hacker news with inline top comments    .. more ..    19 Sep 2014 Best
home   ask   best   3 years ago   
I'm Leaving Mojang
1245 points by UnfalseDesign  3 days ago   412 comments top 68
krelian 3 days ago 9 replies      
This whole Minecraft thing has been very interesting to follow. I tried the game a few times and it's not really for me but everything around Notch's story is interesting (I bet their going to make a movie about this at some point). Not everyone can be an entrepreneur and I feel that in this case (on a different scale of course), we basically watched a plausible version of how Apple could have gotten started if there was only a Wozniak but no Jobs.

I'm sure there are many here that dream of having their idea be a huge success but aren't really interested in becoming the next Bill Gates or Zuckerberg. They just want to cash out so that they can have their financial freedom and then go out of the limelight and back to doing the same things they enjoy but without having to constantly worry about job security and putting food on the table. Notch achieved this in the most spectacular way possible and I think he handled it perfectly.

scottjad 3 days ago 13 replies      
The other day there was a post about some Doom map viewer Notch had written in Dart. One of the top comments said something along the lines of "This is why we all need to be rich, so we can work on stuff like this." I thought the comment was so sad because honestly, almost no one is going to benefit from a mostly broken Doom map viewer in Dart that's abandoned after a few days. Same with the numerous games he's started (often with no idea where he's going) and abandoned after a few hours/days. Don't get me wrong, I like watching his coding stream as much as the next person, but compare that to the millions of people who benefitted from the sustained and focused effort on Minecraft.

Notch says:

> If I ever accidentally make something that seems to gain traction, Ill probably abandon it immediately.

So sad. Imagine if Jobs/the PayPal guys/etc had taken this approach after their initial succcess.

Now I'm all for people being free to do what they want and only this guy owns his life and no one is entitled to have him work for them (hat tip Ayn Rand), and obviously this guy has had a bigger impact on the world than I have, but I tend to agree with Immanuel Kant (and Jesus) that we all have a duty to develop and use our talents in a way that benefits humanity and not just indulge ourselves in idle amusement once we're comfortable. And to be honest, this probably applies more to me than to Notch.

From "Grounding for the Metaphysics of Morals":

> A third finds in himself a talent which with the help of some culture might make him a useful man in many respects. But he finds himself in comfortable circumstances and prefers to indulge in pleasure rather than to take pains in enlarging and improving his happy natural capacities. He asks, however, whether his maxim of neglect of his natural gifts, besides agreeing with his inclination to indulgence, agrees also with what is called duty. He sees then that a system of nature could indeed subsist with such a universal law although men ... should let their talents rest and resolve to devote their lives merely to idleness, amusement, and propagation of their species- in a word, to enjoyment; but he cannot possibly will that this should be a universal law of nature, or be implanted in us as such by a natural instinct. For, as a rational being, he necessarily wills that his faculties be developed, since they serve him and have been given him, for all sorts of possible purposes.

jere 3 days ago 5 replies      
>As soon as this deal is finalized, I will leave Mojang and go back to doing Ludum Dares and small web experiments.

It has always amazed me how down to earth Notch is. Now, he's going to be a billionaire doing little game jams. It's hard to believe and quite awesome. It's like Bruce Wayne deciding to spend the rest of his life playing with legos.

jacquesm 3 days ago 5 replies      
> I dont see myself as a real game developer. I make games because its fun, and because I love games and I love to program, but I dont make games with the intention of them becoming huge hits, and I dont try to change the world.

I think that's the essence of being a real game developer.

It's sad that Notch feels this way, I think the majority of old school games guys and girls were just like that.

Since it's become a big business with huge studios and ridiculous budgets the market has been spoiled. But Notch/Mojang and team have shown that there is still a place for great indie games and bootstrappers.

And I actually believe him that this deal is not about the money. Projects like these can become albatrosses.

grellas 3 days ago 0 replies      
Why should someone self-immolate in the name of a cause to which he disclaims being a leader when he has a chance to sell his for-profit business on optimal terms with no strings and with an immediate ticket to full independence free of the headaches of having to bear entrepreneurial and ideological burdens that he felt himself unfit to carry?

The question answers itself. There is no earthly reason why he should have. None whatever.

Of course, the price of being a cult figure is many who follow you do not really care who you are but care a great deal about who they think you are. If you are a vital symbol for the cause, then all that you do must conform to the symbol or you become a betrayer, a hypocrite, or both. And that is unforgivable.

And so we arrive at the world of caricature where symbols rule the day, even at the expense of facts. Buck and kick all you want, there is no winning in that world once you fail to conform.

That, I think, is the point of this piece. In effect, it says: "You have made me larger than life. Well, I'm not. I am who I am and I love what I do. If you have made me out to be something more, I can't help that. I am just like the rest of you. No more and no less. If you want me to shape my life by what you think, you will be disappointed. I will shape my own life regardless of your expectations."

Who knows if this really is betrayal or hypocrisy? Usually the reality is much more complex than the caricatures make it out to be but no one really knows except those directly connected with the events.

As for me, I have no ideological axe to grind and can simply stand back and say, as many people likely feel, "that is one helluva ride for one so young to make."

petercooper 3 days ago 6 replies      
I think there are some interesting parallels with J K Rowling. If he releases anything now, it's big news (even Cliffhorse). He might have to start "writing" under a pseudonym just to get any sense of doing something fresh without intense public scrutiny.
chubot 3 days ago 3 replies      
This may be a weird reference, but what comes to mind is John Frusciante leaving Red Hot Chili Peppers at the height of their fame. He quit in the middle of the tour after Blood Sugar Sex Magik, after they became unexpectedly huge.

He just wanted to make music and play in small clubs. And he went back to playing guitar by himself and making solo albums. (Also heroin use, but that's a different story).

And he rejoined in '98 or so, had 3 huge hit records, and then left again a few years ago. He made a few more solo albums and experimented with electronic music.

Some people are not cut out for fame. The intrinsic joy of what they do is even more powerful than fame.

willvarfar 3 days ago 3 replies      
For the interested, Notch didn't enter the current Ludum Dare but thousands of mortal coders did, and they'd love you to go play their games!


chernevik 3 days ago 5 replies      
This is why we can't have nice things.

I don't know much about Minecraft or whatever issue Notch is referring to in his post. But I'm always struck by how quickly people snap to emotional argument and response, without thinking about the other side of the question, without thinking about how their response will be read or felt by others.

The first step in any dialogue is trying to understand why the other side has said or done what they have, and how that might seem reasonable and right to them. Without that, how do we have any hope of learning anything, or moving to any actual agreement? And yet 98% of what I read presumes that any disagreement must be ignorant, stupid or evil.

I understand many of the reasons why people talk this way, and yes, it's hard to avoid it. But we now have more communication amongst ourselves than at any other time in human history. Maybe it's time to start thinking hard about how each of us can communicate better.

Wouldn't it be great if we could get to a community where some idiosyncratic dude could write a monster hit without feeling himself battered for reasons he can't understand?

gamesurgeon 3 days ago 3 replies      
"Im not an entrepreneur. Im not a CEO. Im a nerdy computer programmer who likes to have opinions on Twitter...If I ever accidentally make something that seems to gain traction, Ill probably abandon it immediately."

I have the utmost respect for notch after reading that.

Nickoladze 3 days ago 3 replies      
Basically "I was successful once, it was awful".

Sometimes I wish he would have just stuck with Minecraft as the only developer and stayed away from the spotlight. Plenty of very popular game creators have done so (Icefrog, Toady One).

I really enjoyed the times back when Minecraft was just getting popular and you could tell Notch was adding features that he genuinely enjoyed (Redstone update, for instance). Then he started up a giant company and started assuming responsibility for things like server admins charging money, when he should have sat back and let people do what they want.

adriancooney 3 days ago 1 reply      
Wow, Notch is a pretty amazing guy. It's clear he just loves to make games. The post reminds me of Dong Nguyen/Flappy Bird situation. Let the man be.
tosh 3 days ago 0 replies      
Looking forward to more Dart programming streams.

I think more and more people should stream like Notch does. It is incredibly entertaining and educating to watch how people write code similar to how people play games.

A great learning opportunity. Different format compared to prepared talks and tutorials. I wish there was a list of people with programming streams that I can just tune in.

jokoon 3 days ago 4 replies      
He sounds depressed and frustrated. All I see is bad emotions in all that.

With all the money he has, he could at least try to share or expand his passion in some way.

It's true that he's lucky, you sense the modesty, that he doesn't want to be perceived as talented.

But even if that's true, he could at least try a little bit more. I mean he seems content with his work, but if I had such fame, at least I'd try to use it and approach game companies to negotiate deals, and share his vision of gaming.

Hasn't he ever tried to lead some team and get in touch with programmers he likes to do something ? Can't individuals like him hire a manager to do the job and project his vision into something ? I mean aren't there decent people able to know when there's potential, and solve the relational stuff ?

I mean you can't be modest like that all the time. at some point it's grumpiness, not modesty.

I wish there were businessmen able to notice those modest, hard working loners and just get small companies working with them. Not even companies, just small teams and projects. Some coaching. I wonder what's Carmack's story. I'd love to hear about the work stories of those guys, or maybe hear them talk about work politics. Of course they don't want to, because they might be made fun of, but meh.

ErikRogneby 3 days ago 1 reply      
This was the hardest line to read: "If I ever accidentally make something that seems to gain traction, Ill probably abandon it immediately."

I hope when he says "abandon" he means upload it on github with an MIT license.

Seriously though, what a horrible thing to be fearful of creating something that people might like.

joshfinnie 3 days ago 1 reply      
This is super sad. I never want to read the following from a programmer:

    As soon as this deal is finalized, I will leave Mojang and go back to doing Ludum Dares and small web experiments. If I ever accidentally make something that seems to gain traction, Ill probably abandon it immediately.
I feel for anyone who has felt such stress to want to kill anything that they are working on that gains traction...

corbinpage 3 days ago 1 reply      
Instead of pulling a Wozniak, why not pull a Sergey Brin?

Use the incredible resources you gained from your first success to finance all the cool side-projects you ever dreamed of?

Notch could start any web experiment he wanted, and when he got bored, pass it along to an army of coders to refine and finish.

80ProofPudding 3 days ago 0 replies      
Good for you, Notch. You made something awesome, got rich doing it, and stayed a mensch throughout.
JacobEdelman 3 days ago 0 replies      
Notch has done it. By leaving mojang he can no longer be blamed for any major disasters and has already achieved a place of honor in nerd communities. And now he does what every nerd dreams of doing but isn't sure they can do, leaving their company once it gets to big so they can just go and code. By specifically stating he doesn't want to be a huge symbol for the nerd community he has permanently affixed himself as one.
cmdrfred 3 days ago 1 reply      
I love ya notch, you inspired me. Games don't have to have a story, great graphics, or even a point. They have to be fun. After years of being a gamer, Minecraft is the only game I come back to.

I will buy anything you have for sale.

bilalhusain 3 days ago 5 replies      
Heartbreaking to read what we do to people.
blueskin_ 3 days ago 0 replies      
Site is massively overloaded.

Text: http://pastebin.com/GLuR7T9t

archive.today: https://archive.today/KKNNA

phlakaton 3 days ago 0 replies      
Something in a novel I just read last night comes back into my head: "I reflected bitterly that I had walked away from people I had known and cared about to avoid the very situation I was now in with comparative strangers. I wondered if there was any way to live amongst other people and refuse to be harnessed by their expectations and dependencies." (Robin Hobb)

If there's sadness I see in Notch's story, it's only that Notch appears to see and define his public persona in such a negative light. I wish he could see his contributions and influence on fellow hackers as a beautiful thing. But I totally understand and support his intent to find a new playground, free of expectations, regardless of his success on previous playgrounds. I hope that Notch finds the happiness that he seeks.

(I also hope his comment about abandoning his next project on the first sign of success was more tongue-in-cheek than it came off...)

sergiotapia 3 days ago 2 replies      
"It's not about the money (BECAUSE I HAVE TWO BILLION OF THEM!)."

Haha, and who can blame Notch, I wouldn't work a day in my life and become a full time carpenter for the rest of my life.

craigching 3 days ago 0 replies      
I'm really happy for Notch as long as he's happy. To me, the most disappointing thing about this is that the story becomes more complex. I loved telling my kids "this was created and developed by one person in his spare time." That's not been true for awhile now I realize, but it was fun telling my kids that. I guess I can figure out a different way to convey reality, but it's more complex when they say "but isn't it from Microsoft?"

Anyway Notch, good luck to you and I love you too! You really gave us something great and no matter what you do going forward, you can't take back what you've given!

netcraft 3 days ago 0 replies      
> Its not about the money. Its about my sanity.

This does make the most sense, in looking at everything hes said in the past. Sounds like MS had the right offer at the right time.

archildress 3 days ago 0 replies      
At the opposite end of the spectrum of the startup CEO who's intent on cashing out for fame is Notch, who sold to remove himself from the center of attention.

I think we all believe we could handle the spotlight and the attention and fame that comes with it. But until we're faced with it, we'll never know.

All the best to Notch and thanks for a game that brought many people many hours of happiness and shared experiences.

dasmithii 3 days ago 0 replies      
- "If I ever accidentally make something that seems to gain traction, Ill probably abandon it immediately."

These words describe how I've been feeling since the beginning of this year, when I first became a self-described programmer. Before then, I loved playing around with little toy projects, but I never considered myself as a programmer. Instead, I was a regular kid who programmed sometimes.

After realizing that, over some time, I had gained some real skills, I felt obligated to make use of them. It was no longer a playful activity, I put a burden on my own shoulders that my programs had to be significant or important to others in some way.

This sense of importance ruined programming for me. Though self-imposed, the homework-effect took over and I lost interest right away.

I'm sure many of you code for a defined purpose, whether it be profit or world effect. But for me, my computer is a toy.

rafaqueque 3 days ago 0 replies      
It's not always about money, as he said.

Classy move by Notch. Respect.

antirez 3 days ago 1 reply      
He should not give a fuck about random people on the internet, but just about opinions of the few he knows in one way or the other and respect. I understand this is more complex to do than to say, but still, how to have fun working in the current IT development scene without this crucial step, especially for a famous person like him?
lnanek2 3 days ago 0 replies      
Too bad, his claim that he isn't a developer and just wants to have fun playing and tinker makes him sound a lot like the famous Miyamoto from the StarFox development stories. Miyamoto apparently often played with many different implementations, making the programmers throw out a lot of work, but this was done to find something fun. Notch now had the money and organization to do that without worrying about having to push out a release. I wonder if his descent into writing useless things like Doom map viewers is just sort of chickening out. It's fun and easy to write for him maybe, no stress, but completely meaningless for the industry.
tdicola 3 days ago 1 reply      
I can't help but think this deal is going to have the exact opposite effect on Notch as he intended. Now everyone knows he's a billionaire and people will come crawling out of the woodwork to try and get something from him. Also parts of the Minecraft community will be pretty upset about the decision, and if a year from now things go sour and Minecraft isn't what it used to be then people will be even more upset with him. I dunno, if he wanted to get away from it all why not just leave? No need to sell the company for billions. Give his ownership to the other founders and walk away.
pingwing 3 days ago 0 replies      
I don't blame the guy and now he has plenty of money to do what he wants and not deal with the bullshit. Corporate America sucks. it is a horrible "culture". Not everyone wants fame, fortune maybe, but not fame.
huhtenberg 3 days ago 0 replies      
I really like Notch and I really like how having all that money didn't seem to change him. The sale is interesting news, but seeing him go through it with integrity is even more interesting.
jackvalentine 2 days ago 0 replies      
The only real response I feel is appropriate: "Fair enough. Have fun with what you're going to do in the future."
mcguire 3 days ago 0 replies      
"If I ever accidentally make something that seems to gain traction, Ill probably abandon it immediately."

That is a very nice option to have.

ryan-allen 3 days ago 0 replies      
I say good luck to him I say. Everyone has the right to make their own choices, and I hope he has a good time post-mojang.

A lot of people have thoroughly enjoyed Minecraft, it's a true phenomenon. Hopefully Microsoft do a good job keeping it going (and more importantly, improving it, of which I suspect they'll do a pretty ace job).

lubujackson 3 days ago 0 replies      
Notch seems like the closest thing to a modern day Woz, at least in his "doing it for the fun" approach. I wish him well in the future!
diltonm 3 days ago 0 replies      
Marcus has earned the right to do what he wishes, enjoy life instead of stressing. Best wishes to him and continued success to Mojang!
debt 3 days ago 0 replies      
Kind of reminds me of something Richard Feynman said:

"Then I had another thought: Physics disgusts me a little bit now, but I used to enjoy doing physics. Why did I enjoy it? I used to play with it. I used to do whatever I felt like doing - it didn't have to do with whether it was important for the development of nuclear physics, but whether it was interesting and amusing for me to play with. When I was in high school, I'd see water running out of a faucet growing narrower, and wonder if I could figure out what determines that curve. I found it was rather easy to do. I didn't have to do it; it wasn't important for the future of science; somebody else had already done it. That didn't make any difference. I'd invent things and play with things for my own entertainment."

I think we should take serious stock not only in what Notch is saying here but also his overall success: if you get off making ephemeral photo-sharing apps or a Salesforce clone then keep on trucking otherwise you should ask yourself why you're doing it in the first place.

Are your little projects a ton of fun to work on? Notch makes an all around good argument for pursuing your passion.

noonespecial 3 days ago 0 replies      
He's doing the only thing that makes a repeat of Minecraft possible. If he stayed "on" and tried to make "the next big thing" as part of a Mircosoft team there would be no chance.

Going straight up _why is about the only way he might create another important work. I'd lay even odds.

hyp0 3 days ago 0 replies      
I love Notch.

But since I don't know him, it's for what he represents; how he's handled success, knowing his values and acting on them.

Poor guy can't help being a symbol - a bit like Life of Brian

GigabyteCoin 3 days ago 0 replies      
>If I ever accidentally make something that seems to gain traction, Ill probably abandon it immediately.

This reminds me of the unwanted flappy-bird fame.

What a strange idea for an entrepreneurial mind to read.

nperez 3 days ago 0 replies      
As someone who took my lifelong fascination and turned it into a "job", I respect the hell out of this.Granted, not everyone is financially capable of just coding small experiments and getting by, but that's where the magic is.
im3w1l 3 days ago 0 replies      
I bought Minecraft pretty late in the game, but I really liked it. It's a great work.I'm glad for your exit, even though I realize that you quit on a sad note. I wish you joy in your future endeavors.
ianstallings 3 days ago 0 replies      
He reminds me of Steve Wozniak a little bit. He's disconnected from the scene and it's refreshing in every way. Good luck to him.
nXqd 3 days ago 0 replies      
this is so awesome that he can make things that he loves. Become super rich with it, but still staying who he is. This kind of achievement is incredibly hard.

Thanks for great work !

mentos 3 days ago 0 replies      
I would love to see him consider investing in other video game projects. There is a game 10x better than Minecraft out there somewhere and he has the money to find it.
beauzero 3 days ago 0 replies      
Good for you. When it's not fun anymore...it's just not fun anymore.
sgtnasty 3 days ago 0 replies      
Then why didnt he just open source it? That question deserves to be answered by Notch.

I watched my kids grow up on Minecraft, and how I led them to learning technology, enabling their future. Minecraft is more than just a game, and really the users own it, it's not Notch's anymore.

jonifico 3 days ago 1 reply      
While I do see his point in saying Minecraft has become too big for him, he might also be backing out a bit from a responsibility that could bring a fascinating challenge. But then again, he doesn't see himself as a true developer. Hope he finds a way to fulfill himself apart from spending billions of dollars.
dsego 3 days ago 0 replies      
He could've given a share to Zachary Barth. Just saying.
alexvr 3 days ago 0 replies      
I hope he puts that money to good use.
god_bless_texas 3 days ago 1 reply      
I'm sorry, but did notch go on reddit and indicate that Minecraft sold for 2.5B. That bastard.
seanv 2 days ago 0 replies      
i can respect that, can't argue with honesty.
31reasons 3 days ago 0 replies      
Flappybird situation at a much bigger sale ( I mean scale)
e3pi 3 days ago 0 replies      
`luden dare'

There is a latin root word that means 'play', `have fun'. There is a philosophy and a religion whose names are coined off this word. Perhaps `ludens'? Hesse's Glasperlenspiel -Glass Bead Game?

Learning about notch here this morning, I see a master living this reality regardless of philosophy or religion nonsense or the noisy crowds.

He `got game'.

hyperliner 3 days ago 0 replies      
This is really a sad statement about the evil "consumers." It does not happen only to simple nerdy game developers. It happens to everybody who does something huge.

It happens to small business owners. Then, people "tell them" that they "must" raise the wages of their employees, without ever having created a small business.

It happens to activists. Then, people "tell" them they "must" support this other cause, when those activists simply want to change a small part of the world that they care about.

It bothers me the most when it happens to presidents. (Pres. Bush, Pres. Obama, depending on your political inclinations). Just simple guys asked to carry the weight of a nation just because they were at the right time, the right place, did the right things, a few mistakes, wanted to change the world a little, and worked really hard.

Maybe all of us who instead of sweating are going for the ride should simply enjoy the game. Just put a few blocks on the game, build a small tiny house, put a glass window, a small bed in there with the tiny cool candle on the wall (my favorite block in Minecraft), and stare out the window. And watch for creepers.

But leave these folks alone to do what we did not do, and let them enjoy a reward for their hard work.

UnfalseDesign 3 days ago 4 replies      
Full text of post until the site becomes less overloaded:


I dont see myself as a real game developer. I make games because its fun, and because I love games and I love to program, but I dont make games with the intention of them becoming huge hits, and I dont try to change the world. Minecraft certainly became a huge hit, and people are telling me its changed games. I never meant for it to do either. Its certainly flattering, and to gradually get thrust into some kind of public spotlight is interesting.

A relatively long time ago, I decided to step down from Minecraft development. Jens was the perfect person to take over leading it, and I wanted to try to do new things. At first, I failed by trying to make something big again, but since I decided to just stick to small prototypes and interesting challenges, Ive had so much fun with work. I wasnt exactly sure how I fit into Mojang where people did actual work, but since people said I was important for the culture, I stayed.

I was at home with a bad cold a couple of weeks ago when the internet exploded with hate against me over some kind of EULA situation that I had nothing to do with. I was confused. I didnt understand. I tweeted this in frustration. Later on, I watched the This is Phil Fish video on YouTube and started to realize I didnt have the connection to my fans I thought I had. Ive become a symbol. I dont want to be a symbol, responsible for something huge that I dont understand, that I dont want to work on, that keeps coming back to me. Im not an entrepreneur. Im not a CEO. Im a nerdy computer programmer who likes to have opinions on Twitter.

As soon as this deal is finalized, I will leave Mojang and go back to doing Ludum Dares and small web experiments. If I ever accidentally make something that seems to gain traction, Ill probably abandon it immediately.

Considering the public image of me already is a bit skewed, I dont expect to get away from negative comments by doing this, but at least now I wont feel a responsibility to read them.

Im aware this goes against a lot of what Ive said in public. I have no good response to that. Im also aware a lot of you were using me as a symbol of some perceived struggle. Im not. Im a person, and Im right there struggling with you.

I love you. All of you. Thank you for turning Minecraft into what it has become, but there are too many of you, and I cant be responsible for something this big. In one sense, it belongs to Microsoft now. In a much bigger sense, its belonged to all of you for a long time, and that will never change.

Its not about the money. Its about my sanity.

melvinmt 3 days ago 8 replies      
There was once a businessman who was sitting by the beach in a small Brazilian village.As he sat, he saw a Brazilian fisherman rowing a small boat towards the shore having caught quite few big fish.The businessman was impressed and asked the fisherman, How long does it take you to catch so many fish?The fisherman replied, Oh, just a short while.Then why dont you stay longer at sea and catch even more? The businessman was astonished.This is enough to feed my whole family, the fisherman said.The businessman then asked, So, what do you do for the rest of the day?The fisherman replied, Well, I usually wake up early in the morning, go out to sea and catch a few fish, then go back and play with my kids. In the afternoon, I take a nap with my wife, and evening comes, I join my buddies in the village for a drink we play guitar, sing and dance throughout the night.

The businessman offered a suggestion to the fisherman.I am a PhD in business management. I could help you to become a more successful person. From now on, you should spend more time at sea and try to catch as many fish as possible. When you have saved enough money, you could buy a bigger boat and catch even more fish. Soon you will be able to afford to buy more boats, set up your own company, your own production plant for canned food and distribution network. By then, you will have moved out of this village and to Sao Paulo, where you can set up HQ to manage your other branches.

The fisherman continues, And after that?The businessman laughs heartily, After that, you can live like a king in your own house, and when the time is right, you can go public and float your shares in the Stock Exchange, and you will be rich.The fisherman asks, And after that?The businessman says, After that, you can finally retire, you can move to a house by the fishing village, wake up early in the morning, catch a few fish, then return home to play with kids, have a nice afternoon nap with your wife, and when evening comes, you can join your buddies for a drink, play the guitar, sing and dance throughout the night!The fisherman was puzzled, Isnt that what I am doing now?


jacquesm 3 days ago 1 reply      
He's already invested many years of his life into mojang, why do you think you are in a position to tell him what to do with his money?

Markus is 100% free to do whatever the hell he wants with his money and you nor anybody else should place conditions on or make demands on him.

Nib 3 days ago 1 reply      
It's the end of an era...

This may be the last time a post from Notch makes it to HN Frontpage...

We all know what's gonna happen next, microsft is gonna try to messup with the game, and, somehow, it'll end up dead...

RIP Minecraft

LeicaLatte 3 days ago 2 replies      
Say Facebook had acquired Minecraft I believe Notch might have had a chance at continuing at Mojang. But Microsoft's history with killing talent is legendary (Nokia, Rare, etc) and there was no question of him taking a chance with them.
tbrock 3 days ago 4 replies      
"If I ever accidentally make something that seems to gain traction, Ill probably abandon it immediately."

He seems to have an awful attitude for a guy who just made a billion dollars and gets to spend the rest of his life doing exactly what he wants.

theflubba 3 days ago 1 reply      
Notch is an idiot. He should just ignore what people say on the internet, stop taking things so personally, and work on a new idea. There's nothing stopping him but himself.
iamleppert 3 days ago 1 reply      
He should donate some of that money to some good causes if he's really a simple man like he says he is. Of course he doesn't have to do anything, and fully deserves to take the money and run, and build some giant evil castle or something.
I was asked to crack a program in a job interview
975 points by m00dy  1 day ago   296 comments top 39
ckaygusu 1 day ago 1 reply      
I also tried to crack exactly this program a while ago. The company (I believe it is MilSoft, one of the most reputable software companies in Turkey) sent this challenge to university students to hire a part-time CS student. Nevertheless, this was the first time I've ever attempted to crack something and while I had little to no idea what was going on, it was a very thrilling experience. I think I went on 14 hours without taking a break.

I began by trying to run the program in GDB, got SIGSEGV'd. Afterwards I inspected the faulty address and tried to avoid it by changing its value, instead it crashed at somewhere else. After trying this hopeless catch-and-run for several hours, I decided I needed a better disassembly tool and went on to IDA Pro.

This particular program contains a trick that intrigued me very much, and it is the reason why I was getting SIGSEGV'd at different locations when altering the program code.

The main payload of this program is simply XOR-encrypted by some key. The whole thing begins by decrypting the payload and then begins its execution as normal. The gist is, the particular key that encrypted the main payload is the decryption code itself (for the unacquainted, assembly code is also just a byte stream). Here, this exact part:

   0x804762d:   mov    $0xaa,%dl   0x804762f:   mov    $0x8048480,%edi   0x8047634:   mov    $0x8048cbc,%ecx   0x8047639:   mov    %edi,0x80476f3   0x804763f:   mov    %ecx,0x80476f7   0x8047645:   sub    %edi,%ecx   0x8047647:   mov    $0x804762f,%esi   0x804764c:   push   $0x80476c1   0x8047651:   pusha     0x8047652:   mov    $0x55,%al   0x8047654:   xor    $0x99,%al   0x8047656:   mov    $0x8047656,%edi   0x804765b:   mov    $0x80476e5,%ecx   0x8047660:   sub    $0x8047656,%ecx   0x8047666:   repnz scas %es:(%edi),%al   0x8047668:   je     0x804770a   0x804766e:   mov    %edi,0x80476eb   0x8047674:   popa      0x8047675:   add    0x80476eb,%edx   0x804767b:   ret
As far as I can remember, the key was a bit more than that, but I'm sure it was including this part.

At the end of every iteration (of something involving this loop which I can't precisely recall now) the program checks whether it is running under debug mode (essentially makes a PTRACE call and reads its output, the OP also talks about it) If this is the case, it makes a jump to random address, so even if you are just neatly watching the program run under debug mode, you weren't going to achieve anything.

The next thing that occured to me is to manipulate how PTRACE returns its value, but I thought it would involve some kernel code fiddling and running the program under the modified kernel, which is WAY beyond my ability for now. I didn't know how to do it, but later by some very stupid trick I managed to pass this decryption part and the program made a jump to something like "__glibc_start". I needed to save the altered program and run it under gdb again (I don't remember why), but I was using the trial version of IDA Pro which prohibits me of such a thing. After making a few more desperate attempts I gave up.

But this "using the code as the key".. I think spending 14 hours to see this done was well worth it.

davidgerard 1 day ago 9 replies      
Real-life tests are THE best thing to send job candidates. It scales well (you don't have to spend personal hours on them) and you get real information.

This applies even to sysadmins. We have a favourite: set up a VM with a slightly-broken application in a slightly-broken Apache and Tomcat, and get them to ssh in and document the process of fixing it. Even people who aren't a full bottle on Tomcat will give useful information, because we get an insight into their thought processes. I recommend this to all.

(I note we've just done a round of interviews where we get a nice-looking CV and conduct a technical grilling. Hideous waste of time for everyone involved. All CVs should be regarded, on the balance of probabilities, as works of fiction. Do a remote self-paced test like this. You won't regret it.)

meepmorp 1 day ago 5 replies      
> Here is the first thing i typed in the terminal

root@lisa:~# ./CrackTheDoor

Um. I see at least one security issue already.

superuser2 1 day ago 4 replies      
This is Intro to Systems homework at UChicago (the course is heavily based on CMU's equivalent.) You're given a personalized binary that asks for a series of passwords to complete each level. If you get a password wrong, it phones home to a server run by the professor and decrements your grade.

The point is to teach you to reason about assembly using GDB. You can pretty trivially set a breakpoint at the phoning-home routine so that you never actually lose any points; then it's just a question of thinking and reading hard enough before the deadline arrives.

Levels range from very simple string comparison, to arithmetic, to pretty weird tricks.

It was about the most memorable homework assignment I've ever done.

pkaye 1 day ago 9 replies      
I don't know where you find candidates that can even approach this level of skill or desire to solve puzzles. Most people I interview struggle with a few lines C program coding.
freehunter 1 day ago 9 replies      
Really nice overview of the process. I was hoping to get into debugging and breaking code, but my career took a wild turn away from that part of the job. It's still something I would like to learn, so I'm reading as much about it as I can.

I'm going to take this way off topic here, but it's a curiosity of mine. Please don't take this as an insult; it seems to be very common and as a language learner myself I'm just wondering where it comes from.

At first , it looks...


debugger.Therefore , there...

mode.In my opinion , Intel...

So , those lines will basically scan the memory , if there is a 0xCC , it will crash your program and such ...

Specifically in these examples, I'm seeing a missing space between a period and the next word, as well as a space before a comma. As English is one of my native languages, I'm not sure how people go about learning English or what resources are available to anyone learning English.

I've noticed this with a lot of English as a second language speakers, and it doesn't seem to matter what their original language is. In this case, Spanish, but I've seen native Russian and Japanese speakers with the same thing. Can anyone tell me why this is?

AlyssaRowan 1 day ago 2 replies      
Crackmes (as they're known) can be kind of fun.

The late Katja Kladnik once sent me a diskful of 'crackme' virii. I tried to deadlist one of them; it infected me when I did, and dared me to try a less obvious approach.

Mangled symbol table => buffer overflow in debugger => arbitrary code. Sneaky.

joezydeco 1 day ago 2 replies      
That's some impressive work. But then...

"The company send me another crack me for round 2 :) That's also interesting.."

That wasn't enough to get the job?

wyc 1 day ago 6 replies      
This reminds me of the popular binary bomb lab offered in some computer architecture courses:http://csapp.cs.cmu.edu/public/labs.html
jsaxton86 1 day ago 1 reply      
Does this guy have any idea how hard it is to come up with good interview questions? By posting the question and solution online (complete with an md5sum and everything!), he has ruined the question, and his employer will now need to spend a significant amount of time coming up with another way to evaluate candidates.
enjoy-your-stay 1 day ago 1 reply      
Looks like he was doing this on Linux.

A quick experiment shows me that you can call ptrace(PTRACE_TRACEME,..)on OSX multiple times without it failing (the constant is actually PT_TRACE_ME on darwin). I wonder if that's the same for all BSDs ?

Interesting and educational writeup though, and just the thing to get me tinkering myself!

sayginbican 21 hours ago 1 reply      
Dude?? Did you wait until you go to Spain to post this? Still, it is very fun to read this post and comments here. Actually, I prepared these two crackmes in order to arrange a small competition among universities at Turkey. But, they became very good interview questions also.

It's really good to read these responses. Cracking ability is really rare in CS student community in Turkey. Our intention was increase awareness. Reading these comments showed me it was a really good step.

professorwimpy 1 day ago 0 replies      
"Now, I have been told that the best crackers in the world can do this in 60 minutes. Unfortunately, I need someone who can do it in 60 seconds."
zellyn 1 day ago 1 reply      
If this sounds fun, give microcorruption.com a try :-)
imaginenore 1 day ago 1 reply      
If we asked questions like that at our interviews, it would take us 10 years to hire one candidate. Most people fail at basic basic stuff.
sbisker 1 day ago 2 replies      
Is this company ok with this being posted?

If so, they should say what company they are, because being associated with a clever puzzle like this is great for recruiting (even if it's not being used anymore). Unless they have their own reasons for remaining quiet (government? :)).

If not, they should probably take it down, as having the solutions posted would ruin the evaluative value of what must have taken a very long time to make.

userbinator 1 day ago 0 replies      
If you want to try cracking one yourself, there are plenty of crackmes at http://crackmes.de/
acjohnson55 1 day ago 0 replies      
Back when I was in high school, I had a Palm IIIxe. This was the days before app markets and nearly everybody who made PalmOS apps tried to sell them as shareware with a price of $20-50 -- well beyond what I could afford as a broke high school student.

Fortunately, I had learned Z80 assembly programming my TI-83, which had led me to dabble in 68k assembly when I bought a TI-89. I never mastered 68k the way I did Z80, but I knew enough to find the routines that ran the registration key check when the OK button was pressed, and by trial and error, I'd invert conditional jumps until I found the one that would turn a failed registration attempt into a success. Then I'd hex edit the binary to make the switch. Worked like a charm about 80% of the time!

estefan 1 day ago 0 replies      
I remember fravia and +orc back in the day... I think he passed away, but there are still archives online: http://www.woodmann.com/fravia/

I spent hours starring at softice & winice, and learning x86 asm

harshil93 21 hours ago 1 reply      
This reminds of this quora post. A nice one for beginners like me. The guy reverse engineered Sublime Text to remove the nagware of registration.


PS- You should buy ST, it is one of the best code editors out there in the market.

diminoten 1 day ago 0 replies      
How the hell do I have a job? I can't even follow most of this...
joeblau 13 hours ago 0 replies      
I love the way the way m00dy dissected the problem. About 2 months ago, I was watching some advanced LLDB videos from Apple and they went into a lot of the tricks detailed in this post for setting breakpoints and debugging a program. That being said, some of the knowledge about halting commands and configuring gdb to ignore debug mode are just some things only a pro would know.

Great job and thanks for the great read.

skizm 1 day ago 0 replies      
Should have sent them a password locked program called *DoorHasBeenCracked". The only thing it does is post passwords to an http server that you control. There is a good chance they try their own password on it. New school phishing attack. /s
jonahx 1 day ago 4 replies      
what's a good, simple intro to the basics of this kind of cracking for someone who is an experienced programmer, knows some C, etc, but has little system level or assembly experience?
aabajian 1 day ago 1 reply      
This is totally nostalgic of the "binary bomb" assignment in CS 107 @ Stanford. You have to run the program from Stanford's network. There are 6 levels and each level has a password you have to enter. If you enter the wrong password, the course server is notified, and a point is deducted from your grade. The correct way to solve each level is to disassemble the program and figure out what it's doing.

Here's Google's cache of this page:


...there's even a secret level in the binary.

terminado 7 hours ago 0 replies      
Password variables stored as constants? In MY binary? It's more likely than you think!
fsniper 1 day ago 3 replies      
The post started very well but with the first screen shot, my mind started tingling: What the heck a security engineer is doing in a root shell? An unknown binary sent via an email is run in a root shell. There is also no mention of email source tracking.

Hey you are a security engineer you know about weakness of smtp right?

Even if this is a virtual machine, I would really reconsider employment of him or sit down and do a serious talking about this blog post if I were the employer.

I could not continue reading the post before ranting about it.

raverbashing 1 day ago 0 replies      
Very nice

My approach would be to disassemble, then try to find the strings in the program and see where they're being used and processed.

And kill the CC thing by hexediting the file

turtles 1 day ago 0 replies      
Similarly, I had to debug a vulnerability and write an exploit for a vulnerability in adobe reader for a job interview. :)
mahmoudimus 1 day ago 2 replies      
I have a pretty cool crackme that I programmed and I wanted to offer it as a puzzle to some candidates, but without the proper reverse engineering tools, I think most candidates would really struggle -- especially if you're looking for just general developers.

Haven't given it much thought past this.

mariuolo 21 hours ago 0 replies      
You know that by publishing this now YOU will have to write the challenge programme for the next candidate, right?;)
ohshout 11 hours ago 0 replies      
why doesn't the author use objdump so there is no need to bypass ptrace()?
Ben-G 1 day ago 0 replies      
Are there any good resources to learn what is necessary to solve this puzzle?
aceperry 1 day ago 0 replies      
This reminds me of a scene from the movie "Swordfish", starring Hugh Jackman, John Travolta, and Halle Berry. :-)
tomrod 1 day ago 0 replies      
That, my friends, was a powerful blogpost. Raw, exuberant, and purposeful. I learned much.
fastball 1 day ago 0 replies      
Agh wHy is thE capitalization & puncuation. so inconsistent?
ck2 1 day ago 0 replies      
Then gets fired for revealing the answer to the only test they have.

Just kidding, congrats!

marincounty 1 day ago 0 replies      
I've always believed a test a a fair way of hiring. It takes "the good ole boy", and the whole "my friend is brilliant" out of the equation. Personally, I've never liked, actually despised, the whole networking thing.
javajosh 1 day ago 1 reply      
So the only way for programs to get data from the outside world is to poll with system calls? I always thought that programs defined a "holding area" that the kernel would write into when it had data - the program still might poll, but it's polling (potentially very small, perhaps a single register) local data rather than making a system call.
Yes, were being bought by Microsoft
941 points by jordanmessina  3 days ago   512 comments top 65
gokhan 3 days ago 10 replies      
For people without children, here are some quick notes on the situation in kiddieland:

- My son is 7. We bought iPad edition first, shelled some more for PC edition last month, and I'm sure I'll be forced to buy more in the future if MS puts a price tag on it.

- I spend a fair amount of time during weekends for deciphering the modding world, trying to find something called CraftBukkit, learning to mod, finding launchers, finding maps shown on some Youtube video etc. because the son is mad about it. BUT, he's spending hours trying to learn JS (ScriptCraft on Bukkit) just to make an exploding arrow. I truly believe this is analogous to C64 days back then.

- School started today, he's moved to another school this year. The first thing he asked to his news friends was about Minecraft. Then he advertised how PC version is superior to the one on iPad.

- My 2 yo daughter knows what Minecraft is, tells she'll play Minecraft when she grows up.

- While we were shopping for school supplies last week, saw two people asking for Minecraft licensed school bags for their kids.

- We live in Turkey.

jacquesm 3 days ago 15 replies      
That's 2.5 Instagrams, or 0.33 Nokias. What do you feel, realistic, too much, too little?

Personally I feel this makes (much) more sense than instagram, these guys have a very loyal following, a tremendously strong product and actually make money.

Congratulations to everybody on the selling side in this deal, too bad it had to be Microsoft but with amounts like that there are not too many companies on the acquiring side.

Does anyone know if this was stock / cash / a mix?

edit: this Microsoft - Mojang deal will do more to get people into (games) programming than a million $ adspend by codecademy would

edit2: right now (16:43 my time) microjang.com is still free

Wonder how long it will take before that is a registered domain.

edit: microjang.com is now no longer free.

   Registrant:      Microjang Development (DR is US)      PO Box 100439      NY, NY 10163-4668      US (UNITED STATES)

scrollaway 3 days ago 10 replies      
There goes all hope of Minecraft being released as open source.

There was a blog post from several years ago from Notch saying that after he made enough money with the game, he would "probably clean it up and release it as open source". Oh well.

Instead now we have the DMCA-infighting and an atrocious modding community that hosts their binaries on shady file upload sites, their "project page" in a forum thread, make their measly money from adfly-like sites and have never heard of Github.

So much wasted potential. Anyhow, congratulations Microsoft.

rcamera 3 days ago 14 replies      
I have been trying to understand why Microsoft would buy Minecraft. Even though Minecraft is really important, and wildly successful, but the price tag for a game studio with one successful game is rather odd, considering it is unlikely Minecraft will sell millions of copies more (it is already the most sold game ever made). This is a long shot, but it may explain it:

If Microsoft is trying to build its own Steam competitor (which given Valve's current strategy to make Linux an alternative gaming platform to Windows, makes sense), then Minecraft is the perfect acquisition to start it up, for a number of reasons. It is the best selling video game of all time, with over 15 million copies sold for the PC (54 million copies across all platforms), and it has over 100 million accounts registered. It is possibly the only successful indie game that has never integrated with Steam, and that has a very young userbase (based on my experience) which, given their ages, probably isn't part of Steam's userbase. All of these aspects make it a great strategic acquisition if Microsoft wants to make a new and successful game marketplace and platform for Windows.

Anyone else has any other idea why the 2.5 billion price tag?

mattdotc 3 days ago 5 replies      
Very peculiar seeing this news after Notch was so critical of the OculusVR sale to Facebook.

Seeing as I bought my premium Minecraft account on 8/1/2010, I must be due some sort of equity for supporting him at such an early stage.

edit: Oh, and what do you think will become of the old alpha/beta/release builds? I'm thinking about going ahead and archiving them all in case access to them is revoked. Not sure if I'm being too paranoid, but I much preferred the simpler versions without all the distractions like XP, hunger, and those weird tall black guys.

TillE 3 days ago 1 reply      
> Hes decided that he doesnt want the responsibility of owning a company of such global significance

> The founders: Notch, Carl, and Jakob are leaving

Yeah, that's exactly what I suspected when the rumors started. Markus doesn't really want to run a company, so he's cashing out and doing his own thing. Good on him.

cptskippy 3 days ago 1 reply      
I could see this being a huge play for young developers by Microsoft. They have been positioning themselves as a platform agnostic services provider, investing in or purchasing cross platform development frameworks, and opensourcing a lot of their technologies (e.g. C#, .NET, Rosetta, OWIN). Now all they need are developers to adopt their technologies.

Minecraft has a huge modding community and a lot of first time coders are getting into the scene because they love Minecraft. Imagine Microsoft ports Minecraft to C# or possibly C while maintaining full support for all existing platforms. Then go about developing a great API/SDK for modders and making it incredibly easy for anyone to download Visual Studio and the Minecraft SDK.

They just introduced an entire generation of developers to MS technology.

joemaller1 3 days ago 2 replies      
I'm trying, but I just don't see any good coming of this. The comments from Mojang seem incredibly naive, everything is going to change.

First people to make money on this will be lawyers. There's going to be a blizzard of copyright takedown notices going out to every unlicensed (most all) Minecraft merchandise and spinoffs. The offline fan ecosystem is going to get slaughtered.

Mostly I'm just sad for all the kids. They love Minecraft, and this won't end well.

DanBC 3 days ago 5 replies      
Be interesting to see how MS deal with YouTubers.

Shutting down Etho, Yogscast, etc is likely to lead to hordes of 13 year olds hating MS for ever.

Maybe there'll be an MVP programme for YouTubers? </s>

I just hope MS can sort out modding: a sane mod interface would make many people very happy.

danschuller 3 days ago 0 replies      
I think this just demonstrates the power of the internet/social networks and an increasingly interconnected world.

Notch creates a small game on his own, improving on Infiniminer, it catches the imagination of an entire generation. Without the internet and social networks this would have never happened. Without this game having a multiplayer mode added (which happened fairly early on) it wouldn't have happened. I wonder what it would be like it Doom was first released into a similar environment but maybe it's a little less universal.

People in their bedrooms recording themselves playing video games speak as loudly, or more loudly than traditional media. PewDiePie has 30 million subscribers - he can make any game just with a mention.

It's interesting now our networks are concentrating and distributing influence, power and wealth. Nothing I could have predicted and I'll enjoy seeing what comes next.

malloreon 3 days ago 0 replies      
That Mojang is worth 62.5% of Star Wars is a testament both to Minecraft's value and how much Lucas destroyed Star Wars in the last 20 years.
worklogin 3 days ago 0 replies      
> Theres no reason for the development, sales, and support of the PC/Mac, Xbox 360, Xbox One, PS3, PS4, Vita, iOS, and Android versions of Minecraft to stop. Of course, Microsoft cant make decisions for other companies or predict the choices that they might make in the future.

Linux is absent, but I wonder if they lump that in with "PC".

diltonm 3 days ago 1 reply      
I'd feel much better if they would clarify the term PC. As a long time Linux user and Minecraft fan; I'd hope the Linux client continues to thrive similar to the way the Skype client has after the Microsoft acquisition. The fact that the list uses the term PC instead of spelling out "Windows,Linux,etc." worries me some.
Joona 3 days ago 0 replies      
Holy crap, 2.5 BILLION? And on top of that Notch and Jakob (and Carl) are leaving? I understand Notch's decision (as he has been doing his own thing), but I did not imagine Jakob or Carl leaving.
calewis 3 days ago 0 replies      
Seems to me like the most sensible tech purchase in a while, PE ratio is a bit more normal and it has massive and sustained traction amongst young people.It remains to be seem if M$FT will fuck it up, but that's a different question.
tdicola 3 days ago 0 replies      
The thing I can't wait to see is how Microsoft intends to recoup the cost in FY2015 like they say they will. From what I read Mojang only made ~$300 million off Minecraft last year, so where is the other $2.2 billion going to come from in the next 9 months? I will be surprised if there isn't a big write-down on this purchase come July.
outside1234 3 days ago 0 replies      
One of the things you need to understand about these deals, and deals like it (Nokia), is that Microsoft is using trapped overseas cash to make these acquisitions.

(If they repatriated this cash to the US instead they would lose something like 40% of it to taxes)

Its a good time to be a foreign (to the US) company.

tyho 3 days ago 5 replies      
>What about the other editions of Minecraft? Will they stop being developed?

>Theres no reason for the development, sales, and support of the PC/Mac, Xbox 360, Xbox One, PS3, PS4, Vita, iOS, and Android versions of Minecraft to stop.

So what is happening to the Linux edition that has been fully supported since day 1?

shmerl 3 days ago 1 reply      
TL;DR: We don't know Microsoft's plans. But don't worry, everything will be fine.

Yeah, right. It's MS we are talking about. MS don't even hide their mindset here:


> Minecraft fans are loyal, with nearly 90 percent of paid customers on the PC having signed in within the past 12 months.

That's MS for you. DRM to be expected.

DigitalSea 3 days ago 0 replies      
Worse kept secret ever.Good for Notch and everyone else though, a well-deserved cash out and completely understandable. Notch never striked me as a guy who wanted to run a big company like Mojang in the first place.
bru 3 days ago 4 replies      
> Microsoft acquired Mojang for a smooth 2.5 BILLION dollars.


I hope that Microsoft won't disrupt Minecraft's development (e.g. like they did with Skype, making Linux a third-rate platform - which should not happen since Minecraft's coded in Java).

p1mrx 3 days ago 0 replies      
With $2.5 billion, you could buy 3 blocks of gold:

http://www.wolframalpha.com/input/?i=1+cubic+meter+of+gold == $765 million.

mindstab 3 days ago 3 replies      
Ran some math with friends. Minecraft is from 2009, so it's 5 years old. https://minecraft.net/stats says it's sold ~16M pc and mac copies and the front page says at $27. That's about $432M in its entire life [assuming everyone paid full price, which they didn't, there have been loads of deals over the years]. Now that doesn't take into account mobile and console. For android the $7 pocket version is reporting 5M which is $35M. I don't have numbers for iOS and console but I can't really imagine they come close to PC and Mac. And as my friend reminded "Well I'm one if those 5m and I paid $0.10 [for the android version]"

I have a hard time understanding where they get the $2.5B valuation considering its revenues. Another friend thought advertising: " heck, even brand recognition - if they put "Microsoft Minecraft" on the title, I'm sure that's comparable to a few superbowl ads &tc"

So we ran that math.

"the average cost of a 30-second advertisement was around $4 million" - wikipedia [ https://en.wikipedia.org/wiki/Super_Bowl_advertising ] "Super Bowl XLV, played in 2011, became the most-watched American television program in history with an average audience of 111 million viewers " - wikipedia. 16.7M people have bought minecraft [mincraft.com/stats pc and mac] + 5M for android. That's still a fraction of a super bowl ad (like 16%) or ~$670,000 value in super bowl advertising terms. Except I suspect anyone actually in advertising would say the value of a finely crafted 30 second video advert massively beats your company name under a game title.

Regardless of quibbles, the advertising potential seems off by many orders of magnitude. also as was mentioned: "Is brand recognition something ms has a problem with?"

So where is the $2.5B coming from? Especially when the gamesutra article [ http://www.gamasutra.com/view/news/225611/Minecraft_studio_M... ] has them saying they think they can recoup the full value in 1 year!

jccalhoun 3 days ago 1 reply      
One thing that needs some explanation is the fact that because Minecraft predates Mojang, at one point Mojang was only licensing the Minecraft trademark from Notch (even though Notch was the majority owner of Mojang). (If you look at the bottom of minecraft.net you will see: "Mojang 2009-2014. "Minecraft" is a trademark of Notch Development AB")

I hope that MS's lawyers were smart enough to make sure they were actually buying Minecraft and not just a license...

aaronbasssett 3 days ago 1 reply      
Coming soon, Minecraft 2.0! Exclusive to Xbox One.
citricsquid 3 days ago 1 reply      
A copy of the blog post if the site is down: https://archive.today/TbJQh

Xbox announcement: http://news.xbox.com/2014/09/games-minecraft-to-join-microso...

worklogin 3 days ago 0 replies      
He's a bit disingenuous.

Don't care about the money at all? Open-source it and let it thrive.

Care about the money a bit, but really want the game to survive? Want the community to have faith in its future? Sell it to Valve for $25m or something on the condition that an API gets built. If it's worth a fraction of its sell price, Valve would have jumped on it.

But instead, it got sold to a company devoted to closed source software and killing its game purchases. And Notch got a fat check for it.

Listen, I can't judge him, and I won't. The game is great, and he built it. But every action in this says it's about money, while none of it shows a care for the game. We'll see how it pans out, but history tells us to be suspicious.

alyandon 3 days ago 1 reply      
I can't see this being a good thing for anyone that cares about Minecraft at all. I wonder how long it'll be before:

1) The older Minecraft binaries suddenly become unavailable for download which will effectively kill many launchers, mods and modpacks

1a) Microsoft aggressively uses DMCA notices to kill off the modding community when the modding community tries to work around #1 by hosting the binaries themselves

2) Microsoft adds unnecessary integration with the win32 API via JNI to Minecraft in order to make it Windows-only despite the fact Minecraft is written in Java

2a) More aggressive DMCA usage to kill off the community attempting to work-around #2

Those are just off the top of my head but I'm sure I can come up with more not too far-fetched scenarios.

centizen 3 days ago 0 replies      
Well, this will be an interesting ride. At least now Notch will have enough time and money to fund that Psychonauts sequel!
spacecadet 3 days ago 1 reply      
Notch went from having trouble with Paypal over a poultry $750k to being a Billionaire. That's awesome.
Pyrodogg 3 days ago 0 replies      
Well, there goes a ton of support for the current Forge-related modding community.

"Take care everybody. rm -rf .minecraftMS free for 20 years. Not starting now!"https://twitter.com/minecraftcpw

octo_t 3 days ago 0 replies      
I think the most significant part is that the founders at Mojang are leaving:

> The founders: Notch, Carl, and Jakob are leaving. We dont know what theyre planning. It wont be Minecraft-related but it will probably be cool.

dageshi 3 days ago 0 replies      
They'll probably create a market. Right now mods/skins are for the most part being given away for free. I think the obvious thing to do is allow mod creators to sell at a profit if they wish.
rurounijones 3 days ago 0 replies      
Ok, everyone here is bashing Microsoft and making doom and gloom predictions but let us think about what the possible benefits could be:

* A bigger development team that could optimise and speed development of minecraft improvements

* Maybe actually make an official, well-designed, modding API.

I agree that the scope for them screwing it up is huge, but lets try to think at least a little bit positive.

maljx 3 days ago 0 replies      
Personal statement by notch - http://notch.net/2014/09/im-leaving-mojang/
LeicaLatte 3 days ago 2 replies      
Mojang's new roadmap starting next sprint -

Minecraft kart racer, brawler, side scroller, kinect game, store.minecraft, themed COD maps, Forza tracks, minecraft 2 pre-order beta access

wiremine 3 days ago 0 replies      
I like this quote from Gruber:

"Its almost impossible to overstate just how big a deal Minecraft is for my son and his friends." [1]

My son is 8, and he and his friends are CONSUMED by the game. I wonder how Microsoft is going to leverage this fact for reaching new users...

[1] http://daringfireball.net/linked/2014/07/25/minecraft

smoyer 3 days ago 3 replies      
Is this the first product Microsoft will own that's written in Java? They support it on Azure but I'm not aware of them selling a software product that's based on Java.
tehwebguy 3 days ago 0 replies      
No one has mentioned merch or licensing yet here.

I would offer an educated guess that Minecraft is/was the single most valuable indie game IP outside of actual game sales.

aabdocker 3 days ago 0 replies      
> The founders: Notch, Carl, and Jakob are leaving. We dont know what theyre planning. It wont be Minecraft-related but it will probably be cool.
georgehaake 3 days ago 0 replies      
Very interesting that my 8 and 10 year old sons two weeks ago declared Minecraft boring after 3-4 years of all that they could consume play.
netcraft 3 days ago 0 replies      
I look forward to a post from MS about their plans. I still believe that with a proper modding API minecraft could quadruple its current impact.
Immortalin 3 days ago 0 replies      
I hope that a clr port of minecraft would be out soon. Modding minecraft with java is not an option for me as it is way too verbose. I am trying to use clojure but getting it to work with the gradlew custom buildscripts used by minecraft forge is very painful. Modding minecraft with F# sounds fun....
blueskin_ 3 days ago 1 reply      
>Theres no reason for the development, sales, and support of the PC/Mac, Xbox 360, Xbox One, PS3, PS4, Vita, iOS, and Android versions of Minecraft to stop. Of course, Microsoft cant make decisions for other companies or predict the choices that they might make in the future.

Translation: MS hasn't killed them yet, but probably will soon.

xedarius 3 days ago 1 reply      
I find it amazing that there wasn't a clause tying Notch and the other founders to the company, at least for a transitional period. Usually when you buy a games company it isn't the product you buy so much it's the creative talent. But to counter my own argument, few games companies have a product as strong as Mojang.
turshija 3 days ago 2 replies      
I hope they won't ditch cross-platform and go for Windows + Xbox only. Or try to make "Minecraft 2". Damn
keypusher 3 days ago 0 replies      
Not clear to me exactly what Microsoft is buying here. As far as I know the development studio Mojang is tiny, maybe a few dozen people. Minecraft itself has a huge community, and made a lot of money, but it's not clear how Microsoft leverages that into anything other than goodwill.
illumen 3 days ago 0 replies      
Ludumdare is bigger than Y combinator now.
stickhandle 3 days ago 0 replies      
I keep reading the lego comparisons but i think that's staying a little too inside the box. Block for block, if you will. A better comparison is "Minecraft is the digital equivalent of playing in the sandbox".
Pxtl 3 days ago 0 replies      
So, MineCraft 2 will be an X-Box/Win8 tablet exclusive made by a AAA development studio, I suppose.
easytiger 2 days ago 1 reply      
>Theres no reason for the development, sales, and support of the PC/Mac, Xbox 360, Xbox One, PS3, PS4, Vita, iOS, and Android

Confirmation that the Linux version has been killed then

knd775 3 days ago 0 replies      
This makes me sad. I see that there is the potential for good to come from this, I don't think it will happen. At least Jeb is staying. There might have been some pretty big problems for Minecraft if he didn't stay.
JoeAltmaier 3 days ago 1 reply      
Perhaps Microsoft has a similar project in the works, and instead of fighting over IP and copyright, they just bought the company. Like Intel or Cisco buying innovators to avoid patent litigation.
pinaceae 3 days ago 1 reply      
Did Minecraft ever take on any VC money? I think not, so this 2.5b is very, very different than the stuff you see here. Not comparable to Instagram in net profit for the founders.
KhalilK 3 days ago 1 reply      
First thing to do: ditch Java; port the game to C#.
talmand 3 days ago 0 replies      
All I can say is that my daughters are so lucky that Games for Windows Live is dead and won't be integrated into Minecraft.
programminggeek 3 days ago 0 replies      
$2.5 billion and the founders get to walk. That is impressive. No golden handcuffs.
neves 3 days ago 1 reply      
Hope they don't decide to bundle it with Windows. My kids will have zero productivity for their whole life.
Florin_Andrei 3 days ago 0 replies      
> Everything is going to be OK.

Yeah, with $2.5 bil in the bank, I'm sure it will.

betabob 3 days ago 0 replies      
Think Microsoft-VR.

Billions in VR-device/console sales secured via platform exclusivity. See Halo(Bungie)/Xbox etc. Games dictate console sales.

Minecraft will actually be a lot more effective. Massively popular among every demographic. Smart move and good timing.

Hats off to New-Microsoft.

tomrod 3 days ago 0 replies      
More power to you, Mojang employees, and may you see many happy returns.
drivingmenuts 3 days ago 0 replies      
Well, it was fun while it was lasted. Being on OS X, I'm not going to pretend that Microsoft will support us for any longer than they have to.
LERobot 3 days ago 0 replies      
The skype effect is near
eric_cc 3 days ago 1 reply      
Minecraft 2: now with Micro-transactions, Achievements and More!!
Fastidious 3 days ago 1 reply      
Next steps:

- Replace Mojang/Minecraft account with a Microsoft Account, use it to login

- Minecraft installer comes with Bing

- Minecraft ported to C#, Java version discontinued. Name changed to Microsoft Minecraft 1.0

- Minecraft servers can only be run in Azure, legally

TXT Record XSS
854 points by ryanskidmore  11 hours ago   198 comments top 42
mrb 10 hours ago 11 replies      
I am half serious, but how about making HTML served in TXT records a standard trick for serving small web pages very quickly? There are way fewer network round trips:

  1. DNS query for TXT record for example.com  2. DNS reply with HTML content
Compared with the traditional 7 steps:

  1. DNS query for A record for example.com  2. DNS reply with x.x.x.x  3. TCP SYN to port 80  4. TCP SYN/ACK  5. TCP ACK  6. HTTP GET  7. HTTP reply with HTML content
It would also make the content super-distributed, super-reliable, as DNS servers cache it worldwide (and for free so it would reduce hosting costs :D). Also TXT records can contain more than 255 bytes as long as they are split on multiple strings of 255 bytes in a DNS reply.

Again, I am only half serious, but this is an interesting thought experiment...

Edit: oddtarball: DNSSEC would solve spoofing. And updates should take no longer than the DNS TTL to propagate: the TTL is under your control; you could set it to 60 seconds if you wanted. It is a common, false misconception that many DNS resolvers ignore the TTL. Some large web provider (was it Amazon? I forget) ran an experiment and demonstrated that across tens or hundreds of thousands of clients wordlwide, 99% of them saw DNS updates propagated within X seconds if the TTL was set to X seconds. Only <1% of DNS resolvers were ignoring it.

ryan-c 10 hours ago 4 replies      
I enumerated all IPv4 PTR records a few years back, and I saw a couple XSS things there as well. If anyone wants to host that data set somewhere, let me know, would be interesting to see what others do with it.

Edit: I found my data and have a grep running on it, will share what turns up.

Edit2: Somewhat less exciting than I remember:

$ fgrep -- '>' *










philip1209 9 hours ago 4 replies      
I added FartScroll.js from the Onion to my text records:


SEJeff 10 hours ago 1 reply      
From any Linux (or probably OS X) workstation / server, you can run the command "host -t TXT jaimehankins.co.uk" ie:

$ host -t TXT jamiehankins.co.uk

;; Truncated, retrying in TCP mode.

jamiehankins.co.uk descriptive text "<iframe width='420' height='315' src='//www.youtube.com/embed/dQw4w9WgXcQ?autoplay=0' frameborder='0' allowfullscreen></iframe>"

jamiehankins.co.uk descriptive text "v=spf1 include:spf.mandrillapp.com ?all"

jamiehankins.co.uk descriptive text "<script src='//peniscorp.com/topkek.js'></script>"

jamiehankins.co.uk descriptive text "google-site-verification=nZUP4BagJAjQZO6AImXyzJZBXBf9s1FbDZr8pzNLTCI"

garazy 4 hours ago 0 replies      
I've found about 80 TXT records with <script tags in them - most of them look like the person not understanding where to paste a JavaScript snippet over XSS attempts, here's all of them -


There's a few that are "13h.be/x.js" that look like someone trying this out before.

kehrlann 10 hours ago 4 replies      
This is hilariousy, but could this potentially be a real threat to anything ?
AsakiIssa 11 hours ago 2 replies      
Wasn't expecting that at all! Had several tabs opened and was really confused for a few seconds while I tried to find the tab with 'youtube on autoplay'.

Firefox needs to show the 'play' icon for the audio tag.

jedberg 9 hours ago 0 replies      
Come on people, this is so basic. If you didn't generate the data, don't display it on your web page without filtering it. It blows my mind that this isn't just everyone's default.
rbinv 11 hours ago 3 replies      
Clever. I didn't get it at first.

Never trust user input.

Edit: See http://www.dnswatch.info/dns/dnslookup?la=en&host=jamiehanki... for the actual code.

colinbartlett 10 hours ago 0 replies      
Bravo, I just embarrassed myself in a very quiet meeting.
JamieH 29 minutes ago 0 replies      
Still working here if anyone is yet to see it.


toddgardner 10 hours ago 0 replies      
The most clever exploit of XSS I've ever seen. Beautiful. Bravo.
elwell 6 hours ago 1 reply      
In playing around with this hack, I discovered that Dreamhost doesn't properly escape TXT records in their admin interface when modifying DNS records. I put an iframe in and it shows the box but the src is removed; it also killed the page at that point so I'm unable to remove it...
mike-cardwell 7 hours ago 0 replies      
A while ago I experimented with adding stuff to the version.bind field in bind. Just updated it:

mike@glue:~$ dig +short chaos txt version.bind @

"<iframe width='420' height='315' src='//www.youtube.com/embed/dQw4w9WgXcQ?autoplay=1' frameborder='0' allowfullscreen></iframe>"

I put this in my named.conf:

version "<iframe width='420' height='315' src='//www.youtube.com/embed/dQw4w9WgXcQ?autoplay=1' frameborder='0' allowfullscreen></iframe>";

This site is vulnerable:


Although takes a minute before it kicks in. I did report it to them at the time, but never got a response.

Sanddancer 10 hours ago 0 replies      
Given how many whois sites cache results, I wonder how many of them are also vulnerable to SQL injections...
kazinator 8 hours ago 0 replies      
Since there is very little discussion in the link, pardon me for stating what may be obvious to some, but not necessarily everyone.

The point here is that:

1. DNS TXT records can contain HTML, including scripts and whatever.

2. Domain registrants can publish arbitrary TXT records.

3. TXT records can appear in pages generated by web sites which serve, for instance, as portals for viewing domain registration information, including DNS records such as TXT records.

4. Thus, such sites are vulnerable to perpetrating cross-site-script attacks (XSS) on their visitors if they naively paste the TXT record contents into the surrounding HTML.

5. The victim is the user who executes a query which finds the malicious domain which serves up the malicious TXT record that is interpolated into the displayed results. The user's browser executes the malicious code.

Thus, when you are generating UI markup from pieces, do not trust any data that is pulled from any third-party untrusted sources, including seemingly harmless TXT records.

Thaxll 10 hours ago 2 replies      
It has nothing to to do with TXT record, it's just the website that render html. It could be any source.
bwy 10 hours ago 3 replies      
Wish there was a warning, because I accidentally clicked this link in class just now.
sanqui 5 hours ago 1 reply      
Looks like the who.is site has patched the exploit up a few minutes ago.
wqfeng 2 hours ago 1 reply      
Could anyone tell me what's about? I just see a DNS page.
gsharma 9 hours ago 0 replies      
Not sure how Trulia handles input for its usernames, but at one point I was able to do this http://www.trulia.com/profile/-iframe--home-buyer-loleta-ca-...
0x0 10 hours ago 0 replies      
Can it be done with CNAME and SRV records too?
indielol 5 hours ago 0 replies      
Wouldn't this make it super easy for Google to ban (show the security warnings in Chrome) the domains?
gcr 7 hours ago 0 replies      
Warning: this page links to (loud!) automatic playing audio.
PaulSec 5 hours ago 0 replies      
I wonder how this got so much points..Reflected XSS in 2014, yeah..
tekknolagi 11 hours ago 0 replies      
This is hysterical.
bdpuk 9 hours ago 0 replies      
I've seen similar examples with HTTP headers and sites that display those, nice angle.
thomasfl 7 hours ago 0 replies      
Finally somebody found a way to put html injection on to good use.
nerdy 10 hours ago 0 replies      
Best POC ever.
_RPM 10 hours ago 1 reply      
When I went to the page, it started playing music. I find that very frustrating and annoying.
general_failure 10 hours ago 0 replies      
Well played sir, very well played
js2 9 hours ago 0 replies      
All editors should, upon save, put up the following prompt:

"I acknowledge the code just written does not trust its input, under penalty of being whipped by a wet noodle."

But I guess folks would just click through.


iamwil 11 hours ago 3 replies      
How does this work?
ing33k 9 hours ago 0 replies      
good hack but really stupid of me to click it directly :\
ginvok 10 hours ago 0 replies      
Aaaand now I'm deaf :)Gotta learn sign language
himanshuy 10 hours ago 1 reply      
What's up with the search box?
zobzu 9 hours ago 0 replies      
That made me laugh, good one :)
notastartup 9 hours ago 0 replies      
man...I woke up and got a dose of surprise....love this song.
r0m4n0 10 hours ago 3 replies      
isn't this technically illegal to demonstrate haha?
st3fan 10 hours ago 0 replies      
sprkyco 10 hours ago 0 replies      
Luckily it does not work on my normal browser: https://www.whitehatsec.com/aviator/
Minix 3.3.0
595 points by knz42  2 days ago   171 comments top 16
jacquesm 2 days ago 17 replies      
I've upvoted this because I would like to see minix succeed and for nostalgic reasons but I can't help the feeling that minix has missed its window of opportunity. In practically every arena where minix could have established itself there are now formidable entities entrenched with mindshare, budgets and an installed base that minix can't even begin to touch. I've got similar feelings towards plan 9.

Even so, minix has a spot, and that spot is in education, an OS that can function like a digital version of a petri dish, something that you can quickly morph to test out a new idea without having to drag a huge behemoth of a kernel behind you.

I'm quite sad about this, I think that if minix had been open instead of 'published as a book' that minix would have been what Linux is today only better engineered and that we'd all be better off for that.

Not being GPL'd meant that a whole generation of hackers followed Linus Torvalds rather than buying a bunch of books from Prentice Hall. And so now we have 70's era tech instead of 90's.

peatmoss 2 days ago 0 replies      
The choice to use a NetBSD userland isn't hugely surprising in light of the project's focus on making everything as clean and portable as possible. Packages also make a lot of sense. NetBSD did something hugely ambitious with Pkgsrc--it is like FreeBSD's ports, but was designed to build software in a coherent fashion on lots of different *nix platforms. At one point in time, I was using pkgsrc to build a somewhat complicated custom stack of open source software on AIX, compiling with IBM's XLC compiler. Can't say everything worked perfectly, but there was so much scaffolding already in place with pkgsrc that it simplified my process immeasurably.
f2f 2 days ago 0 replies      
I feel this document really captures the feeling that OS researchers had at the turn of the century:


On one hand you had Windows NT taking over commercial space, on the other you had the Linux juggernaut gathering speed. There was not much left for the niche players.

Glad to see Minix survives still.

runeks 2 days ago 2 replies      
From a technological point of view, I think Minix looks really interesting. Especially the feature of a driver being able to crash, and not crashing the entire system. Security is also an added bonus.

But, it seems to me that it's not really usable for most people, since driver support is very poor.

I would really like to know, if anyone knows the answer, how much effort it would take to create some sort of tool that converts a Linux driver to a Minix-compatible driver, or -- if that's not possible -- how many man hours it would take to rewrite ALL Linux drivers to be Minix-compatible. Anyone know?

moo 2 days ago 0 replies      
I'm suspicious that some people complain about dated technology and want something fresh not because the dated tech is obsolete or crippled but because they want to be an expert on new tech, starting from a level playing field and not have to catch up with people with a 20+ year head start.
thomasfl 2 days ago 0 replies      
Minix, the only *nix I've ever modified or recompiled.
jingo 2 days ago 0 replies      
There is only one question I ask to Minix: How much space and time does it take these days to compile a Minix kernel?

The current system I use takes about 220MB of RAM and about 15min on an underpowered netbook. (It is not Linux but still has decent hardware support.)

Of course I'm also curious what other folks who compile their own Linux kernels see as their "minimum" requirements.

stevedekorte 1 day ago 1 reply      
AFAICS, Minix's model will win in the end because security will be the most important OS feature in the future. It's a matter of time before our life savings (crypto-currencies), all personal info, and even our lives (self driving cars, medical equipment) inevitably becomes dependent on the security of our computer(s).
LeonM 2 days ago 0 replies      
Nice to see they have finally gotten to ARM support. I've worked on an MINIX3 ARM port for my thesis. Got really close to a running system but never got to finishing it after I got my degree.

Gonna try it out tonight!

indielol 2 days ago 1 reply      
I wonder if anybody uses minix in production anymore.
luckydude 2 days ago 0 replies      
Has anyone benchmarked this? lmbench (I'm biased) or something else?
jmcejuela 2 days ago 0 replies      
I'm not understanding much from this thread's conversation. I'm not so interested in OS development (anymore).

Yet I'm reading the conversation in full due to the great, knowledgable, and foremost polite discussions. Not having seen this in Hacker News in a long time...

Thank you all

fithisux 1 day ago 0 replies      
It would b interesting if minix could reuse the work done on mirageos by importing ocaml and build user space drivers in ocaml to be used by other programs.
ajessup 2 days ago 0 replies      
One way to spur adoption, let's see a Yocto BSB for this
xyproto 1 day ago 0 replies      
Looks cool, but what is this "printing" and "CD-ROM" it is talking about?
jamesdavidson 2 days ago 0 replies      
This is real hacker news!
How to Start a Startup: Fall 2014
579 points by atomroflbomber  2 days ago   133 comments top 38
wj 2 days ago 6 replies      
Another great resource from Stanford on startups is their Entrepreneurial Thought Leaders lecture series.


Talks have been given by some of the same people (including Marc Andreessen, Aaron Levie, Reid Hoffman, and Marissa Mayer) and many others.

This talk on negotiation is one of the best lectures I've ever heard and I've recommended it to people dozens of times:


crazypyro 2 days ago 2 replies      
I am beyond jealous. That instructor list is unreal. Students at Stanford get another peg up on the starting ladder...

(Also there is only 90 universities signed up for watch parties, yet copy lists "hundreds")

staunch 2 days ago 1 reply      
The fact that this information be made available online on the same day is quite a gift. That will take some effort. Thank you.

I would humbly suggest that early on you should address what YC means by startup. PG's essay on growth is by far the most well conveyed explanation. I think it would clear up a lot of confusion people have about Startups vs small businesses.


bbrunner 2 days ago 2 replies      
It's interesting that this is inside of the computer science department and is limited to engineering students considering YC has really been expanding the companies it's accepting. E145[0], an existing and highly sought after technology entrepreneurship course, is just a general engineering class and isn't limited to traditional engineering majors, as far as I'm aware.

Tons of great founders of tech companies come from disciplines outside of engineering and manage to learn enough on their own. I would wonder if it's a function of keeping it from getting oversubscribed or possibly a way to allow the curriculum to be narrowly focused towards how to build a scalable software business.

Exciting stuff regardless!

[0] http://e145.stanford.edu/

Eduardo3rd 2 days ago 3 replies      
"Thats why each lecture will be available via YouTube and iTunes Connect shortly after they happen, and associated reading materials and assignments will be linked to on the course site. To keep in touch with others following along with the lectures from afar, there will be a forum and Facebook group available to discuss their content and provide further opportunities to learn from those involved in startups."

So, not quite a MOOC, but still pretty close. I wonder if this is the MVP for scaling YC beyond the individual batches.

startupfounder 2 days ago 2 replies      
This is an amazing recruiting tool for YC and is a page out of JOEL SPOLSKY's book:

"So if the top 1 percent never apply for jobs (aka get startup funding), how can you recruit them? My theory is that the best way is to find them before they realize there is a job market (aka startup funding)--back when they're still in college."[0]

[0] http://www.inc.com/magazine/20070501/column-guest.html

jordhy 2 days ago 0 replies      
Honestly this is like having "The Justice League" give a course about "How to be a Superhero". Congratulations to the team that has put this together. Best round up of speakers in any startup course that I can remember.

This is great news for the community.

sethbannon 2 days ago 0 replies      
In some sense, this seems to represent an open sourcing of YC. I bet this will become a foundational resource for aspiring entrepreneurs for years to come.
amix 2 days ago 1 reply      
The list of speakers looks fantastic! This said, I think the list lacks diversity. I think it would be great to have someone outside of SV in it (e.g. Jason Fried, Jeff Bezos etc.) One of the better Startup School talks I seen was from DHH (that presented another way of building a successful company).
rkaplan 2 days ago 1 reply      
What's fantastic about this is that even though the class is at Stanford, everyone from around the world can follow along just as easily. Stanford is opening up more and more of its opportunities to the general public, which is awesome. Another one I'd recommend taking advantage of is Stanford's Hacking Hours:


This is a weekly on-campus meetup where people hack on their projects in a collaborative environment. It's open to the general public, and anyone nearby with code to write is welcome to come work on it at Stanford.

pptr1 2 days ago 2 replies      
Just finished reading Peter Thiel's Zero to One; and it is interesting that both him and Marissa Mayer are going to teach. He sort of disses her in the book. This is a quote from his book.

"Beginning with brand rather than substance is dangerous. Ever since Marissa Mayer became CEO of Yahoo! in mid-2012, she has worked to revive the once-popular internet giant by making it cool again. In a single tweet, Yahoo! summarized Mayers plan as a chain reaction of people then products then traffic then revenue. The people are supposed to come for the coolness: Yahoo! demonstrated design awareness by overhauling its logo, it asserted youthful relevance by acquiring hot startups like Tumblr, and it has gained media attention for Mayers own star power. But the big question is what products Yahoo! will actually create. When Steve Jobs returned to Apple, he didnt just make Apple a cool place to work; he slashed product lines to focus on the handful of opportunities for 10x improvements. No technology company can be built on branding alone."- [1]

[1] - Zero to One Book by Peter Thiel

comatose_kid 2 days ago 0 replies      
This is great. Someday if/when the lectures are streamed real-time, consider a reddit group for remote students to ask good (upvoted) questions to the lecturer.
krrishd 2 days ago 1 reply      
A MOOC I'd definitely recommend taking along side this is the Startup Engineering from Stanford, taught by Balaji Srinivasan and Vijay Pande.

I've taken a lot of MOOCs but that was one that truly changed a lot of things in terms of how I approached tech and startups, and it actually says in it's description that it's somewhat of a sequel to CS183 (this new course is CS183B).


graphene 2 days ago 0 replies      
Seems surprising that Paul Buchheit is not on the list?

His Startup School Europe talk was amazing, although to be fair it was more "why to start a startup" than how.

brianstorms 2 days ago 5 replies      
Nice, but, very few of those individuals have started a startup in the past five years, or even ten years. What exactly do they KNOW that is going to help you, the founder?

I don't think this is the ideal lineup for a day of talks about How to Start a Startup in the fall of 2014. The past few years have been particularly brutal for starting a startup. Mostly because there are so many others doing the same thing, and most of them are vying for the same funding dollars you're vying for.

Thousands upon thousands of people are trying and have tried, and most have failed, and all have stories to tell. That is the norm, that is the most likely outcome: failure. Instead, you'll hear from billionaires and superachievers and tech celebrities none of whom have been hungry, driven with a vision, struggling to build something new, fighting the good fight, any time recently. They're disconnected, imho.

Go ahead and downvote, I know, it's YC heresy, but so be it.

andyidsinga 2 days ago 1 reply      
i hope blake masters will take notes.
selmnoo 2 days ago 2 replies      
This is a fantastic move by the YC folks. Doing the class at Stanford raises their profile in just the right place -- now more of just the right and able individuals will apply to YC (especially because YC basically "teaching" at Stanford has earned them validation as a place to go for Stanford students, who up til now may have had any reservation about joining YC, or just simply hadn't considered the possibility, or just didn't know of YC). I hope to see a lot of good come out of this.

I hope the next class comes to us in the East coast? :) (Harvard and MIT, producer of Drew Houston, Mark Zuckerberg, etc.)

penfold26 2 days ago 0 replies      
Thats a whos who of the startup world which is fantastic. I hope you can motivate students in not only on just the web side to change the world. Sort of a great way to teach future entrepreneurs the requirements, structure and path of a successful startup.
jackosutherland 2 days ago 0 replies      
I am very excited to have a chance to listen in on this course. I currently attend a state university in Illinois that has a small entrepreneurship program and I am working hard to get every student involved in the startup space in Chicago where I know they will gain the most knowledge and experience. This course that Sam and YC are making available will be a huge resource to myself and my fellow students this semester. Appreciate the hard work and thought. Can't wait!
kibaekr 1 day ago 0 replies      
Wow this list is unreal. It's the Olympic lineup of the startup world. So jealous of the students that get to attend in-person.
hackerews 2 days ago 0 replies      
This is really powerful and good for the world.

If you work incredibly hard over a short period of time and watch these videos, you are emulating quite a bit of YC.

hkailahi 2 days ago 1 reply      
Wow this is exciting and unexpected! I am curious to see if the students who take this course end up being more likely to dropout afterwards.
asenna 2 days ago 0 replies      
I live pretty close to Stanford but I am not a student. Is it possible for me to just "sit in" for a couple of lectures? :)


danvoell 2 days ago 1 reply      
Do all of these people actually come in to Stanford to teach the class? I can't even imagine having a class instructor list like this.
dalek2point3 2 days ago 0 replies      
Let me also plug this short essay "Entrepreneurs Need Strategy" -- very helpful in thinking about startups.http://mbasys.lingnan.sysu.edu.cn/resource/upload/upkimg/201...
droob 1 day ago 0 replies      
"37 Proven Systems to Win Powerball"
mathattack 1 day ago 0 replies      
It takes guts to open source yourself. It also highlights that so much of the value comes from the in person meetings - sharing of ideas and networking.
porter 2 days ago 1 reply      
YC leading the pack of incubator followers yet again. Excited to watch this!
rokhayakebe 2 days ago 0 replies      
YC is on a tear.

I have a feeling these guys were testing a model up until this year, and now they are just ready to get started and blow things up.

cperciva 2 days ago 1 reply      
Marginally related: Anyone know when startup school invitations go out? I believe the application deadline was last week.
Firecracker 1 day ago 0 replies      
Any word on why the Stanford class is marked as closed to signups?
codeonfire 2 days ago 1 reply      
Why is everything like this at Stanford? Why not some other schools for a change?
icu 2 days ago 0 replies      
Thank you! I'm really looking forward to following online!
crixlet 2 days ago 1 reply      
truly amazing list. So this is a class specifically for the Stanford computer science program?
mrdiran 2 days ago 0 replies      
Thank you for doing this.
liz_062 2 days ago 0 replies      
another great information..cool post!
lifeisstillgood 2 days ago 0 replies      
I have spent quite some time and effort (failing) to get an open source company into open source contracts in the UK government. Bu I want to because things like the GDS (grand father of USGDS) are saying open source is the future of government

And this is one more tick in that argument - what YC is doing is industrialisation of startup founding - and now they are "open sourcing" the how to, I would think that any government not stealing these ideas and throwing money that otherwise would languish in bureaucratic purses is missing a huge opportunity.

michaelochurch 2 days ago 2 replies      
Three cheers for the furthering concentration of privilege and access!
The Road to Rust 1.0
565 points by steveklabnik  3 days ago   232 comments top 24
tomdale 3 days ago 5 replies      
We've been using Rust in production for Skylight (https://www.skylight.io) for many months now, and we've been very happy with it.

Being one of the first to deploy a new programming language into production is scary, and keeping up with the rapid changes was painful at times, but I'm extremely impressed with the Rust team's dedication to simplifying the language. It's much easier to pick up today than it was 6 months ago.

The biggest win for us is how low-resource the compiled binaries are.

Skylight relies on running an agent that collects performance information from our customers' Rails apps ( la New Relic, if you're more familiar with that). Previously, we wrote the agent in Ruby, because it was interacting with Ruby code and we were familiar with the language.

However, Ruby's memory and CPU performance are not great, especially in long-running processes like ours.

What's awesome about Rust is that it combines low-level performance with high-level memory safety. We end up being able to do many more stack allocations, with less memory fragmentation and more predictable performance, while never having to worry about segfaults.

Put succinctly, we get the memory safety of a GCed language with the performance of a low-level language like C. Given that we need to run inside other people's processes, the combination of these guarantees is extremely powerful.

Because Rust is so low-level, and makes guarantees about how memory is laid out (unlike e.g. Go), we can build Rust code that interacts with Ruby using the Ruby C API.

I'm excited to see Rust continue to improve. Its combination of high-level expressiveness with low-level control is unique, and for many use cases where you'd previously use C or C++, I think Rust is a compelling alternative.

JoshTriplett 3 days ago 10 replies      
I used to describe my preferred family of languages as:

- C when I absolutely had to (kernel/modules/plumbing).

- Python for scripting and broad accessibility.

- Haskell when I had the choice and I knew everybody who would work on the project.

I was skeptical of Rust when it first came out, due in large part to the many different kinds of pointers it originally had, many of which involved significant manual memory management. But now, with a strong static type system, garbage collection, pattern matching, associated types, and many other features, Rust is looking like a serious contender to replace all three of those languages for me.

Still waiting to see if it develops a strong following, community, and batteries-included library ecosystem, but I need to start doing more experiments with Rust.

Disappointing to see yet another language-specific package management system (Cargo), though.

pacala 3 days ago 1 reply      
The ownership idioms are very similar to idiomatic C++11 and std::unique_ptr. Which is to say that Rush has got an industrial strength safe memory management system.

But Rust stands out because the rest of the language is such a joy to use, compared to pretty much any other 'systems' language out there.

Congratulations to the team!

Ixiaus 3 days ago 0 replies      
> The key to all these changes has been a focus on the core concepts of ownership and borrowing. Initially, we introduced ownership as a means of transferring data safely and efficiently between tasks, but over time we have realized that the same mechanism allows us to move all sorts of things out of the language and into libraries. The resulting design is not only simpler to learn, but it is also much closer to the metal than we ever thought possible before. All Rust language constructs have a very direct mapping to machine operations, and Rust has no required runtime or external dependencies.

Almost sounds like they borrowed this thinking from Exokernel design... I think Rust is shaping up to be a very exciting language.

MichaelGG 3 days ago 3 replies      
Rust looks fantastic, and has a lot of things I wish I could do while in a higher level language like F#.

I just wish Rust was a bit less verbose. Requiring, for instance, type annotations on function arguments because it's sometimes helpful is such a weird decision. Let the programmer decide when an annotation is needed. This gets annoying when you get into functions with complex arguments. Especially for local functions where the signature could be messy, but the limited scope means annotations just clutter things. I'm not sure why Rust forces us to compromise here.

hadoukenio 3 days ago 5 replies      
Still sitting on the fence as to which language I should pick up on next - the only contenders are C++11 and Rust.

How does Rust compare with C++11 as a language? C++11 seems to (in some ways) have caught up with what Rust has to offer (compared to older C++ versions) e.g. smart pointers, concurrency and regexes part of the standard library

rubiquity 3 days ago 2 replies      
> Green threading: We are removing support from green threading from the standard library and moving it out into an external package.

I only ever looked at Rust from a 500 foot view while toying with it at a Hackathon, but I had no clue it had so many different types of threading models. This seems like a step in the right direction, indeed. If Task is going to your unit of concurrent execution, as much transparency around that as possible is a good thing.

forrestthewoods 3 days ago 0 replies      
When will it be pleasant to use on windows?
alkonaut 2 days ago 0 replies      
Hopefully the tooling will take off once the language stabilizes. Using a "newish" language is a total exercise in frustration when you are a spoiled kid who expects an IDE to come with your language configured, and a nice big play button for running your first program.

For a language to take off, it badly needs a very good (ideally "official") development experience, such as a custom eclipse impl, or a very good IntelliJ plugin. When a dev experience comes with batteries included it lowers the treshold substantially from just "use whatever text editor you like and compile on command line, here is a readme".

doe88 3 days ago 2 replies      
What I think is an important feature of this language is the ease with which it can interact with other languages. Especially the possibility for Rust code to be called from foreign languages such as C very easily.

I'm looking forward for even better support of iOS with the support of arm64, I think it is really important to offer an alternative.

BTW is there an RFC on dynamically sized types? I can't find any, I'm looking to learn of it works.

austinz 3 days ago 2 replies      
Congratulations to the Rust team! Can't wait to start learning the language and building stuff using it.

I'm looking to learn about how Rust's refcounting memory management works (and how it differs from how, e.g. Objective-C or Swift's runtime-based reference counting works), mostly for personal edification. Can anyone point me to any good resources?

sriku 3 days ago 1 reply      
This is all good. No higher kinded types for v1.0?
AlyssaRowan 3 days ago 1 reply      
It'd be wonderful if they kept the ability to define that a certain destructor does zero memory.

Sometimes, you need that.

kvark 3 days ago 1 reply      
I'm excited for the release too. Know many people who hesitate to touch Rust, even if interested, due to the fact language is still in active development.

On minor concern though, I don't see how "where clauses" are simplifying the language. Looks like something that could be added after the release.

toolslive 2 days ago 0 replies      
How difficult is it to start from a huge C++ codebase and start adding new features in Rust? How bad is such an idea?I know there is interoperability, but those are toy examples, does anybody have real life experiences?
3289 3 days ago 2 replies      
It seems that 1.0 is going to be a solid release. But the post-1.0 Rust is going to be even more exciting once they have added inheritance and subtyping which enable true polymorphic reuse!
MoOmer 3 days ago 1 reply      
> We are removing support for green threading from the standard library and moving it out into an external package. This allows for a closer match between the Rust model and the underlying operating system, which makes for more efficient programs.

That's an interesting move in comparison to Go, which multiplexes coroutines onto threads.

robin_reala 3 days ago 2 replies      
Adopting the channels system is interesting. Are there any other languages that have a scheduled release pattern like this?
theavocado 2 days ago 1 reply      
When I first looked at Rust, I recall being very confused about the distinctions between crate, package, module, and library. It seemed like an area which could use some simplification.
cdnsteve 3 days ago 1 reply      
Can rust be used to power http endpoints like a REST API? Or is it more designed to be system type daemon stuff? I guess I don't fully understand the marketing of it, however I haven't ever written anything in C or C++ either.
Chirono 2 days ago 1 reply      
Wait, they've got rid of unique pointers? When did that happen? They were there a couple of months ago. That was one of my favourite language features...
eCa 3 days ago 2 replies      
I haven't looked at Rust, but it seems from the outside that releasing a stable version of a language every six weeks is very aggresive?
egonschiele 3 days ago 1 reply      
Could someone lay out the advantages of Rust over C/C++/Dart/Go/other languages that cater to a similar space?
illumen 2 days ago 1 reply      
Does it use the GPU, memory compression, code rewriting, automatic vectorisation, multiple cores, or any other performance techniques from the last 10 years?
Commander Keen source code released
540 points by vs2  2 days ago   138 comments top 36
Arjuna 2 days ago 5 replies      
A little slice of history regarding one of the technical foundations of Commander Keen, for those that aren't aware:

"Then, the first breakthrough. John Carmack devised a smooth, scrolling routine similar to that used for the background of Nintendo games but never before possible on the PC." [1]

The technique is called, adaptive tile refresh. [2]

[1] http://www.3drealms.com/keenhistory

[2] https://en.wikipedia.org/wiki/Adaptive_tile_refresh

thristian 2 days ago 1 reply      
Note that "Keen Dreams" is the game sometimes called "Commander Keen 3.5" or "The Lost Episode"; unlike episodes 1-3 and 4-6 which were made by ID for sale by Apogee, Keen Dreams was (I think) the last game ID made to fulfill their contractual obligations with SoftDisk. It's interesting in a number of ways - the engine and art is very clearly halfway between the first and second Keen trilogies, it's the only game where Keen doesn't have his iconic pogo-stick or his Neuralizer Ray gun.
gaving 2 days ago 1 reply      

God, so wish I'd known this at the time.

ahomescu1 2 days ago 1 reply      

> baseRndArraydw1,1,2,3,5,8,13,21,54,75,129,204

Hah he got the Fibonacci series wrong (it's supposed to be ...13, 21, 34, 55, 89, 144, unless he did this on purpose).

jianshen 2 days ago 3 replies      
This just caused a rush of nostalgia from a generation of PC computing that seems like a lifetime ago.

Norton Commander, Jazzy the Jack Rabbit, TheDraw, the Gravis Gamepad...

abraxasz 2 days ago 0 replies      
Only slightly related but I read "masters of doom" recently and I can't recommend it highly enough. It is a very entertaining read even if you are not crazy over video games. It tells the story of the two Johns, and mention Commander Keen among other things. Great read
Touche 2 days ago 0 replies      
There's also an html5 version: https://github.com/JoeAnzalone/HTML5-Keen
RunningWild 2 days ago 1 reply      
Of note to anyone mentioning "Masters of Doom" are the following two items :

- Apogee Catalog from this time period : http://www.scribd.com/doc/134559074/Apogee-Catalog


- The Book of id (from the Id Anthology) : http://www.scribd.com/doc/137817173/Book-of-id

Bask in the nostalgia.

techtalsky 2 days ago 1 reply      
I have to say I saw every single pixel of every Keen game and I MUCH preferred the pure side view games over the isometric side view games of Episodes 4-6 and Keen Dreams. Episodes 1-3 had such an amazing, precise pixel design and a great sense of movement. The leaping just FELT right, with a slight pause while you pumped off the balls of your feet.

The later games, although much more detailed, with a larger character, had a weird floaty feeling to the controls that I never quite enjoyed playing as much.

That said, I loved all the games and it was an amazing sense of discovery. I remember the moment the shareware model finally took hold of me and I realized that I wanted the next episodes enough to pay for them.

bane 2 days ago 4 replies      
Slightly related (from the same era). But the composer for the music for Unreal, Unreal tournament, Deus Ex, Tyrian, Jazz Jackrabbit and others has a music bundle for sale.


drzaiusapelord 1 day ago 0 replies      
"There is not enough memory available to play the game reliably. You can play anyway, but an out of memory condition will eventually pop up."

Wow, I can't imagine a modern game giving this warning and still atempting gameplay. Guess a lot of people with low RAM machines had to take their chances back then.

cmapes 2 days ago 0 replies      
I suddenly had a flashback to selecting soundblaster as my audio device..
endgame 2 days ago 0 replies      
I think the most interesting part of this (socially) is this:

> This release was made possible by a crowdfunding effort.


Looks like they got most of the way, then someone must've paid the rest outside of indiegogo.

What other classic games could be saved this way?

dubfan 2 days ago 0 replies      
After Keen 3, the id guys were still under contract with Softdisk for another game. They made Keen Dreams to fulfill this obligation, but it wasn't released until some time after Keen 6.


mr_sturd 2 days ago 3 replies      
Carmack's piracy protection was bleeding-edge stuff, back then!


smegel 2 days ago 2 replies      
This is awesome! Commander Keen was my very first PC game on my very first PC (a 386DX with 2MB ram and a 80MB hard drive).

And it was a great game!

justin66 1 day ago 0 replies      
I'm fairly sure my ancient copy of Teach Yourself C in 21 Days came with a CD including the book text and Borland C++ 3.1, which is mentioned on github as working. UPC code 0672310694, or:http://www.amazon.com/Teach-Yourself-21-Days-Sams/dp/0672310...

You can get yourself into trouble trying to use a newer version of the Borland compilers. 3.1 was the last to support native 16-bit code, or something like that, I believe.

However, I'd take a crack at making the Turbo C in the Embarcadero Museum work:http://edn.embarcadero.com/article/20841

I honestly don't remember what the difference between "Borland C" and "Turbo C" is (the former includes more) so I don't know if that will work. But the museum download is free...

hartror 2 days ago 0 replies      
On your marks.Get set.Compile to JS using LLVM in 3...2...
jenscow 2 days ago 1 reply      
albertzeyer 1 day ago 0 replies      
Very nice!

Unfortunately only Keen Dreams, but at least! I was waiting for this quite some time. I'm not sure if the other Keen versions will eventually follow.

I think the project Commander Genius (http://clonekeenplus.sourceforge.net/) should also be mentioned here. (Disclaimer: I was a developer of CG.) Keen 1-6 should be fully playable. Keen Dreams not yet, so this Open Source release might be helpful.

clarry 2 days ago 0 replies      
If anyone's keen into doom, check out Doom 2 the Way id Did. In particular, look for the secret level (which also has the entrance to the other secret level).
jason_slack 2 days ago 1 reply      
I remember this game but I still did a Google Image search to remind me:


drivingmenuts 2 days ago 2 replies      
Pretty much the only platformer I ever really liked.
gohome190 2 days ago 2 replies      
I'd love to find the portion of code that has Keen moon the camera if the player is inactive for a period of time
jff 2 days ago 0 replies      
Keen was amazing, I hope we see more of them released like this... IMO Keen Dreams was the worst of the lot.
segmondy 1 day ago 3 replies      
only ~33k lines of code for everything in C/asm. yet today, it feels so strange that an equivalent game in our "much advanced languages" will probably end up about the same or larger. Are we really progressing?
x3ro 1 day ago 1 reply      
I tried to compile this from within DosBox, but I couldn't find a `makeobj` binary to build the stuff in the static directory. Does anyone know where that would come from?
corbinpage 2 days ago 2 replies      
What about the source code for Episodes 1-3?

Don't let the Vorticons win!!

I'll never forget the day I discovered the Vorticon alphabet in episode 3. Mind blown.

72deluxe 1 day ago 0 replies      
This is brilliant. I played Keen Dreams for hours and even completed it. This will make very interesting reading.
jiggy2011 2 days ago 3 replies      
Someone should port this to a language that isn't C, not that I'm volunteering.
craigds 2 days ago 2 replies      
Are there instructions for compiling this somewhere? I don't see a makefile or configure.
3327 2 days ago 0 replies      
This is a good day for humanity.
jacquesm 2 days ago 0 replies      
Did anybody manage to build it?
ck2 2 days ago 1 reply      
Apparently they sold 2-6 until recently - people were buying 1991 software?


Keens 2, 3, 5, & the full version of 6 are commercial software, and it is not legal to download them from anywhere.

dkfmn 2 days ago 0 replies      
My childhood rejoices!
yohanatan 2 days ago 2 replies      
8-space tabs? Yuk!
Major Android Bug Is a Privacy Disaster (CVE-2014-6041)
541 points by mike-cardwell  3 days ago   223 comments top 18
steakejjs 3 days ago 6 replies      
If you aren't familiar with SOP, this is about the worst "stupid web vuln" that can happen. SOP is the glue that kind of almost makes the web secure. The attack DOES work if X-Frame-Options is enabled (thanks joev. The msfmodule says so clearly). ALL sites with or without XFrameOptions can be loaded in an iframe, and sent to a bad guy.

If you would like to test on your device/browser, you can on ejj.io/SOP.php . If you click on the button and you see an alert box, you're vulnerable (I doubt many on HN will....)

Many other browser's also seem to be vulnerable. So if you use something else best be safe and check yourself

paulirish 2 days ago 2 replies      
Just an update from the Google side: As discussed below, any Android users on 4.4+ or running Chrome are not affected. For earlier versions of Android, we've shipped patches for AOSP:


These are in the AOSP branches for jb-dev, jb-mr1-dev, jb-mr1.1-dev, and jb-mr2-dev.

fencepost 3 days ago 5 replies      
Replaced by Chrome ("that giant hog").

I'm on a slightly older phone, but I actually removed Chrome from it not long ago. I started having problems with updating apps due to insufficient space, and while I have a fair amount of crap installed, I also have ~2.5GB of "Phone" storage for apps so I started investigating (this is separate from "sdcard" data storage which is ~8GB). Turns out Chrome, at least on the HTC Amaze 4G with 4.0.3, takes up about 250MB - my largest installed app by about a factor of 4 (next largest was ~80MB). This was not cache or data, this was the app itself.

I don't know what all they've moved into there as part of their push to cripple Android except as a host for the "Google Play Ecosystem," but crap like this is not endearing.

downandout 2 days ago 2 replies      
Android has its merits, but more and more I am reminded of this aptly titled article (proudly mentioned by Tim Cook during the WWDC keynote): "Android Fragmentation Turning Devices Into a Toxic Hellstew of Vulnerabilities" [1]. These kinds of incredibly serious, system level issues are a significant competitive disadvantage, and they keep happening. Google needs to build fast security update requirements into their Android license agreements with device makers. At least then, when these things are discovered and publicized, tens of millions of people won't be left vulnerable.

[1] http://www.zdnet.com/android-fragmentation-turning-devices-i...

diminish 2 days ago 1 reply      
As Firefox saved us from dangerous browsing circa 2004m from IE5,6,7, now I may save us from obsolete Android stock browsers. At least that's what I use.
ck2 3 days ago 2 replies      
If you haven't tried Firefox Fennec (android mobile) it is actually pretty good now.



They make it for arm and x86 android.

They used to make a windows version but sadly stopped that build.

seccess 3 days ago 1 reply      
Does anyone know if WebView is similarly susceptible?
fidotron 2 days ago 0 replies      
It was a mistake to put Webkit as an operating system level component in the first place. It would be better if the solution wasn't to push Chromium but a storage framework style pluggable component, mainly since they can't get stuff like text sizing right.

Luckily since most vital user info is going to be in apps this doesn't have nearly the same impact as it would on desktop, but it does represent yet another demonstration that having the web as a sort of super-platform-on-a-platform doubles your attack surface.

Android really is comparable to 90s era Windows, in every possible sense. For better or worse Chrome OS is clearly being positioned as the NT equivalent as well, but it's hard to see how you can recreate the functionality of Android without adopting the flaws too.

1ris 3 days ago 3 replies      
>While the AOSP has "been killed off" by Google, it...

I do not follow android closely, but this refers to the browser only, right?

allegory 3 days ago 5 replies      
It's this sort of thing that puts me off Android as a platform. Even my mother got sold a 2.2 handset recently (Samsung Galaxy Ace) that hasn't been patched for the best part of 3 years. You never know when you're going to end up with a lemon on your hands.

Big jump to this conclusion but I'm more inclined to trust Microsoft at the moment as they have a better reputation for lifetime (unlike Android), have a very public security process and good industry comms and the devices are proven usable if not faster after recent updates (unlike iOS which starts to be terribly limiting performance-wise). Plus they're dirt cheap.

kb120 3 days ago 7 replies      
So the bug is only for a browser that isn't supported by Google? No surprise that it hasn't been patched. If security is such a big deal to a user they should use a browser that is supported by a strong development team. Firefox and Opera Mobile work fine on low end phones.
javert 3 days ago 3 replies      
I am a big Linux fan and appreciate the openness and control that I can get with Android as opposed to Apple and Microsoft products, but...

My Android experience has been shit, and I'm really getting sick of it.

Admittedly, much or even most of the problem for me is the OEMs screwing things up and not sending out updates.

slingerofwheat 3 days ago 1 reply      
Is anyone familiar with the code that allows this vulnerability to be present and where I can find it(I believe this project is open source)? I understand the exploit is adding a nullbyte at the beginning of some javascript due to some bad handling in the parsing code. So I'm looking here: https://android.googlesource.com/platform/packages/apps/Brow...
thejdude 2 days ago 0 replies      
The general lack of updates is exactly why I use/install/recommend Firefox. That and the automatic syncing w/ Desktop and the regular performance improvements. (Chrome isn't an option. I can't even turn off third-party cookies. In 2014.)

Too bad it uses quite a few resources and may be too heavy for low-end phones.

talos 3 days ago 7 replies      
This is nuts. On a sidenote, any suggestions for an equivalently fast, secure browser for Android 4.2 on a relatively old phone? Not gonna use AOSP anymore!
pmontra 2 days ago 1 reply      
This leaves us with little alternatives.Tint is affected. Dolphin is affected. Firefox is just horrible on mobile, come see this page and you'll understand why (they can't get font inflation right). Chrome and Opera are what's left. Anything else?
Shofo 2 days ago 0 replies      
If only Meego took off.
helpbygrace 3 days ago 2 replies      
Use Chrome.
KaTeX: Math typesetting for the web
476 points by xymostech  3 days ago   96 comments top 32
akurilin 3 days ago 1 reply      
Heavy mathjax user here. Couple of use cases I'd love to know more about:

- does KaTeX work pretty reasonably across the platforms? The simplest way I figured out for rendering math notation in-app on mobile devices was through web views + mathjax. E.g. say I wanted to use it in a web view in iOS or Android, would it work as intended? MathJax comes by default with a giant folder of various fonts / ways of rendering, what's the KaTeX story for this?

- would KaTeX work just fine in a headless environment? e.g. say I'm using http://wkhtmltopdf.org/ to generate PDF from some HTML

- how does KaTeX compare to MathJax from a payload size? Mathjax takes quite a bit to load from basic connections even though you have to cache it only once.

mrb 3 days ago 1 reply      
A great idea would be that when you copy a math expression from the browser, it would put the LaTeX code in the copy-paste buffer:

  f(x) = \int_{-\infty}^\infty    \hat f(\xi)\,e^{2 \pi i \xi x}    \,d\xi
So then I could paste it in an email, in a text editor, in my own LaTeX document, etc.

dochtman 2 days ago 1 reply      
I'm curious: why does this work so much better than MathJax? What's the technical "secret sauce" that makes this tick? I was looking for that on the site and in the README, but it doesn't seem to have any explanation as to the tricks that make up KaTeX.
ErikRogneby 3 days ago 0 replies      
I have been incredibly impressed with Khan Academy's output and how engaged my kinder-gardener has been with it. The site keeps improving as we continue to visit it, and I am happy to see so many repositories up on github!
stared 2 days ago 2 replies      
Is there support for matrices?


    \begin{bmatrix}    a & b \\    c & d    \end{bmatrix}

    \begin{array}{ccc}    a & b & c \\    d & e & f \\    g & h & i    \end{array}

vedtopkar 3 days ago 0 replies      
Ben Alpert, Emily Eisenberg and the Khan Academy team never ceases to amaze me. This is a great MathJax replacement in the making.
arenaninja 3 days ago 1 reply      
MathML, MathJax and now KaTeX

Not that there isn't a usecase for this, but is this fully MathJax compatible?

malditogeek 2 days ago 0 replies      
thanatropism 2 days ago 2 replies      
I wish there was an entire LaTeX-like templating language. Not just the math typesetting; the typesetting is, for the most part, raw TeX.

Markdown is very deficient in, say, organizing a blog post in several sections and subsections. There's formatting syntax, but not semantic syntax. No support for different styling at a higher level (in the template renderer); no support for generating indexes, footnotes.

(The state of footnotes on the web in 2014 is lamentable).

All these valiant efforts in having portable math typesetting that like to make puns with "LaTeX" fall regrettably short of enabling one to make a short blogpost detailing a mathematical curiosity, or even heavily-referenced semi-scholarly output. LaTeX is a template engine that happens to leverage a programmable typesetter. We have a programmable typesetter with modern JavaScript, can we focus on semantic templating already?

amathstudent 3 days ago 1 reply      
What choices did you make that make KaTeX faster than MathJax? (i.e. 'how is it done?')
daturkel 3 days ago 2 replies      
Is there support for alternate math fonts (not sure what the proper term is) like \mathbf, \mathcal, \mathbb? Couldn't get it working. Looks fantastic though.
rhythmvs 3 days ago 1 reply      
Looks great! Will KaTeX support (c.q. integrate with) ASCIIMathML.js,? AsciiMath is dubbed TeX without backslashes, or as markdown for math. (La)TeX input can become laborious, and the syntax gets difficultly readable, very rapidly.

With AsciiMath syntax (and Unicode!) you can write A instead of `\delta A`, instead of `\frac{1}{2}`, ((a,b),(c,d)) instead of `\begin{pmatrix}a & b \\ c & d \end{pmatrix}`, &c.

http://en.wikipedia.org/wiki/ASCIIMathML http://www.asciimath.org http://boolesrings.org/krautzberger/2014/08/10/asciimathml-t... http://www1.chapman.edu/~jipsen/mathml/asciimathsyntax.html http://www.johndcook.com/math_symbols.html

camdenre 3 days ago 2 replies      
Are there any plans for an interactive equation editor supported by KaTeX? I think this is something the web is missing. I've been following the MathJax dev google group, and it seems like there aren't any solid plans for them to implement this feature.

Some examples:

My attempt: http://camdenre.github.io/src/app/html/EquationEditor

Mathway: https://www.mathway.com/

Mathjq: http://www.mathjq.com/math-editor/

It would be nice to have something officially supported by a large project. I think that there is a lot of potential on the web for interactive math lessons with symbolic input using a CAS (not multiple choice).

AKluge 3 days ago 1 reply      
I may be the odd man out, but especially for the case where I modify a small part of an expression I like MathML because those small parts can be uniquely identified and altered without altering or reformatting the rest of the expression. MathJax supports MathML, so this is possible with MathJax.

For example, the event handler that updates r at the bottom of this page: http://www.vizitsolutions.com/portfolio/gausslaw/ does not know anything about the expression as a whole, it only knows to update elements with a certain class with the new r value.

Of course I will take a look at this and see how it works for my content. It seems though, that this would be a case of interest to Khan Academy as it is comparatively common in instructional material.

ahmacleod 3 days ago 0 replies      
This is great news for server-side tex rendering. Valiant efforts on behalf of projects like svgtex (https://github.com/agrbin/svgtex) notwithstanding, MathJax is abysmal for pre-rendering content.
gravity13 3 days ago 1 reply      
Did Mathjax just become obsolete?
hsivonen 2 days ago 0 replies      
I wish this effort was put into browser engines' MathML support, so that math could be interoperably declarative like text (HTML) and vector graphics (SVG).

If you don't see the value in browser built-in features, consider how badly the upgrade to retina worked with JS+canvas compared to SVG.

htf 3 days ago 1 reply      
I love this. One question: how much emphasis was put on security? Can I safely let the users of my website input any string and feed it directly to the render function?
fabian2k 2 days ago 0 replies      
I'm wondering how heavy the server-side rendered version is. I assume you don't have to load the JS file anymore for that one, but you still need the CSS and the fonts. Is there an estimate on how large those are in total?

How large is the performance difference between the server-side rendered version and the JS version?

thebooktocome 3 days ago 3 replies      
Props to the coders for improving upon the LaTeX/Web use case space, but I can't help but feel something other than LaTeX is going to be necessary for the internet. LaTeX was fundamentally about document-level typesetting, and the internet is fundamentally not a place where that happens.
jgrowl 3 days ago 3 replies      
This looks really nice. Are there any handwriting recognition projects for being able to write on a wacom tablet that could output to a format like this?

That was always my dream when doing homework at the university.

auggierose 3 days ago 1 reply      
Are you also using the STIX fonts? If yes: I am working on a web application which downloads those STIX fonts anyway, can I point KaTeX to use my already downloaded fonts instead of downloading its own?
phloxicon 3 days ago 1 reply      
Any benchmarks against MathJax beyond the visual at the bottom of the page?
jordanthoms 3 days ago 2 replies      
Is there an wysiwyg equation editor that can produce the code for this? Would be interested in adding equations to our product but our users wouldn't be familiar with TeX.
robinhoodexe 3 days ago 1 reply      
Not bad, but MathJax is also pretty fast:


cnanders 3 days ago 1 reply      
Any plans to support equation numbering (like MathJax) and \eqref? I didn't see this in any of the examples or docs.
sklogic 2 days ago 0 replies      
Just wonder if anybody already tried to implement web2js.
felipellrocha 3 days ago 0 replies      
Any plans on adding support to \newcommand and \newenvironment?
hyp0 3 days ago 0 replies      
works instantly on mobile! are there demo pages with more latex, for a tougher test?
ChristianMarks 3 days ago 1 reply      
No xy support yet...
mrcactu5 3 days ago 0 replies      
was mathjax not fast enough?
sjtrny 3 days ago 1 reply      
Is it just me or is the style of this website a rip off of writelatex.com?

Edit: I guess I hit a nerve then.

Announcing Keyless SSL
449 points by jgrahamc  15 hours ago   167 comments top 26
lucb1e 11 hours ago 3 replies      
For those who want to understand how it works (it took me a minute, so I'll try to explain it simpler):

In simplified terms, the server usually stores a public and private key, and sends the public key to the client. The client generates a random password, encrypts it with the server's public key, and sends it to the server. Only anyone with the private key can decrypt the message, and that should only be the server.

Now you don't want to hand over this private key to Cloudflare if you don't need to, because then they can read all traffic. Up until now, you needed to.

What they did was take the private key and move it to a keyserver, owned by your bank or whomever. Every time the Cloudflare server receives a random password (which is encrypted with the public key) it just asks the keyserver "what does this encrypted message say?" After that it has the password to the connection and can read what the client (the browser) is sending, and write data back over the same encrypted connection. Without ever knowing what the private key was.

The connection from Cloudflare to your bank's webserver and keyserver can be encrypted in whatever way. It could be a fixed key for AES, it could be another long-lasting TLS connection (the overhead is mostly in the connection setup)... this isn't the interesting part and can be solved in a hundred fine ways.

Edit: Removed my opinion from this post. Any downvotes for my opinion would also push the explanation down (which I hope is useful to some). I mostly agree with the other comments anyway.

delinka 13 hours ago 5 replies      
Instead of keeping the key in a potentially vulnerable place, they're putting it in an oracle: pass ciphertext to the oracle, get plaintext back. I'm interested in the authentication between CloudFlare and the oracle. Cryptographic examples involving an oracle tend to refer to the oracle as a black box that just blindly accepts data, transforms it, and replies. Of course, then the oracle's content (a key, an algorithm) risks exposure through deduction if an attacker can submit limitless requests. See http://en.wikipedia.org/wiki/Chosen-plaintext_attack

I'm not at all suggesting that CF hasn't thought of this; rather I want to see their mitigation of the risk.

indutny 14 hours ago 2 replies      
And my patch for OpenSSL that does the same thing: https://gist.github.com/indutny/1bda1561254f2d133b18 , ping me on email if you want to find out how to use it in your setup.
mhandley 14 hours ago 3 replies      
This seems to only slightly reduce the threat to the banks.

Currently, if someone compromises the Cloudfare servers, they gain the bank's private key and can impersonate the bank until the bank revokes their keys.

With this solution, if someone compromises the Cloudfare servers, they can impersonate the bank by relaying the decryption of the premaster secret through Cloudfare's compromised servers back to the bank. They can do this until Cloudfare notices and closes the security hole.

It's not clear that the difference is all that great in reality, as most of the damage will be done in the first 24 hours of either compromise.

personZ 14 hours ago 4 replies      
After reading the beginning of the piece, I was expected something more...profound. Some deep mathematical breakthrough or something.

Instead they separate the actual key signing, delegating it to the customer's device. That's nice and useful, but isn't quite what I was expecting.

otterley 12 hours ago 4 replies      
Keyless SSL is basically an analogue of ssh-agent(1) for OpenSSL. It's a nice feature that you no longer have to trust CloudFlare with your private key, but there's a huge tradeoff: if your keyserver is unavailable (ironically, due to any of the things CloudFlare is supposed to protect you from or buffer you against -- DDoS, network/server issues, etc.), they can no longer authenticate requests served on your behalf and properly serve traffic.
teddyh 14 hours ago 4 replies      
So the communication between Cloudflare and the actual SSL key holder is secured by what? Another key? In that case, any compromise of Cloudflares key is the same as a compromise of the original SSL key (at least in the short term).
windexh8er 14 hours ago 2 replies      
All other technicalities aside it's rather interesting. From an HSM perspective it either makes that hardware now very useful or very useless.

Think of a large organization - you've been there (or not), there are 30 internal applications with self-signed certificates. Fail. The organization had purchased an HSM, but never really got it deployed because - well, that was too complex and it didn't integrate well with 3rd party network hardware and failed miserably in your *nix web stack.

This could be interesting - and I'm not commenting with regard to the efficacy or security concerns around this, but mainly the workflow simplicity it provides to large organizations who end up in self-signed-cert-hell because HSMs don't interoperate easily in a lot of use cases.

But to my original statement - this is a very good thing or a very bad thing for Thales and the like. The only requirement for an actually certified HSM, really, is certification against some hardware and software standard you have a checkbox to fulfill. Beyond that this would be a killer in the middleground for those who want an HSM like functionality but don't have any requirements to meet other than housing a secure segment where key management can be done in a more controlled manner.

vader1 12 hours ago 1 reply      
While this is a cool feature, I wouldn't say the improvement is more than marginal: all potentially sensitive customer data is still available to Cloudflare in plain text. And after all, with a Business plan you can already use your own ("custom") SSL certificate which you can then revoke at any time.

Why not offer a "pass through" mode where the proxying is done on the network layer rather than the application layer? Of course in such a modus all CDN-like functionality could no longer be offered, but it could still do a fair amount of DDOS protection, no?

mback2k 13 hours ago 0 replies      
So, this is not actually keyless SSL but SSL using something like a Hardware Security Module over networked PKCS#11. Did I miss something?
zaroth 10 hours ago 1 reply      
See: Secure session capability using public-key cryptography without access to the private key.


praseodym 14 hours ago 4 replies      
So CloudFlare won't get your private key, but will still get to see unencrypted plaintext for all traffic? Sounds like a huge improvement...
_pmf_ 13 hours ago 0 replies      
Are we reinventing Kerberos again?
xorcist 13 hours ago 1 reply      
The article is somewhat light on content. There are standard protocols for HSM use. What is the reason you didn't use these? There are clear risks involved with inventing your own security related protocols.
bjornsing 11 hours ago 0 replies      
> World-renowned security experts Jon Callas and Phil Zimmermann support CloudFlare's latest announcement sharing, One of the core principles of computer security is to limit access to cryptographic keys to as few parties as possible, ideally only the endpoints. Application such as PGP, Silent Circle, and now Keyless SSL implement this principle and are correspondingly more secure.

Ehh... I'd say Keyless SSL implements the opposite of that principle: encryption terminates with CloudFlare but authentication terminates in some bank.

yk 11 hours ago 0 replies      
So the problem is, how to get a cloud in the middle while keeping the green lock in the browser? Just yesterday I read Douglas Adam's phrase "technologies biggest success over itself."
blibble 14 hours ago 3 replies      
isn't this completely missing the point, i.e. banks being able to say 'no third parties can see our clients identifying information/balances/etc?'

yes, the SSL key doesn't leave the bank, but everything it is protecting is..

kcbanner 14 hours ago 1 reply      
Interesting, but what about the latency issues of having to always contact the key server?
ambrop7 9 hours ago 1 reply      
I don't like to sound hateful, but this is an obvious solution that any competent person knowing how TLS works would find. If someone tried to patent it, I suppose every smart card would be considered prior art. The only "novelty" is that the connection to the "smart card" is the network.

Not to say that it's not useful, but the article describes it as some grand invention.

yusyusyus 11 hours ago 1 reply      
How does this architecture address PFS? I'm guessing a future version would require the exchange of DH private key to make it work...
sarciszewski 14 hours ago 0 replies      
That is amazing. I can't wait to play with this code :D
general_failure 10 hours ago 0 replies      
Well, cloudfare can still read all the traffic. I thought that problem had been solved somehow.
diafygi 14 hours ago 1 reply      
Is this the free SSL announcement that CloudFlare said it was going to announce in October?
EGreg 11 hours ago 0 replies      
Wow, what a great read!
zameericle 13 hours ago 1 reply      
Sounds like Elliptic Curve Diffie-Hellman is used between client/server to establish a private key. Not sure how this is new.
ilaksh 12 hours ago 1 reply      
This is a discussion about cyberwarfare in a literal sense. The technical discussion shouldn't really be separated from the economic, political, social and human health concerns because all of those parts of the system interact deeply and directly.

A goal of total political cooperation or submission leads to economic sanctions leading to serious human health effects leading to defensive denial of service attacks. This accelerates the need to decentralize the financial network systems to make them more robust.

How can we imagine though that even after a complete transition to next generation systems that are ground-up distributed designs (not just stop-gap tweaks like this) that we won't have new types of attacks to deal with.

The starting point is the belief system that provides such fertile ground for conflict. We have to promote the idea that human lives have value and that lethal force is not an acceptable way to resolve conflict.

As long as decision makers are living in a sort of 1960s James Bond fantasy world we will all be subject to the insecurity of that type of world. Its largely built upon a type of primitive Social Darwinism that is still much more prevalent than most will acknowledge.

Its much easier to accept a compartmentalization of these problems and focus on a narrow technical aspect, but that does not integrate nearly enough information.

Artificial sweeteners linked to glucose intolerance
405 points by bensedat  1 day ago   177 comments top 33
biot 1 day ago 3 replies      
I like how all the people who benefit from artificial sweeteners are refuting something which the study doesn't claim. For example:

  "The International Sweeteners Association (ISA) says it strongly   refutes the claims made in the study: 'There is a broad body of   scientific evidence which clearly demonstrates that low-calorie   sweeteners are not associated with an increased risk of obesity   and diabetes as they do not have an effect on appetite, blood   glucose levels or weight gain.'"
It's true that artificial sweeteners have no immediate effect on appetite, blood glucose levels, nor weight gain. None of these are claims made by the study. Everyone is refuting the immediate effects of artificial sweeteners. The study claims that after consuming artificial sweeteners, if you then consume something naturally sweet, the prior consumption of an artificial sweetener alters your glucose tolerance levels.

It's the equivalent of saying that removing all the trees from around rivers has no effect on fish population because clearly fish don't live in trees. But it's the secondary effects of this which such a statement ignores: the increase in soil erosion impacting water quality, change in water temperature due to having more direct sunlight, and so on.


  "'Decades of clinical research shows that low-calorie sweeteners   have been found to aid weight-control when part of an overall   healthy diet, and assist with diabetes management,' says Gavin   Partington of the British Soft Drinks Association."
This has little meaning without having a reference point to compare the results to. If the study is correct, take one group of people who use diet soft drinks with an overall healthy diet and compare it to another group of people who consume the same overall healthy diet but drink water instead of diet soft drinks, and the group that drinks water should have a better glucose tolerance response than the diet soft drink group.

nostromo 1 day ago 4 replies      
Here's a nice write up about the results: http://www.newscientist.com/article/mg22329872.600-artificia...

Note that the mice were given the human equivalent of 18 to 19 cans of diet soda a day.

skue 1 day ago 3 replies      
For those not aware, other studies have shown that consuming diet soda may actually increase the chance of obesity. So that is not necessarily news. If you are curious, here is a pretty good study (full text):


More recently, studies have tried to determine whether there is a satiety or protein mechanism that can explain this, whereas this new study demonstrates that gut flora may play a role.

This needs to be confirmed, and there may still be other mechanisms at play as well, but it is interesting.

(Disclaimer: I do have a healthcare background, but am not a researcher in this field. Would be happy to hear more from anyone who is.)

jimrandomh 1 day ago 1 reply      
The headline is suspicious, but unfortunately, this article is paywalled, so I can't tell what's really going on. The main problem with the headline is that it lumps together "artificial sweeteners" as a category, when that is in fact a pretty widely varied class of molecules.
mratzloff 1 day ago 1 reply      
FDA acceptable daily intake (ADI) for aspartame is 50 mg per kg of body mass.[0] For an individual 180 pounds, that's about 82 kg. That means his ADI is 4100 mg. Aspartame in popular diet sodas is between 50 and 125 mg.[1]

You'd have to drink A LOT of diet soda to reach these levels.

[0] http://www.cancer.org/cancer/cancercauses/othercarcinogens/a...

[1] http://static.diabetesselfmanagement.com/pdfs/DSM0310_012.pd...

sadfaceunread 1 day ago 0 replies      
This is an impressive piece of work but I worry that a larger amount of work is needed in the relationship between glucose intolerance, diabetes and metabolic syndromes in general. The fact that glucose intolerance is induced by a high sugar diet and leads towards a path of clinical outcomes ending in diabetes, doesn't necessarily indicate that glucose intolerance developed via artificial sweetener consumption is indicative of being on the same clinical pathways towards metabolic syndrome and diabetes.
themgt 1 day ago 4 replies      
I'd be curious if they tried this study with xylitol. I chew xylitol gum for dental health and from my understanding it's not thought to contribute to metabolic problems in reasonable quantities:


kens 1 day ago 2 replies      
This result seems pretty strange to me - why would artificial sweeteners affect bacteria's metabolism in this way?

It seems like a bizarre coincidence that bacteria would react in the same way to three different sweeteners, unless they have receptors that happen to match human taste receptors (which also seems unlikely). In other words, to bacteria these sweeteners should just seem like unrelated random chemicals.

(I read the Nature paper - most of it looks at saccharin since that had the strongest response, but all three artificial sweeteners caused marked glucose intolerance.)

sp332 1 day ago 3 replies      
Does this mean diabetes could (in some cases) be caused by gut bacteria? Can we reduce diabetes risk factors with targeted antibiotics that attack certain glucose-intolerance-causing bacteria?
blackbagboys 1 day ago 3 replies      
The New Scientist article notes that four of the seven human subjects who consumed three to four sachets of sweetener a day saw a significant change in their gut bacteria.

As someone who has consumed significantly more than that for a very long time, my question would be, did their gut flora reconstitute itself after they stopped using the sweetener? And if not, how could you go about repopulating your microbiome short of a stool sample?

rcthompson 21 hours ago 0 replies      
For some biological context, we have taste receptors in our digestive tracts identical or nearly identical to those on our tongue, only the ones in our digestive tract are not hooked directly to sensory neurons, but instead trigger endocrine signals and such. Since the receptors are identical, then anything that tastes sweet on your tongue will activate these receptors as well. If I recall my metabolism course correctly, studies have found that artificial sweeteners can trigger insulin release through these receptors in the same way as real sugar (leading to possible hypoglycemia as your body compensates for a rush of sugar that never comes).

So basically, I have no trouble believing that artificial sweeteners can have many of the same long-term health effects as excessive consumption of real sugar, since they're already known to have many of the same short-term effects, including effects on insulin regulation.

oomkiller 1 day ago 0 replies      
This seems very misleading. The abstract (available without paywall) mentions a group of sweeteners, whereas the findings seem to show that only saccharin has these negative effects. I feel like NAS are probably bad, but without evidence to support it they should not claim that in the abstract.
voidlogic 22 hours ago 0 replies      
I'm not really surprised Saccharin isn't great for you personally- but this isn't so damning there are many other artificial sweeteners to choose from.


I'd of course like to see them all studied in this manner.

lee 1 day ago 6 replies      
So given a choice, between Diet Soda vs. Normal Soda, what would be worse for your overall health?

I imagine even with increased glucose intolerance, you're still better off choosing Diet?

mcmancini 1 day ago 1 reply      
Overall, this was a nicely done study. The microbiome is fascinating and an exciting area of research.

One criticism however would be that the dose of artificial sweetener tested was atypically high.

It'll be neat to see further research into the cause of variable responses of the subjects to the artificial sweeteners.

mladenkovacevic 1 day ago 2 replies      
I hope this doesn't hold true for stevia as well :/
raverbashing 1 day ago 0 replies      
This raises more questions than it answers I think (which is a good thing)

1 - Is there such thing as a "sweet base"? Our tongues perceive sweeteners as sweet (duh) but it seems it mimics sugar in a way for bacteria as well.

2 - From the article "Wiping out the rodents' gut bacteria using antibiotics abolished all the effects of glucose intolerance in the mice. In other words, no bacteria, no problem regulating glucose levels."

Soooo... Bacteria affects absorption of glucose? They consume it? They change the intestinal PH? Or something else?

driverdan 1 day ago 0 replies      
Can someone post the full paper? The charts shown at the bottom seem to contradict some of their conclusions and implications. For example, some of the sweeteners seemed to result in lower chow consumption and increased energy expenditure. That would be a positive effect that isn't mentioned in the abstract.
kazinator 1 day ago 0 replies      
This seems misleading.

If you go through the graphs and results, what emerges is that only the sweetener saccharin has that altering effect on the gut bacteria. I cannot find among the results any claim that the other NAS that were studied (sucralose and aspartame) have the effect.

The thing is that saccharin is not widely used any more. If saccharin is found to be harmful, that is nice to know, but not highly relevant.

SCHiM 1 day ago 2 replies      
Can anybody explain or guess what the consequences of this intolerance are or could be?
devindotcom 1 day ago 1 reply      
Doesn't seem so strange - if you create a sugar deficit in your body by significantly reducing your intake, wouldn't you expect the body to be more responsive to sugars when it encounters them?
dbbolton 1 day ago 0 replies      
Now let's see a human study where people who consume those sweeteners, eat carbohydrates in moderation, and exercise regularly are still at increased risk for diabetes.
FranOntanaya 1 day ago 0 replies      
Do they compare pure sweetener diet with pure sugar diet calorie per calorie, and sweetness units per sweetness units? Sweeteners are still caloric, the point is that they provide the same sweetness for less calories.
WesleyRourke 1 day ago 1 reply      
Raised insulin levels are much more complicated than we once thought. You can get an insulin response from artificial sweeteners just swished in your mouth and spat out. Solution, eat real food when you can
Dirlewanger 1 day ago 3 replies      
"metabolic abnormalities"

Anyone know if they go into these into the paper? Really want to know what else is in the paper; I chew way too much sugar-free gum.

coldcode 1 day ago 2 replies      
People rarely consider how what you eat affects your microflora which then affects various other systems and may even affect your desire to consume.
louwrentius 1 day ago 0 replies      
The maximum dose is quite high, but does the effect also occurs when consuming more sane dosage a day?
pistle 1 day ago 0 replies      
The industry takeaway should be to try to isolate the bacteria that play the secondary part in the glucose resistance, then put ANOTHER additive in the drinks to kill that bacteria, then sell a more expensive NEW zero calorie drink?

People like sweet. Let's make sweet safe.

tokenadult 1 day ago 3 replies      
I'm paywalled out of seeing the whole article until I try a workaround (after which I may expand this comment), but I think we can all see the abstract of the article if we follow the link kindly submitted here. Yet some questions in other comments raise issues that are already responded to by the article abstract. Here is the full text of the article abstract available in the free view at the link:

"Non-caloric artificial sweeteners (NAS) are among the most widely used food additives worldwide, regularly consumed by lean and obese individuals alike. NAS consumption is considered safe and beneficial owing to their low caloric content, yet supporting scientific data remain sparse and controversial. Here we demonstrate that consumption of commonly used NAS formulations drives the development of glucose intolerance through induction of compositional and functional alterations to the intestinal microbiota. These NAS-mediated deleterious metabolic effects are abrogated by antibiotic treatment, and are fully transferrable to germ-free mice upon faecal transplantation of microbiota configurations from NAS-consuming mice, or of microbiota anaerobically incubated in the presence of NAS. We identify NAS-altered microbial metabolic pathways that are linked to host susceptibility to metabolic disease, and demonstrate similar NAS-induced dysbiosis and glucose intolerance in healthy human subjects. Collectively, our results link NAS consumption, dysbiosis and metabolic abnormalities, thereby calling for a reassessment of massive NAS usage."

AFTER EDIT: After reading all the comments in this thread to the time of this edit, I see that some participants here disagree entirely with how I commented at first (as above). I note their opinion with interest and say here for the record simply that I saw previous comments that raised questions about information that is available in the article abstract for all of us to read. I meanwhile did find my workaround to get the full text of the article (I have library access with journal subscriptions for one aspect of my work, which is rather slow and buggy) and from the full article text I see that the experimental approach the researchers tried--feeding mice with the artificial sweetener to see if that changed gut microbiota in the mice, and then transferring the gut microbiota to other mice--did indeed bring about clinical signs consistent with the idea that the sweetener itself might cause related clinical signs in human beings.

"To test whether the microbiota role is causal, we performed faecal transplantation experiments, by transferring the microbiota configuration from mice on normal-chow diet drinking commercial saccharin or glucose (control) into normal-chow-consuming germ-free mice (Extended Data Fig. 1e). Notably, recipients of microbiota from mice consuming commercial saccharin exhibited impaired glucose tolerance as compared to control (glucose) microbiota recipients, determined 6 days following transfer (P < 0.03, Fig. 1e and Extended Data Fig. 2e). Transferring the microbiota composition of HFD-consuming mice drinking water or pure saccharin replicated the glucose intolerance phenotype (P < 0.004, Fig. 1f and Extended Data Fig. 2f). Together, these results establish that the metabolic derangements induced by NAS consumption are mediated by the intestinal microbiota."

This preliminary finding, which of course needs to be replicated, has caused alarm in the industry, according to the link participant nostromo kindly shared in this thread.[1] There is epidemiological signal that human beings who consume a lot of artificial sweeteners are not especially healthy people compared to people who consume few. Teasing out the mechanism that may underly that observational finding will take more research, but this is important research to get right.

"To study the functional consequences of NAS consumption, we performed shotgun metagenomic sequencing of faecal samples from before and after 11 weeks of commercial saccharin consumption, compared to control mice consuming either glucose or water. To compare relative species abundance, we mapped sequencing reads to the human microbiome project reference genome database16. In agreement with the 16S rRNA analysis, saccharin treatment induced the largest changes in microbial relative species abundance (Fig. 2a, Supplementary Table 2; F-test P value < 1010). These changes are unlikely to be an artefact of horizontal gene transfer or poorly covered genomes, because changes in relative abundance were observed across much of the length of the bacterial genomes, as exemplified by one overrepresented (Bacteroides vulgatus, Extended Data Fig. 7a) and one underrepresented species (Akkermansia muciniphila, Extended Data Fig. 7b)."

The authors sum up their experimental findings by writing

"In summary, our results suggest that NAS consumption in both mice and humans enhances the risk of glucose intolerance and that these adverse metabolic effects are mediated by modulation of the composition and function of the microbiota. Notably, several of the bacterial taxa that changed following NAS consumption were previously associated with type 2 diabetes in humans13, 20, including over-representation of Bacteroides and under-representation of Clostridiales. Both Gram-positive and Gram-negative taxa contributed to the NAS-induced phenotype (Fig. 1a, b) and were enriched for glycan degradation pathways (Extended Data Fig. 6), previously linked to enhanced energy harvest (Fig. 2c, d)11, 24. This suggests that elaborate inter-species microbial cooperation may functionally orchestrate the gut ecosystem and contribute to vital community activities in diverging environmental conditions (for example, normal-chow versus high-fat dietary conditions). In addition, we show that metagenomes of saccharin-consuming mice are enriched with multiple additional pathways previously shown to associate with diabetes mellitus23 or obesity11 in mice and humans, including sphingolipid metabolism and lipopolysaccharide biosynthesis25."

There have been a lot of questions raised in this thread, and indeed the article itself raises plenty of interesting questions to follow up with further research. When discussing a new preliminary research finding like this, we can work outward from the article abstract to news reports about the article findings to the article text itself to focus on the known issues and define clearly the unknown issues. I appreciate comments from anyone here about how I can help contribute to more informed and thoughtful, in Hacker News sense of "thoughtful,"[2] discussion of research on human nutrition.

Other comments here asked why we should respect journal paywalls at all, and the basic answer to that question is a basic principle of economics, that people respond to incentives. (That's the same reason you don't found a startup that you expect will always lose money for all time.) Nature is one of the most-cited scientific journals in the world, so it's a big coup to be published there, and that means Nature gets a lot of submissions. To slog through all the submissions with adequate editorial work does cost money. (I used to be a junior editor of an academic journal.) The article gets more attention (it has received a lot of attention in this thread) if it is in a better rather than worse journal. Some journals are lousy enough to publish anything, and those journals beg for submissions, but Nature can charge for subscriptions and impose paywalls (which expire for government-funded research, with author sharing of author manuscripts on free sites usually being mandatory after a year embargo) because what it publishes is often worth reading (as here).


I see that while I was reading the fine article from Nature submitted to open a thread, my comment is now part of a thread that is about the New Scientist popular article on the same research finding. This will be confusing to readers newly visiting this thread. The title of the Nature article is "Artificial sweeteners induce glucose intolerance by altering the gut microbiota" (the Hacker News thread title I saw, per the usual rule of using the article headline as the submission headline) and the article DOI is


for the full article published online (behind a paywall) on 17 September 2014.

[1] http://www.newscientist.com/article/mg22329872.600-artificia...

[2] "The most important principle on HN, though, is to make thoughtful comments. Thoughtful in both senses: both civil and substantial."


Someone1234 1 day ago 3 replies      
So the public funds studies, which they give to journals for free, who then sell access for $3.99/view. I'm really not sure this was the "free exchange of ideas" which science is based upon.

Even the New York times only charges $3.75/week (the nature price is per article/view NOT per week, it would be $4.14 if their $199 plan was weekly) and the NYT has to actually pay journalists to create the content. Nature gets all their content for free.

So what are Nature's expenses anyway? They no longer have to type set as it is just an identical PDF which is sent to them. Is hosting and management of the web-site really so costly that it is $3.99/article?

kolev 1 day ago 1 reply      
Sweeteners are suspected to have downed the Roman empire (via lead poisoning), so, learn from history and just change your taste norm and you'll live longer and happier. I had a sweet tooth once and it took about a couple of years to even not being able to tolerate it. The weak find excuses, the strong adapt and improve. Just reject anything with refined sugar or fancy new "healthier" sweeteners - do you like sugar more than tomorrow? Cane sugar is not healthier than HCFS (it might be just slightly less harmful). Agave "Nectar" actually has significantly more fructose than HCFS... and it's not unprocessed as claimed, and so on. Stevia is slightly different, the plant has other benefits, but I wouldn't ever use the adulterated version (Reb A or whatever). Hack your taste buds, hackers!
jimhefferon 1 day ago 0 replies      
Diet soda makes you fat.
Apples warrant canary disappears
394 points by panarky  12 hours ago   88 comments top 15
kwhite 10 hours ago 4 replies      
Is there any reason why a company could not apply the same concept of a warrant canary on a user-by-user basis?

Imagine seeing a message every time you log into your Gmail account informing you that Google has never been compelled to surrender your private data to a law enforcement agency.

panarky 10 hours ago 1 reply      
Possible explanations:

1) It wasn't a canary to begin with, so its removal means nothing.

2) There's no legal precedent for disclosing a Section 215 order by killing the canary, so Apple removed it before they received a Section 215 order. That way it doesn't disclose anything and Apple avoids legal liability.

3) Apple really did receive a Section 215 order.

rrggrr 9 hours ago 0 replies      
As explained by Apple:

In the first six months of 2014, we received 250 or fewer of these requests. Though we would like to be more specific, by law this is the most precise information we are currently allowed to disclose.


nl 11 hours ago 1 reply      
Interesting and somewhat disappointing that it took a year for anyone to notice that it had disappeared. The appearance generated quite a lot of interest.

(Of course, I'm as responsible as anyone else for not noticing. I wonder if it would be possible to build a service to proactively check for their disappearance?)

UVB-76 11 hours ago 2 replies      
Gee, thanks for the hat tip...


johnhess 10 hours ago 4 replies      
Could a lawyer or someone with familiarity with warrants like these explain how a "warrant canary" is legal?

I understand the concept, but discloses something you can't disclose. They can compel you to lie/not comment if asked, "Hey, Apple, did you get any of those National Security Letters".

Is there a clear cut loophole or is this something yet to be challenged?

tkinom 11 hours ago 0 replies      
I wonder what happen if Russian, China, India, Japan, EU all demanding same level of access to Apple's data.

Apple might not care about Iran or other smaller countries, but how is it going to deal with big market like China, India, EU?

chiph 11 hours ago 0 replies      
Under what conditions would the warrant canary statement reappear? I'm thinking of those workplace safety signs: "This corporation has operated for [ 179 ] days without a Section 215 warrant being served"
crazypyro 12 hours ago 0 replies      
Have any of the other major tech companies had similar canary disappearances? I only ask because this is the first time I've heard of one actually being used by a tech company as a warning flare.

I'd expect a governmental legal challenge...

staunch 8 hours ago 1 reply      
Apple should just declare that they have been subject to Section 215. Given how many users Apple has it can't reasonably be argued that such a disclosure would be a danger to national security.

Hopefully they would end up before SCOTUS and help defang the USA PATRIOT Act.

stevewepay 8 hours ago 0 replies      
So now what? Now that the canary has disappeared, is there no other information that can be transmitted to us? It feels like it's a binary signal that just got set permanently, so there's no more information we can glean from it.
MrJagil 11 hours ago 11 replies      
I've asked this before to no avail, but what can the NSA possibly do if Apple refuses?

Fine them? Sure, they have billions.

They can't arrest the company... Is Cook going to jail? What is the actual threat here? You could argue that Apple has more power than many governments.

ForHackernews 12 hours ago 1 reply      
Very interesting in light of this: https://news.ycombinator.com/item?id=8333258
maresca 9 hours ago 0 replies      
Perhaps this is the reason for all of the security updates in iOS 8.
JavaScript for OS X Automation
345 points by radley  1 day ago   108 comments top 32
andyfleming 1 day ago 8 replies      
I found this nice simple, contrasting comparison of syntax from the last discussion about this (thought it would be worth sharing).

Here is some of the new JavaScript syntax:

Here is what it looks like in AppleScript

    tell application "Mail"        set msgs to every outgoing message whose subject is 'JavsScript'    end tell
While the AppleScript sounds logical, the JavaScript syntax just feels so comfortable and familiar (obviously).

slyfu 1 day ago 1 reply      
robinhoodexe 1 day ago 2 replies      
I'd rather have Lua to be honest... But JS is better than AppleScript in this regard. While easy to understand, it wasn't suited for large projects and debugging was kinda nasty.
kevinSuttle 1 day ago 1 reply      
itafroma 1 day ago 0 replies      
Previous discussion from a few months ago: https://news.ycombinator.com/item?id=7862973

The general consensus at the time was that this was an experimental replacement/supplement to AppleScript.

chrisweekly 1 day ago 0 replies      
Naturally there's already a npm module for interacting with it: https://github.com/brandonhorst/node-osa note the git repo is at 0.1.0, a couple months newer than its published npmjs counterpart at 0.0.2).

Anyway, the author gives a nice, simple overview of limitations of this approach, as well as simple reasonable use cases for it.

thomasfoster96 1 day ago 0 replies      
I saw this a couple of months ago when Yosemite was first announced. I'm pretty damn excited now.

Now if these APIs were usable via node-webkit...

cdnsteve 1 day ago 4 replies      
This seems interesting because it feels like I can gain more control over the desktop which previously I felt limited to by Bash or Python. Being a web dev I never wanted to get into Obj. C or Swift so this seems like it's opening some doors to a broader audience. It's funny they are showcasing Mail - does anyone actually use the desktop mail client? I thought that's been dead since 2003?

Can you leverage this API from within Node.js running on OSX ? Then we can start to see some cool, realtime desktop stuff.

EG:How I think this could be used for a developer:"Applet" or script that opens up a dev project you're working on.- Open Sublime text (or whatever IDE)- Pull latest down from Git- Fire up your respective local server if needed- Run tests - Release unicorns if everything goes Green through Desktop notifications of some type

MagerValp 18 hours ago 0 replies      
Interestingly this popped up in my RSS feed as I'm watching Sal Soghoian present what's new in 10.10 automation at http://macsysadmin.se/

No better way to learn than straight from the person who's responsible.

js2 1 day ago 0 replies      
For those curious about the history of AppleScript, how it was developed, etc:


geetarista 1 day ago 0 replies      
I recently wrote a blog post about this here: http://robbycolvin.com/javascript-automation-in-os-x-yosemit...
ryanmarsh 1 day ago 1 reply      
In Instruments since iOS 7 this has been somewhat possible but the JavaScript context was fairly locked down. I wanted to drive my UI automation tests with Cucumber (Ruby) so I wrote a little driver that patches Instruments to get access to the JavaScript context and expose it to a rudimentary server which listens for commands from your Cucumber tests.

You can check it out here https://github.com/cucumber-instruments/cucumber-instruments

milos_cohagen 1 day ago 1 reply      
This is an ok idea, but go look at the API for iPhoto, Contacts or iTunes and you'll realize it is irrelevant what scripting language is used. Really sucks that Apple doesn't open up their apps to scripting better.
rubymaverick 1 day ago 0 replies      
I wrote up a script a couple of months ago using JS for Automation that will automatically rotate a Keynote file from portrait to landscape (for use in prototyping on Keynote for iOS that only supports landscape). It was my first experience writing any automation script, so there was a lot of trail and error and google searches. I personally would much rather work in JS than Applescript. Here is the script in case you want to take a look at some more JS for Automation:


johnpowell 1 day ago 0 replies      
I play a stupid game (think farmville with tanks) that requires a lot of easily scripted clicking patterns.

It was pretty easy to record with automator and then have cron run that at a given interval. But that didn't work with click and drag.

Luckily there is a pretty simple way to do this with Python.

Here is a sample with clicks and dragging. http://pastebin.com/fG1d081k

andybak 1 day ago 0 replies      
You've been able to use alternative languages for a while haven't you? I remember looking into using Python at one stage and the hooks seemed fairly mature: https://developer.apple.com/library/mac/documentation/apples...
sleepychu 1 day ago 1 reply      
Now someone just needs to write the wrapper that makes the apps available as *nix processes!
bthornbury 1 day ago 0 replies      
I'm not familiar with AppleScript at all, but this does seem like it could be useful.

One question I have is whether any new functionality is added or if this is just a straight replacement?

Can any AppleScript gurus chime in?

msoad 1 day ago 1 reply      
Does this work with JSC REPL for trying things out? I don't have Yosemite to try it.

JSC usually is here: System/Library/Frameworks/JavaScriptCore.framework/Versions/A/Resources/jsc

andyfleming 1 day ago 0 replies      
I'm excited about the potential this will unlock. Applescript, while not too complicated, is a pain. Being able to throw together something quickly with javascript is going to make simple app scripting much more accessible.
mamoriamohit 1 day ago 0 replies      
This looks so much better than AppleScript. But, maybe, that could be just me.
JonnieCache 1 day ago 1 reply      
Out of the frying pan and into the fire.

Hopefully this represents a system they can easily extend to other languages in the future. There's an obvious candidate after all...

kyle_martin1 1 day ago 0 replies      
Awesome! I wonder if this could be used for end-to-end testing for iOS apps. For instance, automating turning on/off items within the Settings app.
mzs 1 day ago 0 replies      
AS is not going away yet, right? I have a ton of scripts I've written that we use at home.
rado 1 day ago 0 replies      
Can this be used to fix the input source switch problem plaguing OS X forever?
c2u 1 day ago 6 replies      
I love this. Wish one day I can use javascript to build an ios app.
tracker1 1 day ago 1 reply      
Grr.. I don't get why they didn't just embrace node, and release some native/platform modules for use on OSX.
general_failure 1 day ago 1 reply      
Why not support this through node?
hayksaakian 1 day ago 1 reply      
This looks like the replacement of AppleScript
pjmlp 1 day ago 4 replies      
Apple just caught up with Windows Script Host (1999).

Edit: fixed typo. Thanks.

happyscrappy 1 day ago 0 replies      
It seems I remember some talk about Swift eventually replacing AppleScript but I can't find anything, does anyone know?
WoodenChair 1 day ago 2 replies      
I predict this will be used to write malware. Many more people know JavaScript than AppleScript.
How I Pranked My Roommate with Eerily Targeted Facebook Ads
330 points by manualwise  1 day ago   46 comments top 14
baddox 1 day ago 4 replies      
I feel like it stopped being "well played" when his roommate called him out and he just lied about it. At that point, there's nothing clever moving forward, other than the fact that he can apparently lie convincingly to a friend. Maybe that's just my "prank ethics" though.
randomwalker 1 day ago 2 replies      
The reason that Facebook changed their policy to disallow targeting to a very small audience is because of this paper http://repository.cmu.edu/cgi/viewcontent.cgi?article=1066&c...

It studies the same problem as the author here exploited, but goes a lot farther to try and infer things about the targeted individual from the analytics that FB provides to the advertiser. The paper won the Privacy Enhancing Technologies award.

That was back in 2010. If the author succeeded anyway, it seems that Facebook was careless in their implementation of the fix.

Uhhrrr 1 day ago 2 replies      
Interesting. Could one use this to harass an ex? Because unless these sorts of ads are flaggable, I bet that will happen, whether unintentionally ("Dear Angelina, I miss you and I know you have seen this 53 times") or intentionally ("YOU HORRIBLE DEMON BIRCH %$@#%$!!!").
mjwhansen 1 day ago 0 replies      
Worth noting: you can no longer target based on user IDs (unless you obtained it through a Facebook app): https://www.facebook.com/help/community/question/?id=1020254...
imranq 1 day ago 1 reply      
You could use this for birthdays, anniversaries, special events...imagine once facebook takes over the web, we can pay them to make someone's day on the internet special.
jrochkind1 1 day ago 1 reply      
Today I learned that facebook adds can be targetted to a list of specific known individuals, not just demographics.

It never occured to me that this would be.

johnlbevan2 1 day ago 3 replies      
To target just one person (in the new rules), rather than listing email addresses and only targeting one gender, couldnt you upload one genuine and 19 fake email addresses? Or does FB filter your list based on those emails it recognises as users... in which case, is this a security hole where you can test an email against FB to see if that users registered by submitting 19 genuine addresses and 1 to-be-verified address to see if its accepted or not?
Zikes 1 day ago 1 reply      
> It began innocently enough with me snagging the email address he had listed on his Facebook profile, adding it into an Excel worksheet, and exporting it as a .CSV file.

This reminds me of the days when I'd get sent photos and screenshots embedded in Word documents.

LukeB_UK 1 day ago 1 reply      
Is it me or has this site hijacked the scrolling and changed the speed?
zuck9 1 day ago 1 reply      
wait, can i send zuckerberg whatever messages i want through this? how much would that cost?
thrush 1 day ago 0 replies      
nit: the scrolling on this page is interesting. what is the intent?
arjie 1 day ago 0 replies      
An incredibly amusing anecdote. Very clever of you!
ecocentrik 1 day ago 0 replies      
Nice try facebook...
What every computer programmer should know about floating point, part 1
317 points by haberman  3 days ago   72 comments top 16
sheetjs 3 days ago 2 replies      
Here is a fun little anecdote you may consider incorporating into part 2:

The default Excel number format (known as General) draws numbers with up to 11 characters, granular enough to mask the ulps in common numbers like 0.1+0.2. Excel also supports fraction number formats. The format "?/?" writes the closest fraction whose denominator is less than 10.

The algorithm used to calculate the fraction seems to agree with the Oliver Aberth paper "A method for exact computation with rational numbers". Based on this algorithm, 0.3 is represented as "2/7" and any number slightly larger than 0.3 is represented as "1/3".

Try setting A1 to 0.3, A2 to =0.1+0.2 and change the cell format to Fraction .. Up to one digit. Both cells appear to be 0.3 when rendered under the General format. However, when using the fraction, the cells differ.

Google Docs renders both numbers as 2/7, but the XLSX export correctly preserves the IEEE754 numbers. Unfortunately, LibreOffice clobbers the last few bits, leading to incorrect results.

brudgers 3 days ago 0 replies      
For the really ambitious, there's always Knuth's treatment in TAoCP volume 2: Semi-Numerical Algorithms. It runs about fifty pages, covers such interesting topics as the statistical distribution of floating point numbers in order to determine average running time, and of course, includes exercises like [42] Make further tests of floating point addition and subtraction, to confirm or improve on the accuracy of Tables 1 and 2.


On the more social side, Dr. Chuck's interview with William Kahan on the history of the IEEE standard is a good read:


baldajan 3 days ago 3 replies      
re: "As long as they are small enough, floating point numbers can represent integers exactly."

I recently discovered a wonderful floating point bug in the Apple A7 GPU (fragment shader). I would pass a float from the vertex shader to the fragment shader, that was either 0.0, 1.0 or 2.0 and use that as an index to mask color channels.

As such, I would convert to int and use it as an index. Problem was, the GPU would sometimes, on some random region of pixels, decide I didn't pass in 1.0, but 0.99999999999. Perform an int truncation, I have 0.0, I get the wrong index, my app starts flickering, I want to rip my hair out...

Even on desktop machines, I had similar problems with large sets of tests that would produce different results depending on which (modern desktop) processor they ran on.

Lesson: floating point is certainly dangerous for consistent representations that "matter". Regardless of a compiler decision or what the spec says.

forrestthewoods 3 days ago 1 reply      
The more you learn about floats the more you realize you don't know. God damn floats are ever surprisingly fickle bastards.

Bruce Dawson has at least 12 posts on floats. There are quite a few more after this series as well. http://randomascii.wordpress.com/2012/02/25/comparing-floati...

chewxy 3 days ago 1 reply      
Great job Josh. I wrote a version of this too[0], but yours is much much better and in depth. I enjoyed it a lot more too :)


skellystudios 2 days ago 1 reply      
"What every computer programmer should know about floating point, part 1.00001"
ja27 2 days ago 1 reply      
Years ago there was a triangle problem on an ACM Scholastic Programming Contest. It looked simple. Given three lengths, output whether that forms a triangle or not and whether it's a right triangle or isosceles triangle. Simple right? A^2 + B^2 = C^2.

Most programmers that were naive about floating-point got burned. One item in the test data set (which they kept hidden and ran against your program and you only got a pass/fail result) would fail the simple equality case if you used a double-precision float but would pass if you used a single-precision. Lots of learning took place.

Roboprog 2 days ago 1 reply      
If you do accounting instead of games, floating point is NOT your friend. (some game devs might argue that floating point is not your friend there, either, if your "universe" has a convenient "quanta" and scale/size)

Use fixed precision / "binary coded decimal" instead.


Shivetya 2 days ago 2 replies      
How often do programmers deal with floating point?

I deal with business math, which while there are positions to the right of the decimal point we have very well defined numbers and such.

What languages other than javascript have issues such as described in this article?

frozenport 3 days ago 3 replies      
` As long as they are small enough, floating point numbers can represent integers exactly. `

Is this true? For example, if I want to do integer + floating point addition the CPU might dump the floating point into a 80bit register resulting in a form which does not play as expected with integers.

kasperset 2 days ago 0 replies      
This video may also supplement the knowledge about floating point: http://www.youtube.com/watch?v=jTSvthW34GU
yoha 2 days ago 0 replies      
Using arrows in both directions on your diagrams is very confusing. Only keep the right ones. Good write-up by the way.
Humjob 3 days ago 2 replies      
Very interesting. You've clarified a lot of points I had floating around in my head about this topic.
JetSpiegel 2 days ago 1 reply      
No floating point article is complete with a reference to the Fast Inverse Square Root [1].

1: https://en.wikipedia.org/wiki/Fast_inverse_square_root

jokoon 2 days ago 0 replies      
this needs to be taught in 1st year of any comp sci class
haberman 3 days ago 4 replies      
I've worked for a few months on this article as I've learned more about floating point. I hope this helps others gain the same understanding. Please let me know of any errors!
Show HN: CleverDeck I built the spaced repetition app I always wanted
298 points by jmcannon  1 day ago   129 comments top 44
jmcannon 1 day ago 4 replies      
Hey HN - a little background, which might be interesting to some. I went through YC twice, the second time with a company called EveryArt. After working on that for two years as a solo founder, I decided to close it down. I moved from San Francisco to Istanbul and started a niche business (actually, just renamed EveryArt, Inc. in fairness to investors) that has done well enough to support me. I started teaching myself objective C in January to eventually build CleverDeck, which was motivated out of dissatisfaction with the available spaced repetition apps available (Anki, Memrise, etc.) I'll be hanging around if you have any questions. Thanks!
soneca 1 day ago 2 replies      
Nice UI. I would love if you add a "Advanced English" deck. I have a 11 years old vocabluary (according to some online test I forgot the name).

There is a place for people learning english as a second language where you know enough to be able to communicate, but you don't have a good enough vocabulary to express more sophisticated ideas, or express simple ideas more elegantly. I am at this place and I am sure there are lots of others here.

adriand 1 day ago 2 replies      
Looks and works really, really nicely. I am currently in the midst of cramming Spanish (trip to Barcelona in two weeks, trip to Cuba in four months, woo hoo!) and I've been using these two trips as a motivation to finally learn the Spanish I've always wanted to know.

I've been using Duolingo a lot, as well as Memrise. Memrise has been quite good so far, but it is certainly not very polished, whereas this seems extremely well-done.

Congratulations on the launch, this looks like a superb product and if it works for me I'd be happy to pay for it. That's a clever idea for in-app purchases too, by the way.

3JPLW 1 day ago 1 reply      
One thing that's unclear in the app description: does the free app come with 3000 words? And then is the $15 purchase is for an additional 3000? That would be amazing!

Are all the words nouns? Or are there verbs/adjectives/adverbs, too?

Is there a way to create a set of flashcards via a file upload? That'd be a wonderful feature!

alexchamberlain 1 day ago 2 replies      
Android version in the pipeline? Should I sign up for email updates?
jeromegv 14 hours ago 0 replies      
Congrats! Amazing job. I'm learning Spanish and I'm a big fan of flash cards. I use FlashCards++ (for words that I add myself), but it's good to have another app that can bring me new vocabulary (I went over all Duolingo and done with it), seems like you have advanced vocabulary which is great. I've used Memrise in the past, but the UI, the offline caching, and the difficulty to know which deck was high quality turned me off. Great job and add Tagalog(Filipino) if you can one day!
sethbannon 1 day ago 2 replies      
I almost hate to ask this question here because this seems like a really nice product, but does anyone know of any similar apps? I ask because I'm learning Polish, a language not yet available on CleverDeck.
hfsktr 1 day ago 2 replies      
Everyone seems to be focused on languages but is there something like this for music? Especially instrument specific, for example a card for finger placement?

Would something like that require me custom adding every card? and somehow figuring out how to get pictures/symbols on the cards instead of just text? FWIW I don't know how hard that is with existing apps, maybe it's gotten easier.

Sorry if it is a derail.

gurkendoktor 16 hours ago 0 replies      
I think you should consider adding a newsletter sign-up form to the website. I would love to use this for Japanese, but there is no way to 'subscribe' to your apps. (You've posted a link to your blog below, so I think I'll just add it to my RSS reader, but I wouldn't have found it without the HN comments.
tvanantwerp 15 hours ago 0 replies      
As someone trying to use SR to learn new things, I'm always tempted to build my own software. Congrats for doing it!

The one gripe I have--about this and every other SRS--is that it seems geared ONLY for language learning. While SRS works very well for that, I suspect it works well for much more than that.

pragone 1 day ago 1 reply      
Is this a language learning app or a spaced repetition studying app? I'd be interested in something with a smoother UI thank Anki, but that seems to be the established app for med school
saganus 1 day ago 1 reply      
Does anyone have an idea why I get a McAffee Web Gateway error with:

Alert: This website has a Security Reputation Rating of High Risk URL: http://cleverdeck.com/ Category: Site Reputation: Medium RiskCode: Reputation Coaching

How is "Reputation coaching" a bad thing? I don't even know what it is but unfortunately I also don't want to risk getting a red flag in the system because I'm trying to find out.

Anyone have any ideas?

rxdecoster 1 day ago 0 replies      
Great work Justin. As an intermediate/advanced Turkish speaker, I find a lot of value in being able to learn new vocabulary easily and in a manageable way. Thanks for building this.
azinman2 1 day ago 0 replies      
Really nice work! I don't know about the market but given I'm about to go to Paris it's here just in time for me to bone up on my french! I like the 'learn a little everyday' approach, and I found even putting those cards back not only easy from a UX perspective but effective in that I had already forgotten 'drapeau'!
z3ugma 1 day ago 1 reply      
Going through the French deck, I've noticed some errors, especially with gender and homonyms - is there a built-in, effective way to report these kind of problems to the devs?
fataliss 1 day ago 5 replies      
I'm desperate to find this kind of app for Chinese. Stuff like Duolingo and the like are all great, but no Chinese :(

But good job, this app looks great!

__m 16 hours ago 0 replies      
Why didn't you create a single app with all card sets as in app purchases? I use Mental Case which allows you to share sets and download sets from other people.
quadfour 1 day ago 1 reply      
Looking great, just a small pet peeve, in the coming soon section, above portuguese you have the brazil flag, feels kinda weird being portuguese and seeing that :)
techpeace 1 day ago 1 reply      
Thanks so much for building this! Just purchased the full 3k Spanish deck. You've saved me a ton of time vs. my plan of writing a script to build my own Anki decks.

One question: is there a recommendation on whether to go with English-first or target-language-first when studying? I prefer to go with Spanish-first, but I don't know if there's any data on which is more effective. Thanks again!

splatcollision 1 day ago 0 replies      
Really great apps just downloaded them all. I've picked up turkish from my wife but it's still great to get more practice. Only suggestion is the right-ward swipe on cards to dismiss them as well-known should trigger earlier - I find myself having to swipe further than I feel I need to in order to dismiss the card. Otherwise great work & thanks for sharing
omarish 1 day ago 0 replies      
This is amazing. I've been using Anki for a few years now and have been looking for a better app. Congratulations. I can't wait to use it.
frankdenbow 1 day ago 0 replies      
Would love this on Android. Currently I use Duolingo, which is great, but many of the words they teach seem irrelevant for common conversation.
ajsharma 1 day ago 0 replies      
You won me over immediately with the fox in a lab coat
dubcanada 1 day ago 1 reply      
Awesome, I signed up to be notified of new languages. But the field border just turned green. Does that mean it went through?

Looking at the network it seems the return value was success, but it says "We'll just need to confirm your email address".

Shouldn't there be some text or something besides a green border?

Either way this looks awesome...

rdlecler1 15 hours ago 0 replies      
I learned 850 chinese characters over a 3 week period one summer using this technique. It's amazingly powerful.
callumprentice 1 day ago 1 reply      
I can't install it right now as I am upgrading to iOS 8 but why is the app free and the 3000+ cards mentioned in the description cost $15?

Is it because the App store doesn't support any form of trial? It may be unfair, but I always feel like I am being tricked when a purchase is set up this way?

confess_ly 23 hours ago 0 replies      
China is a huge market and people there are crazy about learning English, so definitely add English and then you can expand to international market
shamney 1 day ago 1 reply      
How did you decide on the vocabulary list and where did you get the example sentences?
icholy 1 day ago 1 reply      
Looks good. Any plans on allowing custom decks (for stuff other than learning langauges)?
nicpottier 1 day ago 0 replies      
This looks great, would buy if it was in the Android Play store. :(
thanatropism 1 day ago 1 reply      
How does this compare to Anki?

Duolingo is nice, but it's not as good for cramming as for low-intensity, long-term learning. Anki is awesome for just "I'm going to memorize this speech like a poem"

ZoFreX 1 day ago 1 reply      
> "We can email you when we launch new languages."

How? Presumably I'm being slow because others have managed it, but I can't figure out how to sign up to be notified...

wf 1 day ago 1 reply      
This looks really cool, definitely going to download it and give it a shot. (btw I didn't know what spaced repetition was and your wikipedia link is missing the colon on your about page)
serkanh 1 day ago 0 replies      
I have been using Anki for a while now and i love it. I wish there are more spaced repetition apps out there that are not limited to learning a language.
tehwalrus 1 day ago 3 replies      
German and Mandarin are my two requests (even just 300 or so Mandarin cards would be great! I'll help!). Just started on French while I wait, looks great! :)
coldcode 1 day ago 0 replies      
Very nice, I wish I'd done this :-) Maybe I can finally learn Spanish and relearn all the German vocabulary I've forgotten.
kevinherron 1 day ago 0 replies      
Signed up to be notified, awaiting German :)
dannylandau 1 day ago 1 reply      
Who is the designer? Did you outsource this part to a freelancer?
brandonmenc 1 day ago 0 replies      
Looks great! I cast my votes for Hebrew and Japanese.
LeonidBugaev 1 day ago 1 reply      
Looks great, but does it have pronunciation?
ashishk 1 day ago 0 replies      
Congrats Justin!
kpennell 1 day ago 0 replies      
Good work, Justin. Hope Turkey is fun.
joshdance 1 day ago 0 replies      
Looks great.
saiko-chriskun 1 day ago 1 reply      
I was so excited... then saw the ios only :/

EDIT: then I even realized there are only specific languages supported? we can't add our own? this is useless..

Stuff Goes Bad: Erlang in Anger
288 points by mononcqc  1 day ago   44 comments top 13
davidw 1 day ago 1 reply      
For those who don't know, this is by the author of:


Which has the same clear, detailed and very approachable writing style.

Erlang really needed a book like this that goes into some of what happens with real, non-toy applications. Hopefully he'll continue to add to it!

For what it's worth, LYSE is one of the few paper books I've purchased in recent years - it's really good, and very clearly a labor of love.

rdtsc 1 day ago 0 replies      
Great work!

BTW Fred is also the author of Learn You Some Erlang For Great Good:


As he put it, a lot of these tips and tricks end up preserved in local company folk tradition and eventually get lost. This way the whole community gets to benefit. Many thanks, Fred!

Some of these things I've seen on Erlang's mailing list. Some saw in Erlang Factory talks, some are mentioned on #erlang channel. But having them in one place is quite nice.

Some more detailed things I like:

* There are a good number of Erlang resources targeting beginners. This one targets advanced users as well.

* Focused on maintenance and debugging. A successful product will always have that aspect. It is often overlooked.

* Nice semantic layout of chapters -- explanation of how things work, then hands-on sections/example sessions, then exercises and open ended questions for further thinking and discussing.

chollida1 1 day ago 0 replies      
Wow, great book. Worth reading alone for chapters 7-9 which deal with debugging running process.

I hope they get fleshed out a bit more.

I wish more technical books would dive into the inner workings of the language like this. https://realworldocaml.org/ was the only other book I've read in the past few years that has done this.

I might be the exception in the book buying crowd but I don't want a book to teach me the syntax, I want to know how to debug my process, what tools are available and which ones the experts use.

tieTYT 1 day ago 0 replies      
For those that want to get started, I've been reading the Erlang Thesis^1. It's a really good read. I recommend it even if you don't plan on learning Erlang because it will teach you why it's difficult to build reliable systems when processes can share mutable state.

1: http://www.erlang.org/download/armstrong_thesis_2003.pdf

rorydh 1 day ago 3 replies      
For anyone who's interested in Erlang (or functional programming in general) but thinks it looks a bit daunting, check out Elixir.

It's a new language which has just turned 1.0, has Ruby/Python like syntax and runs on the Erlang OTP VM (kind of like how clojure runs on the JVM). This gives you all of the amazing concurrent power which has helped the Heroku guys here.

Check it out!: http://elixir-lang.org/

MetaCosm 1 day ago 0 replies      
Wow -- I consider this "The Missing Manual" for Erlang production developers. A lot of this you learn over time -- as you work on production systems, but this will cut down the pain significantly.

Nice to see another boon to the community come from Fred.

hackerboos 15 hours ago 0 replies      
jflatow 1 day ago 0 replies      
Wow, Fred has been providing a massive service to the community. It's great to see someone continually producing high quality, open source, technical prose (for Erlang).
chillericed 1 day ago 1 reply      
This is awesome, I can't wait for this to go into print, so I can pay you for your work! But in the meantime, many thanks for writing this.
user_name2 18 hours ago 0 replies      
A great testimonial
darkof 1 day ago 0 replies      
Like! :)
tilt_error 1 day ago 0 replies      
eddd 20 hours ago 1 reply      
Can i buy mobi version somewhere?
Apple Privacy Government Information Requests
274 points by declan  1 day ago   192 comments top 20
downandout 19 hours ago 9 replies      
"On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data"

This is key. The way we engineer software and services can have a major impact on the war against overly invasive government requests. We know that these requests will come; it's our responsibility to design things in a way that protects customers from our legal obligations when confronted with them to the greatest extent possible.

While this certainly serves their own interests, kudos to Apple for baking this type of consideration into the basic iOS design. They should and will be financially rewarded for it.

mkal_tsr 23 hours ago 7 replies      
Yet no comment from them about what being a "provider" under PRISM entails.

* "In addition, Apple has never worked with any government agency from any country to create a back door in any of our products or services."

If Apple provides an interface to request user-data to law enforcement / NSA, that's not a back door in the product or the service.

* "We have also never allowed any government access to our servers. And we never will."

If they provide user-data after being served with a warrant (possibly through email or to their legal department), their servers were never accessed, yet the data was provided.

It's always interesting to read what is and isn't said. Word games, I swear.

crishoj 18 hours ago 1 reply      
Here's an observation, and an idea for testing Apple's claims on iMessage privacy:

China seems quite determined to block IM systems which do not cooperate with the authorities and permit monitoring of communications. Most recently, both Line and the Korean KakaoTalk were blocked [1].

Skype remains useable in China, presumably because Skype permits efficient monitoring [2].

It seems unlikely that China would tolerate such a prominent opaque communications channel as iMessage in the hands of a significant proportion of their citizens.

Thus, if China refrains from blocking iMessage for a prolonged period of time, wouldn't it be reasonable to assume that China is in fact able to snoop on iMessage?

[1] http://www.ibtimes.com/china-restricts-messaging-apps-confir...

[2] http://www.reuters.com/article/2012/01/31/us-china-dissident...

clamprecht 23 hours ago 2 replies      
So the US is now a country where mainstream companies market it as a competitive advantage that they will try to minimize what they will release to the government. I'm glad companies are doing this, but I'm sad that they even have to.
DigitalSea 22 hours ago 1 reply      
The honest truth about all of this is, even if Apple were handing over information because of back doors, custom database interface applications for the NSA, they wouldn't tell us and would probably be gagged from doing so anyway, have we all forgotten about Lavabit? I hope not.

I think we are all intelligent enough to know that even if Apple were handing over information, it wouldn't exactly be good for business to admit you've been complicit in handing over personal details to the Government, would it? "Yes, we have been giving away your information, but we promise not to do it any more. Hey, we just released a couple of new iPhones, want to buy one"

Anyone else notice the page is cleverly worded and any mention of security seems to be limited to iOS 8 context? "In iOS 8 your data is secure", "In iOS 8 we can't give law enforcement access to your phone" - maybe I am just overanalysing things here, but I have learned not to be so trusting of companies as big as Apple considering the amount of information that they hold.

You know we're living in a new kind of world when privacy is being used for marketing purposes...

jpmattia 23 hours ago 2 replies      
> less than 0.00385% of customers had data disclosed due to government information requests.

According to [1], there are about 600 million apple users, so this translates to 23,000 customers exposed due to government information requests.

Seems like a large number. Is 600M correct?

[1] http://www.cnet.com/news/apple-to-reach-600-million-users-by...

fpgeek 23 hours ago 0 replies      
My fundamental issue with Apple's privacy claims is they are pretending that they have a technological solution to what is, ultimately, a political problem. As the laws in the US (and I imagine some other countries stand), Apple can be compelled provide your data to appropriate governmental authorities, install back doors, not tell you and even lie to you and the world about it. As long as that's true, no assurance from any third-party service provider is worth a damn.

I can understand the marketing benefits Apple sees in making these disingenuous privacy claims. I'd be willing to call that "just business" except for one thing: Trying to persuade people they have a technological solution will necessarily get in the way of the absolutely vital political project of destroying the political and legal foundations of the surveillance state.

ckuehl 23 hours ago 1 reply      
I'm very skeptical that traditional screen-lock passcodes offer useful protection for the average person. Most people still choose to use 4-digit passcodes for convenience, leaving exhaustive key search [1] well within the reach of even very small attackers.

Are these four-digit passcodes being used to derive encryption keys? If so, I'd like to hear where the additional entropy comes from. There's no use encrypting things with a 128-bit key when the effective entropy of the key is really only ~12.3 bits.

I'm sure the engineers at Apple would not have overlooked this; it would be great to hear more about the specifics.

[1] especially if the attacker can download encrypted data and try an infinite number of times (instead of e.g. typing the passcode on the phone or hitting the iCloud servers)

danford 17 hours ago 1 reply      
Except it's not open source. If it's not open source then you have no idea what's going on beyond what Apple tells you.

Ask your self:

Would Snowden use this phone? Your answer to this question is the same as the answer to the question "Is this phone secure?"

I guess I'll get downvoted for this sense it goes against the Apple circlejerk, but this issue is more important to me than magic internet points.

sidcool 18 hours ago 0 replies      
Apple has taken a shot against Google and facebook. It has mentioned that unlike its competitors their business model does not depend on selling user data. Which is kind of true, but Google and facebook's business model itself is using user data for marketing.

Sometimes I feel it's not unethical to use user's data for marketing, the way facebook and Google tell us; that they don't directly share details with marketers, but they let them target the audience.

declan 1 day ago 3 replies      
If you're an iOS user who becomes the target of an investigation by a law enforcement or intelligence agency, remember your data is likely unencrypted in the cloud. So if your device is inaccessible, your email, your location history, your text messages, your phone call history will probably remain accessible. Apple acknowledges, for example, that "iCloud does not encrypt data stored on IMAP mail servers":http://support.apple.com/kb/HT4865

[Edited because it now seems unclear which Apple policies have changed.]

zobzu 23 hours ago 3 replies      
"Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data"Oh really? Privacy is marketing now.
xkiwi 20 hours ago 10 replies      
Finally those numbers of iPhone activation and mac sold are useful.

#1 Mac unit sales


2010 @ 13662k

2011 @ 16735k

2012 @ 18158k

2013 @ 16341k

Total = 64,896,000

#2 iPhone unit sales


I only take the number from 2013 & 2014 because Apple trend to upgrade fast.

2013 @ 53.6 Million,

2014 @ 63.2 Million,

Total = 116,800,000

Now, quote from "Government Information Requests"

"less than0.00385%of customers had data disclosed due to government information requests."

Only 699529.6 round to 699529 customers had data disclosed.

dubcanada 15 hours ago 0 replies      
These threads should come with a tin foil hat requirement. There is so many different views on this. But if you wear a thick enough tin foil hat, it really doesn't matter what anyone says. You will think the gov is spying on you regardless...
BillFranklin 16 hours ago 0 replies      
19250 people have their Apple accounts accessed by #NSA every year.
krisgenre 14 hours ago 0 replies      
Doesn't Android phones also have 'Encrypt phone' feature?
baby 21 hours ago 0 replies      
It almost seems like it's a feature of iOS8.
adventured 18 hours ago 1 reply      
I understand this does nothing to stop the NSA from snooping on me. However, the local / state police are a much more imminent threat to your average person with the rise of the police state than the NSA and FBI are. The local police are becoming ever more aggressive when it comes to your privacy and devices like your phone.

If this turns out to be as good of a move as it seems like it is, Apple has acquired my attention in a way they weren't able to previously (I've been an Android user from day one). Plus I like the new larger iPhone 6.

pikachu_is_cool 17 hours ago 1 reply      
I don't need to read this. Everything on the iPhone is proprietary software. As it has been proven countless times, there is an 100% probability that there are backdoors everywhere on this device. This entire blog post is a lie.
wyager 23 hours ago 4 replies      

Can someone confirm or deny the following? I think this is the current state of affairs.

A) Apple will unlock PIN-locked devices by government request, but the best they can do is brute-force. This is very slow, as it can only be done using the phone's on-board crypto hardware (which has a unique burned-in crypto key), and the PIN is stretched with PBKDF2. It has been this way for a while. Apple has no "backdoor" on the PIN or any form of cryptographic advantage here that we know of.

B) The new thing mentioned in the OP's link is that things stored on Apple's servers are now encrypted as well, with your iCloud password.

Is this correct?

Cloud images that are recognized as human faces by a face-detection algorithm
274 points by jsvine  3 days ago   40 comments top 12
ewindisch 3 days ago 2 replies      
Far more interesting is their facial-captcha project: http://ssbkyh.com/works/fadtcha/

They assume that a computer will detect faces where humans do not and use such a selection as a captcha. It forces the computer to make a random guess against its matches so there is still a chance of it getting the right answer, but it's an interesting concept.

arb99 3 days ago 1 reply      
This one is interesting too... http://ssbkyh.com/works/cat_human/

" Human faces recognized as a cat face by a cat face-detection algorithm"


"Cat faces recognized as a human face by a human face-detection algorithm"

clarkmoody 3 days ago 0 replies      
I was pleasantly surprised when this wasn't a bot unleashed on the 'cloud' to recognize human faces.

The resulting images do make an interesting exhibit of modern techno-art.

mastermindxs 3 days ago 0 replies      
I was really excited for this then I realized I have the cloud to butt extension on chrome.
bitwize 3 days ago 0 replies      
I was a bit flabbergasted the first time I pointed a digital camera at an Obey Giant sticker and a popup appeared: "The subject of this photo may have closed their eyes."

Maybe I shouldn't have been?

thomasjonas 3 days ago 0 replies      
Berlin based design studio OnFormative did a similar project using Google Maps as source material: http://www.onformative.com/lab/googlefaces/

Very nice to see more projects where algorithms and art come together. This post also reminded me a bit of this project where a face detection algorithm and a psuedo-genetic algorithm are combined to create faces out of noise: http://lbrandy.com/blog/2009/04/genetic-algorithms-evolving-...

tly_alex 3 days ago 3 replies      
I tested those "cloud face" in the popular face recognition engine rekognition.com. None of them actually got recognized as face. Looks like the face recognition algorithm they uses are pretty smart.
jrapdx3 3 days ago 1 reply      
We do tend to "see" patterns that associate to built-in or learned abstractions, such as faces (or elephants, etc.) in clouds. This is especially the case when social reinforcement is a factor, like when someone points skyward and asks, "don't you see a face in that cloud?" and soon everyone standing nearby agrees it sure looks like a face.

That computers are "fooled" may simply reflect their human programming, though not being fooled could well be a very hard problem to solve.

It's amusing the way face-detection in my spiffy digital camera (an Olympus EM1) will find faces in all kinds of inanimate objects. The feature can be useful for photographing real people, but in other situations face-detection is just a distraction and I keep it turned off.

Though now I may have to aim the camera at a few clouds...

NoMoreNicksLeft 3 days ago 3 replies      
This is the basis of "artificial creativity". Train these NNs to recognize faces (or anything else, maybe especially everything else), and then run random noise through them. See what they come up with.

You could have an algorithm coming up with some pretty decent (and original) cartoon faces. Or with art, abstract or not.

This is what your brain does.

jsvine 3 days ago 1 reply      
> Cloud Face is a collection of cloud images that are recognized as human face by a face-detection algorithm. It is a result of computers vision error, but they often look like faces to human eyes, too. This work attempts to examine the relation between computer vision and human vision.
bane 2 days ago 0 replies      
I think this means the algorithm is working.
rkda 3 days ago 0 replies      
So the algorithm has imagination. heh.
Emacs Lisp's Future
264 points by rutenspitz  2 days ago   155 comments top 20
mark_l_watson 1 day ago 1 reply      
If it isn't broken, don't try to fix it.

I am an old guy (professional Lisp developer since about 1981) and my age probably affects my opinion:

It would be a disaster to mess up the Emacs ecosystem. I don't think that Emacs/elisp runs slowly and since I have to use so many different programming languages anyway, needing to know a little elisp is no problem.

I don't care if elisp is not a modern language.

Way off topic, something that I have written before about: think forwards several hundred years. What will the software landscape look like? My bet is that there will be many ancient software systems that have been debugged to near absolute stability over the centuries. Sure new software will be written, but I bet there will be many very old and stable systems that will see little change.

yason 1 day ago 7 replies      
Given all the reworks of software projects that have a) been started b) then delayed c) then delayed more, "because this time we'll make it perfect" and d) then failed to gather traction because of incompatibilities, it's my humble guess that the only way would be to continue ELisp as it is and slowly rework the compiler/interpreter and the runtime into a more modern codebase, and add missing features such as thread/process based concurrency. Guile, Clojure, Common Lisp or whatever language are going to basically restart Emacs from scratch, no matter how well they're coated with compatibility macros.

It's better to create slight incompatibilities gradually (so that packages can catch up in some humane timeframe). I could imagine the ELisp runtime being intertwined with the Emacs C code badly enough that making radical changes to it would seem "impossible", just like in the CPython codebase it is considered impossible to ditch GIL and modernise the code. But those kind of comments are often excuses because people are lazy and it's nicer to write new code.

tedks 1 day ago 1 reply      
A lot of people seem to be reading this as if Emacs is choosing between switching languages to Scheme (Guile) or Common Lisp.

Switching to Guile DOES NOT IMPLY switching to Scheme. There is 0 need for compatibility layer or what have you with Guile.

Guile is a language-agnostic virtual machine. It has an implementation for Scheme, but also one for Emacs Lisp. Guile already runs Emacs Lisp faster than Emacs: https://lists.gnu.org/archive/html/emacs-devel/2010-04/msg00...

The main issue the Emacs developers seem to have with Guile is that it will give developers choices as to whether to write Emacs extensions in Scheme, Elisp, or Javascript/Python/Whatever else Guile supports.

hraberg 1 day ago 0 replies      
I started a project to port Emacs (the C parts) manually to Clojure, with the Emacs Lisp automatically transpiled into Clojure in 2012, most of the work was done in early 2013: https://github.com/hraberg/deuce

It can boot Emacs on the JVM and take simple commands, but not much more. It's my intention to eventually revisit this project, but not sure when.

atgreen 2 days ago 2 replies      
"Lack of some features, most notably FFI and concurrency."

Cool -- my '90s hacks are in demand! I added threading support to Guile and wrote libffi back in the 90s.

TeMPOraL 1 day ago 1 reply      
I've been bringing the following thought up inside various threads but I think it needs to be said in separate one, since I see many people here and elsewhere missing this about Emacs.

Emacs is not a scriptable editor. You don't "script it" or "write plugins for it" in a classical sense of those terms. You reprogram, extend and augment a piece of running code on the fly. Seems similar, but feels different. Emacs is a live Lisp image with text-editing features bolted on top. It's basically backwards of how a typical editor/IDE is implemented.

Therefore, it matters what language is used as a base. People mentioned Lua or JavaScript, but they are nowhere near useful enough for the task.

Therefore, it feels to me - and I believe to many other Emacs users as well - it matters that there should be one base language. Emacs as an Elisp system with text editing capabilities feels like a whole. Everything fits together nicely and interacts with each other. It is elegant. Aside for inviting maintenance upkeep and general chaos, making Emacs "run" multiple languages at the core is sort of like shattering its soul into many pieces. I don't want to have an editor with multiple-personality disorder.

Imagine you're writing an executable in three different programming languages mixed together at the same time. That class is written in Common Lisp, but it's child classes are written in C++. And exception handling everywhere is written in Python.

The sheer mental effort to make all of these work in a conceptual harmony inside a single program would be enormous. And it would still feel weird.

That is what multiple-extension-language Emacs would feel.

terminalcommand 1 day ago 4 replies      
If emacs supported new languages other than elisp, a lot of new blood will join the community. Once we get the new hackers, they will try and find ways to modify the old codebase. Emacs is a wonderful editor, but to a newcomer it can be a lot daunting.

For example, I have completed the emacs tutorial, I've even read the infos info tutorial and several info pages regarding emacs and still don't know much about ELisp. I downloaded the official emacs manual, which is more than 1000 pdf pages and plan to read it in the next 10 years.

I love the editor, I want to continue to program in Emacs but Kate seems to be much simpler, elegant and quite functional.

HerrMonnezza 1 day ago 1 reply      
Tom Tromey started an automated rewrite of Emacs in Common Lisp in 2012, see the announcement at: http://tromey.com/blog/?p=709

I couldn't find any progress report after http://tromey.com/blog/?p=751 so I guess the project has been abandoned early.

informatimago 2 days ago 1 reply      
I've got the impression that there is more Common Lisp code and programmers around than guile.
brudgers 1 day ago 0 replies      
As I began really using Emacs about a year ago, I got the idea that the Emacs code base could actually be a foundation for a computer science curriculum - The Emacs code base touches on scripting, functional programming, application programming, systems programming in C, real-time problems, usability, cross-platform development, etc. etc.

An alliance with Racket would be an interesting option from the standpoint of language communities.

     - The community's core is [ relatively ] vibrant.     - The community has more than a passing interest in        developing development tools.     - The community is exceptionally stable because       its members are often linked to academia.     - It copes with endless September really well.     - Its vision of open resources overlaps GNU       somewhat.     - Programming language problems are right up       the Racket community's alley.

CharlesMerriam2 1 day ago 1 reply      
This problem begs to think larger. Instead of starting with "we are missing these two critical features that the rest of the world has expected as standard since the dinosaurs perished", it might be interesting to ask "what sort of emacs language features would make it the best in the world!"

It is far easier to get a minimum product out when the eventual goal is the stars.

lallysingh 2 days ago 2 replies      
I sent a note about using an elisp-on-llvm solution. Someone had done the work already, it appears: https://github.com/boostpro/emacs-llvm-jit
swah 1 day ago 1 reply      
Dream: "Common Lisp/Guile, and a Chromium based rendering engine".
eschaton 1 day ago 2 replies      
Why not start with Hemlock or CLIMacs atop a CLIM implementation, or take the (MIT-licensed) ZWEI codebase and bring that forward? Is there really all that much in GNU emacs that is really widely used?
pnathan 1 day ago 0 replies      
If we (emacs users) can have an emacs that has a "modern" backend & language but is bug-compatible with the extant elisp code, I think that would be grand.

Particularly nice would be thread support.

I'm pragmatically indifferent as to whether the backend is scheme or common lisp (I'd personally prefer Common Lisp, but whatevs).

burtonator 1 day ago 1 reply      
I spent about 2 years of my life in my 20s hacking on elisp constantly. I was infatuated with it.

Then I spent about 5-10 years using that platform as my IDE.

Guess what... Last year I migrated to IntelliJ IDEA and won't EVER migrate back. It's kind of sad... but IDEA is insanely awesome by comparison.

systems 1 day ago 1 reply      
who is Stefan Monnier?and why should we care about what he thinks?

is he the main emacs maintainer? in other words, how seriously should we consider this email?

riffraff 1 day ago 3 replies      
can someone more knowledgeable than me explain how is elisp closer to CL than to Scheme?
sdegutis 1 day ago 3 replies      
Seriously, why not just use Lua? It's perfect for this.
linguafranca 1 day ago 3 replies      
Why isn't Lua even a choice? It's small, portable, easily embeddable, lightning fast, supports high-level functional programming idioms, and is extremely flexible in creating and enforcing policies (via metaprogramming).
Upgrading GitHub to Rails 3 with Zero Downtime
248 points by dewski  3 days ago   62 comments top 11
ics 3 days ago 8 replies      

    For those of you keeping score:        - Yes, Rails 3 was released four years ago    - Yes, the current stable version is Rails 4.1, which left us      two major versions behind        We had work to do in order to live in the modern world again.
Okay, so why didn't aren't they transitioning to Rails 4? I'm not clued in to much more than the version numbers so I suppose there are reasons that go a little deeper than 'the lowest version that works with the gems we want'. They've been working on the transition for six months according to the post, making it recent enough that 4 would be the 'obvious' choice unless there were fears that it wouldn't be stable (IIRC Rails 4 has only been so for a few months).

hemancuso 3 days ago 1 reply      
Am I the only one who read this as: tl;dr - don't get too far behind Rails, it's fucking painful and expensive if you do.
chippy 2 days ago 0 replies      
The article describes how they compared them for performance but didn't say which was better, and showed a graph which indicated that Rails 3 was worse for longer times in garbage collection for requests. I'd imagine that Rails 2 in GitHub would have been heavily optimized, but....

Is Rails 3 worse performing than Rails 2? Would some performance loss be okay if they had a better codebase?

reedlaw 3 days ago 2 replies      
I'm curious how they handled the differences between the Rails 2 and Rails 3 applications once they enabled dual boot. Surely not all of the changes were compatible. In the Gemfile example, there is some conditional logic that loads different gems depending on whether or not they used RAILS3=true. Was the entire codebase similarly littered with conditionals? That seems like it would be quite a mess.
jrochkind1 3 days ago 2 replies      
I think Rails 3 is _already_ security-fix only.

But I understand why they did it. And I sympathize. The Rails treadmill is a harsh regime.

I wonder if they're considering what the heck they are going to do when Rails 5 comes out (target: spring/summer of 2015. Less than 12 months) and Rails 3.x stops even receiving security updates. I mean, clearly they have the resources to backport security updates themselves that's not a problem -- it's just that they're still not quite in 'the modern world', they've just kept from falling even further behind.

dazonic 2 days ago 1 reply      
In the multi-version, how would they handle the different DSLs in things like route mapping?

map.resources :users


resources :users

jjuliano 2 days ago 1 reply      
Been There, Done That..

yep, I've upgraded a hundreds of thousands of Rails 2 codebase to Rails 3 point or so and it is a real pain. (Not to mention Ruby 1.8.7 to Ruby 1.9.3 conversion, oh boy!)

The good thing about the experience is that I have mastered upgrading Rails 2's codebases to Rails 3 or so and Ruby 1.8's codebases to Ruby 1.9's or so.

flowerpot 3 days ago 1 reply      
Very interesting! Just wondering, does GitHub actually have so few dependencies as described?
yuhong 3 days ago 1 reply      
So are they using Rails LTS or forking Rails 3.0 themselves?
kevinsf90 3 days ago 2 replies      
For a large codebase, these upgrades will be a pain, especially on ruby/rails. To scale in the long run, it'd probably be wise to modularize & split the codebase into microservices, and at the same time, port to, say, a scala or java based framework (like Play).
tootie 3 days ago 2 replies      
I feel like the lesson here is not to put mission-critical systems on leading edge software. I'd be porting to Java at this point. GitHub is a big boy company.
Larry Ellison Will Step Down as CEO of Oracle, Will Remain as CTO
246 points by jhonovich  8 hours ago   77 comments top 13
chollida1 7 hours ago 5 replies      
Interesting that they name Co-CEO's in Catz and Hurd. I wonder how that will work, especially given Hurd's "tough to work with" reputation.

Interestingly Ellison will be the CTO. This could be a shit show with 3 people trying to run the show!

I mean does anyone really expect Larry Ellison to start taking marching orders. Will be interesting to watch the short interest on this company!

I think the two headed CEO is what the street expected all along as Catz has been around for ever and alot of people thought that Hurd, the former HP CEO, was promised the CEO title when Ellison resigned.

It looks like they, Catz and Hurd, will split the running of day to day operations as Hurd gets sales, marketing and strategy reporting to him, while Catz will continue to have finance, legal and manufacturing.

Its down about a dollar after the close on about a third higher trading volume than normal. So it doesn't look like anyone is "spooked" by the news.

mindcrime 7 hours ago 0 replies      
Not really sure what to say about this. I don't know Ellison, nor do I own Oracle stock, or have any particular interest in Oracle per-se. But nonetheless, I've always seen Ellison as an important character in our industry, and after reading a biography about him, I felt a sort of kinship with him based on some shared interests.

At any rate, it definitely feels like the "end of an era" in a sense. I got my start in this industry in the mid to late 90's when Oracle, IBM, Novell, Microsoft, Borland, etc. were duking it out for supremacy, and - for better or worse - you've never really been able to escape Oracle's shadow to some extent. And Ellison was Oracle, in so many ways.

Edit: It's been a while, but I think this[1] was the biography I read. I'll just say this: regardless of what you think of Ellison, he's an interesting character and reading about the history of Ellison / Oracle is quite fascinating.

[1]: http://www.amazon.com/Softwar-Intimate-Portrait-Ellison-Orac...

dm8 7 hours ago 1 reply      
If you want to read about Larry Ellison's personality and his management style, you should read - "The Difference Between God and Larry Ellison: Inside Oracle Corporation; God Doesn't Think He's Larry Ellison". (http://www.goodreads.com/book/show/181369.The_Difference_Bet...)

It's one of the best books written on him and the way he managed Oracle right from it's beginnings. He was damn good at selling things.

smacktoward 7 hours ago 0 replies      
I'm guessing he wants to spend more time wringing extortionate license fees out of his family?
bsimpson 7 hours ago 0 replies      
Someone in The Verge's comment section noted that this Forbes list will now need to be updated:


spindritf 6 hours ago 1 reply      
The final Larry Ellison scorecard: Oracle stock is up 89,640% since he took the company public in March 1986.


turar 7 hours ago 9 replies      
Co-CEOs? I only know one company that had co-CEOs, and that didn't work out well for them.
ChuckMcM 6 hours ago 1 reply      
Demonstrating once again that tech companies really don't "get" succession planning :-) I'm kind of half joking, if you look at a bunch of 'old school' BigCorps, the progression is (CEO->Chairman, SVPx -> CEO, VPx -> SVPx) and then the Chairman of the board retires and the CEO takes on both roles Chairman and CEO, priming the pump for the next cycle.

Co-CEOs have so far been an experiment in disaster, something about not having an ultimate authority seems to really crimp organizations. I wish Oracle well but they have a lot of challenges to overcome, if I were a share holder I wouldn't be all that pleased with this arrangement as it seems to basically leave all the same people in place with all the same problems (Amazon/Google EC2/GCE, MySQL vs NoSQL vs expensive Oracle, Cheap Clusters with High Reliablity vs Expensive Servers, Etc.)

sebst 7 hours ago 0 replies      
joelrunyon 7 hours ago 4 replies      
Are there any more details into why he's doing this?
azifali 6 hours ago 0 replies      
The end of an era for Oracle that existed as a software (licensing) company. I think that Ellison stepping in as the CTO is probably more important than him stepping down as the CEO.

This move will perhaps will lay the groundwork for the next tens of billions in revenue for Oracle, in cloud based software and infrastructure.

sebst 7 hours ago 1 reply      
Will Oracle then become better? Maybe as good as Sun used to be?

just dreamin'...

justinph 7 hours ago 3 replies      
What is with the capitalization on the headline on Recode? I read it and thought, who is "Will Remain"?

It should be:Larry Ellison will step down as CEO of Oracle, will remain as CTO

Headline capitalization is pretty easy: Capitalize the first word, then any proper nouns. That's it.

How to Hire and Build a Remote Team
240 points by WadeF  2 days ago   93 comments top 17
zackmorris 2 days ago 6 replies      
Great list. One thing I want to add/emphasize is to consider the remote worker's motivations.

I'm personally not driven by money (it's just a means to an end). So a shortcut to getting bites on a job posting is to understand that there are people working in your field who may very much like to work with you. But they are deterred by past experiences in the office that drove them to work remotely in the first place.

Here are a few things to consider with freelancers:

* They are often most productive outside normal work hours

* Roughly half their time is spent doing research and keeping up with the latest trends

* They probably left the workplace to bootstrap their own startup someday

* Their productivity usually goes down if they are on call or interrupted often

* Beware loose specs and feature creep or you might burn them out and lose them

* Their productivity is limited more by time and money than challenge

* Sometimes they solve problems completely differently than you imagined and thats ok

* Their short game might stink in some areas so balance them with administrators that take care of formalities

* Self-actualization can be more important for them than recognition

* Perks and benefits probably arent in their vocabularies unless they have families to support

By them I mean me, so YMMV..

joesmo 2 days ago 3 replies      
> Also, in the job posting, ask them to apply in a unique waydon't just ask for resumes. Instead, try to make the application process prove their abilities for the job.

I can't think of a quicker way to turn down top applicants, at least in software, than asking upfront for work that is likely to be rejected. Even the custom contact forms on companies' websites are a drudge to fill in and usually not worth it. Candidates know this and won't bother. The best approach is to have a connect with LinkedIn or just a simple email that can receive resumes. Anything else might make it slightly easier for the company at the expense of losing out on qualified applicant.

idan 1 day ago 0 replies      
As someone working remotely, this line rubbed me the wrong way immediately:

> More potential warning signs are individuals who are poor at following up via email, forget when the interview was scheduled, or aren't flexible with an interview time.

Communication is a two way street. If you're looking to hire people remotely and you expect them to simply adjust to your timezone, you're setting up a bad remote employment relationship.

I've worked for years with a 10-hour offset from most of the people with whom I communicate, most recently with Heroku. A large part of what made Heroku attractive to me as a workplace was the pleasantly frank conversation about communication and limits. I'm generally available for meetings (my) 10p-midnight, which is noon-2p in SF. Otherwise, email / trello / hipchat / etc. Obviously, exceptions happen, and they really are exceptional (no "just this week" things that appear every week).

I've spoken to a ton of distantly-remote employees over the years and all of the stories that involved radical timeshifting on the part of the remote employee ended in a move to HQ or burnout and quitting with a lot more of the latter.

bshimmin 2 days ago 0 replies      
There's a lot of good material in this post.

It struck me as I read through the traits of "great remote workers" (wondering, as a remote worker myself, if I had these traits and was thus a great one) that it's never going to be easy to hire a junior developer - or a junior anything, really - in a remote role: in particular, the ability to prioritise is something that you can really only acquire with experience, and "propensity towards action" is a little pointless unless you're actioning the right things; likewise, many developers, in particular, take some time to get their written communication up to an acceptable level; and as for trustworthiness... well, a junior developer is just as (if not more) likely to be honest than anyone else, but would you actually really trust that they're doing it right, based on your past experiences?

This leads me to the conclusion that remote working is perhaps best reserved for those with a little more experience, and that maybe this great movement away from centralised offices may never quite materialise in the way that some seem to imagine it inevitably will. Perhaps I'm wrong though!

lucb1e 2 days ago 2 replies      
> The email is personal,

The email is not personal. It has a name and a few words (the "<insert something interesting they mentioned>") but it gives no feedback on why you are not hiring them. Reading the rejection email as someone who might be receiving it, it would leave me wondering and frustrated, and more likely than not I'd reply to ask why I was rejected. You're not going to hire me, there is no reason not to just tell me.

Maybe this is just American culture (they seem a bit less straight-forward with negative things than the average Dutchman), but the ever-polite "hopefully you'll stay in touch" is more annoying than nice to me. Staying in touch is regular communication, not a line you should say to everyone regardless of how terrible their resume was and how applicable they may be as a future employee in a different position when really you're meaning to say goodbye.

rafe33 1 day ago 0 replies      
I'm not sure why any venture backed startup, in an area that has local talent, would want to deliberately go the remote workforce route. It hampers your ability to scale, hurts your future acquisition chances, creates and will lead to communication redudancy, and culture distractions. It rarely works out positively.

In short, while I am sure that there are some instances where it works well (eg Basecamp / 37signals), I'd expect that they are the exception to the norm.

Note: I did build a remote startup with incredibly talented people and after a lot of soul searching and time required them all to come join us locally (or helped them find a new job elsewhere). Hardest decision we made at the company and certainly the right one.

NOTE 2: the best remote recruiting tool we had was to handpick whole invited to work with us. We hung out on mailing lists and read potential employees blog posts to see what kind of amazing open source projects they were sharing with the world, before trying to individually recruit them.

guybrushT 2 days ago 1 reply      
There is a recurring theme in this post about "putting candidates to the test" - sometimes simple testing in the hiring form (to select the ones with the highest intent) and them to "test with a project" to find out the best ones. I wonder if this is very practical for a company that isn't a popular/based-in-vally startup. I have a two part question: (a) How successful have you been in getting this level of engagement with candidates before you hired them? I would love to learn more about this. And (b) How well does this work for "non-programming" roles - that is, can you really devise practical projects/problems for people to solve. I know the business development example mentioned in the OP, but that is a small test in the form of a question - but I can't imagine what a real "project" for this type of role would be? -- sorry, thats 3 questions :) .. but I am curious to dive deeper into this aspect of the post.
physPop 2 days ago 6 replies      
Is it really appropriate to expect a slew of candidates to drop everything and do "sample work" so you can assess them?
mbesto 2 days ago 0 replies      
Communication is absolutely key for remote teams to work. That being said, I often find remote teams using hip tools as a crutch for communication. We use Trello/HipChat/Hangouts/etc, but it doesn't mean Asana/Slack/Bootcamp/etc work as well.

IMO, I usually rate remote resources on the following:

- Are they a resource that will "finish my sentence"?

- Do they constantly set expectations about progress and milestones?

- Do they tell us when things aren't going well and need help?

- Do they update our communication channels frequently?

And we do this by putting them in a small project first and then moving forward after. The project typically has very little to do with code, but rather to see if the points are true.

Source: I've almost exclusively been running/working-with remote teams for 8 years now.

netcan 1 day ago 0 replies      
Remote teams is one of those things that can be a secret weapon.

I think remote work doesn't work for a lot of companies. A big part of what a company is is a culture and that culture is usually built around a physical place, for better or for worse. But, there is evidence aplenty that culture, great work and collaboration can be happen online. It's a new world and a company needs to find its own way, but if successful a remote working culture that works can be a secret weapon.

tieTYT 2 days ago 1 reply      
I have a question as a potential remote employee: If I live in a city with a very high cost-of-living, will it be difficult to find a remote position that pays reasonably well relative to my cost-of-living?

I assume one of the biggest benefits to hiring a remote worker is you can hire someone with a very low cost-of-living and pay them relatively relative to that. But if I'm living in a place with a high cost-of-living and the company can hire someone from any part of the world, why wouldn't they wait and find someone that's super inexpensive?

skasriel 2 days ago 0 replies      
Hi OP,

I recently wrote a small eBook about building distributed engineering teams, based on our experience in building the team that builds odesk.com (yes, we eat our own dog food and we've learned a lot along the way).

People can get it for free here: http://work.odesk.com/recruit-manage-distributed-engineering...

Hope this is helpful, I'd love to hear everyone's feedback about it.

syntern 2 days ago 0 replies      
Thank you for writing a detailed guide about your best practices. It is a long-term struggle to convince managers that good remote work environment can be done (and good for both their budget and their employees well-being), and such stories definitely help this effort.
xentronium 2 days ago 4 replies      
Can't help but notice that 8 out of 10 of their accepted applicants' locations are in US. I've been wondering whether american startups even consider hiring somewhere from e.g. eastern europe or africa or central asia.
sethammons 1 day ago 1 reply      
My only concern would be the requirement for GoToMeeting. Anyone who develops on a linux rig would be unable to meet.
EGreg 2 days ago 0 replies      
Yes! A very good overview of how to hire people remotely. Removing extra (often irrelevant) constraints such as location lets you focus on other more crucial things. Also, a remote team leads to more personal freedom, goal-oriented focus, and encourages that you work via a Asynchronous workflow and thus more efficiently.
clebio 1 day ago 1 reply      
Hmm, I don't know. A banner image of a bunch of white guys, and then

> Not everyone is cut out for remote work...

sort of lost me somewhere between the lines.

Boeing-SpaceX Team Split Space Taxi Award
244 points by rbc  2 days ago   115 comments top 13
teleclimber 2 days ago 8 replies      
"A SpaceX Falcon 9 rocket, which would power the Dragon V2 capsule, exploded during an Aug. 22 test flight. Musk said afterward in a Twitter post: Rockets are tricky."

Am I the only one who finds this a bit misleading? That was a highly experimental version of the 9 that failed. And it failed while trying to do something no rocket this size has ever done. It seems that would be worth mentioning.

Next paragraph:"The Atlas V boosters chosen by Boeing have a flawless record launching high-priced military payloads."

...yet the google finds me this:http://www.spaceref.com/news/viewnews.html?id=1222"Two top secret National Reconnaissance Office (NRO) ocean surveillance spacecraft were fired into the wrong orbit June 15 when the 200-foot-tall Atlas V rocket they were riding on stopped firing too early in space following launch from Cape Canaveral, Fla."

I guess I'm not surprised the media is uninformed (or biased) but it still ticks me off enough that I feel the need to point it out.

ChuckMcM 2 days ago 8 replies      
I find it interesting that Boeing is constantly trying to get into every story that they made all their milestones on time. I think perhaps they are dealing with the fact that the CST-100 system looks like something from the 70's when compared to the Dragon V2.

Its clear to me that SpaceX is taking the bigger risk here, they have way more things that are untried but I am so hoping they make it to the finish. Boeing would develop a slightly better capability than Soyuz (7 astronauts vs 3) but SpaceX would deliver capability far in excess of that, 7 people landed where you want them on land or on sea.

zyb09 2 days ago 4 replies      
Hilarious how SpaceX gets $2.6 billion to develop human space flight, while Microsoft pays almost the same amount to buy Minecraft. Talk about ridiculous evaluations in the tech industry.
sho_hn 2 days ago 9 replies      
"It's two contracts to the same requirements" (press conference), but Boeing needs $4.2 billion and SpaceX makes due with $2.6 billion. What am I missing?
worklogin 2 days ago 1 reply      
This is as good a turnout as one could hope for, really. It assuages the entrenched interests, keeps the companies in more fierce competition, and gives even more political legitimacy to SpaceX.

Any more details on why SNC got passed up?

whoisthemachine 2 days ago 0 replies      
I'm actually quite surprised by this. I thought once the congressmen started complaining that it needed to be single contract[1] that NASA would go all Boeing. Good on them, I think they've struck the best balance they can do politically, financially, and technologically.

[1] http://arstechnica.com/science/2012/05/us-house-pares-nasas-...

marktangotango 2 days ago 1 reply      
Charlie Bolden is one of the best, if not the best NASA administrator ever. You can't say enough good things about him. It's a great time for human space flight, it really seems like the dawn of a new era.
tomelders 1 day ago 0 replies      
every time this space-x stuff comes up, I always take a moment to remind people of Reaction Engines and - Skylon [http://www.reactionengines.co.uk/space_skylon.html]

I realise there's practical differences in terms of the current rate of progress between Space-X and Reaction Engines, but in the long term (and making the huge assumption that they'll get Skylon built), I think Reaction Engines has the better plan.

geuis 2 days ago 2 replies      
I listened to the post-briefing audio feed where reporters called in and asked additional questions.

A very common question people have is about why the money is broken up between Boeing and SpaceX as it is. Why does SpaceX get a smaller amount?

The awards were based specifically on the estimates that each company submitted in their proposals. In other words, Boeing said they need $4.2 billion and SpaceX said they need $2.6 billion.

This is very telling because the proposals are for the same NASA requirements. SpaceX is saying they can do it 1.65 times cheaper than Boeing.

NASA is not currently commenting on their decision process for choosing to award these two companies.

My personal supposition is that its a best-of strategy. NASA has a high priority to get human launch capability back under our control. They also have competing requirements. Do it as inexpensively as possible. Use multiple partners to fulfill the commercial spaceflight mission. They also need the assurance that the companies they work with can actually complete the contracts.

Boeing is an old dog and partner to NASA. They have decades of experience behind them. SpaceX is relatively new and while increasingly successful with delivering launch vehicles, they've not yet built human launch craft. It makes sense, when you think of it as a way of hedging NASA's bets, to choose these two companies even though their award amounts are vastly different.

ck2 2 days ago 1 reply      
They are being awarded about what it costs for a couple months for the wars in Iraq.

Sigh, our priorities suck.

joshfinnie 2 days ago 1 reply      
I am excited to see where this goes. I really like that NASA is getting out of the way of things that drag down its scientific ventures.
lifehug 2 days ago 1 reply      
I have underestimated the Musk-Fandom. I'm also behind the guy but am lolzing at all the knowledgeable armchair astronauts and their expert conspiracies.

If only they would have relied on the opinions of web developers rather than experts in the aerospace industry.

I'm happy with the outcome but I don't hate Boeing so I'm obviously biased. That being said, I hope Elon demonstrates his ability, and will cheer him on.

Amazon releases new Kindle products
231 points by tgcordell  1 day ago   186 comments top 45
swanson 1 day ago 11 replies      
I've owned every model of the Kindle (minus the comically large DX) - it's been fun to watch them iterate and refine this device. It really is a great product and the price point is always within my "insta-splurge" budget. I read roughly 10-20 books a year on the Kindle.

The Kindle Voyager fixes the biggest complaint I have with the Paperwhite: page turning via touching the screen is worse than the physical buttons on older-gen Kindles. And the auto-brightness sensor means there is one less thing for me to fiddle with. Higher DPI and thinner (flush bezel looks sexy!) are just icing on the cake.

It's kind of hard to explain why I love the Kindle so much - and why I've owned every model - but something just feels right to me about reading with it. It's modern but familiar and so much more convenient for me (click Buy Now on amazon.com and the book is loaded by the time I walk over to pick it up from the shelf).

FYI: I always buy the models "With special offers" (ads shown on the lock screen - but usually Amazon does a free giftcard offer during the first few weeks so free $$) and "WiFi" (I've rarely used the 3G - and you can always just tether to most phones nowadays anyway).

soapdog 13 hours ago 3 replies      
I come from a different country (Brazil) but I am addicted to eReaders. I had a couple Kindles, they were always rock solid. Page sync was the most useful feature for me because I kept my Kindle in my home and read on the go with a phone.

The main pain point for me was the lack of Epub support in it. I wanted to buy the paperwhite but in an effort to not support DRM based solutions I started buying my technical books directly on the publishers website with non-DRM formats.

Then Kobo released the Kobo mini and that was the perfect pocketable size for me. I jumped in. All my Kindle notions and impressions were out of the door. The Kobo was a much better device in my opinion. The "Reading Life" feature was awesome and the UX and font selection great. Stopped using the Kindle.

Then I missed a light. I tend to read on the dark hours and something like the paperwhite became a need. eReaders are not cheap here in Brazil. A Kindle Paperwhite with cost you USD 200+. Since I was a fan of Kobo, I decided to check out the Kobo Aura HD. Heck the thing was the price of a laptop.

In the end a major book retailer here in Brazil decided to ship their own eReader called Lev. It had a version with light, it could read Epubs and other formats and it fit my budget. Also it had a killer feature the both Kindle and Kobo lacked: PDF Reflow. This small simple eReader can reflow text on a PDF to fit the screen and it works pretty well. I was sold. I am pretty happy with my Lev eReader now, I have all the features I could want from the competitors plus the ability to read old LISP book PDFs as if they were meant for that screen.

Moral of the story: Instead of jumping in and buying the new thing from gigantic retailer, shop around and see what the small guys are doing in your region. There might be an eReader there that fits your needs much better than the Kindle. (Still miss page sync though)

amerkhalid 1 day ago 3 replies      
Kindle Voyage looks like almost perfect reader.

I have been Kindle user since they had Kindle 3. I love K3 but I wish it had backlight. I bought Kindle Touch but gave it away, cuz touch screen was clumsy to use for page turning. There were so many times where I tapped a link accidentally while turning a page. However, I liked touch for quickly tapping word to look it up in dictionary.

This Kindle Voyage with dedicate page turn buttons, backlight, and touch screen might just be perfect..

If only it had "Text to Speech." I guess not many people like to hear books in monotone. But I use it to listen to old classics, blogs, or other fiction while walking on treadmill, driving, or when I just too tired.

krschultz 1 day ago 0 replies      
I write mobile apps for a living. My desk is littered with iPads, Android phablets, etc. I've tried them all.

You can drag the e-ink display Kindle from my cold dead hands. Nothing is better for serious book reading. It's the only screen my wife and I allow in our bedroom, it's the only electronic device I'm bringing to the beach. I'm very happy to see Amazon continuing to refine them.

otoburb 15 hours ago 0 replies      
The Kindle Voyage[1] doesn't state whether it supports Amazon's etextbook format. As an example, the Kindle Probabilistic Graphical Models[2] textbook is only available on PC or Kindle Fire, which is a bummer if still true since the Voyage looks like it should be able to handle this now, but no actual mention of this in the product description nor in the pull-down hover label "Available only on these devices".

[1] http://www.amazon.com/dp/B00IOY8XWQ/ref=fs_kv

[2] http://www.amazon.com/Probabilistic-Graphical-Models-Princip...

scw 1 day ago 7 replies      
Here's hoping that the roughly quadrupling of resolution (167dpi to 300dpi) will make reading journal PDFs tolerable over the current generation of Kindles, where it's obnoxiously cumbersome (it requires rotating the screen and viewing 1/4 a page at a time). The DX had a 1200x824 screen, but only at 150 ppi. This is better, and has a less expensive launch price.
tzs 1 day ago 1 reply      
I have a Kindle Paperwhite, and one thing that has puzzled me is the light. The light setting has a slider to set the brightness, and the labels recommend a low setting for dark rooms and a high setting for bright rooms.

What puzzles me is that in bright rooms (e.g., all my daytime reading if the window blinds are open) I turn the light all the way off [1]. One of the points of eInk is that you don't need any extra light when you are in a bright room.

Why does Amazon want me to turn the light up, which eats up the battery? I realize it does make the screen look whiter to have the light on in a bright room, but as far as I can see it does not make a noticeable difference in readability.

The new high end eInk Kindle features automatic light adjustment based on a light sensor. If that means that in bright rooms it is going to crank up the light, I would not be happy. Does it do that? If so, can it be overridden?

[1] well, not quite...the light cannot be turned all the way off on the Paperwhite while reading. It only goes all the way off when you put it to sleep.

dilap 12 hours ago 0 replies      
I'm a little bit sad to see the touchless base kindle go away.

I have both a kindle paperwhite and the previous base, touchless model, and the text is noticeably more recessed underneath the physical display on the paperwhite -- presumably to accomadate the touch sensor and the light.

So even though it's higher DPI, the actual reading experience feels more analog/physical-paper-like on the classic, touchless kindle.

tomw1808 1 day ago 1 reply      
I think the more than competitive offer of amazon is not really surprising, thinking that they always reduce their own margin significantly to offer such awesome products. Well done, well done!

What I am wondering though is, why they post a picture instead of text on the website - not only for SEO. It results in everyday problems: eg I can't copy and paste the text and post it into skype to inform my dad about that. Yeah, sure, I could post the link, but this is what I consider as a really bad practice. Compare the beautifully crafted privacy statement of apple, even the text in the charts is "text". Just my 2 cents...

Eleopteryx 9 hours ago 0 replies      
I initially loved my Paperwhite, but I was turned off by the lack of epub support. Whatever their rationale is, I object to not supporting an open format in principle. I have no trouble buying books from their store; 4 out of 5 times they have the lowest price anyway, and the purchasing process is smooth. But 1 out of 5 times they don't have the lowest price, or the formatting of a book I want to purchase is for some reason fubared (the last couple of books I got from Google Play specifically because of this), so I should be able to upload an epub painlessly. So the device starts to feel more like a vehicle to get you to buy into their Kindle ecosystem than anything else, even though the reading aspect of it is really nice.

This doesn't seem to bother most people, though.

I ended up getting a tablet, but I can't say it's an improvement in every regard. Tablets cost more (actually with the voyage at $200, not that much more), they weigh more, the batteries don't last nearly as long (although I get a good 1-2 days out of use), and good luck reading in the sun. But they also do more.

The Kindle app on Android is in some ways more feature-ful and easier to use than the Paperwhite's software. Taking notes (I read a lot of non-fiction) for example, is a cinch when I can use SwiftKey, where as the Kindle's native keyboard was a pain in terms of responsiveness, predicting words, and making corrections.

To each his or her own, though. But I'm definitely not in the "I don't need a tablet" crowd.

That said, I had no idea that I could jailbreak the Paperwhite, or that there was such a huge scene around it. Gonna check that out.

martco 22 hours ago 1 reply      
"For the first time, you and your family can access and easily share not only your own Kindle books, but also books from the Amazon account of a spouse or partner"

This seems like a really nice feature that was somewhat buried in the Kindle Voyage description.

necubi 1 day ago 0 replies      
The Verge has a first look at the new high-end Kindle Voyager [0] and it sounds like the increased resolution (300dpi) really makes a difference. I'm also excited that the screen is now glass. The old plastic ones were very easy to scratch.

[0] http://www.theverge.com/2014/9/17/6353785/amazon-kindle-voya...

reedlaw 1 day ago 2 replies      
$80 more for the higher-DPI Kindle Voyage seems a bit steep. Usually each generation of e-Ink Kindles were roughly the same price but with incremental improvements. I don't see much improvement in the Voyage to justify a big price increase. Plus I wish they'd bring back the physical page-turn buttons. Touch screens and "haptic" responses can't beat old-fashioned buttons.
ComputerGuru 22 hours ago 3 replies      
Wait, what? It's $200 dollars? I spent a good five minutes trying to find the mistake that was showing me that price. Did Amazon learn nothing from the Kindle Fire phone fiasco?

Kindle had always been a no-brainer purchase at a "don't think too hard about it" price point that made upgrading to each new model actually feasible. But two hundred for a higher resolution screen and a $2 dollar photo sensor module? Color me confused.

I clicked the link with every intention of buying after reading the comments here, but I can't believe no one mentioned the (hefty) price tag!

malloreon 1 day ago 1 reply      
I have a paperwhite and an iphone.

I am an iOS engineer by trade.

If I had to give up my paperwhite or my iphone, I'd give up the iphone in a heartbeat.

If you read, you need a paperwhite.

thomasfl 8 hours ago 0 replies      
Why is there no web browser on the tablets without backlight?

I have wanted a laptop or tablet without backlight for years. The backlight not only makes it harder to get to sleep at night, but it also makes it harder to concentrate. A laptop where you didn't have to stare at a backlight would make it easier to get shit done. I can't just dim the screen on my MBP. It is even some research that suggests there is a hypnotic effect of staring into a bright lit TV or computer screen.

polskibus 22 hours ago 0 replies      
I really wish there was a new DX model, with screen size between old DX and the standard version
dombili 23 hours ago 2 replies      
Voyager looks nice, but as a Paperwhite 2 owner, I'm not going to upgrade it. I don't really care much about the physical buttons on the side for page turning but the screens and the bezel having the same height and being on the same level sounds great.

Also, $79 regular Kindle doesn't have any kind of backlight (or whatever that's called in Kindles), which could be a deal breaker with some people. Not to mention its DPI is much lower than Paperwhite 2, probably even 1.

acabal 1 day ago 3 replies      
Looks like a great upgrade to the Kindle Paperwhite, in particular the return of physical page turn buttons. But my biggest wish--native epub support--still isn't there :(
wsc981 21 hours ago 4 replies      
I understand that many people like to read fiction and the like on the Kindle.

How useful would the Kindle be for reading technical books?

bithush 19 hours ago 2 replies      
UK prices are (with special offers/without special offers)

Fire HD 6"

79/89 - 8GB

99/109 - 16GB

Fire FDX 8.9

329/339 - 16GB

369/379 - 32GB

409/419 - 64GB



Kindle Voyage

169 WiFi Only

229 Wifi + Free 3G

swartkrans 1 day ago 3 replies      
I had the original Kindle Fire which worked nicely, but had a pretty poor screen. Now I have the 7" Kindle Fire HDX which has been fantastic with a beautiful screen, except a few days ago I noticed a yellow blur irregularity in the top right corner, like a little streak stain that turns things a little bit yellow. I don't know, if Amazon Video were available on a real Android tablet I'd get that, but until then I'm using these Fire tablets.

Also, my opinion on the kids version of the Kindle Fire is don't get it. Get an iPad. The iPad ecosystem is so much better for kids. There are so many great learning apps, there is no question unless the price is really a deal killer that you should get an iPad for a child. Very few of these children apps are available on Android tablets, much less the Amazon app store. I say this as someone who owns a Galaxy S5 and loves Android. These products are great, but sometimes even frustrating for adults so for kids they are not so usable and have a poor choice of apps.

jscheel 9 hours ago 0 replies      
I got a Paperwhite about 3 weeks ago. I've kept it in the packaging, anticipating a new release was coming. I was not anticipating such a huge bump in price though. Guess I'm keeping the Paperwhite.
mchart 1 day ago 1 reply      
It feels somewhat sad to see them take away the physical keyboard. I find myself regularly using the keyboard on my current Kindle to annotate books as I read them. Even if it is more efficient to have an on-screen keyboard, physical keyboards symbolically imply that one could potentially be an active critic and participant rather than only a passive consumer of media. For the same reason I have always preferred computer to console video games, and I have never completely warmed up to the iPad even though I own one. Then again, my physical paper books always seemed to become filled with sticky notes and (erasable, penciled-in) annotations, too.
blaabjerg 18 hours ago 3 replies      
I've never owned a Kindle before, but I want one and I can't decide if I should go for the standard Kindle or the Voyage. What are your thoughts, is the upgrade worth it on a tight student budget?

I'd be upgrading from paper books, so I'm not entirely sold on the idea that I particularly need a front light. Is the readability significantly better even in a well-lit room?

grinnick 15 hours ago 2 replies      
I have never owned a kindle before. Should I wait for the Kindle Voyage (wait about 6 weeks and pay $100 extra) or buy a Kindle Paperwhite now?

It appears the main improvement is the resolution but it's difficult for me to get a sense of how important this is without having used a Paperwhite.

theon144 18 hours ago 0 replies      
What's Amazon's grip against physical buttons? Out of the whole range, I still like Kindle 3's page-turning buttons the most.
Sami_Lehtinen 23 hours ago 0 replies      
I love my Kindle because it got ultimate display compared to any other media device. It's just delighting experience to read in full sunshine. If you try your iDevice(s), you can't see a thing in those conditions. Another great features are of course the battery life and weight. Many manufacturers advertise light tablets, but most of those aren't light. I'll always have my Kindle with me, and it allows me to read tons of stuff during the year. I'm using it more than one hour / day.
petercooper 17 hours ago 0 replies      
The new HD tablets might finally be the first tablets to make it into my in-laws' house. The first tablet I've seen that's basically guaranteed to be of a certain quality, that isn't expensive, and is by a company they've heard of. I think this could be bigger than it looks from a tech point of view.
collyw 15 hours ago 2 replies      
I never understood the appeal of touchscreen son Kindles. They have a really nice screen, why get greasy finger marks all over it? These ones don't appear to have the side buttons that my basic kindle has, which implies that I would need to hands to switch page.
a3176082 15 hours ago 0 replies      
Fire HD 6 - Quad Core but they seem kinda silent about the memory. And for a good reason, it has 1GB of RAM. That is way too little for Android. Wouldn't buy, no matter the price. Note how they also call "storage" as "memory".
fourstar 23 hours ago 0 replies      
The "Worry free" warranty for kids is great.
jwr 22 hours ago 2 replies      
I stopped upgrading my Kindle at Kindle 4. There were three things wrong with the Paperwhite:

1) no physical page turn buttons,2) weight,3) worse typography.

They seem to have fixed (1) in the latest model, but I still need to check if it's as heavy as the paperwhite and whether they improved they way text is displayed.

zak_mc_kracken 23 hours ago 1 reply      
The Kindle for Kids is very interesting, does anyone know if it's still possible to install arbitrary .apk on it? I know it doesn't have Google Play (only access to Amazon's store) but if I can install .apk files from the Play store manually, then it's an instant buy.
prezjordan 1 day ago 0 replies      
I left my Kindle on the Caltrain about 2 weeks ago (side note: if you found a Kindle on the Caltrain about 2 weeks ago please let me know!). I guess I picked a pretty good time to need to buy a new one - not totally sure if I can justify the $200 price tag for the voyager just yet.
gfunk911 1 day ago 4 replies      
$99 seems insanely cheap, assuming it's not completely gimped.

The kids edition is also a cute idea

paulornothing 9 hours ago 0 replies      
Isn't it called the Kindle Voyage? Everyone says Voyager.
YBibo 21 hours ago 3 replies      
I seriously don't get why people want buttons (including these side "buttons" with haptic feedback) to turn pages. It's so much more satisfying to turn a page on a Paperwhite with a flick of the finger sliding across the "page" (the screen) like you would do with a book. You can already tap the screen with your thumb (using the same hand to hold the device) to turn a page. Why on earth would you want these ugly lines and dots now on the side of the Voyager reader so you can turn your pages that way?
taeric 1 day ago 1 reply      
I'm impressed that they aren't hyping up the profiles stuff more. Especially the feature where you can link multiple accounts to it. Not that it is that big of a deal, but it is rather comical on what they think I want to read/watch nowdays.
jongalloway2 23 hours ago 0 replies      
It's too bad that none of the e-ink Kindles has audio anymore. I really liked being able to read on a device, then seamlessly (on the same device) switch to listening while driving / flying / working out.
hdra 1 day ago 2 replies      
Another Kindle release that I can't have. All these cool products that aren't available where I live.

Seriously though, does anyone know whats stopping Amazon from making their offerings available in more countries?

rtcoms 20 hours ago 0 replies      
We really need front-light displays for laptops/monitors. Is any company making those ?
riffraff 18 hours ago 0 replies      
interestingly, Kindle Voyager and Kindle Kids don't seem to be available on all national amazons, I wonder why.
bithush 19 hours ago 0 replies      
The Kindle Voyage looks really nice but at 169 (a 60 increase over the Paperwhite) there is no way I will be getting one. That is a lot of money for just an ereader to me.
hnriot 22 hours ago 1 reply      
$20 more to avoid ads on the lock screen and another $20 for the power adapter!!! WTF
Tramadol Is Not a Natural Product After All
217 points by crygin  3 days ago   116 comments top 12
knd775 3 days ago 6 replies      
Wait, let me make sure I am understanding this. So Tramadol was given to cattle in such large amounts that it made it into the soil and enough got soaked up by trees that it was thought that Tramadol came from those trees.

That is just incredible.

dbbolton 3 days ago 3 replies      
>The farmers apparently take the drug themselves, at pretty high dosages, saying that it allows them to work without getting tiree.

That's insane. Tramadol is among the worst painkillers to use recreationally, which is why it's often the next line of analgesic therapy after NSAIDs and before hydrocodone.

It is a comparatively weak mu-opioid agonist, so the dose a person would have to take to get a prototypical opioid high, likely quadruple a normal prescribed dose at minimum, is pushing the margin of safety.

I am not advocating drug use here, but if you're dead set on getting high, please use something else- namely something with a higher mu-affinity that would require a lower dose, and ideally something that's not combined with acetaminophen or other NSAIDs.

telecuda 3 days ago 1 reply      
Tramadol recently became more regulated as a controlled substance and now requires patients to jump through more hoops (pain management visits, drug tests, etc.) to obtain. Source: Family member on Tramadol and http://www.businessinsurance.com/article/20140818/NEWS08/140...
pron 3 days ago 3 replies      
> Natural products chemistry is getting trickier all the time

So now there's "natural" chemistry and "plain" chemistry? I thought molecules are molecules, and don't care how they came to be. What if humans were to artificially select some bacteria over a few generations to synthesize a certain molecule. Would that molecule now be "natural" or synthetic? In fact, it can be argued that many "natural" molecules are a result of that exact process, because their synthesizing organism has evolved to survive human effects.

EDIT: as pointed out by localhost, natural products chemistry is actually a well defined -- and widely accepted -- term.

linker3000 3 days ago 2 replies      
So, no organisation took samples of these trees/seeds to cultivate and study elsewhere and wondered why they weren't getting the same results!?
vhost- 2 days ago 0 replies      
This drug is absolutely awful.

I had an abscessed wisdom tooth and was prescribed Tramadol for pain management while I waited for an appointment to get teeth extracted.

Not only did I feel like shit all the time, when I tried to stop taking it, I couldn't sleep at all. It was entire nights of frustration, tossing and turning. I was only taking 100mg a day to just get through work and whatnot too.

I decided to do some research and I read about people taking upwards of 700mg to 1000mg a day because of addiction. I can't imagine being addicted to this drug. It makes you feel foggy, your throat burns, you have headaches...

I've been sober for most of my life. I've never drank or taken prescriptions recreationally. So this experience was pretty terrible.

apercu 3 days ago 0 replies      
I give my aging lab Tramadol. It is easier on his liver than other painkillers. Vets routinely proscribe Tremadol as a painkiller to animals after surgery, as it's not hard on their organs.

But that doesn't mean you should take it. Stick to beer.

s_baby 3 days ago 1 reply      
How are the farmers obtaining such large quantities of Tramadol?
ck2 3 days ago 1 reply      
wtf are anti-depressants being given to cattle?
throwaway_yy2Di 3 days ago 1 reply      
[off topic] Wow, his last post created some bizarre drama on Reddit:


His criticism of a biotech CEO provoked a Reddit thread with two thousand comments, and the CEO showing up to write responses. And controversially the whole thing was removed by moderators, and Dr. Lowe briefly banned from the site.

bishun 3 days ago 0 replies      
My first thought would not have been, "Wow this tree's producing tramadol." It would be, "Wow this tree's contaminated, I wonder how?"
Igglyboo 3 days ago 3 replies      
You could easily argue that everything that ever was or will be is natural, not really sure why the word is still used to describe products.
No, You Cant Manufacture That Like Apple Does
213 points by brk  13 hours ago   96 comments top 17
mgkimsal 12 hours ago 5 replies      
It's pretty much the same in software too. I often get requests for functionality and when I say "no, we can't do that", I get "Why not? Amazon does it".

Hrmm... Amazon has dozens of people working and supporting just that one feature. You're trying to engage me to do an entire project. On a fixed budget. With a fixed time frame. And you've changed your mind 3 times in the last 3 weeks on key points.

Of course, yes, there are amazing things you can do with software that weren't remotely feasible even just 5 years ago. But there's always a moving target - the market leaders (Apple, Google, Amazon, etc) are constantly pushing the boundaries of what's considered 'normal', and most people have 0 idea of the real cost and effort involved in having the functionality come across as polished and error free as the big boys.

josefresco 11 hours ago 3 replies      
Forget fancy techniques, just scale alone is enough to shock you when looking into manufacturing. We got quotes from various providers at $4-$12/part. Meanwhile, in grocery stores, department stores, even dollar stores we would see similar products (using the same materials) being sold for $1-2.

The difference is mostly related to the number of parts being ordered. For a startup, ordering 100,000+ parts just to get pricing reasonable is a no-go unless you (or your backers) take a major risk.

Makes you feel like getting off the ground is almost impossible, when you can't even get your wholesale cost below the retail cost of similar products.

foofoo55 11 hours ago 1 reply      
The main point is that manufacturing, especially high-volume, consumer, apple-quality products, is very hard and requires serious expertise. Such startups should bring in such mechanical & production engineering expertise, because the hardware becomes as important as the software & electronics.

The irony is that many software startup wizards brush off mechanical design the same way that naive managers treat software development. "It's just a [box/case/app/website], how hard can it be?"

taylodl 12 hours ago 1 reply      
Thanks to follow-up research after reading this article I now know what an ejector pin mark is, and now that I know I see them everywhere! Gah!
serve_yay 11 hours ago 3 replies      
The more you know this sort of thing the harder it becomes to believe that Apple makes the same things everyone else does but with fancy marketing.
noir_lord 12 hours ago 2 replies      
$12 for a box at scale, well damn!

Use 100% recycled cardboard and print the box in a single color water based bio-degradable ink.

Then claim you do this to save the environment, win-win ;).

zwieback 11 hours ago 0 replies      
Not mentioned is the challenge of managing a good CM in China or Malaysia. If you're small you get what everyone else does, at higher prices. If you're huge you can groom your CM and make sure you get what nobody else does, at a lower cost. Of course sooner or later the manufacturing knowledge leaks out so it's a rat race even for someone like Apple.
psychometry 11 hours ago 1 reply      
There are so many acronyms in this article that aren't defined. Maybe I'm not the intended audience for this article, but it's pretty hard to understand when you don't know what CM, CNC, or BOM mean. Is it really so hard to use the <abbr> tag?
eitally 9 hours ago 0 replies      
This is why -- for example -- Flextronics opened their Lab IX [1] in SV last year. In cases where hardware ideas are good ones, it makes a lot of sense for the guys with the manufacturing expertise to get in the loop early on. They can incubate, invest, and indulge in some of the wild stuff innovators want but can only be executed with $mm of equipment.

[1] http://www.labix.io/

qwerta 10 hours ago 3 replies      
Article does not mention capacitive touch screens. Apple basically build its own factories (and subsequently entire industry) to manufacture for iphone 1.
lazylizard 9 hours ago 3 replies      
but apple is not the only large luxury goods manufacturer, right? how does louis vuitton do their thing? or leica? or rolex? if anything, aren't lv and rolex the orginals at mass producing/marketing luxury goods?

separately, i imagine not just leica, but the entire optics industry has answered the question of precision/quality at scale before?

and finally, there're more , right? like mercedes-benz, bmw, lexus, porsche, medical instruments, the aerospace industry... don't all of them have to solve 'quality at scale' problems?

and at smaller scales..parker pens? zippo lighters? swiss army knives?

and then..something like http://www.muji.us/store/ could be good enough as far as the perception of quality goes?

whizzkid 11 hours ago 2 replies      
This article actually misses some key points while it is telling the truth.

Most of the things mentioned in the article is correct BUT,

If you are going to make a product and you think that your product is going to be as revolutionary as Apple was at the beginning, then don't worry. You will be good to go.

If you can provide a unique, mind blowing product just like Apple Lisa in 1983, you can sell it for really unrealistic prizes.

Apple Lisa was sold for US$ 9,995 at the time it was released. You could buy a new house around $86000.

So the question is not how expensive is going to be, the real question is,

Is your product mind blowing?

ashish01 12 hours ago 5 replies      
Then how did Nest do it?
niels_olson 8 hours ago 0 replies      
Aren't turbine blades also grown from crystal before machining? Even Apple doesn't do that...
at-fates-hands 8 hours ago 1 reply      
When did Apple go from manufacturing ordinary hardware to making that leap where they had the financial resources to truly make something incredibly unique and beautiful? Was it one product one year, or did happen over a span of years where they had smaller increments of change?

I'm curious to know how a company can get to a point and say, "Ok, we can do something really cool, on a massive scale and make it successful." Is a slower transition, or more of an abrupt change that takes place?

snowwrestler 13 hours ago 2 replies      
Surprising statement that the box might be the most expensive single element of the iPhone.
ww520 11 hours ago 0 replies      
Build a Facebook lite for such and such...
Palantir Pricelist (page 27) [pdf]
225 points by thebyrd  2 days ago   100 comments top 17
bane 2 days ago 7 replies      
For folks who've never seen one of these.

132-33 - Price for a Palantir server, priced per core. $141k per core. Includes 1 year of "maintenance" (support and software upgrades).

132-34 - This is the maintenance for second year on. $28k per core.

How many users can a core support? I dunno. But let's say you can serve 50 people off of a 4-core system (you can redo the math for the number of users).

You initial purchase is $564k. Or about $11k per user.

Each year after that, if you want software updates, it'll cost you $113k or or about $2.2k per year per user.

So let's say you use the system for 3 years. That's over $15k of software per user over that time.

Plus there's training ~$2k per user. Or another $100k in training costs.

And then who knows how many hours of engineering and "ninja" services. But a CONUS (within the U.S.) FSR is billed at about $300k per year for a full-time person on staff. Let's say you need two of them to support those 50 users.

Added up for 3 years of Palantir: $1.5million

I'll let you decide if that's good value, but that works out to around $30k per user partial TCO (not including power, security, networking, local IT staff support, etc.).

incision 2 days ago 1 reply      
All right in line with just about any sort of "Enterprise" software. Training and implementation services are downright cheap. Maintenance is the standard 20%.

The last big vendor PO I had to look at put every professional services line item at $300-360/hr with $320 being about average.

aliasaria 2 days ago 1 reply      
Favourite part: "Palantir is in no way affiliated with, or endorsed or sponsored by, The Saul Zaentz Company d.b.a. Tolkien Enterprises or the Estate of J.R.R. Tolkien."
mikegreen 2 days ago 0 replies      
Do not confuse the GSA schedule with actual implementation cost (or TCO as mentioned below). The prices are a starting point and as with any relationship, they can (and will, if the buyer is smart) be negotiated.

Source: sold & implemented alot of software for the gubbmint.

Jabbles 2 days ago 0 replies      
Agencies can browse GSA Advantage! by accessing the Internet World Wide Web utilizing a browser (ex.: NetScape)
ottertown 1 day ago 0 replies      
was this link not meant for the public? getting a 404 now.

mirror: http://web.archive.org/web/20140916215429/https://www.gsaadv...

amalag 2 days ago 2 replies      
You can't do diddly with an off the shelf install. They get you on the Implementation Ninjas and Support.
dkarapetyan 2 days ago 3 replies      
So what exactly do you get for those prices? Some data munging and analytics? Just hire a few data scientists and give them a map/reduce cluster. But this is the government so that might be more expensive than forking over the cash to Palantir.
hendzen 2 days ago 2 replies      
If you read between the lines, notice how the "Palantir Gotham Appliance" for 151,042.82 includes "Palantir recommended...database software licenses."

I would bet Oracle (or MS/IBM) is getting a hefty chunk of that.

judgardner 2 days ago 0 replies      
132-51 | IMS | Implementation Ninja Services
dlinder 2 days ago 1 reply      
132-51 CONSCONUS FSR Support hourly rate. CONUS rates will be billed for Services performed outside the continental U.S. unless in a warzone. Normal business hours are defined as an 8-hour work day (rate is 15% more outside of normal business hours). $ 146.60

132-51 OCONSOCONUS FSR Support hourly rate. OCONUS rates will be billed for Services performed in a warzone. Normal business hours are defined as a 12-hour work day (rate is 15% more outside of normal business hours). $ 195.47

desmondrd 1 day ago 0 replies      
Archived version of this file on the Internet Archive.


arikrak 2 days ago 1 reply      
How do they get such precise prices? If I was selling something for 140k, I would sell it for 140k. But they sell it for $141,015.42.
xacaxulu 2 days ago 1 reply      
So Palantir is hiring if you have a clearance :-). Time to get your tax dollars back. Looks like SAIC all over again.
phmagic 2 days ago 1 reply      
pretty affordable compared to most enterprise software packages
fishcakes 2 days ago 1 reply      
Pretty affordable considering many other things on the GSA don't work once you buy them!
cyphunk 1 day ago 0 replies      
Can't access gsaadvantage.gov via Tor. hmm
Burn Baby Burn
222 points by jrwit  2 days ago   113 comments top 14
jacquesm 2 days ago 10 replies      
There is something supremely funny about VCs complaining that their start-ups behave like funded start-ups and not like bootstrappers, who focus on revenues and profits right from day 1.

"At some point you have to build a real business, generate real profits, sustain the company without the largess of investors capital, and start producing value the old fashioned way. "

Exactly. So how annoying it is when you're bootstrapping a company, you have your price-points carefully set, you're doing a cracker job at concentrating on 'how to sustain the company without investors capital' and then boom. Out of the blue some never-heard-of before company that does the same thing you do starts to hit your customers with a price point that you simply can not beat because they are able to 'burn baby burn' or maybe even give away that identical product for free because they're racing for an acquisition before the money runs out.

That's real trouble. Sometimes it's not just one.

But there is good news: they usually don't survive in the longer term because they don't have a business model. Once it's free you can't really go back to 'old-fashioned'.

So once they've folded up, you've bought their Aeron chairs at 5 cents on the dollar and you're re-connecting with your old customers and picking up the pieces you have a fairly clear field. Contaminated by an over-promising under-performing competitor that thought that 'growth' is equal to 'health'. (If that were true then cancer or a locust plague would be good news.) How you're going to survive the interregnum of unfair VC funded competition is a really hard question for which I have no other advice than to cut every bit of spending and go into 'cockroach' or 'spore' mode, hang on to your core team at any price.

VCs should be far far more critical about the companies that they invest in, that the path to break even is clear and that they are not going to invest in a company whose business model is broken but where the cracks are paved over with marketing and growth by burning investors money.

That just spoils the soup for everybody and sometimes it kills entire segments.

Especially companies where investment is made in B, C or even later rounds should be looked at very carefully. A healthy company would survive and grow even without VC investment, it's supposed to be an accelerator, not life support.

So burn, but burn with care and a very good plan. Concentrate on your bottom line taking into account that VC capital will not last forever and make sure that the transition from 'supported' to 'unsupported' is a smooth one and that your business model does not somehow depend on the 'supported' bit in a hidden way.

If you're partying like it's 1999 you're definitely doing it wrong and your bubble will almost certainly pop, the more VC money there is the more of it will be dumb.

netcan 2 days ago 3 replies      
There is something missing in the startup mind-cluster, I think.

A lot of the ideas make sense from a certain perspective, even these incredible valuations and exits. There really is a chance to create or invest in the next Facebook. It's not a big chance, but the payoff is so big that it can fuel funding and building thousands of attempts.

One of the premises of this complexes is the idea that highly impactful businesses can be started fast and cheap leveraging the internet as a marketing and distribution channel, open source software, cheap computing power and other levers of these times. If they focus on building popular useful things, the scale can get so big that monetization is likely enough to come. That is, likely enough for the investors formulas.

But, what of businesses that become popular and useful and financially successful relative to the financial needs of running the business? Reddit. OKCupid. The proverbial Craigslist.

What if a business can employ 100 people comfortably, serve 100,000s of customers usefully and reward the founders to the tune of millions, but not billions. Can these exist? Can they last for decades? Generations?

Is it efficient to roll the dice on a hundred $10m per year businesses for the chance at one $10bn business. On paper it's a 10X improvement?

I'm not trying to ad my voice to the sour grapes tasting comments about valuations and such. I'm just wondering if we can let a million flowers bloom for a longer stretch, not just for their ability to win the big-or- go-home game.

I think I might be saying this backwards. Let me try it another way. A lot of the current startup thinking is premised on the idea that small teams can have a big impact relative to the cash requirements. A second idea is that a startup making a big impact has a decent chance of turning into a multi billion dollar company or a $100m+ acquisition for a multi billion dollar company. Is there no room to build on the first premise without later building on the second premise? Could Facebook have connected people as well as a 500 person company?

This is a tangent to Fred Wilson's point, but I feel like it might boil down to a similar enquiry.

lmg643 2 days ago 1 reply      
Wow - I posted what I thought was a thoughtful comment on Fred's blog, disagreeing with his throw-away intro on paid content - and it seems to have disappeared?

My point was, why should we reward Business Insider for ripping off content, instead of rewarding WSJ?

Why not reward originators of content, instead of recyclers? Clearly, he liked the interview enough to link to it - why should BI get a benefit instead of WSJ? He seems to think that it is "inevitable" that digital content will get ripped off, but perhaps that's only true if they (a) don't innovate on payment models, (b) don't innovate on fair use rules.

One of the digital currency companies in USV's portfolio could surely work out a micropayments deal with WSJ to allow people to pay-per-use for content, instead of subscribe.

So - that was the gist of what I had to say. Insightful, maybe not.

But now I'll add to it - I much prefer the YC approach, where my comments are free to sit there, and get ranked accordingly.

calewis 2 days ago 2 replies      
The words; Horse, Stable and Bolted come to mind. VC's and their stupid valuations have created this problem.

The idea that a business isn't worth investing in because it's only going to make millions, not billions, also doesn't help. VC's would be better off diversifying in lots more companies that have a better chance of making a more modest profit, than a few that are then pressured to make 10's of billions.

I guess ultimately it comes down to the point in which they exit, the dumb PE ratios of Facebook, Twitter etc allowed someone to cash out nicely when they floated, but for the suckers that brought the stock on the public market have no hope of recovering their cash.

jroseattle 2 days ago 0 replies      
Honestly, this sounds like Monday morning quarterbacking.

When all these companies lined up and raised umpteen million dollars, I'm all but certain they were asked about their planned use of funds. Further, I'm nearly certain they said they were going to spend in order to grow their business in their chosen market. And many are doing just that. And who the hell provided them with these funds?

Maybe Fred (and Bill Gurley) should be directing their criticism at those stewards of investors' monies and consider their own part in this cycle.

vasilipupkin 2 days ago 2 replies      
Fred Wilson has lived through a few booms and busts so he is kind of concerned about the next bust being very likely. I would just say, there is a very high likelihood of cheap money continuing for a while, given the stance of the Federal Reserve and the condition of U.S. economy. And, as long as money stays cheap, I do not see the bubble bursting 2001 style. Money will continue flowing into private and public equities because it really has nowhere else to go
mnglkhn2 2 days ago 0 replies      
It says something when the money people (VCs) complain high real estate rents: changes might be afoot. It is possible that the property owners feel/know that the current situation is untenable and that new properties will be allowed to be built, hence their desire to lock in leases for 10yrs.
tlogan 2 days ago 0 replies      
I'm not sure if I understand the point of this blog post. VCs give money to startups so these startups can grow faster than they would without external investment. So they will spend that money. It is not like startup come to VC and said: I need $10M and I will put that money in the bank.

Maybe the blog should be how it is important that startups are more focused when they spent? Or maybe how VCs are investing into companies with not so great ideas?

I'm just confused here.

mathattack 1 day ago 0 replies      
"At some point you have to build a real business, generate real profits"

The companies that seem to be able to switch off the growth and become cash flow positive will be fine no matter what.

idlewords 2 days ago 0 replies      
Sometimes this happens when you give people free money to play with. What did you think was going to happen?
droopyEyelids 2 days ago 2 replies      
If a company was going to reduce its spend to a sustainable rate, why would it want to mortgage itself to an investment firm?

I thought the main point of selling your soul to investors was to increase your burn rate. If you were bootstrapping your company it seems like you'd want to maintain control and ownership.

jeffreyrogers 2 days ago 0 replies      
So why are these companies in your portfolio in the first place?
dsugarman 2 days ago 0 replies      
sanity impending
_craft 2 days ago 1 reply      
Where's the data?
       cached 19 September 2014 04:11:02 GMT