself, but I doubt it, and I suffered a lot for it. Thankfully I'm out of immediate danger now.

I hope this leads to a positive conclusion for you, as I have a lot of respect for the difficulty of startup life, but none for those who behave dishonestly rather than face the consequences of their actions.

annnnd 4 days ago 1 reply      
There is a slight point in founders' favor - sometimes when you need to get out and just get the stuff done, you don't write test for every non-essential piece of code. You also just copy/paste that controller, because you know you will probably throw most of the code away anyway. All you want is to know if the business model works. After all, you are not building core systems for a financial institution. And you know that if it takes off there will be more than enough time to fix stuff properly.

That said, I strongly disagree with not paying your employees fully. If you are a founder, you have an obligation to the people you hire. YOU SHOULD PAY THEM! If you think you should pay them only for a month and a half, fire them on time. In the end, bad match should always be founder's responsibility.

EDIT: HN could really use "Preview" button. :)

jacquesm 4 days ago 0 replies      
There is a 60 day period in which you can be let go without further notice ('trial period') so legally they are in the right, but morally, after letting you move from one country to another and without in any way assisting you in cushioning the blow they are jerks (assuming this one-sided view is the unvarnished truth).

But better that you are out of there now than a year down the line, if they are like this then that saved you a bunch of time and a lot more hardship.

anmonteiro90 4 days ago 1 reply      
As injust as Unbabel's behavior towards you might have been, I feel this story is being told from a rather extreme perspective, wouldn't you agree?

As a 37-year-old who has been writing code since 8, I feel that you should be more used to finding clumsy code, especially in a startup (that I suppose is iterating very fast, trying to make ends meet).

As someone who confidently relocated from Sweden to Portugal, were you aware of the Portuguese economic situation? Didn't you make sure you had enough savings in case it all went down the drain (as it turned out to happen)? I can't help to feel that you took this somewhat blind leap with little to no information at all.

This doesn't all mean that I blame you solely; the situation is, of course, tremendously shameful for Unbabel.

morgante 4 days ago 1 reply      
If you read between the lines, it seems like this job definitely wasn't the right fit. Hence, they were probably in the right for letting you go.

But they're definitely in the wrong for how they handled it. In particular, knowing that you moved to Portugal for the job, they should have given you severance sufficient to cover relocation back to Sweden.

btipling 4 days ago 3 replies      
The truth of it is that the startup life isn't for every engineer. Startup code is messy. You don't have architects who draw UMLs for you, you don't have the luxury of time to do things right. At a small startup everything is often falling apart at the seams. Morale can rise and crash, repeatedly, like a roller coaster. Small startups often have to visit the iron bank of technical debt and take out a huge loan to put in that feature a very important customer wants right that second. Tests are very important, but spending too much on them can waste precious time. You're always flying low to the ground. You're looking at the short term: days and weeks, not months and years. That said, technical debt sucks and should be avoided at all cost, but priorities aren't the same when you're a three or four person team with about a year's worth of runway.
jprince 4 days ago 5 replies      
As terrible as this experience was, what's most alarming is that you're 37, have been working for nearly 20 years in this field, and don't have enough savings to tide you over even two months without work. You really need to learn to save your income and cut your lifestyle.

I hope that if it turns out your story is true, that these guys are in some way brought to justice, karmic or otherwise. Best of luck.

god_bless_texas 4 days ago 1 reply      
I'm sure there are two sides to every story, but you can guarantee that if they did this to you they'll do it to someone else. I'm consistently amazed by people and companies who operate without integrity. I think about Paul Graham talking about startup founder factors as people who break the rules. I'm fairly certain this is not what he's talking about.
kfk 4 days ago 2 replies      
I see a clear lack of management, communication and leadership skills here. For how meaningless those words might seem here on HN, it really shows when startup founders do not have them. And it's not even a culture fit issue, dealing with people that are not a 100% fit is part of the challenge of managing a business.
chroma 4 days ago 2 replies      
I agree with many of the other comments here: If this story is true, Unbabel's behavior is reprehensible. That said, look at Andreas Wild's G+[1]. He has another recently-created blog in which he spouts off some weirdness about consciousness and astrology[2]. This makes me think he is a somewhat unstable person. And it reinforces my initial feeling that we should wait for both sides of the story to emerge before forming conclusions.

1. https://plus.google.com/108299200044097592336/posts

2. http://esoteric-keys.blogspot.com/2013/12/consciousness.html

BrotherBrax 3 days ago 0 replies      
Since many people are making (wrong) assumptions about Portuguese work laws, I'd like to chime in as a Portuguese guy working in IT and with good knowledge of these laws (I like to always be aware of my rights). The critical part of this argument is the "at will" period that Vasco (Unbabel's CEO) mentioned, technically called an "experimental period" (EP). Here is a summary (in Portuguese -- the Google translated version is decent enough) of the relevant part of the law:http://emprego.sapo.pt/guia-carreira/artigo/166/artigo.htm

Also, here is the law itself in case you want to read it (articles 111 to 114, also in Portuguese):http://www.legix.pt/Portals/3/docs/CT09-23_Jul_2012.pdf

The typical way to hire full-time workers in Portugal is indeed a full-time contract with an experimental period (EP), what Vasco colloquially called an "at-will" period. These contracts are called "por tempo indeterminado" (or sometimes "sem termo" or "com termo incerto"), which means "for an indefinite period". The EP can last between 90 days (3 months) and 240 days (8 months) -- non-managerial roles get 90 days, which is what Andreas had on his contract (shorter durations benefit the worker). After the EP is over it is VERY hard, from a legal standpoint, to fire a worker, which is why the EP exists in the first place.

During this experimental period, the employer can terminate the contract with no advance notice and paying no compensation for the first 2 months. Between 2 months and 4 months (if the EP lasts that long), the employer must warn 7 days prior, or pay 7 days of salary as compensation. After more than 4 months, and until the end of the EP, it is 15 days. The worker can always terminate the contract with no notice during the EP. After the EP is over, the worker must provide 1 month of advance notice to terminate the contract, and the company usually cannot fire the worker at all.

According to Andreas' original post, he was fired after 1 month, during his EP, which means he is entitled to no compensation. Unbabel paid two extra weeks of salary (Andreas admits that in his blog post), which shows that they treated him better than the law requires. If indeed he was also paid $1000 extra (from Vasco's post), that is even further above what the law requires.

Andreas' blog post suggests that he thought he had a 3-month contract, which he did not. Legally, he could even be fired after 1 day on the job, and get paid 1 day and nothing more. While Unbabel may be slightly guilty of not explaining correctly what Andreas signed, I still believe that Andreas has the majority of the blame for not understanding what he signed or searching around what are the typical work laws in Portugal. Heck, if I went to Sweden, I'd ask for an English translation of the contract from someone outside the company, even if the company itself provided an English translation. What happened with the landlord seems to confirm this, since he had the legal right to stay for as long as his deposits lasted, and simply calling the police (no need for a lawsuit) would ensure that he could stay until his deposits ran out. It is, again, very hard to evict a person just like that.

In summary: Unless I'm missing something here, Andreas was treated considerably better than required by law and has no legal grounds for complaining.

purpleD 4 days ago 0 replies      
When I was a few years out of school I went to my second job and inherited a huge code base with 4000 line java files, no tests, no one who worked on the code still around, etc, at a big non-tech company. I was young and stupid to think I was a bad programmer that I couldn't fix it all in a few weeks by myself.

I know it's in the past now, but try to avoid situations like this. If you can't, talk to your boss about what can reasonably be done in what time frame. Now I would try to figure out which parts can realistically be refactored and which can be isolated and rewritten iteratively make things better. I wouldn't take on new features unless I was confident I could deliver with spaghetti around.

logn 4 days ago 1 reply      
I don't know about European labor laws or your contract, but by US standards I don't think they did anything wrong and a blog post such as this would be perceived negatively.

edit: I mean no offense but just wanted to make you aware how this would be perceived by US readers potentially. US is lacking in a lot of labor protections.

seren 4 days ago 1 reply      
This is a bit of a clich but I wonder if there are some cultural differences at play there. Like the hectic and chaotic pace for a Swede, would be business as usual for a Portuguese. This is likely not the root cause, but it probably did not help the miscommunication, maybe even during the recruiting phase. I also assume that if OP is not a native Portuguese speaker, it was harder to fit in, and it was easier to miss a critical info you're colleague could be discussing. I expect UnBabel to answer that OP was not communicating enough, etc. which could only be due to cultural differences.
raverbashing 4 days ago 2 replies      
I see two sides to this:

- Is Unbabel making money? If they haven't shipped yet, bad for them, but on the other side, the software may be doing its part (of generating revenue)

- People sometimes come with an idealized view that in a perfect world all code is fully tested and follows all rules and conventions. Most often than not, it doesn't.

There's a balance between improvement for the sake of code and adding new features and bugfixes (not necessarily related to the lack of unit testing or stuff like this)

" I repeatedly asked for more guidance but all I got was reprimands for not taking every little detail into account in the code I wrote."

Here's the thing, no one will hold you by the hand. There's a lot of things you'll have to find out by yourself.

fun2have 4 days ago 0 replies      
Before you started working together, did you discus what would happen if things did not work well? Was your salary closer to that of the norm in Sweden, or that of the Portuguese? The difference is substantial. Did they think you where amazing at first and had too high an expectation? If you salary was closer to the Swedish norm then they may have thought that 2 weeks pay was a very substantial amount.

In Portugal, I believe, that unless you let people go before the trial period is over, then a whole lot of protective measures kick in.

For anybody looking to hire anybody abroad it is having the conversation about what happens when things don't go well.

It would be good to hear the Unbabel side of the story.

[Disclosure] Two of the founders are what I would call acquaintances of mine.

webwright 4 days ago 0 replies      
It was unclear to me what the terms of the contract were in terms of early termination of the agreement by either party. If you're moving for a 3 month "try before you buy" agreement, it's good to have that clause in the agreement or at least discuss it.

Say something like, "You guys seem like you're pretty organized, but I've heard a horror story or two about startup hiring... Companies pivoting and laying people off/etc. Given that I'm moving for this opportunity, can we have a clause in the agreement that spreads the risk around a bit? Say, if you guys let me go for any reason before the end of the contract, I get $X as a severance in consideration for my moving expenses, etc."

segmondy 4 days ago 1 reply      
It comes with the startup game. What would you have done if the startup ran out of money in a month? You pack up and go home, this also happens, where sometimes they think they have money, and perhaps weren't paying enough taxes or a deal that was going to come through fails.

The reality is that if you join a startup, you should take your job day to day. You should consider it an adventure. Do not expect it to be organized like a corporate job. There is going to be a lot of GROWING PAINS, for young folks with no real world experience, they don't know better. For someone experienced in the industry, man, is it painful! But with that experience, you have to figure out how to lead, your work is not just to code, the bigger puzzle to solve is how to slowly bring about best practices, and you will get a lot of resistance.

You lead by showing. Don't worry about others, they don't wanna write tests? fine, write your own tests, write extra for others if you can. They don't want to document or use revision control? Do so, one day, someone is going to read the comments in your code and realize that it makes sense to document, or read a process document. It might take time, but they will see the light.

In a startup environment, do not complain! It helps nothing, you must wade through the garbage, that's just the way it is. I'm much older and I know this reality. I work for a big company, it's "boring", it pays great, a lot of startup's court me trying to get me to get on board for half the salary and promise of fun, but nope! I'll work more with less discipline and less pay and no stability. I know this. Should I ever join one, I can assure, I won't cry if they shut down the next day after I joined, that's the gamble. Startups fail more than they succeed.

pkorzeniewski 4 days ago 1 reply      
That's why I'm very suspicious when it comes to stories about "wonderful work environment" at startups. I'm sure there are quite few startups where people really like to work, but I've a feeling most startups are chaotic, unorganised and ego-driven by the founders. To me it's the extreme opposite of big corporations, where everything is over-managed and run by well-defined processes, whicih may be sometimes irritaing, but at least you (usually) know what you're standing on.
FollowSteph3 4 days ago 2 replies      
I hate to say this but whenever you relocate that is your decision. The company isn't really in any obligations to keep you or pay your move back unless you pre-negotiate that either with a signing bonus or as a clause in your contract. Generally a relocation is offset with a signing bonus and higher salary which is why the risk is worth it, but never doubt that it's a risk you have to take. I know because I've done it myself before, moving countries and all.
andystannard 4 days ago 1 reply      
Hi I think they are legally able to do this from my understanding of EU law. It sucks especially if you have had to relocate for the job but you obviously were not enjoying working for them. It sounds as if the lead dev might be feeling overprotective of his own work and does not want to let go.

I am sure you will find another job easily enough as good devs are in demand. Hopefully at a place where you are valued and can contribute your skills

matheusbn 4 days ago 0 replies      
According to Unbabel website:

>We are a fast growing, fast paced startup who is trying to change the world by making comunication seamless in any language.Source: https://www.unbabel.com/jobs/


Well there is something wrong with their communication.

nrshirj 4 days ago 2 replies      
>I arrived in the final stages of a big rewrite of the core architecture that was already late. The code was a tangled mess of mindless duplication, half-implemented features and misleading comments. Of the few automated tests that existed, most didn't even run anymore.

I feel for you. But with your experience, this shouldn't be a surprise for you??

The focus in Startups is to get the code out and get a (paying) customer and the priority is not always on the quality of the code/tests. In the Enterprise world you have some more time to do more tests, code review et. al and may be you got used to it.

troels 4 days ago 0 replies      
After one month of insanity and abuse I was called to a Friday afternoon meeting with the founders. They told me that they felt that we had a difference in style and that they didn't want me to work there anymore. Just like that, no further explanation.

A bit curd perhaps, but following the rest of the story I suppose it makes sense? This sounds very much like a culture misfit to me.

(To be clear: I am not passing any judgement on the handling of the matter here. Or on who to blame on the misfitting)

gyardley 4 days ago 0 replies      
I've often wondered why incubators like YC don't have sessions that say 'from experience, these are the sort of behaviors that are counterproductive for your startup - watch out for and avoid them.'

I know that as a first-time founder I screwed the pooch in all sorts of ways I could've avoided with a little more guidance.

fimdomeio 4 days ago 0 replies      
I fear that if the OP was portuguese, what happened would probably look kinda normal.In the last 10/15 years or so most labour laws have been destroyed or made irrelevant and the crysis just made it even worse. With the scarcity of money it appears to have grown a culture of chaos. To me this story is just another one.
joshmn 4 days ago 0 replies      
Hi Andreas,

Shoot me an email (in profile); I'd like to help get you some food at the very least.

pender 4 days ago 1 reply      
The real lesson to be learned: don't jump out on a limb without pre-established safety net.

Moving to a new country seems like pretty big risk to take on a 3 month contract. Heck I wouldn't move from a current job to another one in town without a signing bonus to cover the risk.

ransom1538 4 days ago 5 replies      
Ok. I have been hacking in startups for 10 years or so. A few rules to note. 1) Startups almost always fail. Pretty much assume at any point you can be let go for any reason. If you can't afford to blow 3 months of salary and be paid in "promise" - don't do it. 2) Startups are not for everyone. Enjoy good code? Like a peaceful atmosphere? Need comments? Love structure and strategy? Welp - you will fail at a startup. In my 10 years: startups are trench warfare with company ending deadlines. As an exercise: Try borrowing money from your best friend and not paying it back. 3) Legal. You are going to sue a former employer? What a great way of ruining your future. Future employers will avoid you like the plague. Try starting a board meeting with: "Our newest employee is in a legal battle with their former employer...".
andrewljohnson 4 days ago 1 reply      
If the contract says 3 months, he should be paid for 3 months, end of story. I think the blog needs to include the contract to really know if anything illegal is going on.
Grue3 4 days ago 0 replies      
Sounds similar to one of my jobs. I worked for 2 months, got paid for half a month. What a waste.
TomGullen 4 days ago 0 replies      
Now we wait and see how skilled they are at an apologising. (If true).
user_id3 4 days ago 0 replies      
They're going for a second round as UnJesus
homakov 4 days ago 3 replies      
37 old Java professional from Sweden spends all of his savings in two months? You have 5 kids or something?
The Unexotic Underclass
456 points by spitfire  4 days ago   301 comments top 37
tsunamifury 3 days ago 6 replies      
I built language learning applications that reached over 10 million users in the developing world and my brother built a startup that employs only ex-cons in one of the worst neighborhoods in America.

We learned a few things from actually doing this:

TL;DR its really expensive to make products for the 'forgotten underclass' due to many unforeseen issues.

1) Poor areas are overrun with corruption and graft. Its very hard to do the right thing, when individuals with power will actively work to put a bribe barrier between you and your work. Its like these individuals smell out good intentions and attempt to tax them for the perceived weak-minded good intentions. An example would be, after my brother created several successful startups using ex-cons, he wanted to turn the program over to the City. He quickly learned without a politician attached and 'sitting on the board' you couldn't do this. The price of this? Paying him 70% of the donations coming in to support the program. I have numerous examples more blatant in 2nd and 3rd world nations.

2) Economy of Scale. You must serve more customers in order to make up for lower prices the market will bare. This is easy to say and very very hard to do. As you scale, you can't afford more workers, so your quality inevitably goes down. Other things like support, QA and tasks that don't scale past 1:10 user rations become very poor quality, turning off people to the product and making you ashamed of your work.

3) Not knowing what the problem is. You can guess at problems for a class of people you aren't a part of, but its pretty hard to design a new solution for them. Your instincts are often wrong and you have to do a lot of expensive testing and research you can't afford to get the right solution. See problem 2.

4) Distribution to customers. Want to get the product to this underclass? Do they have smartphones? Do they have computers? Often no. How are you going to ensure they see your product let alone purchase it? Maybe they do have smartphones, but they use everything from dumb-phones to android 2.3 devices to Nokia-whatevers. Development for all those things will cost you 5x as much as just making a food iPhone app. (see 2 again)

5) Value offer. This becomes very very hard when your target market is low on funds and often makes anti-self-interest choices. The individual who uses what little money they have to feed their family with fast food is going to pay money for your education app? Its pretty unlikely, they have more pressing needs in their hierarchy that they are often too scared and desperate to solve properly.

6) Their problems can't be solved with software. Often these people have real-world problems that require hands on work and real product to solve. My brother worked very hard to add software where possible but needed to do mostly 'real world' labor to get to his customers. Software is inherently cheap to produce compared to hardware and manual labor.

Finally, this work will eat you away until you have very little left. Your rent will go up as your friends sell their startups. You won't have time or money to rebalance your life with exercise or entertainment. You will becomes socially isolated from those who have the money to support your work. You will put immense pressure on your significant other to either make up your losses financially or support you. You will put your children's future in jeopard. You won't have children. You will see little return on your effort. You will be fighting a society which applauds your effort but is unwilling to help you continue.

In short, you might become part of the class you are trying to help.

patio11 4 days ago 3 replies      
I like parts of this article more than others.

For example, while I share a certain sense of frustration that SV seems to spend a disproportionate amount of resources on mobifotosocialgames, smartphones and their downmarket progeny are an enormous quality-of-life improvement for broader America. There's virtually nothing a cash-poor-responsibility-rich person needs to do that having a smartphone does not make them better at.

Commute to work? Apply for benefits? Schedule appointments with doctors? Successfully keep those appointments? Keep tabs on kids while working/errands? A smart phone makes you better.

As an entrepreneur who makes stuff for people who are not the usual suspects, the challenges to doing this are numerous and largely not conducive to the VC-funded trajectory. You have to convince people to pay you money for your services, you have to be able to service those customers profitably, and the customers are disproportionately pathological. Most of the software they consume is getting written by AppAmaGooFaceSoft because they can underwrite it with their massive monopoly rents, subsidize the cost straight down to zero, and deal with the CS headaches attendant in serving poor people by sending them to a call tree / web app backended by a Markov chain backended by /dev/null.

There's also a bit of "every problem has a software solution" enthusiasm which is, well, a bit overstated. (Sometimes this isn't stated outright, but when you expect to do something meaningful on e.g. $500k in an angel round, you implicitly expect to do something meaningful 100% in software, because $500k isn't even enough to launch a single McDonalds in the real world.)

Many problems have an 80% software solution attached to a 20% "interface with the real world" mandatory bit. The marginal cost of that last bit, though, is hundreds, thousands, or tens of thousands of dollars per client served. Or it has highly non-trivial political/regulatory barriers to entry, like "Convince an incompetent, intransigent, and politically invulnerable agency to disemploy half their workforce, who are by the way mostly veterans, whose main professional competence is doing an important thing slowly, poorly, and expensively."

burgers 3 days ago 7 replies      
I can sum this up so very simply. The way to make the most money is to get as close to money as possible. Hence why finance is such a lucrative career. We are seeing the obvious flaws of capitalism now that capital is no longer tied to low skill labor for manufacturing.

Want to make a ton of money 1 year from today and have good credit? Spend your days with an MLS subscription finding under-priced homes to flip in a couple weeks. You'll be a millionaire in a year I guarantee it.

Want to help single mothers for the rest of you life? You'll barely get by, I guarantee it.

Why? Because its further from a transaction. Nothing more, nothing less.

EDIT: I'd love it if the person who down voted me would explain why so much money is flowing into blockchains. You don't think that has anything to do with how close it is to the transaction?

tinco 3 days ago 8 replies      
I would really love to cater to the unexotic underclass, but how? I mean he goes on and on about how much opportunity there is, but I don't see it.

I know how to get 500 white liberal suburbanite young males to pay me $10 per month. They have the money and they love to spend it on tech and gadgetry that makes their lives even more comfortable. But single house mothers? Poor Romanians? How would I even get them to pay me half a cent.

In my mind, all these people really want and need is money, they are a receivers market, not a spenders market. I imagine them needing to spend money on food, education, housing and entertainment. All incredibly tough nuts to crack. If you even succeed at coming up with something those people want to spend money on, you're directly competing with the poor people dominators like Coca Cola.

The IT startup scene we're in is just a kids playground, do we really believe someone like Mark Zuckerberg could survive in the business of making money off poor people (directly)?

bokonist 4 days ago 4 replies      
Here is the basic problem. When you build a product for savvy people, your interests are aligned. Savvy people will only pay you money when you build a good product. Thus, the only way you can make money is by actually doing good, by creating a product useful to other people. This is the happy coincidence that draws so many to entrepreneurship - we get to build things, create value, and get paid $$$.

When you build a product for less than savvy people, the easiest way to make money is by tricking them. Even if if you do not want to play dirty, you will be driven out of the market by people who do. You will be competing against people who make something look like a great deal (no down payment, zero percent APR!) but where it turns out the customer is getting screwed in the long term. You might want to sell a fair product, but since you are selling to less than savvy people, they ignore your product and buy the product that is tricking them, that looks like a better deal than it is. When less savvy people buy good products, it's usually products that are being passed on via reputation by the more savvy set. Thus if you want to build good products for the underclass, build it first for savvy upper-middle class people, and if it is good, it will eventually filter down, like email, smart phones, and a hundred other technologies have.

jbackus 3 days ago 1 reply      
> too many brains and dollars have been shoveled into resolving what I call anti-problems interests usually centered about food or fashion or socialor gaming

A few things come to mind when I hear people say things like this:

1. This type of complaint usually indicates observer bias. People don't read about, or share, news about boring industries. Go look at the last 25 investments on https://twitter.com/VCdelta and see how many are truly "anti-problems."

2. People who look down their nose at entrepreneurs who don't pursue "Big Problems" probably don't realize how hard the "Small Problems" actually are.

3. If you think smart people are missing out by not pursuing some massive task, like helping veterans, then I have good news for you: that means you believe there is an opportunity for someone to improve society and make a lot of money in the process. Go invest your time and/or money, improve the world, and reap the rewards. If you don't know how to fix the problem then maybe things aren't as simple as people choosing not to make the world better. If you know how to fix these issues, but you don't know how to make money doing so, then you are really just saying that investors should instead be philanthropists. If you don't think you're smart enough/strong enough to solve these problems then maybe you shouldn't be telling others you know what is best.

disjointrevelry 3 days ago 3 replies      
The article boils down to a basic fact: "The unexotic underclass are unexploitable." Despite all the dancing around this fact, it pops out in the article like a pimple on an ivy leaguing debutant's nose in their weekly dermotalogist face cleansing.

There is more than a hint of the populist a. randist philosophy throughout this article. Maybe this is a cult, and it goes without saying.

The privileged group (such as the author's) consider themselves hero's and the saints of today's countries, the ultimate problem solvers that defeat the overbearing complications of governments and regulation. The expectation of privilege versus the torrent of their own baser instincts that pervades their own reflection, is one even a clever author can not mask with the vanity of the wealthy with the needs of the exploited and poor.

Lets get straight to the point. The 'exotic' underclass are in resource rich regions. Investments into these 'entrepeneurs' is miniscule to the massive profits from the resources from the "emerging third-world countries".

The article is a complaint, that the unexotic underclass is unexploitable. Nothing much else is expected from the a group of sycophants whose main desire was to wheel and deal financial sludge on wall street.

declan 4 days ago 2 replies      
>what with government penniless and gridlocked

Um, the U.S. federal government will be spending something like $3.4 trillion in the fiscal year beginning at the end of this month.

That's pretty much the exact opposite of truly "penniless."

As for gridlocked, sure, it's going to be difficult for the Dems to expand Obamacare, and it's going to be difficult for the GOP to repeal Obamacare, so by that crabbed version of "gridlocked" the author has a point.

But in reality, you'll see 99% of appropriations bills (measured by pages of text) over the next few months become law with enthusiastic bipartisan votes. You'll see the NSA's budget increased for next year by an enthusiastic bipartisan vote. You'll see the number of new federal regulations expand every year with no outcry from any U.S. senator of either major party. Etc.

That's pretty much the exact opposite of truly "gridlocked."

On a more HN-relevant point, the author's suggestion of fixing the VA is something that needs to be done by the Feds, not an app. They created these serious, systemic problems for veterans and they're the only ones that have the legal authority (and responsibility) to implement a fix. The WSJ has been writing for years about sensible plans for VA reform but nobody in D.C. seems to be listening.

3pt14159 4 days ago 5 replies      
Let's take a look at the real problems facing America and the rest of the developed world:

1. Mismanaged IT in critical infrastructure.

2. Misallocated funds in programs helping the destitute.

3. Cyclical loops of depression-lack of opportunity-lack of skill building.

4. Health disorders on a massive scale, like metabolic disorder, that can be solved with very simple things like diet and exercise.

These places are not where a bootstrapped startup can make a difference. They are mired in red tape and ignorance.

Show me the path to get people off of sugar diets. Show me the path to get the VA to modernize their forms and applications. I'll do it right now for free. It isn't just me, so many of us are ready and willing to help.

The truth is that we build Instagrams because people will use them. We build them because the biggest hurdle is Apple's insane app verification process; but the bigger problems are so much harder to solve because the blockades are human and political. Barriers that most of us can't hope to cross.

callmeed 3 days ago 5 replies      
To those who commented on the financial or regulatory hurdles in serving these people:

Maybe another way to look at this is: instead of creating a startup to serve veterans or single motherswhy not create a startup that can employ veterans AND single mothers?

One of the biggest problems facing single mothers is the high cost of childcare. In many instances, it makes going to work almost pointless because it eats 50%+ of your paycheck. So, why not a crowdsourcing service (a la mechanical turk/crowdflower) that employs single mothers at home in the United States? (personally I think people would eat that up and even pay a premium for US-based workers)

Veterans could also do crowdsourcing work, on-demand security, and on-demand driving/moving off the top of my head.

Yet another way to tackle this could be to go into an industry that already has the means/access to help these people and partner with them. I'm mainly thinking of education. California's community colleges (there are over 100) cater to these people already. They have night classes and veterans offices. They have programs for in-demand jobs like nursing. Yes, there's the same bureaucratic/regulatory issues since they're a government institution ... but if Starbucks can do a deal with Arizona State, surely a founder who is ambitious enough can get something done.

Afforess 4 days ago 4 replies      
Maybe I lack vision - but I don't see how any of the problems of the white collar and working poor can be solved by Silicon Valley. It would be impossible for a startup to work with the government in processing Veterns claims, for example. The regulations barriers are immense and the security and compliance problems are legion.

Similarly, how are startups supposed to improve the earning potentials of the working poor? MOOCs? Don't make me laugh. Most of these people wouldn't want to take one, they are not interested in an Education. They can barely fit in their current paycheck to paycheck lifestyle into their current schedule. And even if we could retrain them - as what? Coders?! Most people do not have the aptitude or patience nessecary.

ilaksh 3 days ago 0 replies      
The big problems are structural. And the first structure that needs to be fixed is your belief system, which supports the existing structure.

Start with the word "developing nation". I believe that is a racist term that is used to cover for gross inequality of resource distribution between relatively rich nations and poor ones.

Social Darwinism is another belief system that causes quite a few problems. Basically, anyone who isn't doing well financially, at a root level, many believe that they should either die, or live in squalor, because obviously they have little worth to society. People won't say that outright, but when you get right down to the details, most believe that.

You really have to look at the function of money in society and how it connects to the structural belief frameworks.

Also, in the existing framework, the general availability and buying power of money (which currently has been going down for some time) affects everything and everyone.

The _vast_ majority of people on this planet do not have any security for basic necessities. That is a result of the basic organizational principles of our "civilization". And the belief system assumes they are inferior and that helping that majority of people is a charity effort.

I look to technology to continue to mitigate these structural/cultural problems.

gyardley 3 days ago 0 replies      
Yes, somehow the vast majority of investors and entrepreneurs out there have continually overlooked this truly great area of opportunity.

That's totally the most plausible explanation here - certainly more plausible than 'this market isn't being served because serving it is largely a sucker's bet.'

mbesto 3 days ago 0 replies      
What people fail to realize is that Facebook/Google/Twitter/<insert every other digital advertising company that exists in SV> are solving the greatest business problem that exists - how to create a customer.

Peter Drucker:

There is only one valid definition of business purpose: to create a customer.

It is the customer who determines what a business is. For it is the customer, and he alone, who through being willing to pay for a good or for a service, converts economic resources into wealth, things into goods. What the business thinks it produces is not of first importanceespecially not to the future of the business and to its success. What the customer thinks he is buying, what he considers value, is decisiveit determines what a business is, what it produces and whether it will prosper.

The customer is the foundation of a business and keeps it in existence. He alone gives employment. And it is to supply the consumer that society entrusts wealth-producing resources to the business enterprise.

Because it is its purpose to create a customer, any business enterprise has twoand only these twobasic functions: marketing and innovation. They are the entrepreneurial functions.

mb2100 15 hours ago 0 replies      
Surprised that nobody has mentioned Ushahidi yet, seems like they are doing great work in Kenya: http://www.ushahidi.com/mission/
rayiner 3 days ago 0 replies      
I like the cut of the author's jib.

One of the things I think is under appreciated is that it's not like the poor don't have money. They do, they just can't afford to waste it on $15 a pop food delivery. But at the same time, it's hard for poor people to spend money efficiently. The yuppie who shops at Costco is getting a better price on food than someone who lives in an urban food desert. Is there a technical solution to these inefficiencies? I bet there is.

I think the biggest, most fundamental problems facing at least the urban poor is the breakdown in social structures in these communities. And social networking technology could help here. There just needs to be a focus shift from helping teenagers sext each other and get laid to helping their parents make sure they're not cutting class.

nickthemagicman 3 days ago 0 replies      
There's a lot of people interested in helping the poor. There's humongous social and political barriers that make it almost impossible.

Ideas I have:

-Make a centralized site for homeless people to find resources. At the moment they're all scattered.

-Make an easy to use food stamp app.

-Ride sharing apps

-Apps showing where buses are and how far away they are so poor people aren't just sitting at the bus stop waiting.

-and there's a lot more.

However a quick look at all these requires technological literacy by the poor, governmental cooperation, or both.

It's not just an easy tech problem to solve. It's a social problem.

BrandonMarc 3 days ago 0 replies      
The previous discussion of this article is actually quite fascinating, itself ...


vinceguidry 3 days ago 1 reply      
I'm not really understanding the author's position. He seems to think the point of business is to solve problems rather than turn a profit. There are no end of problems to solve in the world, but only a very few of them are profitably solved. You can't keep going without profit. If you want to solve a social problem, you need the tools of social policy, which can bring enough resources to bear that you can afford to ignore profit.
arh68 3 days ago 0 replies      
I'd just like to point out the simple fact that veterans do get one certain type of benefit coming home, and it's that they get automatic preference for any federal job placement they apply for. The preference doesn't expire on placement, but exists for promotions too. Plus they can get ~0% down mortgages, no problem. So it's not all doom & gloom.
mahyarm 3 days ago 0 replies      
These companies exist, but they don't get hyped that much by the VC marketing machine and are probably funded outside of it. In a way, those companies are like Walmart, MVNOs like republic wireless and apps that are popular, but you don't hear about because they don't target that lucrative market with disposable income. How much do you hear about coupons.com?
WalterSear 4 days ago 0 replies      
It's a lot easier to get money out of people who have some to spare.

And people say Big Problem when they are embaressed to admit that it's Big Money that they are really after, when you get down to it.

That said, I know quite a few people trying to solve big problems in SF. http://www.handup.us for example.

gphil 3 days ago 1 reply      
This has been alluded to in other comments, but without any data. The "unexotic underclass" has virtually no money to spend compared to the upper classes. The bottom 40% in the US has only 0.2% of the wealth!

Source: https://en.wikipedia.org/wiki/Distribution_of_wealth#mediavi...

scythe 4 days ago 3 replies      
>entrepreneurs have stopped chasing and solving Big Problems

What is strange to me is that people believe entrepreneurs ever solved "Big Problems". Who in history falls into this class? Thomas Edison? Alexander Graham Bell? Henry Ford? Guglielmo Marconi?

Nonsense, I say. These men didn't solve the "big problems" of their era -- they didn't attack issues that were popular in the public consciousness. They were really much more similar to today's SV entrepreneurs: they created markets, rather than entering them.

We never needed light-bulbs, and we never needed smartphones. We never needed the telephone, or Google. We never needed radio, and we didn't need Netscape either. We never needed cars, nor did we need Paypal, Bitcoin and Square.

The mistake is that thinking the first inventions are somehow more fundamental, just because they're older. That's nonsense.

Big Problems, to the extent that they are ever solved, are almost always solved collaboratively, by coalitions of scientists and engineers, involving both the public and private sector, and the solution rarely appears by flipping a switch. Norman Borlaug wasn't an entrepreneur and he didn't work alone. Ditto Edward Jenner, James Watt, you name 'em, we got 'em. These men were not entrepreneurs (though Watt worked with one).

>And yet, veterans whove returned from Afghanistan and Iraq have to wait roughly 270 days (up to 600 in New York and California) to receive the help medical, moral, financial which they urgently need, to which they are honorably entitled, after having fought our battles overseas.

>Technology, indeed, is solving the right problems.

Why on Earth would we expect technology to solve political problems?

>Meet the people who have the indignity of being over 50 and finding themselves suddenly jobless. These are the Untouchables of the new American workforce: 3+ decades of employment and experience have disqualified them from ever seeing a regular salary again. Once upon a time, some modicum of employer noblesse oblige would have ensured that loyal older workers be retained or at the very least retrained, MBA advice be damned. But, A bas les vieux! the fancy consultants cried, and out went those who were no longer fresh. As Taylor Swift would put it, corporate America and the Boomer worker are never ever getting back together. Instead bring in the young, the childless, the tech-savvy here in America, and the underpaid and quasi-indentured abroad willing to work for slightly north of nothing in the kinds of conditions we abolished in the 19th century.

Economics: the only field you don't have to study to rant about on mit.edu.

>What do we have to do with any of this? The unexotic underclass has to pull itself up by its own bootstraps! Let them learn to code and build their own startups! What we need are more ex-convicts turned entrepreneurs, single mothers turned programmers, veterans turned venture capitalists!

You don't have any numbers, you don't have any sources, you don't have any data. You think my only objection is that it's not my responsibility? My objection is that it's insane.

Khan Academy, though, looking at America's education system. Fitbit, targeting the number one cause of preventable death in the developed world. That e-cigarette guy from China, taking on number two. David Nichols and the psychedelic renaissance (not a company but it can't be), bringing MDMA to veterans. Theranos, making blood tests affordable for the 80% of Americans who make five figures or fewer. Prepolarizing MRI. Various on-demand laundry and cooking servies. It's out there. In some cases it doesn't matter: single mothers'[1] problem isn't that they aren't targeted by startups, it's that they don't have any money!

And you know what? It's fucking hard. These companies don't take off like bottle rockets the way Dropbox and Google did. Bringing products to disconnected people in disparate areas who don't like you is a lot harder than selling restaurant recommendations to the other nerds on the train.

[1]: you might be able to make an app so that single parents can find each other and trade-off childcare, but it probably exists already anyway. I'm not exactly Nostradamus, here.

jonnycowboy 3 days ago 1 reply      
Why not create a "food stamp" delivery service? Hire ex-cons for delivery & older "unemployable" graduates to manage the whole thing. Deliver in the evening after the parent(s) are back from work.

Better yet, try to change the system to allow EBTs to be used to delivery ready-made meals...

gp2gp 3 days ago 0 replies      

Just see...


7Figures2Commas 4 days ago 1 reply      
The "unexotic underclass" that the author refers to is already being served by a multitude of entrepreneurs and businesses. The degree to which it is served well varies considerably from demographic group to demographic group, geographic region to geographic region.

What the author apparently fails to recognize is that the biggest challenge for the entrepreneurs and businesses trying to serve her "unexotic underclass" is access to debt financing.

Venture capital is not appropriate for every type of venture. While there's a strong argument to be made that venture capitalists would be wise to make a conscious effort to give greater consideration to businesses run by and targeting people who don't look and live like they do, the reality is that the economic structure of venture capital is incompatible with the majority of businesses that require capital. Put simply, for every business for which equity financing is appropriate, there are probably a hundred or more for which it is not.

If the author wants to see more businesses serving the "unexotic underclass" and serving it well she should focus more on the market for debt financing and not the market for equity financing.

firstOrder 4 days ago 1 reply      
> If you're itching to start something new, why chase the nth iteration of a company already serving the young, privileged, liberal jetsetter?

Because those are the projects which angels and VCs bankroll. Because those are the people who have disposable cash.

I was just reading an article on a conservative web site, actually one run by Ben Horowitz's father ( http://www.frontpagemag.com/2014/dgreenfield/cbs-colbert-and... ). It talks about how TV doesn't care about older viewers, rural viewers, and increasingly only cares about young professionals on both coasts, and how television programming is being focused on such people. Not sure how true it is but it makes sense.

Audre Lorde once said that the master's tools will never dismantle the master's house, and capitalism is not going to solve the fundamental contradictions of capitalism, other than by imploding, as so many economic systems before have done (feudalism, slavery, primitive communism).

Also, anyone who has done work organizing working class people knows the solution is not for a genius from MIT to swoop in with some corporation to try to fix problems wrought by corporations. You see what is possible and organize around that. The American white working class once had power, and it chose to send bombers north of the Yalu river, support a war in Vietnam, on and on up to modern day with Obama's support of the Honduran's military overthrow of Honduras's democracy etc. The AFL-CIO saw it's steepest decline under someone who never worked or ran a union, but was involved undermining foreign unions in cahoots with the CIA and American big business. And on and on. Now they go down to fundamentalist churches and watch Fox News as they age, and slowly become a minority in their own country. Empowering white, blue collar Americans gave us No Gun Ri and My Lai. Thanks, I'll pass. I'm glad to see the sun setting on the white American working class.

mathattack 3 days ago 0 replies      
Deeply left of my politics, but I like the market orientation of the solution. Very well written to get me to agree with a point of view I wasn't inclined to like. :-)
eddyparkinson 4 days ago 3 replies      
"Make something people want." - is on Y-combinator t-shirts. It is not about class, it is about solving a want or a need in a sustainable way.
carsonreinke 3 days ago 0 replies      
`There is life, believe me, outside of NY, Cambridge, Chicago, Atlanta, Austin, L.A. and San Fran.`
squidmccactus 3 days ago 0 replies      
Why is this posted to HackerNews? This isn't innovative.
bettyx1138 3 days ago 0 replies      
the problem is that fixing problems to make the world a better place is not profitable to investors in our system. our system needs fixing.

the important problems won't be solved by products coming out of tech start ups but by service design applied to our dysfunctional social and political systems. imho.

i'd love to ponder and write more about how SD can fix things but i am late for my job designing apps for the privileged class. :-\

x0x0 4 days ago 3 replies      

   But theres only so much Washington can do to help out, what with government    penniless and gridlocked, and its elected officials occupying a caste of    selfishness, cowardice and spite, heretofore unseen in American politics.
This is pure both-sides-do-it bullshit.

In reality, one side recently passed an amazing transformation of health care to attempt to pull the united states -- still the world's richest large country -- up to the level of any civilized first world country. That is, we've moved towards providing healthcare to all americans as a birthright. One party was unanimously opposed, either for venal reasons, or outright stupidity (Sarah Palin's death panels, and thank's John McCain for that!), or evil (all Republican governors in the south). Somehow Europe, Canada, Japan, etc, all make health care work but we can't.

We could also discuss the ever declining (real) minimum wage, which had it kept up with real income growth in the US economy would be in the $20 dollar range or so.

One side of the government -- and no, the Dems didn't cover themselves in glory, but who exactly decided to spend over a TRILLION dollars on a war in Iraq for reasons that are still up for question, on the basis of flimsy and nonsensical evidence funneled through willing accomplices in the media, against all evidence from people with a history of correctness that both (1) there where no WMDs, and (2) invading Iraq would upset the jenga tower that is iraq and the middle east?

Any article that can describe largely political problems without once mentioning republicans or putting the blame for much of this squarely on them is worthless and frankly part of the problem.

lotsofmangos 3 days ago 0 replies      
One thing that annoys me with this, and I keep noticing time and time again from people who are presumably more used to lecturing selected groups than writing for public consumption, is that there seems to be an assumption throughout the text that the people being referred to within it are not going to be part of its audience, despite it being posted on a publicly accessible web page.
DanielBMarkham 3 days ago 0 replies      
Oh boy. What a mess.

So there ARE two sides here.

Side 1 is the "I want to have a startup so that I can do something important to me.

Side 2 is the "I want to have a startup so that I can do something important to others. I will find some way to make this important to me as I go along.

Side 1 folks are tweaking on a moral crusade. Let's change the freaking world, folks!

Side 2 folks are deeply ignorant. I do not know what people want that I can make. Maybe they want better restaurant recommendations based on blood type. Maybe they want job recommendations. Maybe somebody would want jobs for cats. Has anybody done that? Beats me.

If this were a war to improve the future of humanity, Side 1 folks are always the ones charging up the beach on D-Day. Rally after me, men! The cause is just and victory awaits!

Side 2 folks are always trying to find a better way to make the machine gun fit to the machine gun mount. You know, if the bearing fit this other way, machine gunners would have a bigger field of fire....

Side 1 guys are the evangelists. Side 2 guys are the plodders, plodding along. Tinkering.

There is no right or wrong answer here. One out of every 10K or so of the change-the-world guys actually change the world. Very cool! One out of 100 or so of the better machine gun mount guys actually do something that somebody, somewhere finds useful. Very cool!

My problem is when the Side 1 guys go on these long tears about what the rest of us "should" be doing. Dude. I've been working and living in the startup scene for a long time. Am I supposed to get all emotionally fired up because of social injustice? Or perhaps just go do something other folks might find useful? Because that thing where you run on passion for a year and burn out? That's not so much fun.

I love charities. I love hobbies. I think it's fine to have something that's a cross between a hobby and a charity. Perhaps this is what the side 1 guys really want for the rest of us and they are just doing a bad job of explaining it. Or perhaps they should just leave the rest of us alone while we go try to make something useful to somebody, anybody.

javert 3 days ago 1 reply      
If it's true that 1 in 10 Americans are war veterans, they could literally revolt. They probably have the numbers and potential support from the military needed to succeed.

Because the VA, and by extension the federal government and the American people, treat them like absolute garbage, and this is not going to get fixed in the current system.

Wouldn't be the first time:http://en.wikipedia.org/wiki/Bonus_Army

Twitpic is shutting down
466 points by uptown  2 days ago   146 comments top 44
saurik 2 days ago 4 replies      
So, with three weeks notice, all tweets that have ever been posted that included a picture using Twitpic (which is a remarkable number) will no longer have their picture available? In fact, do we even have three weeks? I just did a search for "saurik twitpic" on Twitter (https://twitter.com/search?f=realtime&q=saurik%20twitpic) to find people who had posted pictures of me, of them for me, or of my products to show to others, and I'm seeing just a bunch of broken images (the few that work, as in the few that still show images on Twitter's website, such as https://twitter.com/MuscleNerd/status/296068187353661440, are simply a cache from Twitter's twimg.com: clicking through to Twitpic doesn't work). It seems like twitpic is already offline :/. (So like, I was going to go through and try to frantically download images I'd find relevant in the next week, but I guess it is already too late.)

(edit:) Even the broken previews are now disappearing (making this both a little less obvious that there is missing content and also a little more barren-looking). I guess Twitter notices the original image is gone and stops trying to render it through twimg.com, so most of the tweets in my posted search result are now just "imageless" (before they looked like this one, which is older enough that I hadn't rendered it yet to get its cache to clear: http://cache.saurik.com/tinyimg/twitpicoff.png).

sp332 2 days ago 1 reply      
Here's a reminder to please donate to the Internet Archive. https://archive.org/donate/index.php They have tons of old twitpic pages! http://web.archive.org/web/20140304234132/http://twitpic.com... See that timeline at the top? You can go to any date and browse around.

And the Internet Archive is more than just the "Wayback Machine" that lets you browse old versions of websites. They have massive datasets of video, audio, and texts too - check out the examples on the homepage. And you can add your own collections now. https://archive.org/create/

They just finished ingesting 2TB of public Fotopedia photos before it went down. Do you know how much it costs to store a terabyte permanently? Not an offline backup, but accessible 24/7 forever? About $2,000! Power, cooling, redundancy, and especially dedicated people to keep it all going. https://archive.org/donate/index.php

jonknee 2 days ago 1 reply      
There's more to this story... If I had to guess I would say that it's no longer profitable (or at least, very profitable as it once was) and it's not fun to run an image host (imagine all the trouble that comes with just copyright issues, let alone criminal matters). The founder also has a new startup called Pingly which I'm sure is more rewarding to be working on.

On its face Twitpic is shutting down because they won't get their trademark, but they've never had their trademark and have had no problems operating. Twitter isn't suing them, they're just saying they are against the trademark application. They don't need the trademark and it's bizarre to shut your company down for the possibility of being forced to change your name in the future.

If Twitpic wanted to continue running they could without any changes or extra work. It's a dead end though, Twitter has its own image service and there is little reason besides legacy to use Twitpic. Here's their traffic situation which should pretty well mirror revenue as it's web based advertising paying the bills:


They're hemorrhaging traffic. Globally there were 85,043,992 visits in the month period a year ago compared to 13,315,016 in the most recent month. That's also just the past year, Twitpic has been on the decline for years and peaked in July 2011 with a cool 280,021,248 visits.

Expenses are likely not down nearly the same amount as they have to store more and more images every month (with less traffic there is less bandwidth, but this doesn't count images not loaded on their website).

Just in the last month they lost 46% compared to the previous period. It's falling off a cliff. This seems like a good way to get some sympathy on the way out. A rude move to their users though. Maybe Twitter can step in and offer a bottom dollar buyout so that the links don't break.

pionar 2 days ago 10 replies      
Two lessons:

1. Don't base your entire business on another business' product. Especially one that has had such a hostile relationship with third parties. When the other business decides to discontinue your access to its service, or otherwise change things, or basically copy what you do under their own brand, you're screwed.

2. Don't create a similar name that will give you trouble in trademark disputes. (Seriously? TwitPic? I work in technology, and even I thought they were owned by Twitter, though admittedly, I don't use Twitter much and don't use TwitPic at all).

DanBlake 2 days ago 7 replies      
So, there is a bunch of info we dont have... But would it not make sense to just rebrand? From a preliminary search on twitter, there is a huge amount of users still using twitpic. Seems like this is a biz that could/should make millions a year with some cost reductions and run mostly on autopilot.

Also, what happens to the millions of pictures previously hosted with these guys? Even if you can backup/export all your data, think about all those links on twitter that are going to suddenly stop working. Its basically like a URL shortener shutting down.

Shit, send the site over here and Il provide the resources to keep it going. Just seems like such a shame.

vlucas 2 days ago 1 reply      
Sad news. Just the latest victim in Twitter turning on it's own developer ecosystem. :-/
nilved 2 days ago 1 reply      
It's a shame Twitter has become so developer-hostile. When it first came out, I remember the excitement of using Twitter as a host platform for other apps. Now I couldn't imagine writing a line of code that interacts with their platform. It's a nightmare. I wish app.net had been more successful: it was clearly an attempt to ride the waves of that excitement after it'd been made clear that Twitter had jumped the shark.
driverdan 2 days ago 1 reply      
I suspect Twitter's demand is the straw that broke the camel's back. I'm sure Twitpic use has declined significantly since Twitter introduced their own image hosting. The team has moved on to other projects so there's not much incentive to fight it.
edent 2 days ago 1 reply      
A year ago I wrote a quick Python script to export all my images. If anyone wants to use it (or improve on it) I blogged about it at http://shkspr.mobi/blog/2013/08/exporting-twitpic-images-pyt...
dave1619 2 days ago 0 replies      
I don't understand why Twitpic would be shutting down. If they are growing and doing well, then why not just change the business name? Or is it that things aren't going well (usage dropping drastically) and they've already been thinking about shutting down or moving on, and maybe this trademark issue was just the last straw?
nathanb 2 days ago 0 replies      
Are they just playing chicken with Twitter here?

It seems odd that, because Twitter are being trademark jerks, they're going to just take their ball and go home. This feels more like attempted blackmail.

ChrisArchitect 2 days ago 1 reply      
long time coming really. follows long narrative/twitter history where twitter forced it's way into owning the photo content shared on the service....allowing only a few like twitpic to maintain the key aspect 'embeddability/previews'. What still remains interesting to me is that at one point instagram was gaining an incredible amount of speed in becoming the defacto picture sharing service on twitter -- but then they had the spat with fb/insta and twitter stopped the previews for instagram pics. Instagram has a huge community so survived fine, but it could and still could be so much more with twitter integration...but that sanction has never been lifted.
uptown 2 days ago 0 replies      
Seems they're continuing their aggressive push towards controlling it all. Anybody have recent numbers on 3rd party client tokens remaining? And what happens to clients like TweetBot when they run out of tokens?
tiles 2 days ago 0 replies      
Here is the relevant Archive Team project for Twitpic: http://archiveteam.org/index.php?title=Twitpic
Damin0u 2 days ago 2 replies      
So it's time to try this backup tool https://github.com/Stantheman/Twitpic-Backup
_puk 2 days ago 0 replies      
They could always go back to twitter and propose dropping the lawsuit if they change their name?

Yes I know Twitpic is the brand, but if they were to simply DNS redirect Twitpic.com to ickleimages.com [1](available!) then twitter wouldn't be littered with old broken images, and the company could work on pushing the new brand.They do now support more than twitter after all.

If it's a viable business, it seems crazy to throw it away to prove a point that many probably saw as an issue from the outset (That is the use of twit* for a service that leeches off twitter's success).

I'm sure changing every single link to serve twittermademedoit.gif would be frowned upon.. but then the company isn't going to exist any more..

disclaimer. I've never used Twitpic before, nor posted on twitter so may be missing something..

[1] http://www.urbandictionary.com/define.php?term=ickle

b123400 2 days ago 0 replies      
When is Twitter shutting down its API?
83457 2 days ago 0 replies      
Sounds like there is either more to this or this is a strategy. I'm guessing they would like to sell but can't do to possibly of being sued by Twitter over their name. Not so much that Twitpic can't continue but they can't get further funding or bought out due to risk.
jkaljundi 2 days ago 2 replies      
I wonder how well Twitpic is doing revenue and profits wise and how much that affected the decision?

It's hard to believe only the patent issue is the cause here. Open closing down announcements are nice, but should list all the facts and circumstances, not try to spin it PR wise.

Eiriksmal 2 days ago 0 replies      
I'd always assumed Twitter had purchased Twitpic a long time ago. Interesting plot twist.
biot 2 days ago 1 reply      
They're going to pivot and introduce a suite of new services which use the same underlying engine to share pictures across a variety of social media sites:

  Googpic: share on Google+  Facepic: share on Facebook  Instapic: share on Instagram  Tumbpic: share on Tumblr  Pinterpic: share on Pinterest
When interviewed, the founder stated "We plan on filing trademark applications for these new service names and anticipate no further legal issues. It's regrettable that Twitter is acting so unreasonable by taking reasonable steps to protect its mark."

jacquesm 2 days ago 0 replies      
Never ever, ever build a service that is 100% dependent on another service that you don't have alternatives for and never use someone else's trademark in order to leverage your business. That's two fatal mistakes in one go, they should be rather surprised that they held on this long. But maybe the 'user outrage' will be enough to get twitter to buy them, though - assuming twitter isn't dumb - that would be a bad move because that would lead to hundreds of copycat attempts.
zyx321 2 days ago 0 replies      
To be perfectly honest, I am surprised to learn that twitpic is owned by a different company than twitter itself, which is precisely what trademark law is supposed to prevent.
unclebunkers 2 days ago 1 reply      
I must not be paying enough attention, because this doesn't make a lick of sense from Twitters side. If I had a company that was willing to host images instead of me, at no cost to me, and no restrictions on me, I would be a barking mad idiot to disrupt this relationship. Unless I was about to sell...
topynate 2 days ago 0 replies      
If Twitter killed the API that would put Twitpic out of business - but how is that worse than shutting it down? They might as well call Twitter's bluff, if the alternative is just as bad.
throwawayycacct 2 days ago 0 replies      
https://news.ycombinator.com/item?id=4315663I guess stocktwits is next on the chopping block.
msvan 2 days ago 0 replies      
I think the issue here is that Twitpic's business model is having people leave the main Twitter interface to take them to another domain, where Twitpic can extract advertising money from the impressions. Twitter has image previews these days, which offer a nicer user experience and keep users on the main Twitter site. With Twitter hosting images itself, it makes little business sense for them to continue letting Twitpic make ad money off a feature duplicated externally.
runarb 2 days ago 1 reply      
Hopefully somone like the Archive Team will at least manage to save most of the images. Urls used for images and links seems to be sequential numbers.
dlsym 2 days ago 2 replies      
> "A few weeks ago Twitter contacted our legal demanding that we abandon our trademark"

Guess it's time to abandon Twitter.

shalmanese 2 days ago 0 replies      
Isn't the entire reason companies aggressively pursue trademark claims against small fry precisely because lack of enforcement leads to weakening of the mark?

I don't see how Twitter has a brand confusion case against them since they've obviously known twitpic existed for many years now and haven't asserted brand confusion until now.

k-mcgrady 2 days ago 1 reply      
>> "Unfortunately we do not have the resources to fend off a large company like Twitter to maintain our mark which we believe whole heartedly is rightfully ours. Therefore, we have decided to shut down Twitpic."

Is this supposed to be serious? You're shutting down your company because you're stubborn and not getting what you want??

mrjatx 2 days ago 0 replies      
After having both Lightbox7 and whatever Sonys big photo-store/share platform close down and wipe out my high school/college albums I've learned to definitely not rely on any image hosting services.

Back then there wasn't twitter or any other good social media and you found things out by visiting the site or through ICQ.

spiritplumber 2 days ago 0 replies      
This is why you want to run your own server for this sort of thing... or at least use something standardised and portable.
dkarapetyan 2 days ago 0 replies      
Lets put this in perspective. Some twitter pictures are going to disappear. In the grand scheme of things the people who had the luxury of using this service will survive just fine. Please stop the navel gazing.
Kayou 2 days ago 1 reply      
Lesson to learn: don't tie down your service and/or brand to an existing brand/service. Otherwise you're both dependent of that service and/or at risk to get sued sooner or later.
joshdance 2 days ago 0 replies      
This is revealing in 2 ways.

1. Twitter doesn't care about developers. 2. Twitpic wasn't making enough money.

theoutlander 2 days ago 1 reply      
Why didn't Twitter acquire them instead? Did they try that and fail?
sfall 1 day ago 0 replies      
i saw an article mention noah working on this http://pingly.com/
talhof8 1 day ago 0 replies      
Isn't he the guy from Heello?
snowwrestler 2 days ago 0 replies      
I don't get it. Why not just change the name and keep going?
ytwit 2 days ago 0 replies      
Twitter being dicks... As usual
zhte415 2 days ago 0 replies      
Link rot
pbreit 2 days ago 0 replies      
Just change the name already. Jeepers.
OedipusRex 2 days ago 2 replies      
At what point do you forego patents for the sake of usability. Twitpic has been around for so long and they have tons of media hosted, all of those Tweets are now essentially broken. Twitter should instead foster a relationship with Twitpic.

Twitpic is DEPENDENT on Twitter to work, it's not taking users from Twitter at all (other than hosting media). Truly sad to see.

What I use instead of Google services
422 points by lnmx  4 days ago   291 comments top 48
astrocat 4 days ago 22 replies      
> "Like most people, I don't like to be tracked. I also am the founder of the search engine that doesn't track you, DuckDuckGo."

It pains me to hear intelligent people talk about being "tracked" as something "bad" a priori. While there are certainly plenty of examples of abuse of knowledge, I tend to think of most "tracking" not as "stalking" but as "relationship building." Let me explain...

Google is a service provider that I frequent, just like my coffee roaster or my stock broker or whatever. Over time, service providers develop a relationship with their customers based on knowledge of that customer. This knowledge helps inform how they provide and improve their service. My coffee roaster knows what kinds of coffee I like and makes appropriate recommendations when new beans arrive. My stock broker knows what kinds of risks I like to take and gives appropriate investment direction.

Ok, so I don't really have a stock broker but... My point is: I appreciate that google is aware enough to know that when I search for "hash salt" I'm not talking about potatoes. DDG shows me recipes and first.

The problem (as with most things that are hot-button issues) is that the most talked about thing - "tracking" - is a red herring. The REAL issue is accountability. True information lockdown rarely benefits anyone, but openness without accountability is useless and downright dangerous.

Suggesting people flee one provider's services and head to other providers who are not concretely more accountable (just because they "say so" doesn't make it true) is simply being petty. We should instead be spending out breath advocating for greater accountability in the system as a whole.

spindritf 4 days ago 2 replies      
OK, there's some value in diversifying instead of using one provider for everything but mostly he just swapped Apple, Fastmail, or Clicky in place of Google. They can still track him, read his email, know his calendar... The benefit here is marginal.

And how do those companies stack up against Google when it comes to security? It's one thing to protect the data against snooping by the provider, it's anoter to protect it from everyone else. Google is pretty solid, often on the cutting edge (PFS, certificate pinning).

Oletros 4 days ago 3 replies      
Browser: Safari / ...

Maps: ... / Apple for directions on mobile

Phone OS: iOS

Calendar: iCloud

And then talks about data not given to one company.

Really, is it just a strange joke?

elliottpayne 4 days ago 4 replies      
I switched to fastmail and duckduckgo in lieu of google products a little over a year ago for some of the same reasons. I tried to switch to safari from chrome, and that experiment lasted about 3 months before I got annoyed by how safari handles multiple tabs.

But, as far as most of the criticisms posted here, they're really unfounded. If you want to be a purist about privacy, you really have to just quit using technology. It's not realistic. Yes, you can be an idealist and try to run your own email server, etc. but it's really about balancing tradeoffs. I also use Apple maps and iCloud and dropbox and Evernote and... many other services we should give just as much scrutiny to as Google.

I don't see my choices as being about riding a high-horse, it's about a diversified portfolio of services that helps me avoid total lock-in. The day that google heavily oversteps with the G+ product strategy or twitter completely goes to shit, I've got a series of alternative services that can pick up the slack.

hoopism 4 days ago 0 replies      
Where I shop instead of Walmart: Sams Club
ape4 4 days ago 3 replies      
I was hoping this was suggestions for services you can host yourself. Switching from Google to Apple doesn't really change much.
lvillani 4 days ago 1 reply      
Personally, I have a VPS where I keep my own mail server, webmail, ownCloud instance (calendar, address book, file storage, etc), IRC bouncer... All courtesy of Sovereign (https://github.com/al3x/sovereign)
napoleond 4 days ago 4 replies      
Another Fastmail endorsement--they really are fantastic. I confess to still using Gmail for some things but it's mostly just because I've been too lazy to switch over all of my accounts. Fastmail is truly a better service.

As for calendar, I've heard good things about https://fruux.com/ although I haven't tried that myself yet. (And apparently Fastmail does calendar too--again, haven't tried.)

alpatters 4 days ago 0 replies      
> "Practically, switching away from as many Google services as possible will help alleviate the most obvious issues like most of your personal data being in the hands of one company and the related issue of ads following you around the Internet."

Ads that follow you has absolutely nothing to do with Google services. These are retargeting companies using their cookies to track you. They use ad exchanges, so even that is not principally Google.

MichaelGG 4 days ago 1 reply      
I, too, am very unhappy with Google. They're obviously intentionally trying to get people to get used to giving up privacy. From the moronic system Android has, to the tricky dialogs Chrome puts up, they don't like the anti-tracking sentiment.

But... DuckDuckGo just doesn't compete on search results. I changed to it as my default search engine, but I ended up going to Google most of the time.

And switching away from Android... I tried to move to Windows 8 / Phone, but the ecosystem is a joke. Desktop apps don't work well on their small tablet form factor, and the Metro apps are laughably terrible. Microsoft can't even prevent total scams, like $9 fake Netflix and HBO. And they ignore reports about them.

rizumu 4 days ago 0 replies      
The PRISM break list is far more comprehensive: https://prism-break.org
mark_l_watson 4 days ago 0 replies      
Until recently, I also was very concerned with privacy, partly not wanting my personal data available easily to many large corporations, and also wanting to keep resources for client work very secure.

What changed is that I have retired (except for some mentoring and writing). Now, I would like the tech side of my life to be as simple as possible in order to free up my time for other activities. So for right now I am massively using Google services but I am considering, depending on how much I like the iPhone 6, just living in Apple's little walled garden. I trust both Apple and Google to generally do the right things.

I still advise friends and family to run Adblock software, and to be generally prudent privacy and security wise. But for me personally privacy issues are not as important as they once were.

wstrange 4 days ago 1 reply      
I sleep comfortably at night knowing my private photos are stored safely on iCloud.
Sir_Cmpwn 4 days ago 0 replies      
Video hosting: https://mediacru.sh

Benefits over Vimeo: FOSS, deployable on your own servers, pro-privacy, also supports audio and images.

I helped make it, so take this with a grain of salt.

dan_bk 4 days ago 2 replies      
> On top of the browser I use these add-ons to reduce tracking further; also, note that private browsing mode and the do not track setting will not stop you from being tracked.

(Almost) nobody can escape the tracking, as long as fingerprinting remains possible: https://panopticlick.eff.org/

Google's/Facebook's/Twitter's JS scripts are literally on every site. Fingerprinting allows them to increase their ROI since it builds more precise profiles on you. The advertising industry is happy and the government is happy. So forget about them not fingerprinting you.

nodata 4 days ago 0 replies      
Storage: BTSync -> syncthing (http://syncthing.net/)
zobzu 4 days ago 0 replies      
Mostly its using Apple stuff instead of Google stuff..

thanks but no thanks

jacquesm 4 days ago 0 replies      
It's sad that the only alternatives he can come up with for one set of cloud based services by one set of providers is another set of cloud based services by another set of providers.
lvs 4 days ago 1 reply      
This website is somehow blocked for me:

  This Page Cannot Be Displayed  Based on your corporate access policies, this web site ( http://www.gabrielweinberg.com/blog/2014/09/what-i-use-instead-of-google-services.html ) has been blocked because it has been determined by Web Reputation Filters to be a security threat to your computer or the corporate network. This web site has been associated with malware/spyware.  Threat Type: othermalware   Threat Reason: IP address is either verified as a bot or has misconfigured DNS.  If you have questions, please contact your corporate network administrator and provide the codes shown below.  Notification codes: (1, MALWARE, othermalware, IP address is either verified as a bot or has misconfigured DNS., BLOCK-MALWARE, 0x037419bb, 1409690418.913, AAAEOQAAAAAAAAAAJf8ACP8AAAD/AAAAAAAAAAAAAAE=, http://www.gabrielweinberg.com/blog/2014/09/what-i-use-instead-of-google-services.html)

acheron 4 days ago 4 replies      
One thing I've been looking to replace is Google News. Anyone know of another similar news aggregator? (Don't say "reddit".)
icantthinkofone 4 days ago 0 replies      
Interesting he uses Google Analytics as a "Google is tracking you" story when the real trackers are the companies that put Analytics on their web site. And all that tracking is now from a company they only bought relatively recently (Double Click) that had been tracking you long before Google bought them. But Google isn't the only company that does this and it's been done in far more places than just the web and not by Google and for decades.

Tracking you by marketing companies has been happening since I was growing up in the 60s. The only difference between then and now is it's also happening on the new internet thing. Everything else tracks you, too.

personlurking 4 days ago 0 replies      
In the face of nefarious agencies and companies that track, I don't think there's a 'best' option to switch to, per se, only a harder (to be tracked) option. Tracking, in my belief, still goes on, in one way or another.

So what are we left with? Trying as hard as possible to use online services for work (assuming that's your bread and butter) and to be in the real world for leisure, etc. Not always possible, and less possible as the years go on, but a lot better than thinking one (popular) online service will be a safe haven from another.

genericuser 4 days ago 2 replies      
Is there a good non-google alternative to Docs / Drive. I read the article hoping to find one, but didn't see any mention of one. Having a non-google version of a service which allows collaboration and modification of documents through a web browser, without additional software installed would be nice and I feel it must exist, but don't know where to look.

Anyone got a recommendation.

thomasfoster96 4 days ago 0 replies      
The problem that many people (me included) have with being tracked is usually that they don't know what's being tracked and/or how it is being used and stored. DuckDuckGo thinks that the solution is to stop tracking altogether, when really I'd be happy with just a search engine that was more transparent with what they were storing and using.
NicoJuicy 4 days ago 0 replies      
Personally, a bunch of your suggestions are based on Apple = severly censored, anti-competitive,... i REALLY don't like that.

If walking away from Google means switching to Apple, then it's a no-go for me. I'll rather have Microsoft ( fyi. i'm mainly a c# developer, but also python, RoR and nodejs )

kungfooguru 4 days ago 1 reply      
tl;dr: give your data to Apple instead of Google because...?
chimeracoder 4 days ago 0 replies      
> Email: Fastmail

I recently migrated to Fastmail, and I was pleasantly surprised by how easy it was. Fastmail automatically imports your emails from Gmail, and it took me so little time that I kicked myself for not doing it before.

> Calendar: iCloud

For those of us who don't use both OS X and iOS, this isn't feasible. Fortunately, though, Fastmail also provides a calendar service. It synchronizes with Google Calendar in case you still need to use Google (e.g. for work), and it was also a seamless switch.

As for a client, I was very surprised by this, but I've actually found that the latest version of Mozilla Lightning[0] is the best calendar interface. Fastmail's is okay, but still in beta (it's less than a year old). Setting up Lightning to sync with Fastmail's calendar took just a minute, and I actually like the interface more than I liked Google Calendar's[1].

Thunderbird is an okay mail client (not a terrible interface, but not a great one), but even if you don't use Thunderbird for mail, I would recommend trying out Lightning for calendaring.

[0] https://en.wikipedia.org/wiki/Lightning_%28software%29

[1] It's okay for viewing events in the week view, but there are a lot of UI quirks and bugs that catch up with you after daily use - this one is the most pernicious, but there are a number that are simply annoying as well: http://arstechnica.com/security/2014/01/how-google-calendar-... [2]

[2] Since I know people will ask - I consider this a UI issue because it's fairly easy to imagine a minor UI improvement that would indicate this unexpected result of Quick Add (and others) before clicking "Add" without sacrificing this functionality in case it is desired.

alex_duf 4 days ago 0 replies      
And for everyone ready to self-host, yunohost.org is a great and super easy solution to host email, calendar, files etc...

I would recommend, I think this distribution doesn't have the popularity it deserves.

tehwalrus 4 days ago 0 replies      
Fastmail still has hardware inside the US; not a viable alternative to Google, privacy-wise.

(have just checked out MyKolab, they seem pretty awesome, although alas too expensive for me right now.)

monokrome 4 days ago 1 reply      
I think that recommending BTSync is a bit scary.

Instead of accounts and a potentially long brute-force process as provided by Dropbox, BTsync relies on a public and "secret" key having been generated. This seems fine and dandy until you realize that the concept of brute force is an applicable means of getting access to anyone's BTsync if they are using the standard tracker.

Given enough storage space and bandwidth, someone could just create any number of shared folders assigning them all a different set of keys (this doesn't need to be done one-at-a-time) and wait for data to fall into them.

Doesn't this completely sidestep the concept of the data being supposedly secure in BTsync?

Morphling 4 days ago 2 replies      
>Phone OS: iOS

I guess there isn't much you can do with this, but is changing from Android to iOS really big enough difference?

xamdam 4 days ago 1 reply      
"But what do you use for search when you can't find it with DDG" is my question. (I do not work for the answer)
dreamfactory2 4 days ago 0 replies      
The bigger problem is that almost every message you send or are sent ends up going through one of goog, fb, or twitter anyway
eridal 4 days ago 0 replies      
google is not a "search engine" anymore.. so why would I keep using it for?

all services that I keep using, are those that kept me from going somewhere else (gmail replacement?), or those that I'm forced to use (not-removable android apps?)

so seems to me, I'm stuck with google -- at least for now

TheMagicHorsey 4 days ago 1 reply      
I did not know iOS and Apple Maps are more privacy centric than Android and Google Maps. Is that really true?
wcummings 4 days ago 0 replies      
I use fastmail, I'm happy to pay for an email service instead of seeing ads
sergiotapia 4 days ago 2 replies      
That's all fine and dandy - however most of the time when I'm working as a consultant, I'm created an email account on the company's domain. Typically hosted on, you guessed it, Google Apps.

For some people leaving Google is literally not an option, and that's a shame.

patrickaljord 4 days ago 0 replies      
Another day, another anti-google article by the duckduckgo guy, more FUD.
mikebay 3 days ago 0 replies      
I really do not like google or they spying.
goldhand 4 days ago 0 replies      
Who has time for this? Google can track me all they want but I'm not that interesting of a person to track :)
contingencies 3 days ago 1 reply      
Fastmail would be more attractive if they accepted bitcoin.
x0x0 3 days ago 1 reply      
Is there a good, paid, gmail alternative with the same conversations, labels, keyboard controls, and decent search? Ideally with both webmail, calendar, and an app? Also, ideally not associated with microsoft, yahoo, or even the valley? I keep seeing fastmail but it looks like just another email provider.

I keep pondering creating a service like this for say $40/year, but I'd rather to it than build it. I'm currently a tuffmail subscriber but I really want gmail with a clone of their android app, just in exchange for money and a strong privacy policy.

Cowicide 4 days ago 0 replies      
For those of you in this thread that are dismayed that some of us don't enjoy being tracked, I highly recommend a short, entertaining documentary that's currently available on Netflix, iTunes, etc. called:

Terms and Conditions May Apply



Actually, I think even some privacy-conscious folks might learn a thing or two from it as well. I know I did. :)

higherpurpose 4 days ago 0 replies      
Looking forward to use instead of Google's Hangouts: Signal on the desktop.
larrys 4 days ago 2 replies      
While it's not trivial it's not that hard to spin up a mail server on a VPS (which can run smtp, imap and/or webmail). For that matter you can run it off a static internet connection or even a dynamic IP from your home or office PC. (Running linux or Mac OSX never done it with windows although I'm sure you can).
molixiaoge 4 days ago 0 replies      
dhragoon 4 days ago 4 replies      
"Apple Maps"? This is shameless.

Not sure how to reconcile that with the seemingly mandatory PRISM invocations, the post was almost stomachable up until the Apple cameo especially with the recent privacy headlines. At Least recommend something that isn't a huge downgrade in functionality, an OSM client or something.

I'm sure that Apple adding DDG to Safari is the reason for this thinly veiled reciprocity.

Privacy or not these are people selling their wares and they are willing to be sleazy about it, this is not unlike the bullshit post about the fake cell antennas and the magical ROM that detected them that is making the rounds, it's disheartening.

thewolf 4 days ago 0 replies      
do you work for apple?
Modern anti-spam and E2E crypto
360 points by timmclean  1 day ago   124 comments top 26
petercooper 1 day ago 3 replies      
It's amazing how little sender reputation can count for with Gmail in the face of other features, however. I have a good reputation as a sender but also send almost a million mails a month and I spend a lot of time investigating oddities in Gmail deliverability.

All of my mails are newsletters containing 10-30 links, and more than once I've found the mere inclusion of a single link to a certain domain can get something into spam versus a version without that link, often with no clear reason why (domains that are particularly new are one marker, though). Or.. how about using a Unicode 'tick' symbol in a mail? That can get a reputable sender into Spam versus a version without the same single character (all double tested against a clean, new Gmail account) :-) Or how about if you have a link title that includes both ALL CAPS words and ! anywhere? Your risk goes up a good bit, but just go with one of them, you're fine..

I now have a playbook based around numerous findings like this, some based on gut feelings looking at the results and some truly proven, and even with my solid reputation as a sender, I'm having to negotiate a lot content-wise each week. But do I like it? Yeah, in a way, because it's also what stops everyone else being a success at it.. Gmail sets the bar high! :-)

(Oh, a bonus one.. include a graphic over a certain size? Your chance of ending up in the Promotions folder just leapt up. Remove it, you're good. It doesn't seem to be swayed much by actual content. So I've stopped using images where at all possible now and open rates stay up because of it.)

runeks 1 day ago 3 replies      
> A possibly better approach is to use money to create deposits. There is a protocol that allows bitcoins to be sacrificed to miners fees, letting you prove that you threw money away by signing challenges with the keys that did so.

This wouldn't work, because a miner can easily pay himself any amount of bitcoins that he has saved up in fees, and include this transaction in his own block (not broadcasting it). Thus he can basically create these "deposits" for free, and sell them for a profit.

That's the thing: whatever you try as a counter-measure, you always come back to money: in the above scenario, money would replace "deposits" because "deposits" would just be sold on the open market for money. Proof-of-work becomes money: if something important requires proof-of-work, you can be sure that a web app would surface that performs proof-of-work in exchange for money.

It always comes back to money, because whatever restriction you put on something, whether it be "pay fee to Bitcoin miners", "Solve proof-of-work puzzle", or something else entirely, these things will always end up being sold for money in an efficient market, because of the increased efficiency of division of labor: why should I use my inefficient smartphone to calculate proof-of-work, when I can pay a service with custom ASICs to do the job for me at a fraction of the cost?

As far as I can see, the only alternative that can work besides money is something that cannot be sold for money. And I can't come up with anything that fits this requirement.

sounds 22 hours ago 2 replies      
One important concept that seems to be missing from the discussion is Sender Stores.

Email currently uses a Receiver Stores model. SMTP servers can relay messages, but in almost all cases the message is transmitted directly from the originator's network to the recipient's network. The storage of the message only effectively changes _ownership_ once, even if the message headers say it was forwarded many times.

That makes email a Receiver Stores model: the recipient's network is expected to accept the message at any time and then hold it until the recipient comes to look at it.

Some of the bitcoin messaging protocols propose a Sender Stores model. That is, the message may be transmitted any number of times but the recipient's network is not responsible for long-term storage. The sender's network must be able to provide the message at any time up to the point when the recipient actually looks at the message.

There are some obvious restrictions such as requiring that the message be encrypted with a Diffie-Helman key (negotiated when the message is first transmitted to the receiver's network) to reduce the feasibility of de-duplicating millions of messages. And in order to prevent revealing exactly when the recipient reads the message, the recipient's network doesn't ack the message for a while.

Ultimately all of this is just designed to make bulk email (slightly) more expensive. Spammers run on very, very thin margins. But it doesn't do anything to solve the problem of account termination or blacklisting.

patio11 1 day ago 0 replies      
Worth reading for confirmation regarding the importance of reputation in deliverability, which is something that is not widely understood by non-experts but which has really toothy consequences for many HNers' businesses.
idlewords 1 day ago 2 replies      
This is an incredible write-up. Can someone who knows the author plead with him to write up the long history of the Spam Wars that he mentions in this document? I could read this stuff all day.
beloch 1 day ago 3 replies      
I'm not too knowledgeable about this stuff, but would it work if end-to-end encryption was only initiated after the first time somebody replies to an address? e.g. If somebody contacts you for the first time, they lack your public key (and/or a shared secret for authentication) and must send you plaintext. Then, if you reply, you automatically provide them with your public key and/or authentication info to send you encrypted messages in the future. Thus, most spam would be in plain-text, anyone who knows how the system works would avoid discussing sensitive info in the first email they send somebody, and everybody else wouldn't know the difference.
zokier 20 hours ago 0 replies      
One thing nice about E2E crypto in messaging is that it implies strong identities, which most importantly allow building whitelists with high level of confidence. And of course if we can make those identities costly to acquire/burn, either by proof-of-work or even just with a CA model, that alone should cut spam significantly.
thaumaturgy 1 day ago 3 replies      
Well this is pretty neat.

I've been working on custom software to improve the spam filtering on my mail server for the last year (side project). It currently works by letting hosted users forward spam messages to a flytrap account, and then the daemon runs, reads the forwarded message, tracks down the original in the user's mail directory, does a whois on the origin in the mail headers, consults its logs, and then adds a temporary network-wide blackhole to iptables.

Originally it was intended to work alongside SpamAssassin and SQLGrey and all that, but last night I started considering replacing SpamAssassin altogether. I love SA, but the spammers are beating it regularly now. My TODO notes in the code actually say, "reputation tracking for embedded URLs, domains, ccTLDs and gTLDs, sender addresses, and content keywords." I wrote the first bits of code for reputation tracking this morning.

It's not much of a step for the software really, because it already uses embedded URLs in a message as part of the profile "fingerprint" for finding the original message from a forwarded version.

But I'm a bit chuffed to hear that I'm on the right track, considering how effective Gmail's tactics have been. :-)

Small service providers have it really tough right now. Users don't tolerate any spam at all. A few years ago, the state of the art for small independent services was SpamAssassin + SQLGrey (or other greylisting) plus a few other tricks; that's not sufficient anymore, and most of us smallfry lack the resources to come up with something much better.

After just 6 weeks in production, the software already has 20+million IPs blocked at any given time.

sgentle 21 hours ago 0 replies      
I wonder if this would be an interesting application for Homomorphic Encryption. True FHE is still wildly inefficient, but there are some interesting applications like CryptDB where sort-of-Homomorphic-Encryption is feasible for certain restricted operations (keyword search being one).

In a system like that, maybe you could send your encrypted message along with some encrypted keywords that you consider to be spammy to some centralised service. That would, at least, avoid some of the client-side-filtering-is-too-hard problem.

As far as reputation, this might be one of the rare times where a Web of Trust seems like a good idea. Generating lots of false positives and negatives would be a lot less powerful if the value of those reports was filtered by how much you trust the account that made them. With email you already have an implicit source of trust, in that anyone you mutually email with is unlikely to be a spammer.

Seems like a really interesting problem space to be involved in.

dochtman 18 hours ago 0 replies      
I submitted this without the ?hn at approximately the same time. Pretty weird that this one gained traction while my submission did not.


ch 1 day ago 6 replies      
Couldn't some form of proof-of-work system be used to increase the cost of sending a message without it having much of an economic impact on a casual sender? Was that what he was alluding to with the "burning bitcoin" reference?
PaulHoule 13 hours ago 0 replies      
I think reputations are part of it but there are other aspects to.

I switched to gmail because my mail with every other provider and client was choked with phishing messages from major banks. So much work has been done on preventing origin spoofing in 2014 that accepting phony mail from chase.com is a sign of gross incompetence.

Oculus 4 hours ago 0 replies      
Really interesting article until it gets into the Bitcoin talk. I feel like his passion towards Bitcoins seeped a little too much into the article towards the end.
anon4 17 hours ago 1 reply      
So why not use one key per source, kind of something like this:

Alice wants to receive mail from Bob. Alice generates a public/private key pair and gives the public half to Bob. When Bob wants to send mail to Alice, Bob uses the public key Alice gave him. If Alice receives spam, she marks the public key it was encrypted with as "fuck it, the spammers got it" and never receives mail with that key again. Then she notifies Bob that the key he had has been compromised and sends him a new one. Alice could then, after Bob has lost her key to spammers one too many times, simply decide not to talk to someone like him.

This would give mailing list operators a large incentive never to share your email with anyone, otherwise you could just block them forever.

On the flip side, if the mailing list is really important to you, the operator could reject your new key and tell you you'll either receive their spam or you won't be part of the mailing list. Though I don't see why someone would do that in favour of just including ads in the mails themselves.

lazylizard 11 hours ago 0 replies      
could there be a antispam gateway that replies to 'maybe'(as in spam, ham and maybe) mails with a temporary url that hosts a webform, before they reach the inbox? the webform could even limit message length, prevent attachments, be protected by akismet and so on. let the message from the form be actually relayed to the real mail server. and once the recipient replies, automatically whitelist that sender or possibly even the domain?
p4bl0 20 hours ago 2 replies      
The discussion here is already quite long so maybe I missed it, but I don't see anyone asking (or answering) the first question that came to me while reading the linked email:

Why is the cost of end-to-end crypto never taken into account?

I just can't believe that we have reached a point where it is possible to cheaply mass mail the way spammers do if you need to encrypt each email for each recipient. That alone should be disuasive enough, at least that's always what I thought. If I'm right, all the discussion about the need for client to extract features from emails and send them to a necessarily trusted centralized third party is useless. But I may be missing something, where am I wrong?

fdsary 1 day ago 0 replies      
Btw, this is written by Mike Hearn, who'd I'd like to nominate to hacker of the year. Super cool guy, mad respect to him :)
hendzen 1 day ago 0 replies      
Mike Hearn is also a core Bitcoin developer, as well as an HN commenter. Hi Mike!
zerr 1 day ago 2 replies      
>we had put sufficient pressure on spammers thatthey were unable to make money using their older techniques

Could anyone comment how spammers make money actually?

loup-vaillant 1 day ago 4 replies      
> Botnets appeared as a way to get around RBLs, and in response spam fighters mapped out the internet to create a "policy block list" - ranges of IPs that were assigned to residential connections and thus should not be sending any email at all.

So basically, I can't send email from home? This is unfortunate. If we want freedom, we need decentralization, and this kills it.

bilalhusain 1 day ago 6 replies      
I wish Google provided an API to lookup a sender's reputation so that even a locally deployed spam filter could use the information.
orf 1 day ago 2 replies      
The Gmail spam filter is indeed impressive, but on several occasions I have found 'real' emails being triggering it. Those times were just me browsing the spam folder randomly and I hate to think what else it has swallowed.
joelthelion 19 hours ago 1 reply      
Can someone explain botguard? I'm not sure I get it.
awt 1 day ago 1 reply      
No mention of Bitmessage, which provides E2E crypto and anti-spam.
Zigurd 1 day ago 0 replies      
Some of my contacts have been using verification gateways/whitelists for email for decades. If spam were to become a problem, I would use one.
danso 1 day ago 2 replies      
Fascinating read, and as amazing as email is, the OP manages to still make me realize how much I take it for granted:

> So I think we need totally new approaches. The first idea people have is to make sending email cost money, but that sucks for several reasons; most obviously - free global communication is IMHO one of humanities greatest achievements, right up there with putting a man on the moon. Someone from rural China can send me a message within seconds, for free, and I can reply, for free! Think about that for a second.

Microsoft Defies Court Order, Will Not Give Emails to US Government
382 points by xamlhacker  7 days ago   116 comments top 25
jnbiche 7 days ago 5 replies      
The casualness with which the U.S. Government asks a private company to violate EU and Irish law is truly disturbing.

The U.S. Gov has gone mad with power.

And for perhaps the first time ever: bravo Microsoft! I don't even care if you did if for the PR, it's still a brave stand.

burgers 7 days ago 1 reply      
> Judge Preska of course feels differently, and she has consistently agreed with the prosecution argument that the physical location of email is irrelevant because Microsoft controls the data from its base in the United States.

I find this bit very interesting. As opposed to Microsoft being a US company, it is that it's operations are located in the US. I wonder what effects this decision could have on the US labor market if companies relocate operations in the same way they relocate certain things for tax avoidance.

mercurial 7 days ago 3 replies      
> Despite a federal court order directing Microsoft to turn overseas-held email data to federal authorities, the software giant said Friday it will continue to withhold that information as it waits for the case to wind through the appeals process. The judge has now ordered both Microsoft and federal prosecutors to advise her how to proceed by next Friday, September 5.

> Let there be no doubt that Microsoft's actions in this controversial case are customer-centric. The firm isn't just standing up to the US government on moral principles. It's now defying a federal court order.

Whoever wrote this clearly didn't bother wondering if, just maybe, handing out customer data "overseas" ("overseas" apparently means Ireland) would be illegal under EU and Irish law. But let's not minor details like this get in the way of good PR.

ryanburk 7 days ago 2 replies      
if the ruling is upheld, web services that face legal discovery like google, dropbox, facebook, microsoft, etc will face an amazing burden of data retention cost.

there is an amazing tax already on these services having to implement per government specific retention policies based on where they do business. for example in ireland, by law you need to be able to produce up to a year of content even if an account has been deleted. in the u.s. the period is much shorter. so if other countries create similar legislation after seeing a u.s. version of this law stick, everyone will have to implement a myriad of retention policies, or worst case retention, in every datacenter they operate. it drives up cost and complexity in the services.

this might not be popular to say, but microsoft taking a stand here is an amazingly good thing for our industry.

simonblack 7 days ago 0 replies      
I cancelled my Dropbox subscription several years ago for precisely this sort of situation. Not that any of my files are particularly wonderful, but the point being that I would no longer have control over other people having any and all access to them.

Microsoft will eventually roll over.

serve_yay 7 days ago 3 replies      
Not that I don't respect the decision, but something tells me that we would be less happy, in other instances, to see giant companies like MS decide when the law should apply to them.
rdxm 6 days ago 1 reply      
Here's the 64k dollar question. If Snowden hadn't dropped the dime on the douchebaggery going on not just at NSA, but also w.r.t. the complicity/cooperation by all the biggies(Google, FB, MS, etc), would MS be doing this?

I assert that the answer is clearly a big No....anyone else agree with me??

aikah 7 days ago 0 replies      
Impressive move by Microsoft, frankly i'm more enclined to use MS cloud services,if they challenge US court orders on a regular basis. do some people know what they risk?
spydum 7 days ago 1 reply      
So, I wonder if Microsoft wins this appeal, how practical would it be to stripe encrypted data across data centers in 2+ countries. The idea being that to obtain the data stored, would require legal authorization in each country?
mnglkhn2 7 days ago 1 reply      
Maybe I've missed it, but is data requested belonging to a US or non-US resident?
zmmmmm 6 days ago 1 reply      
It's a very confusing article, I must say. On the one hand it seems to imply Microsoft is defying the law on behalf of its customers. If that is the case MS is in contempt of court and presumably the board of directors and other executives could face criminal sanctions. However there's certainly no mention of that and in other parts of the article it sounds like this is just one more round in an ongoing legal case ...

> The removal of the suspension legally requires Microsoft to hand over the email immediately


> The judge has now ordered both Microsoft and federal prosecutors to advise her how to proceed by next Friday, September 5

Paul Thurrott is of course a relentlessly pro-Microsoft writer, and I can't help but get the feeling he's trying to take advantage of strategic ambiguity to put out a positive story here. I will stay tuned to see if indeed there is some kind of punishment meted out to Miscrosoft - otherwise my assumption would be that this is much less of a story than it sounds.

jburwell 7 days ago 0 replies      
I can't believe I am actually saying this -- "Go Microsoft!". For once, they are on the right side.
jrapdx3 7 days ago 1 reply      
This case may be the leading edge of a huge wave with a global sweep.

The sticky point may be that the locality of data is impermanent and ambiguous. In the MS case, though the data is said to be stored on a server in Ireland, it could just as well be distributed, moved or duplicated anywhere, and for all we know it already has been.

Eventually laws will have to come to terms with the implications of the Internet: data, like a flock of migratory birds, for its own reasons goes one place to another and knows nothing about national boundaries.

hartator 7 days ago 2 replies      
maybe I am some kind of sheep but this kind of stand makes me strongly consider again Microsoft as a platform of choice against Apple.

Bravo Microsoft.

thrownaway2424 7 days ago 1 reply      
This is interesting but let's give the cheer leading a break. What were really talking about here is corporations testing the size of their stick versus the government's. The feds are pursuing a USA case against and american entity and the data in question is held by another american entity, which happens to have moved it to Ireland. Well why did they do that and when? Was is always there and will it always be there? In what country is the data chiefly accessed? If it is sent and received by Americans exclusively then perhaps the place where it is nominally stored might not even matter. In that case the place of storage would be just the kind of corporate fiction that courts are happy to pierce.

What if the data is striped among all the countries where Microsoft has datacenters? Do you get the union of all possible data protections? Or the intersection?

There are actual legal questions here and Microsoft's position is not neutrally good.

wfunction 7 days ago 0 replies      
Am I the only one who's worried this may make the government less careful about giving orders in the future? (i.e. won't they figure "hey, let's just give the order; if they disagree then they'll defy it"?)
mindvirus 7 days ago 0 replies      
This raises the question: if the judge's option ends up being held, would any non-US based company buy services from a US company?
notastartup 7 days ago 2 replies      
Good job for Microsoft being the first to stand up against a surveillance government. If only everyone else was brave enough to follow, we would see change.
edoceo 7 days ago 0 replies      
+1 to MS!
jrochkind1 7 days ago 0 replies      
Thank you, Edward Snowden.
hellbanner 7 days ago 0 replies      
This is because the USG already has backdoors, right?
yutah 7 days ago 1 reply      
So I guess the US government is not logging everything yet... so this is 2 good news.
niels_olson 7 days ago 0 replies      
Watch my left hand waving while my right fist delivers a body blow.
okasaki 7 days ago 1 reply      
They give it to the NSA, and the NSA shares it with other govt. bodies through that search engine (and probably a dozen other ways).

Anyway, it always freaks me out a bit when people cheer a megacorp like MS. They're not fighting for you, they're fighting for your perception of them. The faster you cheer, the less they'll do.

venomsnake 7 days ago 1 reply      
I have a feeling that USG already have the data they need and are just running "parallel discovery/whitewashing" here.

Still it is nice to see MS take a stand.

Batsh A language that compiles to Bash and Windows Batch
399 points by kolev  5 days ago   122 comments top 37
ygra 4 days ago 1 reply      
Long ago I thought about writing something that compiles to batch files, if only to make complex logic a bit easier to write or make the process of thinking about every little syntactic idiosyncrasy less tedious. Since then I found PowerShell though, and the need of writing complex and sophisticated batch files isn't so much there anymore.

Nice to see this compiler adopting some idioms that make it easier for working with larger codebases, e.g. passing a return value variable name into subroutines. The author apparently lacks a bit of understanding on how to write robust batch files, though. Turning

  x = "a|b";

  set x=a|b
is surely going to cause trouble. Quoting the argument to set is also often much easier than correctly escaping every meta-character. And iterating over files by throwing for /f at dir's output will cause trouble with filenames that use characters outside the current legacy codepage (not to mention that /w is the wrong switch and /b must be used, otherwise you get funny "files" back like Volume, in, drive, C, ...). Testing their language and output for correct functioning apparently wasn't high on the list, or at least, as usual, only for bash.

(Bugs reported, but the choice of implementation language makes pull requests a bit hard for me. It also seems that the language is unusable for anything but simple stuff. readdir() returns a string with space-separated file names, but there is no way of iterating over them again (and it's not easy in batch files). Things like iterating over arrays or better support for printing text that does not cause trouble or side-effects have been known for over half a year without a change. I guess the project, while nice, is currently a zombie.)


Last thing I really wrote was a deployment script for a website that had to run on Server 2k3 instances where I wasn't allowed to install anything. And I still have a half-written bignum library in numerous batch files somewhere. Only addition worked properly, though.

rmchugh 4 days ago 1 reply      
I for one am disappointed that they didn't host this on a .it domain.
mlwarren 5 days ago 3 replies      
This is great for me. As part of my day job I am often stuck writing batch scripts (yes, in 2014) for clients that refuse to run powershell. Writing a simple batch script is usually not a problem, but it can be very encumbering as the complexity increases.

Thank you for sharing.

yulaow 5 days ago 6 replies      
I would have preferred a bash/powershell solution. Hoping no one is still writing batch files on windows... even if he is still using xp
kolev 5 days ago 1 reply      
This implementation is not perfect, although it's interesting that it supports Windows. I personally don't care about that, but it brings the idea to create some sugary wrapper around Bash that allows you to use Bash v4 features such as associative arrays in Bash v3, and wrappers that allow functions to return arrays and other typical headaches.
neilellis 5 days ago 2 replies      
So I like the idea of a cleaner higher level version of BASH that still works like BASH but doesn't have the baggage of it's evolution.

Key feature has to be output that is no less readable than the average bash script. Which it seems to be.

unexistance 5 days ago 2 replies      
1. From UNIX point-of-view, not all has the luxury of bash, so seems to be quite limited to a certain modern platform? I found out ksh are more prevalent

2. I actually use UnxUtils in windows so I can has POSIX command option (and scripting). Performance-wise, never tested as not needed, all short command / simple script

aaronetz 5 days ago 2 replies      
I'm not so sure about the utility of this in my case. I usually end up using python for scripts, with perhaps a one line batch file that runs it with some default arguments for convenience.
ptx 5 days ago 1 reply      
There's no mention of error handling, which is what really makes Windows batch files completely hopeless for anything involving more than one or two commands. Being able to write code with exceptions and having it compiled to the corresponding mess of ERRORLEVEL and GOTO would be sweet!

(I've switched to just writing everything in JavaScript for WSH. It's ECMAScript 3 and the API has some issues, but it's still a million times better than trying to write any logic in batch.)

xkarga00 5 days ago 0 replies      
chrisdevereux 4 days ago 0 replies      
This is a really juvenile comment, but batsh.it would be an excellent domain for this project.
tootie 5 days ago 1 reply      
So are we really supposed to install OCaml and compile it or do we use it as a hosted service? I can see that you just post a batsh script and specify your output, but I don't know if that's intended for public consumption. Otherwise this just looks like a POC.
callesgg 4 days ago 0 replies      
That files() function will not work properly.I have an old abandoned project, that has a proper directory listing function for batch, you can take that.


Much of the stuff there is half assed but there is some goodies. Like substring searching and dumping of stdout without using temporary files, which is insanely weird in batch definitely take a look.

mrcharles 4 days ago 0 replies      
About to go make a Batsh batcher so I can call it batshit.
eponeponepon 5 days ago 2 replies      
I want this to be great; it would solve no end of problems at my workplace.

Unfortunately, "You have to install OCaml (version 4.00.1 or higher) development environment before compiling Batsh" (not to mention "1. Install OPAM. See instructions.") basically makes it a non-starter for my purposes.

Why can't this take a batch file and translate it to Bash? Or vice-versa? Genuine question - I do not have a sufficient understanding of the fundamentals to guess.

tokenrove 5 days ago 0 replies      
I had to do this once to avoid having to duplicate a bunch of build and install logic (that couldn't assume some other scripting language was installed), but because of how limited batch is (powershell was not available at the time), I opted to write a simpler DSL that output one or the other. I could see this project developing in that niche by maybe providing more substantial built-in functions for common build/install script functionality.
malkia 4 days ago 1 reply      
One peculiarity of batch files, and how cmd.exe executes them is that they are being read over and over (or maybe they are simply mapped file).

I've found this by trial-and-error - while I was editing a batch file that was executing, it would suddenly error out with meaningless info, sometimes it'll print out the things I've just added to it.

giancarlostoro 4 days ago 1 reply      
Was discouraged at it being OCaml, but because you made it web based so it's accessible to everyone, you win a free internet.
Ono-Sendai 4 days ago 1 reply      
Just use a decent language like Ruby instead.
talles 5 days ago 1 reply      
This would be extremely handy for me in the past when I had to make both bash and bat scripts. I always hated with passion freaking Windows bat.
Maken 5 days ago 0 replies      
The way it compiles to Bash is far from efficient. However, seeing how Batch "supports" functions I can see there a good case use.
linker3000 4 days ago 0 replies      
Having just written a Nagios plugin with json parsing in bash (main design goals were no dependencies or support code/modules needed) and then 'ported' it to batch, I look forward to trying this.

..and why wasn't this posted 2 weeks ago!

nodesocket 5 days ago 1 reply      
Love the idea of writing bash in a higher, easier to read format, similar to CoffeeScript. Unfortunately Batsh is written in OCaml (the author addresses why he uses it though).

How do you use pipes in batsh?

golemotron 5 days ago 2 replies      
I can't think of a case where seamlessly having two different targets like this has worked - particularly if there's pressure to really support all of the features of both.
throwaway5752 5 days ago 1 reply      
I don't like the concept so much. They are their own languages, and I'd rather write very low level ansible primitives and build upon them than rely on a somewhat opaque translation process. Also, all automation I do going forward is PowerShell, not batch.

I could see a lot of places using it, though, so bravo for sharing.

olivierkaisin 4 days ago 2 replies      
Could be great to have a compiler js -> bash / batch
thomasfoster96 5 days ago 0 replies      

Also, why hasn't this been around before?

revskill 4 days ago 0 replies      
Great idea. Keep up the good work man.
aneeskA 5 days ago 0 replies      
Is there any way to convert Bash to Windows Batch using this tool? Then I would say this is very very useful.
metabrew 5 days ago 1 reply      
Great name
cheez 5 days ago 1 reply      
I just use Python if I'm going to install something anyway.
molixiaoge 5 days ago 0 replies      
just for save
n0body 5 days ago 1 reply      
I have to ask, why?
pentabular 5 days ago 0 replies      
bash(1) is a crazy shell. This here is Bat-Shit crazy.
shirman 5 days ago 1 reply      
A language that compiles to bash from what?
hucxsz 4 days ago 0 replies      
Does it useful? Just recreate a new language,then say a solved the issues. A user who want to use the 'Batsh' must learn the Batsh's new syntax.hehe
nisaacs 5 days ago 0 replies      
Proposing name change to 'batshit'
Mosh: A replacement for SSH
393 points by jayfk  5 days ago   119 comments top 22
hf 5 days ago 4 replies      
Mosh is a truly impressive feat of thought and, perhaps more importantly, engineering. The thinking behind Mosh is substantial, theparadigms are fresh. Reading about mosh on its excellent website,I always leave with a profound feeling of enthusiasm. Mosh belongs aschool of software development ethics that I'm sorely missing in the world.

However, I do concur that, perhaps, Mosh solves a deep problem on thewrong level or, even, in the wrong domain. The feeling, already expressed here, that "tmux oughta do it" never leaves me. Why is that?

Because I know that ssh, by itsself, can handle connection loss quitewell[0]. Rather, I suspect, ssh can't deal with IP changes or thedestruction of the underlying interface.

So, here's the rub: Why is a stable, somehow-abstract, network interfacewith a local IP, sitting on top of the actual network interfaces, be they wired or wireless, not the answer? Over the years, on and off,I tried to get the Linux ethernet bonding stack (ifenslave) to provideme with just that solution, but was never able to.

Hence, I keep revisiting mosh, then revisiting ifenslave...

[0] On a machine that doesn't dynamically switch network interfaces on demand, just unplug an ethernet cable, wait a while and plug it back in: your ssh session will resume.

sagichmal 5 days ago 10 replies      
Mosh is brilliant software. I use it every day. Being able to close my laptop, move to a different caf, and open it back up with all of my sessions seamlessly reconnecting is invaluable.

But -- mosh still can't do proper SSH agent forwarding[0], which is a real drag. Many of my common workflows become impossible. I hope it gets fixed!

[0] https://github.com/keithw/mosh/issues/120

zeograd 5 days ago 1 reply      
Too bad mosh needs an udp port to run its own server.

One of the greatness of ssh is its lean network requirements (it can even be considered https if seen from intermediate proxies, hence whitelisted) and this extra udp port is quite a burden in some environments.

I still agree that mosh is a fine tool for mobile users. I'm just a tad worried about its security layer implementation being less audites than openssh for instance (as mosh isn't as widely used)...

sjackso 5 days ago 1 reply      
Several commenters are asking what mosh provides that's better than ssh+screen/tmux.

A few years ago I spent a summer at a remote field site, sharing a flaky T1 with 100 other people over equally flaky site-wide wireless network. (Many of those people were undergraduates who had been politely asked not to use the research network to access facebook, but, well, you know.) Not only was packet loss common, but latencies to an outside host varied whimsically from 50ms to 2000ms. In those conditions ssh was unusable, tmux or not. I was able to do work on remote servers only because of mosh.

kolev 5 days ago 3 replies      
It's not a replacement at all - it doesn't support scroll back (screen buffer). Latency often changes the order of keystrokes. I've tried to used it so many times and gave up every single time after the enthusiasm ran out.
blueskin_ 5 days ago 1 reply      
My main issue with mosh is having to open a massive UDP port range, which just goes against my instinct when it comes to security.

The other security issue is the whole 'seamless reconnect' - it's probably been thought of, but does anyone have any links to how they've mitigated the massive MITM risk this opens users to?

emikulic 5 days ago 0 replies      
I wish half of this had been implemented in tmux instead. tmux is already client/server, add local typeahead (which is very cool) to the client and let me run it over whatever transport I want (spoiler: it will still be ssh, because I don't really benefit that much from their reinvention of TCP)
nieve 5 days ago 0 replies      
My biggest complaint about Mosh is that how it handles the login sequence breaks common .bashrc/.bash_profile idioms like

test -z "$BASHPROFILEREAD" || return

(to avoid double-sourcing) and there's no good way to fix them. I haven't tested ksh93/zsh yet, but I suspect similar issues. I suspect the developers do little more with their shell initialization than set a few aliases and variables so it's not an issue for them, but fixing it for myself is far more work than worth it. It's too bad, everything else works well for me with mosh.

phil_ips 5 days ago 1 reply      
Was thinking before opening the link.. do we really need a replacement for SSH?

> supports intermittent connectivity

That's all you need to say really..!

zobzu 5 days ago 0 replies      
are those links becoming invalidated after 3month and auto reposted or something ?This URL must have shown up like 3 times on the front page in the past year alone
Gonzih 5 days ago 1 reply      
How it can be replacement if it uses ssh to start daemon on server to listen on UDP port? But yes, it's great. Still not perfect, still issues with non unicode chars sometime, still some issues with rendering from time to time.
dllthomas 5 days ago 1 reply      
I actually find lack of local echo somewhat valuable. When my connection is spotty, that gives me immediate feedback about what is and is not getting through.
snvzz 5 days ago 0 replies      
Mosh is nice, but "A replacement for SSH" is quite stretching it, considering it does use ssh to setup its own connection and so it depends on SSH.

It also doesn't provide most of SSH functionality, and it doesn't support IPv6 yet, whereas SSH does.

theandrewbailey 5 days ago 0 replies      
Getting 403 forbidden, so have some cache:


afarrell 5 days ago 0 replies      
I have been using mosh for two years now and it has greatly improved my life. It means that rather than buying a brand-new laptop, I can just connect to a $5/mo linode with an SSD and program on that.
pbhjpbhj 5 days ago 0 replies      
FYI to install on Kubuntu 14.04 I only needed to "sudo apt-get install mosh" to get mosh 1.2.4a.
lasermike026 5 days ago 1 reply      
Has security review been done?
teamhappy 5 days ago 0 replies      
Still one of of my favourite tech talks. Mosh is great too.
plicense 5 days ago 0 replies      
Aw, fonts - http://imgur.com/v9E9vOY, the full stop under the P.
zhovner 5 days ago 3 replies      
Scrolling still not working?
xxdesmus 5 days ago 2 replies      
Nice repost? Posts about Mosh from 2 years ago:


...just to name a few examples.

Mosh is awesome, but also not something new.

hbbio 5 days ago 1 reply      
In French, Mosh is exactly pronounced as "moche" which means ugly.

Of course, this doesn't change anything in the project interest!

CSS Shapes Editor for Chrome
401 points by jonphillips06  4 days ago   33 comments top 13
mattdesl 3 days ago 2 replies      
Nice! I've also been working on some vector tools in the browser: http://mattdesl.github.io/path-illustrator/demo/advanced.htm...

I think dev-centric vector tools present a really good opportunity to improve the workflow between devs and designers and change the way many of us design web UI/animations. My main goals and interests:

- modular tools that are not encased within a monolithic editor

- animation/key frames

- renderer agnostic (for use with canvas/WebGL/CSS/etc)

- publishing path/animation state as a npm module, so that others could just "npm install spinny-preloader"

- ultimately building a suite of tools for more fluid motion graphics that render in real-time in the browser, but look just as good as something from After Effects

I wonder if some aspects of your tool could be reused for some of these goals.

fenomas 3 days ago 0 replies      
CSS Shapes are still on the horizon, but not far off. Blink added the intent to ship them in May [0], and Apple called them out as one of the new web standards that will be in Safari 8 [1].

There's also a polyfill, incidentally: http://blogs.adobe.com/webplatform/2014/05/12/css-shapes-pol...

[0]: http://bit.ly/blinkintents

[1]: http://9to5mac.files.wordpress.com/2014/06/screenshot-2014-0...

bramgg 3 days ago 0 replies      
This looks awesome! Not really usable yet due to the lack of browser support[0] (Chrome 37+ and Safari 8 with -webkit-), but it's this kind of thing that rallies support for web standards.

[0] http://caniuse.com/#feat=css-shapes

psteinweber 1 day ago 0 replies      
Side note: The use of the GIFs on the page really cuts to the chase and shows immediately what everything is about. I only watch explanatory videos if I'm really interested in a product, therefore appreciate this presentation.
timothya 3 days ago 1 reply      
CSS Shapes are still pretty new; looks like support is only there in the newest version of Chrome: http://caniuse.com/#feat=css-shapes
LukeB_UK 3 days ago 1 reply      
I didn't know that CSS shapes was a thing. That's really cool.
mxfh 3 days ago 1 reply      
Since this is deep into type setting/layout territory what's the state of

    hyphens: auto

or is it still better to rely on adding soft hypens via script? Like hyphenator.js https://code.google.com/p/hyphenator/

juanplusjuan 3 days ago 0 replies      
Cool! Can't wait for it to appear in a standard CMS (e.g. WordPress, SquareSpace, Weebly). Seems like it's the perfect addition for professional editors a la Scoop (http://open.blogs.nytimes.com/2014/06/17/scoop-a-glimpse-int...)?
bambax 3 days ago 0 replies      
Wow, fantastic tool, and great examples. Thanks for sharing.
ivanca 3 days ago 0 replies      
In 2011 I created a JavaScript to do exactly what CSS Shapes do: https://github.com/Ivanca/Creative-Text-Boxes, it even works in IE6+. It had a domain but due to lack of interest is now gone but there is still a copy here: http://nyudvik.com/ctb/ , it has a GUI tool to generate the code for any shape: https://www.youtube.com/watch?v=iZ0_wxz5WQM

Off-topic: I'm looking for a remote part-time job as JavaScript Developer, if anyone is interested write me an email (ivanca@gmail)

zeroonetwothree 3 days ago 3 replies      
This is cool, but reading text with oddly-shaped images inside of it is pretty annoying. I hope CSS shapes aren't going to be used excessively.
scoot 3 days ago 1 reply      
Just curious, why can't the shape be generated from the outline of the image alpha with an offset, rather than having to be generated by hand?
grizzles 3 days ago 3 replies      
Why would one use CSS over SVG for this?
Notes on the Celebrity Data Theft
363 points by nikcub  4 days ago   274 comments top 21
rayiner 4 days ago 6 replies      
I wrote this in the other thread on the leak before it died:

> Even if the leaks result from one at a time social engineering, it still really calls into question the practical security of the cloud. I doubt it's much harder to steal, e.g. confidential business documents from executives' cloud accounts than it is to steal pictures from celebrities' cloud accounts.

> If I were a big organization with confidential information, I'd really be thinking hard about my cloud policies and my BYOD policies right now. The policy at my previous employer (we handled a lot of extremely sensitive information), was pretty draconian: data never leaves a company desktop, laptop, or blackberry.

The fact that the users may be the biggest security leak is more alarming than it is relieving. Software bugs can be fixed. Getting users to follow proper security practices is much harder. And frankly, it doesn't help that the industry is actively user hostile. I gmail my passwords to myself because every site has different password rules and force me to change my passwords too often.

karlick88 4 days ago 9 replies      
While I am complete appalled by the data breach and hope that similar things never happens to anyone again

I would like to propose a purely thought experiment:

The hacker reported sold the nude photos of Jennifer lawrence for a mere sum of $130 using bitcoin.

If we apply game theory here, these kind of data is very difficult to monetize. If you sell one copy of the data, it is then immediately distributed online for free. Although, nude photos of celebs are arguably very valuable.

The question is: What is the ideal path for these people to maximize profits?

I think the better alternative would have been a kick starter type model where the attacker will only release photos if reaches a funding goal (let's say $50k). The attacker might release less revealing photos to build interests in the goal funding.

I often hear about decentralized kickstarter models with bitcoin (mutlsig; or ANYONE_CAN_PAY hash type). But I always thought of them as gimmicky. This is actually a use case for it.

So going beyond, celeb photo breach, this similar model should be applied to many more scenarios. ie.

1. you have a valuable asset,

2. but it loses value immediately after the first distribution

3. so you must capture all of the value at distribution


Anyone can pay: https://bitcoin.org/en/developer-guide#term-sighash-anyoneca...

eknkc 4 days ago 9 replies      
I use strong passwords generated by 1Password for everything.. except for iCloud. There I have an idiot password.

Why? Because freaking iPhone asks for that when I want to download something from App Store. How do you guys handle that?

lambdasquirrel 4 days ago 5 replies      
The thing that bugs me is that you could have good password practices. But if you're having a party, having a fun time (and lets face it, people are going to do shit...), and one of your friends is snapping photos of you, and they have bad password practices, then you are kind of screwed. People don't typically make friends on the basis of: do you have good password practices.
city41 4 days ago 2 replies      
> Password reset is answering the date of birth and security question challenges (often easy to break using publicly available data birthdays and favorite sports teams, etc. are often not secrets)

I really dislike this trend of "personal questions" to reset your password. The first car I owned or where I'd like to retire is easily obtained information. When are websites going to stop doing this?

I answer these questions using passwords generated from 1Password. So basically I have 4+ passwords per sites that use these questions. Very annoying.

abalone 4 days ago 1 reply      
Choice quote:

To reiterate what the main bugs are that are being exploited here, roughly in order of popularity / effectiveness:

Password reset (secret questions / answers)

Phishing email

Password recovery (email account hacked)

Social engineering / RAT install / authentication keys

Note: Not weak passwords.

nodata 4 days ago 6 replies      
Why is nobody talking about password reset questions?
theDustRoom 3 days ago 3 replies      
I use a Yubikey with a generated key.

This is only half of my password; the first part is a password I can remember easily with numbers and letters, the second is the generated key.

This means that even I don't really know my password and if someone found my Yubikey then it's useless to them without the other half that only I know.

(I do have a printout in a safe place of the key and also a backup Yubikey)

I use this password for my computer as well as my 1password vault which is generally filled with randomly generated keys for each website.

Might sound a bit overkill but if you can; why not?

elwell 4 days ago 4 replies      
Just to give OP a heads up: the article's font is rendering terribly in Windows Chrome.
shouldbeworking 4 days ago 1 reply      
Isn't showing partially blacked out private photos still a violation of privacy? If the author of this post really wants to be white hat, he should modify the image (above 14) to obscure the non-blacked out part of the photo with a different color. I'm unfamiliar with that celebrity in the picture but if I was familiar with her work, it would feel creepy to look at it.
julianpye 4 days ago 0 replies      
The average user does not know much about security. They trust Apple's brand more than they trust their friends (with secrets and health apps) and they will now likely stop using many services rather than step up security.

What is interesting is that the perception among normal people I heard speak about this is that all of iCloud has been breached, i.e. everyone's photos are in the hands of hackers and they only released the pics of celebs.

The reality is of course likely that an attacker was able to hack one phone which among photos hosted contacts and mail addresses of other celebs and from there on they got their hand on more accounts to directly target.

Anyway, my point is that to average consumers it does not mean that they need to use stronger security or that they would understand about targeted attacks. They will believe Apple has been breached and they will think more before creating private selfies or putting health data onto their until now so trusted companions.

fpgeek 4 days ago 1 reply      

  > 6. iCloud is the most popular target because Picture Roll backups are enabled  > by default and iPhone is a popular platform. Windows Phone backups are  > available on all devices but are disabled by default (it is frequently enabled,  > although I couldnt find a statistic) while Android backup is provided by  > third party applications (some of which are targets).
Fragmentation, for the (security) win!</sarcasm>

Not really, of course. The big win (shared by Windows Phone) is simply not turning on the security-sensitive cloud service by default. That being said, it is worth noting that enabling/encouraging third-party service competition can create an extra hurdle by discouraging cloud-service monocultures.

ams6110 4 days ago 0 replies      
I think the cloud has proven to be untrustable. One must assume that any data on any public cloud service (including email, photo libraries, documents, mobile device backups, etc.) will become public, and use the cloud with that mentality.
stevenh 4 days ago 3 replies      
Reddit should not be listed among the sites hosting the stolen images, as reddit does not support image uploads. Imgur is the primary site hosting the stolen images in that case.
DanielBMarkham 4 days ago 1 reply      
So if I'm understanding this from a technical perspective, the real story is that this is/has been going on for quite some time, and there's an entire ecosystem devoted to it. The general public rarely ever sees behind the curtain, but somebody got greedy in this case and we ended up in a race to the bottom.

If true, interesting that such a layered economic structure can exist without much press or public comment -- until something like this happens.

Fascinating. Makes you wonder what percent of the total activity these 100+ celebrity invasions represent.

uladzislau 3 days ago 2 replies      
I'm wondering if simple GeoIP check can prevent lots of intrusion attempts - if the user consistently logs in from one location and then suddenly tries to log in with the wrong password from the distant one, that's the red flag that warrants temporary account lockout at least.
brador 4 days ago 1 reply      
Icloud hacking was mentioned and everyone has jumped on it. Many cell transmissions are unencrypted. MITM attacks should not be thrown out as a possibility. Malware is also a vector, including apps.
codezero 4 days ago 0 replies      
I'm just guessing here: there wasn't a security breach. Phishing is different from someone breaking into the iCloud service as a whole.
ksec 3 days ago 0 replies      
Why doesn't platform maker like Google, Microsoft and Apple have their Password manager and forces the usage of it?
api 4 days ago 1 reply      
Read the comments to this blog post. The misogynistic mouth breathers are out in full force as usual.
serve_yay 4 days ago 0 replies      
Please don't post
Show HN: Famous Outfits
350 points by jadlimcaco  2 days ago   199 comments top 60
dxbydt 2 days ago 7 replies      
Very nicely done. If you did this for Indian celebrities, VCs in India would throw eight figure sums to buy you out.As an immigrant, I'd say Americans are relatively more rational ie. not so celeb-crazy as to completely remodel themselves after a celebrity, though teens, especially teen girls tend to be an the outlier in this aspect. But if you look at celeb-crazy countries like India, you have grown men & women in their 20s,30s,40s...who will ape celeb dresses, celeb haircuts, celeb behavior even. I have had the unfortunate experience of sitting through entire 3-hour Bollywood films where all the audience did was take notes on what the lead heroine was wearing so they could go home & purchase those exact outfits.
jasongill 2 days ago 3 replies      
You need to sign up for Viglink or Skimlinks ASAP - the fact that you aren't using affiliate links is literally costing you.

Those services are a single line of javascript which automatically affiliates any outgoing link, and they are perfect for sites like this where you can't waste time trying to maintain affiliate accounts with hundreds of advertisers.

No offense to you, of course, but the fact that sites pop up on HN regularly of this type without affiliate links amazes me.

usaphp 1 day ago 1 reply      
Very nice! I just placed an order on the watch that Daniel Craig wears [1] (not because he wears them, just because I like them) and noticed that there is no affiliate code in your links to amazon!?

1. http://famousoutfits.com/dress-like-daniel-craig/

tomhschmidt 2 days ago 3 replies      
I like the concept - most of these kinds of posts are done completely ad hoc and are distributed across all of the various men's fashion forums - but the URL made me think this was going to be a breakdown of famous outfits worn by characters in TV and movies (e.g. The Driver's outfit from Drive).

Also, most of the outfits you picked are pretty stale. Go for one that are more exciting or with pieces that would be more difficult to figure out.

whatnottt 2 days ago 2 replies      
You know what would make this a lot better? Packaging it up so that one wouldn't have to go to 10 different stores to pick the items up.

I'd order straight away and pay a premium to save the hazzle. A logistics challenge for sure, but you'd have at least one customer right here.

drinkzima 2 days ago 1 reply      
Pretty similar to what you see in lots of magazines:http://www.instyle.co.uk/fashion/get-the-look

And the celeb style guide:http://www.celebritystyleguide.com/

richmarr 1 day ago 2 replies      
The main scalability issue with this is that the products you've found will quickly go out of stock, so as you build up a collection of outfits you'll face an increasing burden going back and checking all of the products to see if they're in stock (or risk damaging your brand).

I worked on something similar back in 2008. We were looking at ways of monetising our visual similarity engine. We could mark a set of query products for each outfit and return a selection of products that were both similar and in-stock and give the customer the option of filtering by price range or whatever.

There were some nice challenges in there, like processing gigabytes of retailer feeds as rapidly as possible looking for new items, standardising various huge feeds without using up developer time, product deduplication, image feature extraction, designing the indexing method (we ended up using the Visual Words technique with a custom distributed Lucene inverted index as Solr didn't support partitions at the time). It was a really fun project... and I've drifted far enough off topic that I'm going to finish up.

The tech was pretty solid (and replicable if you can get someone decent to do the CBIR piece) but we ran out of runway.

lotophage 2 days ago 0 replies      
Like a contemporary version of:http://nerdboyfriend.tumblr.com/
kentbrew 2 days ago 1 reply      
This looks pretty neat and you did a great job with your Pin It buttons. You may wish to consider adding this META:

<meta name="pinterest" content="nohover"></meta>

... to the HEAD of any page that already has a Pin It button aboard. This will tell the Pinterest browser extension not to bother showing hoverbuttons on this page.

jadlimcaco 2 days ago 5 replies      
By the way, looking for feedback on design, content, functionality, and overall idea. Feel free to ask me any questions. Thanks!
bshimmin 2 days ago 2 replies      
Great looking site.

Funnily enough, asos.com, which is something like the third biggest UK Internet company now (according to some slightly dubious stats that were posted here a month or two ago), actually started out with a similar premise: they don't mention it much these days (a tiny link in the footer which leads to a page looking like it needs a bit of love [0]), but the acronym originally stood for "As Seen On Screen", and you could buy near-replicas of clothing worn by stars both on and off the screen. Back when I was young and impressionable, I bought a leather jacket much like one of the ones Brad Pitt wore in "Fight Club".

[0]: http://www.asos.com/asos-as-seen-on-screen/cat/pgehtml.aspx?...

backwardm 2 days ago 1 reply      
I wonder how they know what socks the celebrities were wearing? They are nice socks, I just can't see them in the actual photos.
anigbrowl 2 days ago 1 reply      
Suggestions from Mrs Browl - great, but do the same for celebrities of different ethnicities and sizes. There are plenty of guys who are shaped like Seth Rogen, Jonah Hill, John Goodman - all of whom are well dressed.
ralphos 2 days ago 3 replies      
Nice execution. We had a similar idea called http://www.pinchthelook.com but for women. The feedback was great and people 'loved' the site but ultimately we couldn't get to a scale where there was enough traffic and clicks to make it worthwhile. Engagement isn't fantastic since it's more of a quick browse and if I like something click away from site.

Perhaps this idea will work better for Men as they probably need a bit more help in piecing together a look (more often than not) ;)

calmturtle 2 days ago 2 replies      
I love this idea!

I don't think you need to use celebrities at all. If you had well dressed men with different styles with links to the stores where one can purchase the items, I think men will like it more. I don't think a lot of men feel comfortable with "dressing like a celebrity" but most don't mind getting ideas for a wardrobe. It will also solve the issue of rights infringements.

The only thing I didn't like is the links to the socks that are not visible in the picture.

orasis 2 days ago 1 reply      
This is a great idea. I would be careful going too cheap on the recommended pieces. For example, on the Theo James, there is no way I would buy a Haynes T-shirt. If super-cheap is your target market, then great. But, you could also go thewirecutter style and have "Get this look for under $100" and "A more expensive version". Good luck on the execution!
nilkn 1 day ago 0 replies      
I like the simplicity of it. I could see myself actually using this to buy a new outfit, whereas for most fashion sites I feel hopelessly lost because, truthfully, I just need someone to tell me what to get. I have a vague desire to dress well, but I find I just can't be bothered to keep up on trends to research how different pieces go together myself.

Presenting a clean list of outfits from which I can choose, with each outfit having every individual component already mapped out, represents an easy compromise.

rootedbox 2 days ago 4 replies      
If you made this as a commercial venture you are probably infringing on these celebrities personality rights.
chandraonline 2 days ago 0 replies      
johnlbevan2 1 day ago 0 replies      
See also: http://www.thread.comStylists recommend outfits for you based on criteria you specify & photos you upload.
adrianwaj 1 day ago 1 reply      
Nice. Of course the obvious criticism (to me at least) is that the exacts products are not the same even, though the overall look is, eg David Beckham's shirt or JT's cardigan.



Comments are a good idea, but I wonder if eventually you could crowdsource finding the exact product, perhaps giving a reward to whoever guessed it right from some bounty pool.

You might even get celebs themselves cooperating - perhaps you could notify them by twitter, and post their replies to the page, or offer some unique hashtag if they want to declare what they were wearing.

Or, more realistically, have fans send tweets out on your behalf to elicit a response from a celeb that you could then record: that can be done automatically. Eventually you could have a celeb claim their page for customization.

It'd be also interesting to allow users to post pictures of themselves trying to look-alike. They could mention if they found the exact brand-copy in their subsequent shopping. Then the underlying celeb (or rather brand) might become interested in working with you.

dtournemille 2 days ago 1 reply      
It would be a much better customer experience if you could buy the entire outfit in one action -- add outfit to cart, checkout, done -- instead of going to each product's ecommerce site individually, which would take quite a long time. I realize these are all different stores operating on disparate platforms -- Hybris, Magento, Oracle ATG, Elastic Path, etc. -- but aggregating it somehow via a middle platform would be much more seamless to the end user. And the site operators could take a small cut.
Clanan 2 days ago 2 replies      
Great-looking site, but did you license the images used? Celebrity photogs won't take kindly to usage without permission. I've even heard of blogs being sued for similar.
catshirt 2 days ago 2 replies      
great idea. not all sunglasses are wayfarers though...

would be cool if you had mechanisms for swapping out similar items. so you could "fork" a look, if you will.

josephjrobison 2 days ago 1 reply      
This is amazing and I've wanted this for awhile but didn't know where to find it. Great execution, keep on trucking and it'll do very well.
gadders 1 day ago 1 reply      
Isn't this how ASOS [1] started? It used to be called "As Seen on Screen" and you used to be able to buy, say, the same baseball cap as David Beckham or the leather jacket that Tom Hanks wore in Movie X etc.

[1] www.asos.com

greenwalls 2 days ago 1 reply      
Awesome idea! Adding a forum or some type of community/social aspect might be even more fun for visitors. I noticed the comments at the bottom of the pages and it looks like some visitors are already posting some things and that's great. Maybe with some more social features you can build a community and bring in more traffic.
safelysell 2 days ago 1 reply      
This is really good...I like the concept. I hate shopping online for single items online and i do find myself 'borrowing' from the style of others.

Packaging up all items for delivery is great. Having people upload their own style and having your site do the same with their picture would be pretty awesome.

serf 2 days ago 0 replies      
great site. neat concept.

i'm so out of style, but I can take away one thing from that first page : crotch depth in men's pants is too low now. I know fashion is cyclical, but it feels like we're about to witness the re-emergence of 80's style high-waist jeans.

god those were uncomfortable.

shrikar 2 days ago 0 replies      
I also had worked on something similar


Example of wardrobes :http://getsnapcode.com/wardrobes/18

leephillips 2 days ago 0 replies      
James Bond does not wear those socks.
jasondc 2 days ago 2 replies      
I found some shoes to buy from your site, great job! This also works for interior design, most people just want to find out where to buy the items they are looking at. Houzz is starting to do this, but on a limited basis.
paulse 2 days ago 1 reply      
I made something similar to this but more DIY -- not curated outfits worn by celebs, but outfits designed and shared by you.


api_or_ipa 1 day ago 0 replies      
very nice. bookmark'd and hopefully I'll remember it in a few days when I go fall shopping.

Edit: I should just say that other than the landing page, the page css doesn't seem to be loading properly. You should probably fix that. Sites other than HN benefit from nice graphics.

sgustard 1 day ago 0 replies      
Looks awesome. You could use the ShopStyle API to monetize product links. http://shopsense.shopstyle.com
jscheel 2 days ago 0 replies      
Now I just need one of these that sources from stores that actually carry my size. Pretty sure my fat butt would be turned away at the doors of Uniqlo or H&M.
math0ne 2 days ago 2 replies      
Looks like a cool idea, I'm not sure how accurate the products you link to are to whats pictured though. I would work on making that more accurate.
adambratt 2 days ago 0 replies      
I've wanted this for years... I even own the website http://www.styleaday.com
prawn 1 day ago 1 reply      
How are you handling photo rights/licensing?
malditojavi 2 days ago 1 reply      
Sorry to interrupt the party, but LookBook was already doing it at least 3 years ago - that I remember: http://lookbook.nu/look/6605676-Sheinside-Bet-Printed-Choies...

Also, if you liked that site + you would like to do money with it, check out http://www.seedtag.com/ it's like the big brother idea of that site. I see an incredible potential on it.

spindritf 2 days ago 1 reply      
I subscribed. The RSS feed is here http://famousoutfits.com/feed/ BTW.
napolux 1 day ago 1 reply      
Why don't you use referrals where possible (i.e. Amazon)? I think it will convert a lot!
Paul_S 1 day ago 1 reply      
You need to add more famous programmers to your list for variety's sake.
aarondf 2 days ago 2 replies      
My roommate works at RewardStyle, you should look into their platform for monetization. It's pretty awesome.
nedwin 2 days ago 1 reply      
This is awesome. I have a feeling Instagram is going to be your biggest growth lever.

No affiliate links?

raquo 2 days ago 1 reply      
You should monetize this with affiliate links at the very least. Looks like a promising project, good job!
everettForth 2 days ago 1 reply      
The jacket Ryan Gosling is wearing has a front pocket. I don't think it's the Perry Ellis Bomber Jacket.

His boots also don't look like Steve Madden boots.

This is a great concept, but it would be a lot more meaningful to me if I knew I could trust the product listings.

swah 2 days ago 0 replies      
Do post on /r/frugalmalefashion and /r/malefashionadvice
misiti3780 2 days ago 0 replies      
Why put David Beckham's socks on here when you can clearly not see them in the picture?


ethnt 2 days ago 0 replies      
Coolspotters, the site I run, does the exact same thing! We have a big library of celebrities and the clothing they're wearing. http://coolspotters.com
backwardm 2 days ago 0 replies      
How do you know what socks they were/are wearing?
BorisMelnik 2 days ago 0 replies      
very cool, love the idea. I spoke about this idea in the past and if someone could execute it properly it could go somewhere. Any plans to monetize?
tyndierock 2 days ago 0 replies      
Monetize this by using http://www.viglink.com/ and watch the dollars pour in!
gprasanth 1 day ago 0 replies      
The CDN is down :/
gohrt 2 days ago 0 replies      
These guys are wearing regular department-store looks.
joshmn 2 days ago 0 replies      
Great, now ship it to me.
aagha 2 days ago 0 replies      
Get on Twitter.
hnriot 2 days ago 1 reply      
Who wants to copy what some celeb has on??? I can't believe there's a market for this. Then again, I thought Twitter was a stupid idea...
scoofy 2 days ago 6 replies      
Hmm... love the idea, and it'll probably make money, but the problem with anything like this (even magazine ads) is that cut is paramount and people come in different shapes and sizes. Clothes fitting properly matters much more than what they look like on the rack, and more often than not, cuts at discount stores are either atrocious, or they are designed for fit models (those lucky jerks).

I can go to uniqlo, i can buy a shirt that fits my sholders great, at target? Forget it. Back at the uniqlo, i may try going to their jeans section, but nothing fits me, nothing. I have to get levi's because i have odd hip/leg ratio and they are the only firm that can sell me that cut for under $100. I am limited excessively by this... and we are only talking about basic blue jeans.

The celebs look good because they have the time and money to buy stuff that fits, and looks great together. Imitation may be a great way to same the time, discounted imitation may be a way to save the time and money, but i think that in neither case you'll look good.

The best thing to do is to get into looks as a whole, and once you have decent taste, buy thing that work for your body. It's not easy, and it may not be as cheap as these places try and get you to believe you can do it for, but at the end of the day, you'll look good, instead of a crappy version of Zac Efron.

encoderer 2 days ago 1 reply      
Well done and congrats on launching. But I hate that it's all about promoting cheap consumer goods that were made in a Chinese sweatshop and are half way to their final destination in an American landfill.

I'm not trying to sound elitist, but Old Navy? That stuff is garbage and will fall apart. And before somebody points out that not everybody is as fortunate as I must be: Clothes and other textiles once made up a much larger percentage of our incomes. Clothes are relatively cheap and if there's any issues it's because of a choice to emphasize quantity over quality.

Our consumer more-is-better culture is certainly not your fault. I just lament doing anything to fuel it.

Edit: if I had to suggest a place to buy affordable clothing, I'd say http://everlane.com

FTP Server at LSUHealth New Orleans
339 points by nwalfield  6 days ago   95 comments top 24
SeanDav 6 days ago 9 replies      
This is a symptom of an unfortunately very common reaction to system security. Unless businesses are actively encouraging bug hunting, almost unbelievably they will act with a lot of hostility to exposure of weaknesses in their systems and will often shoot the messenger with extreme prejudice, even if they receive the information privately.

There are countless examples of people getting burned rather than rewarded or even thanked for bringing to attention some sort of flaw. My advice is do not bother. There is almost no upside for you and likely very significant downsides.

jnbiche 6 days ago 1 reply      
Sam, if you're reading this, you need to find the newspapers' ombudsman. You'll probably get better results from him/her than the CEO, since their job is specifically to address these issues and in a decent organization will be given the autonomy to do so (no guarantees here!).

It's not clear to be that LSU is responsible for anything more than shitty security. It's possible that they told the newspaper lies, but it's also possible that they told them the truth and that the newspaper misreported. I think reporting them for a HIPAA retaliation may have been premature, unless you know more about this situation than you wrote on your site (as opposed to reporting a HIPAA violation, which this clearly is).

But best of luck going after the newspapers. I'm getting sick of these "journalists" making up lies about the central figures in their stories without bothering to even check with them first to get their side of the story.

EDIT: Aaand, apparently, neither publication has an ombudsman, which tells you a lot already. Not a big surprise with SCMagazine, which is some kind of trade magazine, but it's too bad that even a small-circulation newspaper like the News Star wouldn't have one.

Mithaldu 6 days ago 0 replies      
The follow-up article ( http://www.scmagazine.com/professor-says-google-search-not-h... ) has the most ironic line in it:

> At press time, Sam Bowne had not responded to a Thursday email and Friday phone call from SCMagazine.com for comment.

tptacek 6 days ago 0 replies      
Falsely accusing someone of a crime often isn't just libel, it's per se libel, meaning that that there's liability even if the aggrieved party can't prove damages. Running a newspaper article that turned out to be false without even attempting to contact you might clear the negligence hurdle here.
metaobject 6 days ago 3 replies      
I like the fact that the article stated that no patient information had been accessed. How many times have you heard that line when news of a breach is made public? It makes me think that these folks would rather cover up a breach than actually take responsibility for it.
Mandatum 6 days ago 0 replies      
I can give some personal experience on this - I started bug/vuln reporting mid-last year. I've reporting a bunch of web-applications bugs that ranged from simple XSS and CSRF to RCE and directory transversal in a range of applications (Enterprise software is rampant with holes).

I've only encountered two non-respondents. Everyone else has thanked and patched within a month and I even gained employment from one encounter! Yet to get a reward, however I do this for a hobby, rather than money.

Although one day I hope to do this professionally! There isn't much work in New Zealand for it though.

EDIT: To clarify, my process is: report to vendor with suggested patches, follow-up 1 week later if no response, follow-up two weeks after response to see if it's patched, ask permission to use my bug report publicly. In some cases there'll be a phone call from the respondent to ask about my background and see what my intentions are. Occasionally they schedule a coffee/meeting.

rdxm 6 days ago 0 replies      
One can only hope our friends at UHC are undergoing a proper procto-scoping by the regulators at this point.

As for the reporting side of this (note I did not use the word 'Journalism'...)..this is the quality level that has become the standard in the world of junk news. One must have the sensationalism in the title to get the click...that's it. The actual quality of the content is pretty much irrelevant..

chris_wot 6 days ago 2 replies      
The journalist's twitter account is here: https://twitter.com/writingadam
ck2 6 days ago 2 replies      
This is a case of some idiot who is responsible for the server having to tell management something so they say "oh this guy hacked it".

Management tells the lawyers and PR which forwards it to the "news" who just go for the most sensationalist story possible.

Hope he wins any lawsuit and more importantly his reputation back somehow.

I'm not even sure what would have been the better course here other than to have CC'ed other people on the email.

ps. No way in heck I am going to click on them but those filenames seem to appear in google cache elsewhere.

Soyuz 6 days ago 2 replies      
I'm not sure why people inform organizations about vulnerabilities. All what they will get from informing them is to get shock when they slap you on the face and call the police for the alleged hack!

it is better to sell the vulnerability in the underground forums

akerl_ 6 days ago 1 reply      
Reading through this, it seemed like a pretty clear-cut case where Bowne had done things right from start to finish. And then I got to this:

"Apparently, committing libel is a common thing for them, and they are comfotable completely ignoring the protests of their victims."

I understand that he's likely under tremendous stress as a result of the allegations that LSU has made, but I'm a bit concerned that in his expression of shock and outrage he has turned to making what appear to be potentially libelous statements of his own.

I hope that his goal of having the accusations withdrawn is not hindered by this momentary slip into hyperbole.

teachingaway 6 days ago 0 replies      
The follow-up article is a bit better. But I don't like the way the original title is presented as fact:

"Professor hacks University Health Conway in demonstration for class"

While the follow-up is titled as "Professor says..."

"Professor says Google search, not hacking, yielded medical info"


plg 6 days ago 1 reply      
I think the thing to be careful of here is the method(s) one uses to reveal a vulnerability.

Think of a brick-and-mortar analogy. You queue up at airport security, you go through, and you notice that their procedures are such that one COULD bring a banned item through and potentially not get spotted. You inform the appropriate authorities that you think there might be a weakness, and you say how and why.

This is probably not going to get you in trouble.

Another scenario: You go through security and make a mental note (as above) of a potential vulnerability. You (as above) report it to the appropriate authorities. Now some time in the future you are going through airport security and you wonder to yourself "I wonder if they fixed it". So you decide to test it out. You bring a banned item through. You get caught. You are in trouble but you say in response "but I was the guy who informed you of the vulnerability and I was just checking to see if it was fixed".

Good luck with that.

My feeling is that if you notice a potential (or actual) vulnerability as part of a everyday, normal use case of a website, or a web service, or network, then fine, you can report it, and you likely won't get into trouble.

On the other hand if you additionally decide to test the system in such a way that could be misconstrued as an attack, then you will probably get into trouble.

Another analogy: you walk into Macy's and on your way in you notice that the security system they are using is outdated, and you know it is vulnerable --- (made up silly example) you know that if you break in while holding a tuna sandwich, the alarm will not go off. So that night after the store is closed and locked, you break in, while holding a tuna sandwich, and you take a pair of $300 shoes. The next day you go to the store and you say "look guys, I was able to break into your store and steal these $300 shoes." You think they will thank you? or will they call the police?

lnanek2 6 days ago 0 replies      
> This is a very strange way to run a news blog.

He doesn't seem to realize all that matters to the blog is getting page views...

cientifico 6 days ago 0 replies      
I think the first article is just an sponsored article by University Health Conway. By trying to convince public opinion that it was hacking, University Health Conway probably want to skip charges for negligence, reveal and distribute personal data publicly...
cjschroed 6 days ago 0 replies      
This is why I never ever "report" security vulnerabilities without first having a contract with the afflicted party. It sucks, but I am not willing to be burned as a witch just because I understand security.
mariuolo 6 days ago 1 reply      
Next time send the newspaper an anonymous tip.

The guys with the open FTP server clearly don't give 2 fucks about your privacy, but in a sue-happy atmosphere they're trying to place the blame on someone else.

gravypod 6 days ago 0 replies      
I have always loved Sam's work at Defcon. It is sad to see the world "turn" on a good security researcher.
jigglepanda 6 days ago 1 reply      
it's sad that institutions act this way. I also stumbled upon a rather nasty vulnerability in the website of a largish company. I left it as is, without notifying anyone, precisely because I didn't want any trouble.

if I found it by accident, I'm sure malicious actors can find it as well.

rmc 6 days ago 0 replies      
Why don't they lawyer up, and sue them for defmation/libel?
lutusp 6 days ago 0 replies      
If the linked recitation in any way corresponds to reality, and it seems to, the professor has a legitimate complaint, but he should have consulted an attorney before publishing his responses to the various parties involved. The reason I say this is because, even though he appears to be in the right and has a reason to be outraged, he could be sued for libel himself.

As one example, if he describes a named or identifiable person as a "liar" online, the subject could sue for defamation of character if it turns out that they didn't know what they said was false (which fails the definition of "lying"). That's a simple case where an extreme, emotional term places someone in a false light.


Remember, in this litigous society, no one is immune from legal actions, even those clearly wronged, as the facts seem to indicate in this case.

chrisbennet 6 days ago 0 replies      
Since you didn't read the article:

He didn't hack them (unless performing a Google search and clicking on the link is "hacking" now) and he didn't tell anyone but LSU about their security problem - until he was attacked for trying to help them out.

skywhopper 6 days ago 4 replies      
Clearly the article was wrong, but the reporter could only go off of what the hospital told him or her, and that does not seem to have included the professor's contact information. Rather, I'm guessing the message that got out of the IT department was "we got hacked by a professor", which then likely mutated via the rumor mill into the details about a class demonstration.

If anything, I think this shows the hospital gave the professor a lot more benefit of the doubt than I would have expected.

The professor did himself no favors with his email:

    I am Sam Bowne, an instructor at City College    San Francisco, and I found two security problems    on your server with a Google search.    Your FTP server has been compromised, and some    files named "w0000000t" were added to it.
If I'm the IT administrator who receives this message, then after reading the first two sentences, I've already jumped to the conclusion that this professor is the individual who compromised my server! "Hi, I found security issues with your server, and now it's compromised!"

Sure, once you've read the intro by the professor, the meaning is clear, but think of yourself as a sysadmin getting this email, without the context of "I just found this, I had nothing to do with it" in your brain, and how are you going to react? Once the idea that the sender of this email is a hacker who broke into your server has entered your mind, it's going to be very hard to interpret it differently. Given that, the guy got treated pretty nicely by the story and the hospital in the end.

powertower 6 days ago 1 reply      
"It is outrageous for a journalist to write such lies, accusing me of serious crimes, without even contacting me to find out what happened."

There is little to nothing that can be done about this. It's all about narratives, sensationalism, and agendas today.

Just take a look at the media stories about Ukraine where everyone (in US media) just makes shit up and presents it as the truth. No one questions anything.

Or the Michael Brown shooting. Where the media (CNN, MSNBC) pushed their narrative once more, completely ignoring all facts surrounding the event.

It goes on and on and on, with almost every major story being so biased, misleading, and twisted, that it might as well be seen as a complete fabrication...

Here is another good example of security related stories being "misleading" - http://blog.erratasec.com/2014/02/that-nbc-story-100-fraudul...

How Memorizing $19.05 Can Help You Outsmart the MTA
347 points by uptown  1 day ago   235 comments top 49
scrollaway 1 day ago 8 replies      
What a disgusting dark pattern to be put to use in public transports.

I don't think this can be classified any other way than a scam. Sure, they scam you out of a couple of dollars, but they do it on a massive scale and at the expense of thousands upon thousands of people.

bkcooper 1 day ago 1 reply      
Really, the only people I see likely getting caught out on this are tourists leaving with unused balances. The argument that "they get the money sooner" seems like nonsense to me. They get the money when you put it on the card, either way.

Re: the tourists, Metro in DC has an approach that I assume is for charging tourists more, which is that paper farecards (instead of the reusable SmarTrip card) get a surcharge of $1 on each trip. They're very open about the surcharge, so if you don't like it, then you can get a SmarTrip; however, it would then take a pretty involved computation to end up with zero balance at the end.

I'm actually pretty favorable toward the DC policy. Increasing tourist revenue (who probably are going to be pretty willing to pay slightly more for limited subway use) in a tourist-heavy spot seems like a reasonable approach to subsidizing the heavier commuting users of the system. With Metro specifically that may not be a huge deal because so many people have their commuting paid for as a benefit, but I like the basic idea.

lorddoig 1 day ago 7 replies      
There's a few comments here that say it only applies to tourists, because the problem is only manifest at the card's end of life: lose the card/stop needing it and that's the point you get shafted for the excess balance. Fingers crossed a resident won't see a card EOL, they'll just top it up over and over, and so it seemingly doesn't apply.

But equating long life with infinite life isn't quite right here. Every card will stop being used some day. If the MTA know with certainty that X proportion of cards do EOL with Y USD on them, then they can safely consider X Y as earnings and spend it immediately, ergo the moment of first top up is the true moment of shafting. I'd bet good money that the MTA's internal figures record earnings from excess balances by counting cards newly registered, not cards recently expired.

I studied econ at a good school, and I can tell you that an economist would 100% equate this with theft. Because it is.


This - https://news.ycombinator.com/item?id=8274314 - is a very good point. Ensuring cards always have a meaningful balance on them is probably the best way to stop people treating them as disposable (I imagine their cost is non-negligible). If they're given out free, it's clever, but if you have to buy them (like London's Oyster cards) it's even more of a scam. To have a totally clear moral conscience the MTA should really let you return the card and cash out.

mirkules 1 day ago 3 replies      
If they really wanted to fix this, the text would read "How many rides would you like to purchase ($2.50 per ride)". Of course, this only works if every ride is $2.50.
mergesort 1 day ago 1 reply      
I really hated this too, so I wrote an app a few years ago for this, to tell you exactly how much to put on your card no matter how much you have on it. [Inserts shameless plug for Metroptimizer.] https://itunes.apple.com/us/app/metroptimizer-2/id649185762?....
jacobbudin 1 day ago 1 reply      
The author doesn't seem to realize the MTA has tried and failed to get rid of the bonus. The only reason the bonus still exists is because of political pressure. Therefore, it's unlikely a "dark pattern" by a nefarious public agency that the people need to "outsmart".

As another commented mentioned, it's about charging a full dollar amount (after $1 new card fee) for people paying with cash.

Sources: http://www.nytimes.com/2012/10/16/nyregion/mta-chief-signals...http://www.nytimes.com/2012/09/13/nyregion/mta-may-eliminate...

radicalbyte 1 day ago 3 replies      
In Holland it's much worse. You aren't allowed to use public transport unless you have minimal 20 EUR balance on your card (or agree to be tracked and I assume have your travel data sold / 'lost').

This applies for return journeys, so after the first leg of the journey you need to make sure there's 20 EUR left or you're screwed.

zokier 1 day ago 1 reply      
I presume this does not matter if you are a regular user of the system because over time presumably the remainders would accumulate?
podopie 1 day ago 0 replies      
To be fair, this is price agnostic, and they are the same patterns they've had when the subway/bus price was 2.25. The remainders, while still more than a couple pennies, were definitely smaller than the current setup. It also allows for the MTA to continue price hiking (ugh) without people ending up with even larger remainders: "I have 2.50 on my card but now it's 2.75!"

What they should have done was update these price points alongside the price change that occurred to keep remainders at or under a dollar. A "fill to the next ride" option could also be a great way to even out the remaining cost.While this still isn't perfect and screws over tourists (particularly when they removed the 1 day unlimited!), I imagine this is non-issue for the majority of New Yorkers (myself included).

I also imagine there's good reason here. Imagine all the trash that gets created because someone will finish up their metro card completely. The extra $1 fee per new card was likely a newer solution to prevent people from throwing them in the streets or in the subway trench, and providing an odd remainder on the card may have been a historical way to do the same. Imagine, if you had an extra dollar sitting around on your card, you probably would reuse it, and not throw it out.

That said, the fact that anyone can get from Sunset Park to the Bronx Botanical Gardens (a 20+ mile drive) for 2.50 isn't so bad of a deal.

harmonicon 1 day ago 2 replies      
I always thought "turnstyle" and its variants ("turn-style" in this post) are misspellings of the word turnstile. However I have seen it quite a lot online in different articles. Is "turnstyle" actually a different spelling for turnstile?
pjc50 1 day ago 0 replies      
This is the antipattern that "Microsoft Points" used to use, except there you were forced to buy a round number that wasn't divisible into the quantity you wanted.
diggan 1 day ago 1 reply      
That's an interesting article. However, seems very confusing at all to have a card with money on it to travel with the metro. According to the comments here, most other cities (in USA I guess) have it the same way as well.

In Barcelona, where I live, the system is different. You buy a card with travels on it instead. One travel is a entry to the metro until you leave the metro. So if you buy a card with ten travels, you're sure to get ten travels. If you buy 50, you get 50. This seems like a much more reasonable system.

aganders3 1 day ago 0 replies      
If all rides cost the same (i.e. price is not dependent on distance traveled) why don't they sell cards with X number of rides on them? The "rides" on the card could act like forever stamps, in that they would be valid even if the price per ride someday increased. This seems like a much fairer system that would still encourage people to buy in advance and keep their cards.
Istof 1 day ago 0 replies      
They should at least have to follow the same law as gift cards for expiration date: can't expire within five years.


gdg92989 1 day ago 4 replies      
I guess this makes sense if you're visiting NY and you're only going to use the subway a few times. If you live in the city though you're probably just refilling the same card over and over. Then the logic of filling the card up doesn't hold up. you should go for the largest "bonus" you can get and try not to lose that card!
adamzerner 1 day ago 1 reply      
> It turns out the MTA has designed it that way.

That's awful.

I'm no expert in economics, but bear with me. The MTA operates a natural monopoly. In a natural monopoly you don't have competitors, so your customers can't turn to someone else to receive better service. Furthermore, the government has granted them the right to be the one provider in this market.

I think that this makes them somewhat of a public service. Normally quality of service comes from the pressure of competitors, but in this case there are no competitors. I think the government has a responsibility to see that this is clearly a dishonest tactic and fix it. If the government doesn't enforce honest practice, than it won't get enforced at all (because competitors aren't there to do it). (sorry for the somewhat confused argument, but there's really something wrong with this)

warfangle 1 day ago 2 replies      
I just keep a $5 balance available on my unlimited use card. That way even when the unlimited time limit runs out, I don't have to go and stand in line to refill my card while I miss my train.

I just put the $2.50 back on it (and renew my unlimited) as I'm leaving at my destination.

I guess for those who don't ride enough for an unlimited to be worth it are gotcha'd this way.. I ride 20 times a week, though (break-even on a 7-day card is 12 times a week; monthly is 6.4 times a week. I tend to lose my card occasionally, though, and the hurt from losing a $112 card is a LOT higher than losing a $35 card. Yes, they have a recovery system. No, I've never gotten it to actually work).

Hawkee 1 day ago 0 replies      
I love the way they do it in Taipei. They have attendants at every station where you hand them your card and cash. 2 seconds later your card is updated. It's actually faster than using the machine as there's never a line.
edge17 1 day ago 0 replies      
The more insidious aspect of this are the psychological pattern of people like my parents (who belong to a different generation) that will pick the UI path that causes the least apprehension. My parents are both very intelligent people, but they struggle like many with user interfaces on machines.

Every time I am in NY to visit, there is a stack of cards waiting for me - so I will spend 20 minutes in the morning down at the train station filling each of the tickets up to a sane number.

JohnDoe365 1 day ago 0 replies      
Still fundamentally wrong. They should ask: "How many rides you wan't to buy" instead of offering an amount to load after which you have to make the math on your own.
nhstanley 1 day ago 2 replies      
Wait, how long has it been like this? Haven't lived in NY for a few years but they used to give you a nice round number bonus. This is the crappy kind of thing businesses do that governments should specifically not do nor need to do (trick you with dark patterns, force you to give a no interest loan/gift, etc.). And I should point out it's regressive. That $1.95 matters a lot to some people. Incredibly shitty, IMO.
davidf18 1 day ago 1 reply      
In NYC you can get the unlimited monthly passes with auto-refill from your CC at the end of each month. Nothing could be simpler and is a great value esp. compared with prices of anything else in high cost NYC.

It is much cheaper and easier to use than Wash DC. Also, the train frequency even at 11 PM and later is every few minutes in Manhattan. Just wish we had the Verizon WiFi access that the DC Metro has....

MiguelHudnandez 1 day ago 0 replies      
> You could even write it on the back of your Metrocard if you can figure out how to get ink to stay on it.

If I want to write something on a credit card, I put some clear tape over the ink afterward.

I've never seen a MetroCard, but based on photos online, it looks like heavy paper stock with a glossy finish. So a sharpie and some clear tape should do the trick for the lifetime of the card.

patmcguire 1 day ago 0 replies      
I remember a similar thing when I lived in a building with it's own laundry card system. You could only put on money in increments of $5, and every wash or dry cost $1.70. The math there meant that you had to do an exact multiple of 50 loads over the lifetime of the card, or else you would wind up orphaning money.
moot 1 day ago 0 replies      
FYI, station agents will merge/combine MetroCards for you, so you can recover small balances from old/unexpired ones.
kingkawn 1 day ago 0 replies      
When using unlimited cards I always back swipe as I leave the station to allow others to get free rides.
mcguire 1 day ago 0 replies      
Is the MTA's approach to card balances different from the "mail in rebate" approach that took over from running sales on purchases?

Or, really, the practice of requesting email addresses and mailing list subscriptions in exchange for coupons, etc.?

otoburb 1 day ago 1 reply      
My friend pointed me to an iOS app[1] that can generate tables based on target remaining balances.

[1] https://itunes.apple.com/us/app/metrocalc/id328570105

yackob03 1 day ago 0 replies      
I have never seen the options ending in $9, does this only show up if you're paying cash? When I pay with credit card I always get $10 and $20 options. If it is only for cash users, $19.05 is a really terrible experience for someone paying with a $20.
skizm 1 day ago 2 replies      
It is the same reason why hotdogs are sold in packs of 10 and hotdog buns are sold in packs of 8.
Coincoin 1 day ago 0 replies      
That's why here we have tickets on our cards, not money. The drawback being that a ticket for one city or zone can't be used in another one. And of course, every city's ticket bundles have different sizes, just like hot dogs and buns packages.
Schweigi 1 day ago 3 replies      
Doesnt this $2.45 left over money make the bookkeeping more complicated for them? Because in theory someone could come back after a couple of years and refill his card so its not possible to book those $2.45 as profit.
frankosaurus 1 day ago 0 replies      
The current pricing has the potential to cut down waste.If your metro card has zero balance, you may as well toss it out.If you're carrying a balance, you'll refill it at one of the kiosks.
dk0hn 1 day ago 0 replies      
My way is far simpler: fill and refill with $50. The 5% bonus adds one $2.50 ride, for a total of 21 rides. Easy peasy, with no weird values to memorize.
savrajsingh 1 day ago 0 replies      
Imagine the UI was framed around # of rides, instead of dollar amount.
rthomas6 1 day ago 0 replies      
I consider this a dark pattern. That's pretty underhanded of them.
happywolf 1 day ago 0 replies      
I doubt Metro can keep the money. There is an escheatment law whereby unclaimed money will need to be turned over to the state. It is a big hassle to them IMHO.
terminado 1 day ago 0 replies      

You can just buy a $20 card, pay $21, get the bonus, and then add on the remainder of the next closest $2.50 block, in a second transaction, by using the "Other Amounts" option, which permits any amount greater than $1 (including change, as in $1.99). If you can't fathom the math for this, while thinking on your feet, too bad for you.

And yeah, this takes longer, and people waiting behind you might be impatient. But this is New York, so everyone else can go fuck themselves.

nodata 1 day ago 0 replies      
MTA doesn't mean sendmail/Postfix for anyone wondering.

MTA = Metropolitan Transportation Authority in NYC

stephenc_c_ 1 day ago 1 reply      
This is why I'm so glad we can now use our contactless credit cards on the tube in London.
brown9-2 1 day ago 1 reply      
Do public agencies in other countries also try to scam the public out of additional revenue?
mp99e99 1 day ago 0 replies      
great article, thanks for posting

I will use this next time I'm in NYC visiting, I'm frequently leaving with small dollars or change, and I end up losing the card or forgetting about it [as MTA's plan]

sii 1 day ago 0 replies      
And here I thought the article was going to be about mail transfer agents.
nodata 1 day ago 3 replies      
Can you pay in part with a MetroCard and in part with coins?
u124556 1 day ago 0 replies      
Why not just ask how many rides do you want instead?
peter303 1 day ago 0 replies      
Most tourist probably buy unlimited ride card, fixed period, so they they dont have to worry about refills. It pays for itself if you average three rides a day.
SixSigma 1 day ago 0 replies      
Mail Transport Agent ?
chillingeffect 1 day ago 0 replies      
1. It is deliberate.

2. It is merciless. (Would the city really lose out if it gave three rides for $2.50 and then one for $2.45? They already have a 5% bonus (whose main purpose is to trick you into a -20% bonus) would a 5.03% bonus be unheard of?)

3. To achieve fairness, this system burdens the entire city with a cognitive load.

It's not theft, it's fraud. "But how can it be fraud?" you clamor, all of the terms are spelled out clearly. The fraud is not in the financial transactional terms, but in the trust to place in our leaders.

We entrust them to choose fares and design a fare-paying system that is merciful, fair and doesn't enforce an undue cognitive load. This system violates that trust. How can they expect the public to remain peaceful and satisfied while they're deliberately infringing on our trust in this way?

sneak 1 day ago 1 reply      
The MTA is no doubt using the same software or maybe even the same system as the NYPD for facial recognition.

Reusing cards, or buying cards for anything other than cash, is basically like an automated license plate scanner.

Use cash, and switch cards regularly. Never give them your name or bank card to associate with their unknown record in the facial biometrics database.

I would be unsurprised to learn that this is used to get people to reuse cards in an effort to persist a unique identifier for facial matching, as the video data can be correlated with swipe logs.

Logitech K480 Bluetooth Multi-Device Keyboard
339 points by nreece  3 days ago   178 comments top 48
MrUnderhill 3 days ago 6 replies      
I've been using the K810 [1] for some time for all my computers. I find it absolutely brilliant to type on (being mostly in vim, the awkward home/end, page up/down, arrows etc don't matter very much), and it also has the ability to switch between 3 paired bluetooth devices.There is also the Lenovo Thinkpad Compact Bluetooth [2], which I haven't tried, but allegedly "features a simplified pairing with the system through Near Field Communication (NFC) tag. Simply tap and pair with an NFC-enabled system." It also has a TrackPoint nipple.Of course, neither of these have the slot for phones/tablets.

[1] http://www.logitech.com/en-us/product/bluetooth-illuminated-...[2] http://shop.lenovo.com/us/en/itemdetails/0B47189/460/60AC6A0...

Kjeldahl 3 days ago 1 reply      
Logitech never bothered to fix the driver problem on the similar/previous OSX Bluetooth keyboard K811 where switching between Cmd-Tab and Cmd-Shift-Tab does not work correctly (you can not change direction while the app selector is open). If this is important to you (it is to most devs at least), make sure you check/verify that this bug has actually been fixed in the driver they ship with K480.
emsy 3 days ago 1 reply      
I'm a longtime Logitech peripheral user and it's fairly disappointing that they always have some shortcomings that keeps me from loving their products. For instance, I write this article on a K760. It's similar to the Apple wireless keyboard but it's solar-powered and has multi-device capabilities. Unfortunately, its build quality is mediocre. I'd rather pay 20-30 bucks more and have a keyboard that feels better. Also, they removed the previous/next track buttons from the top row for no specific reason.

With this keyboard, the build quality seems even cheaper. They missed the chance to go solar (though that's debatable) and the fn key is in a different position than my current Logitech keyboards (they don't seem to have a guideline for this).

unwind 3 days ago 1 reply      
Wow! That's actually rather innovative!

As a replacement for a "main" desktop keyboard, it looks a bit on the too-optimized-for-mobility side of things with chiclet-style small keys and so on.

I bet it will appear in many people's living rooms though, since seems very well designed (I love the device-selection knob!) for in-couch computing environments to control pads, phones, consoles or perhaps set-top boxes.

josephcooney 3 days ago 3 replies      
I wish there was some kind of dongle I could plug my das keyboard into that would give me the multi-device feature without sacrificing on the actual keyboard part.
crawrey 3 days ago 1 reply      
Am I the only one who barely has enough time to interact with one PC after work (if I even feel like turning it on after a full day of programming), that the thought of interacting with multiple devices at once is overwhelming?
rishabhsagar 3 days ago 1 reply      
Shame that this has no back-light; One of the most common setup I can imagine, is a laptop on some kind of riser (with IDE open), A propped up iPad (to watch tutorials / documentation). Often this kind of setup will be situated in a dark room where user will greatly benefit from a backlit keyboard. :(
darklajid 3 days ago 4 replies      
Only available for pre-order and only shipping to the US it seems. They got me interested enough to order one, but..

By the time it arrives in shops that deliver to DE every single supplier will certainly make sure to offer a localized qwertz layout only. Shopping keyboards is hard here.

schainks 3 days ago 1 reply      
The K760 is awesome for typing, and solar powered. The K480 switches between devices and can mount a mobile device. The K810 has a backlight.

Can these three things be conveniently combined? Make it the size of the k760, but with the backlit keys and a longer mobile device mount. The result might not be pretty, but would definitely be something I'd use for my multiple mobile devices + development use case.

Edit: typo

billchan 3 days ago 2 replies      
My alternative choice:http://kbtalkingusa.com/
gokhan 3 days ago 1 reply      
As a developer, this setup just brings all the distractions right in front of me :) What's going on my phone is not that important during the day, it can most probably wait an hour or so until I check it. A tablet is a pure entertainment device for me, it belongs to couch, toilet or bed, not to my desktop (otherwise that FTL icon will bug me all day).

On the other hand, this might be a good gadget for, say, sales people using tablets on the go and sync at the office. I'm most probably out of target audience for this device.

davidbrent 3 days ago 3 replies      
Very cool and useful product. I can't help but feel like I'm in some kind of cycle though, because I felt the same way about a KVM Switch 20 years ago.
petepete 3 days ago 1 reply      
This looks good and would definitely make typing long email responses more efficient. But other than that, something I don't do very often on my mobile devices, I don't really see the need. If I was to install a full Linux distro on my Nexus 10 and attempt to use it for development, I'd definitely want to use a 'proper' keyboard. Perhaps something like the Enebrick[0] would be a better fit for me.

I can totally see how this could appeal to people who don't need/want a separate notebook machine, keyboard etc and can get by with just a tablet.

[0] http://www.pfu.fujitsu.com/direct/hhkb/detail_enebrick.html ; http://enebrick.cerevo.com/en/

ekianjo 3 days ago 1 reply      
I see that they never fail to ignore Linux.
cyanbane 3 days ago 3 replies      
I think most people here are in a very firm or serious relationship with their keyboard. (I know I am with my Corsair mechanical). Would love to see this as a usb device that the keyboard plugs into. Would think monitoring key presses on the middle man device would not be to hard?
beyti 3 days ago 0 replies      
http://www.logitech.com/en-us/product/multi-device-keyboard-... removing the querystring param, for people who can not view the link
fuzzywalrus 3 days ago 0 replies      
Certainly a cool product to have a KBM (minus the m) for multiple devices but I see limited potential. rd.

For iOS / OS X users, if you're using using an iOS device + OS X computer, you're able to carry over conversations and even e-mail between devices in iOS8 + OS X 10.10. It sorta eliminates some of the necessity of having a keyboard for your touch screens.

This may be useful for testing but even when I'm doing development, (and we have a fistful of devices) I'm rarely using the keyboards and with the limit of 3, it wouldn't really be enough.

suvelx 3 days ago 0 replies      
I've been using the Filco Minila Air for a while now.

It's /kinda/ the same, in that it allows you to pair it with 3 devices. It fails in regards to having a physical switch for selecting devices. Instead it'll connect to the highest 'ranked' device that's on. It works fine for switching between home/office, but not so much for phone/computer.


circa 3 days ago 0 replies      
The BT switch part is great. I wish I could integrate my existing Synergy setup with it.


jaxn 3 days ago 1 reply      
Has anyone used the Kanex Multi-sync keyboard [1]? Feature-wise it looks much better, just not sure about the reliability.

Turning a knob to switch devices seems terrible.

[1] http://www.amazon.com/Kanex-Multi-Sync-Bluetooth-Keyboard-QW...

quattrofan 3 days ago 1 reply      
Great idea, problem with a lot of the logitech keyboards is because of their low cost construction the keys wear within a year in most cases, I've been through 3 in the past 3 years.
nnnnni 3 days ago 5 replies      
I loved that thing all the way up until I saw that ctrl and fn were swapped from the standard layout =-(

Otherwise, I know of quite a few people who could really use this thing!

silver1 3 days ago 0 replies      
Nice but keys are so tiny -- why dont anyone get inspired by IBM/Lenovo non-chicklet keyboards ??? sometimes OLD is GOLD and Simplicity is blessings :)
qzc4 3 days ago 2 replies      
I don't get why this is so newsworthy and "innovative". Matias makes a good line of keyboards[0] (even a mechanical one!) based on the same concept, just with 1 wireless and 1 wired connection. Wired is a lot less of a hassle for me anyway, and you don't even have to change the batteries.

[0]: http://matias.ca/onekeyboard/

atmosx 3 days ago 1 reply      
Can someone offer a couple of real-world use cases for the masses?

I have all the Apple devices I need (MBA, iPhone, iPad[*1], iMac) synced through iCloud. Why would I wanna switch between them, to add a notification or send an iMessage?!

[1] That's kind false. I don't need an iPad, it's just a perk :-P

danielrmay 3 days ago 0 replies      
I like this, I just think it's a shame the keyboard quality had to suffer for the device interoperability.
micheljansen 3 days ago 0 replies      
Nice! Seems like this should come standard with all wireless peripherals.

I wonder if it maintains a connection with all paired devices or if there is a delay when you switch between them. I find that some of my devices take a while to connect/pair when I turn them on.

skyhatchash 1 day ago 0 replies      
Fastest way to drain my phone's bluetooth
jaebrown 3 days ago 0 replies      
I really like the idea of the product but the idea of looking at three screens gives me anxiety. I know the product can be used for a single device but the video scared me off by showing its potential. I'll stick with what I got.
silasb 3 days ago 2 replies      
That rotary knob looks awfully easy to break.

There has to be a better interface than physically moving your hand up to the knob to change which device has focus.

Also if this could also charge your devices that would be awesome also.

ahunt09 3 days ago 4 replies      
Or you could turn your existing computer keyboard into a bluetooth keyboard for other peripheral devices for a fraction of the cost: http://www.eyalw.com/1keyboard
kshitij-dce 3 days ago 0 replies      
I would prefer a switch-key than the knob..

Love the idea though!

UncleChis 3 days ago 0 replies      
The switching button might not be that convenient and comfortable. Why not just a press button and 3 LEDs? You press one, it switches the LEDs?
VeryVito 3 days ago 1 reply      
Add a solar cell to power it, and I'm in. The K760 and K750 are amazing, simply because I never have to worry about cords or batteries.
mkoryak 3 days ago 0 replies      
"Type in comfort"... and then ... "11.7 Inches"

Those 2 things can't happen at the same time.

otikik 3 days ago 0 replies      
Too gimicky for my taste. I have the Logigech K760 (the solar one) and it's awesome. I prefer it to the default MBA keyboard.
dharma1 3 days ago 0 replies      
can anyone recommend a smaller, tablet sized BT keyboard that would have this kind of a "slot" for making either a phone or tablet stand on it?

I just need something super lightweight that works as both a stand and a keyboard with my phone or tablet (hate phone touch keyboards)

jmt7les 3 days ago 0 replies      
Yet it still uses AAA batteries...
api_or_ipa 3 days ago 0 replies      
Cool, when can we see a mechanical switch version of this?
nodata 3 days ago 1 reply      
Stupid question: what's the encryption used on this?
marban 3 days ago 1 reply      
Hate the yellow stripe but still... take my money.
jraedisch 3 days ago 2 replies      
Seems interesting for dual boot environments also.
boomskats 3 days ago 2 replies      
It doesn't mention whether it runs on MX reds??? Is it easy to change the switches, are they soldered on?

Is it easy to change the controller?

fasteo 3 days ago 1 reply      
Multitasking in a single screen is not a good idea. Multitasking in three screens can only make it worse.

Very nice productivity killer though.

milkers 3 days ago 0 replies      
K760 is a better choice.
burnt1ce 3 days ago 0 replies      
vetler 3 days ago 0 replies      
So simple, yet so wonderful.
er0l 3 days ago 0 replies      
shut up and take my money!!!
Django 1.7 Released
354 points by jsmeaton  4 days ago   60 comments top 18
themartorana 4 days ago 3 replies      
I can't say how much I love Django. Back in the day when it was first coming out, I was coming out of the Microsoft/ASP.NET world and was being introduced to the wonder of Rails. But a small project I had contributed some mind-share to had been rebuilt in Django. When I asked which I should learn, Rails or Django, a wise developer friend advised I play with Ruby and Python. Figure out which language spoke to me, and use the best framework available.

I chose python, and despite the niceties of Rails, found Django an absolute pleasure. Add in a sprinkle of Johnny-cache, Jinja2, and South (because you could in Django) and it was a powerhouse.

I haven't written any Django code in a couple years now - my work is now mostly backend/API code for which Flask was much lighter weight (and Go is mostly replacing), but all my Django sites are still running.

Congrats to the team on continuing to push forward a brilliant framework, the best documentation in the business, finally getting DB migrations in the core, and more and more and more.

And by the way, thanks - I owe a bit (lot) of my success to everyone who contributed to Django and the larger community. I hope my meager contributions a few years back were at least a bit of repayment on a much larger bill.

VuongN 4 days ago 4 replies      
I have to say that I've been a big Django user and have been using 1.7.x for a bit in my own development. There are a couple of "oddities" for me that perhaps folks will encounter:

1. If you do heavy TDD, you might not like that fact that you can't skip migrations the same way you previously could with SOUTH_TESTS_MIGRATE = False. There's a thread going on (https://groups.google.com/forum/#!topic/django-developers/PW...). It appears that with syncdb going away, there isn't an option available. I really hope there's a way to retain syncdb for unittest because I don't need to test database migration every time I run my quick unittests.

2. I think 'makemigrations' is a bit inconsistent at the moment. Sometimes it creates more than 1 initial files, sometimes it creates just 1 (if you run 'makemigrations app-name' instead of 'makemigrations')

There are a couple of other general Django issues, but those are the things I encountered while working with 1.7.x.

zentrus 3 days ago 1 reply      
Awesome that migrations are now in Django core. I do see some pitfalls regarding Historical Models though.

The problem is that application code usually changes over time. Consider a deployment that hasn't been migrated in a long time. When migrations are eventually run, the older migrations might assume application code behaved a certain way. This is why you should never use your regular application models in migrations. Both South and Django 1.7 migrations copy "shallow" versions of your models (no custom methods, save methods, etc), which helps to encourage developers to keep the migration isolated from application models that might change. The problem with Django 1.7 though is that these shallow versions retain any inheritance they had at the time the migration was written. So if that class goes away in the future, I presume the migration will break. Worse yet, if the base class behavior changes, the migration run later in time might behave differently than you intended.

For this reason, custom methods even from inheritance should not be saved in the historical model. Only the fields should be saved off from the base classes, and then merged into one class (remove any inherited classes). Any other app code needed for the migration should be directly copied into the migration itself.

japhyr 4 days ago 0 replies      
I'm looking forward to the Django Dash, and hope to make time to put together a small project using 1.7. I can't wait to try out the integrated migrations.

Thank you to everyone involved in getting this release out the door!

rectangletangle 4 days ago 1 reply      
Nice, cleaning up the whole model-manager and queryset redundancy makes it much more DRY.
icn2 4 days ago 2 replies      
I haven't followed django for a while. Could someone explain a bit more about django' model association part. Is it currently comparable to rails's model associations?Looking at these two pageshttp://guides.rubyonrails.org/association_basics.htmlhttps://docs.djangoproject.com/en/dev/ref/models/relations/

It seems there are a bit more on rails model associations.

chhantyal 3 days ago 1 reply      
Time to start new project with it. I am thinking about Python 3 now :)
shijie 4 days ago 4 replies      
Very much looking forward to using 1.7!Question for all: Would now be a good time to move to Python 3.x? Our current Django installations are all running 2.7, and we are thinking about switching just for better unicode support alone. I'd love to hear some of your thoughts on this.
ldng 3 days ago 1 reply      
Exciting release ! Could have been 2.0 to me with new migration system and specially with the App loading revamp.

Is it me or AppConfig.ready() looks like a great place to put signals setup ?

Demiurge 3 days ago 1 reply      
I really wish Django default doc site would default to latest production version in urls. I have to keep changing dev to 1.6 and now 1.7
misiti3780 4 days ago 0 replies      
Super excited about having migrations built into Django finally!

Great work to everyone involved, and thanks for making an amazing product that makes going to work fun

kyllo 4 days ago 1 reply      
Good news, this means South now comes with Django by default. I use South in every new Django project anyway, because database migration versioning is so necessary.
AndresRoot 2 days ago 0 replies      
Starting a new project with Django 1.7 and Python 3 :D
jMyles 4 days ago 1 reply      
It was cool to be at djangocon while this was announced in the hallway track.
tbarbugli 3 days ago 2 replies      
cool, now we only need to wait another 5 years and we will see celery integrated in Django :)
smegel 4 days ago 0 replies      
Now if Hue would get off Django 1.2(?)...
jorgeer 3 days ago 0 replies      
nospecinterests 3 days ago 0 replies      
I am soo happy about this release I think my neighbors dog just went wee on their floor!
Email will last forever
349 points by mathouc  4 days ago   153 comments top 39
deathanatos 3 days ago 3 replies      
> The email protocol is simple and flexible.

Ha, okay. I'm going to include actual emails in "the email protocol", because if you just count the network protocols you're not doing anything useful. Emails are anything but simple. They were born in the early days of the Internet, and no doubt time and the impossibility of predicting the future is responsible for how things turned out but they are anything but simple.

Email messages are ASCII only. You can put non-ASCII characters into a header however. It looks like this:

  Subject: =?UTF-8?B?SMOpbGzDtOKApgo=?=
Writing a parser for this is an unnecessary challenge in this day. (If you ever need to do email, for parsing or outputting, get a library.) Watching a coworker unwilling to take the time to the read the RFC try to write a parser for this is a very special hell.

The body also has to be ASCII, so just about every email client out there has to do:

  Content-Transfer-Encoding: base64
And then encode the body in base64, wasting space and network bandwidth. Technically, you can send full 8-bit message bodies, but the sender and receiver have to agree ahead of time. Either GMail doesn't support it, or it just doesn't bother even when the email destinations are all GMail. (Or, it could be because some IMAP client might get the message, and not support it.)

There's also that every message has a text version and an HTML version hopefully semantically similar but HTML support in email clients (at least the big ones) is terrible. (see for example http://www.email-standards.org/ ) You'll think support is great on the web after you're done.

I've not covered un-wrapping headers. Or the things people think aren't valid email addresses. (Your average Joe thinks [a-zA-Z0-9]+@<a domain name> matches all valid emails. Oh, and that they're case insensitive too.) Or IMAP. Or encryption. Or even whether email gets encrypted while on the wire from Hotmail to Comcast.

> Slack pretends to be an email killer

I'm not sure they're out to kill all emails just the ones that would be better as a real-time communication.

Don't test your library's output email on Gmail, either. Gmail is creepy good at correcting bad input. "It works on Gmail" != it's correct.

I do wish I could send restructured text emails and have the client just render them. In theory, email has everything I need. Clients just need to support it, that's all. I'll admit, that is kinda cool.

ChuckMcM 4 days ago 9 replies      
I find it interesting to contrast 'forever' with another technology that will last forever 'vinyl records'. I expect there will always be point to point, store and forward communication channels, but those channels have existed for millenia, from travelers who stacked rocks to tell those who came after where the trail was, to people who send compromising photos of themselves across cellular networks. So if we set aside the tautology for a moment, communication channels get morphed into a solution for a particular need, regardless of how well they service that need, and when there is a particularly wide disparity between need and implementation, there is an opportunity to create a better channel.

My current favorite example is Trello as a way of communicating activity status from many to many on many projects. Something email does poorly (but has been used for in the past) and Trello does brilliantly.

But lets look at the points one by one.

#1 everyone has an email address -- sure today they do, and 25 years ago nobody did, and 25 years from now its possible everyone will have a "fooservice" address.

#2 email is flexible -- see my point above, flexing is not the same as serving.

#3 other stuff is great for professional communication but we still use email. -- and before that inter-office memos.

I get that these guys (Front) are invested in email sticking around but I would note that putting an adapter layer in front of it is no more, nor less, efficient than putting an adapter layer in front of TCP/IP or smoke signals or a 45 year old text file transfer protocol, whether or not "email" in the form of SMTP will survive should be irrelevant to Front, the question should be will the need for their service survive.

mrb 4 days ago 6 replies      
The fact "email will last forever" is precisely why I believe it is absolutely the best protocol to build automatic services to access and share personal information. I have spoken about it here: http://blog.zorinaq.com/?e=76

Edit: Someone1234: you don't need to wait for companies to support my proposal. It already works today with Gmail: try my live demo on pm33at@gmail.com - it works by leveraging standard auto-responder features. As to the comparison with XKCD 927, it is invalid: my proposal is radically different from anything that currently exists, because it is decentralized while all current personal information sharing platforms are centralized.

Edit: rakoo: yes, XMPP would work too, and would probably be a bit better than SMTP because it is real time. However in practice building something over SMTP has more chances of seeing success (because not everybody uses XMPP, but everybody has email).

liotier 4 days ago 5 replies      
No one mentions portability, but I believe it is a wonderful property of email - I have more than 15 years of email, moved across various servers and clients on various operating systems and it is still available and functional. What other personal communication channel is that resilient to technological change ?
AndrewDucker 4 days ago 2 replies      
The reason email will last forever is that nobody owns it.

If Twitter goes bust then you lose all of your tweets. If Facebook goes bust then all of your status updates go out of the window.

But email is an open, free protocol that anyone can implement and is deliberately designed to be decentralised.

And so the ecosystem will last as long as a few people find it useful.

pearknob 4 days ago 1 reply      
I think that a lot of "startups" are using the fantasy of an email-less world as a marketing tactic. I agree, I don't think email is going to disappear. Whether that is a good thing or bad, it's irrelevant
usethis 4 days ago 0 replies      
Sure, email is not perfect, but it is the most flexible communication method the internet has to offer. It is not tight to a single organization, or "owned" by a single company and reasonably portable with an open protocol. Tools will be invented to further optimize the experience, but in essence it will remain the same, just like a telephone call hasn't changed. I will not commit an essential part of my business again, to a single company's closed-sourced product (like for instance MS Office in the past, though OSX being the exception).

I recently started using Mailbox as my personal Email Client again, and I am very impressed in how they "optimized" the experience. It basically converts your emails into task items, with different priorities, in lists etc. When combined with notes, it could make any task / note app obsolete.

Unfortunately it only works with GMail and iCloud, but I hope Dropbox keeps investing in the product.

hrvbr 4 days ago 2 replies      
The concept of email is too fuzzy. Is it SMTP that will last forever? This technology is more like sending postcards that every middleman can read. Certainly a more private alternative will replace it someday, and it should be more spam-proof.

Also email serves many purposes. If it is to be replaced, it will be on a use-case by use-case manner. RSS is a better alternative to one-to-many mailing lists. Forums are a better alternative to many-to-many mailing lists. Etc.

But yes, we should improve what we have until we can replace it.

peterevans 4 days ago 0 replies      
Disclaimer: I work for a company for whom email is a core part of business.

Email and letter-writing go together, in my mind. Not so much because email is a literal model of letter-writing, but rather because they give you an important abstraction that I think we all need, which is a form of passive communication.

You may get letters which are urgent, and you may get email that is urgent, but the nature of both is that they are hands-off. You don't need to be present to receive mail or email. Well, there is some physical mail that you do need to be present for! -- that being certified mail, some package deliveries, and those represent perhaps a different abstraction. That aside, you have a mailbox to hold mail, and a carrier to deliver it to you. Nobody needs to talk to you, to tell you that happened. You can go and check your mailbox and see what you have at any time.

People who want to "kill" email may dislike the form, the implementation, but the abstraction is useful. It will likely continue to be useful -- I don't foresee a time when it will not be. Email, in some sense, will stick around.

Mad_Dud 17 hours ago 0 replies      
Couple of years ago RJBS gave a great talk about email, it's complexity and issues - https://www.youtube.com/watch?v=JENdgiAPD6c
kevincennis 4 days ago 4 replies      
> "People spend on average 2.5 hours per day on their emails"

Source? That seems really, really high to me for an average.

talles 4 days ago 0 replies      
Forever is a strong word... but I do believe that email will stand still for some good years.

Email will last forever because email has been around since... well... forever. That is one key factor that the article misses: practically everyone is used to email. It's really tough to replace something so well known and widespread.

I guess the desire of doing so it's due to so many people struggling with email. How many times have I peeked people's email client looking to hundreds, heck sometimes thousands, of unread emails.

I always had inbox zero. I won't say that for me email is a joy, but is definitely no struggle. I guess I'm more organized than most people anyway...

akrymski 3 days ago 0 replies      
Any argument around "Email" should first define what email is. Does the author mean SMTP will last forever? MIME? IMAP? Email is a way of sending a message using a number of old, insecure and inefficient protocols. Will better alternatives to these protocols gain traction one day? Most definitely. What will remain of "Email" as we know it today is the addressing scheme IMO. The universally acceptable way of messaging a user@any-host is the real power of email, and will remain for the foreseeable future whilst transport and encoding protocols come and go (eg VoIP succeeding PSTN). In fact, email should last as long as the DNS system exists, given that the addressing system is directly tied to it. Being a flexible P2P messaging system, email can be easily extended to provide features of any "email-killer" app out there (including realtime communication) if need be. These innovations haven't happened simply because major email server providers dominate their existing markets (Exchange!) and have little incentive to innovate given the high barrier to entry for startups selling email servers to corporates. Email clients have seen more innovation, but there's only so much a client can do to extend capabilities of email.

plug: for this reason we're developing a full-stack email service in Node comprising client and server apps (end plug)

grexi 4 days ago 6 replies      
The single most important issue with email: Team Inboxes.

As soon as more than one person works with an inbox, it sucks big time.

But I agree - email will last forever, nearly none of the products you mentioned work without an email notification feature.

exodust 3 days ago 0 replies      
I like email and can't see it dying at all. I have several email addresses for various purposes and it's no hassle to manage.

I have about 5 email addresses and 1 work email. It's good having a dedicated "website sign-up" email address for forums and so on, where you don't care about the spam level.

The flexibility in setting up your in-box how you want is a great thing about email. I don't understand people who constantly complain about their in-boxes. Learn to manage your in-box, I say, and stop crying about your first-world inbox clutter problem!

I'm interested in secure online collaboration tools, and it's great to see so many options emerging. These secure tools can easily coexist with email and keep everyone happy.

Email is a familiar, reliable, predictable service that everyone knows about. It doesn't get "updated" every 3 months by some agenda-driven tech giant with ideas about how we ought to be communicating.

lucian1900 4 days ago 2 replies      
It is, however, a horrifically bad protocol. We don't need a new app, but a better protocol for unified mail, IM and audio/video. XMPP is close, but flawed.
jrapdx3 4 days ago 0 replies      
Email is wonderful and terrible. SMTP is pretty simple, and everyone with a static IP can run their own email server. Configuring it requires some study, but it's not too hard.

OTOH creating email clients is hard. I wrote a web server and wanted a webmail client. Basic SMPT messaging is straightforward enough, but MIME is a confusing tangle of protocols and rules that is difficult to understand and implement correctly.

I mostly succeeded but it took a long time. Part of the problem is the complexity means protocols are often violated and my webmail client has to deal with loads of exceptions to protocol rules to work in the real world.

But that's hardly limited to email. Look at http, it has arcane rules too, and some of the common security issues on the net are the result of "sloppily" implementing programs using http. (You know, XSS attacks, SQL injections and so on.)

Email has warts but what doesn't. Certainly email "replacements" will have warts too, especially as they are extended to cover the breadth that email has encompassed.

LeicaLatte 4 days ago 0 replies      
I hate the tight coupling slack introduces. It should have been called leash instead. Glad to see it slowly going away.

Email is a product of the 60s predating HTTP itself and built to stand on its own. Its non-invasive and loosely coupled which scales across all kinds of people. Not just for ADD nerds like us.

edpichler 4 days ago 0 replies      
When Google Wave appeared on public I really liked and believed it would replace the email. I think one day the, now open sourced, Apache Wave Project will rebirth with: - a fast user interface (today really sucks); - decentralized and easy to install servers; - Features that are missing;
pkorzeniewski 4 days ago 0 replies      
E-mail is a sufficient way of communication for almost every case - just like traditional, physical mail was 100 years ago. You can send a party invite to your friends, you can send family pictures to your mother, you can discuss a project with your co-worker and you can send an invoice to your customer - all of that using a single application. If you need to contact someone immediately - use IM or phone. Why do we need a seperate tool for every scenario? Sure, they provide some useful stuff, but nothing beats simply opening your e-mail client and typing a message to whoever you want.
josephschmoe 4 days ago 0 replies      
Email will last as long as we are thinking of computers in terms of files and text.

That's the foreseeable future. Anything beyond that is speculation.

andyl 4 days ago 2 replies      
There are tools to make use of HTTP in all sorts of ways. Curl, Wget, Restful APIs, Sinatra, Grape, etc. Fast, flexible, lightweight.

Email - not so much. Want a local email server? There's Postfix - yuckkk. The overhead of spam - yuckk. The lack of tooling, the lack of configurability, the DNS complexity. The fact that it requires a SAAS to do shared inboxes. Yuck.

Email could be so much better.

jonifico 3 days ago 0 replies      
Dude, if IE6 is still around, there's not chance email is going out of business any time soon. Period. However, with the rising of new communication channels, we might get better at communicating certain pieces of information over time, that's what it's all about, anyway.
scoofy 4 days ago 2 replies      
Depends on what you mean by "forever." If you mean, say, 30-50 years, even maybe 1000, sure, i'll give you that, but i'm still skeptical, but to suggest that there won't be a better communication tool that comes along to replace the written word from one node to one other, i'd say you're deluded. There is lots of room for improvement.
baumbart 4 days ago 1 reply      
Well for me, Email is already dead. Of course, dead software still exists, for information can not be destroyed. But, there will be more surveillance. There will be more counter-surveillance tools becoming popular. But Email will not stay on that list. Over the long run, the electronic mail will fall back behind inherently encrypted solutions. At least I hope that.
adnsr 3 days ago 0 replies      
Something is weird about email: Everyone can pretend to be someone else. It would be sane to reject all emails from a domain, that has no SPF record. I was asthonished when i realized that this is not already happening. Designing a large communication system it is just pure insanity to not include a sentence like this in the spec: "One can only send messages as one of the names he has power over." This could be ensured simply by SPF. It should be safe to assume, that a domain that has no SPF-record is not used for sending emails. I know that this is not the case right now, but it would change really fast, if you would push an update to the SPF-checkers, to enforce that rule. SPAM would be much less of problem than it is right now. Today you have to block ip-addresses, which is a large mess. With this rule enforced, you could block domains. Which are much harder to obtain and have a way smaller quantity.
findjashua 4 days ago 0 replies      
I recently joined a company where bulk of the communication is done on hipchat. I find it to be a much much better way of communicating, especially due to the chatrooms. I now only use email when I need to have a conversation regarding a specific subject or something I need to bookmark (star) for later.
michaelbuckbee 4 days ago 0 replies      
To the point of needing email as soon as you're interfacing with a person outside of your group: I'm seeing more and more options for this built into things like HipChat and Slack (both of which have the concept of 'guest' users).
Mustafabei 3 days ago 0 replies      
Made me remember the quote by Reinhold Niebuhr: "Frantic orthodoxy is never rooted in faith but in doubt. It is when we are unsure that we are doubly sure."
elwell 4 days ago 2 replies      
IMO, written communication en totale will fade away within the century. Thinking [0] is much faster.

[0] - http://emotiv.com/

lasermike026 4 days ago 1 reply      
It's insecure and it must die. To be more correct, email can not continue in its current form.
azinman2 4 days ago 0 replies      
News flash: startup working on email product says email will last forever.
Mz 4 days ago 0 replies      
- Email is not sexy? Design beautiful interfaces. Mailbox has managed to make email light, fast, and mobile-friendly. Sparrow was creating the most intuitive and pleasurable mailing experience etc.

I wish the author had not said "etc" at the end. He is obviously very knowledgeable about the topic. A lot of people, even people who spend LOTS of time online (like me) have not tried out every email client out there, and this is a missed opportunity to inform me and impress me with his depth of expertise on the domain his company is involved in.

I am sure I am guilty of this at times, where I either assume "everyone knows what I know" or I realize they don't and I don't want to sound like a braggart or something but I find myself feeling like I have been told "surely, you know all these examples and what they did different/right" and the answer is "No, no I do not -- what did they do??"

cletus 4 days ago 1 reply      
There are certain phrases I hear in startup pitches that immediately cause me to tune out. One of them is some combination of social, mobile and local. Another is "fixing emaiL" or "email is broken".

It isn't.

With all the change that's happened with the Internet two forms of communication have proven to be incredibly resilient: SMS and email.

SMS is resilient because every phone has it. It's portable and it's simple. The best effort thus far at dethroning SMS seems to be WhatsApp. Sure phone companies (particularly US phone companies) charge a ridiculous amount for SMS. It's no longer the valuable bandwidth control channel that it once was. But even so, I don't see it going away anytime soon.

The beauty of email is that it's largely decentralized. With something like Facebok, you get ads inserted into your stream, you're constantly at risk of some privacy snafu and there's always the risk the service changes in some problematic (for you) way or disappears altogether (OK, Facebook isn't going anywhere anytime soon but we've all had services we like get bought out and sunsetted).

Email addresses are mostly non-portable. You can have your own domain and have a portable address but most people don't. Just like a phone number has limited portability (eg only within the same country).

Changing phone numbers and email addresses seems to be an infrequent enough occurrence for most people that they don't really care about it (as a whole).

Certain services provide useful value-adds to email. Spam filtering on GMail is a prime example. There are ads on the Web UI but hey you don't have to use it (there are POP3/IMAP interfaces) and they aren't that offensive (as, say, Facebook ads are).

The fundamental use case of both SMS and email is one person sending a message to another person. Think of this like IP (the protocol). People find each other with contacts. Think of this like DNS (kinda).

Every "email killer" I've seen has made this most important use case harder or just more complicated and, more to the point, for this use case provides no tangible benefits (that anyone cares about).

And in all cases you're giving up the decentralized nature of email so someone has control over your messages and your experience. Why would anyone make that tradeoff? It doesn't make any sense.

So forever? Well that's tough to argue. But for a really long time? Sure, absolutely.

dunno 4 days ago 2 replies      
No, it won't. I distinctly remember being told by many people that email would never replace letter mail because email was too impersonal.
billpg 4 days ago 0 replies      
Looking at the listed "Email is..." statements, an important one was missed.

Email is broken.

Disagree? I'm sure your response expressing your disagreement won't end up in the spam folder.

eric_cc 4 days ago 0 replies      
"- People spend on average 2.5 hours per day on their emails

- Workers check their emails an average of 74 times a day"


Visualizing Garbage Collection Algorithms
323 points by silentbicycle  3 days ago   22 comments top 9
mnemonik 3 days ago 1 reply      
If you find this interesting, you might also enjoy "A Unified Theory of Garbage Collection" by Bacon et all: http://www.cs.virginia.edu/~cs415/reading/bacon-garbage.pdf
kazinator 3 days ago 0 replies      
This is useful; I've been puzzled by the actual behavior of a garbage collector. For instance, you might be dismayed, after implementing generational GC, that it benchmarks worse compared to reconfiguring for pure mark and sweep. Some visualization could help explain why. Raw execution profiling isn't all that helpful because it is entangled with the program, so you have to rely on collecting and logging various statistics from the collector.
azmenthe 3 days ago 1 reply      
Very cool, it would be nice if the animations looped though!
sriku 2 days ago 0 replies      
On a total tangent, I've never been satisfied with the analogy of "garbage collection" for what memory managers do ... and tried to come up with something better [1]. Not surprisingly, it came up when I was actually washing dishes :)

[1] http://sriku.org/blog/2014/07/06/dish-washing-versus-garbage...

bengali3 3 days ago 1 reply      
nice. Shows why forcing GC frequently can be counter productive, esp with the copy collector
agersant 3 days ago 0 replies      
Looks great! Thanks for making this.
molixiaoge 3 days ago 0 replies      
molixiaoge 3 days ago 0 replies      
frozenport 3 days ago 1 reply      
Obligatory Quote:

"If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell

Interestingly, this doesn't apply to Scala.

New York Police Officers to Begin Wearing Body Cameras in Pilot Program
295 points by siculars  2 days ago   196 comments top 30
dankohn1 2 days ago 9 replies      
This will turn out to be the most important technology news of the year. I live in a lower Manhattan, and as a well-dressed white person, my interactions with police are invariably polite and deferential (including when I got a ticket for running a red light on a Citibike last month).

But I know from friends that those same police officers become totally different people when in a different environment (particularly uptown and in poorer Brooklyn neighborhoods) and especially when dealing with people of color. There is bullying, there is haughtiness, and there is often a complete lack of respect.

Video cameras can change that. The knowledge that any citizen can file a complaint about an unnecessarily hostile interaction means that police officers will begin to act the way they are supposed to, as the only members of our community to whom we grant a monopoly on the legitimate use of physical force.

I also believe that video cameras will have a positive impact on police, increasing the respect they receive from the community and their self-respect, and enabling them to prove that they are often in the right around contested confrontations.

nilved 2 days ago 10 replies      
People need to realize that if body cameras don't have public live streams they are entirely negative for the general population. They'll be used against you in court and "strangely malfunction" when they could be used in your favor.

It's very dangerous to give the police complete control over video evidence, which is why I feel body cameras are a misguided attempt at sousveillance. Instead, we should be setting up public live streams in public areas, and controlling the recordings ourselves.

discardorama 2 days ago 4 replies      
While most cops are simply doing their jobs like any other profession, there are some who let their power go to their heads. Devices like cameras can help when complaints are received (as long as the cameras can't be tampered with post facto..)

Case in point: girlfriend was in a taqueria in the Upper Haight neighborhood of SF, and witnessed the following. A cop was sitting at a table. A guy walked in, stood in line to pick up a takeout order. He started staring at the cop. Now, the Haight has more than its fair share of weirdos, so a person staring at a cop is nothing new. But the cop decided to take offense at that. Started verbally harassing the guy. Took him outside, threatened to arrest him. All this time, the guy is saying: but I didn't do nothing, man! At one stage, the guy put his hands in his pocket, trying to pull out some ID; and the cop's hand immediately went to his gun, threatening "you don't want to be doing that!". Luckily, the guy took his hand out quickly. After harassing the guy, the cop shoved him and walked away.

GF witnessed the whole thing, and went out to talk to the cop as he was walking away. He just laughed at her, saying "get out of my way" and kept walking.

There were other witnesses too; but it still is basically their word against the cop's, and the SFPD refuses to do anything about it. Had there been a camera[#] on the cop, they would be singing a different tune.

[#] I told her: next time, _video_ the damn thing!

kelukelugames 2 days ago 2 replies      
I hope this takes off and everyone wins because

1) Less false complaints are filed against cops

2) Cities don't get sued because cops behave better

3) No one gets unlawfully harassed by a cop ever again.

On the other hand, I've seen criminals interacting with cops in person. They do not have an easy job.

blueking 1 day ago 1 reply      
This is a nightmare and we need to fight it tooth and nail.

Those aren't just cameras, they are networked to a facial recognition database (thanks facebook), which is cross referenced with criminal records and commercial profiles built from your every online purchase, gmail and facebook post.

This is what you can expect after the police get this as socially accepted

1. Facial recognition and additional suspicion of anyone walking down the street with a criminal record.

2. During an encounter with a officer micro facial expressions, speech patterns, eye movement and heart rate will be analyzed at high speed by AI to assess reasonable suspicion, to detect deception and emotional state and to direct the line of questioning in real time. The kind of technology the Gestapo could only dream of.

3. Body language of everyone in view will be analyzed for suspicion as they pass by.

4. These AIs will analyze anything you say in real time for factual accuracy against a huge database of personal information (half of which comes from your phone) and for context based on your commercial profile.

The implications here are that these databases represent a power shift and will redline demographics and make living in society with a record far more unpleasant than it is now. You can get a felony for forgetting your bus ticket. This effects everyone.




tuxidomasx 2 days ago 0 replies      
It looks like only a small number of officers will have them for the pilot program. But even if widely adopted, I feel like this wont help stop police abuse due to the Blue Code of Silence.

Besides, cameras on squad cars don't prevent racial profiling on the road. I've never been told "you were driving while black, so lets see if you have something illegal in your car."

Instead, I hear: "it didnt look like you were wearing your seatbelt..." or "you were following the car ahead of you too closely..." or "I need to check your window tint" (and i dont even have tinted windows!)

I feel like body cams are just another obstacle for abusive police to maneuver around.

mbrameld 2 days ago 1 reply      
This is a good first step. There needs to be strict punishment for officers who turn off or fail to turn on their cameras when interacting with the public, though. Also, if footage of an incident where an officer was wearing a camera doesn't exist it should be presumed to be exculpatory for the accused.
mkhalil 2 days ago 0 replies      
I applaud the effort and it may help in significant violations of human rights. As far as general harassment goes, not sure this is gonna help much.

What do you expect to happen when someone gets harassed? Who is he going to call? The police station?

Civilian: "Hello, Mr.Officer, one of your colleagues were being mean to me and didn't let me get on the bus today without questioning everything about me."

Officer: "I apologize for any inconvenience he may of caused you sir, we'll look into it."

Officer to colleague: "So....Did we decide on Mexican for lunch? Or Sushi?"

xrange 2 days ago 1 reply      
I suppose it'll be interesting to see the "failure" rate for these cameras, how often someone "forgets" to put it on, and how easy it is for the camera to get "damaged/stepped on" in a scuffle.
icantthinkofone 1 day ago 0 replies      
I'm glad for this. Now people can better see all the crap police have to take off the type of people they deal with every minute of every day, five and more days a week, eight and more hours a day and realize that 99.999% of all the "corrupt police" charges are just what it is: over the top BS.
tomohawk 1 day ago 1 reply      
Teachers are often accused of mistreating children.

Healthcare workers are often accused of mistreating patients, too. For example, I know someone who works with many elderly patients who often get confused and make accusations of mistreatment. Many of her coworkers have been benched until cleared by investigation.

Like police officers, they can be viewed as being authority figures. Perhaps they will begin wearing these soon, too?

pkaye 2 days ago 1 reply      
I don't see any negatives to having these body cameras for police officers. Not even in terms of costs since reduced lawsuit litigation and settlements so counteract that.
meepmorp 2 days ago 3 replies      
If you've got nothing to hide, why is the camera a problem?

But more seriously, does anyone know anything about these systems? I'd be concerned about them getting shut off (accidentally or not), and about ensuring that the recordings made are retained for a reasonable period of time (however long that is). Are there off the shelf solutions for this?

skyhatchash 1 day ago 0 replies      
They've done body-worn cameras in Sydney, Australia for a while now. It seems to have helped curb corruption and unnecessary brute force - most of the time. Where there's a will, there's a way.
MadManE 2 days ago 2 replies      
I like that we are moving towards a state of affairs where police have to act appropriately in their position of power.

However, I seem to be the only one who sees the irony in complaining about the NSA recording everything we do, and simultaneously giving large amounts of recording equipment to other parts of various levels of government.

How do we ensure that these cameras aren't turned against us, also?

Who watches the watchers?

rdtsc 2 days ago 0 replies      
Shouldn't citizens also be encouraged to use cameras as much as possible when interaction with police.

Just like with many police car cameras, all of the sudden they "malfunction" when something shady has happened.

simplemath 2 days ago 0 replies      
Taser are pairing their LEO bodycam offering with an associated cloud storage product at EVIDENCE.com
facepalm 1 day ago 1 reply      
Wasn't there a law recently that it's illegal to film policemen? Seems like a not so positive imbalance in power.
theDustRoom 1 day ago 0 replies      
I think that police firearms should also have cameras attached so that evidence is recorded.
sergiotapia 2 days ago 0 replies      
GOOD. There is literally no downside to this, it's a win-win! Here's to more polite police officers and less violence.
higherpurpose 2 days ago 0 replies      
This is a great and necessary step. But what happens to the videos after they're taken? Do people need to go through long process of FOIA request? Do they have to sue the department to see them? Or will all videos be posted on a Youtube-like site that's accessible almost/anyone, soon after it was taken, and not controlled by the police department taking the videos? I don't want 30 percent of these videos to "get lost" after they're taken.
Istof 2 days ago 0 replies      
Hopefully they will be held accountable for "broken" cameras...
tiffanyh 2 days ago 0 replies      
Google Glass just found a solution to a problem.
siculars 2 days ago 1 reply      
Who gets the contract? GoPro?
ck2 2 days ago 2 replies      
Note they can be turned off at will and have a delete button too.

So mostly useless, they are there to show what the cop wants to show.

joeblau 2 days ago 1 reply      
The fact that American citizens need protection from the police in America is sad.
massappeal 1 day ago 0 replies      
This would be great if all of the footage was automatically archived to a publicly available website, but somehow I feel like this footage will be very hard to get a hold of, similar to FOIA Requests
dba7dba 2 days ago 0 replies      
In recent years when there was some kind of alleged police misconduct, the police would invariably deny, deny, deny. What the citizens were complaining about never happened.

And then a video footage would surface that proves police misconduct.

Of course there are liars that try to get police into trouble or just hate them.

Hopefully this body camera idea will be a good thing.

marincounty 2 days ago 1 reply      
In my neck of the woods(San Rafael, CA 94901) San Rafael police have a pilot program that will equip a few officers with a CAM. The problem is the camera can be turned off by the officer.

It's a small program and will go nowhere. These Cops are harassing Anyone they feel might be Homeless. They are ticketing for jaywalking, sitting on side walks, sleeping.(They are trying to make there life so miserable they willbe forced to move on to another town--basically). It's hard to watch them(SRPD) swarm around a suspected Homeless person--take their picture, frisk them, make them empty out all pockets, put their hands on their Crotch, etc.) It looks like something out of Germany in the 30's.

That said: I can't protect them, but I have the resources to protect myself--kind of. I bought two Dash Cams off Amazonfor less than $16.00 each. I bought two because they are cheap and I wanted a spare. I have this Cam on whenever I go out. I don't get pulled over because I drive an older car, or happen to be out after 10 p.m. anymore? I only wish I had this cheap form of protection when I was younger!

Basically, you need to protect yourself. The price of Dash Cams is so low, there's no excuse not to have one on your vechicle? Look at the purchase just as vechicle maintence.There's no need to buy anything fancy.

afafsd 2 days ago 2 replies      
This gives me another idea: how about we fit criminals with body cameras?
How a new HTML element will make the Web faster
309 points by wfjackson  5 days ago   144 comments top 31
xenomachina 4 days ago 0 replies      
This element reminds me of the ill-fated FIG element (https://www.cmrr.umn.edu/~strupp/elements.html#FIG) which was proposed in HTML 3.x, but never made it in. (I think it was replaced by EMBED which then transmogrified into OBJECT).

FIG was intended to be an alternative to IMG, and unlike IMG it wasn't self-closing. It could have children, and the way it was supposed to work was that the outermost one the browser thought was "good enough" would get rendered. One possible usage at the time was to have a png in your outer FIG, a gif on the next one in (png was new at the time, so not well supported), then an IMG for browsers that didn't understand FIG. Once FIG was well supported then you'd leave out the IMG, and instead just have the "alt" text -- except it could have real markup instead of just the plain text of the alt attribute.

ardemue 4 days ago 2 replies      
For the technical side, instead of the historical one: http://responsiveimages.org/

An example from the homepage:

  <picture>    <source media="(min-width: 40em)" srcset="big.jpg 1x, big-hd.jpg 2x">    <source srcset="small.jpg 1x, small-hd.jpg 2x">    <img src="fallback.jpg" alt="">  </picture>

Illniyar 4 days ago 4 replies      
This is a bit of a linkbait. There are maybe two lines on how the new "picture" element makes the web faster.

The rest is the story of how the "picture" element came to be, which is a very interesting story but has nothing to do with how it'll make the web faster.

ollysb 4 days ago 3 replies      
A simpler solution might be

    <img src="image.jpg" sizes="640,800,1024"/>
Then then the browser can choose the most appropriate size based on the screen size. The filenames would simply follow the convention, image-640.jpg, image-800.jpg etc. older browsers would simply use the original src.

latch 4 days ago 3 replies      
Recently, a HN job post brought me to a career page. It served up a 1MB css file, a 650K [mostly red] png image, and a 300K black and white png.

I don't know whether it's incompetence or indifference, but for most sites, slow loads is a developer, not a tool or design, issue.

TheAceOfHearts 4 days ago 1 reply      
tl;dr: <picture> tag. It contains an <img> tag inside for backwards compatibility, and allows you to define multiple <source> tags for different sizes.
thomasfoster96 4 days ago 0 replies      
I think <picture> will (hopefully) ultimately win out because it quite nicely makes all the main three forms of embedded media (pictures, video and audio) work pretty much the same way. Plus, if only use of <figure> and <figcaption> was a bit more widespread...

Either way, the article makes it pretty clear that the current method for drafting and implementing standards for the web is not working brilliantly (having both W3C and WHATWG around exemplifies this).

c23gooey 4 days ago 1 reply      

This probably wont be used on any major sites for the time being, considering the devices that the element has been designed for dont support it.

bambax 4 days ago 2 replies      
There are many browsers out there, not just Chrome and Firefox, esp. on mobile. Android Chrome is fairly out of sync with desktop Chrome. Kindle devices use their own browser and won't let you install another one, etc. Plus, mobile users update their apps or their OS rarely, if ever.

Shouldn't the solution come from the server side? You can serve different image sizes to different devices, whereas if you need the browser to do the work you'll wait forever.

There is even a simpler solution, which is to use just one image of average-to-small size, and size it in the page dynamically. If the image is of good quality in the first place (noise free), most users won't notice.

laurisvan 4 days ago 0 replies      
While the <picture> and <img srcset="..."> are a step towards responsive images, but I personally see them as too complicated for developers that just want to get things done fast. The complexity of the new standards will slow down their adoption even more than the browser support.

For an example, we solve the adaptive images server-side problem with our SaaS image compression service http://www.slender.io/ with smart recompression & a few content negotiation tricks. Some of our customers would like to use <picture> and related polyfills for their sites, but their designers struggle defining the target image sizes relative to viewport dimensions, not the size that the image is/would be layouted. As a result, adoption on both smart browser and server-side solutions are slowed down.

The article mentioned element queries, that will hopefully solve this problem, but make the browser implementation much more complex. While the browser could resolve the normal media queries already when preparsing (e.g. it knows the viewport dimensions all the time), I understood it would know the element queries only after layout, partially defeating the whole purpose of preparsers.

It seems web standards are making things as simple as layouting insanely complex. While I am sad about all that artificial complexity, I am happy that no WYSIWYG editor will automate my job any time soon. :)

asher_ 4 days ago 0 replies      
I was neck deep in this very issue for most of today. It is surprising that there is no usable solution to this issue without resorting to what seem like pretty awful methods. If I am wrong about this please do let me know.

Based on what I found today, there are a couple of ways to handle the problem of variable sized images. If anyone knows others please do tell.

1. Use picture and srcset with a polyfill (Picturefill). With this you end up with verbose markup as well as needing stuff like "<!--[if IE 9]><video style="display: none;"><![endif]-->" to make it work. It also results in requests to multiple images for browsers that support srcset but not picture, meaning twice as many images are downloaded. Many browsers are in this group with the current or next versions.

2. Use javascript. This is the method employed by various saas solutions that I looked at, and there are of course libraries that you can use yourself. Waiting for javascript to execute before the images can start being pulled down has obvious problems.

3. User agent sniffing. This method requires server side logic to implement, and relies on data that in many cases will not result in an appropriately sized image being rendered.

Is there another way? Has anyone got a workable solution to this and could give a recommendation?

mccr8 4 days ago 0 replies      
The work to get the picture element implemented in Firefox is going on in the bugs in the "Depends on" field in this bug, if people are interested:


Pxtl 4 days ago 3 replies      
Or we could finally stop futzing around with scaling raster graphics and find a way to make vector formats not terrible.

Serioulsy, fast vector graphics were a solved problem back in the late '90s. How is this still a problem today on the Web?

superzamp 4 days ago 2 replies      
For people interested in on the fly image processing, there's a nice article here http://abhishek-tiwari.com/post/responsive-image-as-service-...
hrjet 4 days ago 2 replies      
Why stop at images only? A more general solution using CSS-like media queries would be much preferable; with a general solution it would be possible to serve all sorts of assets (CSS, JS, Images, Video, etc) tailored to the display device and network connection.
ptbello 4 days ago 0 replies      
I found this article on the subject to be more informative and useful:


ndreckshage 4 days ago 0 replies      
This article is pretty naive.

1. m dot sites are not a thing of the past. Many sites benefit from a pure mobile experience.

2. The Boston Globe (while impressive) does not show that 'that responsive design worked for more than developer portfolios and blogs'. The globe is largely text / image based, and that does not translate to a site like Amazon / Facebook.

exo_duz 4 days ago 0 replies      
I love this idea of the <picture> element which hopefully most browsers will adopt soon but how will this support on the older iPhones that cannot upgrade to iOS7 (iOS8 soon). Especially with Apple not supporting these devices anymore.
adad95 4 days ago 0 replies      
HTTP Client Hints - New draft imp. of Client Hints for <img> and <picture> for Ruby.https://github.com/igrigorik/http-client-hints
igl 4 days ago 0 replies      
Someone from the HTML standard body is going to make the web better? Riiiiiiight...
NicoJuicy 4 days ago 2 replies      
To resize images, i create a cookie with javascript that gives the browsers current width and height. (mostly for full image front pages -> the function for choosing the image width is based on bootstrap)

When i read the title, i thought media-queries would get the functionality to load external stylesheets, which seems like a better option to me (especially if css could fill the img src, then stylesheets reduce in size, but also images. Only this option uses to much back-and-fort communication. Perhaps a default naming would be appropriate (eg. img-1024.jpg => for browsers with a max-width of 1024 px, same could be used with stylesheets). Even a syntax like <img src="small.jpg" srcset="large.jpg 1024w, medium.jpg 640w"> could be used.

PS. If you downvote me, at least do it with the decency of giving arguments...

Thiz 4 days ago 0 replies      
Polluting the HTML with extraneous information not intended as markup is never a solution.

As someone already said, use headers, css, etc.

dredmorbius 4 days ago 0 replies      
TL;DR: <picture> element.

arstechnica: you can do better than linkbait titles.

blencdr 4 days ago 0 replies      
I don't understand why so much question as this problem should be easily solved with wavelet type images (jpeg2000 for instance).

the low resolution devices could load the first bytes of the image and the high resolution one the full image.

ethana 4 days ago 0 replies      
I think this should just be a server side issue. Querying for images with size information and the server spit out lower res images on the fly. This way, the web design guys have less to do when creating graphics assets for a site.
aianus 4 days ago 3 replies      
This doesn't seem too useful in the first world anymore now that we have 4G connections and higher resolution screens on our phones than our desktops.
NoMoreNicksLeft 4 days ago 1 reply      
Seriously, I thought this was what request headers were for. Have the goddamned browser request the most appropriate size, don't hardcode it into the markup.
jbb555 4 days ago 3 replies      
Ah, it might make the web faster on mobile. Not very interesting.
swehner 4 days ago 0 replies      
If mobile browsers struggle to download images, change the mobile browsers. Let the browser wait for some javascript to manipulate the src's ...
sixQuarks 4 days ago 1 reply      
I think the current mobile browser is long overdue for disruption. In 10 years, I can see us looking back and chuckling at the fact that we had such tiny spaces for all the information we interact with.

Virtual reality should bring inexpensive, full-peripheral "monitors" that we can interact with naturally, anywhere. No more having to bend over backwards to fit all our info on mobile devices.

ihsanyounes90 4 days ago 0 replies      
I knew about this tag 2 months ago, when I was Implementing a responsive website. I came accross the picture element but Unfortunatlly, most of modern browser is not supporting it yet. So I decided to do it via javascript.So I don't see the "news" here, I thought the article was about a compression algoritm or somthing, but nothing special.
Why a Dead Alkaline Battery Bounces [video]
286 points by Walkman  2 days ago   50 comments top 10
haar 1 day ago 3 replies      
I think one of the bits I liked most was "Romeo (Retired Old Men Eating Out) Club" - looking at its website it seems like quite a large thing over there. I know that my Grandma goes to something similar (restricted to just tea and bingo), but it makes me wonder if a similar organisation exists in the UK; a lot of the older folk I know just aren't very social any more, simply due to the fact that their social groups have died off or are spread out and have restricted travel options. Social interaction seems such a huge part of our existence to be missing for any individual (unless that's what they want of course).

Again, anecdotally; I've found amongst the older folks that those engaged in discussion and interaction keep their wits about them longer/easier than those bound by isolation.

Anyway, enough babbling on - time to go do some research.

mixedbit 1 day ago 0 replies      
They could go further with the experiment to check if a material of which the battery content is composed matters or if the stiffness of the content is the only important factor.

They could for example check how bounciness changes when a battery is filled with a gel-like substance which could then be frozen.

tke248 1 day ago 0 replies      
Here is the transcript if you don't like watching the video http://bit.ly/1uD31Uz
dblacc 1 day ago 1 reply      
What would the inside of a recharged battery look like I wonder.
macromaniac 1 day ago 1 reply      
It's interesting to me that using the height of the bounce against the ground for estimating the spring constant is worse than using the height of the bounce against the battery.
keeperofdakeys 1 day ago 1 reply      
Probably not the best idea to open a battery without gloves and a mask (though lithium batteries are worse in terms of gases).

Still very interesting to see the electrolyte though.

JosephRedfern 1 day ago 1 reply      
The method has even been patented! http://www.google.co.uk/patents/US5567541
rtb 1 day ago 2 replies      
For some reason, it upsets me that he refers to spent / empty / used batteries as "bad", as if they were faulty.
dang 1 day ago 3 replies      
lowglow 1 day ago 1 reply      
Electrons change things, yo :)
How to zero a buffer
272 points by cperciva  2 days ago   207 comments top 32
jhallenworld 2 days ago 1 reply      
Slightly OT since it has little to do with security, but fighting the optimizer is something FPGA Verilog and VHDL designers must also master.

If you don't use an the result of some logic it will be optimized out. One way to prevent this is to route it to a pin.

If logic is fed by a constant, it will be optimized out right up to the point where the result of the logic is mixed with some external input. (early tools could not use the dedicated reset net due to this- reset for each flip-flop had to be routed to a pin or the reset net was optimized out which means the initial state of your flip-flop is lost).

If you have identical logic, one copy is optimized out due to aggressive CSE. This is often bad for performance (routing in an FPGA is as slow as logic, so it's better to regenerate identical results in multiple places), so you add "syn_maxfan" constraints to prevent the "optimization".

On the other hand, an input flip flop will be duplicated if the fanout limit is exceeded- but this prevents the use of the dedicated I/O cell flip flop which then causes external timing to be messed up. So you use syn_maxfan=infinite for this case.

smegel 2 days ago 4 replies      
When I allocate the key on the heap, the memset is carried (heavily optimized and inlined). When I allocate key on the stack, it disappears. Using gcc -03:

    #include <string.h>    void doSecure(void)      {          /*char key[32];*/          char *key = (char*) malloc(sizeof(char)*32);        memset(key,sizeof(char),32);      }    int main(void)      {          doSecure();        return 0;      }    -- key on stack    main:      .LFB13:          .cfi_startproc          xorl%eax, %eax          ret          .cfi_endproc    -- key on heap    main:      .LFB13:          .cfi_startproc          subq$8, %rsp          .cfi_def_cfa_offset 16          movl$32, %edi          callmalloc          movabsq$72340172838076673, %rdx          movq%rdx, (%rax)          movq%rdx, 8(%rax)          movq%rdx, 16(%rax)          movq%rdx, 24(%rax)          xorl%eax, %eax          addq$8, %rsp          .cfi_def_cfa_offset 8          ret          .cfi_endproc

Someone1234 2 days ago 6 replies      
Can someone explain this line:

      static void * (* const volatile memset_ptr)(void *, int, size_t) = memset;     
I've written some C but that is utter gibberish to me.

denim_chicken 2 days ago 2 replies      
In GNU C one can add the statement

    asm ("" : : "m" (&key));
just before or after the memset, effectively telling the compiler that the address of "key" escapes the scope of the function.

tedunangst 2 days ago 3 replies      
When this still doesn't work: JIT compiled C. The compiler can check for memset and elide it. (Or hell, one can envision the hypothetical Antagonizer9000 compiler including a version of memset which peeks up the stack to see what it's clearing and stops short.)
annnnd 1 day ago 3 replies      
Is the proposed solution really the best approach? It seems complicated to me and relies on obscure parts of the language. Maybe the problem (compiler optimizes away function call because the result is no longer needed) could be solved like this:

  memset(key, 0, sizeof(key));   if (key[0])  // we are using key, so you can't skip memset()    dropDead();
Unless the compilers "understand" memset and still optimize away the last two lines? I would hope not... Does anyone know how aggressive the C optimizers are these days?

Genmutant 2 days ago 1 reply      
Why wouldn't you make key volatile? Shouldn't that solve all the problems? Or is it because it would be to slow because the compiler can't do that many optimizations in the rest of the function any more?
haberman 1 day ago 1 reply      
Interesting. This appears to solve a more general problem, which is: how to create a barrier against inter-procedural optimization and dead code elimination.

I wonder if this trick could also be used to solve the double-checked locking problem.

From the quintessential DCLP paper (http://www.aristeia.com/Papers/DDJ_Jul_Aug_2004_revised.pdf):

    Consider again the line that initializes pInstance:    pInstance = new Singleton;    This statement causes three things to happen:    Step 1: Allocate memory to hold a Singleton object.    Step 2: Construct a Singleton object in the allocated memory.    Step 3: Make pInstance point to the allocated memory.    [...]    DCLP will work only if steps 1 and 2 are completed before    step 3 is performed, but *there is no way to express this    constraint in C or C++*.
But Colin's pattern here seems to be a way of indeed guaranteeing this. The volatile function pointer is a barrier against inter-procedural optimization: if the function must be called, then step 3 cannot possibly be performed before steps 1 and 2.

(There might still be necessary hardware barriers that are missing, and the lack of a memory model for pre-C11/C++11 probably makes it all technically undefined behavior anyway. But the key sequential ordering constraint that was claimed inexpressible in C and C++ appears to indeed be expressible with this trick, if indeed the trick works for guaranteeing a call to memset).

xroche 1 day ago 4 replies      
Why would you want to zero a buffer ? Because it may contain sensitive information, I presume. If you don't have additional properties w.r.t allocated memory, what prevent a system with high load to temporarily put the given memory block on swap, leaking the information on disk ? Security is hard...
userbinator 2 days ago 2 replies      
While this completely subverts our intention, it is perfectly legal: The observable behaviour of the program is unchanged by the optimization.

This begs the question of what is "observable behaviour" - execution time, which is definitely "observable" and the basis of timing-based attacks, can certainly change depending on what the optimiser decides to do.

I think this and similar cases of "fighting the optimiser" should really be solved with per-function (or even per-statement) optimisation settings; both GCC and MSVC support #pragma's to do this, although it's nonstandard.

foobarqux 2 days ago 1 reply      
You should have test cases to verify the zeroing behavior in the object code. Even if the standard says a compiler must do something does not mean that it does.
apaprocki 2 days ago 0 replies      
At least in LLVM 3.4, this seems to do the trick too:

  static void secure_memset(void *, int, size_t) __attribute__((weakref("memset")));

sgentle 1 day ago 2 replies      
This all seems kind of silly. Why doesn't C have a type qualifier like called "secure" to inform the compiler that it should avoid security-compromising optimisations and maybe even automatically zero the memory when it falls out of scope?
defen 2 days ago 3 replies      
Nice teaser at the end there. Does it have something to do with the fact that the OS may have paged the memory containing the sensitive data to disk?
pjungwir 1 day ago 3 replies      
Does anyone have any advice on articles about C compiler optimizations in general (especially gcc)? I'm doing my first serious C work in ten years, and I keep wondering if I should fuss with things like this or let the compiler handle it all:

    foo->bar->baz[i].oof = foo->bar->baz[i].durb + meep;

   what *tmp = foo->bar->baz[i];   tmp->oof = tmp->durb + meep;
EDIT: I'm not asking for a link to this:


I'm asking if there is advice about it. Any overviews with common pitfalls, advice on when to use -O1 vs -O2, specific optimizations to turn on/off, etc.

scott_s 2 days ago 1 reply      
Colin, you're missing end-parenthesis in your memset calls.
e12e 2 days ago 1 reply      
It is a little mind boggling that support for proper handling of this didn't arrive until c11. For a symmetric cipher without a demanding setup/init phase - would it make sense to just do a few rounds on a buffer using the zeroed key? Obviously quite a few more cycles, but should at least be a predictable (constant) overhead?
dllthomas 1 day ago 0 replies      
It seems like ideally what we need is a language designed for as-fast-as-secure computation, JIT for the specific architecture it is going to run on to ensure no differences in timing, energy use, or anything (within whatever bounds are achievable) even in the face of different cache layouts, CPU optimizations and similar and which makes it a point to clean up everything that is not meant to be returned.
Perseids 1 day ago 0 replies      
> on C11 [] you can use the memset_s function

How is the case for modern C++? Are there `vector` or smart pointer alternatives that reliably zero the memory in the destructor?

jstanek 2 days ago 2 replies      
Does GCC include any flags to prevent this sort of detrimental optimization?
drivingmenuts 2 days ago 6 replies      
Why would the compiler be allowed optimize away a call to a perfectly valid function? This seems like it's allowing to compiler to make judgement calls on whether or not your code is worthy of being executed.
MichaelMoser123 1 day ago 1 reply      
You can have a function that wrapps memset with zero argument this wrapper should be in a different shared library, this way the compiler will not follow it; wait, that's exactly what memset_s is,
im3w1l 1 day ago 0 replies      
A sufficiently malicious compiler could keep around a copy of the key in non-volatile memory.
anon4 1 day ago 1 reply      
Just put it in a shared library and don't worry about it. Why all these compiler-specific brittle solutions when simply putting a function in a .so will ensure it's being called and will prevent any link-time optimisations.
bakhy 1 day ago 3 replies      
I had no idea that such things are possible in C. The things about I've read recently (the "friendly" C suggestion) and this seem like violations of the spirit of the language. And for what, really? The language looses its signature predictability, which to me seemed like a great feature of C.

If you write crappy code and expect the compiler to fix it for you, you should maybe consider another language. I can only imagine how hard it is to write reliable system software in a language that does these things.

oso2k 1 day ago 0 replies      
Wouldn't returning the passed memory block through the return fix the optimization issue?
angersock 2 days ago 3 replies      
This sort of thing would be exactly what should go into the "Friendly C" dialect being chatted about the other day--for things like zeroing memory, it's very unexpected that a compiler would be like "nah, not feeling it...nobody will notice anyways".
jimmaswell 2 days ago 1 reply      
Couldn't you just compile these functions with optimization turned off, in a separate binary or something?
api 1 day ago 1 reply      
If your goal is just to "burn" the memory, why not write your own loop that copies some arbitrary piece of data that the compiler can't optimize out over the memory's contents? Do something like fill the buffer with its own pointer address.
kazinator 2 days ago 2 replies      
The article the completely obvious:

    /* implemented in another translation unit */    void zero_for_sure(void *data, size_t size);    void func(void)    {      char securedata[42];      /* ... */      zero_for_sure(securedata, sizeof securedata);    }
The key here is that our zero_for_sure is an external function in a separately translated file. In the absence of a stunningly advanced global optimization that peeks into other previously compiled units, the compiler has no idea what zero_for_sure does, and so it has to earnestly pass it the given piece of memory.

In turn, zero_for_sure is just this:

   void zero_for_sure(void *ptr, size_t size)   {      memset(ptr, 0, size);   }
The compiler has no idea where ptr might come from since this is an external function, and so it cannot optimize away the memset.

Only if the compiler could consider the whole program together could it still optimize this.

In fact, you don't even need this function, just a dummy external function:

   void zero_for_sure(void *ptr, size_t size)   {      char securedata[42];      /* ... */      memset(securedata, 0, sizeof securedata);      commit(securedata);   } 
Of course, commit is a noop which just returns. But the compiler doesn't know that because commit is in another translation unit.

The only optimization card that the compiler could pull here is since securedata is going away (so that it is illegal for commit to stash a pointer to it), it's okay to call commit with a pointer to some other block which contains zeros, and not actually securedata.

With any trick like this, you should inspect the object code to make sure it's doing what you think it's doing.

Oh, and sizeof doesn't require parentheses when the operand is an expression; they are required when a type name is used as an operand.

tiffanyh 2 days ago 1 reply      
For those of you unaware, Colin Percival (author of the blog) was for many years the FreeBSD Security Officer and he's highly recognized in the field for his expertise.

He also runs http://www.tarsnap.com/ which is arguably the most secure (and cost effective) back up solution in the market.

(I'm in no way affiliated with Colin and/or Tarsnap. Just a fan of his work and humble attitude.)

jasonme 2 days ago 1 reply      
Well, if the buffer is so critical and yet small, why not just free it and re-allocate the whole thing next time we use it.
I Ghostwrite Chinese Students' Ivy League Admissions Essays
281 points by misiti3780  6 days ago   218 comments top 39
jurassic 6 days ago 9 replies      
Really interesting piece. In my post-college lull, I was once in a major financial bind and ended up doing a brief stint as an academic ghostwriter. I wrote term papers, not admission essays, for a ghostwriting service over a period of about 2 months. The work was easy and the money was good.

I felt pretty guilty doing the work at first, but I quickly realized that most of the assignments were so banal that I don't think the clients missed out on much learning value by outsourcing it. Why are college courses giving "major" assignments that can reasonably be completed in 5-10 hours by a smart person with no training in the field? If a college degree just means you banged out a bunch of garbage essays, as it does for many people based on the assignments I saw contracted out, should we really be outraged that some people are not doing the work themselves?

I would argue that the real scandal is not that some people are paying for help, but that many degree programs demand so little in terms of knowledge and thought that they can be easily gamed in this way. I would like to see fluffy degree programs ended, so that legitimate work in the humanities can continue without anyone wasting time and resources shuffling average Joes through the pipeline to middle class office jobs.

The most surprising discovery for me was that it seemed like after foreign language students the heaviest users of the service were education majors. No joke. I never figured out if the noticeably heavy use by education majors was a selection bias caused by the way the service was advertising itself, a sign of especially low ethics among education majors, or an indication that there might be a higher incidence of lifestyle factors (e.g. going to school while working full time) that made it difficult for them to crank out all the BS assignments required of them.

It's also interesting to me that the author of this piece seems to be an independent contractor whose business increased as she became known. Generally, I would expect ghostwriters to want to keep a low profile which makes it hard to be independent. I certainly didn't want anyone knowing how I was paying the bills when I was in it. And unless you are charging top-end rates, the overhead of marketing yourself and picking up envelopes of cash at Starbucks is probably an inefficient use of time. Both of these factors mean that a lot of people end up working for agencies that do the work of finding clients and managing payments, and also provide double blinding. So the writer never knows the identity of the client, and vice versa. It's a pretty good system overall.

nicolax 6 days ago 2 replies      
As a Chinese student who applied to US grad schools 2 years ago, this story is interesting and somewhat sad to me, even though I always know such ghostwriting exists in China.

Unlike the wealthy Chinese students described in this story, my family is poor--even paying the application fees is no easy. Besides, I really don't like being unauthentic and cheating. I wrote all the essays myself, without buying any guides or paying anyone. Just like in this story, I searched every corner of my world and put in pieces that most represent myself. The writing process took me 3 months, which was an incredible learning experience.

In the spring when I was doing a video chat with a professor from UBC, she asked me whether I had any native speaker to help on my writing (legit to ask, I should say). One month later, I got a personal email from the chair of NYU Tisch school of Arts, that he's moved and impressed by my essay. It was reassuring the efforts paid off (at least it stood out from the fake authenticity). That fall I came to Stanford.

Thanks to Chinese education, Chinese students are usually very weak on independent thinking, we're trained to give standard answers and follow certain scripts. Applying for schools abroad is a good opportunity to re-think and re-learn. But apparently all the "consulting" services, ghostwriters have provided again, crutch to rely on and scripts to follow. After coming to the US, as they probably haven't thought clearly about why they came here, many Chinese students fail to make the best use of their time here. It can also water down the quality of education programs, as some of the students are under-qualified or not motivated.

asdfologist 6 days ago 5 replies      
First of all - wow, what a talented writer. No wonder her clients have done so well.

Forgery of college admissions essays is rampant not just in China but also in the US (and I suspect in many other places), but actually the problem is really much worse than that. With the boom of the "college consultants" industry, professionals are essentially "forging" entire high school careers on behalf of their clients - telling them what classes to take, which clubs to join, where and how many hours they should volunteer, etc. The end result is that these clients look like amazingly productive students with a superhuman sense of self-initiative, whereas in reality these kids simply followed a script written by some adult their parents paid large sums of money for.

gaoshan 5 days ago 2 replies      
She wrote an essay for a Chinese student about her mother washing clothes in a laundromat, leaving them to run errands and returning to find the clothes stolen. While leaving one's belongings unattended in a public place in China would indeed likely result in them being taken (and no one in China would do such a thing expecting anything different), China doesn't have laundromats. Never has. Not that anyone involved seems to care.

It would be like a Chinese ghost writer crafting a touching tale of an American kid's mom having to work double shifts in a KTV bar only to return home one night and find that her husband's chou tofu stand had been confiscated by the Chengguan.

Bahamut 6 days ago 2 replies      
This is a bit disheartening to me, but not surprising. I know of several people who have used this type of service, and some who have provided it.

For me, my essay was the difference in attending the likes of Harvard - my essay was egregiously bad, and it was explained to me by the director of admissions of one Ivy League school via a family friend who was a professor at that same university as the primary reason for rejecting me, even though by all other metrics I was an almost stellar candidate, even out of those they typically admitted.

I wonder how many people have gamed the system like such, and what effect has it had on the lives of those who would have otherwise attended those schools? For me, I have miraculously succeeded in my path, although it was a pretty unique one - the confidence I built before college in my abilities helped me overcome the setback. There are many people not so fortunate though.

We probably will never know the true effects of such unintended gaming, but it goes to show that people shouldn't take as much stock in the school someone attended but their pure mind in industry.

soneca 6 days ago 4 replies      
I have several friends here in Brazil that were accepted in top USA MBAs. All of them are very smart, but all of them hired a consultant to help with admission process.

No one hired a ghost writer, all of them wrote their own essays, but in all cases the consultant asked them to rewrite 5 or 6 times, at least. There it is where it seems to exist the ethical line: ghost writer, no good; rewrite yourself until every single sentence is exactly like the consultant wants, good.

It is easy to see that both are equally fake essays. All consultants say: "don't even bother about trying to be original or clever. Your only goal is to write exactly what the admission people want to read". And it works.

Yardlink 6 days ago 1 reply      
I used to work for a company writing application essays for Chinese students. I didn't write them myself but I have no moral objection. The requirements are bizarre - effectively "tell us what you know will make us like you but hide the fact that you know we want to hear it".

Should you tell the truth "I love CS and play it in all my spare time, I'm obsessed with it and usually don't get enough sleep for school because I'm so committed staying up late at night shooting people" or tell a story about an incident at the beach that makes it look like you have amazing management skills? Who knows!

University selection is ridiculous and I support any attempt to bring fairness to it like these services.

usea 6 days ago 2 replies      
At $400 a piece, often including lengthy interviews and an overwhelming demand, the author should raise their rates. Probably by an order of magnitude.
johan_larson 6 days ago 2 replies      
Paul Graham had some interesting things to say about the value of elite college degrees back in 2007: http://paulgraham.com/colleges.html

Any sign employers have started to focus less on recruiting at the most prestigious schools? And if they're not looking there, where are they looking?

Come to think of it, where are the founders accepted by YC coming from?

eck 6 days ago 0 replies      
The bit about selling her soul seemed a bit contrived. They don't have to be the applicants' stories, but they don't have to be the ghostwriter's story either -- once it's no longer a true story for the applicant, whether it's your story or total fiction seems irrelevant.

The part about interviewing the applicants made me wonder whether there is any fact checking of essays, or whether there will be in the future. The story about being poor and having your clothes stolen from a laundromat is a real tearjerker, but if the admissions officer knows that you're the child of China's 99th richest business magnate, I doubt it would help.

westiseast 6 days ago 0 replies      
When I studied at a university in Fuzhou, I wrote a fair few things for friends (both students and teachers) - admissions applications, letters of reference, essays, correspondence etc. Some was just helping with language errors, some was translation and some was just downright faking (ie. "my professor is my brothers cousins uncles best friend, he said you can write whatever you want"). I figured I wrote my fair share of bullshit on my university application and subsequent job forms, so this wasn't much different...

One of the most common problems was just about bridging the gap between Chinese/Western expectations - Chinese reference letters are sometimes pages long, and filled with flowery and extravagant language to describe the candidate, whereas a Western reference letter would be concise, professional and often maybe just 2-3 short paragraphs.

heterogenic 6 days ago 1 reply      
It's interesting that one of the only Ivy programs which is essentially immune to this gaming of the system is Harvard Business School, which allows only one semi-optional free-form essay ("What else would you like us to know?":(http://www.hbs.edu/mba/admissions/application-process/Pages/...) and requires a follow-up letter to every in-person interview.

The irony of course is that the scions of empires and children of privilege who are being groomed for leadership essentially get a free pass at admissions. (Which has a sort of logic when you consider that they form the backbone of the class power network almost immediately upon graduation).

(As an HBS graduate I have mixed feelings about the overall privilege distribution, but admit to having no plausible suggestions of how to address it.)

metacorrector 6 days ago 2 replies      
YCombinator is all tied up with VCs and incubators and such, right? In other contexts such as applying for various types of placements, are people's comment histories reviewed (including whatever amount of doxing is possible via server logs etc) to weed out "bad eggs"?

Cuz, I sure wouldn't hire anybody on here who is condoning or defending in any way cheating in school, even in the most oblique way.

Balgair 5 days ago 0 replies      
"Follow the money."

Yes, ethics and all that long interpretative jazz. Give the author credit for taking one step forward, but the money was the motivator. It is the motivator for these kids and their folks to go to the author, for the author to do something unethical, and for the admissions committees to turn a blind eye. The incentives are just too strong here. Follow the money.

But why? Why are people spending perfectly good coins on this system? Why are they working long days and weekends to make their kids work long days and weekends at 16 years of age? Why did the author work for them? Why do the admissions do this work, make these easily faked essay requirements that they have to then read? Why? Where is the money going?

I don't have a prefect answer, but I do know that Hope and dreams, and all that gummy stuff is the reason. It's a 'get your's' mentality that extends to the family and the children. 'I don't care if my kid cheats, because it's my kid, not your's' Anyone with a semblance of brain will put 2 and 2 together and realize this cannot last. If everyone cheats, then you ruined the world you were trying to get you child into. You are your own worst enemy in this regard. You have no money to follow.

And, from reading a lot of the comments here, it seems we are about 30-50% of the way there. We can do the stats there on this tragedy of the commons, but a tipping point has been reached: You'd be a fool to be honest, and now even the biggest dupes know it. Follow the money.

So what then? The admissions departments know it, or will have to formally recognize it in about 5-7 years. Then the cat really is out of the bag. And what happens then? It's an arms race like any other. Those with the pockets that reach past the shoes are the only winners. We have see this before may times in history (the exam system of China is most instructive, whole villages had to produce the funds to take the tests, Villages!). And, bob's you uncle, we end up back where we were 200 years ago. Follow the money.

Ahh, but no. HNers know better. The internet disrupts everything. It not only levels the field, it makes it inverted. The recent hack of phones, systems and anyone's computer make that world of coin and cash impossible. Admissions committees, even 20 years ago, were saying that it was effectively chance at getting into Stanford. The next 30 sets of classes were just as good as the one they accepted, it was luck. There is no money to follow with luck.

So, again, the internet comes into play. We have 30 sets of Stanford students, young people with brains, smarts and access to at least enough capital to get through the tests. Yes, do your stats, but you still get more real smart kids than there are elite colleges to get into, thanks to the internet. Pretty soon, and we're talking under a century, these places get a bad rap, as the admissions just can't keep up and never will. The lesser, the newer, the smaller schools, hell even places that aren't real schools, they get going. The entire idea of an elite school gets to be passe. Why, because the selectivity and the cash just don't make sense to go there. Follow the money.

So, we get something that is very different than what we had before. The cash, the aristocracy, it means less. Because money means less. Because status means less, because who the hell cares you went to Harvard or Cal. It's chance getting there anyways. Why waste all the coin and those August Saturday nights of your youth? The money won't make sense there, because the status is eroded, because the internet tells us it's all a lotto anyways, because the admissions departments can't pretend anymore that it's not aristocracy, because the internet tells us, because the coin did make sense before we all knew better. Follow the money.

readme 5 days ago 0 replies      
Tons of rationalization for this behavior in the post and in the comments here.

There is one reason why this is wrong. When you participate in this kind of business, you are helping to perpetuate inequality in the world and making it less meritocratic, one essay at a time.

No need to expound on that I'm sure college educated minds capable of forging essays for profit will get my gist.

disjointrevelry 4 days ago 0 replies      
Ironically, by getting used to dole out work to others (subordinates) by paying them and expecting success is their basic managerial ethos, and one that even predominates modern Western management. This does properly prepare them in a way for management and 'modern' capitalist idealism. They have no feelings of condition to reciprocate any sacrifices of their 'employees' (in this case ghost writers) other than payment. Expecting any kind of reciprocation other than materialism and monetary in a purely capital transaction is a mistake that is common to those not accustomed to the exploitative condition of capital, economics, and enterprise.

It was interesting the author indicated the ethnicity of their background in the US. These Chinese masters of OP, who mentioned they were Korean-American where Koreans are looked down upon heavily by China and their adopted country the US, are already well aware that money alone is the primary and only necessary motivator in a capitalist economy and country.

The US' only interest in the Korean peninsula is to use it as a point of interaction with the Chinese. These Koreans are not only bootstrapped into being intermediary, but a 'bridge', which both the Chinese and Americans liberally walk all over. It is a bit of a shame the US allowed the victimization the Koreans suffered to be exploited shamelessly by both Americans and the Chinese. The hint of not finding respite, but only exploitation in their adopted land the US, is very telling of the Korean condition.

JulianMorrison 5 days ago 0 replies      
Exams are stupid. Qualifications are stupid. Jobs are stupid. Capitalism is stupid. We've turned pure learning into an exercise in grinding, to level up a meaningless stat.

This is the dirty trick of supposed meritocracy: if a whole lot of people have merit enough, then picking among them becomes an inflationary contest in irrelevances. Those people tricking their way past the grind are really doing nothing different than buying a pre-leveled WoW character, it isn't actually harder to play at the higher level, you just get more swag and bigger battles.

fndrplayer13 6 days ago 3 replies      
This story really irks me but honestly its not like cheating in developing countries like India and China is anything new.
damoncali 6 days ago 0 replies      
Anyone who has been to a high end business school will not be surprised by this in the slightest. Chinese (and others - lets not pick on the Chinese alone here) students who can't speak English, and yet were scoring 700+ on the GMAT are a dime a dozen. Everyone knows it, including the admissions departments - but they're under orders to increase the "international" percentage of the student body lest they get painted as "too waspy". It's a racket.
FlyingLawnmower 6 days ago 0 replies      
I for one agree with the top Facebook comment on the article that this piece would be an amazing college admission essay, at least if it wasn't about compromising ethics in college admissions...

If only this could actually be used...it definitely serves the purpose of an admission essay (namely, that the author is an excellent writer and clearly intelligent).

ohashi 5 days ago 1 reply      
It's almost certainly not just US schools too. I remember in grad school that some of the students (at least one Chinese sticks out in my mind) were absolutely not fluent English speakers. It was definitely a requirement for the program, but they couldn't manage a coherent sentence, let alone paragraph.

Sadly, Sweden is almost entirely group projects, so I think they just got carried through by colleagues despite not being qualified in the slightest. It was frustrating and sad. There were definitely some very smart Chinese people too who should have been there. But I feel bad for the people whose spot they took who might have actually been qualified.

blutoot 5 days ago 0 replies      
I wonder if US would attract more quality students for the undergrad programs from around the world if it adopted a blind standardized test approach like JEE in India. SAT/ACT aren't comparable to those tests. Anytime you involve something that is open to subjective interpretation like essays that don't need to be created "live", you will open up opportunities for workarounds like this one (i.e. hiring ghost writers). Or maybe tests + interviews is the best combination since interviews bring out character and at the end of the day that's what matters - character.
canadev 5 days ago 1 reply      
It's definitely an interesting read, but I don't know how true it rings to me.

> In one admissions cycle, I wrote over a hundred essays and earned enough money to pay my bills for the rest of the year, pay off my car loan, andas a treat for my hardworking handsreceive $150 Japanese manicures on a biweekly basis.


> At the end of every writing season, I always swear I will quit, but Im still broke with no idea about the shape of my future.

Either she's a great writer, and horrible at managing her finances, or she is lying. No?

Padding 5 days ago 0 replies      
> Of course, I didnt have time for moral quandaries. As my name became more popular, I found myself with more clients than I had time to help. I couldnt interview all of them, so I needed to find a way to produce essays faster. My solution: writing about my own intimate experiences.

This is an interesting bit. Why do that?

Standard economic theory would suggest increasing prices (and thus margins) as demand increases, rather than actually work more (and thus decrease margins).

dchichkov 6 days ago 0 replies      
I guess at some point these essays would simply be filtered out through author identification systems. If not already. Even if the accuracy of author identification is relatively low (80-85%?), just the thought that there is such a system in place should discourage students from cheating.

As to proof-reading and consultants, more power to them. Everyone should bounce their work at professionals in the area, before publishing it. It is a very good practice.

dools 6 days ago 1 reply      
She only charges $400?! That's crazy. What Ivy leagure candidate COULDN'T afford that? At those prices I'm surprised anyone writes their own letters.
sportanova 6 days ago 0 replies      
She should have charged way more! She showed how absurd the higher education industry is - that's worth way more than 1k / week
Paul12345534 5 days ago 0 replies      
One of my Filipino friends was doing this sort of work. She did it well and got paid well but she finally quit over ethical concerns. I would find it incredibly entertaining if customer records ever leaked ;) although there'd be no way to authenticate them.
hurtmyknee 6 days ago 0 replies      
To be blunt, this article makes me sick. An admission essay is one of many ingredients to the meal that makes a great candidate.

If all the other metrics are aligned, why does one need to hire a professional writer?

Gustomaximus 6 days ago 0 replies      
Given the openness of ghost writing and the ease of video communication there seems to be benefit in institutions moving this process to a one-to-one interview, or at least to a post essay interview.
aaronbrethorst 6 days ago 1 reply      
I appreciate the typo in the second paragraph. Gave me a good chuckle:

    factory tycoons daughters
as opposed to the plural possessive "tycoons' daughters"

spamizbad 6 days ago 1 reply      
What happens to these students when they enter their required writing composition/rhetoric classes? Do they just pay someone to do all of that work too?
lazyant 5 days ago 0 replies      
After a minimum objective criteria (grades etc), just make admissions random, all this gaming stuff is silly
Mz 6 days ago 3 replies      
So she now makes decent money but feels like she is selling her soul. That seems so common. And I find myself increasingly wondering if the world is really so screwed up that it is not possible to make it, financially, without feeling like a sell-out or if there is some other explanation for that phenomenon.

Surely, there are people in the world who are not destitute and who don't feel like they are selling their soul?

0003 6 days ago 4 replies      
Sidebar - for those who wrote admissions essays - do you remember what you wrote?
eruditely 6 days ago 0 replies      
This reminds me of what PG writes in a start up idea essay.

"Actually, startup ideas are not million dollar ideas, and here's an experiment you can try to prove it: just try to sell one. Nothing evolves faster than markets. The fact that there's no market for startup ideas suggests there's no demand. Which means, in the narrow sense of the word, that startup ideas are worthless."

So a decent heuristic to see if something is able to be gamified is to look for potential hidden black markets to see if it possible, then you see see how to invest your time. In this case it seems like it would be the best choice to hire someone on an opportunity cost basis.

cinquemb 6 days ago 0 replies      
I think dynamics like these are pretty interesting, reminds me of a convo with phd student I work with about taking classes he could care less about and I said pretty soon people will probably be using google glass or contacts that they can leverage during exams and a sign of it working will be when universities start trying to crack down on such behavior despite such things making students more efficient in a system that has seemed to focus on everything but what it sells itself as (at least idealized at its "best") all in all, just another symptom of another system moving to obsolescence.

"I dont know what I was expecting in return from the student. Would my client feel the pain of the story and then question the ethics of using another persons life as an admissions essay? Would she call me and thank me for cutting out a personal part of my heart for her? Later, I received a one-word email from her: Thanks. The message stung. I thought about the itchy Goodwill sweater and how much itchier it had felt as I cried after my classmate mocked me. I had given up a private piece of myself for the bargain price of $400. I logged off and shut down my laptop."

Also interesting to see how individuals seem to internalize the dynamics of the larger systems they operate within. What's more void: someone engaging in such a behavior as the author in this system or similar behavior in other systems, or any system that incentivizes such behavior through various mechanisms that people who (or would like to) consider themselves not destitute/sellout/whatever-flavor-of-the-day, live their lives by and submit themselves to? I posit neither or both

rokhayakebe 6 days ago 2 replies      
I am not sure why this is directed towards China. There are certainly more Americans paying Americans to write their essays every semester.

EDIT: Oh Fucking ??, guys what is up with the downvotes? This is just idiotic.If you disagree, voice it. It's ok, perhaps I am mistaken, enlighten me. But downvoting without giving a comment is like telling me I am wrong without giving me a direction."You wouldn't laugh at someone who was going the wrong direction if you could correct them, would you?"Lord!Now as far as the this article, paying for someone to write essays is not particular to China. I did this for some people. IN. THE. US. People do this for others in other countries. The article could have still held its value without the Chinese part. It sounds condescending.

foobarqux 6 days ago 1 reply      
Can anyone recommend admission consultants or give any advice about using them? I want to help a highschooler out.
263 points by smacktoward  4 days ago   59 comments top 11
kghose 4 days ago 3 replies      
I had Tibor Gergley's "Great Big Book of bed time stories". There is a story in it called "Make way for the thruway" by Caroline Emerson. It is about an old lady who refuses to vacate her house so that they can make a highway. It has a happy ending when sympathetic construction workers build the road around her house, and she becomes the famous old lady with the pretty house next to the highway.

My favorite quote:

"You'll be paid for your land," said Mike.

"Money isn't everything in this world," said the little old lady.

Aww, heck, you guys deserve the whole paragraph:

"You'll be paid for your land," said Mike.

"Money isn't everything in this world," said the little old lady. ...

Next day, the Big Boss drove to the old house. "I'm sorry, ma'am," he said, "this house must come down."

"Young man," said the little old lady, "I've lived in this house for seventy years. I watched those trees grow. I planted that rose bush. I'm not leaving."

"But the thruway must go through," said the Big Boss. "People want the quickest, shortest way these days."

"What's their hurry?" asked the little old lady.

The Big Boss shook his head. he didn't know.


(After the diversion has been built)

"Oh, look at the roses!" people cry as they drive by. They slow down a little to look.

"Hum," says the little old lady to her cat, "they're not in such a hurry, after all."

patio11 4 days ago 1 reply      
My father (commercial real estate developer) has great stories about persuading people to not be the holdout. The most common objection is that they're older and moving is a major hassle, and the most usual way for resolving it is paying way above "going rates" for the property.

Interestingly, property owners theoretically can collude against a developer by sharing knowledge that the last person to settle has the best chance of getting a great deal, but that very rarely happens. Instead, most rush to sell quickly. (For obvious reasons, commercial real estate developers very rarely decide "You know where I'm going to make a mall? On top of 25 families' dream homes!")

sjwright 4 days ago 3 replies      
A more recent photo of Edith Macefield's house:


Nice balloons. Won't quite lift the house up though.

simonw 4 days ago 0 replies      
VMG 4 days ago 4 replies      
I've said it before, the 99percentinvisible podcast should be right up the alley of the hacker news crowd.
kaji88 4 days ago 2 replies      
Stories like this sometimes just break my heart. When you are at a certain age, money just doesn't matter any longer.

Although the world can't just sit here and stop development and wait for people to move on. I am always so torn on how to feel about these types of situations.

evan_ 3 days ago 0 replies      
A flower shop that has long occupied a choice corner in my town recently made a unique deal with a developer wishing to build a large apartment building around it:


> Neal offered them a novel solution: He would design a building that included commercial space for a new Eugenes Flower Home and give the family a deed for that portion of the building.

bluthru 4 days ago 2 replies      
I think the house does a wonderful job of breaking up the monotony of the streetscape.
TeMPOraL 3 days ago 1 reply      
Forgive me for making a somewhat philosophical tangent.

It has been said that naming things is fundamental to our abstract thinking. The ability to not only group some concepts together, but to give a single label to this group that is further composable, enables us to do more complex, more advanced things with those concepts.

To present a very clear example:

> In China, (...) they call their holdout houses nail houses.

Finally I know what words to type into Google Images to find pictures of those.

empressplay 3 days ago 0 replies      
Looks like this restaurant on the corner of the Ballard Blocks was also a "holdout"...


boredinballard 4 days ago 1 reply      
I remember when this was all happening with Edith. She was pretty much the only person in Ballard that didn't sell when offered.
My year with a distraction-free iPhone
285 points by wallflower  6 days ago   181 comments top 54
Gracana 6 days ago 6 replies      
As someone who owns a dumb flip phone, it's funny to read someone's enthusiastic account of their life-changing experience of... living exactly the way I do.

But on the other hand, I get it. This sort of thing (facebook, hacker news, freaking imgur) sucks up so much of my time (albeit on the desktop), and for what? Occasional interesting tidbits, and frequent annoyance and frustration? Some of it is straight-up bad for me, no way around it, but the amusing little bits keep pulling me back. imgur is the worst one for me... the community is unmoderated and uncoordinated, it's a pile of least-common-denominator bs that's as bad as anything on reddit ever was, and yet the only way I've been able to break away from it is to block myself from viewing it.

SCdF 5 days ago 4 replies      
So I've gone the other way: everything that is distracting (fb, twitter, reddit, ideally HN but android apps suck for this) is on my phone.

Then, my computer is for work, and my phone is for being bored. That way (in theory) there is no reason to be logged into timesinks on my computer, so I can use it without distraction.

throwawayMGWC 5 days ago 1 reply      
(Posting using a throwaway as I changed my noprocrast settings in HN as mentioned in these comments and ironically blocked my account for the day!)

Somewhat related, I've come to a similar conclusion myself recently but via app fatigue instead. I've been running a Windows Phone for over a year now, and although I loved the OS, constant remarks regarding the app gap made me wonder if I was missing out on the full smartphone experience.

Thus I obtained a Samsung Galaxy and logged into my old Android account, eagerly anticipating all those exciting apps I'd soon have access to at my fingertips. Going thought the Play Store was a great experience - Instagram, SnapChat, Yo, etc. - I installed every hyped app like I was on a crazed shopping spree. This included apps that simply replicated a web experience, e.g. Amazon Shopping, Quora, and even Go Daddy (in case I ever wanted to check my domain renewal status while out and about!)

The first week or so was exciting, I was in thrall of all the things I could potentially do with my phone and how (by some unknown means) these apps would help me live my life. However as the weeks went on I found that even though I had all these apps, I simply didn't use them. I realised that just having the technology available isn't enough, you have to have a want and need for it.

From this experience I've recognised what I personally need from a smartphone. For me it's about a good camera, music player, calendar, and a way to directly and privately communicate with my friends and family. Add to this a few key apps, covering transport/maps, gym, ebooks, podcasts, etc., and I'm good to go.

I now have a Nokia Lumia on its way to me in the post. I won't have the latest hot apps, but that's okay. And when the next big app does come around, hopefully at some point it will come to my platform, and if not I'll happily just get on with my work.

Bahamut 5 days ago 0 replies      
I take a harder tract - I used to force myself stay away from my cellphone and put social interactions first. I also stay away from installing many apps intentionally. My phone is always on silent out of politeness - no call/email/etc. is important enough to mandate my attention if I am already preoccupied.

I think it's a good way to live. Your friends/acquaintances/etc. that you are with should be the most important people in your life at that moment. When at work, your work is your most important point of focus (unless it's your wife/kids/etc. - family or friends of great significance). It also is generally good to try to control addictions.

In a way, it's about controlling your life, and not letting the phone control you.

pocketstar 5 days ago 3 replies      
I have a now 4 year old iPhone 4. It is incredibly slow, crippled by ios 7.1, so slow that Facebook is useless and I only use safari when I really need to look up something. I call it my Comm, because that is what I use it for, communication. iMessages, Whatsapp, FB messenger, hangouts all work relatively well. My iPhone is essential distraction free because it is too slow to distract me, ill look up while waiting, talk to someone, even meditate while waiting for my iPhone to load.
fjk 6 days ago 3 replies      
In a similar vein, I almost always have my phone set to silent without vibrate. This small change has made a huge difference in my interaction with my phone. I reach for it less and just generally think about it less.

The downside is people are sometimes annoyed at me not reacting to calls/messages immediately. I should probably experiment with the iOS Do Not Disturb feature, but it hasn't been too big of an issue so I've put it on the back burner.

wmboy 5 days ago 0 replies      
A tip I got from Perry Marshall was to put productive apps on your home screen, and throw apps like Facebook, Instagram etc at the back of your phone.

For example, by only leaving apps like Kindle, Audible, or Bible on my home screen, I'm much more likely to do something productive when I'm looking to fill in a few minutes waiting somewhere, rather than checking Facebook which will be a waste of time.

pqs 5 days ago 0 replies      
My strategy is to disable notifications. Thus, I only open the apps when I choose to (WhatsApp, Twitter, etc.). Apps that are specially addictive belong to the second screen, in a folder (Twitter, etc.). This way I have much more control over my phone habits.
superasn 5 days ago 3 replies      
I think the biggest problem with the smartphone are the PUSH notifications. Disable them and your life becomes instantly better.

If deleting apps is a big leap for you then I think disabling all push notifications is the second best thing you can do.

craigds 6 days ago 1 reply      
I haven't gone as far as this guy, but I recently removed Facebook and Twitter from my Android phone and it's been a breath of fresh air.

I still use both apps via their websites when I've got my laptop out, but not having them in my pocket all the time is really freeing. You don't realise how much of a slave you are to these things until you force yourself to let them go. I waste a lot less time on my phone now. Wouldn't go back.

ashishbharthi 5 days ago 0 replies      
I have some eye complications like dry eyes and due to this my doctor advised me cut down use of smartphone as much as I can. My first thought was to just get a feature phone and dump smartphone altogether. But there are few things about smartphone that I can not really give up now.

1. Maps - maps come in very handy at times when you are stuck in some unknown area and want to find way home.2. Browser - to be able to check anything on the web is also very important to me.3. Access to online storage and email.

Basically I gave up all social media, all smartphone gaming and other unwanted apps and use smartphone for basic internet access device. I have cut down my smartphone usage from 3 hours a day to about half an hour a day.

lukethomas 5 days ago 1 reply      
Up until 6 months ago, I used a flip-phone because I didn't want the distractions that I noticed with friends (constantly checking Facebook, Twitter, etc.)

I finally gave in when I moved and would constantly get lost (I needed maps).

I really like this article, but I see opportunity in short digital breaks. The truth is that the majority of people won't delete infinity apps. They don't have the self-control to do it.

That's why I'm building an app (Android-only) to temporarily disable distracting apps.

You can check it out, I'd love feedback -> http://www.digitaldetoxapp.com

eyeareque 5 days ago 0 replies      
Today I went to lunch by myself and forgot my phone at home. It was very boring and I really didn't know what to do with myself. It made me realize how terribly addicted to my phone that I am.

I need a break for this always connected world.

blutoot 6 days ago 4 replies      
You know what would make my life really distraction-free? Ban Hacker News on every device I have access to for a prolonged period :)
BasDirks 5 days ago 1 reply      
"Over the last 12 months Ive learned to enjoy (or at least, be OK with) moments of boredom. I reach for my phone a lot less often. Its probably just my imagination, but it feels like its easier to concentrate when I need to get things done or tackle a big project.

Times on the bus when I wouldve checked email, I listen to music or just look around. I even started meditating on the bus (yes, really! And, uh please dont mug me) using an app called Calm."

Is this satire? Meditating using an app, the conquest of boredom, the gain in productivity/focus.

kareemm 5 days ago 4 replies      
Tried this, and one of the big difficulties is that I send email to my todo list manager to create todos ("pick up milk", "Email person about important_thing").

I don't want to give this up, but can't find an app that only sends email. So when I opened Mail to send a todo email, I'd see all the new emails that were begging to be read. I could create a new email account that I use for sending only, but that seems like a pain.

Anybody seen an iOS app that sends email, but doesn't check it?

computerjunkie 5 days ago 0 replies      
During my visit to South Africa and Zimbabwe, I realised that we take internet for granted In Europe and America. All my colleagues who work there generally have 3 to 4 (maximum) applications on their smartphone and they never constantly look at their phone all the time. Data is ridiculously expensive there and watching Youtube videos regularly is a non starter. Unlimited internet is pricy because its still new so everybody purchases bundles. Just using you smartphone there teaches if you really want to spend x amount of data on a short video clip.

It made me realise that I had to make a change. I depend on the internet/technology and I personally think that's scary. I'm gradually cutting out applications, I think the big shift from being connected to not being connected would just cause a relapse. Right now Twitter,Facebook, HN are not on my smartphone anymore and I feel much better already.

I have a lot more time now and its quite shocking how people are still productive these days with the insert next trending application coming out every week.

illicium 6 days ago 0 replies      
Or just turn off mobile data and Wi-Fi. Re-enable when you have time to kill for social media.
truebosko 5 days ago 0 replies      
This is cute. Anyways, I've adjusted my phone so it's less of a pest as well. Mostly in two ways:

1) Downloaded Silence for Android (https://play.google.com/store/apps/details?id=net.epsilonlab...). This let's me adjust triggers for putting the phone in silent mode. For the weekdays, I set it to be silent from 10pm until 6:30am.

2) At work, I silent my phone as well. No need to get Facebook notifications during thinking time.

This leaves my phone with a few hours each day to yell at me. The mornings, and the early evening (but I put my phone away for dinner anyways). It gives me a few moments each day to check notifications from services like Facebook, see Google Now reminders, and that's about it. When friends need to contact me, they text, call, or chat me. If my phone is silent when they do, such is life.

corv 6 days ago 1 reply      
I think going so far as to disable Safari outright and deleting email accounts is too extreme but I definitely agree that most Apps are counterproductive.

It's important to moderate use of addictive services that provide a stream of instant gratification like facebook, twitter, reddit, 9gag, pinterest, etc. The first step is being conscious of excessive use.

digitalsurgeon 5 days ago 1 reply      
I used to work for a mobile company, I used to get new phone every other week, it drove me crazy... Now I carry no phone with me at all. But I don't go around telling people that I am better than them, because I have no phone or that I have a "distraction" free iPhone, an iPhone is still a hell of a distracting gadget.
bushido 6 days ago 0 replies      
I did something similar.

All I had to do was use a Blackberry 9900 as my primary phone.

I did not have to disable anything. I primarily use it for emails, calls and SMS. Those are also the only things that seem to work.

When travelling out of town I usually carry my backup devices as well(iPhone/Nexus)to find directions etc.

hmottestad 5 days ago 0 replies      
I have partially made my iphone more distraction free.

I have a script that runs at 5:30 pm and then at 6 am that disables email and enables email again in the morning before work.

The script uses phantomjs to log into my webmail and change my password, then changes it back again to enable email.

maximilianburke 5 days ago 1 reply      
I was away at a friends cabin about a month ago. Sitting on a lawn chair on their dock I shifted and my Nexus 4 fell out of my pocket, bounced off the dock, and into the lake.

When I got back home I popped the SIM card into my old iPhone 3GS and have been experiencing a similar smartphone underload. I updated the apps I needed to, mostly 2-factor software tokens for VPN and my Google account, and realized that I wasn't missing much of my Nexus 4.

I did try to save the phone with a couple handfuls of dessicant packets but it never successfully got past the bootloader screen. But that's fine with me, I am in no hurry to replace it.

yason 5 days ago 0 replies      
I have a feature phone that comes with a crappy enough Java ME based Google Maps that is just enough to save me from trouble when I really do need directions yet none of the things on the phone is something I could just play with.

Thus, I just use it for calls and texting, and for Google Maps if really needed. I need to charge it once a week and for all I care it just works.

My employer provides me with a smartphone as a work benefit but I mostly use it as a small tablet for reading stuff in bed. The battery is often out of juice, too.

r_singh 5 days ago 0 replies      
What information consumes is rather obvious: it consumes the attention of its recipients. Hence a wealth of information creates a poverty of attention.

-- by social scientist, Herbert A. Simon.

Keeping our phone distraction free will definitely make us attention rich and free us from the information pollution that we're getting used to. If not a distraction free smartphone, we should probably make better decisions about what information we choose to spend our attention on.

nicholassmith 5 days ago 0 replies      
I had my iPad replaced recently, had some issues restoring it as my backup state was inconsistent and ended up going for a full 'clean' device. It was interesting, for the first 4 weeks I had barely any apps on there outside of Kindle, Instapaper and Tweetbot. I used it about the same amount of time, but generally I'd focus on one thing for longer periods of time. I'm tempted to go down that route when I get a new iPhone this month, sounds like it's worked well for other people.
eyeareque 5 days ago 0 replies      
This world of having a computer in your pocket with an always on Internet connection is still new to us, even 5 years in. I wonder what our culture will choose as an acceptable and healthy way to deal with this new world. As it stands now people are way too hooked to theirs phones, and cannot even concentrate without them.

I don't Facebook, Instagram, twitter, or any of that nonsense, but I'm still hooked to my phone and need a break. I might give this a shot.

rdl 6 days ago 0 replies      
I'm usually at my desk at home or the office, or in bed, or some other place with a real computer, or doing something I actually want to be doing, or driving. In none of those situations do I want my phone.

In the remaining cases of "waiting for something but not equipped with a full sized computer", I'm quite happy to use the phone.

The greater problem is "spending time doing less-productive stuff on the Internet" -- I just prefer doing so with a real computer.

pseudonym 5 days ago 0 replies      
Seems oddly backwards to me, but I'm sure I'm not the only one. If I've bought and am paying for a phone that costs a significant fraction of my computer, it seems like a waste not to use it for that purpose. You can make the argument that disconnecting to a point, or for a period of time, is a good thing, but intentionally crippling your hardware because you can't resist the temptation of having it there seems like it would be better solved by forming better habits in the first place.

It just seems like it would be on par with buying a brand new computer to get your writing done, then installing DOS because the web browser was just too alluring.

All that said, I ended up taking this to the opposite extreme: I've set up my phone to be cross-linked into as many work-related systems as possible, so that I can take better advantage of those little "in-between" moments during my work days. Build's compiling? Get an alert when it's done. Waiting for a coworker to get out of a meeting? Get an alert when they ping your name in IRC/Skype/GChat. Not having to sit in front of my computer waiting for asynchronous blockers to resolve means I can retreat to the porch, or the living room, or the park up the street, without having to worry about coming back to find something's on fire. Additional apps allow for limited on-the-go debugging, interfacing with systems and the like, so that I can continue being away from my computer if the situation isn't severe enough to require my actual physical presence at a keyboard and larger screen.

bx_ 5 days ago 0 replies      
I've done the same thing with my Android but I didn't consider it all that revolutionary. I just like a clean looking phone. Using Atom Launcher I can adjust the 'dock' (around the launcher icon) to slide left and right rather than the home pages. It's a much less distracting experience.

Screenshot: http://jmp.sh/JZIZ12q

gnu8 5 days ago 2 replies      
Bloggings like these come up semi-regularly, and I sometimes wonder if they're just designed to troll people into deleting all the apps from their phone.
iLoch 5 days ago 0 replies      
I wanted to try a similar experiment, but more extreme in that I'd get rid of my iPhone in favour of a pager. I decided this was probably too much of a hassle and would cause me more problems than it solved. (I use my phone to gain access to accounts on my computer, etc. using two factor authentication so quitting smart phones cold turkey isn't really an option for me after all.)
lowglow 5 days ago 0 replies      
I actually killed all data and voice on my phone. It's the cool thing to do if you're looking to create something drastically new in the world.


iuguy 5 days ago 1 reply      
Does anyone find it odd that the author talks about distraction free, removing things and then uses an iOS app to meditate on the bus?
simplexion 5 days ago 1 reply      
I'm going to only allow the use of notepad on my PC. I will have all the productivity. Wait... typewriter.
quadrangle 5 days ago 0 replies      
Just go with OmniROM (Android community build) and don't install the Google Apps. BAM. Useful phone, as free as reasonable doable, useful stuff from F-Droid, but no ginormous bunch of every latest gizmo and you get more freedom and privacy.
gurkendoktor 5 days ago 1 reply      
I wonder if people keep a gazillion time sinks on their home screens is that they've paid $500 to be part of the smartphone club, and reducing its "use" would cause buyer's regret. I think I am somewhat guilty of that on my iPad.
Nib 5 days ago 0 replies      
I'm doing this thing...

So, this was the last post I made on HN using my iPhone...

dlevine 5 days ago 0 replies      
I removed Safari and Email from my iPhone a while ago. It's great - I find that I usually just use them as time wasters.

I actually had a flip phone before that, but I prefer the iPhone with distractions disabled.

ommunist 5 days ago 2 replies      
The guy just bought the wrong phone. Nokia 1100 could save him a lot of money and bring a life changing experience - the monochrome screen! I kid you not. And it has superior battery life.
thomasfoster96 5 days ago 0 replies      
I probably should do this. I keep on coming up with strategies for deciding which apps to keep on my phone and which I should delete, but I can't ever stick to one.
mongemalo 5 days ago 0 replies      
I love minimalism, but I see having self-control as a better option than spending 500$ in a device you are not going to allow yourself to use.
vpj 5 days ago 0 replies      
I dropped and broke my nexus 4. Now with a small dumb phone, a notebook and a mechanical pencil. Feels kind of good that the phone broke.
aneeskA 5 days ago 1 reply      
I have a brilliant (!) suggestion - don't bother uninstalling anything. Just don't enable data or wifi in the phone!
konole 5 days ago 1 reply      
I know it's a bit off-topic but has anyone got a link to this wallpaper? It's just beautiful.
jackbauer 5 days ago 0 replies      
after my samsung galaxy S3 died (DOA) I reverted to an old sony ericsson W810i. Back to when a phone was just a phone. I am absolutely loving it. My next phone will probably be an iPhone 5s, but seriously, having a phone that is just a phone is so great.
deft 5 days ago 1 reply      
Why doesn't this guy (or anyone else like him) get a non-smartphone. I have a BlackBerry10 device and rarely use apps. Partly because the platform was missing many big name apps, but mostly because I don't want or need such things. I really don't understand why this guy has an iPhone.
iffyuva 5 days ago 0 replies      
i dont have an iphone, but have an andriod one. i generally turn off internet. so, i can't browse, and i can't install new apps. i mostly use it for attending calls.
khitchdee 5 days ago 0 replies      
The gold standard for smartphones for battery life is all day use -- people use them for that long. For something that you carry that's way too much.
EGreg 5 days ago 0 replies      
We are doing our small part to help.

I sometimes post about my company working on the next big "social platform". And we are trying to do things RIGHT - open source, fully distributed (while respecting CAP theorem), people own their own data, etc.

So when it comes to notifications, like in every other area we want to encourage the apps to use "best practices" and only notify people of what they really WOULD want to know about. That means turning down the "slot machine" factor and handing over control over notifications to the people. To do this, we needed to design a standard, expressive interface and "language" that people could use in any app across the platform to quickly indicate what they want.

And here's an overview of how it works withte rest of the system:

Every piece of data in Q (http://platform.qbix.com) is typically stored in a Stream. Which means things like access control (privacy), real time updates (like chat), offline notifications (delivered to any endpoints), etc. are all implemented by the system and available to the app for free.

The user can fine tune notifications settings for any stream or type of stream, and each app can provide Rules with configurable settings and thresholds. For example, a "Groups/activity" published by a user who is in my contacts under a "Friends" or "Family" label and matching my interests would accumulate enough weight to bust through my notification threshhold for sending me an in-app notification, or an email, or an sms. At certain hours of night, my notificaion threshold goes up. When I get into my car, and start moving fast, my notification threshhold goes up until I get out of the car, so only the most urgent things distract me.

And that red badge on the icon? It should earn your trust, like all interface elements it represents a relationship and shouldn't cry wolf. It should NOT show the number of messages waiting for you, but rather show the number of streams with "important" messages posted since you last checked that stream on ANY device.

In short - there are lots of things to solve but they only have to be solved once. That's what we have been working on for over 3 years.

warriar 5 days ago 0 replies      
I would have commented on this but I made my iPad distration free and now its only good for serving coffe anymore! So I am not really using it right now for reading this blogpost and I am not really commenting on this right now, sorry :(
uokyas 5 days ago 0 replies      
What? this is forth in hacker news, that is the most over rated accomplishment i ever heard.

So you bought an iPhone instead of the old ones, to have the additional features that it provides, and then you don't use it, and call it an accomplishment. That is non sense.

Schwolop 5 days ago 0 replies      
The original article from a year ago: https://medium.com/@jakek/the-distraction-free-iphone-or-why... to be perfectly honest, there's not much there that isn't in the one-year-later recap
Introducing split diffs
277 points by dctrwatson  3 days ago   51 comments top 23
peter_l_downs 3 days ago 2 replies      
"Split diff" is absolutely essential to performing code review; after having used it in Phabricator [0] I was severely disappointed whenever I had to use Github's vertical view. Great to see Github finally play catchup, congrats to the team that shipped it.

[0]: http://phabricator.org/

epidemian 2 days ago 1 reply      
While this is a very welcomed change, i feel the split diff view could do a much better job on some cases.

For instance, this is how GitHub renders a commit that adds a wrapper HTML element (and indents all its contents) and changes a class name: http://i.imgur.com/4Lcozgz.png. Not so good. Contrast that with how IDEA renders the same diff: http://i.imgur.com/RGf8psr.png. It makes it obvious where the wrapper tags where added, and which class name changed (which is completely lost within the green glob of the GH diff).

Now, the whitespace-agnostic view on GH (adding ?w=0 to the diff URL) is much better: http://i.imgur.com/AKNn1fW.png. It looks very similar to the IDEA version: http://i.imgur.com/NpDsYBB.png. I wish GH remembered the ?w=0 preference just as it remembers to use the split diff.

codemac 3 days ago 2 replies      
I almost sent an email at work in all caps rejoicing this. Redid the casing, then sent it. Very pleased to see this.

I had implemented my own git fetch pr -> emacs ediff -> commints in org file -> add comments to github flow due to how horrible the unified view was for long/large code reviews.

If they can unfuck the "so-and-so has commented on an old commit" thing hiding valuable conversation, we start to get into a real code review tool.

bch 3 days ago 0 replies      
As a fossil[1] user, this is something[2] I've been enjoying for some time. Nice indeed.

[1] http://www.fossil-scm.org/index.html/doc/tip/www/index.wiki

[2] http://www.fossil-scm.org/index.html/info/214b1d0a37487c94d0...

thathonkey 3 days ago 1 reply      
Bitbucket has had a(n honestly better) version of this functionality for a while. One of the few areas where they beat Github.

As for which is better... depends. That's why it's good to have both on a toggle like so.

rcthompson 3 days ago 0 replies      
I like that the example screenshot is apparently showing the pull request that adds the feature.
twodayslate 3 days ago 2 replies      
Finally. Took them long enough. The unified view was always confusing.
peterjmag 3 days ago 0 replies      
Great comment in the example:

    # Everything here is terrible

BrandonM 2 days ago 1 reply      
I would prefer this feature on a file-by-file basis. I usually prefer the unified diff, but for some changes, the diff is so bad that it becomes useless; that's where I would use a split diff.

Another diff-related improvement I'd love to see is useful whitespace removal. I know you can do it with a URL flag (`&w=1`), but then you can't make comments, meaning you have to switch back and forth to use it.

asnyder 3 days ago 0 replies      
Great stuff. If anyone's looking for a side by side diff paste bin, there's http://www.diffpaste.com/#/Diff/, works pretty well and lets you edit, iterate, and compare with previous versions.
joejohnson 3 days ago 1 reply      
When viewing diffs in split view, they should remove the +/- indicators for additions/removals. The red/green highlight is enough.

(And for obj-c developers, it's annoying to see lines begin with `++ (void)...` or similar.)

shuzchen 3 days ago 0 replies      
Bitbucket has had this for a long time time now (years I think). I've been waiting for (and complaining about lack of) side-by-side diffs on github for some time now.
jtheory 3 days ago 0 replies      
That's great -- split diffs are a much more intuitive way to review most kinds of changes.

The next step will be to have smart split scrolling, so you don't have to leave gaping holes on one side or the other to accommodate additions/removals of large chunks of code (all the not-really-there blank lines can make it harder to grasp the flow).

pimlottc 3 days ago 0 replies      
When I read "split diffs" I think about splitting up a diff into different two or more diffs (like in "git add -p"). "Side by side" or perhaps "parallel" view would be more descriptive here. Still, a very useful and overdue feature.
pferde 2 days ago 1 reply      
All that's needed is an easily reachable way to fetch raw diff. You can then view it locally in any way you want. (Maybe github already does this, I don't really use the site.)
stefan_kendall3 3 days ago 0 replies      
Dear god finally.
swehner 3 days ago 0 replies      
On a local copy, with bash, use vim <( git diff )then :sp (split)
mrmondo 2 days ago 0 replies      
I can't believe Github hasn't had this until now. Gitlab by comparison has had split diff view for a long time.
msoad 3 days ago 0 replies      
This is great!

There is a small issue. When I resize my browser I get an unnecessary horizontal scroll bar. Im in latest stable Chrome on Mac

jefftchan 3 days ago 2 replies      
The page width awkwardly jumps when toggling between unified and split diff. Is this a glitch, or intentional?
jmorphy88 3 days ago 0 replies      
All we need is comments on ?w=1 mode, and Github will be truly complete.
wildpeaks 3 days ago 0 replies      
Awesome, that's definitely a feature I was hoping for :)
coherentpony 2 days ago 0 replies      
My screen is wider than it is tall. This is perfect.
Zeroing buffers is insufficient
250 points by MartinodF  18 hours ago   115 comments top 24
pslam 5 hours ago 1 reply      
Part 2 is correct in that trying to zero memory to "cover your tracks" is an indication that You're Doing It Wrong, but I disagree that this is a language issue.

Even if you hand-wrote some assembly, carefully managing where data is stored, wiping registers after use, you still end up information leakage. Typically the CPU cache hierarchy is going to end up with some copies of keys and plaintext. You know that? OK, then did you know that typically a "cache invalidate" operation doesn't actually zero its data SRAMs, and just resets the tag SRAMs? There are instructions on most platforms to read these back (if you're at the right privilege level). Timing attacks are also possible unless you hand-wrote that assembly knowing exactly which platform it's going to run on. Intel et al have a habit of making things like multiply-add have a "fast path" depending on the input values, so you end up leaking the magnitude of inputs.

Leaving aside timing attacks (which are just an algorithm and instruction selection problem), the right solution is isolation. Often people go for physical isolation: hardware security modules (HSMs). A much less expensive solution is sandboxing: stick these functions in their own process, with a thin channel of communication. If you want to blow away all its state, then wipe every page that was allocated to it.

Trying to tackle this without platform support is futile. Even if you have language support. I've always frowned at attempts to make userland crypto libraries "cover their tracks" because it's an attempt to protect a process from itself. That engineering effort would have been better spent making some actual, hardware supported separation, such as process isolation.

willvarfar 16 hours ago 3 replies      
Excellent point! I really hope such a sensible suggestion is added to mainstream compilers asap and blessed in future standards.

Apologies to everyone suffering Mill fatigue, but we've tried to address this not at a language level but a machine level.

As mitigation, we have a stack whose rubble you cannot browse, and no ... No registers!

But the real strong security comes from the Mill's strong memory protection.

It is cheap and easy to create isolated protection silos - we call them "turfs" - so you can tightly control the access between components. E.g. you can cheaply handle encryption in a turf that has the secrets it needs, whilst handling each client in a dedicated sandbox turf of its own that can only ask the encryption turf to encrypt/decrypt buffers, not access any of that turf's secrets.

More in this talk http://millcomputing.com/docs/security/ and others on same site.

AlyssaRowan 17 hours ago 4 replies      
It's becoming gradually more tempting to write a crypto library in assembly language, because at least then, it says exactly what it's doing.

Alas, microcode, and unreadability, and the difficulty of going from a provably correct kind of implementation all the way down to bare metal by hand.

The proposed compiler extension, however, makes sense to me. Let's get it added to LLVM & GCC?

cesarb 14 hours ago 0 replies      
For AESNI, you probably are already using some sort of assembly to call the instructions. In the same assembly, you could wipe the key and plaintext as the last step.

For the stack, if you can guess how large the function's stack allocation can be (shouldn't be too hard for most functions), you could after returning from it call a separate assembly function which allocates a larger stack frame and wipes it (don't forget about the redzone too!). IIRC, openssl tries to do that, using an horrible-looking piece of voodoo code.

For the registers, the same stack-wiping function could also zero all the ones the ABI says a called function can overwrite. The others, if used at all by the cryptographic function, have already been restored before returning to the caller.

Yes, it's not completely portable due to the tiny amount of assembly; but the usefulness of portable code comes not from it being 100% portable, but from reducing the amount of machine- and compiler-specific code to a minimum. Write one stack- and register-wipe function in assembly, one "memset and I mean it" function using either inline assembly or a separate assembly file, and the rest of your code doesn't have to change at all when porting to a new system.

kabdib 15 hours ago 2 replies      
I don't think this can be a language feature. It's more a platform thing: Why is keeping key material around on a stack or in extra CPU registers a security risk? It's because someone has access to the hardware you're running on. (Note that the plain-text is just as leaky as the key material. Yike!)

So stop doing that. Have a low-level system service (e.g., a hypervisor with well-defined isolation) do your crypto operations. Physically isolate the machines that need to do this, and carefully control their communication to other machines (PCI requires this for credit card processing, btw). Do end-to-end encryption of things like card numbers, at the point of entry by the user, and use short lifetime keys in environments you don't control very well.

The problem is much, much wider than a compiler extension.

dmm 16 hours ago 0 replies      
Remember this the next time someone says "C is basically portable assembler." It's not precisely because you can do many things in assembly that you can't directly do in c such as directly manipulate the stack and absolutely control storage locations.
ggchappell 8 hours ago 3 replies      
This article makes a good point, but I think the problem is even worse than he describes.

Computer programs of all kinds are being executed on top of increasingly complicated abstractions. E.g., once upon a time, memory was memory; today it is an abstraction. The proposed attribute seems workable if you compile and execute a C program in the "normal" way. But what if, say, you compile C into asm.js?

Saying, "So don't do that" doesn't cut it. In not too many years I might compile my OS and run the result on some cloud instance sitting on top of who-knows-what abstraction written in who-knows-what language. Then someone downloads a carefully constructed security-related program and runs it on that OS. And this proposed ironclad security attribute becomes meaningless.

So I'm thinking we need to do better. But I don't know how that might happen.

pbsd 13 hours ago 2 replies      
> For encryption operations these aren't catastrophic things to leak the final block of output is ciphertext, and the final AES round key, while theoretically dangerous, is not enough on its own to permit an attack on AES

This is incorrect. The AES key schedule is bijective, which makes recovering the last round key as dangerous as recovering the first.

nly 15 hours ago 1 reply      
Anything sent over HTTP(S), such as your credit card numbers and passwords, likely already passes through generic HTTP processing code which doesn't securely erase anything (for sure if you're using separate SSL termination). Anything processed in an interpreted or memory safe language puts secure erasure outside of your reach entirely.

Afaict there's no generic solution to these problems. 99.9% of what these code paths handle is just non-sensitive, so applying some kind of "secure tag" to them is just unworkable, and they're easily used without knowing it... it only takes one ancillary library to touch your data.

anon4 8 hours ago 2 replies      
If I have enough control to the point where I can read your memory in some way, I can just use ptrace. Heck, I could attach a debugger. It seems ludicrous to want that level of protection out of a normal program running on Mac/Win/Linux.

Now, if your decryption hardware was an actual separate box, where the user inserts their keys via some mechanism and you can't run any software on it, but simply say "please decrypt this data with key X", then we'd be on to something. It could be just a small SoC which plugs into your USB port.

Or you could have a special crypto machine kept completely unconnected to anything, in a Faraday cage. You take the encrypted data, you enter your key in the machine, you enter the data and you copy the decrypted data back. No chance of keys leaking in any way.

Chiba-City 15 hours ago 2 replies      
Please, assembly is OK. It's not even magic or special wizardry. My dad programmed and maintained insurance industry applications in assembly side by side with many other normal office workers for decades. Assembly is OK.
delinka 15 hours ago 1 reply      
Why are there no suggestions to change processors accordingly? Intel should be considering changing the behavior of its encryption instructions to clear state when an operation is complete or at the request of software. Come to think of it, every CPU designer should be considering an instruction to clear the specified state (register set A, register set B) when requested by software. Then, the compiler can effectively support SECURE attributed variables, functions, or parameters without needing to stuff the pipleline with some kind of sanitizing code.
Someone 16 hours ago 3 replies      
"As with "anonymous" temporary space allocated on the stack, there is no way to sanitize the complete CPU register set from within portable C code"

I don't know enough of modern hardware, but on CPUs with register renaming, is that even possible from assembly?

I am thinking of the case where the CPU, instead of clearing register X in process P, renames another register to X and clears it.

After that, program Q might get back the old value of register X in program P by XOR-ing another register with some value (or just by reading it, but that might be a different case (I know little of hardware specifics)), if the CPU decide to reuse the bits used to store the value of register X in P.

Even if that isn't the case, clearing registers still is fairly difficult in multi-core systems. A thread might move between CPUs between the time it writes X and the time it clears it. That is less risky, as the context switch will overwrite most state, but, for example, floating point register state may not be restored if a process hasn't used floating point instructions yet.

erik123 16 hours ago 1 reply      
It very much looks like a situation in which the system has already been compromised and is running malicious programs that it shouldn't. These malicious programs could still face the hurdle of being held at bay by the permission system that prevents them from reading your key file.

However, they could indeed be able to circumvent the permission system by figuring out what sensitive data your program left behind in uninitialized memory and in CPU registers.

Not leaving traces behind then becomes a serious issue. Could the kernel be tasked with clearing registers and clearing re-assigned memory before giving these resources to another program? The kernel knows exactly when he is doing that, no?

It would be a better solution than trying to fix all possible compilers and scripting engines in use. Fixing these tools smells like picking the wrong level to solve this problem ...

gioele 16 hours ago 1 reply      
WRT the AESNI leaking information in the XMM registers, wouldn't starting a fake AES decryption solve the problem?

Also, wouldn't a wrapper function that performs the AES decryption and then manually zeroes the registers be a good enough work around?

lnanek2 12 hours ago 2 replies      
Doesn't actually seem true. OK, running the decrypt leaves the key and data in SSE registers that are rarely used where it might be looked up later by attackers. There isn't any portable way to explicitly clear the registers. Then why not just run the decrypt again with nonsense inputs when you are done to leave junk in there instead? Yes, inefficient, but a clear counter example. You could then work on just doing enough of the nonsense step to overwrite the registers.
ge0rg 13 hours ago 1 reply      
Even if the proposed feature is added to C and implemented, there is still the (practical) problem of OS-level task switching: when your process is interrupted by the scheduler, its registers are dumped into memory, from where they might even go into swap space.

It would be consequential (but utterly impractical) to add another C-level primitive to prevent OS-level task suspension during critical code paths. Good luck getting that into a kernel without opening a huge DoS surface :)

Demiurge 14 hours ago 3 replies      
Every time I read one of these posts about a clever "attack vector", how something can be gleaned from this special register, or a timing attack, somesuch, I remember about a theory that the sound of a dinosaurs scream can be extracted from the waves impact made on a rocks crystal structure.

I googled pretty hard for real life example uses of a timing attack, and now using of stale data on the register, but couldn't find anything. Does anyone know of examples of this actually being done?

zvrba 14 hours ago 0 replies      
Posts like this make me just more convinced about that C combines the worst of "portability" and "assembly" into "portable assembly".
ausjke 9 hours ago 0 replies      
There are some chips providing zeroizing a small region of device memory when needed and it's specially designed to hold encryption keys etc. It's also done by hardware.
cousin_it 16 hours ago 4 replies      
I don't completely understand the C spec. Would the following approach work for zeroing a buffer?

1) Zero the buffer.

2) Check that the buffer is completely zeroed.

3) If you found any non-zeros in the buffer, return an error.

Is the compiler still allowed to optimize away the zeroing in this case?

rsync 11 hours ago 1 reply      
Would running your file system read only and optimizing the system for fast bootup be a workaround ? If so you could zero successfully by rebooting...
cheez 15 hours ago 1 reply      
The suggestion has the right idea, but the wrong implementation. The developer should be able to mark certain data as "secure" so the security of the data travels along the type system.

Botan, for example, has something called a "SecureVector" which I have never actually verified as being secure, but it's the same idea.

higherpurpose 15 hours ago 1 reply      
> It is impossible to safely implement any cryptosystem providing forward secrecy in C

What about Rust?

Our Use of Little Words Can, Uh, Reveal Hidden Interests
252 points by nosecreek  5 days ago   66 comments top 12
Udo 4 days ago 2 replies      
There are severe misconceptions in this hypothesis, or at least in the examples that are being presented.

When you are introducing yourself, you have to refer to yourself explicitly. You are trying to convey information about who you are and what your background is. That's not a sign of low status, it's a necessity to transport essential context. If you try to leave that information out, or if you just omit the pronoun, your introduction will inevitably sound broken or unfriendly.

I'm guessing the reason why this is being conflated with low status by the professor is simple: if you're high-status, other people initiate contact a lot more often than you do. And when they initiate contact, they need an introduction, whereas you are already known to them.

At a fundamental level, this hypothesis as it's being described muddles correlations and causes.

Secondly, I'd like to point out that clearly marking certain points as opinion does not come from a perspective of inferiority or uncertainty. Especially in a setting where discussion is warranted, such as here on HN, it's an appropriate signal.

When I refer to myself and my perspective, I'm not asking you to disregard my point of view, I'm inviting you to see things from where I'm standing, and I'm also inviting you to present other perspectives without either of us being pressured to lead with assertions like "WRONG! Here's how it really is: [text]". Instead, you are afforded the option to respond with "My experience has been different. Here's why: [text]".

bnegreve 5 days ago 4 replies      
> We use "I" more when we talk to someone with power because we're more self-conscious.

Isn't it simply because you need to introduce yourself and provide a bit of context when you write an unsolicited email? That seems to be a reasonable explanation for the two examples from the post...

analog31 5 days ago 4 replies      
>>> What you find is completely different from what most people would think. The person with the higher status uses the word "I" less.

Here's a hypothesis. The higher status person has learned to express their thoughts in a way that makes them seem more objective and authoritarian -- and less susceptible to negotiation or debate. The implicit assumption is that your words convey opinions, but their words convey facts.

anigbrowl 5 days ago 2 replies      
In fact, says Pennebaker, even in our native language, these function words are basically invisible to us. "You can't hear them," Pennebaker says. "Humans just aren't able to do it."

There's an entire class of people who make a profession out of being able to do that reliably. They're called actors, and they're not the only people who are good at this. This sort of hyperbole in discussions of science may engage some readers but probably alienates at least as many more.

An earlier version of this story ran on NPR in 2012.

Wow - just 3 or 4 new sentences tacked onto the end. I wish they had put this warning at the beginning of the article rather than the end.

chippy 5 days ago 0 replies      
Anyone have a working free link to academic article this is based on?

The sagepub.com registration is non functional for me... it probably only works in IE...

Edits - Here it is for you lucky Athens users: http://jls.sagepub.com/content/33/3/328.full.pdf+html

aaron-lebo 5 days ago 2 replies      
The author says that you can't intentionally modify your language to change who you are, but there's not much depth to that section.

I can't help but to wonder if you really can "fake it until you make it". If you force yourself to write in a more "powerful" manner, could that not cause people to perceive you as such and therefore boost your confidence to where you really are that person?

thedevopsguy 4 days ago 0 replies      
There is some confusion around the article and it may be because of the way it is written. but here's a brief summary. Hope this helps to clarify:

* The theory/hypothesis is not saying avoid pronouns.

* It's about relative frequencies not absolute.

* The pronoun frequency is looked at in different scenarios:

   1. between two people who don't know each other    2. between two people who do know each other    3. pronoun frequencies of an individual in a diary, blog over a period of time.
* The frequency of pronouns in spoken or written language is an unconscious activity. It's something that is hard to fake, unlike body language.

* The words being compared/counted are primarily social identifiers vs determiners and articles.

mnarayan01 5 days ago 3 replies      
I'm not a fan of the examples as both have the "lower status" person initiating the conversation. This further makes me wonder if looking at this in terms of word-level usage is going to miss the true causation sources. Consider "I think this article has problems" versus "This article has problems". The former seems (to me) to be much less confrontational than the latter, but I don't think that's really a function of the appearance of the word "I".

Going back to the examples, maybe the usage of personal pronouns is not directly related to the status of the email participants, but instead, is based upon who initiated the email. If the person with lower status is more likely to initiate the email (seems plausible, particularly in academia), then you might see the same results.

sanxiyn 5 days ago 1 reply      
I am curious about similar studies for non-English languages. Especially, whether being a http://en.wikipedia.org/wiki/Pro-drop_language changes anything (my guess is it should).
zuck9 5 days ago 0 replies      
Does it count in difference between native speakers and non-native speakers?
hnriot 5 days ago 0 replies      
I was thinking as I read this that someone should capture the essence in nltk.
blazespin 5 days ago 0 replies      
Yet another example of how actions speak louder than words.
       cached 7 September 2014 04:11:01 GMT