hacker news with inline top comments    .. more ..    4 Jun 2015 Best
home   ask   best   4 years ago   
Looking Forward: Support for Secure Shell msdn.com
821 points by BryantD  1 day ago   380 comments top 48
cturner 1 day ago 10 replies      
For all Balmer's thing of dancing on a stage and chanting "developers", there was no point under Gates or he at which Microsoft felt like a pro-developer company.

That has completely changed in the last eighteen months. Each time I think "wouldn't it be cool if" I'm finding a few weeks later that someone at Microsoft is well ahead of me. How much easier it will be to ship my sucky roguelikes to Windows users in this new world!

Hmm. They can now have a path to obsolete cmd. As long as they ship a decent ssh client with the system, users will become accustomed to ssh-ing to their own box instead of using cmd.

Wishlist: tmux, emacs, vi, netcat, shell option for vi-mode, rc-file with preferences, ncurses library, something simpler than curses, zip and unzip. 256 colour is fine, although 24-bit would be impressive. /proc would be cool, but also a big ask I assume. They already have a strong compiler. Make it really easy to find the hex fingerprint required to log on to the sshd-server. Something like inetd could be useful, too.

Someone1234 1 day ago 5 replies      

I am a big supporter of Powershell, and while Powershell has supported remoting since almost day one, it will never enjoy quite as much support as SSH already receives (e.g. third party tools, firewall support, etc). It is also nice that they're looking into using something fairly "proven" secure, OpenSSH is exposed to the internet a lot (even if, yes, that is not best practice) so we can reasonably expect it to withstand day to day attacks.

In general people really are starting to run out of reasons to "hate" Microsoft. It will be interesting to see what they come up with in the future...

PS - I really hope later they expand this to SFTP support. SFTP is significantly better than either FTP or FTPS, and something Windows has lacked since forever.

atonse 1 day ago 2 replies      
> Given our changes in leadership and culture, we decided to give it another try and this time, because we are able to show the clear and compelling customer value, the company is very supportive.

Is that code for Ballmer's regime vs Nadella's regime?

ised 1 day ago 4 replies      

If I am forced to use Windows in an Enterprise setting, then I just go to Control Panel and enable the POSIX layer ("SUA"), then download the SDK and install. With some minor changes to the %Path, it just works.

SUA has older versions of tcsh, ksh, vi and many other utilities, including an older Perl and an old GCC toolchain that does work. It is 4.2BSD based. If you are at home on BSD, it is like going back in time.

netcat, tmux, emacs, etc. you would have compile yourself. Maybe OpenSSH would compile and run. I have not tried.

Perhaps an alternative to Cygwin, etc. Not "better" but different. It generally "seems" faster and I find it's more difficult to "break" than Cygwin which in my experience can be very "delicate". The SUA White Paper says SUA comes to within 10% of the speed of native Windows.

The main advantage though, for me, is that this is not "unauthorized third party software" to the extent it comes with Windows and the SDK download comes from Microsoft's Akamai account.

ahmetmsft 1 day ago 0 replies      
This has been my long time dream. There's so little that prevents this from happening theoretically (obviously there's a lot of coding will be done, but hey that's the fun part). I am very glad Microsoft is taking all the right steps to bring two world closer: Linux and Windows.

With all the announcements around stuff like Docker for Windows Server Containers and cross platform .NET, this was nearly inevitable. Now the server management also steers in the right direction.

Disclaimer: ms employee doing tons of open source.

AdmiralAsshat 1 day ago 6 replies      
I happily await the day when I no longer need to install PuTTY on all of my fresh Windows installs.
squiguy7 1 day ago 0 replies      
PaulRobinson 1 day ago 0 replies      
"Those who don't understand Unix are condemned to reinvent it, poorly." Henry Spencer

Basically, bit by bit it seems Microsoft are realising there is a ton of stuff they need to take from the unix environment.

The comments here about how awesome PowerShell and the other tools within all are seem to focus on everything being an object rather than being text.

So, we could fix that by basically providing a "Ruby shell" in one sweep. You go through the standard utilities you have on unix systems, provide them as Ruby methods on various objects (the Ruby stdlib has a great many) and provide a means to navigate a file system easily, and basically you have the beginnings of an object-orientated shell with the support of the traditional 30+ year old command line utilities.

What is it I am missing? This feels all a little reminiscent of when Microsoft got all giddy about providing symbolic links... well... yeah... I mean... what?

kstrauser 1 day ago 1 reply      
OH THANK GOD. I'm using Ansible to manage Windows, and today that means fooling around with WinRM. For example, that involved adding Kerberos support to Ansible so that it could authenticate against Windows domain accounts, because those are authed differently from local machine accounts.

Assuming the project succeeds this time around, it's going to be way easier to incorporate Windows servers into Unix-centric management systems. That's a huge benefit to DevOps and Microsoft. Thanks!

mixmastamyk 1 day ago 2 replies      
Hallelujah... new package manager, modular install, and now ssh?

What's left? Perhaps a real terminal?

To bad this won't make it into Win 10, unless I misunderstood something. Looks like my days of sneering at Windows as a toy are numbered... end of an era, and it makes me a bit sad, sniff.

krylon 1 day ago 1 reply      
Finally! PowerShell Remoting just plain sucks, at least it has for me. I've always wondered why the PowerShell developer(s?) would do something so needlessly contrived when SSH has been around for, like, twenty years or so.

This will definitely make my job easier! Or at least more convenient.

nsxwolf 1 day ago 2 replies      
How about a terminal window you can resize with the mouse, and effortlessly cut and paste text, and with tab completion that doesn't do weird inexplicable things? Do they have that yet?
graffitici 1 day ago 1 reply      
I wish Windows just became a POSIX compliant OS. I think that would solve a lot of these smaller issues in an elegant way. Apple did a very smart job with Mac OS X, to the point where even I switched to a Mac after having Linux for so many years. It's incredible how I can install packages using homebrew and friends..

Come on Microsoft, go all the way!

insulanian 1 day ago 1 reply      
Well... all I can say is RESPECT!!!

But don't get lazy! We still need state of the art terminal!

neil_s 1 day ago 0 replies      
TIL that the Windows Dev team have a forum for engaging with users about console features: https://wpdev.uservoice.com/forums/266908-command-prompt

Back when I interned at MS in 2013, people were alarmed when I spoke to users on some forums about their complaints because I was designing a related feature. We had to check with legal whether I would have to delete all my posts!

w8rbt 1 day ago 0 replies      
I hope that Microsoft donates money to OpenSSH/OpenBSD. The way I read this, they indicated that they would.

 "Im pleased to announce that the PowerShell team will support and contribute to the OpenSSH community."

homulilly 1 day ago 0 replies      
This is great but I'm still sticking to MinTTY/Cygwin for SSH until Windows gets a decent terminal program.
techdragon 1 day ago 0 replies      
Wow. Just wow. This is something I never expected to come from Microsoft. They may in fact be changing for the better.
jsingleton 1 day ago 2 replies      
Good news! WinRM is a massive pain. The hoops you have to go through to bootstrap a fresh Windows image to get to the point you can run PowerShell is crazy.
Yaggo 1 day ago 1 reply      
Seems that Windows is adopting more and more * nix stuff. I wonder why one uses Windows in the first place if * nix stuff is what she needs?
baby 1 day ago 1 reply      
Getting there slowly... For the moment I use `babun` and everything works well. http://babun.github.io/
finnh 1 day ago 0 replies      
not to be too snarky, but perhaps "looking backward" would be a better title =)

(don't get me wrong, I love my ssh and am glad to see msft supporting it for real)

outworlder 1 day ago 1 reply      

Now, can we please get a proper terminal? :)

yuhong 1 day ago 0 replies      
It is interesting that this is part of PowerShell and not Windows, unlike Telnet.
tammer 1 day ago 0 replies      
I made an uncomfortably audible gasp of shock upon seeing this. Server versions of Windows have been heading in a console-only direction for a while now but the complexity of PowerShell remoting really didn't make it feel like a feasible solution.

This completely changes the windows admin game.

gionn 1 day ago 0 replies      
First they ignore you, then they laugh at you, then they fight you, then you win.
ninjaoxygen 1 day ago 1 reply      
This would be great if they implement an SSH server, but I'm guessing the shell it connects to is PowerShell, rather than a sh derivative, so many tools many not work with it?
shmerl 1 day ago 0 replies      
MS is finally waking up. I guess new CEO has some positive effect.
boomlinde 1 day ago 0 replies      
I've been doing something similar using a virtual machine running Windows 7 and a whole host of really stupid VPN solutions to connect to customer networks. I ran sshd via Cygwin, which logged me into /bin/sh, from which I could actually start cmd.exe. Presumably, I could also have started PowerShell had I tried it.

It's nice to see that they are offering an official way to do this.

owenfi 1 day ago 1 reply      
As an only occasional Windows user, I wasn't sure what PowerShell was (sounds 3rd party to me, a la Cygwin).

Turns out it is a 1st party command line tool and scripting engine. From a glance it looks to use similar syntax to CMD.exe, but sits side-by-side with it, not built on top.

mrweasel 1 day ago 0 replies      
Wonderful, and I am a bit interested in seeing how well the Microsoft guys and the OpenBSD/OpenSSH team is going to interact. I have no doubt the the Microsoft developers are nothing but professional, but still the OpenSSH people seem to have pretty high standard.
libraryatnight 1 day ago 0 replies      
I spend a good majority of my day doing administrative tasks in Windows and o365 where PowerShell is a god send. There have been more than a few occasions where I wished for SSH capability, so this news is fantastic.
sandGorgon 1 day ago 0 replies      
I dont know if anyone has used Git Shell on Windows. I do a lot of Python programming on windows and git shell is spectacular - inbuilt ssh, git, vim and a full linux userland.
jjcm 1 day ago 0 replies      
This is a big step, I'd love some MOSH support too though.
baconhigh 1 day ago 1 reply      
so windows users might finally be able to download a verifiable/signed and maybe "trusted" application to use ssh with?


2close4comfort 1 day ago 0 replies      
WOW that is a huge step for M$ maybe there is still some surprises left for the new order within Microsoft. I for one welcome a replacement to PuTTY.
grogenaut 1 day ago 0 replies      
If but I could send this moment (and recent ones) back in time to the slashdot of 2005...
SwellJoe 1 day ago 0 replies      
About damn time.
yellowapple 1 day ago 1 reply      
The only thing left for them to do is to include Cygwin (or some equivalent) as a built-in Windows feature.

Hell's not only freezing over, but freezing everything else with it. What a time to be alive.

fapjacks 1 day ago 0 replies      
I guess better late than never, eh?
malkia 1 day ago 1 reply      
Born Again Microsoft! Great stuff!
lucaspottersky 1 day ago 0 replies      
yeah, never too late i guess? it took more than a decade to make such a move...
pldimitrov 1 day ago 0 replies      
rip putty
joshrivers 1 day ago 0 replies      
Oh thank god!
haosdent 1 day ago 0 replies      
geff82 1 day ago 0 replies      
Hell is freezing over at 0K. Oh my god. Wow.
noveltyaccount 1 day ago 1 reply      
What's next? Powershell for Linux? Powershell for Mac?

(Pretty please?)

Powershell's piping of .NET objects is so brilliant compared to Bash piping and parsing of text.

jadeddrag 1 day ago 6 replies      
I'm looking forward to MS just dropping their OS entirely and using linux as their back-end. Basically, Microsoft might be better off creating their own linux distribution running a "microsoft windows" windows manager.
Let Snowden Come Home newyorker.com
759 points by donohoe  18 hours ago   280 comments top 27
austinhutch 17 hours ago 9 replies      
If he were to come back to the USA and then subsequently be detained, I would join the hopefully overwhelming protests in favor of his release. I am hoping if such a time comes, that there will be a historic level of demonstration advocating for his freedom.
fourply 17 hours ago 3 replies      
It is infuriating to see SO many articles, even from publications that can usually be trusted, referring to this legislation as "commendable" or "significant reform". It is far from it, and we can't expect the couch-dwellers to pay attention while the dying gasps of the 4th estate trumpet this kind of non-change.
eli 17 hours ago 6 replies      
Perhaps a minority opinion, but I believe the NSA vastly overstepped and that they need to be reined in (much further than what the USA Freedom Act contains)... but also that Snowden probably should face charges.

Snowden is charged with "willful communication of classified communications intelligence information to an unauthorized person," which -- I think sensibly -- is illegal even if the unauthorized person is a reporter and even if you had good intentions.

I'm not a lawyer, but if he wants to argue that he's innocent or that the law is unconstitutional, it seems like the courtroom is the right place to make that argument.

sneak 17 hours ago 3 replies      
Fuck "seeking some sort of deal with his lawyers".

A plea bargain would require him admitting wrongdoing.

He raised internal concerns over the illegal activities he saw and was told to be quiet. Snowden himself has said he feared what happened to John Kiriakou (the whistleblower who exposed CIA's illegal torture program) happening to him had he made an even bigger issue out of it.

The people who should be supporting rigorous checks on government authority and overstep simply aren't; the system is out of control and punishes those who speak up about illegal activity. He did what any reasonable person would have done in his situation when confronted with a massive criminal conspiracy.

A plea deal would allow the government to taint his actions, which were nothing short of heroic.

tzs 16 hours ago 9 replies      
There was an interesting comment on Reddit pointing out some things often overlooked in these discussions [1]. People seem to forget that he leaked information on both illegal and legal foreign spying (which is what the NSA is supposed to be doing).

The former is arguably whistleblowing, but the latter is not. Even Greenwald and Binney admit this.

See the reddit comment for details and links to sources. Particularly interesting are Snowden's admitted reasons for working at the NSA in the first place, before he knew of the domestic spying.

[1] http://www.reddit.com/r/technology/comments/38cej4/elected_o...

rfrey 17 hours ago 5 replies      
"As Snowden intended, the primary impact of the leaks was on political debate inside the United States."

I think the primary impact has been the complete erosion of whatever goodwill the United States had among the citizenry (n.b. not the governments) of her allies.

That obviously doesn't matter in the short term; but so many things don't matter in the short term.

krylon 16 hours ago 0 replies      
If I was Edward Snowden, I don't think I would return to the USA, even if the president offered me a complete pardon and a medal on top.

I don't think I could trust the US intelligence apparatus to not get me into some kind of "accident" or come up with some fake charges to put me into prison. Not to mention the risk of some "patriot" taking justice into his/her own hands.

Which is very sad, but unless the political landscape in the USA - and internationally - undergoes some major changes, coming back to the USA would be a stupid move for Mr. Snowden, unless he is ready to go to Jail for a long time. And given the example of Bradley/Chelsea Manning, that does not sound very inviting.

geophile 17 hours ago 3 replies      
As a practical matter, he can't come home. Not even the president can promise his immunity from prosecution -- one day there will be another president. The DOJ could drop all charges. And then impose new ones once he returns. And that is to say nothing of the possibility of his being killed, with blame cast on some nut job, and with all sorts of manufactured dirt on him released afterward.

Put yourself in Snowden's shoes. What could anyone in the government say to you that would convince you it was safe to return to the USA?

ra1n85 17 hours ago 1 reply      
Don't just bring him home, honor him.

Ticker tape parades, a federal holiday, buy 1 get 1 free at Carl's Jr. - celebrate what this man did.

tosser-004 17 hours ago 1 reply      
Snowmen did two things:

1. Exposed the tools and techniques of domestic surveillance.2. Exposed the tools and techniques of foreign surveillance.

The idea of not prosecuting Snowden seems to focus on the commendable exposure of the full extent of the domestic program.

I just don't see how one can ignore his exposure of the perfectly legal foreign intelligence gathering.

adam74 17 hours ago 0 replies      
> Michael Morell, a top C.I.A. official, called it the most serious compromise of classified information in the history of the U.S. intelligence community

Well, I'm sure if they had respected our right to privacy, Snowden would have respected theirs.

bitwarrior 17 hours ago 1 reply      
Only a presidential pardon will really suffice to come home without threat of arrest. It may very well happen posthumously, but that of course wouldn't be too useful to him by then.
task_queue 17 hours ago 1 reply      
Let's not kid ourselves, he will get the Manning treatment for the trouble he's caused.
serve_yay 17 hours ago 1 reply      
If I were him I wouldn't do it, even if some people said it would be OK. I mean he can't seriously trust the US government ever again, it would just be ridiculous.
markdown 16 hours ago 1 reply      
> has been languishing in Vladimir Putins Russia for almost two years.

Is this like Obama's USA? What is the purpose of calling it Putin's Russia?

soraminazuki 15 hours ago 2 replies      
Every time I see reports about US surveillance, I'mamazed how so many people seem to think that the US government can spy on anyone they like as long as they're not Americans. Are non-Americans denied their basic human rights or what?
chejazi 16 hours ago 0 replies      
On the flip side, by not bringing charges against the NSA, there is a clear double standard:

"...the agency had breached its own privacy rules or overstepped its legal authority thousands of times a year since 2008."

"Mr. Snowden committed very serious crimes... that he should face."

CalRobert 16 hours ago 1 reply      
Why should he want to come to the US? It has little if anything to offer him. Better to make a home in Germany or Iceland which are all more likely to respect individual privacy than the US, and are lovely places in their own right.
fixermark 17 hours ago 0 replies      
Oh man. That'd be great.

Never, never, never going to happen. Not in this generation, anyway. Maybe in 20, 30 years.

aagha 10 hours ago 0 replies      
Though others have mentioned it, the fundamental issue is that the 1917 Espionage Act [0] basically provides Snowden no options. Despite the fact that he uncovered ILLEGAL government actions, he's subject to being tried as a spy, not a whistle-blower, which I think he clearly is.

0 - http://en.wikipedia.org/wiki/Espionage_Act_of_1917

Callmenorm 16 hours ago 1 reply      
Can we start a white house petition? Is that a thing that make a difference?
tosseraccount 17 hours ago 3 replies      
Did he release secret US Army and Navy documents?

Was he hired to secure them, but then stole them?

Isn't this treason?

Let him come back. If there is enough evidence against him, then he can stand trial.

If he is innocent; then the government won't be able to prove a case against him.

guard-of-terra 16 hours ago 1 reply      
, , , ...
peter303 16 hours ago 1 reply      
Probably not until the Millennials are in political power. Too many of the older generation think he was naughty.
foobarqux 16 hours ago 1 reply      
If Snowden isn't punished then it will effectively encourage others to harm powerful interests. So there is incentive to punish Snowden from those who decide whether he will be.
dataker 17 hours ago 0 replies      
If Snowden came back to the U.S and got released, he wouldn't be the whistleblowing platform he currently is.
fsdfewjfiekf 17 hours ago 3 replies      
As long as "home" means "prison next to Robert Hanssen and everyone else who sold secrets to the Russians", then sure.
MonolithFirst martinfowler.com
517 points by r4um  1 day ago   171 comments top 50
ecoffey 22 hours ago 3 replies      
For me the big takeaway is this:

Refactoring across the call stack is orders of magnitude easier than refactoring across a socket.

Sacrificial or not, you can still write the Monolith as "Service Oriented", just that boundary is the call stack. Especially if you're comfortable with IoC and DI.

Building on the latter I've had success with that. Stubbing out hardcoded concepts that I know will come from a as-yet-unwritten service in the future. Then you start pushing those hardcoded things "down and out"; e.g. it was hardcoded in App A, but now App A requests it from App B, but App B just has the hardcoded thing.

mpweiher 18 hours ago 1 reply      
I had great success converting a "microservices" architecture to a monolith at the BBC back in 2003/2004. The result was ~100-1000 times faster (speed was an issue with the original), had a fraction of the code, used 1 machine instead of a dozen, was more maintainable, had effectively zero failures over several years versus several a day, was trivial to install (copy this jar over here) etc.
krisdol 21 hours ago 7 replies      
The companies/stacks Fowler encounters are generally in a problematic state. Thoughtworks, like other consulting companies, is generally hired when things are already going wrong. If they are hired to assess a broken monolith stack, the refactoring to microservices is naturally going to yield positive results, and it's easy to come to the conclusion that microservices are an improvement when refactoring from a monolith stack. When they are hired to assess a broken microservices stack, it's easy to come to the conclusion that starting with microservices is broken. What they don't usually see is the hundreds of instances of microservices (and monoliths) working as intended, as there is typically no need to call in a very expensive consultant in those cases. How many times in the case of badly-organized Microservices was the solution to migrate to a single monolith? I imagine the solution is more often to re-organize the services. If that's true, then one cannot say that microservices-first fails -- just that badly-organized microservices-first fails.

Starting with microservices first, especially in a small team of developers (but more than 1), helps things move much quicker than it did with everyone sharing responsibility for the same codebase. Organizational structure tends to reflect its products' structure. Microservices requires that the splitting of responsibilities between teams or developers roughly matches the split of responsibilities among services. Otherwise, you're just working on micro-monoliths.

An actual study needs to be performed before deciding on a "Right Approach" as this piece does.

lmm 23 hours ago 3 replies      
I once worked for a company that was sunk by a microservice-first architecture. The "architect" in charge was a big Fowler fan who would quote him to justify every decision. Every developer knew the architecture was wrong (and many said so - but the architect had the authority to overrule them, which is maybe the real problem).

I guess it's good to finally see some acknowledgement, but this is too late for that particular organization. Beware of hyped architecture bandwagons?

derefr 22 hours ago 4 replies      
Alternately: design your application as a bunch of Service objects with clear APIs that make (the moral equivalent of) RPC requests to one-another. Do this all in the same process. Whenever a Service turns out to need separate scaling, hoist the code for it out (no need to change it) and replace the "null modem" RPC layer between it and the rest of your code with a real socket-based gateway.

Hey! You've just invented Erlang!

noenzyme 20 hours ago 2 replies      
Experience Report: We just went through the decision to build as a monolith or via microservices. The original decision was to go with microservices as the rest of our systems are designed that way.

As the time pressure mounted the microservices that communicated naturally combined. The driving force was just the cycle time. Testing and deploying microservices took longer. Mind you, not minutes vs hours. Just a few extra minutes makes a difference if you do it often enough.

One decision that give us confidence we will be able to split the system back out again was to use the stuartsierra/component library. By using DI we can be fairly confident we don't build dependencies we aren't aware of. We simply substitute a client that talks over the network in for the one that does the calculation locally.

We are still in the stabilization zone but have already started to split out services. Code velocity is the driving force for the splitting. Certain components are well understood and fairly robust other still young and poorly understood. We want to limit our ability to accidentally screw up something we have already gotten right. So the components that haven't changed in a while get spun out.

wellpast 22 hours ago 12 replies      
> 1. Almost all the successful microservice stories have started with a monolith that got too big and was broken up.

This is pure survivor bias. The majority -- by far -- of 'failure stories' I know of in the software industry are ones in which a company tried to take their monolithic code base and modularize or microservice-ize it.

> 2. Almost all the cases where I've heard of a system that was built as a microservice system from scratch, it has ended up in serious trouble.

This is not because microservices-first is inherently flawed. This is purely a skill set issue. Microservices demand a greater skill set. A 'monolithic' approach puts much less of a demand on the engineer's skill set.

For a simplistic but illuminative example, if all you know how to do is build systems that operate on global mutable state (most newbie programmers), then of course you will run a lot further in a monolith than if you are trying to do this in a microservices pardigm.

This is a simplistic example because effective use of microservices requires much more of a skill set than not using global variables. The truth is that effective use of microservices (knowing how to build architecturally sound software) is way beyond the reach of MOST smart, senior level engineers that I've met in my career. If this sounds arrogant, it's not; there's a definitive architectural skill set that CAN BE LEARNED but that is missing from most software practitioners. (Our industry/academies need to learn how to teach it.)

This is the elephant in the room in our industry--and why we spin so many wheels talking about everything else. All of the energy we spend talking about patterns, processes, languages, etc etc do so much less for our industry than if we trained our practitioners in how to construct architecturally sound software systems.

meesterdude 22 hours ago 1 reply      
I've wondered about how to grow a rails app. Really, you can get pretty far on one server. I think people go SOA too soon, instead of just trying to throw more resources at it (which is easier). I mean, basecamp isn't SOA and they handle plenty of traffic. Not that everyone is them of course; but most aren't amazon, either.

Really, I have no qualms with a monolith, but having 100 models to look at / understand is not easy. Chunking them up in some way, even if only by name (like product_sku, product_image) can really go a long way in understanding how an app works; thats really what I found attractive about SOA; but I could certainly do without the socket inbetween.

vendakka 17 hours ago 0 replies      
Conway's Law comes into play a little here. Microservices provide organization level flexibility at the cost of operational and development complexity. For small teams and especially at the start of a project, organizational flexibility is usually not needed. Paying the extra ops and dev cost is unnecessary and even dangerous.

In the above, when I say microservices incur ops and dev cost here's what I'm talking about

* Debugging tools need to function across machine boundaries

* Deployments potentially need to be scheduled in multiple stages based on the service dependency graph

* Developer and test environments become more complex.

* The number of failure modes increases due to the network.

All this means we need more code, tools and processes. This investment is worth it and even required for large organizations. They usually have the infrastructure in place and the financial resources to invest. When I was at Google building a microservices based system was so much easier with Borg, Dapper, etc. This kind of tooling is only now emerging in a useable form in the open source world.

EDIT: formatting, grammar

tel 22 hours ago 0 replies      
There are two orthogonal concerns with microservices. First is the scaling aspect. A microservice architecture has many potential scale point as each independent service can be horizontally scaled independently. Unfortunately, while achieving this is possible in a microservice architecture it's an enormous added layer of complexity today.

The second aspect is, I think, more obviously compelling in that microservices force large scale modularity boundaries into your application. These are at some level entirely semantic boundaries, but the nature of microservice isolation forces them to be complete boundaries involving isolation, serialization, dirty checking, published APIs/interfaces, etc.

This, I feel, is unambiguously fantastic.

The trick is of course that this can be achieved in a "monolith" just the same. It's merely often not because people take advantage off too many features of monolithic development. Shared memory and shared effect space, guaranteed communication causing you to weaken interfaces, fast response time causing you to never be public about the interfaces to a particular submodule. These together lead toward spaghetti code and the interlocking danger of monolithic design.

So, avoid them and make a monolith. Breaking it apart later will be easy if there are already logical cuts in your design. Don't rely on shared effects, shared state, or "hidden" API layers. You can use REST even within a single system.

spydum 22 hours ago 1 reply      
I think a lot of people tend to over-estimate how "scalable" they need their platform to be. Or worse, they spend so much effort on what they think will be a bottleneck, only to find they spent optimizing something which could have run on a single core.

I tend to think monolith first makes sense, unless you thoroughly understand the problem-space.. even then, monolithic POC might be worth it just to confirm things.

ianbicking 21 hours ago 0 replies      
I think one of the essential reasons to start with a monolith is cultural. When you have an existing project/product and you are making incremental improvements to that project, there's a lot of shared understanding (everyone knows what the product already does), and so a small group can go off and work in isolation and get some efficiency from that.

When the product doesn't even exist, there is not shared understanding. It takes constant communication to prioritize correctly, and to understand the purpose of all the pieces, and to detect cases where an implementation is diverging from the purpose. In a kind of inverted Conway's Law, the architecture of the application will affect the communication structures of the team. You don't want the team to communication like microservices communicate. You want the team to communicate like a monolith, where everyone is always in everyone else's business, where conflict is frequent, but conflict resolution cannot be avoided.

I'm in the middle of a greenfield project where there's lots of little pieces communicating to each other over message channels. It's not an architectural preference, it's just how the environment works. Every single-page-app-style website has at least two services with a message channel. It's interesting to look at how this can be technically reminiscent of microservices, but culturally completely different. Those message channels don't make my project any less of a monolith (just a kind of annoying to debug monolith). But that's because they are deployed together, developed together, no individual has a responsibility that ends at one of those boundaries, there's no contract across those boundaries, there's few principles applied to the design of those communication channels (experiential and intuitive principles I suppose). That team structure, and that shared relation to the code, feels absolutely right for a new project.

EdSharkey 18 hours ago 2 replies      
Seems like reality is settling in.

I mean, it makes sense to me: a team should keep its code well-factored but in a single codebase that's integrated and ready to deploy (as one or more deployable units) for as long as is tolerable/possible.

I think a trigger for splitting a module off from a monolithic codebase would be when its value or resource utilization has become disparate enough from the rest that it deserves its own infrastructure and/or its own maintenance crew.

bad_user 20 hours ago 0 replies      
I do agree with this article. We are working on a project based on a micro-services architecture and my experience matches.

First of all splinting functionality in multiple services is really hard and the first version of your architecture is probably flawed. It's also really hard to establish the responsibilities of each component, the boundaries, whereas it is really easy to take shortcuts that invalidate the modularity or the re-usability of those components.

Of course, these wouldn't be such big of a deal, except that refactoring becomes really difficult, because refactoring now often involves changes in how these services communicate and moving responsibilities around. Also, we are often talking about teams of more than two or three people, since two or three people will almost always choose to execute a monolith first - so in such teams the responsibilities are often divided between people, with people having an incomplete view of the whole system, so refactoring across the whole stack becomes a real bitch - next to impossible actually if the management or the clients are not acquainted with how software development works, as the development of new features is always preferred over dealing with technical debt (non-software folks do not understand technical debt).

Therefore I agree wholeheartedly with what is being said. It's not that micro-services don't work, however you need very senior people that know how to design such systems and you still have to throw away the first version of the entire system. And if you think you're one of those people that think they get it, but never had a failure, then have some patience, as you'll get there :-)

rbanffy 22 hours ago 1 reply      
Premature optimization is the root of all evil.

If you were able to accurately predict the future so you could know what your pain points would be as you grew, you would be wasting your talent writing software. You should be playing the lottery.

lobster_johnson 12 hours ago 2 replies      
The article misses an important aspect of microservices: They're reusable!

Almost all of the swathe of microservices we've developed internally are general-purpose. We've built a dozen or more user-facing apps on top of them. If I wanted to build a new app today, I would typically sit down and write a Node + React app with no backend code needed because I can just call our existing services.

For example, we have a microservice dedicated to storing documents. With this I can create a todo list, a blog app, a Reddit-type link aggregator with comments, etc. If I need login, there's a microservices that mediates between an identity data model and an OAuth account registry. If I need an upvote/downvote system, we have a microservices optimized just for that. We have services for sending notifications across different transports (email, SMS); "followings" and sending digests about updates to things you're following; organization trees; verifying email addresses and mobile phone numbers and other verification sources; processing photos, audio and video; collecting events for aggregating in an analytics store; etc.

This ability to "pick and mix" functionality you need is the real beauty of microservices, in my opinion. It's a huge time saver. We just whipped up a new site recently where 95% of the work was purely on the UI, since all the backend parts already existed; the remaining 5% was just code to get data I to the system from a third-party source.

This does require that you plan every microservices to be flexible and multitenant from day one. It's a challenge, but not a big one.

jcromartie 22 hours ago 1 reply      
Evolutionary design doesn't just work, it's the only kind of design there is. Design is not done in a vacuum. We fool ourselves when we write software, thinking that we're creating something ex-nihilo, plopping it down in Eden and declaring that it is good.
sinzone 21 hours ago 0 replies      
This is so true in our case. We started building Mashape, the marketplace for APIs in 2011. Two years later it become +100k loc of spaghetti Java code. We started a big re-write/de-coupling phase in 2014 which also opened new business opportunities since we were able to spin off some features as single products.. and this was not expected but definitely created advantages not only from the code/productivity side but from a business side too.

We have embraced Nginx and built KONG[1] as the main API Gateway for managing our microservices. It made our transition much faster and easier since we were able to orchestrate common functionalities across services, such as logging and authentication, in a few lines of code.

[1] A month ago we've released Kong open source: https://github.com/Mashape/kong

ShirsenduK 22 hours ago 1 reply      
Micro services Architecture seems to be the new hotness. I feel it to be yet another case of premature optimisation. :(. For me the best way has been writing a monolithic rails app and then writing rack/Sinatra apps to break them apart depending upon production bottlenecks. This has helped manage performance as well as code.
dreamfactory2 19 hours ago 0 replies      
If my understanding of bounded contexts is correct, a bounded context represents the smallest level of granularity when it comes to a service component e.g. a 'customer' in one domain is not the same thing as in another (and there is therefore no universal reusable 'customer' service, but instead a much richer service representing a sales or support model in his example).

So going by the article, shouldn't the direction of travel therefore be from monolith to bounded context (as each domain boundary emerges) - which could be described more accurately as a macroservices architecture?

swanson 22 hours ago 1 reply      
There was an interesting discussion on a recent Bikeshed Podcast episode about Monolith vs Microservices, featuring DHH: http://bikeshed.fm/14 - worth a listen (you can skip the bits about ActionCable if you aren't a Rails user!)
nijiko 18 hours ago 0 replies      
Do whatever feels best for your company at the moment.

Monolith - Easier and straightforward, less thought on architecting the puzzle, and more about solving the issue at hand. Later down the line, this will cause pain points, should you be able to justify that pain with momentary momentum then this is the option for you.

Multi-tier - Decoupled monolithic application, generally happens after second iteration of a monolithic application.

Microservices - Modular, and requires more thought behind the interactions and architecture of the system. More thought should be put into also the deploy, and scaling of the system as well. Eventually you will have to do this. It is very obvious this is the natural progression of things as something grows.

tallerholler 22 hours ago 0 replies      
As someone who is starting a new project and thinking about microservice first (and first time in general), this is interesting. Im wondering if there are any success stories so far for this case? I like the idea of having just a few coarse services (e.g. users, content, gateway, message queue, web/client)

Another interesting thing is how to handle microservices orchestration, development, deployment early on without significant investment of time. We've been looking at docker/docker-compose and it seems like it should handle it but also seems more geared towards multi-container single-service apps. I'm wondering if anyone else is using same technology and has input? Maybe as things develop it will handle build/mananage/orchestrate multi-decoupled services

rcoder 16 hours ago 1 reply      
I've been part of three teams who attempted monolith->microsystem transitions. Two succeeded (though at wildly different costs in terms of engineering time and delay) and the other was abandoned after person-years of effort.

The common aspect of the successful migrations was their incremental nature: rather than "killing" the monolith all at once, there was a careful and gradual migration of performance-critical sections into services running atop dedicated machines/storage/etc.

Neither of the successful moves happened all at once, or indeed ever 100% replaced the monolith.

It wasn't just a question of planning, either. The failed migration had a team of three engineers spend ~six months writing detailed component specs, migration plans, etc. The business simply couldn't stop (or even maintain the status quo) to let them build the shiny new V2, so it kept getting pushed out and restarted long enough that the plans and specs bit-rotted and the whole thing got scrapped.

andrewstuart2 23 hours ago 1 reply      
I sometimes wonder if cloud computing would exist as it exists today without relatively inefficient monoliths that had to scale. Once they'd scaled, the developers could afford to start peeling off the layers, thus only scaling pieces that needed to, leaving them with spare hardware.

"Hey, let's rent this crap," said some guy. And cloud computing was born.

Obviously I have no evidence of this at all, but I do still wonder, since at least two of the common vendors (Amazon and Google) were tech companies before they offered hosting.

leighmcculloch 10 hours ago 0 replies      
ModularFirst, defer the decision to create a monolith or a microservice architecture. Start with a single application and focus on your software design being modular. One way dependencies, single responsibility, and simple interfaces make a big difference here. Breaking out microservices will be simple if you need to, and if you stick with a single app you'll have an app that will grow as a monolith well.
zefei 17 hours ago 0 replies      
I really hate people advocating micro services/libraries because they just migrated and "everything got much better". No, everything got much better because the known/actual problem domain changed and system is re-adjusted accordingly. When you start with very little knowledge of the problem domain, any fine-grained architecture is premature optimization, and what you really want is to rapidly expand your understanding of the problem.

Projects can fail in many ways, not trying to understand the problem better and not trying to re-adjust after are typical pitfalls. Migrating from monolith to micros is just a natural transition between SOME stages, and it shouldn't happen until you hit those stages. You may hit those stages very early, or sometimes never.

abecedarius 21 hours ago 0 replies      
Refactoring a system built of microservices is slow and costly, according to the article; the recommendation follows from this. Why can't it be fast and easy? Is it essence or accident? (Like, do skilled Erlang programmers agree?) How does refactoring happen in the systems he's talking about?
jaunkst 15 hours ago 0 replies      
What about testing? And working with large teams? I imagine large software and teams would be abstracted into separate interfaces. Is communication between teams just more difficult to manage? Is reality different from theory? Shouldn't each segment be testable and debug-able? How do you effectively execute a large project? Is mashing it all together more of a proof of concept than the final product? As an investor am I on the hook for more than I bargained for? Is technical debt a non-issue?
shinzui 13 hours ago 0 replies      
A hybrid approach is a better strategy once you have product/market fit. You should build your core domain as a monolith but have auxiliary infrastructure services built as microservices. The hybrid approach has the advantage of safely investing in microservices architecture that would later allow you to refactor your monolith once you truly understand your bounded contexts.
sago 21 hours ago 0 replies      
I think there's an economic angle here.

"Bad" code (like a monolithic system - allow me to beg the question a little) can be cheaper to write, in many cases, than good code. But it is more expensive to scale, maintain, extend and debug.

But it means there's a lower investment of time to get a product out.

So I'd expect monolithic systems to have a higher success rate being converted post-hoc, because the systems that get that far have proven their worth.

Investing more to build a system 'right' isn't necessarily a good move, if you're not sure of the return.

Or, put another way, investing 5X in 5 cheap-hacky products, and then spending Y >> X to make the one that works un-hacky is often a better strategy than spending that Y up front.

joslin01 22 hours ago 0 replies      
This is pretty much in line with my philosophy of functionality first then infrastructure. The problems that inevitably sprout while building the functionality will influence future infrastructure / plumbing decisions. Of course, some care has to be taken to not entangle everything, but this shouldn't be too hard if you take a simple services-oriented architecture or even forego services and just store all your functionality in model classes. Regardless of the approach, the first thing that should be written are the tests that validate the functionality. Getting those passing is the highest priority; how they pass comes after.
cmaggard 19 hours ago 0 replies      
We experienced similar to this at our company. When my coworker and I first arrived, the prior engineers had built the system as a set of microservices but it was completely overarchitected. Our first act was to pull all the parts together into one application.

Now that it's grown, we're starting to look at the microservice approach again, but it's been almost four years since we pulled everything together so it makes much more sense given the load/functionality we have now relative to then.

spullara 21 hours ago 2 replies      
I've seen many startups that begin as micro services and have no problem as they scale up. Martin's company Tyrpesafe probably only works with companies that find themselves in trouble.
jasim 19 hours ago 0 replies      
If you're a web developer working with Rails and have large monolithic projects gone unwieldy or tending to go unwieldy, please give 'Growing Rails Applications in Practice' a try. https://leanpub.com/growing-rails.

(i'm not affiliated with the authors)

jaunkst 15 hours ago 0 replies      
Macro and micro is relative. A monolith is a kitchen sink and expensive. Take a look at the API space for successful SaaS products especially when they are oriented in business software. It's hard to pivot a monolith or even monetize when it ignores the ecosystem it exists in. When it communicates well with other micro services it has natural discovery as a solution to a problem that the customer is looking for. Trello, Harvest, Basecamp, Pivotal, and tons more are all successful because they communicate well outside of their problem space and solve for the problem in their own scope. I do agree that you shouldn't be over aggresive on abstractions off the start but you should also consider the players in your space and ask if a segment of you application is solving something of value to others or if your recreating a service that your shouldn't compete with but cooperate with.
alrs 17 hours ago 0 replies      
Yes, mostly.

If you are putting up an API that needs to be available 24/7 you need to have the system sufficiently decoupled so that you can go read-only and make schema and infrastructure changes without needing to stop the world.

mwcampbell 14 hours ago 0 replies      
Taking the monolith-first idea even further, what percentage of web apps would run just fine on SQLite, MySQL in embedded mode, or (for JVM-based projects) H2?
anonyfox 18 hours ago 0 replies      
Try writing your app in elixir/phoenix in the first place, easy modularized code like in monoliths, and scalable like a bunch of small separate services. best of two worlds I'd say.
bsbechtel 18 hours ago 0 replies      
Is this not the same as 1) make your code work, 2) refactor? The only difference here is the author is talking about architecture instead of application code?
edpichler 16 hours ago 0 replies      
I agree with Fowler, and this also fits perfectly with the central idea of the Lean Startup movement we saw last years.
jebblue 21 hours ago 1 reply      
I finally read something that Fowler wrote that I can agree with and that isn't abstract (or overly abstract).
eshem 19 hours ago 0 replies      
key takeaway: Although the evidence is sparse, I feel that you shouldn't start with microservices unless you have reasonable experience of building a microservices system in the team.
elmin 20 hours ago 1 reply      
I have a very different perspective. With toolslike Heroku, building systems as microservices is no more time consuming than building a monolithic system. And it's much easier to iterate on and improve. Conversly, pulling apart a monolithic system into services is not a fun task.
fleitz 22 hours ago 0 replies      
Yup, get to market, incur technical debt, pay it off with cash.
sailistices 18 hours ago 0 replies      

Microservices first is premature optimization.

oxalo 18 hours ago 0 replies      
Microservices: here be dragons.
sailistices 18 hours ago 0 replies      
tl;dr; Microservices first is premature optimization.
jessaustin 22 hours ago 1 reply      
I want to give him the benefit of the doubt and say the "a:link ," in the following css is a mistake:

 a:link, a:visited { color: #94388e; text-decoration: none; }
...but I'm pretty sure it's not, and this guy really does want to break how unvisited links are displayed.

kraig911 20 hours ago 1 reply      
My main problem with twitter and the stalled new user base.

1. The onboarding social experience is just hard. Finding relevant information of what I want is difficult I wish there was a pane of tweets regarding interests ie gaming, politics etc. Everything in one thread is mind numbing once you follow too many people.

2. Context - finding anything is difficult. I don't know what a trending hashtag is and the ones presented to me usually are gossip in nature for some reason?

3. Some people get so many @'s that they simply drop off the earth.

4. Whats the point of favoriting a tweet? I still don't get it.

5. Why is it so difficult to use the API since those changes in what 2012?

6. 140 characters is just so dang hard for me. I can understand a limit but just 140? I want just a little more space :(

Sourceforge Hijacks the Nmap Sourceforge Account seclists.org
479 points by netw0rksec  1 day ago   194 comments top 41
ghshephard 1 day ago 6 replies      
This is the sort of behavior you get from a company that's lost, and is now trying to extract every penny they can from whatever shenanigans they can get away with.

If they have no future brand value to be concerned about, then, from a game-theoretic approach, it's actually a pretty rational profit seeking move. (As long as they don't incur any downstream liabilities from outright illegal activity for which they might be fined, or successfully sued - if there is any entity left to sue)

Of course, the game-theoretic response from the entire internet community is to make sure they never, ever, for any reasons whatsoever, ever click on a link that starts with "sourceforge.net"

luso_brazilian 1 day ago 6 replies      
Just submitted the story to Slashdot [1].

Sharing the same owner as Sourceforge let's see if it gets "buried" [2] (or "late released due to an editor vacation" [3] as it was their explanation) or if they publish it in a timely manner and within the spirit of the submission.

[1] http://slashdot.org/submission/4487045/sourceforge-hijacks-t...

[2] http://www.reddit.com/r/linux/comments/381q6r/slashdot_buryi...

[3] http://tech.slashdot.org/story/15/06/01/1241231/sourceforge-...

chinathrow 1 day ago 3 replies      
If your old account is listed here, you getting fuxxored:




Edit: added http://sourceforge.net/u/sf-editor/profile/ which includes MySQL and a few other high profile projects.

dm2 1 day ago 1 reply      
SourceForge was sold in 2012 to a conglomerate company named "DHI GROUP INC" or "Dice Holdings Inc" that owns the following companies:

 Dice Open Web The IT Job Board ClearanceJobs eFinancialCareers Rigzone HEALTHeCAREERS BioSpace Hcareers SourceForge Slashdot WorkDigital

mattmanser 1 day ago 6 replies      
If you didn't know sourceforge have back-pedalled 2 days ago and said they'll stop bundling the crapware in the mirrored projects:


The author, and a lot of the commentators here, don't seem to have seen that announcement.

etix 1 day ago 0 replies      
The VLC account has also been hijacked but without wrapping the installer: https://blog.l0cal.com/2015/06/02/what-happened-to-sourcefor...
spacefight 1 day ago 2 replies      
One should sue for trademark violation. I'll chip in if anyone is fundraising.
jdiez17 1 day ago 0 replies      
Good job, Sourceforge.

 echo " sourceforge.net" >> /etc/hosts

ExpiredLink 1 day ago 1 reply      
>> SourceForge.net is owned and operated by Slashdot Media. Slashdot Media is a DHI Group, Inc. company.
heyalexej 1 day ago 0 replies      
I just scraped Google for the indexed mirrors.

 site:sourceforge.net/projects/ inurl:mirror -inurl:files -inurl:reviews -inurl:compare -inurl:support
Gave me these[0] 253 indexed projects. Would be interesting to crawl the entire website to see if there's more.

[0] http://git.io/vkb3N

heavenlyhash 21 hours ago 0 replies      
This is incredible.

We need end to end security without this https insanity as a bandage more than ever. Ubiquitous signing and audit logs more than ever. Tools that, for normal end users, refuse to work if integrity is broken. What sourceforge is doing should be universally seen as damage and systematized intolerance should make the attempt pancake so hard and so fast that nobody ever even tries it.

It's excellent that the nmap people distribute gpg sigs. Now we need socialize the fact that "https does not mean I'm getting want I wanted from the original authors", and start building (yes, we need to get past the http://www.thoughtcrime.org/blog/gpg-and-me/ problems) and using tools that do better.

neslinesli93 1 day ago 1 reply      
In spite of account hijacking, GIMP was still downloaded by almost 15k people this week.Six days ago they took over Audacity project as well, which was downloaded by more than 150k this week[0].

[0] http://sourceforge.net/projects/audacity/

LunaSea 1 day ago 1 reply      
Hijacking the account of one of the security community's most loved and used tool. Yeah ... that seems to be a smart idea.
nadams 1 day ago 0 replies      
I think this is the time to remind people some projects (ie filezilla) are willingly distributing the malware with their projects. The developers reaction is basically "there is nothing wrong with it"[1].

I feel like there is a niche service to provide installers that have been decrapified. I'm not talking about ninite (which is private/commercial) but an open source repository of installers that you can "apt-get" for Windows. I know people have tried that in the past - but the problem is that the builds that are posted manually go out of date pretty quickly so I think this process would have to be automated.

[1] https://forum.filezilla-project.org/viewtopic.php?t=31127

vaceletm 1 day ago 3 replies      
The only viable long term way for any open source project is to selfhost[1]

[1] https://www.enalean.com/en/Open-source-community-host-yourse...

aswanson 1 day ago 2 replies      
Yeah, sad that I at one point thougthey were trustworthy. Hell, at one point I thought CNET was safe...until I downloaded and installed a "BestMp4ToMp3 converter" from there that infected the corporate network. Scumbag city, those sites. That's a major reason I support FOSS like VLC financially.
hinkley 22 hours ago 0 replies      
Is it time to start publicly shaming their mirror partners?

I think it's pretty clear that DHI has no shame, but what about the mirrors?

rip747 1 day ago 4 replies      
What I don't understand about any of this is why anyone wouldn't just either move their project to Github or self host. Why would you even still have your project hosted on SourceForge?

I understand the author's grief and anger. I feel bad for them really as this will hurt the NMap brand, but come on, avoid the whole situation and just remove the project from SourceForge completely.

davb 1 day ago 0 replies      
Should Sourceforge perhaps be added to Google's Safe Browsing blacklist?
nononononono 1 day ago 2 replies      
So what decent release tarball storage services are there today if github's autogenerated release tarballs don't do it for you?
mc808 1 day ago 0 replies      
If I submit my resume to Dice.com, I fully expect them to mail me a baggie of white powder and a coupon for 25% off anthrax vaccines.
DanBC 1 day ago 2 replies      
I'm surprised the nmap.mirror site doesn't have hundreds of reviews telling people to not use it, and pointing them to the official site.

I'd be interested to see how sourceforge respond to DMCA requests.

DigitalSea 1 day ago 1 reply      
Sourceforge needs to call it a day. Its day of relevancy is over, once upon a time it filled a need but we have Github, Bitbucket and much better choices now. What we are seeing is a site that is lost and will never be able to earn back the respect that it once had.
vortico 1 day ago 2 replies      
How to literally kill your company:

1. this

Poiesis 21 hours ago 0 replies      
I might be asking too late, but what's stopping someone from:1. Identifiying hijacked accounts2. Forking to GitHub3. Waiting for the inevitable ranking change4. Handing over the project to the owner when/if they are identified.

I realize there's a good deal of handwaving here--particularly at 3 and especially 4. But, is this a bad idea? Seems like 4 can be replaced simply by the owner reforking, too.

jakejake 1 day ago 1 reply      
This is not hijacking at all. They created a new account, the old one remains blank as the author says. Sure it's morally questionable and leads to having a very bad reputation. But it's not hijacking. GPL code can be forked, mirrored, bundled and distributed. As long as the terms of GPL are obeyed there's nothing technically wrong with what SF is doing.

Of course they've completely blown all trust and squandered their reputation.

smegel 1 day ago 4 replies      
Sourceforge is now on my personal blocklist for Google search results. Along with expertsexchange which I added years ago, and Quora which may surprise some.
the_why_of_y 21 hours ago 0 replies      
This bit is inaccurate:

"Of course this goes directly against SourceforgeCEO Michael Schumacher's promise less than two years ago:"

Michael Schumacher is not SourceForge's CEO, but a GIMP developer. The article quoted in the mail was written by Roberto Galoppini.

mpdehaan2 1 day ago 0 replies      
The original nmap page in the article is back live now.

As much as I hate malware, can we confirm it was sourceforge that got rid of the old page? Maybe someone set up the mirror after a data problem or error rendered the old page blank and just wanted to get it up, or that person was nefarious? (Occasionally people can be "too helpful" on community sites by registering other people's projects).

I guess the question is really who owns sf-editor1/2/3/4.

The reason being I can't see a lot of bonus for someone doing it this way. I'd just put adware in the margins. The site looks sketchy anyway these days so it's not doing them a lot of good...

arc_of_descent 19 hours ago 0 replies      
I just wish they'd give up their domain name to someone worthy. Source Forge. Conjures up Gandalf for me.
Puts 1 day ago 0 replies      
Maybe we should all learn something from this and also the thing about RadioShack selling of all their customer data. What will Google do when it gets shaky?
userbinator 1 day ago 0 replies      
A reminder that this is just one of the consequences of open-source, free (as in libre) license software: It wouldn't be truly free otherwise.

I'm not saying I condone Sourceforge's actions, and this does deserve to be known widely, but what one person would consider privacy-invading malware could be another person's "helpful offers assistant" (or whatever)...

alfiedotwtf 1 day ago 3 replies      
> If you don't trust SSL by itself (and we don't blame you), you can also check the GPG signatures: https://nmap.org/book/install.html#inst-integrity

Ironically linking to a page served via SSL

paromi 1 day ago 0 replies      
average pay per install rates are around 0.2 - 0.5 $ per install. i wont be surprised if they make 10k-20k + / day
jaboutboul 23 hours ago 1 reply      
Sourceforge is looking more like a goner every day.

It's time for github to step up and start offering projects download hosting and the whole slew of other things that sourceforge gives a project.

aaron695 1 day ago 1 reply      
I went to GIMP to get the latest version for Windows (Mine was 2+ years old)

Strange, it seems newer but the Windows version was the same as mine.

Google what up, randomly saw the Sourceforge controversy for GIMP in the news.

Went to straight to SourceForge and got my update. Because they could be bothered.

If you want Sourceforge to be evil, get your shit together GIMP. (Windows users are people too, plus appreciate all the work, but it'd be nice if you remembered us)

PS And remember that if you're GPL or whatever then don't complain when someone follows the rules but doesn't do what you want. Is it GPL or not?

You can't say you're anti censorship, as long as it's what you want. You can't say you're GPL as long as it's what you want.

People are free to add malware to the product. Account hijacking not so much.

moe 1 day ago 1 reply      
For me the real question would be, why was/is anyone still using sourceforge? Inertia?

I hope everybody still hosting there will take this reminder to finally move their stuff to a different host.

jshb 1 day ago 1 reply      
Why would they care about something that had 150 downloads since 2014? Seems like it may just have expired due to inactivity on the account.
RattCatcher 1 day ago 0 replies      
You deserve all the ads and then some. Bunch of freeloaders...
mverwijs 1 day ago 2 replies      
The BOFH in me is more upset with the software projects that abandonded those accounts without properly closing them.
Auditing GitHub users SSH key quality benjojo.co.uk
488 points by benjojo12  2 days ago   175 comments top 18
Someone1234 2 days ago 2 replies      
Maybe GitHub themselves should just stop accepting keys of a certain length. For example <2048 RSA keys (and <256 ECDSA keys). They could also check against the Debian set.

As the article says, GitHub could be being proactive rather than reactive here. They don't "have" to, but they could.

tyrel 2 days ago 2 replies      
Seeing a key with substring of "Tyr" as the username and that substring of my key matching scared me a bit.

If you want to check how many bits your key is, use

ssh-keygen -l -f ~/.ssh/your_key.pub

(It wasn't mine, while it is an older key, mine is larger than 768 thankfully)

Edit: look at timdorr's example for a better visual.

scrollaway 2 days ago 6 replies      
How does one even go about getting a 256-bit key? You have to do it on purpose somehow, or it has to be seriously old, in which case you're likely aware somehow that that's a terrible idea.

Is there outdated ssh keygen software out there that still generates sub-768 keys?

Tharkun 1 day ago 4 replies      
At least Github were "kind" enough to strip the comments from the public keys they publish without permission. I would've been even more upset if they were leaking things like username@workdomain....
baby 2 days ago 1 reply      
Now you can also test several attacks on them, compare them to a larger database to see if you have common divisors, check for low primes, check for bad primes (fermat factorization)...
Phemist 1 day ago 0 replies      
Especially the guy with commit access to PyCrypto should reconsider his position in the project..
madsushi 2 days ago 2 replies      
Rachel talked about Github and public keys a while ago (saw on HN):https://rachelbythebay.com/w/2013/04/07/ssh/
quux 2 days ago 4 replies      
Kudos to Github for not charging him with "Unauthorized Access of a Computer"
lcd047 1 day ago 0 replies      
In the mean time, Bitbucket still doesn't accept ECDSA keys:


est 2 days ago 2 replies      
that https://github.com/anybody.keys feature, how on earth did OP find this?
7ewis 1 day ago 1 reply      
What is the easiest way to manage SSH keys?

I can't remember where half of mine have been saved. I should really revoke everything and start again, as I use it for accessing my VPS too.

How do you revoke all keys on Ubuntu and OS X?

nodesocket 1 day ago 0 replies      
I'd be interested in the script used to scrape the GitHub public key endpoint? I assume it just throttled back to stay under the GitHub API rate limit?
floatboth 1 day ago 2 replies      
> 210 | ssh-ed25519 AAAAC

Does this mean GitHub finally supports Ed25519?

nandhp 1 day ago 2 replies      
I still use a 1024-bit DSA key I generated ~10 years ago. How bad is that? Should I replace it with a 2048-bit RSA key?
hugomarisco 1 day ago 0 replies      
Good article. Very detailed and thoughtful!
scintill76 1 day ago 1 reply      
Pitting two well-known security principles (or at least watered-down versions) against each other: "security by obscurity is evil" and "defense in depth". Which trumps here? Should the public keys be printed in every phone book, just because it says "public" in the name? Or should they be kept semi-secret, since publishing them could lead to them being factored offline?
scintill76 1 day ago 0 replies      
So, all the "it's called a public key for a reason!" people: when are you going to submit a patch for OpenSSH allowing unauthenticated users to query arbitrary users' public keys, and maybe a list of users while you're at it? You vehemently support one particular operator of an SSH server doing it, citing good security practice, so why not do it everywhere?

Edit: to be fair, there is the difference that GitHub has already added it and probably didn't have to write C code to do it. So maybe this feature should be requested for things like, say, cPanel, and users' $HOME/.ssh/authorized_keys should be world-readable by default. Still, maybe it's worth doing in OpenSSH so everyone can get the huge benefits of this currently only enjoyed by GitHub's users.

3pt14159 2 days ago 2 replies      
This is a very grave error. If this caused damage to open source projects then I could see a class action suit against GitHub.

1. Duty of care - should never have accepted keys provably weak.

2. Poorly communicated that username.keys was available, thus many users may have thought their keys weren't at risk.

3. No countermeasures from crawlers mass collecting keys. (Not they they should even need to do this - they should just have done #1 in the first place!)

This isn't a game man, GitHub hosts a ton of the world's open source code and they're supposed to be experts in cryptography and security. Russian mobsters, NATO spooks, bitcoin drug cartels, and even high school script kiddies are all constantly trying shit and it impacts us all not just the people with weak keys. If python core gets backdoored I get backdoored, no matter how careful I am with the software I install.

WikiLeaks offers $100k for details of Obamas trade deal washingtonpost.com
423 points by itbeho  1 day ago   210 comments top 32
ohitsdom 1 day ago 10 replies      
TPP details definitely need to be in the public, but I'm surprised WikiLeaks is offering a bounty. Have they done this before? Not that I can recall. And I would think offering money would change the tone of prosecuting the "whistle-blower". It'd be hard to claim that you are a whistle-blower when you are receiving money- that seems a lot more like standard espionage to me.
oskarth 1 day ago 1 reply      
It's a publicity stunt. The goal is to raise awareness for the shady nature of this trade deal, and hopefully get someone to step up and release the rest of the documents. So far it's been going well - this article was written the Washington Post, and it raises awareness of TPP. What remains to be seen is whether someone will step up.
BinaryIdiot 1 day ago 3 replies      
Maybe I'm wrong (and please correct me if I am) but I thought the agreement was being done in secret until it's completed at which point it will go to the legislature of all of the nations involved. Since it's being "fast-tracked" that means congress can't add or remove things from the bill but can vote on it and it will be fully accessible publicly.

They certainly shouldn't be doing the writing of this thing in secret and we should be able to comment on it now but it will be fully available before being voted on so $100,000 seems a bit much to getting it a few months early. Again, as far as I understand everything so please correct me if I'm wrong.

jamesk_au 1 day ago 3 replies      
There are many reasons favouring disclosure of this information, but is offering to buy the information really the best approach here?

The public officials who possess the information are likely bound by legal duties not to disclose it to those not entitled to see it. If an official chooses to leak confidential information in the public interest, that may be one thing, but selling confidential information for personal financial gain is corrupt conduct.

To be fair to WikiLeaks, they describe the money as a "reward" for turning over the missing chapters, and do not overtly say they are looking to buy, but it seems to come awfully close to offering a financial inducement to break the law. The only people who have the information are those who are bound not to reveal it or who should never have had it in the first place.

JumpCrisscross 20 hours ago 1 reply      
The purpose of a trade deal is to lower protectionism. Like corn subsidies. Corn subsidies are a blatant manifestation of American protectionism. Imagine U.S. trade negotiators trying to cut corn subsidies in exchange for something. The same forces that created the subsidies a motivated minority mobilising against a dis-interested, harmed majority will defeat any attempt to kill them. Repeat this process by interest groups across every country and you may see why Doha failed.

Secrecy is annoying, and our present government gives us reason to distrust it. But if you believe in free trade and are realistic about how negotiations (and interest groups) work, you understand why they must be secret.

genericuser 1 day ago 1 reply      
Hilarious twist option Obama gives WikiLeaks and everyone else the trade deal details, and claims the 100k. He could then just put it back into the government where 100k will not even be noticed, donate to some charity in some sort of PR stunt, or whatever as I am sure there are both better and more entertaining options.
kauffj 1 day ago 1 reply      
Information wants to be $100,000.
drawkbox 1 day ago 0 replies      
WikiLeaks is getting into the lobbying game, not a bribe, a lobby. You can't tell me companies don't do this same thing to politicians.

It would be something for someone to actually get prosecuted for releasing a bill/law that will affect us all. What message would that send?

When releasing a bill in Congress is illegal, I think we have seriously lost it. Bills throughout the process should be public at all times once our representatives are going over it for sure.

davotoula 1 day ago 2 replies      
Why stop here... Let's crowdsource bribes, I mean lobby funds, for politicians and finally get some people's wishes through.
tim333 1 day ago 0 replies      
Good on them. I just pledged a small amount towards the $100k. I think the purpose of this is more a PR stunt to make more people aware that the governments that are supposed to serve us are trying to sign us up to a bunch of dubious stuff behind our backs than bribery. Indeed "Putting the public back into the public interest." as they put it on their site.


joshstrange 1 day ago 1 reply      
My first reaction is this goes too far but on second thought is this just the state of the world now? We are going to come out of the shadows and just be upfront about what we are doing? Is it a "The rich and the powerful lie, cheat, steal, bribe, corrupt, etc. Why shouldn't we?" situation?

I think money in politics is ruining the USA, is using money to fight back against these dirty politicians and lobbyists the only tool we have left?

billiam 23 hours ago 2 replies      
Since the rich and powerful have effectively diluted our most precious right, free speech (ask the relatives of the Yangtzee River tragedy about that) by having the Supreme Court make money equivalent to speech through Citizens United, I find it pretty funny to see the Obama administration's obsession with secrecy challenged via the same mechanism we use to fund video games and fanciful geek hardware.

Of course, the real joke is that there's plenty of money chasing the secrets of the TPP already--only not to show those secrets to the public, but just to corporations and governments that want to benefit from them. The only thing stopping that would be the civil (and criminal?) penalties that would face anyone who could spill the beans.

jokoon 18 hours ago 0 replies      
That's either ballsy or desperate, or both.

I'd be interested to check the donors though.

I want to trust Assange, but I kinda trust Obama too.

I agree that things could be better, but you can't always argue that secrecy is always against the interest of the public. Leader sometimes have to be able to have discretion when the want to take decisions, if not, some will just be able to anticipate those decisions, and it won't work.

It's true that mandatory secrecy is bad, but it can be difficult to have it everywhere. I'm really not an expert though, so I could be wrong. It's true that the US is trying to make strategic moves for its own interests, and it can be scary and dubious waters for US citizens, but it's the game of international relations.

I don't think you can always mix the debate on secrecy and healthy democracy. Maybe Obama has legitimate reasons to use secrecy. Although it's expected from wikileaks to make moves about it.

Anyway Washington is really not going to like it. At all.

vonklaus 1 day ago 0 replies      
Leaving aside how important dissemination of this topic is. What is the plan? Raise a 100K from netizens, and then wire it to the whistleblower? Then what, they are hung for treason?
singularity2001 21 hours ago 0 replies      
Technical question: Are there any programs that try to roughly measure the shill factor in conversations? I.e. by taking statistics over all commenters, whether they ever submitted/commented before etc? Would be nice if HN would measure this in-house, since they have access to IP addresses.
genericuser 1 day ago 2 replies      
Another thing to consider is as soon as the details are public, we will be assaulted by ad campaigns by various interest groups which this negatively effects telling us why it will ruin our lives. While the general Hacker News population may be too smart to be swayed from reason by these ads, ads like this exist because they work.

A portion of the public will be swayed by the plight of the American Pipe Layers Union or whoever is potentially going to lose a little bit of business as the ads, like others of their kind, will provide them with a partial picture of the deal and telling them why this is horrible, without providing enough context for them to come to a different conclusion.

Some portion of the public outcry when something like this becomes public will be due these special interest groups effectively buying the opinions of the public by telling them what to think in the same manner they usually do.

bernardom 1 day ago 0 replies      
This seems illegal. Any lawyers here?

Two reasons:1- Offering money for someone to commit a crime. If somebody obtains the details illegally, Wikileaks would be liable for that.2- Interfering with the executive branch's negotiation of a treaty is definitely illegal, though not necessarily always enforced. (See http://en.wikipedia.org/wiki/October_Surprise_conspiracy_the...)

All that said, Wikileaks probably doesn't care. They already leaked a ton of US gov't classified data, so why would more indictments matter?

moonbug 1 day ago 1 reply      
Because whistle-blowing for cash is much more defensible than doing it for conscience.
andor 23 hours ago 2 replies      
How do they intend to transfer $100,000 to an anonymous source?
JonFish85 18 hours ago 0 replies      
How is a person supposed to collect on this? I imagine it'd be difficult for a person to claim their $100k without immediately being outed. I guess Bitcoin might work, but even then, there's the problem of actually using it without someone noticing.
JustSomeNobody 21 hours ago 0 replies      
Can someone explain why this needs to be a secret and why the Freedom of Information Act doesn't apply?
alexc05 21 hours ago 0 replies      
I hate to be overly facetious here, but $100k would pay for one hell of a funeral. At the very least it may be difficult to spend that money from a life in exile.

I agree that it should be made public - but the money would only serve to create a paper trail that you could be traced by.

Doesn't it increase the risk?

geophile 1 day ago 0 replies      
It would be great to make the TPP documents public, but this isn't the way. The leaker can rightly claimed to be in it for the money, and this will taint any further anti-TPP action based on the content of the leaked documents.

We need another Edward Snowden.

throwaway12357 22 hours ago 0 replies      
If governments aren't doing anything wrong, why are they hiding the TPP?
kyleblarson 23 hours ago 0 replies      
Most transparent presidential administration in history.....
mdariani 1 day ago 0 replies      
Brave Move. Still not sure what the reactions by the U.S. government will be. behind the door agreements in politics are bad for everyone everywhere.
jimrandomh 1 day ago 0 replies      
The classy thing to do would be to leak the trade deal, and tell WikiLeaks to donate the money to a GiveWell-recommended charity.
cbsmith 22 hours ago 1 reply      
It's soooo not Obama's deal.
dharma1 23 hours ago 0 replies      
Maybe a PR stunt because people are starting to forget WikiLeaks?
jebblue 21 hours ago 1 reply      
If I were rich (which I'm not) I'd offer a higher bounty to black hats to shut down WikiLeaks until they get out of politics and back to exposing secrets for the public good.
shit_parade2 1 day ago 0 replies      
The document is classified and supposed to be kept secret for four years after the entry into force of the TPP agreement or, if no agreement is reached, for four years from the close of the negotiations.

How do people put up with this craziness? You all are talking about the rule of law while your congress is going to pass something many of them can't read, can't read in full, can't read with the help of aids, and can't disclose, and can't disclose even after it becomes law.

That's not law, that's tyranny.

untog 1 day ago 2 replies      
This adds a lot of weird uncertainty to the idea of Wikileaks, IMO. Where will the money be coming from (it's crowdsourced)? Where will it be going to?
Today is the end of sheloshim for my beloved husband facebook.com
438 points by dknecht  13 hours ago   174 comments top 19
GuiA 12 hours ago 4 replies      
Paul Buchheit wrote a wonderful post, after similar circumstances, that I often re-read:

> On a more practical level, what matters most in our day-to-day lives is that we're good to ourselves and to each other. It's actually not possible to only do one or the other -- we must do both or neither, but that's a topic for another time. Sometimes, when I write about startups or other interests of mine, I worry that perhaps I'm communicating the wrong priorities. Investing money, creating new products, and all the other things we do are wonderful games and can be a lot of fun, but it's important to remember that it's all just a game. What's most important is that we are good too each other, and ourselves. If we "win", but have failed to do that, then we have lost. Winning is nothing.


May Sheryl and her family be free of suffering.

redmaverick 11 hours ago 1 reply      
Joe Biden's speech in 2012 touches upon similar themes that Sheryl writes about. https://www.youtube.com/watch?v=GwZ6UfXm410&t=5m10s

"I have to tell you. I used to resent people. They'd come up to me and say, 'Joe, I know how you feel. I know, right? I knew they meant well. I knew they were genuine. But you knew they didn't have any damn idea."

"For the first time in my life, I understood how someone could consciously decide to commit suicide. I realized someone could go out and I probably shouldn't say this with the press here, but you're more important I realized how someone could consciously decide to commit suicide. Not because they were deranged, not because they were nuts. Because theyd been to the top of the mountain, and they just knew in their heart theyd never get there again, that it was never going to get never going to be that way ever again."

curun1r 11 hours ago 2 replies      
Reading this took me back to the experience of grieving for my dad.

The realization that it will never be okay, but that I can become more okay with it never being okay. The bizarre feeling of grief so unbearable and yet it being one of the few connections left to someone so important to me, and so being unwilling to let go of it. Even to this day, I revel in that grief. I've learned to look at it as consequence of so many wonderful experiences instead of hurt of so many missed experiences. The feeling of that void inside me is the same, but my reaction to that feeling is now to smile rather than to cry.

My heart goes out to her in this time when everything is so fresh and so confusing. I know the feeling of having had someone taken from me long before I even thought about the possibility and yet I'm sure her experience is distinct from mine in so many ways. But in writing about her pain, she's allowed me to tap back into mine in a way that I'm thankful for.

Fede_V 6 hours ago 2 replies      
I have nothing but empathy for her grief - everything I've read about her makes her seem like an amazing woman, but I am very deeply uncomfortable with public displays of emotion like this.

I guess this is one of those dumb culturally ingrained traits, because rationally I cannot really come up with any reason why it should make me feel so uneasy, but I feel like I'm gawking when I read someone describing their grief so publicly.

I wish her and her family the best. May they find the strength to go on.

Sven7 6 hours ago 0 replies      
As a non user of Facebook it's incredibly weird to see like scores assigned to every tribute or condolence comment.
themartorana 11 hours ago 2 replies      
The prayer got me the most.

"Let me not die, while I am still alive..."

That's powerful stuff. The idea of asking for more time like a kid in a swimming pool - just 5 more minutes!

I hope I do die while I'm still alive though. Dying after I'm done living sounds worse.

joegaudet 12 hours ago 0 replies      
Really great read, I recently lost a friend who was among many other great things Jewish. As a "Gentile" I found the entire Shiva process both historically / anthropologically interesting and very helpful with the mourning process.

My thoughts go out to her and her family.

DavidWanjiru 4 hours ago 0 replies      
The way I see it, life is basically a long-winded effort to get loved. To get loved by ourselves, by others and by our gods. Everything everybody does in life boils down to this. From Hitler to Mother Teresa. From Osama bin Laden to the Dalai Lama. You want to do things that matter, to change the world? Why? How do you know they matter? Because those to whom they matter love you for it. You love yourself for it, others love you for it and by your own spiritual presumptions, your gods love you for it, or they will some day. And so, it is not the big things or the small things that matter. It is not saving the lives of millions or attending your kid's play that matters. The only thing that matters is you finding love, however you find it. If there is no love feedback for you, it doesn't matter. That's why nobody is trying to save the starving children in the planets of the Andromeda galaxy, coz there's no feedback for it. And if you think that's a poor analogy, well, there was nobody coming to the slums of Africa to do the things people these days come to do.
bitskits 12 hours ago 0 replies      
Her thoughts on what makes mourning, and specifically the interaction with other people so difficult, are really enlightening. It reminded me that each person experiences life differently, even when we are all united by the same feelings of satisfaction, love, frustration and grief.

My deepest condolences to Sheryl, as well as anyone else who reads this who has lost a loved one. Life is both amazing and delicate, and I think we could all focus a little more on the little things that make all the difference. I know I could.

nerdy 12 hours ago 0 replies      
It's easy to lose sight of what's truly important amid the fog of day-to-day life.
esusatyo 12 hours ago 2 replies      
My favourite part:

> "Celebrate your birthday, goddammit. You are lucky to have each one."

Dewie3 7 hours ago 2 replies      
> Judaism calls for a period of intense mourning known as shiva that lasts seven days after a loved one is buried.

It's strange to me to prescribe how long people should mourn. Some people are appalled when someone seems to get over someone quickly after they've died. But if they are truly not sad about it any more, I say good for them. What does it help the deceased for the living to be sad over them?

xchip 5 hours ago 1 reply      
Can anyone summarize that long text?
rokhayakebe 11 hours ago 0 replies      
Option A is not available. So lets just kick the shit out of option B.
guelo 7 hours ago 4 replies      
For those like me that are wondering what is going on, apparently some Silicon Valley executive died recently.
nness 8 hours ago 5 replies      
I believe it to be distasteful to use the death of someone whom this community has some connection to push a separate agenda. You can call out our priorities as being too short-sighted if you want, but this is a poor way to do it.
xchip 5 hours ago 0 replies      
talsraviv 7 hours ago 3 replies      
Generalizing, dogmatic attitudes, some of which are religious - and some of which are expressed in your comment - are harmful.

It's just as silly - and intellectually easy - to blindly condemn culture and religion as it is to blindly follow them.

There's a wonderfully epic two-part South Park episode that makes this point:


sambeau 6 hours ago 0 replies      
If you can't understand why Sheryl Sandberg and David Goldberg are important to the Hacker New community then I fear you have a misunderstanding of what Hacker News is.
FBI operating fleet of surveillance aircraft flying over US cities theguardian.com
378 points by denzil_correa  2 days ago   211 comments top 26
deathhand 1 day ago 5 replies      
>The FBI asked the AP not to disclose the names of the fake companies it uncovered, saying that would saddle taxpayers with the expense of creating new cover companies to shield the governments involvement, and could endanger the planes and integrity of the surveillance missions. The AP declined the FBIs request because the companies names as well as common addresses linked to the Justice Department are listed on public documents and in government databases.

Glad to see AP still has gumption.

jjwiseman 1 day ago 4 replies      
I've written up my findings (almost 100 aircraft, 17 front companies) and how I reached them at https://storify.com/jjwiseman/tracking-fbi-aerial-surveillan...
msane 1 day ago 10 replies      
I think this is our future, whether it's dystopian or not.

Technology is eventually going to make it impossible to really prevent "Persistent aerial surveillance". What requires an expensive small blimp today might become the size of a ping pong ball (or wide area flock of them) and come out of a 3D printer tomorrow.

So who will be using such tech? Governments and private entities alike - we can try to legislate against either but technology will probably overpower the legislation quickly.

So what is the impact of this sort of technology? Maybe it's not all George Orwell. Your bike was stolen on Third St at 1pm? Roll the video back or forwards to know exactly where the thief is. Someone shot up a nightclub and rushed out in a crowd? automated video analysis caught them.

Yes it sounds scary if it were a monopolized power, but eventually I don't think government will be able to hold monopoly on it.

diafygi 1 day ago 3 replies      
> "Aircraft surveillance has become an indispensable intelligence collection and investigative technique which serves as a force multiplier to the ground teams," the FBI said in 2009 when it asked Congress for $5.1m for the program.

Holy military state, Batman! It seems that the FBI has really taken to heart the change in mission statement from "law enforcement" to "national security"[1].

> The surveillance flights comply with agency rules, an FBI spokesman said. Those rules, which are heavily redacted in publicly available documents, limit the types of equipment the agency can use, as well as the justifications and duration of the surveillance.

Given the duration and location of these aircraft, it's very hard to see how these aren't an illegal search, given the past few years of judicial rulings[2][3]. It's become very clear that collecting movement data, even if that movement data is public, requires a warrant. No wonder the FBI wants to keep a layer of fake companies between it and these planes. Also, if you do collect wide area data for a specific target, can you keep the wide area data for use later on for another purpose?

I volunteer for an organization[4] that works with cities to adopt privacy policies regarding the data they collect, receive, and share. To date, our privacy policies have mostly been focused on disclosing how local offices are sharing local data (license plate readers, stingrays, etc.) with the feds, but now it seems we need to add sections about disclosing incoming data feeds from the feds.

[1]: http://www.msnbc.com/the-last-word/fbis-main-mission-now-not...

[2]: https://en.wikipedia.org/wiki/United_States_v._Jones_%282012...

[3]: https://www.eff.org/cases/united-states-v-vargas

[4]: http://www.restorethe4th.com/

suprgeek 1 day ago 0 replies      
Video/Cell surveillance with a Judges order by the FBI (a NON-FISA Judge - the FISA ones are Rubber Stamps) is how the process is supposed to work.

The article raises two deeply troubling points:

1) That they operate without specific Judges orders - this means that they are pretty much Dragnets sweeping up vast swathes of information indiscriminately.

2) They are used to help in "disturbances" (by presumably recording Video & Cell info?). So even civil disobedience is prime target for these flights.

The combination points to a major overreach by the Feds. The temptation to use all that info in one way or another (Parallel Construction for e.g.) is too great.Needs ACLU & possibly EFF to sue & the courts to shutdown this crap.

themartorana 1 day ago 1 reply      
When it was imagined, we called it "distopian" - books were written and immortalized, movies were made, warnings were served.

When it happened, there was barely a murmur.

thoward 1 day ago 1 reply      
To me it makes sense that the FBI needs a fleet of surveillance planes for investigations. It also makes sense that these aircraft carry civilian livery to be low-profile (same idea as an unmarked pursuit car).

What seems f-ked up are the shell companies. Why not come out and say "we have surveillance planes; we need them for investigations; here's how much money we've allocated in our budget to operate them."

The FBI shouldn't need to hide this.

patrickg_zill 1 day ago 1 reply      
It is amazing how prescient the movie "Enemy of the State" (with Will Smith, Gene Hackman) was. And how it holds up to a second viewing even today.
bediger4000 1 day ago 4 replies      
How can an ordinary person tell if one of these spy planes is currently overhead?

Is there some way to dink with them, similar to Matt Blaze's in-band signalling vulnerabilities discovery(s) (http://www.crypto.com/papers/wiretap.pdf) ? You know, use old phones that still have SIM cards, but have them try to register constantly? I'm a bit vague on cellphone protocol details, so spare me the nit picking, and get on with the revelations.

themeek 1 day ago 0 replies      
A host of interviews and discussions in Washington such as the Holder interview on drone use in America and the legislation from the FAA on drones highly suggests that large drone systems (ARGUS) will be permanently placed in America's skys and that the use of predator drones on American citizens inside American borders deemed to be a threat to national security would be proper depending on official policy.
ninkendo 1 day ago 5 replies      
Haven't they always done this? They've always used surveillance vans parked outside of suspect's houses with listening equipment, for example. They even used fake company names on the sides of the vans. Why should we be surprised they're using airplanes too?
morgante 1 day ago 2 replies      
Honestly, unlike what the NSA is doing, this doesn't outrage me. Surveillance aircraft only see what is visible from the airprimarily public spaces.

When I'm in a public space, I don't have any expectation of privacy. Heck, a single private citizen intent on tracking my every move could easily "surveil" me in this way.

If the FBI is only exercising techniques which a private citizen could deploy, I really don't care. I fully expect that every minute I'm in public is being documentedit's spying on private communications which really outrages me.

ohitsdom 1 day ago 0 replies      
I feel like I'm not understanding the implications of this, because my reaction is "meh". Can't the FBI fly helicopters now without a warrant? What's different about this compared with past behavior? I guess I'd be more interested to learn what equipment they have on the planes, because that can greatly impact the work they are doing. I'm definitely concerned about drones taking over this work with better tech, but I feel like I should be up in arms about these flights and I'm not.
tzs 1 day ago 0 replies      
> Most flight patterns occurred in counter-clockwise orbits up to several miles wide and roughly one mile above the ground at slow speeds. A 2003 newsletter from the company FLIR Systems Inc, which makes camera technology such as seen on the planes, described flying slowly in left-handed patterns.

The way they mentioned counter-clockwise orbits and then talk about FLIR's newsletter mentioning left-handed patterns seems to be trying to use the left/counter-clockwise aspects to connect the two.

That seems rather a stretch. Pilots have better visibility to the left in most small planes, and so left turns are preferred. Also, propellers usually rotate clockwise, which causes some biases toward the left I believe, which may make it slightly easier to do left turns.

rasz_pl 1 day ago 0 replies      
Are we sure its FBI and not some bigger 4 eyes operation? "Mystery Plane With No Callsign Circles South London For Hours":


whoisthemachine 1 day ago 0 replies      
If you need to hide your surveillance behind fake companies, then you can probably surmise that it will not be met with public approval.
happyscrappy 1 day ago 3 replies      
Wait until HN learns about satellite surveillance.
sgnelson 1 day ago 0 replies      
I might have missed it somewhere, but I'm curious as to what cities they were flying over. Does anyone have a link/list of the cities that the FBI has been flying over?
dsugarman 1 day ago 0 replies      
This looks like the answer to a recent HN frontpage question


Lukeas14 1 day ago 0 replies      
- the FBIs planes are not equipped, designed or used for bulk collection activities or mass surveillance

At least not wittingly.

comrade1 1 day ago 1 reply      
As mentioned in a previous thread on this topic - they don't have to register surveillance blimps, tethered or free-flying. Based on altitude I think.
xacaxulu 1 day ago 0 replies      
For your safety.
ck2 1 day ago 0 replies      
If they actually had a warrant to look for some specific person or group of people I'd actually have no problem with this. Gangs, drug dealers, etc.

The problem is as usual, they feel they are above any judicial review, even if they know they would just get a rubber stamp from a "go to" judge.

eruditely 1 day ago 0 replies      
I think the realities of statecraft in the twenty-first century has made stuff like this to be impossible to do without, from what it seems like these agencies are not evil and they have merely had to evolve to the realities of this era.

I do not like it nor enjoy it but it seems like Russian/Chinese intelligence have free reign in america whereas our agencies are under constant assault by the public and all other nations versus us. Sometimes I fear we are bringing down the state with out actions.

Researchers Find Missing Link Between the Brain and Immune System neurosciencenews.com
392 points by summerdown2  1 day ago   110 comments top 20
sharjeel 1 day ago 3 replies      
Thanks to the HN comments which assured that it is important. Otherwise after reading the first sentence and processing it with standard sensational filtering regex of my brain, I wouldn't have proceeded forward.

"In a [stunning|amazing] discovery that overturns [years|decades|centuries] of [textbook teaching|beliefs|research] [researchers|scientists] at the <XYZ Lab> have discovered that the <PQR premise> holds false."

summerdown2 1 day ago 1 reply      
anigbrowl 1 day ago 3 replies      
tl;dr lymphatic nodes go all the way up the back of your brain and into your sinuses. We'd been ripping them out and throwing them away every time we did autopsies or dissections because they were attached to the inside of the skull. Oops.
fixermark 1 day ago 2 replies      
I'm not a doctor or neuroscientist, but this strikes me as a significant find if I'm understanding it correctly, right? "We were pretty sure the lymphatic system doesn't directly connect to the brain. Well we were wrong, (points) there it is."
nate_meurer 1 day ago 1 reply      
How they discovered it:

> The vessels were detected after Louveau developed a method to mount a mouses meninges the membranes covering the brain on a single slide so that they could be examined as a whole. It was fairly easy, actually, he said. There was one trick: We fixed the meninges within the skullcap, so that the tissue is secured in its physiological condition, and then we dissected it."

Can someone explain what it means to fix the meninges to the skullcap? Do they mean they attached it to the skull bone? How then do they mount a curved bone to a slide?

MrBunny 1 day ago 5 replies      
So I have MS. I go to any link that has to do with the Immune system. Recently I see tons of "discoveries" and attempts to link it to MS. Which gets me excited but than I start to think how much of this is truth and how much is bullshit? Or that MS and others like it are so complex that all of the findings are true... Either way starting to have a hard time finding hope in any of these articles.
mkagenius 1 day ago 1 reply      
Discoveries like these scares me sometimes that how little we know about our body and nature.
BadCookie 1 day ago 1 reply      
Could this finding explain why I (and many other people) get migraine headaches as part of an allergic response to certain foods?
kazinator 1 day ago 0 replies      
Given the previous belief that there are no lymph vessels connecting to the brain, what was the hypothesis for how lymphoma can spread to the brain?
austinjp 1 day ago 0 replies      
While is very interesting, from what I can see the research was done in mice not humans.

The diagram of the "new" human lymphatic system is in the press release not the research paper.

I do recognise the value of animal models in research, and this is intriguing, but with tempering with a little caution.

pmelendez 1 day ago 2 replies      
> "treatment of neurological diseases ranging from autism to Alzheimers"

It upsets me that the author keep referring autism as a disease. A high functioning autistic would be very offended if you say that their way of thinking is a disease.

Note to the downvoters: A developmental range of disorders is not a disease. If you don't agree you are invited to comment.

pcrh 1 day ago 0 replies      
Awesome finding, I hope it is confirmed soon. Many neurodegenerative diseases are known to involve an immune component, but how that might occur has been a mystery.

It has very significant implications for diseases such as Alzheimer's disease, Lou Gehrig's disease (aka Amyotrophic lateral sclerosis, ALS), multiple sclerosis, Parkinson's disease, etc.

polskibus 1 day ago 1 reply      
I wonder if this breakthrough will allow development of better atopy treatments. Allergic rhinitis can be a real pain in the ass.
ENGNR 1 day ago 1 reply      
Connection between autism and immune system potentially found, further study needed to determine the specifics.

The anti-vaxers are going to have a field day with all this gray area to sow misinformation into.

nunodonato 1 day ago 0 replies      
science is catching up with yoga... good to know :P
senorito 1 day ago 0 replies      
Well ... it's great that finally the physiological structures of this connection are unveiled, but it's been known for a long time that you can measurably positively affect your immune system by means of meditation which is a mental process.
ChristianMarks 1 day ago 1 reply      
Self-promotion is suspect in this highly competitive, and not infrequently nasty field. It was known that there was some transport mechanism--now there are details. But I would caution some skepticism, especially when the discoverer trumpets the extraordinary significance of the discovery.
marincounty 1 day ago 7 replies      
I wonder if I will be alive if they ever figure out how the Placebo Effect works? With discoveries like this--maybe? I always used the Placebo Effect as the existence of a God. I will probally be proved wrong by science, if God decides to give me a few years? (Yes, I have faith. I am probably delusional? It helps me get through the day. I don't want to offend atheists? So, please don't hammer me.)
nanofortnight 1 day ago 1 reply      
Lymphatic tracing is generally more often done with dyes in the case of removal of sentinal nodes due to e.g. cancers.

However, there been work in injecting radioimmunoagent tracers into lymphatics especially in the case of melanomas. The likely reason why these haven't before detected these meningeal lymphatic vessels is likely because: (1) We don't bother imaging the brain because "the brain doesn't have lymphatics" and (2) tracers generally flow with the direction of fluid and the direction of lympth from the CNS is likely efferent rather than afferent.

Furthermore it is difficult these days to do such experiments especially on live subjects "just because".

Hindsight is 20/20.

aurora72 1 day ago 0 replies      
According to Loren Cordain, autoimmune diseases such as MS are triggered by eating certain kinds of food such as legume and milk.
Tmux has left SourceForge github.com
378 points by anishathalye  11 hours ago   125 comments top 18
ghshephard 9 hours ago 1 reply      
As a daily user of Tmux, I can't tell you how happy I am that they've bailed out of there. It was always really odd to me that they weren't either on a self-hosted CVS server somewhere or on GitHub - how all is well in the world.
joosters 6 hours ago 0 replies      
Now just wait for the 'tmux.mirror' project to appear on Sourceforge, 'maintained' by the SF admins...
smaili 10 hours ago 17 replies      
Are there any big projects still using SourceForge? I know "big" is a little subjective here, but it seems like most active projects have already migrated.
jhallenworld 27 minutes ago 0 replies      
Ugh, what a PITA this is going to be (my project JOE is on sourceforge and people are starting to complain). All links point to sourceforge, so how long will they take to update? When I search for "TMUX source download" I get sourceforge. If sourceforge takes over your abandoned project, I imagine that they will remove forwarding links to the replacement.
doiwin 7 hours ago 4 replies      
SourceForge was founded 1999. Now, 16 years later they start to abuse their power. GitHub was launched 2008. Does this mean we can expect GitHub to start abusing our data by 2024?
fithisux 1 hour ago 0 replies      
Do you know why souceforge.jp has become osdn.jp?

I usually download new tera term releases from there.(and of course ffftp)

caf 9 hours ago 6 replies      
I notice they're using Google Groups for mailing lists - how have people found Google Groups as a technical mailing list provider?
alptony 6 hours ago 6 replies      
From the "tmux-users" mailing list:

> Will pull requests on GitHub now be allowed as a means of contributing patches?

> No, patches still need to come by email to me [Nicholas Marriott] or the ML.

I wonder, what's the main reason behind it? What's wrong with Github PRs?

notfoss 1 hour ago 0 replies      
For the last few days, I was getting 404s on a lot of tmux links on sourceforge. Guess this explains that ;)
raverbashing 8 hours ago 2 replies      
With so many alternatives (even besides GitHub) I wonder why some took so much time to change.

There was Google Code, Landscape, or even self-hosted Git amongst others.

jbnicolai 5 hours ago 0 replies      
Glad to hear!

Small plug, but I suppose the only people reading these comments are interested in tmux: https://github.com/tmux-plugins

jedisct1 6 hours ago 1 reply      
I really wish MSys2 also left SourceForge, especially since it comes with a Windows installer.
MichaelCrawford 4 hours ago 0 replies      

We are not the customers, we are the product.

codychan 6 hours ago 1 reply      

I remember that the fist problem occurred to me that wasn't not solved by Google was solved by asking in the mailing list of tmux, and now it it moved to Github, I can finally ask question at the issue page.

GutenYe 6 hours ago 0 replies      
Great news :)
mataug 5 hours ago 0 replies      
Finally !
kolev 9 hours ago 0 replies      
reustle 10 hours ago 1 reply      
This is probably the commit you're looking for


Batteriser: a gadget that extends alkaline battery life macworld.com
345 points by chris-at  2 days ago   134 comments top 33
jwr 2 days ago 8 replies      
One should be careful evaluating the claims.

A good boost converter will be ~90% efficient (it can be more efficient, but not miniaturized like the pictures show). So, to begin with, you'll discard ~10% of your energy.

Now look at AA alkaline discharge curves: http://www.powerstream.com/AA-tests.htm

Indeed if you gadget reports the batteries as dead at 1.25V, you can still get ~40% more usage. But most gadgets don't work that way. 1.25V is the normal voltage of a fully charged NiMH rechargeable AA, so if you gadget works with those, the real cutoff point is likely closer to 1.15V or so.

The booster will boost the voltage (at the expense of current, obviously, plus losses) so that even though the battery will be below 1.15V, output voltage will be at 1.5V. Looking at the graphs, this buys you less than 1/5th, and if you consider the losses in the boost converter, probably half that.

The "800%" claim seems totally bogus. Perhaps with a gadget that stops working when the voltage falls below 1.45V per cell.

I'm not saying it's not a useful gadget (and I'm very impressed by the miniaturization: where is the inductor? This thing must run at several MHz at least!) just that the claims should be taken with a large grain of salt.

throwaway434317 2 days ago 9 replies      
How can other posters take this article at face value? This reads 100% like a fake ad (I mean stylistically and in terms of presentation, like the kind of thing you see "Advertisement" written in small text over the top of while it's run in the New Yorker or wherever. I read them. I like it. Because they're amusing.) The only thing that keeps it from being one is that it's on macworld.com. Like, really? Industrial espionage, a real "professional job"? "Big Battery"? Everyone here has worked on way more interesting technology than a metal sleeve and a farfetched tale - which is all this is - and who breaks into our offices to steal our tech? It doesn't happen. Nobody would do it even if the device works exactly as stated.

Do these prototypes look to you like something that came out of a test lab? The only work put into them is the branding, "Batteriser" a word that is mentioned 43 times in 2000 words, including the first word of the title.

I'm not calling this native advertising but if it isn't, it seems the only one more gullible than this journalist is everyone else who swallows this hook, line, and sinker.

You could have written the same article but with some doohickey that lowers gas mileage by increasing oxygen mixture, and gets stolen in a brazen act of industrial espionage, a real professional job.

come on. we're adults here. this article is insulting. Where are the details of the break-in, such as date or what precisely was stolen, or where it happened - you know: journalism?

userbinator 2 days ago 4 replies      
Batteroo says the sleeve and its boost circuitry doesn't introduce any extra risk of chemical leakage.

From http://en.wikipedia.org/wiki/Alkaline_battery#Leaks

The reason for leaks is that as batteries discharge either through usage or gradual self-discharge the chemistry of the cells changes and some hydrogen gas is generated. This out-gassing increases pressure in the battery. Eventually, the excess pressure either ruptures the insulating seals at the end of the battery, or the outer metal canister, or both.

In other words by extracting more energy, there is more hydrogen evolved and it will increase their tendency to leak.

This was also posted on an EE forum I frequent, and the opinions on it so far have been mostly negative:


IMHO rechargeable lithium is the way to go. An 18650 has several times the energy of an AA while being not much bigger, and can be recharged. They're still not all that common in the West, but equipment like torches, power banks, and portable fans which take 18650s are gaining in popularity.

pdx 2 days ago 1 reply      
Back in 2001 I was designing mp3 players with boost converters in them that could start switching from a battery as low as 0.9V. It was hard to find boost converters in 2001 that worked down to 0.9V. It's obviously not hard to find them in 2015.

Any product that is evaluated on it's battery life already has very efficient boost converters built into it. Battery life is priority #1 for any battery powered product design team. It's agonized over in every design decision from the very 1st schematic.

About the only products that don't seem to give a shit about battery life are toys. Toy designers know that you are not making buy/don't-buy decisions based on battery life, when you're looking at a toy in the store. Toy designers cost optimize their circuits aggressively, at the expense of battery life. They deserve a special place in hell for that. This product would benefit many toys. Not much else, though.

drodgers 2 days ago 2 replies      
"Batteriser can continue to deliver a 1.5 volt charge in batteries that have discharged down to 0.6 volts. There are more than eight 0.1 volt steps between 0.6 and 1.5 volts, so, in grossly simplified terms, the Batteriser can extend operational battery life somewhere around a factor of eight."


No. That's not how maths works.

afandian 2 days ago 4 replies      
If this is such a great idea why isn't the circuit integrated into the devices that use batteries? I'm sure it wouldn't be difficult monitor the discharge rate and kick in the circuit when it's needed and the battery has demonstrated that it's an alkaline by its discharge profile.
michaelt 2 days ago 2 replies      

 The time it takes for the battery voltage to drop by 0.1V is longer at lower voltages versus at higher voltages. That means that if a constant current was drawn from the battery, it would take the battery a lot longer to discharge from 1.2V to 1.1V than it would from 1.5V to 1.4V. This means that the extent to which the battery life is increased could be even higher.
Sure, but if you're drawing 20mA at 1.5v, you only need to draw 20mA from a 1.5v battery. If the battery drops to 1.2 volts, for constant power output you'll need to pull 25mA into the boost converter.

Confiks 2 days ago 1 reply      
I do think that the claims made by Macworld are somewhat exaggerated. This kind of journalism always needs to be taken with some grains of salt. The paragraph in which the 800% extension is described, sounds messy, and doesn't cohere with some other claims made in the article.

The motivation of the story, namely that of a robbery of private documents, seems odd, and I can understand that it will immediately raise red flags among readers.

Some other points in the article did seem plausible to me. Modern electronics need stable voltages to keep working properly. The working of voltage regulators is well understood. Only the miniaturization is the invention, which is patented (https://www.google.com/patents/US20120121943), and has a very verbose application compared to other patents. There can of course be issues with the technology, of which theories are offered by some commenters.

Another patent by "Frankie Roohparvar" (and not Bob as in the article), can be found here: https://www.google.com/patents/US6717853 , and Mr. Roohparvar can be seen talking (presumably; I only skipped around) here: https://www.youtube.com/watch?v=1V6IKoFhBtQ

For some theories that commenters are offering, an elaborate conspiracy would be required, building up references and trust, only to mislead absolutely and quite likely not get away with it.

Of course, conspiracies exist, but please don't think so lightly about arguing them.

pjc50 2 days ago 2 replies      
This is a very nifty commercialisation and miniturisation of the "joule thief" circuit, a type of switchmode power supply.
cryodesign 2 days ago 1 reply      
Why would I want to buy this gadget compared to investing my money in rechargeable batteries? I would probably use non-rechargeables for smoke detectors only.

Also the environmental impact is less with rechargeable batteries[1]

[1] http://ec.europa.eu/environment/waste/batteries/pdf/battery_...

Edit: fix typos

jacquesm 2 days ago 3 replies      
That's clever. I used a similar trick to boost the output of my windmill during low-wind days when the voltage from the alternator would not be larger than the voltage of the batteries.

I don't understand this bit:

> The next step is an Indiegogo campaign in late June, and then delivery in late September.

If they already have a working product and a price set and they're going to ship in September they should be well into mass production right now and such a campaign would not make much sense.

If made cheap enough the circuitry could possibly be internalized in the battery sleeve.

ferongr 2 days ago 0 replies      
You won't get much power (Wh, as opposed to mAh) from a cell at a low state of charge. The initial lower voltage of the almost empty cell, combined with the increased voltage sag under load due to the converter pulling increased amounts of current will result in dubious amounts of actual extra energy. In any case, many complicated electronic gadgets already use some kind of voltage regulator that maximizes the runtime of the device, this gadget (if it works as advertised) would be useful only for some direct-drive lights or motors
mschuster91 2 days ago 1 reply      
How is this supposed to work w/ rechargeable batteries? Deep-discharging can permanently kill a battery.
skyshine 2 days ago 2 replies      
Could these be used to boost NiMH to 1.5 volts?

Could I finally stop throwing money at my smoke detector which always throws a fit at about 2AM if I try and put NiMH in it?

noipv4 2 days ago 0 replies      
I am guessing it's a miniaturised charge pump boost (uses a few capacitors and an electronic switch) converter, similar to ones produced by Maxim. http://www.maximintegrated.com/en/app-notes/index.mvp/id/725Nowhere in the article I see an alkaline battery discharge curve. http://www.powerstream.com/AA-tests.htm

Battery discharge curves are never linear. Most capacity is lost between 1.5V and 1.3V. I am afraid this device might be snake oil.

IanDrake 2 days ago 0 replies      
Certainly a neat gadget, but here's the part that blows me away...

>Theyll never out-sexy the Apple Watch or Surface Pro 3.

That, coming from macworld.com, has me wondering if hell just froze over.

chrisBob 2 days ago 0 replies      
One issue I don't see addressed is that I appreciate the warning I get as my batteries die. In an apple trackpad, like the one in the "article", I get a few weeks notice when my batteries are dying. With this am I more likely to have devices just give up suddenly?

That, plus the safety concerns and the fact that their math is bogus will probably keep me from using one.

joosters 2 days ago 0 replies      
Where are the published 3rd party test results? If all they say is true, it would be simple & cheap to get an independent test done showing a range of devices and the run times with & without the batteriser.

Their one-line statement from Dr. Kiumars Parvin is worthless on its own. Show some confirmed test results on real life items, or you are just selling snake oil.

noonespecial 2 days ago 0 replies      
Strange that he picked a mac keyboard for the demo. Mine works until the batteries reach 0.8v each. Batteries that are long "dead" in my kids toys make my keyboard work for weeks. (Of course the Mac starts alerting me of impending doom much sooner. Is this just a clever way to lie to the power meter and get it to shut up?)

The trackpad on the other hand...

liquidcool 1 day ago 0 replies      
Dumb question: do most battery meters (internal to the device) test voltage? If so, does that mean using this would give you no warning that your batteries are dying? From the demo, it sounds like they might go from 100% straight to dead, at least from the device's perspective.
powera 1 day ago 0 replies      
OK, this article is hopefully getting spam upvotes - it's clearly a terrible article promoting some (probably terrible) product through lies.
josefresco 2 days ago 1 reply      
I got about 3 paragraphs in before my browser succumbed to the atrocious ad/JS bloat on this site. I'll hunt down a mirror/print version.
bobwaycott 2 days ago 0 replies      
So, the same exact article appears on PCWorld, at the exact URL (just change the domain's 'mac' > 'pc'). Is that normal? I never visit either site, so I'm unfamiliar how much cross-posted content it/they feature across both domains.[0]

Oddly (to me, at least), the company's domain (http://batteriser.com) redirects to a single page on another domain. That page & domain is http://comingsoon-tech.com/batteriser.

Curiously, http://comingsoon-tech.com sans path) redirects to http://agency20.com, an agency that describes itself as offering "bespoke crowdfunding strategy ... as a way for creative professionals and entrepreneurs to successfully fund & grow their projects, while retaining 100% ownership and creative control."[2][4]

Looking at the page one lands on via the redirect trip from http://batteriser.com > http://comingsoon-tech.com/batteriser, I can't help but notice an insane amount of nearly identical wording as that which appears in the PC/MacWorld articles.

Something is quite fishy here.


[0]: I found this via the Batteriser Twitter account[1], which made its first tweet 12 hrs ago--declaring they've launched--with a link to the PCWorld endpoint.

[1]: https://twitter.com/gobatteriser [4]

[2]: i've combined direct quotes from their home page & "our story" page[3]

[3]: http://www.agency20.com/our-story/ [+]

[4]: someone at agency|2.0 really ought to fix the Twitter description by adding a "with" or "using" or some other such coordinating helper verb, preposition, phrase, what-have-you. one expects a bit finer fit and finish with bespoke goods. [+]

[+]: footnotes for footnotes are fun

[EDIT: formatting screwups]

jhallenworld 2 days ago 0 replies      
I wonder how noisy it is.. I mean if I use one in an old AM radio, does the radio become useless from switching noise?
lttlrck 2 days ago 0 replies      
I would be surprised if most /electronic/ gadgets don't have circuitry that already do this.
fugyk 2 days ago 0 replies      
If we now use 20% energy of battery as batteriser claims, how can it extend the life of battery by 800%.
tlrobinson 2 days ago 0 replies      
Why aren't voltage boosters built into more products? Cost? Will they destroy rechargeables?
kabouseng 2 days ago 3 replies      
I'm not sure if it is a good idea to use this device with your rechargeable batteries...
fiovio 2 days ago 1 reply      
Can I actually buy this gadget already?
jellicle 2 days ago 0 replies      
As people have already discussed, voltage boosters for things like LED flashlights are already in wide use (usually called a "voltage regulator"). The tradeoff appears to be something like:

-- longer life at full rated voltage

-- when the battery dies, it dies suddenly and completely, no tapering down - one second it's on, the next second it is dead as a doornail

-- parasitic current drain drains batteries even when they're not in use

-- more expensive

They most definitely do NOT increase usable battery life by 8x.

PythonicAlpha 2 days ago 0 replies      
I just wonder, if the video is part of a new, clever (or not) marketing strategy?

At least at my computer (tried with two different browsers), the video stops after 17sec or so and is interrupted in midst of a sentence by a form to enter my email address. I just wanted to view the video to the end, but have to enter my email instead??

Either an error in the page (?) or a clever marketing strategy?? In my case, not so clever, because I will not adhere to such tactics.

It could also be, that the whole thing is similar to that tactics? As jwf also pointed out, the claims are a little over the top. I don't think, that 800% are really achievable. Maybe 20-30% in real life applications. That of course could be still good, when the gadget will not be to costly and is unlimited reusable. Still the question remains, if simple rechargeable are not still better (for your economy and the environment) in cases where you have battery-intensive applications. I try to limit the usage of non-rechargeables to cases where the battery is swapped really seldom -- and in such cases, additional gadgets just make life more complicated.

ankitgarg43 1 day ago 0 replies      
We need this out as soon as possible. I personally think so because then we will manufacture less alkaline based batteries and save the environment. Also then things will be more efficient. We as people should protect this invention against the big company giants. Who will definitely try to kill it.

I request you all to get it out there and make the best of it.

Mr. Bob Roohparvar


How to boost your Vim productivity sheerun.net
301 points by mirceasoaica  2 days ago   121 comments top 21
roel_v 1 day ago 8 replies      
Step 1 for those who really want to boost productivity (but let's be honest, most of us don't!): forget about all those plugins that are time sinks to configure and integrate with each other, about obscure tweaks that take half a day to get right, and about elaborate .vimrc's that take you so far away from 'standard' that you're crippled without them. Stick to a fairly basic standard install and a .vimrc of 50 lines, tops.

I've been using vim for 15+ years now, since late 1990's. I use viemu in Visual Studio and I've written code in 10+ languages in vim. I've written non-trivial vimscripts and integration tools with other parts of my workflows over the years. I love how comfortable it feels, and I feel crippled when I have to use a 'normal' editor; like walking with a little pebble in your shoe - not a big a deal enough to prevent you from doing anything you could otherwise, but still damn uncomfortable.

With that said, I'm not convinced that I've actually saved time with it. I shudder if I think of the many man-days I spend 10 years ago on getting this and that plugin working, tweaking settings and keybindings for things I use twice a month tops and automating things that I could have done manually 10 times faster. It's not like regular editors are that much slower to use. It felt like throwing off a yoke when I dumped all those plugins so that I could focus on writing software, instead of tweaking the editor so that I could write programs with a few keystrokes.

So yeah, that was gramps' advice I guess...

rav 2 days ago 5 replies      
In my 6 years of coding and writing LaTeX in Vim, I have found that the greatest boost to my Vim productivity is learning all about the vi and ex foundation of Vim. My Vim knowledge applies 100% to any default Vim installation on a modern distro, and my vimrc contains mostly trivial tweaks.

This means using :normal and macros instead of :s for most of my search/replace actions; using H, M, L, {, } to navigate quickly in the lines visible on the screen, and using f/F/t/T/;/,/% to navigate quickly within a line.

I would say that 98% of my autocomplete needs are fulfilled by token completion (:help i_CTRL-N) and line completion (:help i_CTRL-X_CTRL-L).

I frequently use the command-line window (:help c_CTRL-F) and listing matching names (:help c_CTRL-D).

I specifically don't have mappings that involve the leader key, and I don't use the Ctrl-P plugin or a package manager or anything like that -- I honestly don't think that mapping <Leader>w to :w<CR> will make me any more productive in Vim.

andrewstuart2 1 day ago 1 reply      
I'm all for bending your text editor to your will, but a few of these tips gloss over the core of vim: the shortcut language it offers and the composability of its parts of speech [1].

For example, remapping the paste key to paste + move to end is cool, but `ppppp` to paste 5 times circumvents vim's killer repetition. Want to paste 100 copies? (hopefully you do this rarely). Just type `100p` and you're done. I won't bother typing out the obvious sequence of repeated `p` presses, but you get the drift.

Also, remapping v to progressively select larger surrounding text objects will keep you from learning that you can perform any action on the 3rd parent curly braces by following the action with the text object `3a{` or `3a}`. Select it: `v3a{`, delete it: `d3a{`, comment it out `gc3a{` ([2]), whatever. If there's an action in vim you can perform it on a text object which can usually start with some count.

I really do mean language, too. When I'm using vim, I feel a lot more like I'm communicating with my computer than trying to figure out how to do what I want to do.

The actions are there: delete, change, select. The direct objects are there: braces, this line, line number N, end of this word, the next character C, this paragraph. The prepositions are there: inside, outside, up to (inclusive, exclusive).

Heck, the sensible defaults feel a whole lot like the "understood" words that you can leave out of sentences. Instead of "navigate to line 30", you can just use the shortcut for "line 30" (30G) and be done.

One of my favorite things about vim is the number of times I've literally been surprised that vim didn't read my mind and go where I was looking. Once you're familiar with the different pieces, it's so good that you might expect it to read your mind.


[1] http://ferd.ca/vim-and-composability.html

[2] https://github.com/tpope/vim-commentary

dyates 1 day ago 1 reply      
This post has some valuable tips (I'm probably going to try out <Space> as a leader), but one or two near the start rub me the wrong way in terms of how I use vim and how it's my impression that it's intended to be used.

>It seems like vvv is slower than vp but in practice I dont need to think beforehand what to select, and what key combination to use.

The way I've always used vim and always thought it was intended to be used is that you do think beforehand. You sit at your editor, think about what changes you want to make, and then key in a set of precision commands in vim-editing-language and it happens.

>This way v replaces viw, vaw, vi", va", vi(, va(, vi[, va[, vi{, va{, vip, vap, vit, vat, ... you get the idea.

I kind of like the precision of having all of those different things, and of course the option of using them for more than just visual select but also change, delete, and so on. Although I suppose this doesn't remove any of those keymappings, I must protest remapping Ctrl+v: I can't even use an editor without block select.

I imagine there's a plugin (or even builtin feature) that at least generalises "s, (s , [s, tags and things of that sort though.

>Stop that stupid window from popping up:>map q: :q

I know it's a weird and irritating thing to have that window pop up when you meant to quit, but it's actually a very neat interface: a whole vim buffer for recomposing commands and your command history for later execution (almost acme-like). Give the poor guy a chance.

As a counterpoint to what I've pointed out above, I'd like to recommend Drew Neil's [Practical Vim](http://www.amazon.com/Practical-Vim-Thought-Pragmatic-Progra...) to anyone who hasn't read it already. It's got a lot of great content, and really goes a long way to explain vim's quirks and methods of doing things.

One of the useful tips I learnt from that was the ex command "normal", which allows you to execute a string of normal mode commands over a range of lines. So, for example, you can append a semicolon to each line in a visual selection by entering

 :'<,'>%normal A;
A small thing, but one that I've used a lot since learning about it.

ortuna 1 day ago 0 replies      
You may also like spacemacs. They've got a pretty nice <SPACE> + a lot of keys binding system.https://github.com/syl20bnr/spacemacs
orthecreedence 1 day ago 1 reply      
This was great even just for the

 <Leader>p "+p
mapping. I do this all the time ("+p). It's weird because I tend to go through waves of realizing "Oh! I can just remap that!" I feel like I have fairly good vim skills but somehow always forget I can keep making it more efficient than it already is.

Thanks for the reminder =].

erikb 1 day ago 1 reply      
It is a long long time ago that someone taught me something really new about vim and used plugins that are not just fancy (looking at most status line plugins or nerdtree) but actually seem to improve productivity in a vim-ish sense. Kudos!
INTPnerd 1 day ago 0 replies      
This is one of the best "how to boost you Vim productivity" articles I have ever seen. It really gets to the heart of the types of customizations that a lot of people don't consider that make a massive difference.
grondilu 1 day ago 1 reply      
With bash, if 'fg' is too long to type you can just type '%'.
joelthelion 1 day ago 5 replies      
Why don't people seem to use the F keys? I have mappings for very frequent functions on F1-F5, and it really helps:

 map <F1> <Esc>:w<CR>| "Fast save imap <F1> <Esc>:w<CR>| "Fast save map <F2> :make<Up><CR>| "Fast compile map <F3> :bn<CR> map <S-F3> :bp<CR> " Same mapping for gnome-terminal ( see http://stackoverflow.com/q/12813126/164171 ) map ^[O1;2R :bp<CR> map <F4> :bd<CR>| "Close buffer map <F5> :cnext<cr> map <S-F5> :cprev<cr> imap <F5> <Esc>:cnext<cr> imap <S-F5> <Esc>:cprev<cr>

blueblob 1 day ago 1 reply      
A few of these are good suggestions but I can't live without C-v, whether I am already in visual mode or not. Block selection may not be used that frequently but when it is, it's a lifesaver.
yramagicman 1 day ago 1 reply      
I have hacked my tabline to be a list of my open buffers. It still functions as a tabline, for those of you who use tabs, but it's kinda nice to see all my open buffers in a nice list across the top of my screen.


clinta 1 day ago 1 reply      
I disliked the part about setting up Vim on servers. Do you really want to be adding all the dependencies for your editor on every server? I'm an advocate of using the netrw plugin to edit over ssh directly and avoiding logging into servers when not necessary.

vim scp://host//etc/whatever

mastensg 1 day ago 1 reply      
Here is a way to do the Ctrl-Z trick in Bash:


Veritaas 1 day ago 4 replies      
The most productive mapping ever: imap jj <ESC>.

No more having to reach for the escape key.

gfodor 1 day ago 0 replies      
This is great. One thing the author should do is remap enter to something better than "jump to end of file." I remapped mine to ":w<CR>" to save the current file, and it's stuck.
yramagicman 1 day ago 4 replies      
Does anyone have any advice on bindings to change split size? Ctrl-w + and Ctrl-w - just don't work well, and my current configuration shadows Ctrl-a, which I really would like to avoid.
floatboth 1 day ago 0 replies      
The zsh Ctrl+Z binding is brilliant!

The Space and Ctrl+Space thing is interesting, but not interesting enough for me to switch (from , and Ctrl+q with Ctrl being on Caps Lock).

critium 1 day ago 0 replies      
Learning that makeprg can be anything (even a script) made a huge difference to me. That and errfmt means I dont need to leave vim to compile or lint
bliti 1 day ago 0 replies      
Very useful, thank you. I'm spending more and more time using Vim through ssh and trying to re-learn as much as I can.
shmerl 1 day ago 2 replies      
Lately I use neovim, because it allows using 24 bit color themes in the terminal.
SSDs: A gift and a curse laur.ie
275 points by mirceasoaica  1 day ago   93 comments top 13
mrb 1 day ago 11 replies      
Of course SSD firmware is buggy. You know why? Because any half-decent electrical and computer engineering team can slap a NAND flash controller and some flash chips on a PCB, take the controller's manufacturer's reference firmware implementation, tweak the dozens of knobs provided by the reference implementation (ignore FLUSH commands, change the amount of reserved sectors, disable this, enable that, etc), change the device ID strings to "Company Foobar SSD 2000", and release the product on the market, with minimal QA and testing. And that's exactly what happened in the last 5-7 years with dozens and dozens of companies around the world designing SSDs.

But with traditional HDDs, the amount of engineering and domain-specific knowledge to manufacture and assemble the platters, moving heads, casing, etc, is such that there are only a handful of companies around the world who can do this (Seagate, WDC, Hitachi, etc). They have decades of experience doing that, so the firmware part of HDDs happen to be very robust as these companies have seen everything that can and will go wrong in an HDD.

So it boils down to this: which would you trust more, an HDD firmware code base that is 20 years old, or an SSD firmware code base that is 4 years old?

Combine this with the fact SSD firmware is much more complex (a flash translation layer must minimize write amplification, do wear leveling, spread writes on multiple chips, etc), and you are guaranteed that many SSDs on the market are going to be very buggy.

Rafert 1 day ago 2 replies      
I am surprised they haven't mentioned Crucial SSDs. With cheap drivers like the MX100 having features as power loss protection and Opal 2.0 support, I preferred these over the slightly faster Samsung products at the time.
rdl 1 day ago 0 replies      
The new flash DIMMs (which thus bypass PCIe bridges and ATA layer, since they plug directly into the memory controller) are really interesting. Not a commodity yet, but seems like a case where simpler -> better -> cheaper.
ColinDabritz 1 day ago 0 replies      
What a wonderfully informative article. I really appreciated all the specific scenarios and cases.
insaneirish 1 day ago 2 replies      
Moral of the story:

* Don't use hardware RAID controllers.* Don't buy hardware from people who are going to change SKUs out from under you, or worse, change what's actually delivered for a given SKU.

justinsb 1 day ago 10 replies      
I am looking forward to the day when all SSDs ship minimal firmware, and offload all the complex work to (main-CPU) software.
ksec 1 day ago 0 replies      
Am I missing something? Most of the issues seems to be Hardware Raid related.
mavhc 1 day ago 2 replies      
All these drives were on hardware RAID cards it seems, is it feasible to do without them?
Lagged2Death 1 day ago 2 replies      
On the upside, [the ridiculously expensive HP SSDs] do have fancy detailed stats (like wear levelling) exposed via the controller and ILO, and none have failed yet almost 3 years on (in fact, theyre all showing 99% health). You get what you pay for, luckily.

Call me a huge cynic if you must, but given the other problems observed, I think there's a really simple explanation for perfectly uniform "99% health" after three years of service that doesn't involve "you get what you pay for."

yellowapple 1 day ago 2 replies      
Parts of this sound more like hardware RAID controller issues than SSD issues, which is why I typically avoid hardware RAID in production environments unless there's a specific reason for it. RAID controllers tend to be buggy pieces of shit, usually implementing some RAID method that's more-or-less proprietary and unique even between different RAID cards from the same vendor (meaning that if your RAID controller fails, you might as well kiss your data goodbye, since the replacement - 9 times out of 10 - won't be able to make sense of its predecessor's RAID setup).

Also, RAID6 is a bad idea, almost as bad as RAID5. There have been numerous studies and reports [0] indicating that both are very susceptible to subtle bit errors ("cosmic rays"), and this is made even worse when SSDs are involved. If you need absolute data integrity, RAID1 is your only option; if you need a balance between integrity, performance, and capacity, go with RAID10, which is still leaps-and-bounds better than RAID5/6.

[0]: http://www.miracleas.com/BAARF/Why_RAID5_is_bad_news.pdf

deelowe 1 day ago 2 replies      
Isn't running raid1/5/6 on ssds silly b/c they'll all die at the same time? And hardware raid on top of that? Why?

SSDs have a fairly consistent failure curve (exusing firmware bugs and other random events) for a given model, so they'll wear evenly in a raid setup. This means they'll all die at the same time as writes/reads are distributed fairly evenly across the disks. Given the size of today's drives, you may not complete a rebuild before losing another disk.

Has this been proven to not be true within the past few years? I don't run redundant raid on ssds. It's either raid0 or jbod.

AHHspiders 1 day ago 0 replies      
I bought two consumer intel.. 80gb? Ssds. They both lasted less than a year before they stopped posting or allowing a system boot on separate devices.

The 850 pro is ok, but it's slowed down a lot lately. Might be an OS thing, which i doubt.

All in all i keep a redundant backup on old school hdds too since the failure rate of SSDs isn't so great in my experiences so far.

Anyone try one of the newer M2's yet? Or i think i mean the pci-E types?

abecedarius 1 day ago 2 replies      
So there are bugs in drive firmware. How about security bugs? Should we expect quality drives to have had a security audit?
Japanese Change Trays japantimes.co.jp
256 points by lermontov  22 hours ago   165 comments top 29
danbruc 18 hours ago 10 replies      
They are also in use in Germany and it never occurred to me that they may not be used all over the world. They are called [Zahl|Wechselgeld][teller|schale] [1] which translates to [paying|change] [plate|bowl]. They can not be found in every shop but probably in the majority. Some people use them, some don't. And it is more common to present the change in them than the payment. The obvious purpose is of course to easily be able to see that the amount is correct while avoiding escaping coins. They also often show ads, nowadays on displays. And nobody moves them around in Germany, they just sit on top of the counter.

[1] http://de.wikipedia.org/wiki/Zahlteller

ingsoc79 21 hours ago 5 replies      
Pro tip: if you want to review the correct pronunciation of the word "gai-jin," skip the tray and hand your cash directly to the clerk.
minikomi 15 hours ago 3 replies      
Lived in Japan for 8 years and have worked part time in cafes .. The training I got was to leave the money in the tray until you confer the change to the customer. It prevents things like "hang on! I gave you 5000 not 1000!" - the money paid stays in plain sight until the transaction is complete. Shop staff almost never put the money away before you get your change.
Yizahi 3 hours ago 1 reply      
"Instead of handing your payment to the clerk, or setting it on the counter by the cash register, here you are generally expected to put your payment into a tray that is presented expressly for the purpose. The clerk takes it away and returns it with your change."

Either I'm missing something from the context or author is mistaken. Trays and boxes in multiple forms and sizes are used everywhere in restaurants in Europe and ex-USSR countries.In banks and similar facilities people usually hand over cash via some special trays built in the counter because of the glass separating customer and clerk.

In fact I don't remember a single restaurant in 20 or so countries where I could go to the counter pay there directly or leave cash on the counter. In every case when I tried this (I wanted to speed up things) I was told to go and wait for the waiter, who will bring a tray where I will put cash or card (in cases when card terminal in not wireless).

_mgr 2 hours ago 1 reply      
Currently travelling through Japan for the first time. They ask if you have now finished placing the cash that you wish to pay with. This means I have been able to put notes in the tray and then shuffle through my coins attempting to get rid of as many 5Y and 1Y coins as I can. Cash in such a modern technology forward country is still weird. I have already broken my wallet due to the over use of the coin pouch. Prior to coming here it had never been used. New Zealand, where I am from adopted Eftpos over 25 years ago. We are already chip and pin, and pay wave has found its way into most POS areas. Japan is behind here but in a way I find to be very enjoyable.
jambor3 18 hours ago 1 reply      
There is a much older custom that seems so similar it is hard to imagine that it is not related. When passing an item to someone - say a cup to a house guest - one is traditionally never supposed to hand the item directly to the other person - i.e. never directly from hand to hand. Typically this meant placing the item on a tray () and offering the item on the tray to the person (or at least placing the item in front of the person for them to pick up). You can see examples of this today in, for example, formal Shinto ceremonies a ceremonial square tray is often used () or frankly at any fancy kaiseki restaurant.

I'm not sure about the origin of the custom, but perhaps the action of taking something out of someone's hand feels too close to taking it forcefully from them - i.e. for the same reason it is considered impolite for two people to hold the same piece of food by chopstick (for example, if passing food between people from chopstick to chopstick).

timboisvert 2 hours ago 0 replies      
The difference between the west and Japan in regard to change trays is that in the west (US, Canada, Europe, etc.) they're often available in a small subset of cash payment scenarios, but in Japan they're always available in every cash payment scenario. Not to mention that even when they are available in the west, they're rarely used, but in Japan they're always used. I've lived in the US, Spain, and Japan for considerable periods of time, and the level to which they're available and customarily used in Japan is what makes them such a noteworthy use case.
donatj 20 hours ago 1 reply      
I was with my friend at a bar in Osaka, and we'd had a few. The waiter came over and set down a circular change tray. I being a little intoxicated assumed he wanted me to use a coaster, so I picked up my glass and set it on it. He was not amused by this and shot me a VERY stern look - and then it clicked. We left soon after, quite embarrassed.
beloch 16 hours ago 3 replies      
Question: Is money considered "dirty" in Japan?

In North America, women keep bills and coins in their purses next to used tissues, and studies have shown that men's wallets have an even higher concentration of bacteria than women's purses. We sit on and, on hot days, sweat on our money all day. Let's face it, the stuff is pretty disgusting. However, if somebody hands you a twenty, your first reaction is usually not, "Oh gross, now I need to wash my hands".

In terms of hygiene, it makes sense for waiters to collect currency on trays so they don't have to wash their hands after every bill is settled (assuming it's a different person's job to take the cash off the tray and put it in the till). Could this be the reason the practice started? The connection between disease and microbes would have existed around the time these trays appeared, so it's possible a crusading doctor or someone similar convinced vendors to use these trays.

kbart 58 minutes ago 1 reply      
I thought money trays were ubiquitous all over the world. Any examples where they are not widely used?
ernie_ 13 hours ago 3 replies      
Wait, what countries don't use these? At least in Canada every restaurant that isn't fast-food is going to give you the receipt and change on a tray or in a leather booklet.
mml 20 hours ago 5 replies      
Department stores in the U.S. (At least in Minneapolis) used to ferry payment via baskets on wires from the clerk up to an accounting room where the money was counted, change made, and delivered back to the customer via the same contraption.
devindotcom 20 hours ago 5 replies      
Is it possible that it could be related to change needing to be weighed to be determined legitimate, or simply as a way of measuring the amount? (like paying with gold dust in the Yukon or what have you)

Beyond that I can see it being a result of extreme cultural stratification, as the article touches on - that it would be seen as demeaning for a higher-class person to put money directly into the lower-class person's hand.

It's quite interesting that no one has any clear idea! I love little mysteries like this.

tomjakubowski 20 hours ago 3 replies      
Phillipe the Original in downtown Los Angeles has used these as long as I can remember. Phillipe is an old school sandwich place (they claim to have invented the "French dip"), not a Japanese establishment. I wonder now why they're using them: I had mistakenly assumed it was some pre-WWII Western custom that they kept alive for that authentic vintage feel.
patja 20 hours ago 0 replies      
This makes me think I should pick one of these up for my daughter to carry around. She can't rotate her hands to a palm-up position, which causes no end of hassle and confusion when getting change from retail transactions.
seanccox 4 hours ago 0 replies      
These are common in Turkey and generally used in both sides of a transaction. I saw them in Syria as well (10 years ago). There, it seemed that part of the purpose was to mitigate "accidental" physical contact between men and women. Several women I knew there complained about guys getting fresh (touching their fingers or hands) during transactions. The tray prevented this. In Turkey though, I think it is more for transparency in the transaction.
hasenj 19 hours ago 1 reply      
When I was in Japan, I would always put the money in the tray, but the cashier would always return directly to my hand. I didn't understand why.
smegel 16 hours ago 0 replies      
> Its an interesting question, the curator I spoke to allowed

I wonder if non native English speakers find this expression (or the use of "allowed") confusing.

tragomaskhalos 4 hours ago 0 replies      
My favourite part of this article was the description of an entirely trust-based retail economy that has now - sadly but inevitably - vanished.
peterwwillis 21 hours ago 3 replies      
Restaurants in the US use small trays to confer bills and money all the time. What makes this Japan-specific?
microcolonel 12 hours ago 1 reply      
We have these in Canada, I'm pretty sure I've used these in Pennsylvania and Michigan as well, not sure where these aren't used actually.
paulsutter 17 hours ago 0 replies      
In Japan, anytime you hand someone cash in personal life it's rude not to put it in an envelope. Examples includes gifts or paying your Japanese teacher.

The tray avoids passing cash hand to hand. 20 years ago, clerks (or taxi drivers) would be visibly surprised and slightly shocked if you tried to hand them cash. But that's relaxed a lot now. Tourists hand cash to clerks and the reaction is slight if at all. Taxi drivers often exchange cash hand to hand. It's still more polite to use the tray but less strict.

ZanderEarth32 21 hours ago 2 replies      
Was just in Japan and encountered these everywhere. We knew to use them from our research prior to the trip. Initially I was under the impression it was to prevent the spread of germs, but that didn't really line up because the money comes into contact with the cashier's hand regardless if the tray is used or not. I guess it could help reduce the amount of small hand-to-hand contact that is sometimes experienced when you place money in someones hand directly.

It was easier for the cashier to glance at the amount we had placed in the tray and help us count out the correct amount of money for our first few days there while trying to get accustomed to the types of currency.

obel1x 18 hours ago 1 reply      
In the bar I used to work in we used to give the change to customers on a tray to prompt the customer to give us a tip. So I always assume that's why they are being used.
ojbyrne 17 hours ago 1 reply      
I remember these being common in Canada at least as late as the mid-1980s. Usually branded with a credit card logo.
mml 14 hours ago 0 replies      
Unrelated, but interesting custom: Koreans (possibly others of the Asian persuasion) generally will hand you change with both hands (possibly with a small bow), it's considered rude to hand cash with only one hand. No idea why.
ChrisArchitect 21 hours ago 2 replies      
come on, this is common in EU..Germany etc, too
byuu 18 hours ago 2 replies      
Genuinely curious now ... if the trays are meant to avoid hand contact, how do things work in drive-thrus there?

Fairly common to get some level of hand-contact there when passing around money, credit cards or food bags.

VLM 19 hours ago 1 reply      
Think about the protocol in CS terms...

Hand to hand western style is 1:1 blocking I/O, both the payer and recipient must be simultaneously active at the same moment.

At a restaurant/bar this tray is the worlds smallest FIFO and you put a packet into the packet buffer at your convenience and the service worker clears the buffer at their convenience, and this protocol is considered so polite that even at convenience stores when you're in a line you still use the FIFO buffer and pretend you're both not in a hurry and have plenty of time for proper, measured, unhurried service, even when you don't actually have the time. Its impolite to force a two concurrent processes to deadlock waiting a simple packet buffer transfer, and even if they do, they like to pretend its not happening.

If the trays looked nicer it would have been an obvious conspicuous consumption opportunity. The cheap store has injection molded plastic; we have marble trays; they have antique engraved ebony.

I wonder how or if they handle what CS would call transaction locks, to make sure the other process doesn't grab the buffer to empty it while the filler is still shoveling in small change. Not having been to Japan yet, I'm guessing the tray moves and at least subtly you somehow indicate you're done filling the bucket before the service worker starts emptying it.

I had another model based on traditional innumeracy, if traditionally payers were innumerate you shovel coins onto the bucket until the service worker sees enough and takes away the bucket. I find this model theoretically possible to implement although highly unlikely in practice.

Apples Tim Cook Delivers Blistering Speech on Encryption, Privacy techcrunch.com
267 points by revscat  1 day ago   327 comments top 33
threatofrain 1 day ago 10 replies      
Apple collects tons of user data, and I'm sure they use some of it to provide machine-learning backed services, and I'm sure they'll come out with much nicer products to compete with Google in the future, also enhanced by machine learning techniques.

The difference that Tim Cook wants you to believe in is that Apple doesn't directly make money from your data, they just use it to improve their product; alternatively, Google makes money from your data by providing advertises with guided access to your eyeball.

But the danger isn't in the fact that Google lulls you into complacency with free services. The danger isn't in the fact that Google sells guided access to your attention. The danger is just in the collection of data, and the fact that one day the government or somebody could find a way.

There's only one way to be safe. And that's to collect only minimal amounts of data for minimal apps. That means gimped Siri. No Apple competitor to Google Photos. And I don't think Apple will do that. I think they'll continue to amass all the data they use to improve customer experience. The fact that Apple makes money differently off the data doesn't change the fact that it's collection that's inherently dangerous.

CurtMonash 1 day ago 1 reply      
I'm beyond thrilled at this, because the chilling effects point hasn't been made nearly often enough. My version is at http://www.dbms2.com/2013/07/29/very-chilling-effects/

That it happens to be commercially advantageous for him to say that his business model is more virtuous than Google's or Facebook's doesn't bother me. In fact, I think there are fixes that could preserve their business models yet reduce the threat. Great. In the mean time, we need people to understand that unfettered surveillance and data use, taken together, are a drastic threat to human freedom.

plg 1 day ago 5 replies      
In addition to the comments already here, I think this comes down to trust. Which companies do you trust? Which CEOs do you trust?

Eric Schmidt: "If You Have Something You Don't Want Anyone To Know, Maybe You Shouldn't Be Doing It." [1]

Mark Zuckerburg: "They trust me dumb fucks." [2]

Tim Cook: "Im speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information, said Cook. Theyre gobbling up everything they can learn about you and trying to monetize it. We think thats wrong. And its not the kind of company that Apple wants to be." [3]

Tim Cook: "Our business is based on selling products, not on having information about you. You are not our product." [4]

Tim Cook: "We take a very different view of this than a lot of other companies have. Our view is, when we design a new service, we try not to collect data" [5]

[1] https://youtu.be/A6e7wfDHzew

[2] http://gawker.com/5636765/facebook-ceo-admits-to-calling-use...

[3] http://techcrunch.com/2015/06/02/apples-tim-cook-delivers-bl...

[4] http://www.macrumors.com/2014/09/15/tim-cook-on-privacy/

[5] http://techcrunch.com/2014/09/15/tim-cook-holds-firm-on-imes...

hkailahi 1 day ago 4 replies      
At the moment, this thread seems more like a YouTube comment section than a HN one. Though it's not exactly surprising given that Tim Cook's speech is obviously aimed at Google/FB.

Let's start with the facts. Apple makes its major money in hardware. Google makes its major money in search. Obviously, iOS has to be able to compete with Android in order for iPhones to sell well. Google offers services like Google Now and Google Photos that can be tailored in a more personal and effective way. How? They collect as much data as they can get away with. Consumers get to have services that should be better suited to them because of this.

If Apple wants to compete, it seems that there are two options:

1. Start mass collection and become a better Google.

2. Reject Google's model, and build iOS around privacy and non-invasiveness.

That's what this is. I do think Apple will either make a search engine focused on privacy or buy one (e.g., DuckDuckGo). Personally, I am happy that Apple and Google are competing in this way.

hackuser 1 day ago 1 reply      
I'm repeating myself (from other threads) but Mozilla should use this sales pitch. Very few users can evaluate business' privacy practices; they only can trust the business. Due to their non-profit, public good status, their mission, and their track record, nobody could compete with Mozilla on trust.

EDIT: I'll add: Certainly the other two leading browser makers couldn't compete, and in mobile platforms only Apple, if they sell Cook's pitch effectively, can provide any competition.

QuantumRoar 1 day ago 6 replies      
Making a speech is easy, compared to actually doing the right thing.

Just a month ago, I was asked by an employee of an Apple Certified Service Provider to decrypt my hard drive in order for Apple to make a "hardware test". There was an issue with my display, but they insisted that Apple's hardware test needed to have access to the data on my hard drive and send information back to Apple via the Internet. What about privacy, now?

So, don't believe anything they tell you. If you want to be secure, you need to take care of it yourself.

Edit: Just to make it clear, the employees were asking me, to hand over my administrator password, which should be added to their database, in order for the technician to successfully run Apple's hardware tests. This is literally the most insane thing that ever happened to me...

icpmacdo 1 day ago 6 replies      
Im speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information,

Theyre gobbling up everything they can learn about you and trying to monetize it. We think thats wrong. And its not the kind of company that Apple wants to be.

This is a great strategy to win the hearts and minds of privacy advocates like me and take shots at companies like Google at the same time.

callil 1 day ago 2 replies      
They are setting the stage for announcing the launch of their google now compete which they will sell as more secure and private (no selling your info for ads!) [0]

This is all part of their marketing campaign.

[0] http://9to5mac.com/2015/05/27/apples-proactive-to-take-on-go...

randomsearch 1 day ago 2 replies      
Everyone seems to be Apple-bashing, and ignoring the fact that Apple really don't make money out of your private information. They make cash out of selling devices. So their interests are more aligned with yours. You may have noticed that Google don't make their money out of selling hardware. So they make it through other means. This is really inarguable, regardless of whether you think Apple are using that for marketing or whatever.

Personally, I'm happy to pay a company with a sound business model that doesn't rely on advertising (and by proxy your private information).

How on earth some of the other commenters arrived at their worldview, I have no idea. Unusually close-minded for HN. A lot of Google employees, perhaps?

msoad 1 day ago 6 replies      
Software is eating everything, including hardware. If Apple is not capable of doing good software it's doomed. It appears to me that Apple is giving up on software. By software I mean the code that recognize things in my photos in Google Photos or the software that sort the items in my Facebook News Feed. Apple is incapable of doing software like that. At least today.

So what they're doing is bashing those who actually can do things with their data.

I like to believe there is a company that cares about my privacy but we all know if Apple can make a good business from my data it will(iAd). They simply can't!

maqr 1 day ago 2 replies      
> For years weve offered encryption services like iMessage and FaceTime because we believe the contents of your text messages and your video chats is none of our business.

Sounds great, but take note that it's none of their business today and we know they can be compelled to spy on their users by NSLs.

They control the key infrastructure with their closed-source software that runs on their closed-source hardware.

If they wanted to go into the business of sucking up all of your private messages and parsing them to sell advertising or if the government wants to read some messages, they wouldn't need to do anything besides issue you a different key.

iMessage won't even let you look at the fingerprints of your friends, and it won't warn you if they've changed. [1]

[1] http://blog.quarkslab.com/imessage-privacy.html

krisgenre 1 day ago 1 reply      
I find taking pot shots at competing companies really cheap. Its 2015 and by now I think most people are aware that Facebook and Google collect all the information they can so that they can offer their services for 'free'.

How many would really pay for email, cloud storage, search, social network, browser..? what guarantees do I have that the government will NOT have access to my data if I pay for it?

hackuser 1 day ago 0 replies      
Apple's statements about privacy, combined poor end-user control and openness (transparency), are an interesting dichotomy. Usually I associate privacy with the latter two. What does it mean without them?

1) To what degree can you trust the systems without openness? Maybe what Cook thinks is valuable data, adequate confidentiality, or acceptable risk, is not what you think. On the other hand, few people actually review the security of FOSS systems.

2) To what degree can you have confidentiality without controlling the system and data? Maybe tomorrow an update will expose your data because you're doing something Apple didn't anticipate or approve. On the other hand, from a system administrator's perspective, it's much easier to secure systems that the sysadmin manages and controls than systems controlled by the users.

SG- 1 day ago 1 reply      
It's too bad the debate here has turned into a huge Apple vs Google thing when it's really a story about not letting the government strip away people's privacy and ability to properly encrypt their data.

Like really, we get it you might not like iOS or OSX, but it's not about that right now.

brazzledazzle 1 day ago 0 replies      
Apple collects data deceptively don't they[0]? Seems like a case of the pot calling the kettle black.


magicalist 1 day ago 3 replies      
> Cook went on to state, as he has before when talking about products like Apple Pay, that Apple doesnt want your data.

I was actually somewhat disappointed by the Apple Pay approach (and that Android Pay is going to follow suit). I'd actually much rather have Apple or Google as an intermediary and give the credit card issuer no information about my transaction. It may seem nice to say that your phone OS sees no data about it, but of course the tradeoff is that the issuer does, and they are notorious sellers to data brokers.

I'd much rather have one time tokens for both the seller and the bank, and only my phone knows what actually happened in between.

pmontra 1 day ago 0 replies      
"It could be argued that it [(Apple)] doesnt gather enough, as Google Now, Google on Tap and other holistic offerings have the potential to give users much more lateral movement and delight moments on Android specifically due to how much data Google gathers on its users."

Many years ago, thinking about the future, I imagined to have a device that would give me more or less what Google Now can give me. What I didn't imagine is that it would be a central server to collect all of that information (about everybody) and send me only a feed. This is very mainframe-like and that was the time we were starting to use Personal Computers (IBM/Apple/any) so you could forgive my naivety. Still I think that's possible to build a Google Now without a server owned by a single central organization and there are things like this https://news.ycombinator.com/item?id=9204954 to prove it (and also prove how hard it is).

So I'm left with not using Google Now and most Google services (no Gmail) because I feel that letting a company access to all those information is creepy and a transitive distrust for every company in similar markets. Recap: what I want is my data only in my hands and clients that query servers and collect the information I need. No clouds thanks, those are good only for encrypted backups. If I want sync and continuity, that should go through a server I control.

johnrob 1 day ago 1 reply      
Tim, if we're dumb enough to join your autocratic platform, then we're certainly dumb enough to not care about our personal data.
erikb 1 day ago 0 replies      
I've read many highly rated comments that state something on the lines of "Apple sells hardware not ads, so they don't want to collect your data". If we shorten this to "<somebody> sells <whatever>" then you already have the foundation of what requires data. Sales and marketing probably eat the biggest amount of money in any company. And they get better and cheaper with more data. That's why Google ads works so well. They can connect the right customers with the right products, because they have the data.

Therefore I'd say everybody wants all data about you they can get, including Apple, because everybody sells. I would guess they'll collect your data and call it privacy because they protect it against third parties, but they themselves wouldn't protect your data from Apple.

It also doesn't make much sense to really protect data. The supermarket in front of my office sells so called "Extra Cards" which advertise to not care about your data because you don't have to enter your name or something. That they still collect what you buy, when you buy, and where you buy they simply don't say and many people are fine with that. Even software developers have this card because they think their data is safe.

It's hip to sell privacy, it's not hip to really offer privacy.

terminus 1 day ago 0 replies      
> We believe the customer should be in control of their own information. You might like these so-called free services, but we dont think theyre worth having your email, your search history and now even your family photos data mined and sold off for god knows what advertising purpose.

That's very sanctimonious of the CEO of the richest corporation in the world.Speeches are great but what would be even better is for them to deign to actually sell something to the poor, the people who cannot afford to buy into Apple's privacy respecting products.

surferbayarea 1 day ago 0 replies      
The internet was built on open peer-to-peer protocols. Email was designed to be p2p, not client-server like gmail is. In the near future, the fundamental structure of the internet as we know it today will change. All of a user's data, activity log etc generated by all the 100 sensors + services that a user uses will be centralized in a repository that will be owned by the user. Different services and tools and devices will just get on-demand access to the data as and when they need it to provide a service to the user. It will also require them to contribute any activity data back to this repository. This will lead not just to solving privacy, but way better user experience and services that are not possible today due to data silos. It is sad how corporations with an objective to make money(which it should be) have misguided internet to become a siloed structure designed to benefit different corporations. This incorrect structure needs to and will be broken...
nemik 1 day ago 0 replies      
I'm unsure of how to reconcile the conflicting things Cook says, then does: http://www.businessinsider.com/apple-china-security-checks-o...China will ask for keys and Apple will give them up. I guess because China's a much bigger market than the US.
joelrunyon 1 day ago 2 replies      
This, combined with a few reports from a couple months ago, sounds like Apple might be ramping up a search engine competitor that could be more privacy-focused.
msabalau 1 day ago 3 replies      
In other words, Apple is incapable of competing at delivering valuable user experiences on the basis of machine learning, so they are trashing the concept.
cromwellian 1 day ago 3 replies      
This is marketing folks. Apple's behavior towards Google changed dramatically after Android starting getting traction, and this sudden pivot towards pro-privacy is an Apple's attempt to damage the reputation of it's biggest competitor. Apple hasn't been consistently speaking with the same voice on privacy, both before or after Snowden, and Tim Cook's comments IMHO look cynically designed.

Apple collects plenty of personal data in their cloud services:

1) iTunes and App Stores can track your browsing and purchase data. This is likely used to model and create profiles of your app store behavior so as to revenue maximize what's offered or displayed to you as alternate suggestions for what you might like.

2) Their streaming media services will have data on music preferences. Beats Audio will know whether you like Classic Rock or Jazz, or Beyonce.

3) iCloud Photo Library is not encrypted client side in a way that prevents Apple from decrypting it on the server, so like Google Photos, Apple will have your photos. Apple is not good with cloud services, it's their weak point, so naturally their incentives are to argue against better competing services.

4) iOS ecosystem is freemium based and there are tons of iOS apps in the store that show apps or collect analytic data. You can't claim to value privacy, run a walled garden, and then let third parties collect data to make your ecosystem monetizable and viable. It's benefitting from data collection indirectly, but looking like you're clean.

Now, you can make an argument that you trust Apple more, and make the usual arguments about business model motives, but that's just arguing that Privacy doesn't matter as long as the person violating your privacy isn't monetizing it. Just because Apple isn't monetizing it now doesn't mean they won't later, especially if hardware revenue tops out. If your want total protection, you can't rely on "trust", you have to rely on not sending plaintext in the first place. That rules out iCloud as well.

Overall, Apple may be painting themselves into a corner like Google's "Don't be evil" phrase, where they go all-in on privacy claims so much, that people will over scrutinize any exceptions or violations of principle. When you cloak yourself in piety, people start looking for hypocrisy.

As an example of boxing ones self in, certain kinds of services simply are impractical to run completely client side right now, and homomorphic encryption/computation isn't there yet to make server side computations on ciphertext feasible for many types of services you'd want to offer.

Take for example, organizational assistance, image search, voice recognition. Apple can't improve it's Siri quality without getting actual voice samples from tons of users and storing them so they can use machine learning algorithms to improve accuracy. That's not really feasible to do completely client side. Likewise, if you're trying to train up an image clustering service, you could try running them on publicly published Flickr professional photos, but it won't give you a good sample of real world photos that people take.

Apple may be working on a Google Now service that runs locally, but this might be fundamentally limited in how good it, or Siri can get, and so Apple's ambitions of an intelligent assistant could be limited. Apple also may be working on a search engine, but fundamentally, the iPhone can't store the index for 40 billion documents, which means any search service they offer will have to send your queries to the server, which again, creates an audit trail.

My point is, you may agree with Apple's arguments, but other individuals have been making those philosophical arguments for ages -- those without $180 billion in cash and a huge empire of phones under assault from competitors -- so when Apple execs parade around talking about privacy, you should have the same skepticism you have for any other executive with a vested interest in hawking their products.

alan_cx 1 day ago 0 replies      
Am I to take from this that are we getting excited that privacy is a premium item that you have to pay for?
hackuser 1 day ago 0 replies      
Can Apple really deliver the security it promises? Hundreds of millions of systems being used and configured in every way imaginable, and a very attractive target for attackers -- I don't know what promises I would make publicly.
alaskamiller 1 day ago 0 replies      
Caveat being how Apple looks at privacy isn't necessary how Facebook or Google views privacy because Apple is a store while Google and Facebook are clubs.

It's in a store's best interest to keep their customer records private.

A club's best interest is to broadcast how much fun it is to join them. That's not to say a club doesn't and wouldn't want to keep their member records private as well.

In fact, clubs work hard to do so, just ask how Meerkat is doing, or any other third parties looking to build on top of a platform they don't own.

Additionally a club like Google or Facebook doesn't sell sell your information. They do the same song and dance as all mass communication companies in the past do, they merely sell hints of it.

To compare a store's motive with a club's motive is interesting, it's almost like comparing apples and oranges. It might also speak to why the core DNA of Apple isn't in creating web services, why Google's core DNA isn't in creating physical products, and why I much prefer speaking to Google Now on my iPhone.

They both see the world differently.


The real interesting question is this.

Apple's service agreement states they store and encrypt iMessages. There have been 300 billion messages thus far. Apple has a centralized system for managing those messages while others use a decentralized peer-to-peer system.

So a positive is that the government can't hack into it.

The negative being that if the government justifies in asking for it instead Apple has no recourse but to give it up.

When push comes to shove, will Apple, the largest company in the world, step up to the plate and spend money to fight the United States in court?

Otherwise this is just a sales pitch that Don Draper pulled when he told a fictional cigarette company to start claiming their tobacco is sun-dried so that every other cigarette company looks weaker in comparison.

b0sk 1 day ago 0 replies      
A scathing attack because their business model doesn't depend on privacy, but if Apple is in a business like Google/Facebook, would he still feel icky like this?
snowwrestler 1 day ago 0 replies      
While there is obviously plenty of eye-rolling at the obvious digs at Google, I'm pleased to see such strong push-back against the government arguments for weakening or punching holes in encryption.

I think that in the long run, this will matter way more than which giant tech company makes a bit more money than the other.

jgalt212 21 hours ago 0 replies      
I don't want to hear anything Tim Cook has to say on Public Policy matters until Apple stops dodging taxes.
magicalist 1 day ago 1 reply      
I'm tempted to flag your comment for the baseless and distracting claims it makes, but I'm going to hold off since it is essentially self-parodying. I am curious about the "You lot are a bunch of god germans" thing, though.
pasta_2 1 day ago 0 replies      
If what Tim Cook said could be easily discounted as puffery, it would be largely ignored by the Google fanboys. But the fact that you don't even have to believe what Tim Cook says or even trust him, because Apple's business model doesn't benefit from the perverse incentive that Google's does, is driving them crazy. And no iAd doesn't count, that's a service for third party developers to monetize their own apps. There are no ads in Apple's first party apps. It's also been criticized by advertisers because of Apple's protection of customer privacy. http://adage.com/article/digital/amazon-apple-catch-a-break-...

It's an interesting twist for HN, which is normally ready to take strong pro-privacy positions in the wake of the Snowden leaks under the premise of potential abuse by governments.

How we uncovered the identity of popular spyware makers medium.com
253 points by pnevmatico  1 day ago   28 comments top 14
buro9 1 day ago 2 replies      
> The UK address. 145-157 St John Street, London, EC1V 4PY. According to a BBC report, this is the address used by a company which sells its use as a registered office address. Because there does not seem to be an obligation to check that users of the service are legitimate companies, criminals are attracted to it. According to the BBC, the address is in common use among fake companies operating "boiler room" fake share scams.

That is the old address for Companies Made Simple: http://www.companiesmadesimple.com/

They handle all kinds of services for tens of thousands of companies in the UK, from registration, to registered address and mail forwarding.

I know this, because I used them for my startup to handle the registered address. This is because official mail has to go somewhere and the address is a matter of public record. We were in a co-working space at the time and knew that we would move on when the time came, it's an annoyance to go around updating the registered address and unprofessional to have a co-working space as one.

That Companies Made Simple is used by bad actors isn't going to be a surprise, bad actors use nearly all service providers.

They are the largest provider of registered address services in the UK, it's not a surprise that the address is in "common use". That ignores the fact that the number of legitimate businesses that use the address vastly outnumber the illegitimate.

I dislike Companies Made Simple having used them (they nearly shredded our investors SEIS certs because they didn't regard them as "official government communication"), but it's probably defamation to imply that companies using the address are not legitimate just because some small sample of them are not.

baffledshrimp 1 day ago 1 reply      
> We decided to sneak a peak. Logging in with the mobiteam@icloud.com apple ID and the password graciously provided in clear text, we have identified a typical QA team account...

This provides the 'break in the case' but it's based on illegal activity. Just because a company is acting unethically doesn't give researchers a legal shield. (Especially considering a quick search led me to the probable identity of the author.)

kpcyrd 1 day ago 1 reply      
> After the first shock of seeing iCloud passwords stored in clear text(how hard would it be to encrypt them?)

Not going to defend shady businesses, but I dislike this knee jerk reaction without understanding the actual issue. I've seen software that encrypts (encrypts, not hashes) passwords for security, but stores the secret in the database, too. Sure, technically they didn't store plaintext passwords, but practically they did.

What you could do to defend the passwords:

* hash them - doesn't work in this case, because it's not an authentication system

* symmetrically encrypt them - useless, the secret would be stored on the compromised server

* asymmetrically encrypt them - works, assuming the private key isn't stored on the server. Therefore, it's not possible to decrypt the passwords from within the application again

fasteo 1 day ago 1 reply      
Great write-up, even though some enthusiastic conclusions are far from solid.

>>>> the logo similarity convinced us beyond the shadow of a doubt that Mobisoft LTD is the development company behind mSpy

>>>> Why would mSpy move their data from Amazon ... Incidentally, in September 2014, the FBI has arrested a CEO of another spyware company called Stealth Genie ... Could the ease with which the US authorities were able to take down Stealth Genie has caused the Ukrainian company to move to an alternative infrastructure? We believe that the compelling answer to this question is obvious. Yes.

chris_wot 1 day ago 0 replies      
I think what would be interesting is to ask Lenovo why they commissioned Lenovo Browser Guard from a known spyware distributor, Conduit (one of the biggest and for a time nastiest Malware programs was Search Protect, which they make).

Proof: heres a press release from Perion from June 2014 which announced that they partnered with Lenovo to create Browser Guard:


And here is a January 2014 press release that shows that Perion acquired Conduit's ClientConnect Services in 2014


dkyc 1 day ago 0 replies      
Thanks for the story, it was a nice read. However, the answer is at the beginning: The author of the software is exactly the guy he claims to be. Along with photo and an interview in the Forbes Magazine.

Yes, they use all kinds of fake companies for whatever purposes, but there's really no need to entangle it all.

ipsin 23 hours ago 0 replies      
Doesn't logging into an email account with stolen credentials, even a "QA team account" cross a line?

I understand that spyware makers are not good people, but that doesn't obviate the laws against this sort of thing.

travelhead 2 hours ago 0 replies      
Instead of 20 pages of investigation, he admits he could have simply gone on LinkedIn and searched for 'mspy' - LOL!
hywel 1 day ago 0 replies      
My money's on SourceForge.
jds375 22 hours ago 0 replies      
I think the name Pat Baitman is a reference to Patrick Bateman http://en.m.wikipedia.org/wiki/Patrick_Bateman
chii 1 day ago 0 replies      
It's great that at least some shady businesses are being exposed. However, the problem is that it's hard to get any public attention on it - they are relatively small, and it's hard to link any actual damage to these shady businesses, and even then, the victims are "spread out", and will find it difficult to litigate.

There's no pressure to stop such businesses, unless law enforcement do their thing properly. FBI and other gov't agencies have massive resources, why isn't more put on this sort of thing, instead of spying on the citizens illegally?

OrangeTux 21 hours ago 1 reply      
> > After the first shock of seeing iCloud passwords stored in clear text(how hard would it be to encrypt them?), we have seen something very interesting in the file:

I don't understand why that particular developer account caught their eye while browsing through a 13GB data set.

DanielBMarkham 1 day ago 1 reply      
I liked the style and flow of this piece a lot. I sort of felt like I was left hanging at the end, though. There was no huge reveal or dramatic conclusion, just a bunch of arm waving and strong language.

I wonder if rewriting this so that the ending leaves more of a mystery might help the piece. As it is, I got the feeling the author was trying to tell a story that just wasn't there. Great tone and style, though, and worth the read. This new brand of "Nerd Detective Novel" is really cool. Would love to see more of it.

newuser88273 1 day ago 0 replies      
So this outfit, mSpy, sold to people the capability to track activities on one (1) other person's smartphone: Less than a nanogoogle! Why the outrage?
GitUp makes Git painless gitup.co
252 points by mirceasoaica  22 hours ago   229 comments top 36
cheald 20 hours ago 7 replies      
It's kind of amusing to me how the pendulum has swung, and we're now producing OS X-only developer software.

But then, I'm an oddball who works on Windows as my shell with the real work happening on a headless Linux box via SSH and Samba for 99% of my development.

dcre 20 hours ago 4 replies      
I'm a SourceTree user on Mac. Just tried GitUp out for an hour.

Here are the problems I have with SourceTree:

* Slow as hell

* No/bad keyboard shorts, and setting up custom ones is annoying and buggy

* Uses tons of memory it eventually gets up to 1 GB after running for a day or two, and my repos are not very big.

My thoughts on GitUp:

* Crazy fast (almost disarmingly so I think it needs more visual confirmation when things happen)

* Excellent commit/staging view. Reminds me of GitExtensions, a nice Git GUI for Windows

* I love the focus on keyboard shortcuts. They work really well in the commit view

* Map view is truly awful. I get that it's a work in progress, but I have no idea what its organizing principle is. Too much pointless whitespace. It radically overprivileges old branches and commits. I don't see a way to focus on what I did most recently.

* The list of commits (Cmd+D) in the map view is useless

eric_h 21 hours ago 1 reply      
> IMPORTANT: During Pre-Release, signing-up for a GitUp account allows you to enable advanced features (like rewriting commits), participate in the GitUp forums, access the "Continuous" build channel, and most importantly, show your support for the app and future developments!

Why do I need a GitUp account to enable rewriting commits?

Furthermore it looks like these prerelease builds expire. I'm guessing the released software will be neither free nor open source.

the_ancient 21 hours ago 9 replies      
>>Requires Mac OS X 10.8 or later

Apparently it is not the interface I have been missing...

Having a Git tool not available for Linux is blasphemy

dan00 21 hours ago 4 replies      
I don't know if it's such a good idea to start by showing how easy changing commit messages is or even have this option that easily available, because after all you're changing the history and the beginner might not be aware what this really means, and beginners seem to be the target audience for this tool.
okal 20 hours ago 7 replies      
I realize this is a pretty broad question, but what is it about Git that people find painful? Could be Stockholm Syndrome on my part, but I have a pretty hard time understanding why someone can't spend a week getting up to speed with a tool they intend to use for years to come.
masnick 13 hours ago 0 replies      
This looks great.

BTW I don't get all the negativity in the comments about Mac-only tools. A huge number of developers use Macs specifically for well-designed third party software with *nix goodness. I wish other platforms had the same quality of third party software, but they just don't. This is mostly because it is much more difficult to make money selling software for other platforms, for whatever reason.

In any case, I don't see the justification for ragging on someone for developing for (1) the platform they choose to use themselves and (2) the only platform where indie devs can make any money.

davexunit 21 hours ago 1 reply      
Hmm that's not Magit...

OSX only and proprietary: no thanks.

barbs 14 hours ago 0 replies      
Looks interesting. I think speed is absolutely important when it comes to version-control interfaces. It was one of the main reasons Linus created it in the first place (as opposed to SVN), and I'd argue it's important to maintain flow.

My current git interface is "tig", a curses-based command-line client, which I enjoy for its speed and simplicity. Gitup looks appealing for similar reasons.

zatkin 20 hours ago 2 replies      

I hope no-one here ever has to deal with a tree like this.

jv22222 21 hours ago 1 reply      
The general verbiage, tone and saying things like "It will change your life as a developer" makes me not really want to look into it.

Show, don't tell, that's my advice.

Anyway, the main point is you are making an effort to build something that can solve problems and you are putting it out there, so well done on that front.

karmakaze 13 hours ago 0 replies      
I've tried to use GitX and SourceTree in my workflow and always end up going back to gitk. There's always some information, view or action I can do in gitk that I can't make the others do. I find git from the command line to be the most painless. Everything else is always the third thing after gitk and command-line. Seeing multiple stashes used to be a great extra feature, then I just stopped using stashes.
paozac 21 hours ago 0 replies      
The tree visualization is nice, but if you'd rather use a (Mac only) GPL tool then Gitx-dev, a fork of Gitx, is still pretty good (http://rowanj.github.io/gitx/).
dcre 21 hours ago 1 reply      
Does this mean they're using libgit2, or what?

> Because it bypasses the Git binary tool and interacts directly with the repo database, GitUp is vastly more reliable than other Git clients and often faster than the command line.

mgold 19 hours ago 0 replies      
It saves snapshots of you git history. So we have version control... for our version control? Slick.
chjohasbrouck 20 hours ago 2 replies      
There's something really satisfying about seeing a visual representation of my git repositories, but my overall impression is that I'm not going to get any productivity gains here.

If you know what you're doing, CLI is just faster. I understand that it's aimed at more novice developers, but I think for those developers it's even more important to use the command line. Developers that get into the habit of using unnecessary graphical UIs always seem worse off because of it.

neil_s 19 hours ago 0 replies      
I needed something like this when I was starting out, and still occasionally do. Obviously once you've had a few dozen commits you get a hang of things, but initially, the visualisation can help a lot.

For my co-founder who's just getting started with software engineering practices like version control, I recommended she use ungit (https://github.com/FredrikNoren/ungit)

zyxley 21 hours ago 1 reply      
This had my attention right up until the "account needed for some features" thing.
Sbn 13 hours ago 0 replies      
Windows + Linux is still ~80% of the developer share according to Stackoverflow surveys, so this might not be the best direction to spend effort
kazinator 21 hours ago 1 reply      
Dialog box? Why not drag and drop? Just drag this branch into the branch, to indicate what shape of graph you want, and it merges to make it that way.

How about an interface where you can pick commits from a graph, and drag them into a free space, where they exist as labeled points. Then, draw line segments among hem and connect them to a graph. Then, the software cherry picks these commits according to what you've drawn and creates that branch. The need for a merge could be indicated as a red blinking light on a node. (And the not yet cherry-picked segments are grayed out.) From there you click on it, get a list of conflicted paths, and engage in resolution UI. The blinking indicator goes away, and the cherry pick continues.

erikb 16 hours ago 0 replies      
Huge disadvantage that it's only for OSX. I don't know but I think the most people who can't already handle git should be on Windows, right? Or on the web. That's an attempt to be the best tool ever for people who don't know git yet and it's not aiming at them. That's really a pity, because I hope it would succeed.
Raphmedia 21 hours ago 0 replies      
Sounds very nice. I'm using SourceTree and it slows down my entire system because I have up to 50 active repo I use which are updated often. Even when I turn off automatic fetch.
bcg1 20 hours ago 1 reply      
Proprietary development tools are a trap. And this software is just a proprietary wrapper around a real community product. Doesn't matter if you rewrote the library for interacting with the database... standing on the shoulders of giants.

Are we really at the point where "professional engineers" need to buy a GUI as a substitute for a fast, extensible, cross-platform command line tool that is so easy to use that even I could figure it out?

copsarebastards 14 hours ago 0 replies      
To be honest, git is already relatively painless. What problems does this solve?
aagha 20 hours ago 1 reply      
Awesome. Now 13% of people that would like to use it can [0]. Cool idea. Just wish it wasn't tied to Mac.

0 - http://en.wikipedia.org/wiki/Usage_share_of_operating_system...

brobdingnagian 21 hours ago 1 reply      
I like the name GitUp for two reasons. First, it has the meaning "get up," and second, if you say "GitUp" out loud, people would reasonably hear "GitHub," then you'd have to launch into an explanation of the differences between the two.
shroukkhan 6 hours ago 0 replies      
only thing i can think is why is this not a webapp usable with any git server..like github?someone should get to it !!
hwstar 19 hours ago 0 replies      
Just couldn't resist... I've fallen and I can't GitUp
gre 20 hours ago 1 reply      
When trying to fetch, I get: "Unsupported url protocol."
quadrangle 21 hours ago 2 replies      
Git is a registered trademark, I don't see notice of permission maybe they didn't ask and might not have it?
kainsavage 21 hours ago 1 reply      
That moment when your tool gets posted to Hacker News and the video on your homepage is muted and cannot be unmuted.
kolev 20 hours ago 1 reply      
I love it! How can I pay for it? You should've kickstarted this!
pdmy 21 hours ago 0 replies      
Title is misleading. Should be makes Git painless for those who don't want to learn a new tool (yeah even developers).

I have been using Git cmd line and its easy to use and would not have it any other way.

tb303 17 hours ago 0 replies      
Git makes git painless
ExpiredLink 19 hours ago 0 replies      
SVN makes version control painless.
v-yadli 21 hours ago 1 reply      
No commit logs in the graph? I would prefer a list view instead...
Last Task After Layoff at Disney: Train Foreign Replacements nytimes.com
223 points by cgoodmac  23 hours ago   283 comments top 44
bglazer 23 hours ago 8 replies      
> It was so humiliating to train somebody else to take over your job. I still cant grasp it.

Indeed, that sounds terrible. I haven't been in that (exceptionally difficult) situation, but I wonder why the laid off employees consented to this? I wouldn't be in any rush to help the company lay me off and transition to a cheaper replacement. Was their severance package dependent on this?

Shank 22 hours ago 3 replies      
> "In late November, this former employee received his annual performance review, which he provided to The New York Times. His supervisor, who was not aware the man was scheduled for layoff, wrote that because of his superior skills and outstanding work, he had saved the company thousands of dollars. The supervisor added that he was looking forward to another highly productive year of having the employee on the team. The employee got a raise. His severance pay had to be recalculated to include it."

That's absolutely horrible. Not only is it a case of left hand not talking to right hand, it almost seems cruel to review someone in the position of being laid off so highly that it warrants a raise. Nobody stopped to consider "maybe we should keep this employee around?" It's disheartening.

Splendor 22 hours ago 0 replies      
I was in the same position when I worked at H-P. They outsourced our team to Costa Rica and we spent our last few months training our replacements remotely. The last few weeks we just sat around, watched them work, and answered their questions.

It was a weird position to be for several reasons, but the weirdest part was getting to know lovely people who were excited about their new job in Costa Rica and feeling the perverse incentive to train them poorly so my job might last a couple more months. It's not something I ever hope to relive.

wycats 22 hours ago 4 replies      
Isn't this just straight-up illegal?

The H1B program disallows hiring foreign workers and paying them less than the equivalent rate for US workers. While there may be some debate about whether tech companies find ways to skirt the law, "we are laying off US workers to save money and replacing them with H1B workers" seems to flagrantly violate the law. No?

nickbauman 22 hours ago 1 reply      
I know someone who has consulted for Disney IT a few years ago. Specifically in engineering management. They did not have a very high opinion of the culture and the overall productivity of the organization was abysmal; he considered it a "Dilbert-land" place to work. So in that vein they seem to be doing something completely predictable.

If someone comes to me to outsource me, I would totally help them do it because they will end up with exactly what they deserve. Outsourcing software engineering is the last refuge of incompetent management.

geebee 22 hours ago 2 replies      
This is the sort of thing that makes me very sympathetic to unions. Imagine if the entire disney IT workforce stood up at once and said "ok, we all leave, now." What would happen to Disney's IT systems?

This is almost a perfect example of divide-and-conquer, where a united and powerful single actor (a corporation) picks off workers one by one.

I'm pretty sure, at this point, that IT workers will never unionize. I'd say that people who see the value in a union will probably just go into other fields (like nursing, where unions have actually successfully threatened strikes over exactly this issue).

chuckcode 22 hours ago 2 replies      
I would like to see H1-B visas awarded to individuals rather than the company/position. It really distorts the job market to have people tied to a particular position at a particular company. If H1-B visa holders could look for other employment after say 6 months then the market could set the fair wage implicitly rather than trying to get the government to do explicitly which they are pretty poor at doing in my experience.

The American immigration system has a lot of issues with it but I think this could be a relatively easy fix. I've worked with a lot of H1-B employees and in general I think the United States is really lucky to have such talented people willing to relocate and live in the US.

tracker1 22 hours ago 2 replies      
This is why I say that the floor for H1-B should be 5X the minimum wage, or 10x the poverty level and a 20% employer tax on top of that. Then there would be a lot less abuse.

If you really cannot find someone domestically to fill a role, there's no reason you should be paying less for such rare skills.

will_brown 18 hours ago 3 replies      
I know foreign workers are a controversial topic in the software/tech industry...but intrinsically does it matter the replacement worker was foreign? In other words, would there be less controversy if the worker was replaced with a lower paid American, or what if the foreign worker was paid more (it appears opponents of foreign workers might take greater issue if the foreign worker was paid more than the American-counterpart).

I understand the general claim/controversy is that American workers are laid-off and replaced with foreign workers who are paid less...lowering the wages for American workers across the board. But there does not seem to be evidence of that in this instance, just a "they took our jobs" attitude that the foreign worker. Obviously there is a separate issue, in that it appears the employer seems to have expressly stated that the worker's position was being eliminated, but does not appear to be accurate, I am just curious why focus on the foreign aspect.

kailuowang 22 hours ago 2 replies      
The truth is that the demand for technologists across all industries is so high right now that an increase in H1B visa quota brought very little impact to the overall supply demand in the current job market. Look around, is it any easier to high developers now?

What's sad about it though, is that, given the reputation of these out-sourcing companies such as Infosys, I am not too confident in the qualification of the tech people they imported. Worse, these companies are so good taking advantage of the loopholes in the H1B application process that they actually hurt the chance of people with really qualifications.

ameza 17 hours ago 0 replies      
So many things wrong about this move by Disney. Terrible to see Julian Castro pushing for H1B increase. I hope the technology sector worker takes heed. Silicon Valley, Wall Street, and all corporations are out to keep wages low using whatever legal means possible, even illegal as the Steve Jobs/Eric Schmidt agreements show. $100K+ salaries is too much for the 1% and their investors to sustain so they'll bring in the foreign workers through these visas to replace 40+ year-old tech workers (age discrimination?). The federal government doesn't care. It is too busy trying to work out the TPP which no doubt, is another win for these corporations. The tech sector workers need to unite to maintain the gains they have made. The last time Americans had access to this quality of life was working for manufacturing plants. Unions helped maintain that lifestyle until over time, the 1% removed those protections and unions started dying off. Once again, we have an opportunity to maintain a high quality of life but we need to unionize. If you hate the word union, then use community. We need to form a community of tech sector workers to protect our gains. We cannot let these corporations get away with this without us making a move. Show or not, Gawker writers know that bloggers are easily replaceable what with all the English majors American universities are churning out each year. To protect their jobs, it makes sense to unionize. There's no reason why a 30-something year-old writer should live with the fear that any day, a fresh out of college individual can easily take over.
jalopy 22 hours ago 6 replies      
To me, this doesn't look as horrible as the article makes it out to be.

I get a ~90 day notice that my job is ending, during which time I continue to work the same hours and have time to apply to other positions inside and outside of Disney.

After that, if I don't have a job w/in Disney and separation occurs I get 10% of my annual salary. That's 5.2 weeks severance.

Am I missing something in the numbers?

There is certainly an emotional aspect to "training your replacements", but it does seem like Disney is trying to do right by employees and shareholders at the same time. Better balancing act than I've seen at most places.

cdnsteve 22 hours ago 0 replies      
I for one won't be taking the family to Disney after reading this article, brutal. How do you measure how happy people are in your theme parks if they're on the street? Voice your concerns with your wallets and with local politicians. This is wrong on so many levels.
lone_hermit 47 minutes ago 0 replies      
Thank you Obama for renegading on every single promise. The only thing Obama would be sad about is why only 250 and not 25000 TPP might solve that too
jeo1234 23 hours ago 0 replies      
The exact thing happened in Canada a while ago with RBC. http://www.cbc.ca/news/canada/british-columbia/rbc-replaces-...

Kicked off a major firestorm here, which ultimately lead the government to change the way the foreign worker program functions.

hwstar 22 hours ago 2 replies      
I would have given two weeks notice as soon as they tried to pull this off. If they escorted me out the door as soon as I gave notice, so be it. In America, the land of "employment at will", the only way to stack the deck in your favor is to have "fuck you" money in the bank. This counters the effects of employment at will and turns it to your advantage.
pilsetnieks 23 hours ago 1 reply      
The writer could have done a better job concealing their sources the people who spoke on the condition of anonymity could still be easily identified by the information (age, skills) listed in the article.
petea 22 hours ago 11 replies      
I find mainstream hostility towards skilled workers really interesting because if you had replaced this group of people with any other group of people like women or other ethnic minorities, you can really start to see how outright hostile people are.

If you actually take the maxim of fairness and equality seriously, skilled foreign workers are by far the most unfairly discriminated group of people. Much more than blacks and women who are supposedly discriminated against in tech. Unlike women and blacks, skilled foreign workers actually have the government with arbitrary set of standards to determine who can work and who can't.

Another part of the immigration story that's fascinating is illegal immigrant stories are almost always come with some sob story to make readers feel empathic towards them. Such stories are almost never told with skilled immigrants.

lone_hermit 46 minutes ago 0 replies      
what we need is for the senaors to work on the minimum pay and no additional income allowed! things will change overnight
eyeareque 18 hours ago 0 replies      
A major problem I see with H1-B workers is that they are basically held captive by their employment. If they are let go they'll either have to find another H1-B role at a different company or they will be sent back to their home country. This control companies have over them basically will cause a foreigner to work harder, accept less pay, and also refrain from making complaints against their employers. It's no wonder that US companies like Disney and others abuse the H1-B system.
jfuhrman 23 hours ago 6 replies      
Isn't this at will employment? Companies can ask any employee to take the trash out or even clean up the kitchen(barring physical disabilities and strength). If you refuse they can fire you, same as you can quit anytime for any reason or no reason.
CodeWriter23 5 hours ago 0 replies      
There's a reason employees refer to it as "Mouschwitz"
miralabs 22 hours ago 1 reply      
I think this is now common. I did the same thing to our replacement after I was laid off. My last 2 weeks with the company was in India doing a face to face training/handover.
makmanalp 22 hours ago 4 replies      
I think this would be less of a story if the replacements were not Indian.

Employees get fired all the time for being too senior, too wise to their rights and too expensive (even if that is not the stated reason), and in large companies entire divisions are often laid off and replaced by managed service providers and consultants that'll do the job for less.

This is just the horrible reality of employment in the US - the H-1B system has many faults, but that's not the cause here, the cause is the company itself.

You can see this in every field - employer loyalty is at a low, full time workers get hired on a part time basis, workers get rotated regularly, people get fired so they don't qualify for seniority, hours get shifted to comply with the bare minimum of labor law, etc.

Disclaimer: I'm on an H-1B.


edit: Clarification: My first sentence should have been "if the replacements were American". Prevailing opinion seems to be that Americans losing jobs to foreigners is unfair, but no one bats an eyelid at Americans losing jobs to Americans - it's just capitalism.

I wasn't really going for the blatant racism angle, even though there is quite a bit of that too at the lower levels of the discourse pile.

ma2rten 22 hours ago 3 replies      
Am I the only one, who feels like there is something odd about this article?

250 Disney employees were told [...] that they would be laid off.

Is it really big news that 250 were laid off?

Over the next three months, some Disney employees were required to train their replacements to do the jobs they had lost.

What does it mean to train your replacement for a software engineer? Did they teach them how to write code? 3 Month is not enough time for that. Did they explain how their existing code works? That would be quite a normal thing, but 3 month is really long for that.

"because of his superior skills and outstanding work, he had saved the company thousands of dollars"

The average software engineer should be able to save a company hundreds of thousands of dollars, not thousands, provided they are given the right resources. If he only saved the company thousands of dollars and did not generate new revenue, that explains why he was laid off.

His rsum lists a top-level skill certification and command of seven operating systems, 15 program languages [...] I was forced into early retirement,

If he was really so skilled, why did he not find another position at Disney or elsewhere?

stevewepay 22 hours ago 1 reply      
This has been going on since the dot com bust. My friend had to train his offshore replacement at his company. He did things like train them saying one thing in the morning, and then say the exact opposite thing in the afternoon. The replacement workers would mention the conflict that but he would insist they were wrong. This went on for a month or so until the training period was over.
scintill76 17 hours ago 0 replies      
> Disney executives said that the layoffs were part of a reorganization, and that the company opened more positions than it eliminated.

And do all those positions collectively get paid more than what they used to? To a certain extent, I imagine you can hire a greater number of cheap workers who collectively can muddle through the job, but still cost less.

There's something disturbing about the "job creation!" moral trump card, when the same act is destroying or at least hurting other lives and careers.

stegosaurus 20 hours ago 0 replies      
I kind of have the attitude (and have exercised this in the past) that if my employer oversteps the bounds in such a ridiculous way, the contract becomes meaningless at that point.

It is, at the end of the day, paper with words on it.

The idea that this could affect future prospects is true, but only in a sort of vague way that doesn't really matter.

Imagine that a company works you to death and eventually you just can't turn up any more. Does it make sense to worry about references then? Do you ever want to work for such a company again, or even for someone who respects them? I wouldn't.

arelangi 22 hours ago 1 reply      
The article fails to mention that for the H1-B application a Labor Condition Application(LCA) has to be filed, which explicitly states that the employer will

"Pay the nonimmigrant workers at least the local prevailing wage or the employer's actual wage, whichever is higher; pay for non-productive time in certain circumstances; and offer benefits on the same basis as for U.S. workers;"[1]

Full disclosure: I'm on a H1-B and paid way more than the local prevailing wage for my position.

[1] http://www.dol.gov/compliance/guide/h1b.htm

klochner 22 hours ago 0 replies      
The real problem is that workers negotiate salaries as part of their H1B.

A better system would allocate H1Bs to the most talented foreign workers and let them choose their own employer here in the US, negotiating a market rate salary if they so choose.

jodah 22 hours ago 1 reply      
The H1B program is very clearly NOT meant to be a mechanism for importing workers to swap directly into existing jobs at lower pay. This is the crucial point of the article and of Disney's wrongdoing.
josephjrobison 22 hours ago 2 replies      
"A limited number of the visas, 85,000, are granted each year, and they are in hot demand. Technology giants like Microsoft, Facebook and Google repeatedly press for increases in the annual quotas, saying there are not enough Americans with the skills they need."

If Microsoft, Facebook, and Google are speaking the truth then wouldn't they be keen to pick up the talent being dismissed by Disney and Edison? Understand that someone monitoring ticketing tech at Disney World is different from a mobile software engineer but there must be some overlap.

liamacton 22 hours ago 1 reply      
10% severance of annual pay seems to be very low for an employee of 10 years. Is this normal in America? In Europe, in my experience, your severance gets larger the longer you have worked there. So for 10 years, something like 5-6months+ of pay would be what I'd expect.

*Edit - According to the UK Government, the statutory redundancy (severance) pay in the UK for a worker of 10 years would be 15 weeks pay at a maximum of 464 which equates to about 7k $10k. Obviously this is only the statutory level.

murbard2 22 hours ago 4 replies      
It sounds terrible, but what's much, much worse is living in India. Sanitation is dreadful, salaries are low, and a corrupt bureaucracy ensures things stay that way.

So the NYT is opposing a practice which makes very poor people much better off, and makes much wealthier people a little worse off - unlike their Indian counterparts, they do not need to jump through hoops to get a visa and work at some other job - all on the basis of where those people were born. Classy.

agumonkey 22 hours ago 1 reply      
In a similar vein, quite often I've seen manager asking people to train higher paid newcomers, while performing as fast as usual with no added bonuses.
jarsin 22 hours ago 0 replies      
But...but..there is currently some mythical god programmer stuck in india that could make investors billions if only we had a more open h1b visa program...

Nah these programs are never ever abused in any way shape or form by company management.

cosmolev 21 hours ago 1 reply      
In Europe (particularly in Italy) such consulting firms bring workers with business travel visas, keep them working for 3 month and then substitute the whole team with fresh one. The story repeats after 3 month.

No H1Bs needed.

dudul 22 hours ago 3 replies      
I would love to know Paul Graham's reaction to this story. H1Bs are a f-ing scam. There is no shortage of tech talent, there is a shortage of companies willing to pay for said talent.

And stop talking about H1B holders as "immigrants". They are not. H1B is a non-immigrant visa.

parennoob 22 hours ago 2 replies      
As an Indian and an H1B myself who is compensated decently (1.8 times prevailing wage) -- I hate these companies since they lead to us being stigmatised as a group. I'm sure my coworkers are going to read this article today and point at me and say "Ugh, there's my H1B replacement.", even though I'm like one of two H1Bs at x00 employee company.

Ultimately, this leads back to the fact that the US has a large number of laws which are not enforced in reality. If these companies are breaking the law so badly (and they probably are, the top 7 or so companies using H1B are Infosys and other outsourcing firms) -- why don't employees go ahead and sue them? They are (presumably) incorporated in the US after all, it's not like they are untouchable.

This is also an excellent case for H1B reform. If a green card was a necessary condition of employing an H1B, these tech companies would have a much harder time retaining their lower paid employees, and the cost of "outsourcing in the US" as it were, would be prohibitive.

powerotter 22 hours ago 2 replies      
H1Bs are abused at the large companies as well. I work for eBay and the company regularly turns a blind eye to American candidates in favor of hiring an H1B. The company has had high attrition this past year. During one meeting where a consultant met with our team (80% H1Bs), I called out that many of the company culture problems people raise come up from the fact that managers know they can boss around H1Bs without consequence. Many of my co-workers finally chimed in and agreed. It was this unspoken reality that H1B employees will never tell a manager or director that this is a short-sighted technology decision. After the meeting a few came up to me and remarked they were bewildered I understood their predicament. They disagree with many of the things they are asked to do and want to do better for the company, but they are essentially wage slaves trying to stay in America until they can achieve citizenship. Moving to a new company within 5 years starts the whole citizenship cycle over again too, so they are a less mobile workforce.

Even on simple things like open floor plans, common working hours, scrum/agile methodologies, when an H1B employee is asked for feedback they will offer no real opinion. It has a large impact on the work culture.

Some of my co-workers are great friends. I would love for them to be citizens here, but I cannot help but resent the H1B program to the point where I will now scan companies for how many H1Bs are working there. I want to be a part of a work culture that does not treat its employees like hourly wage slaves. I would prefer they are granted full citizenship so that their lower bargaining rights do not affect mine. Not only do I have H1B friends who feel their d

Someone earlier mentioned that Indians get a bad wrap in Silicon Valley. I'll just throw in that even amongst my Indian friends it is a well-accepted fact that there is a pattern of strong in-group preferences among Indians in hiring practices, office politics, and inter-worker relations. Racial/cultural/religious groups that have strong in-group preferences in diverse settings such as large corporations will tend to get a bad rap.

Amongst Stanford, IVY, etc friends the common comeback to this conversation is that I should start my own company to avoid being an employee. All agree being an employee is a precarious position in America unless you are at one of the top 3 tech companies, but even for those companies, they only need to retain and keep happy their best workers during the high growth phases. The divide is that amongst my friends who have raised $10-30mm seed rounds, they all came from very wealthy backgrounds to begin with. Middle and lower class Americans friends are pursuing my path as well, building up savings and a personal safety net for first 5-10 years out of college because we see how greatly in debt our parents are. The wealthy love the H1B program because it is completely beneficial for them that America has a wage slave system, and they'll never have to be on the other end of the stick.

Outside of engineering, the other roles in companies like eBay that I see where cheap foreign replacement is less of a risk and native Americans are valued are product managers. An MBA is an unspoken prerequisite for that role, and again, I only know of wealthy friends obtaining MBAs. Even a friend who has Harvard MBA stated, "an MBA is worthless, it's basically an extended networking party for rich kids."

saganus 22 hours ago 0 replies      
Wow... how insulting.

This ought to be illegal, no?

pasbesoin 21 hours ago 0 replies      
I went through a round of this (elsewhere). Not to focus specifically on India, but in my case I was asked to train two Indians. Over the course of a couple of months, they proved unable to effectively do the job. But, budget and power relationships often win out over effectively doing the job. Especially in a larger company, where any blame for resulting declines in productivity or outright failure, gets spread around to the point where those responsible for the decision are not adversely affected.

I also saw the latter with some of my domestic colleagues. For a while, I would step into the gap and ensure that things were corrected.

With the benefit of experience and hindsight, I would do things differently. Learn to pro-actively walk away from such circunstances, as soon as you can. The longer you stay, the more you contribute to the success of those making such policy and the more you risk trapping yourself in the results.

moron4hire 22 hours ago 0 replies      
This is part of the reason why I freelance. I get to say, "bite me, it's not in my contract."
rwmj 23 hours ago 9 replies      
This article is framed as a scare-story about visas/immigrants, but what does it really have to do with visas or immigrants? Imagine the workers stayed in India, were trained using videoconferencing and worked remotely. It would be exactly the same situation for the US employees.
Senate Approves Bill to Rein in N.S.A. Surveillance nytimes.com
230 points by colinmegill  1 day ago   129 comments top 27
colinbartlett 1 day ago 13 replies      
I have read so many articles over the past week about various bills and efforts to further them or block them and I have no idea what's going on at this point. I still read this and do not understand.

> the Senate voted on Tuesday to curtail the federal governments sweeping surveillance

> the passage... will lead to the reinstatement of government surveillance efforts

Did we stop the surveillance? Did we continue it? Is this really going to do anything at all to change the culture of mass collection? Who is counting this as a win? Who is against this and who is for this?

bcheung 1 day ago 3 replies      
The USA Freedom Act? Based on the Patriot Act should I assume it is the exact opposite of freedom?

From Wikipedia:


"According to supporters of the USA Freedom Act, the USA Freedom Act was meant to end the bulk collection of Americans' metadata by the NSA, end the secret laws created by the FISA court, and introduce a "Special Advocate" to represent public and privacy matters."

"The USA Freedom Act is perceived as containing several concessions to pro-surveillance legislators meant to facilitate its passage, such as extending the Patriot Act powers until 2019."

I'm so confused. Is this bill a good thing or a bad thing?

infamouscow 1 day ago 1 reply      
The USA Freedom Act that passed the House and Senate extends the Patriot Act until December 31, 2017. This article is complete horseshit.
jdp23 1 day ago 0 replies      
The Senate rejected all the amendments, and passed the same version of USA Freedom that the House did, so this round of legislative battles is over. Barring anything unexpected, the next fight is 2017 over FISA renewal.

[All the amendments they voted on would have weakened the protections. Paul and Wyden weren't allowed to introduce their amendments to strengthen it.]

efuquen 1 day ago 1 reply      
For all those confused about this, this is a mild victory. Certainly better than the Patriot Act, but not as strong a piece of legislation as it could have been. EFF writes their opinion of it here:


"Technology users everywhere should celebrate, knowing that the NSA will be a little more hampered in its surveillance overreach, and both the NSA and the FISA court will be more transparent and accountable than it was before the USA Freedom Act.

Its no secret that we wanted more.


Even so, were celebrating. Were celebrating because, however small, this bill marks a day that some said could never happena day when the NSA saw its surveillance power reduced by Congress. And were hoping that this could be a turning point in the fight to rein in the NSA."

agorabinary 1 day ago 1 reply      
A weak bill that does little or nothing to properly stymie the torrent of civil liberties intrusions. Much stronger legislation is needed. At least Rand Paul's efforts produced a symbolic if temporary rebuke of Patriot Act powers.
dragonwriter 1 day ago 1 reply      
Given that 215 had already expired, and (as I understand) that was the one thing in previously-existing authorities that USA FREEDOM Act restrained a bit (while expanding others), is it accurate to say that USA FREEDOM Act actually reins in anything? Or would it be more accurate to say it is a pure expansion of surveillance powers?
josh2600 1 day ago 2 replies      
The title of this article would suggest that there is a delta between where we are now and where we are after the bill. Is there a material difference in the way NSA will behave after the bill? Are surveillance powers any weaker if they can still query CDRs from operators?

Isn't this, on some level, a subsidy to ATT, Verizon, T-Mobile and Sprint?

pc2g4d 16 hours ago 0 replies      
Thoughts on next steps at the end of the article:

"Senator Mike Lee, a Utah Republican, and Senator Leahy made it clear after passage that curtailing the phone sweeps might be only the beginning. The two are collaborating on legislation to undo a provision in the Electronic Communications Privacy Act of 1986 that allows the government to read the contents of email over six months old. House members and senators from both parties are already eyeing a section of the Foreign Intelligence Surveillance Act that they say has also been abused by the government.

"But opponents of the law said they imagined further fights going forward for their positions, too. Senator Susan Collins, Republican of Maine, said she and others would continue to seek reforms and oversight.

"'Its not the end,' she said."

jakejake 1 day ago 0 replies      
"The passage of the measure, achieved after a vigorous debate on the Senate floor, will lead to the reinstatement of government surveillance efforts"

What the heck does this mean? Should the title of the article read "Senate votes to keep the NSA doing almost exactly the same thing?"

AdmiralAsshat 1 day ago 0 replies      
Ars Technica's coverage of the same event carried a slightly different headline:


randomname2 1 day ago 1 reply      
Such doublespeak in the title of this article.
whoisthemachine 1 day ago 2 replies      
Headline should be "Senate Approves Bill to Reinstate most of NSA Surveillance"
cchip 1 day ago 1 reply      
Thanks Facebook, Google, Apple, Twitter, Microsoft, Yahoo and friends for being on the wrong side: https://www.reformgovernmentsurveillance.com/

From take action with Google: "Senator * said YES to USA Freedom. Say thank you and show your support." "Thank your Senator now for saying YES to the USA Freedom Act."

Freedom Act (Patriot Act v 2.0.. Same author: Rep. Sensenbrenner) must be vetoed... Someone please start a change.org thing, or whatever.

Freedom Act is going to require everyone to keep records for the NSA... Simple fix for the no funding problem... "No datacenter, no problem; we'll use yours"

Do not sacrifice your privacy for security.

stevewepay 1 day ago 1 reply      
I honestly can't tell from the article if this is a good thing or a bad thing.
Splendor 1 day ago 0 replies      
According to The Verge[0], Senator Wyden -- who I trust very much in these matters -- said the passage of this bill is "the most significant victory for Americans privacy rights in more than a decade." That gives me some hope that this bill represents actual change.

[0]: http://www.theverge.com/2015/6/2/8714651/senate-passes-usa-f...

nsnick 1 day ago 0 replies      
The headline should read, "Senate Approves Bill to continue NSA phone surveillance."
conorgil145 1 day ago 0 replies      
A Center for Democracy and Technology (CDT) press release about the bill: https://cdt.org/press/victory-passage-of-usa-freedom-act-rei...

which links to a great table explaining the difference between the house and senate bills: https://cdt.org/insight/comparison-of-house-senate-versions-...

golemotron 1 day ago 0 replies      
I'm sure that when Snowden's revelations came out the first thing that happened is that the government created a new more hidden level that could not be touched by any retaliatory regulation. How could this happen? Does the legislation call out the NSA by name? If it does consider that maybe another agency is now doing it.
GizaDog 1 day ago 1 reply      
Maybe but the FBI is taking over the spying role!


fweespeech 1 day ago 0 replies      
This is hilarious in a gallows humor kind of way.

They get articles trumpeting that they "did away" with Section 215, they get articles claiming they "reigned in" Surveillance by passing a new bill.

The reality is nothing changed for all this theater, its just been dressed up in different clothes to put the bad publicity behind them.

kelvin0 1 day ago 0 replies      
In other news NSA lawyers have changed the definition of 'domestic surveillance'. Seriously, that would be hilarious.
dataker 1 day ago 0 replies      
Is there any reason to assume it'd stop anyway?

If it hadn't been approved, I doubt the real outcome would've been different.

geetee 1 day ago 0 replies      
How long until there is a new fee on my phone bill to pay for the storage and retrieval cost of this?
lani0 1 day ago 0 replies      
if the senate approved, does it mean surveillance was actually good for the nation's security ?
ebel 1 day ago 0 replies      
so snowden can come home ?
Transatomic Power transatomicpower.com
218 points by markmassie  1 day ago   88 comments top 23
Animats 1 day ago 1 reply      
Here's a good overview of the state of thorium reactors today.[1] The Shanghai Institute of Applied Physics has been talking about building a demo unit in Singapore to be operational in 2015, but that seems to have slipped to 2017.[2]

The article glosses over a big issue - this type of reactor has to be hooked to a chemical plant which continually reprocesses the radioactive molten salt. Chemical plants for radioactive materials are historically a huge headache to operate. Many such plants are now toxic waste sites.

With BWR and PWR reactors, the radioactive portion of the system is simple, with few moving parts, and the working fluid is water. More complex large reactor designs have a poor track record. Sodium reactors have sodium fires (Monju, in Japan, was shut down after one in 1995), helium-cooled reactors leak helium (Ft. St. Vrain was a real disappointment), and pebble bed reactors have pebble jams (there's one in Germany so jammed it can't be dismantled.)

[1] http://www.world-nuclear.org/info/current-and-future-generat...[2] http://www.ornl.gov/ornl/news/news-releases/2015/ornl-and-sh...

apendleton 1 day ago 1 reply      
I wish they would be more up-front about the specifics of their technical proposal and how it compares to other proposals, since it was not at all obvious to me at first glance.

What I think they're actually proposing (correct me if I'm wrong): a uranium molten salt fast breeder reactor that drives a steam turbine. So, much more ambitious than what's currently on the market, with better fuel utilization. As compared to, say, the Flibe Energy/Kirk Sorensen/LFTR crowd, it's mixed: it sounds like these folks have some new innovations around moderators and salts, and the stuff about consuming existing waste is compelling, but they're sticking with a uranium fuel cycle rather than thorium (though it sounds like they're getting proliferation resistance in other ways), and they're sticking with a steam turbine vs. proposed gas turbines that could yield some more efficiency and compactness in proposed thorium MSR designs.

EDIT: looks like I might have been wrong about the neutron temperature; their white paper says thermal, not fast.

EDIT 2: the white paper actually has all kinds of great stuff in it, now that I've read the rest: http://www.transatomicpower.com/wp-content/uploads/2015/04/t... ... In particular, it sounds like this is the first planned design, but they offer some potential future variations. They say this design could be adapted to Thorium fairly straightforwardly, but advocate uranium at least initially because of advantages in the existence of a supply chain around it and the availability of uranium spent nuclear fuel. They also mention Brayton cycle gas turbines as a possible future improvement, among others.

aout 1 day ago 5 replies      
So ok, the website is cool and the technology is said to be something like 99.9999% better.This might be a stupid question but I'm no nuclear engineer not a specialist about chemistry or physics but I wonder why a such "beautiful" idea would not be already used.

I've read the related wikipedia article about Molten Salt Reactors and I understand there are several problems about the technology: mostly corrosion and embrittlement.

So now I find myself asking this: did they fix those problems? The website copy suggests so. Can somebody explain how? I couldn't figure it out.

edit: clearly the team and company have quite legit credentials, MIT nuclear department etc... they must know what they're talking about. I just want to know if they've given details about the solution.

yc1010 1 day ago 5 replies      
I wish Transatomic all the best but they have an uphill battle :( to convince a populace for whom unfortunately "nuclear power" brings up an image Homer Simpson.

aside: I think Greenpeace also has a lot to answer for with their campaign against nuclear power. Thanks to them my children can look forward to a world where a coal plant is build every week and fossil fuel fueled climate change is a certainty.

alexggordon 1 day ago 0 replies      
It's always interesting to see how these companies can progress in a year[0]. Regardless though, for those curious, there's a great presentation by the CEO, Dr. Leslie Dewan on what TPT does differently[1]. The big selling point for their Molten Salt Reactor (compared to others) is that they designed it to be able to use low-enriched Uranium (fresh fuel, as opposed to spent fuel) and nuclear waste. The downside of this is that it can't produce the same volume of electricity that a normal nuclear plant can, but it's significantly safer, and can't be used to produce weapons grade uranium.

For those interested in MSR's this serves as a good starting point too[2].

[0] https://news.ycombinator.com/item?id=7922216

[1] https://www.youtube.com/watch?v=4UXXwWOImm8

[2] http://www.whatisnuclear.com/reactors/msr.html

Maxels 1 day ago 4 replies      
So this is a company with a pretty ui that is advocating the same thing Kirk Sorensen has been advocating for a few years now.

I know every time this molten salt vs light water reactor debate comes up, people much smarter than I talk about how the salt is corrosive and there are currently no viable solutions to deal with this. Is there anyone out there smarter than I that can explain whether this company is doing anything different, or if it is just sexy and VC backed?

auberonx 1 day ago 1 reply      
In the absense of renewables, the promise of more efficient nuclear electricity production sounds great. It's just that this promise has been around since the 50s and instead we now have huge amounts of highly toxic nuclear waste.The potential of wind, especially in the States, is so significant and threatening to anyone stupid enough to invest their time in developing nuclear power plants at a time when the price for renewables has undercut nuclear and coal.
ThomPete 1 day ago 0 replies      
"Pollution is nothing but the resources we are not harvesting. We allow them to disperse because we've been ignorant of their value."

R. Buckminster Fuller

Twirrim 1 day ago 2 replies      
While it's neat to see more companies jumping on board, what they're looking at isn't really revolutionary, despite the polished PR on the website. There are lots of companies, research organisations etc working on molten salt reactors. Lots of them, including Oak Ridge National Lab (http://www.forbes.com/sites/jamesconca/2015/01/07/nuclear-po...).

On the surface, this seems kind of like launching an IaaS cloud service and claiming you're introducing something new and innovative.

dtap 1 day ago 2 replies      
The bigger problem than the corrosion is the inability to inspect the system in an efficient way. In a regulated nuclear industry, not knowing the status of the system means it will not be allowed.
outworlder 1 day ago 1 reply      
I am not a nuclear physicist, but isn't this concept proven and well-understood already?

Now, a sales pitch is indeed a missing piece. Given the regulations, the nuclear industry is stuck with power plants whose designs date from decades back.

I didn't see anything about handling the waste heat though. Dumping it into rivers would be atrocious. Ingesting large amounts of water to use evaporation towers is also environmentally terrible. I hope they thought of that.

I am all for the responsible use of nuclear power. Greenpeace and the like made so much noise that the public is afraid of anything called "nuclear". The media doesn't help, either.

The result is far more deaths every year due to coal and other fossil burning. Let's do more solar and wind, sure, microgrids and other cool stuff. Nuclear can provide the baseline power and power for power-hungry industries, such as aluminium refineries.

ptha 1 day ago 0 replies      
Perhaps something the countries signing on to the Global Apollo Programme[1] should be investing in. It's priorities are Renewable/Storage/Smart Grids, but I don't think we should be ruling anything out, if 2C is the target.

[1] http://globalapolloprogramme.org/

joss82 1 day ago 1 reply      
We had a fast breeder reactor here in France before, creating energy from nuclear waste.

Oil/"green" lobbies made it to close: http://en.wikipedia.org/wiki/Superph%C3%A9nix

EDIT: And also terrorists and molten sodium.

JoachimS 1 day ago 0 replies      
What about Spallators? Are they being worked on seriously by anybody nowadays? I liked the idea of subcriticality and the low radioactive lifespans in the waste. But how efficient could the be?

And related, is transmutation of waste being worked on?


Gravityloss 23 hours ago 0 replies      
This is the technical summary:"A lithium fluoride uranium fluoride fuel salt, moderated with zirconium hydride, would allow our reactor to remain critical with a loading of used nuclear fuel."
madaxe_again 1 day ago 1 reply      
Thorium msrs could be a panacea for humanity - but they won't get adopted, because nuclear weapons aren't a byproduct, and that's a drawback in the eyes of our bellicose political classes.

Edit: you're welcome to downvote the truth, but it won't change it.

nosuchthing 1 day ago 0 replies      
I'm optimistic with what "modern technology and materials" can improve upon previous attempts [1]. Yet I hope they drastically over engineer their safety standards given historical failures.

[1] https://en.wikipedia.org/wiki/Sodium_Reactor_Experiment

[2] Fukashima, ect

Fiahil 1 day ago 0 replies      
I remember a TED talk close to this subject by Taylor Wilson in 2013.


cmpb 1 day ago 0 replies      
Slightly off-topic, but you've got a double "and" in the "Lets be safe" section.
joegaudet 1 day ago 1 reply      
Is it just me, or does the flashy website somehow make them seem less credible?
pheo 1 day ago 2 replies      
"Fast," "Breeder," or "Salt" reactors breed weapons grade fissionable material (Ie. Plutonium 239) from relatively un-enriched materials (Ie. Uranium 238 and Thorium).

Fast reactors make nuclear weapons as byproduct. Thats why we don't use them.

beyti 1 day ago 0 replies      
Peter Thiel in the investment, not suprised.
trhway 1 day ago 0 replies      
they don't need to prove that it would work - that is pretty well known. What they would need to prove for the idea to make any progress toward real-world implementation is that their good economy of neutrons isn't that good as to allow say to dissolve additional amount of U-238 (widely available to almost anybody anywhere) and get Pu-239 on the other end or any similar reaction :) Their ability to consume very low-enriched U-235 isn't an advantage here as the typical reactors necessity for the high-enrichment is what blocks and allow to identify weapons programs around the world.
All United Flights Grounded Due to Mysterious Problem wired.com
216 points by throughnothing  1 day ago   201 comments top 17
krschultz 1 day ago 7 replies      
I was flying from Dublin to Newark on Saturday on a United flight. At some point during our flight the entertainment system needed to be rebooted. When it came back up, the splash screen hit me with a huge amount of nostalgia. It was RedBoot with a kernel build date from 2004.

Obviously this is the entertainment system and not something more critical, but it's telling. There is a huge cadence mismatch between software cycles and capital good replacement cycles. Airplanes, factories, HVAC systems, even home appliances last for decades. Software on these systems needs to get upgraded, I can't even imagine the number of security patches that have gone into the Linux kernel in the last 11 years.

clmns 1 day ago 1 reply      
Interesting. I worked on the support team for the software that creates and files the flightplans for UAL. It was a horrible piece of SW/architecture with many outages. We tested in production daily and had direct access to the databases. I'm pretty sure they never changed their policies.. So yeah, this sounds very much like it!

Edit: Just got confirmation, this software was the root cause. No hacks/whatsoever!

georgeglue1 1 day ago 3 replies      
Interesting, United recently added a pretty lucrative bug bounty program (a rarity among airlines) a couple of weeks ago. http://www.united.com/web/en-US/content/Contact/bugbounty.as...

It would be ironic if the bug bounty program directly/indirectly lead to this.

djcapelis 1 day ago 0 replies      
A lot of people seem to be jumping to the conclusion that their systems are malfunctioning because of being hacked rather than their systems malfunctioning on their own. Hard to know what is happening from the outside, but their systems may just merely be bad.

That said, the plane communication protocols aren't terribly secure, so it's certainly feasible someone is playing around with them. Maybe they'll decide it's in our interest for us to know at some point.

cryoshon 1 day ago 2 replies      
Is this what an actual cyberattack / cyberwar looks like?

Imagine how much money is being lost right now as a result of this disruption. Somewhere hackers are popping champagne.

netizzio 1 day ago 1 reply      
It's interesting that the Wired article mentions the recent controversy about claims that aircraft systems can be hacked, but explicitly ignores the incident last week as having any possible relation to these events, where a bigoted employee denied a Muslim passenger an open can of Diet Coke because it "might be used as a weapon", while giving the passenger in the adjacent seat an open can of beer.

The response from United was unapologetic and absolutely disgraceful: https://hub.united.com/en-us/News/Company-Operations/Pages/s....

cgy1 1 day ago 0 replies      
Hope it's not due to people using unopened cans of Diet Cokes as weapons.
gkanapathy 1 day ago 0 replies      
Pretty sure that if it was a hack or credible bomb threat, that they would not have been flying again after only an hour. A scenario like that would suggest just a normal IT glitch and a reboot/restart to fix and validate that it's back to normal.
philip1209 1 day ago 0 replies      
I'm honestly surprised that critical software at the core of more operations-heavy companies does not go down more often. Possible causes range from a software bug to database master failover to a data center outage, but realistically there are single points of failure at delivery companies, airline companies, and more that could stall everything. I'm surprised this software doesn't break more often. When was the last time that UPS had delivery delays due to a software outage?
dmazin 1 day ago 0 replies      
I was one of the people grounded this morning. They said they were having mechanical problems. They took the plane out to the runway and taxied it around "to try to figure out what's wrong," then let us on.
simonebrunozzi 1 day ago 0 replies      
What I really HATE about things like this one is that United will not refund us (I was heavily affected yesterday), or will offer offensive amounts of dollars/miles as refund.
jsingleton 1 day ago 1 reply      
Could be a similar issue to the recent electronic flight bag issue. Certainly reads that way from the article. They seem very quick to blame a hack when it could very easily be a bug in the system or an administrator error.


onyxraven 1 day ago 0 replies      
The initial descriptions sound more like someone pointed a testing tool at the wrong environment, rather than a hack.
jobu 1 day ago 1 reply      
Not sure if it's related, but the United website was down this morning for a while as well.
vonklaus 1 day ago 0 replies      
Well, if 9/11 is any indication, commercial jets can deliver pretty destructive payloads. Avi Rubin summarized some hacks in his TED talk[0], where hackers gain complete control of vehicles. It is unwise to just spread FUD this early, however, if these systems bare any resemblance to cars (and it is likely that they have many of the same characteristics i.e digital control of key steering/speed/avionics) then it is possible someone has the information to control a fleet of missiles on American soil. Unlike 9/11, these people will not be the US government, and could be actual terrorists.

Who knows, maybe this is just a 16 year old who got accosted going through security and wanted to burn off some steam.

[0] https://www.youtube.com/watch?v=BHHCvcCUOWU

evo_9 1 day ago 0 replies      
Could this be related to the resent articles about a researcher taking control of a play via the entertainment system?


arca_vorago 1 day ago 3 replies      
From what I understand of the Chris Roberts fiasco, their avionics systems weren't airgapped from the other systems. If that is the case and not just hype, then no fucking wonder shit like this can happen.
What Twitter Can Be lowercasecapital.com
236 points by coloneltcb  21 hours ago   160 comments top 30
ThePhysicist 20 hours ago 2 replies      
For me, the biggest problem with Twitter are their Draconian rules concerning third-party apps. I had several ideas for cool apps built on top of the Twitter API (e.g. a Twitter-based news aggregator, an online volunteering app, ...), but each time I gave up on the idea after reading the terms of their developer program:

No showing of tweets with content from other social networks, no altering in the presentation of tweets, very severe rate limits, ....

I think if Twitter wad a little less paranoid about protecting their content they could actually become a viable and useful communication tool for a large part of the Internet (even more than today).

normloman 19 hours ago 6 replies      
I used to be on twitter. Left because nobody talks with you, just at you. And when you do actually get a conversation going, it's hard to follow when it's thrown in the same chronological time line with other conversations. The hashtag doesn't do much to foster conversation either. Merely a way to label slogans. This dichotomy between being a public feed but also being a place for conversations is at the core of why twitter sucks.
jusben1369 18 hours ago 1 reply      
The thing about Twitter is that it should have been TV vs trying to be channels. I don't know why they were never comfortable enough in their skin to let third parties extend the living heck out of their platform. Using Twitter and getting a Gen 1.0 iPhone were very similar experiences. Pretty much wow and thinking the sky was the limit (vs what they actually were initially). Apple harnessed an app developer community and made their product 10x more valuable. Twitter locked everyone out. I always thought the Twitter competitor launched by Dalton (App.net) totally missed the boat. We didn't need a paid service to save us from ads we needed an open free platform that drew in millions and millions of users to draw in app developers etc. That would have crushed Twitter.
smhg 19 hours ago 2 replies      
This might sound very weird in this day and age, but in my professional life (web developer), Twitter and G+ compete content-wise. And G+ wins easily.

Disclaimer: I'm a very light Twitter user. I'm almost surely missing out on features I never bothered to discover.

The main advantage G+ has in my eyes is its signal to noise ratio. It seems far better than Twitter's. Again, specifically in my professional world, quite a lot of relevant people post on G+. I guess they either don't post personal stuff or efficiently use Circles. Many, but definitely not all, are of course close to Google.

Some other advantages for me: the fact that you can read the whole story (not just sentence-per-sentence) and the -theoretical- ability to drag in non-professional relationships (yes, I like Circles).

I realize no one takes G+ serious anymore and that it's a graveyard for most. But it seems to work well for some (professionally). In a way it can make Twitter lose (one of) its edge(s): follow tech-people.

This isn't meant as a G+ promotion. I just wanted to make clear why Twitter might not be a good fit for some.

austenallred 20 hours ago 2 replies      
Twitters biggest problem is that Twitter increases or decreases in value along with users willingness to curate their feed. Many will never do that.

So Twitter tries to do the work for you, but guessing exactly who/what youd be interested in without tons of info is virtually impossible.

The closest they can get is the current logged-out homepage: Here are a bunch of random categories. You like the NBA? Maybe celebrity chefs? Cute animals? Country artists? (Those are literal examples.) Total shot in the dark.

kin 19 hours ago 1 reply      
At first Twitter was awesome because of their API but then that closed off so now I have to use their stuff only I feel as if they haven't done anything in the past few years but scale.

I've tried being a user for years but they really need a better way to manage and view lists. The frequency of celebrity tweets vs. friend tweets vs. company tweets is all different. How I ingest that content is differs depending on my mood or what I want. Thus far, there's no easy way to sort through the content to quickly find what I'm looking for or interested in. It all requires endless scrolling and weeding out the noise.

codingdave 18 hours ago 0 replies      
The scariest statistic in that article is that one billion users tried twitter, then walked away. I'm sure some of those are novelty accounts that just never took off, not truly unique users, but that is still a ton of people who already wrote twitter off as irrelevant to their life.

That is a large hurdle to overcome. Where are you going to grow your userbase if that many people already made their decision against you? I can assure you, that is not a tech question, it is a marketing issue.

Grue3 1 hour ago 0 replies      
Interestingly, Tumblr already implemented some of these suggestions. With such features like "explore" or new search, The discovery of content is unmatched by other social networks. It is also way easier to get likes and reblogs than on Twitter (if you're a regular person, not a celebrity). Having your post go viral (into 1000s of notes) is quite satisfying and would never happen on Twitter if you're not already popular.
hagope 19 hours ago 6 replies      
One of the best use cases of twitter for me is customer service, a few complaints about @comcast is way more effective than calling and waiting on the phone for 20 minutes and fighting with the customer service agent... I was able to resolve my issue with a few back and forth DMs with @comcastcares ... I don't think many people have enjoyed this experience, it's like night and day.
Animats 20 hours ago 1 reply      
"Shortcomings in the direct response advertising category have resulted in the company coming in below the financial communitys quarterly estimates."

Well, yes. The problem with all social networks is that ads interfere with the "social". Ads are a big annoying guy getting in your face when you're trying to talk to someone. Or worse, they're your (soon to be former) "friends" who've been tricked into "sharing" (i.e. spamming) ads.

Remember, Twitter's big period of growth was before they had ads. They only put in ads when they had users hooked.

The first one is always free.

aswanson 15 hours ago 0 replies      
Maybe its just me, im too old and not famous enough...but Twitter just seems to me to be a celebrity (that includes fame of any kind) circle jerk...and if you're not famous, you dont exist. Its weird. I hated fb towards the end of my usage of it...but at least like the old sitcom 'Cheers', at least sometimes you could go 'where everybody knows your name...'
walterbell 19 hours ago 2 replies      
Twitter lists (especially in combination with Flipboard) are useful for filtering/curation, but have seen few improvements and remain unavailable in the mobile app.

Lists could exhibit business value comparable to Pinterest curation, if Twitter paid any attention to the feature. They are micro-social networks that amplify the value of Twitter's main accomplishment: a directory of pseudonymns for writers, marketers, subject-matter experts and other publishers of time-sensitive content.

lawl 20 hours ago 1 reply      
Twitter died to me when they closed down their API's.
throw_it_away 18 hours ago 2 replies      
Honest question: I've tried Twitter a bunch of times, tried to engage with it for a couple weeks, then given up when I felt that either the tweets were not curated enough for me or that nobody was listening to me. Is there some guide for technically literate people to start using Twitter effectively? Right now I use Feedly and blogs to serve this purpose, but the appeal of real time news a la Twitter seems quite sweet, if only I could tap into it.
sirbetsalot 19 hours ago 6 replies      
of course the author misses the biggest reason twitter sucks. Abuse, fake accounts, and trolling cause more "authentic" real name users to leave every day. Twitter does nothing to punish people who can just grab a picture of you from the net, create and account and start ruining your reputation instantly. And we all know you can't win against a troll unless you out troll them with your own bots. Twitter is the stained toilet bowl of human interaction. Twitter would instantly better if it forced real names and banned people for abusive comments outright. Until then, Twitter is unusable.
moxyb 21 hours ago 5 replies      
I think he's describing the perfect digital news platform that I would think of.
shortstuffsushi 19 hours ago 0 replies      
This article at one point proposes splitting content into separate apps. I'm unsure of the end goal of this; I guess that it's trying to provide a clearer divide for users, allowing them to filter content in a sense. It seems like this would be better solved by filtering better within the app, separating apps is just going to lead to more confusion, imo.
moey 19 hours ago 10 replies      
Serious question people, out of the people here that USE Twitter, how much would you pay a month for Twitter, if anything?


I value the service, and am wondering what other people value it at.

I will post the results here after set number of people vote.

UPDATEInitially I was going to wait a little longer, but after looking at the results from this sample, the trend is pretty be predictable.

RESULTS LINK: (VIEW AFTER VOTING PLEASE)http://directpoll.com/r?XDVhEtRR2EAlaVw2sOrQkWlBcohFw9na8aNc...

I think the results deserve a discussion on their own...

firasd 18 hours ago 0 replies      
This is a great essay (and shows that even if its predictable, its always good to balance criticism with praise, support, and a sense of a positive path forward.)

As for Saccas suggestions, I have mixed feelings on the specific features he suggests for encouraging people to Tweet more (Tweeting Shouldnt Be So Scary) and increasing engagement (Using Twitter Doesnt Need To Feel As Lonely) but I like his suggestions about improving the timeline:

Live Is The Biggest Opportunity Yet.

This is the section he describes most lucidly and is the simplest to implement on top of the existing product. Its currently done in a ham-fisted waywhere I am in India it prods me with modal dialogs about cricket matches!but there will need to be less prodding if its built as a standard set of pages where you can follow the best tweets for a sporting event, TV show or news topic while the situation is ongoing even if youre logged out. Its a bit like following a hashtag, with some curation and highlighting of popular tweets on the topic thrown in.

Channels Will Make Twitter Easy, Easy, Easy.

I sort of lost the thread in the middle of reading this in terms of figuring out exactly how this is different from Live or other category based curated tweets but I kinda get it. These are his examples: Want to know what are the most popular articles linked to on Twitter? That should be a channel. What are the most popular sites linked among the people we follow or people that our friends follow? Great channel. Which books are people Tweeting about? Channel. Which videos are garnering the most attention? Channel. Any particular .gifs blowing up? Channel.

Twitters Save Button Would Let You Keep All The Good Stuff.

This is a relatively complex concept and would be difficult to implement in a clear way but I like the idea. We could keep every product we saw mentioned, every book that looked interesting, every destination we wanted to visit someday, every concert we wanted to go see, and every ad that piqued our curiosity. All of this could be saved to a Vault within Twitter with just one button in line with the RT and Fav buttons in each Tweet.

lukasm 18 hours ago 0 replies      
> For most people, Twitter is too hard to use.

I don't know how to use twitter and I don't care. Why? Cognitive overhead. I use facebook messenger, whatsapp, HN, stackoverflow, github, Linkedin.

josu 20 hours ago 1 reply      
The author of the article is Chris Sacca.
rrggrr 20 hours ago 1 reply      
"Tweet nearby" & "Encrypted tweet nearby" & "P2P Tweet": These three functions would blow the lid off active user growth. Across the globe Twitter remains a key means for promoting events, demonstrations and encouraging political action. Give users the means to reach by locale (Concert), and securely by locale (Flash mob), and P2P (Iran, Syria, China) -- and sit back and watch the audience skyrocket.
marssaxman 21 hours ago 3 replies      
Nothing in there about turning it into a decentralized open network instead of a proprietary service, so I will continue not to care about Twitter.
soheil 17 hours ago 0 replies      
If I were still at Twitter I'd do anything to get Chris on the team.
joshyg 18 hours ago 0 replies      
I think their time has passed. Social media is not like tv. With t.v., People want good new shows, they don't care if they're from nbc or hbo or someone new. With social media people actually want a new medium every few years. I don't think there is any feature Twitter could add that will overcome this fact.
derekmasters 18 hours ago 0 replies      
Perhaps he should have included this, "we stopped talking about arab spring once we realized how it was a bad job that pushed people into depeer shit, perhaps now is the time to lift the carpet again and start talking about how we can build better tools that are powerful enough to put these fucked up countries back together"
adventured 17 hours ago 0 replies      
"Though you wouldnt know it by looking at the stock price or by reading the headlines, Twitter is owed recognition for ramping up their product development"

Sacca is incorrect when it comes to Twitter's stock price. They're being given an epic benefit of the doubt on their valuation. Few companies get that sort of charity; ask Groupon, Angie's List, Etsy, etc. about that.

They're substantially overvalued by any normal market standards. A $24b market cap for a company that has never - in nearly a decade of existence - earned a profit; worse, they've bled a billion in red ink over that time. It's also trading at a rich sales multiple of about 16.

yueq 18 hours ago 0 replies      
Don't pump. You might consider $WB stock which is way undervalued comparing to $TWTR.
antidaily 19 hours ago 0 replies      
Exactly why everyone moved over to App.net, right? Right, guys??
Thunderbolt 3 embraces USB Type-C connector, doubles bandwidth to 40Gbps arstechnica.co.uk
212 points by rbii  2 days ago   190 comments top 19
Roritharr 2 days ago 9 replies      
I'm kinda disapointed about the whole Type-C scenario.

Now when you've got a Type-C Port, you just don't know what it can do. It could be anything from a USB 2 Port, up to a USB 3.1 + 20A Power + Thunderbolt Port.

You can't see this from looking at it, and Spec Sheets today have a problem of listing the version numbers of HDMI and DisplayPort Ports, I don't see them suddenly becoming very concise about this.

The promise of USB has always been one of standardization. If I knew my mothers notebook is from around somewhere after 2008, if it has a USB Port, it will be USB 2 compatible.

In 2020 i won't be able to know if the monitor i recommend my mother will be able to connect to her laptop over the USB Type-C Port or not, or if it will run at full resolution or not, if it will be able to charge the notebook over it, or not... etc.

Its just a mess. If you make a standard, please make it a standard, not a pick and choose affair where the result ist just confusion.

izacus 2 days ago 3 replies      
Hmm, I don't understand the description fully - does that mean that it can happen that I can get a device with USB-C plug, plug it into computer and it won't work because the device uses Thunderbolt 3 and the computer isn't an Apple?

Or will all Thunderbolt 3 devices be able to scale back and communicate with devices over USB if the controller is not available? How will that work with displays over USB-C connectors? Is there a possibility that now instead of just checking for a USB port, we'll have to read the list of controllers/protocols available in devices connecting over USB-C ports?

donatj 2 days ago 2 replies      
When Thunderbolt was first released it caused a lot of confusion in my office for people with DisplayPort who couldn't hook up to Thunderbolt monitors, bought for them by our IT group that really didn't understand the difference. I see this problem coming on strong AGAIN with this. This port is just USB-C while this other port is USB-C and Thunderbolt... That sounds like a load of confusion waiting to happen.
awalton 2 days ago 5 replies      
Ugh Intel. We just fixed the USB problem of "I can't figure out which way to plug this thing in", why do you have to go and add the complication of "Wait, is this a Thunderbolt or USB C device/port?"

This is why we can't have nice things.

hendersoon 1 day ago 3 replies      
Sadly, the blocker for external graphics isn't the power draw, it's that Intel steadfastly refuses to license Thunderbolt for external GPU enclosures.

That's why you can't buy a macbook air and plug in a little $300 box with a GeForce 970 and play high-end games on it right now. There are no technical reasons why this won't work-- in fact, people have hacked together solutions that work great.

Intel doesn't want to let you do it.

Already__Taken 2 days ago 5 replies      
Seems to be trading all our different ports with the problem of having all levels of different cables?

This port is going to be very expensive for the manufactures. If it does everything I'm going to need a bunch. Does anything stop OEMs making a row of identical ports that only 1 charges my laptop, only a couple take can use the fastest cable and I'm sure all sorts of potential shenanigans,

hjnilsson 2 days ago 7 replies      
And finally, the future has arrived. If the iPhone 7 (doubt the 6S) sports USB-C as well, there will be a truly universal connector. Imagine screens, laptops, TVs, phones, mp3 players, docks, hard drives and toasters all using the same plug (well, maybe not the last one). There will be a painful time of transition until we are there, but hopefully it will be the last one.

(Conveniently this also saves Apple on the new MPBs, they can now have both USB A and USB C ports without it being weird)

jacobolus 2 days ago 0 replies      
The linked site seems to be completely toast, but here are some secondary sources which Id guess have approximately the same content: http://www.cnet.com/news/thunderbolt-3-and-usb-type-c-join-f...http://www.pcworld.com/article/2929798/thunderbolt-3-to-work...http://www.theverge.com/2015/6/2/8704067/thunderbolt-3-usb-c...
berberous 2 days ago 4 replies      
Can someone explain whether I should care that they are still using DP 1.2 rather than 1.3? I had thought 1.3 was needed for non stitched 4k 60hz, but this should have plenty of bandwidth, so I'm now not sure what the issue with 1.2 vs 1.3 is.
lawl 2 days ago 2 replies      
So now you can't even put glue in the thunderbolt port anymore to prevent DMA attacks?

I don't think DMA attacks have been fully solved yet via software, or am I not up to date here? I guess you could blacklist the driver.

snarfy 2 days ago 1 reply      
The USB C connector is awesome and this is great news.

I still wish the industry would have standardized on the 2.5mm jack. It can be plugged in any direction. You could pull a cord out of a mess of cables and it would not snag as there is nothing to snag on.

digi_owl 1 day ago 3 replies      
And they leave out the one thing that would be interesting, a wiring diagram.

the C port is interesting in that it provides both USB pins and a set of pins that can be used for a number of functions (Displayport being its out of the gate use).

If this leave the USB pins alone, and make use of the supplemental pins for Thunderbolt, there will be no port confusion. Especially as Tunderbolt is already set up to carry Displayport data anyways.

Then it just comes down to the chipset to negotiate the right protocols.

outworlder 2 days ago 3 replies      
So, will Apple finally be able to refresh the Thunderbolt Display?

I got an old one I want to sell before it gets obsolete. I guess the time is now.

Edit: "Thunderbolt 3 integrates USB 3.1, optional 100W power delivery, 5K @ 60Hz display."

Optional power delivery? Optional nowadays just mean "will be removed before even reaching production"

grecy 1 day ago 1 reply      
Given that it supports dual 4K displays at 60Hz with one cable, or a single 5K display at 60Hz with one cable, I think it's safe to say Apple are waiting for this to announce their new cinema display.

Anyone think they'll pre-announce it at WWDC (like they did the Mac Pro)?

stephen_g 2 days ago 1 reply      
I'm interested in how backwards compatibility works - will old Thunderbolt devices work with just an adaptor cable? As someone who does a lot of professional video/audio work, I have a bunch of Thunderbolt devices so I hope that's the case.
chatmasta 1 day ago 0 replies      
I have a Thunderbolt Display I have been meaning to sell. I think a.s.a.p is probably the time to do it, since I expect a release of a USB-C display at WWDC.
anigbrowl 1 day ago 0 replies      
Is this finally one port to rule them all? Please let it be so so that we can keep things the same for more than 12 months at a time.
rasz_pl 1 day ago 1 reply      
Intel just cant let go the idea of collecting IP royalties from every single device you plug into your computer :/
out_of_protocol 2 days ago 2 replies      
One port to rule em all
Install OS X 10.10 Yosemite in VirtualBox frd.mn
230 points by frdmn  2 days ago   102 comments top 10
rmoriz 2 days ago 0 replies      
There is a simpler solution out there using Hashicorps' Packer and the great build scripts from timsutton (can build images for Fusion and Parallels, too.):




wslh 2 days ago 3 replies      
I used OS X in VMware and Virtualbox (running Xcode) and the experience was awful. Mainly because 3D support is not available and OS X makes a heavy use of graphics acceleration.

OS updates also break the installation.

There are many discussion threads on this topic, like this one https://communities.vmware.com/thread/466874

zyxley 1 day ago 0 replies      
Note that if you do this with 10.10, performance will be terrible because of graphics accelerations issues.

From what I understand, 10.9 generally works fine in VMs, but there was a change in the underlying graphics engine in 10.10 that works fine on real hardware but plays merry havoc with VMs.

alkonaut 2 days ago 2 replies      
It seems the image must be created on an existing OS X installation. Is a pre-baked image portable to virtualbox running on other host OS:es? (Yes I know, Eula yada yada).
cerberusss 1 day ago 0 replies      
Now I remember why I don't like VirtualBox. There's always some problem when I use it. In this case, I followed the exact instructions. I have a non-functioning trackpad in the guest, which sometimes happens, and sometimes not. In the OS X installer, I also can't select the disk to install to. And when I powered down the VM and powered it up again, I get an error message "Error loading kernel cache (0x9)". That seems to be fixed when you follow the FAQ for "Stuck on boot".

The non-functioning trackpad I can get around, by rebooting until it works. Anybody had the problem where you can't select the target disk in the installer?

Edit: got it. You have to format the disk. In the installer, go to Disk Utility and "erase" the disk. This formats and partitions it.

kriro 2 days ago 5 replies      
I'm thinking about getting a MBP (have one at work) because the hardware is shiny and OSX is useful/needed for some things (iOS development, Unity development).However I'd much rather run Linux as the base OS. That setup wouldn't violate the EULA. I guess I'll spin up a VB-image on this OSX-MBP and see how it goes :)Useful.
csvan 2 days ago 4 replies      
Needless to say, this is a gross EULA violation (clarification: if you do it on non-Apple hardware, that is).
arihant 2 days ago 0 replies      
Since Virtual Box supports EFI boot, and since we did not fiddle with the ISO in this process, that means this process will not work on incompatible older Macbooks, right?
st3fan 2 days ago 1 reply      
Can the same technique be used to run Yosemite under KVM?
neals 2 days ago 2 replies      
Would this run faster on a Windows-SDD than on a Mac-mini sloooow HDD?
The Agency: An army of well-paid trolls in St. Petersburg nytimes.com
203 points by sergeant3  2 days ago   92 comments top 22
meesterdude 1 day ago 1 reply      
> Volodin installed in his office a custom-designed computer terminal loaded with a system called Prism, which monitored public sentiment online using 60 million sources

Oh look, they've got prism too!

> According to the website of its manufacturer, Prism actively tracks the social media activities that result in increased social tension, disorderly conduct, protest sentiments and extremism.

Well that's comforting.

This is obviously still in it's infancy, but they're only going to get better at this. Obvious leads and dead giveaways will be replaced with more subtly and variance, and detecting whats bullshit and whats real will become even more difficult, if not impossible.

This is russia's answer to people rioting over corruption in the government. Not transparency, not change; social manipulation of information and spreading lies.

And they aren't the only ones doing this. They're just the only ones we know about. No doubt other countries, companies and criminal organizations are operating similar tactics already.

Certainly puts a new spin on the term "don't talk to strangers"

astral303 1 day ago 7 replies      
My dad claims that the level of brainwashing in Russia far far exceeds that of the Soviet regime, and the propaganda is by far worse (and worse than WWII Germany he says).

Of course statements like that evoke Godwin's law and a hard to swallow. However, my dad grew up in Soviet Russia and trained troops on the use of artillery equipment during the Soviet Afghanistan conflict. He's been around the block and has seen firsthand the Soviet propaganda in multiple Soviet republics.

If you think about the insidiousness of troll-style, FUD propaganda, it's way way more psychologically insidious than the overt Soviet propaganda. You can't cut off access to facts and appear "fair"--instead you make people question the truth.

Russia just raised a whole young generation that's a socially-backwards by a generation. Homophobic, racist, blame-the-west feelings are rampant.

During the early days of the Ukranian conflict, I was surprised to hear a close relative in Russia tell me how she has seen videos on Youtube of "blacks from Africa" killing innocent Russian youths ("gouging their eyes out" she said) in Eastern Ukraine.

This shit is real.

gyardley 2 days ago 3 replies      
Poorly titled and therefore hard to share on Hacker News, but lengthy and worth reading investigative reporting into a bizarre 'Internet Research Agency' that mainly produces pro-Putin propaganda, in both English and Russian.

I'm surprised, frankly, that they don't have better English-language proficiency.

tptacek 1 day ago 0 replies      
I you haven't read to the end of the story, I highly recommend finishing it; it has a pretty great ending.

Also! The article outs a couple of US-facing troll operations, one of which, "Spread Your Wings", is an unintentionally hilarious satire of US partisan politics, and another highly recommended read if you're up enough on politics to be in on the joke:


(My current favorite Spread Your Wings propaganda: GOP Senator and Presidential hopeful Lindsey Graham: warmonger and Adversary Of The 2nd Amendment.)

(Moments later: NO WAIT, this inspirational uplifting quote clearly wins the Internet today: https://www.dropbox.com/s/4r7r7nvbpn2kp3h/Screenshot%202015-...)

tdees40 2 days ago 1 reply      
If you don't feel like reading it, this is an amusing tale of one arm of the pro-Kremlin propaganda machine. The kicker is at the end when Russian propaganda sources tried to make it seem as if the reporter were recruiting Nazis for a complicated CIA scheme.
danmaz74 1 day ago 0 replies      
I'm really worried about the course Russia is taking under Putin, but people like Ludmila Savchuk make me hope there is still some hope... I wish her well.
austenallred 1 day ago 0 replies      
Ah, the Russian trolls.

I run a crowdsourced news startup (https://grasswire.com), and along with it one of the bigger non-mainstream news Twitter accounts (@grasswire, 130k followers).

The Ukrainian conflict has died down a little bit, but when it was in full swing the Russian trolls were everywhere, and were pretty obvious, but that didn't matter.

For example, here are a couple of my favorites (and among the most active:)


I'm pretty sure now they're mostly set to automatically retweet anything with a pro-Russian sentiment, but back in the day they would pretty much respond to every tweet. For the casual user it was very convincing stuff: "Oh wow, maybe @steiner1776 is right and that report was full of lies, and I just didn't know better - thank goodness I have someone who is willing to stand up for truth."

Most people don't have time to research, and just follow public opinion, even if the public opinion is created by a bunch of trolls. It's especially easy to fall for the trolls when they tell you that "the man" has been lying to you all along (and in most cases "the man" means the United States). (To be clear: The United States does some messed up stuff and is far, far from without fault.)

There were a few days when they would seemingly download photos from any tragedy that had ever happened, and just add a generic line - something like "Stop killing Donbass people," insinuating that these deaths were caused by the Ukrainian army (and by extension, somehow, the United States). The photos were from Syria, Iraq, Palestine, Israel - wherever. I'm sure they were just being pulled from some file somewhere with a generic message attached. But that stuff _exploded_. Hundreds of thousands of retweets per day, driving public opinion, based on complete and utter bullshit.

So there are some Russian trolls; this isn't the end of the world, right? The problem is that for many of the people on Twitter these were real people expressing legitimate concern. Some of their blatantly false tweets (they were easily discoverable to be such with a reverse image search) went legitimately viral (not just spun into their other accounts for retweets). Hundreds of thousands of impressions per tweet from people who aren't going to run a reverse image search, and get their news from Twitter.

I don't know what the solution is, but this is extremely dangerous for society. It's easy to pass them off as "trolls," but trolls change the way that people act and believe, even when they're only sharing false information.

We started Grasswire in part as a response to that. The fact-check feature on Grasswire isn't used as frequently now, but at the time about 50% of the stuff that went viral was completely and verifiably false - look at the history of the Grasswire Fact-Check account (@grasswirefacts) for examples of that. It helped, but I fear it was only drop in the bucket.

sancha_ 2 days ago 1 reply      
I am sure this is not only happening in Russia.
sireat 1 day ago 0 replies      
None of this is surprising behaviour (insert obligatory Tu quoque argument about other countries).

What seems funny that the behaviour of various workers is eerily reminiscent of various characters in Pelevin's "Generation P" http://en.wikipedia.org/wiki/Generation_%22%D0%9F%22

jkot 2 days ago 0 replies      
> The Columbian Chemicals hoax was not some simple prank by a bored sadist. It was a highly coordinated disinformation campaign, involving dozens of fake accounts that posted hundreds of tweets for hours, targeting a list of figures precisely chosen to generate maximum attention. The perpetrators didnt just doctor screenshots from CNN; they also created fully functional clones of the websites of Louisiana TV stations and newspapers. The YouTube video of the man watching TV had been tailor-made for the project. A Wikipedia page was even created for the Columbian Chemicals disaster, which cited the fake YouTube video. As the virtual assault unfolded, it was complemented by text messages to actual residents in St. Mary Parish. It must have taken a team of programmers and content producers to pull off.
nols 2 days ago 2 replies      
The article is really good, but this title is extremely vague.
m1 2 days ago 0 replies      
> ISIS had claimed credit for the attack, according to one YouTube video; in it, a man showed his TV screen, tuned to an Arabic news channel, on which masked ISIS fighters delivered a speech next to looping footage of an explosion.

This linked to the wrong video, the actual link is https://www.youtube.com/watch?v=E2J6RvajSaA

Edit: He fixed it.

Canada 1 day ago 0 replies      
We should call them what they are: Sock Puppets.

Calling them trolls is an insult to trolls.

guard-of-terra 1 day ago 1 reply      
I doubt about "well-paid" part. From the article you can deduct they're pair around 25k RUR/month, $500 in today exchange rate.
joelx 1 day ago 0 replies      
Read the comments on the nytimes article...
towelguy 1 day ago 0 replies      
The Ministry of Truth in the making.
ISL 1 day ago 5 replies      
This sort of thing has happened recently on HN, where trolls derailed the conversation so badly that it was flagged into oblivion. (dang brought it back to life after an email appeal).


What's the right way for a community to permit free and welcoming discourse and simultaneously blunt the ability of malicious actors intent on spreading disinformation? It's a hard problem.

hugh4life 1 day ago 1 reply      
Astroturf happens everywhere... news at 11... it's easy to laugh at the paid Russians and their broken English but it wasn't too long ago you had stories of British intelligence rigging online polls and the US government contracting out software to manage mass amounts of social media personas to target jihadists(and I'm sure the same tactics are being used against Russia too).
deathwolf 1 day ago 0 replies      
Interesting enquiry and article, though obviously they are much worse at hiding their tracks than the US Government trolls.
mdekkers 1 day ago 1 reply      
This story pops up regular as clockwork, going back before 2012. It's propaganda in its' own right - no doubt, with equally depressing regularity, I shall be downvoted into oblivion for having the temerity of actually pointing it out.
jameshart 2 days ago 1 reply      
Expect a follow-up article in the Washington Post about a covert Chinese internet propaganda organization which successfully planted a story in the New York Times attributing a series of alleged online hoaxes to a Russian organization. The hoaxes seemed real enough - there were youtube videos and twitter accounts and websites - but in reality there was no evidence that the hoaxes had ever actually happened.
Freedom Act Passes: What We Celebrate, What We Mourn, and Where We Go from Here eff.org
205 points by snowpanda  1 day ago   58 comments top 9
ChrisAntaki 1 day ago 2 replies      
I'm celebrating the only two Senators who voted against the "Freedom" Act [1] and supported net neutrality [2]. Both also voted against the "Patriot" Act in 2001, while they served in the House [3]:

Tammy Baldwin (D-WI) & Bernie Sanders (I-VT).

[1] http://www.senate.gov/legislative/LIS/roll_call_lists/roll_c...

[2] http://www.baldwin.senate.gov/press-releases/us-senator-tamm... & http://www.markey.senate.gov/news/press-releases/to-protect-...

[3] http://clerk.house.gov/evs/2001/roll398.xml

yodsanklai 1 day ago 3 replies      
> Weve gone from just killing bad bills to passing bills that protect peoples rights.

By people, do they mean "american people"? I may be wrong but my understanding from Snowden revelations is that the NSA is listening and recording without restriction all conversations from non-US citizen (whereas it was restricted to meta-data for US citizens). I don't know if the freedom act is an improvement for the rest of the world, but I doubt so. It would be nice for our american friends to understand that we value our privacy too.

coldtea 1 day ago 5 replies      
One good step would be to prohibit laws to be named with nice words and acronyms ("Freedom", "Patriot", etc).

Those are advertising and only serve to confuse discussion of the actual content ("you are opposed to the Patriot act? Aren't you a patriot?" etc.).

hackuser 1 day ago 1 reply      
I follow this issue and read a lot about it, and I'm still not sure what powers the NSA has, other federal and state agencies have, under what laws, and which have been restricted.

It would be a valuable public service -- more than all the newspaper articles and press releases -- if someone who knows all that could make a simple table: Agency | Power | Limits | Legal authority

getsat 1 day ago 0 replies      
>we have every reason to believe that President Obama will sign USA Freedom into law

His official Twitter account said he'll be signing it: https://twitter.com/POTUS/status/605841647193030657

kweinber 1 day ago 0 replies      
Hat tip to the eff... Don't forget to support them, they've got your back on stuff like this....
peteretep 1 day ago 1 reply      
I think people forget that Congress are people with their own secrets too.
fleitz 1 day ago 1 reply      
Isn't this a step backwards from yesterday?
MCRed 1 day ago 0 replies      
We've been fighting this fight for 20 years. The lack of progress is unacceptable. The NSA and the government in general have only gotten more and more out of control, more and more aggressive in violating rights.

That the result of Snowden is this pathetic attempt would convince me that government was useless in this current form and that it has totally failed- if I weren't already convinced of that seeing the past 20 years of legislation. (I've been watching more than 20 years, but the gloves really began to come off during the Clinton administration when he banned gay marriage for no good reason (he could have simply pocket vetoed the bill.) )

My how our standards are low, and that makes this country increasingly a joke- a parody of itself, commonly summed up with the phrase "MERICA". It's not funny, it's tragedy.

Beside a startup, what are the other ways to significant wealth for a dev?
195 points by soulbadguy  2 days ago   173 comments top 42
fishcakes 2 days ago 1 reply      
Here are a few ideas:

- Selling enterprise software (you can make 10%-20% of an 8 or 9 figure deal)

- Selling securities in some form or another (you make ~5% of deals worth potentially hundreds of millions of dollars)

- high leverage consulting (solving very hard tech problems for lots of people. for example: I have a friend who helps a whole bunch of computer vision companies and makes a ton. Another friend is an SEO expert.)

- Patenting core technologies and selling those patents (A buddy of mine sold his patent for $10M)

- "platform based land grabs". Think of the people who bought tons of domains early in the Web's history. Or the first guy to make an emoji app on iOS. These are different than "starting a company" as you really only need a product and can pull it all off on your own. I suspect there will be more of these in the future.

All of these require creatively navigating business as well as being an awesome dev.

zamalek 2 days ago 2 replies      
1. Startups have happiness potential for developer not only because of the monetary wealth but also because of the wealth of the challenges faced. Developers live for tricky puzzles to solve and startups are one place that you can get them. Startups aren't the only place where you can find challenges (as you've noted).

The monetary wealth typically comes from stock options. Stock options are a promise that you can buy stocks at a certain price at some point in the future (when they become available, e.g. during an investment or IPO). Options are how you become an overnight millionaire. Startups aren't the only place where you can earn options.

You'll typically find that companies that aren't publicly traded have stock options (ask about them in your interview). It's not something that's exclusive to startups - I have options in a 10 year old company and have cashed in some of those options.

2. Yes.

3. Accrue wealth like anyone would. Developers earn relatively high salaries (whether they work for a startup or not) and hence have an easier time getting into the situation where money works for them.

However, even one of those developers who earns $1 000 000 can have no wealth if they waste it all. Someone who earns $75 000 can amass a fortune. It all comes down to how well you manage your money. If you do something to get rich quick chances are you are going to end up penniless. It takes time, discipline and a brain.

There is no quick road to material wealth.

Money does not make you happy, it merely multiplies what is already there. It's a catalyst. If you're already happy, money makes you happier. If you're already sad, money will make you miserable.

starmole 2 days ago 9 replies      
It really depends on skill and motivation. If your motivation is only money you are unlikely to succeed.

Personally I am a big corp dev and making >600k/year on track to retire at 40.

But you do not get there by trying for the salary. Try to be good, no exceptional, at what you do. Become valuable and you will be paid. But your motivation should be your craft and not money.

I believe the same applies for startup founders too. As a dev in startup land you are at a disadvantage though - the fail or rise of the company is much more about sales and biz than tech.

I think as a dev big corps are the way better bet. Not much to loose, but possibly high payout. Startups very rarely pay out for devs.

sosuke 2 days ago 4 replies      
A general rant, when someone asks about how to make reasonable wealth, significant wealth, or to get richer than you would be as a salaried worker I assume they are interested in getting into the 1% or higher bracket of earners.

Someone making 6 figures asking how to get more wealth probably doesn't care they are in the top 10%. They are looking up, not down. Saving half their salary isn't realistic for a single income family, and would even be tough for a dual income family.

They probably don't care to listen to the "money isn't everything" advice from the rich. Yes, everyone knows that money isn't everything, and everyone knows that money isn't everything when you've already got it. I have relatives making choices between feeding themselves or their pet for the day, money means a great deal up to a point, and then there is a big gap where it doesn't make much difference. Then after that gap is breached is starts to make a huge difference again.

Unfortunately, for the number of times this question is asked, the number of times I've asked it of myself, there are no silver bullets or proven paths. I have to stop ranting now it is late, I am tired. (^_^)b

tslug 2 days ago 1 reply      
1. No.

2. Yes.

3. Respect the people you want to help you. For instance, let's say you want a bunch of people to take the time to read and answer difficult, open-ended questions for free in a way that could lead to vast personal wealth for you. You could demonstrate your respect for them by showing them the courtesy of proof-reading your post. As the questions are so broad, you also could show respect by sharing what you've learned in the research you've done so far to help educate them and to narrow down what you're looking for. You could demonstrate even more respect by thanking the authors of particularly good contributions.

danieltillett 2 days ago 2 replies      
I am surprised no one has suggested the traditional and still very popular way which is marry someone wealthy.
sblom 2 days ago 0 replies      
I worked with a test engineer at Microsoft who started in 1999, which was after the get-rich-on-stock-options days at the company. He spent 15 years living below his means, and recently retired from the tech world forever. He didn't need any tricks or secrets to pull it off, just living frugally and saving tons of money. I suspect I'm way behind him despite earning more and even having a wife who used to earn a software salary as well. Makes me wish I would have saved more aggressively to date.
madaxe_again 2 days ago 3 replies      
As someone who has spent their 20's accruing "significant wealth" through a startup (I am by no means loaded, but have not worried about money at all in ~3 years), I'll tell you now - it's overrated.

Money can buy you happiness, but it's an inefficient exchange mechanism - unless you roll two sixes, the amount of work and bullshit that goes hand in hand with growing your "worth" usually exceeds the reward - and that reward for most is tantalisingly close but always "a year or two" away.

Monetary wealth is a means - it is "gas in the tank" - but it isn't the end. The end is your own happiness and wellbeing, and there are much easier ways to secure this than through wealth.

If I'd known what I know now, I would have moved to a hut up a mountain a decade ago rather than going into business. Now I am responsible for the livelihood of dozens directly, thousands indirectly, and while I may have made myself a very comfortable gilded cage, it is a cage, and the cost of my wealth has been my freedom.

jcoffland 2 days ago 1 reply      
Contracting! Many people, most of them non-contractors or people who have limited contracting experience will tell you contracting is risky. If you are good it's actually much more secure than getting a "real" job, once you get going. You can't really get fired and as long as you are able to juggle a few clients at a time you will always have plenty of work. If you can consistently deliver results faster than the average deskjocky you can earn a lot of money too.
sosuke 2 days ago 0 replies      
Keep making products until one sticks, then keep making products until one shows potential, then keep making products until you've gotten a product that can support you, then keep making that product until it plateaus or you consider yourself successful. If that last product isn't enough, repeat the cycle.

Product could be SaaS, software, consulting, contracting.

m-i-l 2 days ago 0 replies      
1. No, startups aren't the only way to "significant wealth". In fact, in my experience, startups are something of a lottery, i.e. you only a very small chance of making a lot of money. For every success story you read there will be many more failures. But having said that, it can still be worth founding or working for a startup because you can often learn a much broader set of skills than you can at a big company.

2. Yes, I have heard about a small number of exceptionally highly paid developers too. However, I suspect this is incredibly rare, perhaps with a similar or even lower probability than making your fortune at a startup. Unless you have some extraordinarily talent and are aware of this and in a position to able to exploit this (but I doubt you would be asking the question if this was the case).

3. I would have thought your best chance of making enough money to reach financial independence is the usual unexciting advice: (i) work hard to get an above average salary, (ii) live frugally and save as much as you can, (iii) invest what you save carefully, (iv) continue this process for many years. If there was a sure-fire quick and easy way of getting rich, I'm sure more people would be doing it, or you wouldn't be reading about it here.

eignerchris_ 2 days ago 0 replies      
It really depends on your definition of wealth. Most engineers I know clear 100K+ pretty easily after a few years of experience. If you're in a hot market or sector, you can easily earn $180k+ after 5-8 years. If you produce consistent value for a business, $225k is definitely achievable.

Understand that by making $100k+ you're basically in the top 10-15% of earners in the U.S. [1]. Make $180k/yr and you're in the top 4%.

And realize that plenty of people who make >$150k spend like crazy trying to keep up with the Jones. Plenty of people who make $80k/yr spend wisely end up having more "wealth" in the end.

[1] - http://www.financialsamurai.com/how-much-money-do-the-top-in...

alttab 2 days ago 3 replies      
Save half of what you make, diversify your investments, and pay down your debt. Do this for 15 years and you will be rich with your skills.
heyalexej 2 days ago 2 replies      
"Significant wealth" can mean many different things. I've seen Derek Sivers speaking at multiple conferences. He has a very interesting question that I since ask myself and others: "What do you optimize your life for?". When you find the answer to that question, it gets easier to go from there.

Robert Kiyosaki and other wealthy people state that wealth is measured in time. Can you not work for x weeks, months, years and still make money or at least maintain status quo? If you can, you're probably already wealthy and doing better than the vast majority of people out there.

We all love to read success stories of startup founders where it escalated quickly and they got out with a huge amount of money. These people however are not a good representation of what's out there. Most wealthy people I've met over the course of my life do things that not a lot of people think about and take for granted. They're sometimes rather boring, not glamorous, not innovative things like selling sausages, web hosting, web development services, selling plain white shirts, toilet paper, pipe fittings, cleaning businesses, restaurants and so on. These people then invest their proceeds in other "boring" assets like real estate, other businesses, fonds etc. with a long term view.

A lot of these people moved from being a specialist (consultants, chefs, programmers, contractors) to business owners. Not working in but on the business. Hiring other specialists, people who do the grunt work, the sales, the programming and so on. They then invest their proceeds into assets that will continue to generate money at different percentages even after they completely stop working.

In your particular case that could mean that you could start with very specialized consulting work. Then slowly transition into providing tooling for a monthly fee. Then slowly removing yourself from the business as much as you can. The beauty of it is that monthly recurring revenue is compounding. Also have a look into SWaS (Software With a Service) http://www.tropicalmba.com/swas/.

Investing/saving $5K a month for 15 years with an expected rate of return of 7% and an expected inflation rate of 3% will bring you to a place where you end up with a balance of ~$1.5MM (or $1MM after inflation) to your name. Would that make you wealthy in your books?

crimsonalucard 2 days ago 1 reply      
There's something we all can do if we work together to get each of us paid north of 200k a year.

Form a software developer union.

patio11 2 days ago 2 replies      
I'll answer the questions you asked, then give you a better question:

AppAmaGooBookSoft are probably not what you're thinking of when you say "startups" and 5-10 years in any of them will make you quite wealthy indeed, by the standards of e.g. the American middle class.

Do some devs make north of $1 million a year? Yes, for a value of "some." (If you put a gun to my head, I'd say "Maybe 5% of the engineering workforce at AppAmaGooBookSoft. Possibly modestly higher than that in finance.") The shortest path to it is "significant contributions to a major revenue driver for a large company combined with aggressive negotiation."

Depending on where you draw the bar for "wealthy", there are a lot of dev-related businesses which can get you there. Consultancies with employees throw off a lot of money on a yearly basis and also build value which can be sold. Profits for a well-managed e.g. Rails consultancy are on the order of $2.5k~$10k per employee per month (math here: https://news.ycombinator.com/item?id=7155387), so if you run a 10-person consultancy, you do pretty well for yourself via distributions while also drawing the market salary you're paying all the employees.

There exist many product businesses which are primarily or largely software in character. There exist hundreds of software companies which toil in relative obscurity whose founders are (generally very quietly) millionaires even when one doesn't count the value of the company itself. I built a consulting career off of working for SaaS companies with, in the main, $10 to $50 million a year in revenue. There exist lots of them. The rough economics are often 10% COGS 10% marketing 10% G&A 50% salaries 20% "whatever the owner feels like."

Many of these paths will not involve you being primarily working on compilers and dev tools. (Compilers are a tough sell -- dev tools perhaps less so. There exist plenty of great small dev tools companies.) Even if that is what your business actually makes money on, you will probably have to a) get into business and b) spend the majority of your cycles on building the business rather than building the thing the business makes, unless you take the well-compensated employee route.

There are your answers. Here is my question: what do you want out of life? What does "wealthy" mean to you? What motivates your desire to retire early?

I once wanted to retire early, but that was a symptom of the underlying affliction "I hated what I was doing for a living." If you see wealth as an opportunity to choose to spend most of your cycles on something other than what you presently do for a living, you probably can achieve that without being sold-a-startup-now-I'm-loaded wealthy. Some of the happiest people I know run quiet little cottage industry software businesses on the Internet in preference to the day job. Most don't have seven figures in the bank, but their day-to-day lifestyle might resemble that of a "gentleman of means."

If you want to have sufficient free cycles to study something, consider as an option "Create some enduring source of value which solves the sustenance-for-myself-and-family problem with the minimum number of hours required per week; spend my freed-up-time studying rather than filing TPS reports."

PaulRobinson 2 days ago 0 replies      
The myth that growing the value of equity is the only way to make significant money is a lie, perpetuated to keep you working for somebody else until you have "the big idea".

What if you started a company as an LLP with some smart colleagues and you shared in the growth of each other's talents? What if you created a co-operative?

Come to think of it, what's your goal? To be rich, or to be able to go back to school without worrying about money? The two are not the same. I doubt that most of the open source developers you've heard of can rock around in a Ferrari but they are doing what they love and are happy: haven't they effectively got to the point you wanted to, but without the need to slog out to the point of having piles of money?

I'd also as an addendum suggest diving into the [/r/financialindependence](http://www.reddit.com/r/financialindependence) community - lots of ideas there.

dleskov 2 days ago 2 replies      
I am with a small company focused on compilers and managed runtimes (JVM), and I can tell you that _good_ compiler consultants are in high demand. For instance, I had a discussion with a CEO of such specialized consultancy looking for GCC specialists last year, and he said that LLVM engineers are even harder to come by.

I also see processor startups popping up all the time that need compiler/tools engineers badly.

Overall, I'd repeat what others have said: "save a lot and invest your savings wisely."

joetech 2 days ago 0 replies      
There are ways to make a lot of money with affiliate marketing, but that can involve a lot of trial and error and can (usually does) involve bootstrapping with a lot of your own cash or a credit card. Although I know of at least one person who turned millionaire after bootstrapping by maxing out his credit cards, I would never suggest doing that. It's a deep hole to climb out of if you fail and for every success story, there's probably 100 failures not talked about. In short, the successes I've seen involve buying advertising to get people to a landing page that generates leads with commissions that (hopefully) pay you back more than you spend getting the traffic. It's a delicate operation that pays well only if you get the landing page and affiliate choices right.

I've also seen wealth generated with mailing lists. This is another affiliate marketing play that can be done without feeling too spammy and can still add value to the user.

Similar to a mailing list, a forum can be easy to set up and maintain. Also like a mailing list, if you create a large enough user base, advertising can pay off.

One of the better earners is a subscription model for just about anything. Software provided for free with a "premium" set of features for $x per month is a good way to generate a user base more easily.

A couple things to keep in mind:1. You will almost always have more success when you're passionate about the subject matter.2. It will take time. Most overnight successes are preceded by years of ramp-up.

hkmurakami 2 days ago 0 replies      
How much do you need in your nest egg to fully retire?

Now, how much would you need in your nest egg to feel comfortable about being picky about where you work and what you work on, trading in some of your income for mission/learning/location/people etc.?

Once you have these numbers (which depends on your life stage and costs of living), then you can start backtracking and figure out what kind of money you'd need to make and whether it makes sense for you. That will leave you with the universe of options available, which may be wider than what you're considering right now.

wsc981 2 days ago 2 replies      
Like others have suggested in this thread: contracting.

Ideally find clients who are willing to work with remote contractors. Emigrate to a "poorer" country and save money. For example, people in Thailand earn on average around 500 EUR a month (from what I've read). If you can manage to work for western clients who perhaps pay you 10.000 EUR a month (40 hour work weeks), you will be able to retire extremely quickly.

chrisbennet 1 day ago 0 replies      
I'm not trying to be flippant, but have you considered finding something you like enough that you don't look forward to retiring?

I get paid (well) to do stuff I love so it is possible and possibly easier than becoming wealthy. I think loving your "work" will put a lot more happiness "under the curve" than waiting until you retire to be happy - even if you retire early.

ryandrake 2 days ago 0 replies      
Since a lot of people are commenting that the original poster is not being specific in what he or she means by "significant wealth", let me propose a more concrete question:

"Besides a startup, what are some other reliable (close to risk-free) ways to retire at any age with $20 million net worth and $1 million a year in passive income--that a motivated and skilled software developer can achieve starting in his twenties?"

Practical step-by-step advice only, no general platitudes like "just love what you do!" and "don't be in it for the money!" My guess is it's impossible without rolling the dice on business ownership, but I'd love to be proven wrong.

soulbadguy 1 day ago 0 replies      
A lot of good answers, and lot of good advices. But it seems there is a lot of assumptions on my motivations and personal view on moneys.While i think that those aren't strictly necessary to answer the question, i guess i am asking a personal question so it's only fair if people some assumptions. So in no particular order , i am sharing my perspective on some the recurring themes :

1 - Why do i want money (or why do i want a lot if it :)) :I am not interested in a luxurious or grandiose life style. For me money is to buy freedom and safety booth for me and the peole i care about. I want myself and them to be able to afford the best of the health care systems, to be able to focus on exactly what we do, etc...etc...

2 - How much is "significant wealth" 10M+

3 - Money shouldn't be the focus, the craft is:I think they both should be. I don't think getting wealthy should be though as a direct consequences of great work.Great work might be correlated or even necessary to building wealth but i don't the former always implies the latter. To get wealth i believe i will have to learn how, much in the same wayi had to learn to be a software dev.

4 - There is no quick fix. stop looking for it.

I am not looking for a quick fix. I am willing to put the hours (hell i am looking forward to it). But i also want to capture and leverage some of the value i will be creating (in a way that's is both legal and ecological)

So again a lot of great idea i didn't though of and i am already reading on all those venues. The idea i am particular interested is consulting : Is there a demand out there for consulting to startup say 30/week for 6 month for some equity in the company ?

Any body in the fanancial market want to share his experience ?

Again thanks for all the great answers

Jack000 2 days ago 0 replies      
There's always the "get rich slowly" approach: put a large portion of your income in low-risk investments. This is slow but once you hit a critical mass in capital more interesting opportunities become available. Eg. you could eventually bootstrap your way to buying an apartment complex, parking lot etc.

I think a better question is how do non-computer people create wealth? Devs as a group are already predisposed to having higher income. For my family it has been to work really, really hard, live frugally and invest all disposable income. I'd venture to guess that most wealth creation happens this way - call it the long tail of wealth.

dublidu 2 days ago 1 reply      
Devs rarely make $1 million a year, startup or big company. Now if you are 10x better than the average Google/Facebook engineer and can prove it, I think you could negotiate that kind of compensation package as a principal engineer.
bandrami 2 days ago 0 replies      
Savings and prudent investment.
simplexion 2 days ago 0 replies      
Wealth != money. I feel like I am very wealthy and I make bugger all money.
prewett 2 days ago 1 reply      
Save money and invest it wisely in stocks and/or bonds. It's not fast, it's not techy, but it is a tried and true way.

The trick is, you need to figure out what "wisely" is. IMO, if your strategy involves holding on to your stocks, it is probably speculation (=gambling) rather than investing wisely.

Sukotto 2 days ago 0 replies      
If returning to school is something you really want to do then there is a third option: go get a job at the school you want to attend.

Just make sure to negotiate your benefits to include the ability to take classes (both the time during your days to attend, and reducing the costs -- preferably to zero -- of attending)

pjc50 2 days ago 0 replies      
The same way as everyone else: leveraged property speculation.

If you're really good at maths you could become a "quant". Most of the really high paying developer jobs are unsurprisingly in the financial services industry.

Zecc 2 days ago 0 replies      
Apparently you can make millions being an art forger.


involute1344 2 days ago 0 replies      
3 - Marry well.
aj0strow 1 day ago 0 replies      
Spend less. Save more. Change companies every 3 years. You'll do fine.

Alternatively make friends with rich people and make them richer. You get a cut.

hamburglar 2 days ago 2 replies      
I think the best approach is to stop believing the hype that you went into a vocation that'll net you obscene wealth and instead thank your lucky stars at having entered a field that you (hopefully) enjoy and which also happens to pay a damn good salary. From that point: hard work and perseverance will let you save a pretty respectable retirement fund. And the work isn't even that hard.

I'm sorry to be the grumpy old man in this thread, but asking how to turn your developer job into $1MM/year is like a high school kid planning to play pro basketball.

FlaceBook 2 days ago 0 replies      
"I want to be rich, how do I do this?"

Is this yahoo answers?

anovikov 2 days ago 0 replies      
Get married to a rich girl. Girls like smart guys.
RantyDave 2 days ago 1 reply      
Solve problems for rich clients.

Or steal bitcoin.

bsder 2 days ago 0 replies      
Get out of dev, put on a suit and tie, and go suck up doing finance on Wall Street.

Your probability of success is way higher.

mauricemir 2 days ago 1 reply      
what do you define as significant? 1M 10M or 100M plus
MurWade 2 days ago 0 replies      
email me mustafahossaini@gmail.com
jitix 2 days ago 0 replies      
Make a viral app. Something like Flappy Bird.
Show HN: Diff.io diff.io
194 points by wickedlogic  2 days ago   98 comments top 27
llamataboot 2 days ago 2 replies      
I see some green blobs, some pricing info, and hear some marketing speak about letting my CMS be a "self-actuated change awareness system".

I want to know how I integrate this API into my tests, what exactly it tells me, and how to use it. How about a free plan to test it out? How about developer docs? How about something more than a few screenshots and a 30 second video that is incomprehensible marketroid speak?

Sorry for the harshness, but I really think visual diff tools are needed for integration testing. I want to figure out which ones are flexible and how they can be used. This site helps me do none of that.

schappim 2 days ago 1 reply      
If you want a DIY version of this, try ImageMagick's compare command:

compare bag_frame1.gif bag_frame2.gif compare.gif

Documentation: http://www.imagemagick.org/Usage/compare/

nbevans 2 days ago 7 replies      
Tip: Remove the "plans" page. This thing is too early stage to start talking about $ plans. Nobody even knows what the hell this is or what it is good for.

Your business model should be as follows:

1. Make something new, useful and free.2. Get people hooked on it, like a drug.3. Grow a modest user base.4. Introduce "value added" features, marked as preview or beta, for enterprise customers and integration into other web services.5. Once features added in step 4 have matured, remove the beta clauses and slap a price tag on them.

morgante 2 days ago 4 replies      
This seems like it could be greatcan I drop this into my CI workflow to find visual regressions?

That's the question you should be answering. Not trying to sell some "self-actuated change awareness" mumbo jumbo. The video literally sounds like an infomercial for a cult.

Sorry for being harsh, but it sounds like you have some cool technology which is unfortunately overwhelmed by terrible marketing.

empressplay 2 days ago 3 replies      
Your "bootstrap" level should be free. I don't see any bootstrapping startup paying for a service they don't need / can build themselves for free (if they're really desperate for it.)

You want to capture that potential future business, and hope that you can convert them to paying customers as they become profitable; you don't want them to go "hey, great idea, but I'm not paying for that" and then implement their own solution.

Permit 2 days ago 0 replies      
I just want to say that I strongly disagree with the people here who are complaining about your pricing page.

You need to validate that people will pay money for this product, and the quickest way to do so is to ask up front. I really don't buy this "Give it away for free, get them hooked and then staple on paid features" approach.

PG said it best: "Better to make a few users love you than a lot ambivalent."[1]

One of the best ways to find out if people love what you're building is to ask them to pay for it.


jwklemm 2 days ago 1 reply      
Nice work! We have a similar feature built into Ghost Inspector: https://ghostinspector.com/#visual-regressions -- It includes a tolerance setting so you can basically say "I only want to hear about it if the screenshot changes by xx% or more." Effective visual regression testing at scale is tough though and is really more of a secondary feature for us.

If anyone is interested in other solutions, ImageMagick has a nice "compare" tool built-in. There are also plenty of open source projects like Huxley, PhantomCSS, etc. I recently saw a demo of Applitools Eyes (https://applitools.com/) and it's quite powerful (though it's a paid service).

Lastly, I did a presentation that involved visual regression testing here: https://www.youtube.com/watch?v=mK0l__jmpTA (starts around 12:25)

stephentmcm 2 days ago 2 replies      
I've half built a tool to do this using PhantomJS, and a really half-baked API. The image grab part is easy. The diffing is what's hard... well sort of.

What I tried and what this site appears to do is a straight pixel change detection, which fails to account for how important that change is. Minor things change on a site all the time it's catching major breaking changes that's hard, say a CSS rule change that looks fine on desktop but ruins the site on mobile.

kasparloog 2 days ago 0 replies      
Monitoring is a good idea. However, pixel-based comparison services are quite pointless for web pages. Banners, dynamic content etc. simply drives spam.

Try Browserbite with its feature-based comparison. There are other regression-oriented tools out there as well that use pixel-based methods as well.

zoidb 2 days ago 0 replies      
Hey nice! I've actually done something similar myself as a weekend project - https://page-watch.com

Also checkout the following projects, https://visualping.io/ and https://dpxdt-test.appspot.com/

If you are using something like phantomjs to generate website screenshots I wonder how you are dealing with dynamic content. A lot of pages have continuous animations that can screw with simple image diff comparisons. For this reason you may want the option to limit your compare to a subset of the page.

marcelerz 1 day ago 1 reply      
You are probably using Blink-Diff for the image comparison. Isn't it?https://github.com/yahoo/blink-diff

For example:https://raw.githubusercontent.com/yahoo/blink-diff/master/ex...

You can change the highlight-color to green (it is a configuration option), just like it is on the page there:https://diffio.global.ssl.fastly.net/v1/diffs/2015-05-28/eee...

And the "montage" is called a "composition" in Blink-Diff.

bcjordan 2 days ago 0 replies      
Very nice! Your CMS integration looks like a fantastic way to mitigate the onboarding pain of most integration testing systems.

Definitely a useful type of test to have and certainly comes from a place of pain. Last year I worked on a bootleg similar project during the YC Hacks eventit was hard to get it to work right.

Recently Applitools Eyes[0] started gaining popularity for CI-based visual testing, I hooked it up to some Selenium integration tests at work earlier this year and the things it catches have consistently amazed me. Catches nearly all of the bugs that manage to slip past the typical unit / end-to-end tests.

One hard part they navigated well has been the interface for being able to review changes, set new baselines, and set a certain area as "ignored". IIRC they even use some fancy computer vision algorithms to handle slight variations in screenshots (e.g. font alignment false positives).

[0]: https://applitools.com/

uptownfunk 2 days ago 0 replies      
I want to know what this does, the youtube video does not explain clearly in layman's terms.
ivanhoe 2 days ago 1 reply      
Looks like a useful service. Just a word of warning, your SSL certificate is not trusted by Chrome and possibly some other browsers. You have to install Intermediate certificates to make it work for everyone.
Gigablah 2 days ago 1 reply      
Your API documentation isn't public. That's an instant turn-off.
olivierkaisin 2 days ago 0 replies      
Great project!

This is really a need for monitoring consistency of UX of any website.

Although I just think you should simplify your pricing model. I don't understand why you are talking about "requests". Who cares about bandwidth today anyway? Just make people pay for the number of pages the frequency of the checks.

Also, you should allow people to set up e-mail alerts when some parts of their website pages change (e.g. payment forms).

I would definitely pay for such product. : )

wldlyinaccurate 2 days ago 0 replies      
This reminded me of Wraith, a screenshot comparison tool which The BBC developed for integration testing: https://github.com/bbc-news/wraith
gcb0 2 days ago 1 reply      
the license plates image is misleading as hell!

for a moment you think it is smart enough to realize subject and background and only show you changes on the normalized objects.... but it is actually just an edited image on the other side to add a clean element for the diff.

bliti 2 days ago 0 replies      
Your landing page might benefit from using wordpress as an example. I saw the service and immediately thought about how to integrate this into wp. Maybe even turn it into a wp plugin? Dunno. This does seem useful.
joshcanhelp 2 days ago 0 replies      
This looks fantastic. I was just looking into doing this "manually" with an automated screenshot process for a site I'm refactoring part by part.
bgraves 2 days ago 1 reply      
Hmm, is this built on top of url2png by any chance? :
OneTwoFree 2 days ago 1 reply      
The site shows an SSL warning message. The certificate details says it was issued by "Avast untrusted CA".
omarchowdhury 2 days ago 0 replies      
Could use this to monitor competitor's landing pages and see what they split test.
cekanoni 2 days ago 1 reply      
your ssl is signed by unknown vendor so i wouldn't trust it..
The tech arms race in AAA games and why I'm abandoning it andreaspapathanasis.blogspot.com
184 points by jsnell  1 day ago   186 comments top 34
fsloth 1 day ago 4 replies      
Tech to games is equivalent to the medium an artist uses. Crappy tools and materials can ruin the experience (i.e. if Michelangelo's David was made out of, say mashed potatoes it would have not survived and it would have looked silly after a while), but good materials do not make an artist (i.e. give a non-visual person marble and give Michelangelo mashed potatoes and what Michelangelo produces will probably be better than what the other bloke produces).
ghshephard 1 day ago 3 replies      
One of the sadder things I read today:

"What I was blindly ignoring back in my teen years was games like Elite, Ultima IV, Zork, MUD - games that fit just fine on the tiny possibility space my original PC enabled."

I had a (slap back of hand) cracked copy of Ultima IV. No User Manual. No Map. No Potions Guide. I had to create my own maps of the world, and permute ingredients to figure out all the potions. I spent three of the most glorious weeks of my life completing that game, and, to this day (close to 30 years later) I recall the level, (you couldn't restore health in the midst of a dungeon) in which I ran into the mirror image of my party and had to battle myself. And riding the balloon over pirate bay. Oh my, ...

sageabilly 1 day ago 1 reply      
At some point it comes down to what gamers want, and that's always going to be "different things to different people." Papathanasis illustrates it himself when he shares the reasons his wife prefers Sims Social over Sims 3.

Also a great game with less than cutting edge graphics will probably always win over an average game with amazing graphics- think Minecraft as the most obvious example. I see games like The Long Dark or Don't Starve or even something like Fez, all coming from smaller studios and all about 180 degrees away from an AAA game being more embraced by gamers in the long run than whatever the latest Call of Duty is. Of course if we break it down that far then we start getting into arguments between "serious gamers" and "casuals" and "console vs PC" and on and on and on...

Again, circling us back around to "different people like different things and that's OK".

restalis 1 hour ago 0 replies      
"The perfect balance of number of units with the amount of things a player's human brain could possibly track at any given moment was completely lost on me."

The human brain can actually abstract things away and starts thinking in groups rather than in individual units, regardless if the game mechanics allows the player to treat them as such or not. That units-limit was something I did not particularly enjoyed in those games (and appreciated instead games like Command & Conquer in this regard). I agree that there is more than technical features that make or break a game, but the units-limit in RT tactics games is a flaw and it's not a technical one.

For those who argue that units-limit encouraged unit-quality over unit-quantity thinking, I concede. It's a valid point that perhaps contributed to the *Craft success series. That feature could however have been left as an over-ridable game parameter (set on by default, if you will).

tormeh 20 hours ago 3 replies      
>Some AAA studios subscribe to the idea that games can deliver the maximum emotional impact in a similar way Hollywood does: By using actors in heavily scripted sequences to tell the story of someone else that the player/viewer relates to. Instead of playing to their medium's strengths, these studios go through great pains to emulate what Hollywood gets naturally: emotive characters, good looking lighting, spectacular locations. It's a very literal attempt to imitate another established, successful medium, and because it gets some results, it's popular, despite the fact it's very expensive and brushes aside many of the benefits that games get naturally.

Games can be much more immersive than movies can. You can much more easily pretend to be the protagonist. By going down this route games lose some of the advantages of, say, arcade games, but they gain others and are generally not at a disadvantage compared to movies.

dikaiosune 23 hours ago 2 replies      
I agree with the author that quality gameplay should be more of a focus for teams, and that their choices in graphics technologies should enable their gameplay choices, not the other way around.

But, gameplay isn't the only way to enjoy a game. Sometimes I enjoy something just because it's the visual and auditory equivalent of a summer blockbuster where I'm in control. And perversely, I'm willing to pay a lot of money to have the hardware necessary for that. Sometimes the gameplay is objectively worse than other, less graphically accomplished games, but that doesn't make it less aesthetically pleasing.

I think it's perfectly valid to enjoy a game for aesthetic vs. gameplay reasons, although it can sometimes be sad when gamers have no concept of the latter.

rconti 21 hours ago 1 reply      
"In the video game industry, AAA (pronounced "triple A") is a classification term used for games with the highest development budgets and levels of promotion.[1][2][3][4] A title considered to be AAA is therefore expected to be a high quality game and to be among the year's bestsellers."


fr0styMatt2 15 hours ago 1 reply      
A question for those in the know - as a programmer, I've seen a lot of democratization of the game engine side of game programming over the last few years. The price of entry to AAA-level technology has fallen so massively that now anyone can download UDK and start having a go.

I'm interested to hear of what's happened, democratization-wise, on the art and music side of game development. This is the bit that I find people don't immediately grasp. While engine technology has gotten cheaper, making assets for those engines is only getting more expensive.

So I'm interested from those who are in the art field, have asset tools become more 'democratic'? Or to put another way, are art tools moving to make art asset creation less expensive in the same way that engine tools have made the programming side less expensive?

One area I can think of off the top of my head is texturing and shaders - texture-painting tools and physically-based shaders that allow less-skilled artists (and programmer-artists) to still get aesthetically good looking results, without having to become experts in UV mapping or writing shaders.

Is there something similar for model and animation creation, etc? Is this even possible to do without making games that look 'cookie-cutter'? (My gut feeling on that last question is that it should be).

Wintamute 23 hours ago 1 reply      
I think sometimes people conflate mid-career personal attitude changes with some sort of profound pan-industry insight. There's obviously money to be made from high tech AAA games pushing hardware limits, and money to be made from prioritising gameplay over polish and visuals.
malkia 21 hours ago 0 replies      
Heh, I've got the opposite - a very fast machine for it's day - 386DX 40Mhz but with Hercules (mono graphics chip). What I did was a resident application that has internal 320x200x256 colors buffer, and I would hack each game (looking for 0xA0000 or debugging a bit to use my buffer rather than using the graphics card directly). Then every few milliseconds I would transfer the buffer as monochrome - there was no palette transformation, just use the highest bit or something like this.

It worked fine for Star Control 2, Trolls, and few other games - yes it was very weird, slow, etc. - but I got my excitement just for doing it. And some games were not playable - I was taking 10% of the available memory back then, and others were just too damn hard to crack (taking over interrupts, etc.)

anonmeow 22 hours ago 3 replies      
I hope the GPU arms race continues for as long as possible. Without it there would be no GPGPU and modern deep learning wouldn't be feasible.
emirozer 1 day ago 4 replies      
Well its rather surprising and terrifying to see a game developer even having the idea "graphics makes games" for even a minute... Ask anyone about their favorite games who are passionate about them and i can bet they will list games that didn't had 3D graphics...
cwyers 1 day ago 0 replies      
For the author's comparison of The Sims to the Facebook Flash game of The Sims -- one thing he doesn't discuss at all is that by using 3D models The Sims allows you a crazy amount of customization in creating Sims and their surroundings, compared to what's possible with the hand-drawn vector graphics of The Sims Social.

Which kind of undermines his point. The Sims Social isn't a game that made different choices in graphics, it's a different kind of game with the Sims brand thrown on it. It's not just about MOAR GRAPHICS, what you're capable of doing with graphics informs what kind of gameplay experiences you can create for players.

Arzh 22 hours ago 1 reply      
AAA games are like F1 cars, they are the extreme that hopefully technology will trickle down from so that 'consumer' indie games can benefit from. Without the huge AAA games pushing the limits of tech we wouldn't have as many game engines for indies to use. I hope it continues because I love TIS-100 and The Witcher 3.
lmm 23 hours ago 1 reply      
> What are the games that people play for years that only have pretty environments or another form of impressive tech to offer? I can't think of any.

Well, Final Fantasy VII frequently tops "greatest game of all time" polls, and its visuals were driven by 3D tech (and arguably less artisticly interesting than those of VI).

z3t4 3 hours ago 0 replies      
My thought is that it's more difficult then ever to make high tech games. There's very little games coming out now that push the limits of what's possible.It's almost like complaining there is too much water on the moon.
fr0styMatt2 15 hours ago 0 replies      
Lots of interesting stuff in this article.

As a tech guy who went to a game programming school, my personal theory about why technical people get hung up on engine development (the old "I'm making my own game and have spent the last year writing my own engine") is quite simple - it's just an easier problem space.

Writing an engine has a defined, knowable set of steps that you can answer with if asked "What do I need to do to write a game engine?".

On the other hand, how do you answer the question "How do I make a good game?".

So people get stuck writing engines because it's interesting and because they can feel like they're making progress on something.

meesterdude 21 hours ago 1 reply      
I recently started playing skyrim - i know, I'm late to the party - and I'm really taken by some of the graphics and gameplay. there aren't too many games i can really stick with (just cause,bioshock,and portal are it) so it's nice to find a game I can ACTUALLY play. I tried deus ex; good game, but got too complicated, and then i tried picking it up months later and simply couldn't remember anything.

But, I've also been thinking of making a game. I know next to nothing about games, but bunches about the web. So then it became a question of what could I build with the tools I know?

which then lead me to realize: you don't need good graphics for a great game. Some games you want the graphics because it's part of the experience; but others you don't need any. And still others just need some. A game just needs to be fun in the end, and there are a surprising number of ways to get there.

vlunkr 1 day ago 0 replies      
I thought this was obvious... I've played plenty of great-looking but terrible games in my life, it's not that hard to put it together.

On another note, it's nice that indie games are starting to break down barriers by NOT pushing their games to extreme technical limits and focusing on gameplay. AAA games could learn from them.

snarfy 20 hours ago 3 replies      

Atari pretty much spawned the video game industry, and the average game wasn't more than squares on a screen. Squares. Your game character is one giant pixel.

It was all about the gameplay, not the graphics, and sold millions.

rwallace 23 hours ago 0 replies      
If what you care about is games for their own sake, that's as valid a perspective as any other.

My perspective is very different, because I care about games not for their own sake, but for their spin-off benefits: chips whose R&D was paid for by gamers, are being used to design aircraft, discover life-saving medicines, unravel the secrets of the universe.

From that perspective, abandoning the tech arms race in games abandons that which was valuable about the enterprise in the first place.

fapjacks 19 hours ago 0 replies      
Heh... I'll take this opportunity to post about my beloved MUME (Multi-Users in Middle Earth) [0], a MUD that's been running for 25 years, and still the best place in the universe for intense PvP.

[0] http://www.mume.org

karmakaze 13 hours ago 0 replies      
One example where tech enables a more engaging (fun) gameplay is Gran Turismo. It simulates real cars on real tracks and the accuracy of driving physics of actual cars is a prime source of pleasure. Driving a different car, or different settings actually makes a difference in the way it feels. I'm still waiting for GT7 to have a reason to get a PS4.
macjohnmcc 1 day ago 0 replies      
I don't think that young people today agree that this is a bad thing. I can see where someone who grew up with the older systems and older games would be nostalgic towards them (I'm turning 50 this year) and find the new to be unnecessary and gratuitous.
MollyR 1 day ago 0 replies      
I'm not sure how reasonable it is the way the author mixes demographics to make his point. I don't see the type of person playing sims social, wanting to buy a AAA game to begin with.I think the tech arms race does matter to people.It also acts as a signal of minimum floor of quality,but the specifics I'm not sure myself. I know would definitely prefer HD in movies, tv, and videogames. I definitely prefer movie special effects to cheap television special effects.

edit: maybe it also acts a way to signal people in market full of noise (competitors?)

badloginagain 17 hours ago 0 replies      
The author points to Sims Social and League of Legends as points of reducing the technical prowess of games.

While it's true that these games are less technically complex than a hyper-realistic 3D game, they are extremely complicated in client-server architecture.

The requirements for technical complexity have changed focuses, not disappeared.

alkonaut 22 hours ago 0 replies      
This arms race is probably because what I want isn't a new game I just want the same game as the last game but looking twice as good.
anabis 13 hours ago 0 replies      
Good games that push the envelope is entertainment and art, It may also be genre creating.

Katamari-damacy for PS, Dynasty Warriors for PS2, and Quake comes to mind.

forgottenacc56 1 day ago 1 reply      
What else in his life is he seeing in the wrong way?
Shivetya 23 hours ago 0 replies      
That story about trying to encourage his wife to try the PC version reminds me very much of most experiences I have with or watching console gamers moving to the PC.

The complexity at times isn't worth it because it loses sight of what the purpose was, to have fun

Garlef 22 hours ago 0 replies      
This debate goes back to the late 1990's.
ajuc 22 hours ago 2 replies      
I'm still excited for more power for games. For a game that uses CPU correctly see Dwarf Fortress.
ojbyrne 21 hours ago 1 reply      
I have a stupid question that I felt the author should have addressed. What's AAA?
VLM 1 day ago 1 reply      
"Because of the ongoing pursuit of Hollywood"

A better analogy is obviously the best hollywood movie is the one with the most and fanciest special effects.

Unfortunately 95% of the population doesn't want to watch a special effects demo reel, not even for free. And the analogy is the same problem with graphics, true the demoscene subculture is fascinated with graphics and its very technologically impressive, but 95% of the population responds with "meh".

(edited to add, the truly unfortunate part is the 5% of the population who want special effects reels is financially successful enough to completely prevent all advancement of the art other than the local maxima of special effects, so the 95% of the population who can't stand it are stuck, and are unserved by the monopoly / ogliopoly. The situation with games isn't as bad and the "casuals" are making huge piles of cash for non-3d developers, and the goal of the AAA studios and their journalist hangers on is to create and insert enough blocks in the marketplace to eliminate casual from competition and keep "gaming" a stereotypical pure 3-d WW2 FPS sequel experience, and the problem is technology has pretty much topped out eliminating "better graphics" as a marketing weapon)

New Performance Tools in Firefox Developer Edition 40 mozilla.org
180 points by _jomo  2 days ago   46 comments top 7
acomjean 1 day ago 1 reply      
I like the firefox tools and use them a lot. They kept getting better and better but recently seem to have plateaued. I keep running into things on ocation that make me switch to chrome to debug. I sound a little cranky and ungrateful, but the firefox dev tools are good and I like the way they're set up, but when I can't get my breakpoint to stop javascript execution and I have to switch browsers I get a little sad.

Looking quickly the developer edition seems to fix some other little things (the return of Labeling margin, padding, border on the box model and the ability to edit the box model in place).

I'm always a little leery of special editions as it was good to develop on the browser your deploying to.

mrinterweb 1 day ago 0 replies      
These tools look fantastic. Off topic: the first video showed the use of the new tools and the improvements of using a web worker. I was reminded of how little I like the implementation of web workers in regard to needing to call out to an external script. The implementation would have been much better if it was possible to treat scripts in the same file as threads. I have seen hacks/workarounds to toString() functions and inject them into the DOM, but it is unfortunate that this is required for inline web worker use.
eterm 1 day ago 2 replies      
Finally my test page[1] no longer crashes my browser with the dev tools open, and appears to run the same speed with and without the dev tools open. I don't know if it's related to these changes but clearly it could be.

[1] http://rcocks.github.io

Edit: Actually it seems to not happen if I don't go to the "inspector" tab but go straight to the performance tab. Ah well, shame there seems to be a lingering issue but I'm happy that I have a workaround now anyway. (It used to crash hard on the performance tab too.)

ohitsdom 1 day ago 1 reply      
Seems like the Performance Tools is now on par with Chrome, unless I'm missing something. These tools are sorely needed for web developers, Nik Molnar's talk[0] on web performance is a great intro on how to use these in real world scenarios.

[0] https://vimeo.com/97415381

petval 1 day ago 1 reply      
Will it finally enable us to find an offending tab that is consuming too much memory or CPU? Or it's just a tool that can be used to build this functionality? Something like Opera 12 has in opera:cpu.
EdSharkey 1 day ago 2 replies      
Now I don't need to jump into Chrome to do my frame rate tuning, I just need to shut off Firebug and plop over into Developer Tools! Huzzay!
gsam 1 day ago 0 replies      

Triple digit version numbers are just going to sound ridiculous. I really hope someone reigns this back in at some point.

I'm keen to test some of these new features out though. The tools in Firefox have always been a bit hit and miss for me and I've actually never went out of my way to use Chrome or Firebug.

       cached 4 June 2015 15:11:01 GMT