hacker news with inline top comments    .. more ..    7 Aug 2015 Best
home   ask   best   4 years ago   
Hawaii Bans Non-Compete and Non-Solicit Clauses in High-Tech Employment casetext.com
525 points by lutesfuentes  1 day ago   167 comments top 24
1
jacobheller 1 day ago 2 replies      
A really good book to read on the subject is AnnaLee Saxenian's Regional Advantage: Culture and Competition in Silicon Valley and Route 128 (http://www.amazon.com/Regional-Advantage-Culture-Competition...). It discusses why Route 128 failed while Silicon Valley flourished. A major part is that under California law, non-competes are not enforceable in California. As people moved freely between competing companies, their ideas, information, and best practices traveled with them. The diffusion of good ideas gave the region as a whole a competitive edge.
2
josefdlange 1 day ago 1 reply      
Excellent.

If you want your employees to stay, and to contribute their ideas to you instead of running off to your competitors or starting their own companies, it's so so so much better to just treat your employees better than the bind them legally.

3
gtrubetskoy 1 day ago 7 replies      
As I understand it, non-competes are very hard to enforce and are more of an intimidation tactic than anything else. You cannot be prevented from earning a living the only way you know how given the demand for your skills. If you're bound by a non-compete and the only (or the best) job available is with the competition, you shouldn't be afraid to take it, and the courts will side with you if someone goes after you (well, unless you're in Hawaii according to the article!).

An agreement is not enforceable if it is unreasonable, and denying someone the opportunity to make a living is pretty much unreasonable out of the box. Of course it's not true in every case, but it is mostly true for "techie jobs".

(I am not a laywer, the above is not legal advice).

4
benjohnson 1 day ago 2 replies      
As an employer, I'm quite fine with this - as the law still allows for an agreement to be made about soliciting clients.

If relationship with an employee and my company sours, all I really care about is that poor relationship not transferring to the relationship between my company and my clients.

Artificially locking ourselves into to a bad employer/employee relationship does nobody any good.

5
tibbon 1 day ago 1 reply      
A company I worked for recently had non-competes and non-solicit clauses. A new employees was negotiating their contract, and I told them to push back against the NC/CS clauses.

I spoke with the management and asked why they needed them, "to prevent problems" they said. I pointed out that they didn't have the non-competes for their employees in California and asked if they had problems there. They weren't aware of any problems in California, yet they thought it perfectly logical and needed to ask for them elsewhere.

6
skarap 1 day ago 1 reply      
This is good development!

I'm not sure how effective the law will be though. As others mentioned, those agreements are hard/impossible to enforce in court, part of the reason of which is that they are completely one-sided, vague and almost enslaving (we own whatever you create also in your own time, can't compete directly/indirectly for 10 years after leaving, can't use anything your learned while working for us...). But what stops the ex-employer accusing the ex-employee of stealing trade secrets and keep them in courts for ~3 years (and forcing to spend hundreds of thousands)? Cause, you know, it's hard to litigate with someone who has a few orders of magnitude more resources than you do.

As for non-solicit - I have a different opinion. Have seen companies breaking apart because some of the middle-managers/team leads decided to leave the company and take their team and the clients (with whom they had direct contact) with them. E.g. that's how Lycos Armenia's history ended.

7
wheaties 1 day ago 8 replies      
Wish NY did the same. In NY they get to own all your ideas both at work and "off the clock."
8
drawkbox 1 day ago 0 replies      
Non-competes are the most anti-American, anti-business, and anti-innovation devices ever created. They are protectionism. They need to end everywhere.

Employment will only be more fruitful with freedom to create and innovate. It encourages companies to pay people with skills in their field. As the country moves to project/entrepreneur based contractual employment this is actually a big issue.

9
Sukotto 1 day ago 0 replies      
If your employee is going to leave anyway, your best course of action is to encourage them.

Perhaps something along the lines of: "We're really going to miss you, but it's clear that this is a great opportunity for you. When it's time for you to move on from that role give me a call... I'd love to chat with you about roles back here that would be a good fit with that additional experience under your belt"

10
IvyMike 1 day ago 0 replies      
There are companies out there that simultaneously proclaim the need for strict non-compete laws while also stating how difficult it is for them to hire qualified candidates, never seeing the conflict.
11
colanderman 1 day ago 1 reply      
"The law clearly violates corporate equal protection under the 14th Amendment and I am just waiting for a client to ask me to challenge the law."

Couldn't have picked a more biased source ;)

12
renownedmedia 1 day ago 1 reply      
Let's pack up all the Silicon Valley engineers and move to Hawaii ;)
13
re_todd 1 day ago 0 replies      
I wish there were a Presidential candidate that would make come out strongly against these things. Left or right, I'd vote for him/her. Unfortunately, most Americans probably are not affected and thus do not care.
14
mathattack 1 day ago 0 replies      
The question I have is "Why limit this to High Tech"?
15
fulafel 1 day ago 0 replies      
How does it work out in the US wrt what you can bring with you to a new employer, where non-compete agreements are outlawed? Is all information then free game? European countries tend to have it in national legislation that you can't disclose important trade secrets.
16
monksy 1 day ago 0 replies      
Lets see Illinois do this as well!
17
lgleason 1 day ago 1 reply      
Good for Hawaii! Georgia went the other way. My advice to anybody is to not sign them if you are asked to. They are bad for everybody.
18
ErikRogneby 1 day ago 2 replies      
My understanding is that if non-compete clauses are unreasonable then they they are generally unenforceable. As in if they put undue hardship on you finding employment elsewhere. It seems the exception is usually up at the senior leadership and C-level where strategic intelligence comes in to play. (joe/jane-coder not so much.)
19
omouse 1 day ago 0 replies      
I wish this would happen in Ontario; I know a judge struck down a non-compete/non-solicit clause in one case but employers still stick that shit in.
20
lsllc 1 day ago 0 replies      
Good for Hawaii!

MA has tried to do this recently but sadly the big corporate interests were able to bribe the pols; not a surprise really since MA politics are completely corrupt.

21
vacri 1 day ago 2 replies      
Why is this limited to just the high-tech industry?
22
wahsd 1 day ago 0 replies      
Are there any clear and concise sources regarding non-compete and non-solicitation clauses and their enforceability in various states? Basically, some kind of primer on the topic?
23
MrTonyD 1 day ago 3 replies      
24
CognitiveLens 1 day ago 5 replies      
Tufte CSS daveliepmann.com
450 points by isp  1 day ago   98 comments top 33
1
bane 1 day ago 2 replies      
I think this:

a) looks like a reasonable simulation of Tufte's print style

b) is missing the point Tufte tries to make

Tufte isn't saying you have to make your presentation look like his, his basic thesis is "don't add unnecessary things that take away from the clarity of your presentation" and he's made a name by critically analyzing other people's presentation and work to show where they've gone overboard and why that detracts from the message they're trying to show.

I've sat in his class, read his books and website and followed him for years. His approach and critical analysis of web sites is actually fairly different from print. He understands that the web is a different medium and should be approached differently. His critiques of ESPN and various weather websites are fascinating not because he complains they aren't using enough whitespace or don't follow his print style, but because he actually likes how they clearly and concisely present summaries of dense, compact information.

I'm afraid this comes off a little like cargo-culting Tufte, going through the ceremony without actually grokking his meaning.

2
jacobolus 1 day ago 4 replies      
Cute idea. Needs a better example document to really be judged properly (for example, this document has a far too many large and imposing headings), but in any case, some comments:

Would be better with less leading, a smaller text size, smaller left margin, and more characters per line. This current version has a text block more like a newspaper column width than a book, and the large type and unnecessarily generous leading (especially in block quotations!) make it feel a bit like a childrens book. Not much content fits on screen at any time.

Small caps shouldnt be used with a typeface/browsers that dont properly support them and just shrink capital letters instead, they just look spindly and bad. Either find a real small caps font, or skip the idea. Likewise for italics: use a real italic font instead of a browser-generated oblique version of the roman font.

If you want it to look like a nicely typeset book, use an indented first line for new paragraphs rather than a blank line.

Lots of other parts need tweaks, but it would take making several sample documents and then judging how the parts interact.

Final note: Tuftes books dont look good because of the basic style choices, but because of the incredible care and attention he puts into writing and composing them. Crappy content is not going to suddenly become amazing when a different stylesheet is slapped onto it, and any document that aspires to be as pretty as a Tufte book is going to take many hours of manual composition.

3
mkozlows 1 day ago 4 replies      
Honestly, this is really rough. The impulse is admirable, but the implementation has a lot of rough edges and ugliness. A web author looking for good typography is going to be better served reading Butterick's Practical Typography (http://practicaltypography.com/).
4
christopheraden 1 day ago 1 reply      
Tufte-Latex, mentioned in the article, is a really nice template that produces some gorgeous Latex handouts with very little effort (I've used it a couple times when I wanted something to not look like the standard Latex article class). I thought it worth linking here for those that didn't read the link: https://tufte-latex.github.io/tufte-latex/
5
SeanLuke 1 day ago 0 replies      
Resizing the window reduces the user's desired font size: I don't know how many web readability rules this breaks.

If the user then increases the font size, the web page obliges, expanding beyond the window boundary, yet doesn't provide a horizontal scroller! Very bad.

The thing is: Tufte's style isn't designed for webpages. It's designed for books. Books have defined margins, a fixed size, and pages with a defined length. (Good) web pages don't necessarily have any of that. This is where sidenotes fall down, for example: the CSS author has to jump through a variety of hoops, breaking various conventions, in order to make them usable when the user narrows his window width.

6
unicornporn 1 day ago 1 reply      
I like the idea but turned away when I saw those ugly fake italic headings. Never italicize fonts that are missing italic type styles.
7
carsongross 1 day ago 0 replies      
It's very nice looking.

Everyone criticizing the implementation, here, let me help you:

https://github.com/daveliepmann/tufte-css

8
namuol 1 day ago 1 reply      
For a typography-centric project, it pains me to see that you're not including the proper italic version of the font used in the article, forcing my browser to do ugly guesswork [1].

[1]: http://i.imgur.com/CNBSMVH.png

9
tjohns 1 day ago 1 reply      
Personally, I feel like the text is too big.

Medium's site is already on the upper end of what I consider to be a usable font size (22px), and this is even larger (24px). At some point, larger type makes it difficult to quickly scan the page.

For comparison, even Tufte's own site is rendered with a 16px font.

11
kmfrk 1 day ago 1 reply      
I've always taken a liking to sidenotes, but the main problem with them is they are complicated by Markdown's rendering of footnotes.

It's great for many other purposes, but a lot of people will probably prefer doing things in Markdown.

12
matiasz 1 day ago 0 replies      
I hope someone follows this up with Doumont CSS.

http://www.treesmapsandtheorems.com/

13
thisrod 1 day ago 2 replies      
I must have missed something. Since when does HTML have elements called article and section?
14
nkrumm 1 day ago 0 replies      
This would make a great IPython notebook style as well...
15
pto0239hn 1 day ago 4 replies      
This seems like an okay idea, but does anyone feel that the italics used in the headings (font family: ETBembo) are generated and are quite ugly?
16
thirdsun 1 day ago 1 reply      
I like it as a starting point, a minor sidenote though: What you perceive and describe as bright red links, code and sidenotes is for me, as a color blind, almost indistinguishable from the body text if it wasn't for the underlines and monospaced font. Those off-black and red colors are for me just very similar dark hues on an off-white background. If you want to highlight these elements the current red does a poor job for colorblind people like me.
17
kennelliott 1 day ago 1 reply      
great implementation of tufte's look, though i disagree with much of what tufte believes is great information design.
18
butthackerz 1 day ago 0 replies      
I really like it. Unfortunately, it is not clear what license ETBembo carries, if any. In fact Tufte indicated that ETBembo is not public. So it may not be legal to use it. I think that Dejavu serif is an acceptable (superior?) substitution.

Source: http://www.edwardtufte.com/bboard/q-and-a-fetch-msg?msg_id=0...

19
lnanek2 1 day ago 0 replies      
Would have been nice if they had updated it more for the web. When I make my browser very narrow, for example, the side figure is squished so tiny it is unreadable. Good web sites are reactive and would have moved it below the section at that point instead of keeping it at the side. Seems like they just aped a book style and ended up with something not good for the web.
20
vsbuffalo 1 day ago 2 replies      
Well done. Though shouldn't the sidenotes use HTML5's <aside></aside>? How does the vertical alignment of sidenote callout and sidenote work?
21
fiatjaf 1 day ago 1 reply      
I don't know who Edward Tufte is, but this seems to me like a place where we could be living rather well without classes.

More on that:

* http://www.smashingmagazine.com/2012/06/19/classes-where-wer...

* http://fiatjaf.github.io/classless/

22
wkoszek 1 day ago 0 replies      
My feeling is that it looks great compared to most of the stuff I see on the web. It's a good start for a plain minimalistic website. The content needs more work (one "Tufte's" is fine, while the other don't) and all "don't" have incorrect '.
24
myth_buster 1 day ago 1 reply      
I'm surprised how critical people are on this thread.

Perhaps it touched a nerve because there are quite a lot being done in a relatively small space that makes it look messy.

An option would be to show some features that gel together and list the others in the git markdown page.

25
rjurney 1 day ago 0 replies      
To the haters: this looks like something you could hand tweak to get a great result.
26
fizixer 1 day ago 2 replies      
Tufte-LaTeX link: " ... the style of Edward R. Tufte and Richard Feynman."

Woah! wait a minute. Style of Richard Feynman? When did Feynman get involved with typography/typesetting work?

27
exizt88 1 day ago 1 reply      
I don't think Tufte ever uses top and bottom borders for tables. Also, the delimiter below the heading should not be so bold; it's usually a very thin line.
28
rcarmo 1 day ago 0 replies      
Biggest issue for me is that on mobile all the side notes go away (on portrait) and there is no fallback.
29
lifeisstillgood 1 day ago 1 reply      
I love the margin diagrams, and would happily use this for print based output, but I fear the mobile world would have meant Tufte would redesign his approach to suit the smaller uni-column world, and the best layout on page is very different to that on a four inch screen
30
dredmorbius 1 day ago 0 replies      
First: I very much admire the spirit and concepts presented here, even where specific aspects strike me as less than ideal. In a world of Web designs which are both grossly overwrought and fragile, this is a compelling antidote.

Specific designs are born of their environment

Tufte's principles are born of their medium, and both message and format change as medium does. Understanding the why and wherefore is far more important than the what of design.

Borrow but don't ape

So take the concepts and use those which are applicable. But allow yourself leeway as well. Constraints of pagesize, contrast, and other aspects make some of Tufte's suggestions less advisible for online. I find the grey-field charts translate poorly, for example.

Layout doesn't fix bad writing, but it helps most, and exposes bad

Good writing can be killed by bad layout and presentation this is a frequent observation in HN comments on overstyled articles. Middling writing, with good, well-structured layout, becomes easier to read. Bad writing lies naked on the screen when shorn of its shielding raiment. I've found that small changes drop-cap initials and a bold first line, help in acquiring content particularly when presented in a "cards" view. Quite the accidental discovery, but one I find very useful.

https://ello.co/dredmorbius/post/QGKKdiuqUw6O7ROl-V3uJA

Yes, much of the beauty of Tufte's books comes from the totality of how they're architected: ideas, structure, presentation, layout, typography. But incremental steps help.

Embrace and Accept Medium Properties

Paper is fixed size. Online is dynamic. Inks are expensive, colour moreso. Pixels and rgba values are cheap, though too much flash is distracting. Images can offer zoom for detail on hover or click.

Sections. While Tufte uses only chapters and section headings, his books are also divided into Parts. As are Feynman's Lectures as I recall. In practice you'll find at least three, and frequently four, levels of hierarchy may need support: Part, Chapter, Subsection, and SubSubSection. Technical writing may have more levels of hierarchy.

Font sizes: show deference to the user's stated preference, if it exists. If not, prefer rem and em units to px or pt. Yes, MSIE back support and broken Android implementations mean you'll need workaround fixes, but you can at least build em/rem units in as your base.

Font faces. I take exception with much of the font-bigotry noted here. I honestly Just Don't Fucking Care most of the time, though I find online font choices are occasionally spectacularly poor. Generally I prefer a decent, widely available, and good enough font for online presentation. Excessive fucking with dynamic Web fonts leads to many pages which fail to render text at all on older devices.

Colour. Text should be high, though not extreme, contrast. A slightly creamy background is preferable to lighter text. For Web-specific elements, particularly hyperlinks, some affordance indicated by colour is helpful. Also joining related items (e.g., sidenotes and related text).

CSS counters. These take the manual tracking out of identifying content and references. Sections, headings, references (side / end notes), figures, tables, images, etc., can all be automatcially numbered. This is useful (though not universally supported).

Graceful degredation. A challenge with any UI/UX enhancement is that various clients don't support all features. Degrading gracefully, and providing maximum possible content and structure, really helps. (My own sidenote experiments fail somewhat in this regard.)

:hover, :active, and other interactive elements. While the design shouldn't rely on these (see above), offering additional hints by way of these mechanisms can be useful.

Contrast. Provide it. ContrastRebellion is a frequently referenced site.

Accomodate Variable Viewports

Responsive design is pretty much a necessity these days, and it's easier than you think.

In the case of Tufte.css, some principles, such as ample whitespace, make sense in the context of print where sizes are rigidly defined. For online content, sidebars, sadly, fail to remain viable as viewport widths shrink. My solution was to transition sidenotes to what are effectively callouts, with a gradually increasing background shading to identify these, as viewport size decreases.

Or rather, in a mobile-first design, you build callouts which become marginal sidenotes as space increases.

What HTML/CSS Needs*

References. Seriously. Why are we hand-tooling fucking endnotes / sidenotes, still?

Robert Nystrom's Game Programming Patterns <aside> sidenotes are interesting, see his comments elsewhere. I'm not fully sold, but these could prove useful.

A client-manipulable comments / discussion aspect is another element that I'm finding myself increasingly wanting, something that is structured by way of data (author, date, references, subject), but whose ultimate presentation (flat, nested, collapsed, semi-threaded, etc.) is ultimately under client control.

HTML5 is an awfully good start

A grab-bag of some of my own experiments

I've been playing with many of the ideas presented here as well as others.

Sidenotes:http://imgur.com/a/TXpis

Motherfucking Website this is the bones of my own preferred site layout, though it lacks the responsive elements and much of the polish (which I'm still working on):http://codepen.io/dredmorbius/pen/KpMqqB?editors=110

HREF sidenotes: similar to the reference sidenotes I use, and incorporating elments: ::before and ::after content, counters, and negative-margin offsets.http://codepen.io/dredmorbius/pen/XJGwQv

Ello CSS implmentation of HREF sidenotes:http://i.imgur.com/YA0cCNs.pnghttp://i.imgur.com/QNygLE8.png

Sample site design with table formatting: this adds greenbar and a current-line indicator but otherwise borrows from Tufte's table concepts.

https://www.reddit.com/r/dredmorbius/comments/3832wx/occupat...

31
javajosh 1 day ago 1 reply      
One of the things I love most about Tufte is the way his text introduces every single graphic. He tells you what he's about to show you; then he shows you. This stands in stark contrast in most books where the figures are only very loosely coupled to the text. I didn't realize how jarring I found the convention until Tufte! And it makes perfect sense in hindsight: why did we think it's okay to put figures "within a page or two" of the relevant text?

This handout, by contrast, doesn't do this, and so it throws away something that, to me, is central to Tufte's appeal.

32
nikolenkoanton 1 day ago 0 replies      
33
michaelbuddy 1 day ago 0 replies      
Show HN: Image Processing for Everybody imageplay.io
443 points by loomi  2 days ago   161 comments top 42
1
leni536 2 days ago 1 reply      
This reminds me of the mathmap GIMP plugin [1]. I played around with it a long time ago.

[1] http://www.complang.tuwien.ac.at/schani/mathmap/

2
dominotw 2 days ago 1 reply      
>It comes with a variety of over 70 so called processes

Minor nitpick, that reads like you are mocking your own product.

3
iamflimflam1 2 days ago 2 replies      
Reminds me of Khoros[1] and Cantata[2] that I used back in the early 90's. Sadly neither seem to exist anymore.

[1] http://www.hpl.hp.com/techreports/92/HPL-92-96.pdf

[2] http://www.cs.ioc.ee/~khoros2/k2tools/cantata/cantata.htmlandhttp://www.cs.ioc.ee/~khoros2/k2tools/cantata/basics-cantata...

4
madmax108 2 days ago 2 replies      
This is cool.... Would be nice to be able to use more processing algorithms such as SIFT[1]. Or would the SIFT patent get in the way of this?

[1] https://en.wikipedia.org/wiki/Scale-invariant_feature_transf...

5
loomi 2 days ago 0 replies      
ImagePlay is a rapid prototyping tool for building and testing image processing algorithms. It comes with a variety of over 70 so called processes which can be combined into complex process chains.ImagePlay is completely open source and can be built for Windows, Mac and Linux.
6
billyhoffman 2 days ago 3 replies      
Wow! The screen shots on the site revealed something pretty cool. The exact center of the 512 x 512 Lena test image is the middle of her right eye's pupil.
7
legutierr 2 days ago 2 replies      
Very cool. I would love to be able to programmatically interact with this through python bindings, though, rather than the GUI.
8
ashmud 1 day ago 2 replies      
Based on previous discussions on HN, you may receive criticism for the use of the Lenna image.

A couple example threads:

https://news.ycombinator.com/item?id=8253676

https://news.ycombinator.com/item?id=8704629

9
AsakiIssa 2 days ago 1 reply      
Pretty cool for an open source project. Reminders me very much of Filterforge (http://filterforge.com/) just missing the photoshop filter part.
10
methyl 2 days ago 1 reply      
Cool stuff!

If I can give some feedback about website, scroll is behaving in a weird way. It's not a good idea to alter this behaviour, it should be what user wants and is used to, no what author thinks is good :)

11
Gravityloss 2 days ago 1 reply      
(EDIT: nevermind, bug was already reported: https://github.com/cpvrlab/ImagePlay/issues/51 )
12
JupiterMoon 2 days ago 1 reply      
What is this using to do the actual processing? (i.e. is this using OpenCV behind the scenes or ITK or it's own code)?

Can this handle:

1. int16 and float data

2. 3D datasets

13
leni536 2 days ago 1 reply      
What colorspace does it use? I suspect it is sRGB. Can a user change it? There could be filters that makes more sense in a linear colorspace. Anyway any sane colorspace handling would be awesome.
14
Dobiasd 1 day ago 1 reply      
Wow, that is totally awesome and potentially can save me a lot of time in the future. Up to now I prototyped most of my OpenCV stuff with small python scripts. I guess this has changed now. :)Where is the donate button?
15
fgtx 2 days ago 1 reply      
Great project! Would be nice to have something like an "export as code" feature.
16
nashequilibrium 1 day ago 2 replies      
This would be nice as a web service for app developers, POST their images with selected alogo to be applied and then send it to their S3 bucket.
17
willcodeforfoo 1 day ago 1 reply      
Awesome! Tools that give you real-time feedback like this really help those learning image analysis/computer vision.
18
minthd 2 days ago 1 reply      
Is there some similar (but a higher level) tool for computer vision ? one that you don't need much computer vision knowledge to build useful things ?
19
loomi 1 day ago 0 replies      
We are looking for linux package maintainers to introduce ImagePlay to your favorite Linux distribution.

Please get into contact: https://github.com/cpvrlab/ImagePlay/issues/57

20
rndn 1 day ago 1 reply      
Looks very nice. ImageJ is another great free image processing tool: http://imagej.nih.gov/ij/

Ive used this for example for removing a gradient background from a photographed text document which worked really well.

21
Thriptic 2 days ago 1 reply      
Absolutely awesome. I am about to embark on a large image processing / ML project for work. This is just what I need!
22
chrischen 1 day ago 1 reply      
Bug: after loading a 1.5mb image on OS X 10.11 Beta, scrolling in the image viewer causes it to crash.

EDIT: Turns out not loading an image and just trying to scroll with the trackpad (two finger scroll) on the image viewer window causes it to crash. Normal scroll bars actually work.

23
bobajeff 2 days ago 1 reply      
It's awesome to have another open source image processing library to learn from and build on in addition to: G'MIC, ImageMagick, VIGRA, VIPs, Kritaimage+Pigment and GEGL. Just imagine all the great things that can be built for artists and designers.
24
andybak 1 day ago 1 reply      
Any tool like this really really needs to come with some examples. It's so much more inviting and inspiring when you can play with a range of existing set-ups.

(Maybe it does - but if so I don't know where they are)

25
oh_teh_meows 1 day ago 1 reply      
I used to play with roborealm when it was still free; it provides the same sort of high level abstraction to experimenting with computer vision and comes with a big library of filters/kernels.
26
fla 2 days ago 1 reply      
Looks like a nice tool to prototype for OpenCV.

Question: What made you choose the classical QT gui over QML ?

27
adaml_623 1 day ago 1 reply      
This looks cool but I'm sure I used something similar over 20 years ago running on a Unix workstation at a university.

Of course I don't think it was accessible to everyone back then. I'll try and find it.

28
tuyguntn 2 days ago 1 reply      
Awesome project, can this compete somehow with photoshop in the future? Project has almost everything, custom plug-ins, custom filters, open source, devs can develop bindings and etc,.
29
amelius 2 days ago 3 replies      
This is really cool.

(On a sidenote, I bet the creators would have loved to have this run inside the browser; the fact that this cannot be done again shows how broken the web is).

30
loomi 2 days ago 1 reply      
It is in late beta stage. Any comments and help is highly appreciated.
31
scriptproof 2 days ago 1 reply      
How it compares to Gimp? I use this tool to do various processing (mainly photomontages), and there is a lot of filters, so, what is added by imageplay?
32
god_bless_texas 2 days ago 1 reply      
Awesome project, I can't wait until there is a section on the website talking about "use this chain if you want X".
33
72deluxe 1 day ago 1 reply      
Run, do not do anything (do not add a filter, load images etc.) click + in Image Viewer - kaboom!
34
_pmf_ 2 days ago 1 reply      
I've thought about something similar, with the ability to generate sprite sheets.

Is this possible with this tool?

35
FraKtus 2 days ago 1 reply      
Nice, it run on Mac Yosemite but has problems on 10.8 probably because of OpenCV ...
36
antrover 1 day ago 1 reply      
Crashes every time I open it up on 10.9.5.
37
plicense 2 days ago 1 reply      
Also, how do you connect processes in Mac?
38
Numberwang 2 days ago 1 reply      
I'm not so sure that blue background image used is without copyright..
39
angersock 1 day ago 1 reply      
Wait!

You need a license on this source code. You don't have one. That is very, very bad.

40
mstdokumaci 2 days ago 1 reply      
i couldn't find any way of adding images to it as a start. (OSX)
41
rebootthesystem 1 day ago 1 reply      
Please change the title. If it requires compiling it is far from being "for Everybody".

It definitely is a neat project. Like it.

42
kungfooman 1 day ago 1 reply      
From a million miles away, NASA camera shows moon crossing face of Earth nasa.gov
423 points by dnetesn  1 day ago   150 comments top 28
1
exodust 1 day ago 3 replies      
Here's what one million miles looks like side on...(whipped up in Photoshop)

Best viewed at 100%. The image is more or less to scale. Scroll a million miles to the right to find moon and camera.

(don't worry it's only a 300K jpeg)

http://ozimg.s3.amazonaws.com/earth-moon-from-million-miles....

2
UserRights 1 day ago 8 replies      
It is really cool how the NASA gives us a better understanding of the universe and our place in it by publishing all these nice pictures.

However, I would like to have one easy accessible source for all the nice pictures that is daily updated and could be synchronized to a local school server e.g. with rsync. Is there one "ere-are-all-the-pics"-ftp server anywhere? It is quite time consuming to browse the hundreds of NASA sites and download pictures manually - instead I would like to spend that time browsing a local incoming folder to select the best pictures.

Would be a great service to the world to have easier access to these pictures.

3
geofffox 1 day ago 3 replies      
Maybe as interesting is where this satellite is: The Lagrange L1 point. The 5 Lagrange points in essence allow orbiting bodies to break Kepler's laws. A satellite a million miles closer to the Sun shouldn't have the same orbital period as the Earth... but it does.
4
stove 23 hours ago 0 replies      
Unmanned NASA probes are Earth's selfie stick.
5
gurtwo 1 day ago 6 replies      
Why don't we see the Moon's shadow projected over the Earth in the pic? I guess it has to do with the relative distances of the 2 bodies to the Sun and the Moon's penumbra or something. Can someone make a digital image simulation of this to verify?
6
jsingleton 1 day ago 0 replies      
The probe that took this photo is the Deep Space Climate Observatory (DSCOVR) and it "was the first time a SpaceX rocket launched an object into deep space".

http://spaceprob.es/dscovr/

7
oaktowner 1 day ago 2 replies      
What struck me about this was how huge the moon looks compared to the earth. We are used to seeing this as a small object in the sky (after all, it's 2000 miles across and 200000 miles away).

But when viewed from afar...you're seeing an object with an 8K mi diameter and another with a 2K mi diameter, not that different in size at all.

Which, I guess is another way to say: the earth just ain't that big.

8
robbrown451 1 day ago 0 replies      
Cool that California is so clearly visible.

Too bad you can see the multiple exposures, one for each of red, green, and blue, on the hi-res image. Otherwise it is quite the perfect picture.

9
kenbellows 1 day ago 2 replies      
Honest question: Why don't the clouds seen on Earth show any activity or movement over the course of this time lapse?
10
aspirin 1 day ago 6 replies      
Is this the real reflectance of the moon? Seems so dark.

Usually we see the moon at night surrounded by night sky, which probably skews our perception of the real color of the surface material.

11
Tobold 1 day ago 4 replies      
Someone tweeted this yesterday and some of the replies were really disheartening.

Several people were calling it fake, with varying explanations of either "The earth is flat" or "Everybody knows the whole space program is fake".

I knew people out there actually believe this, but damn...

12
gonvaled 1 day ago 2 replies      
Moon is tidally locked to Earth, which is interesting. How long will this last? How long has this been going on? Does this happen to all satellites in all planets?

Another question: is the Moon orbiting plane aligned with the Earth rotation axis? Why or why not?

13
Falcon9 18 hours ago 0 replies      
This is exactly the shot I've been hoping for since we got that first image of the Earth from DSCOVR. I tried to make an educated guess of how large the moon would appear from a million miles away, and I have to admit I far underestimated how large it would appear.
14
Vanayad 1 day ago 3 replies      
What is the green "shadow" on the right of the moon? I'm not saying this is fake, but it looks like what I see in some greenscreen videos. I am really curious.
15
Zaheer 22 hours ago 0 replies      
Ha! Love the image file name "epicearthmoonstill"!

http://www.nasa.gov/sites/default/files/thumbnails/image/epi...

16
_spoonman 1 day ago 0 replies      
What strikes me is the vastness of the oceans from above.
17
ams6110 23 hours ago 0 replies      
A lot of cool stuff on that site but annoying that they hijack the "back" button.
18
hyperpallium 1 day ago 1 reply      
actual image http://cdn.phys.org/newman/gfx/news/2015/fromamillion.png

nasa website used up 20MB of mobile data then crashed my browser (stock android)

19
betimsl 20 hours ago 0 replies      
Oh good, there isn't a hidden civilization there. Whew.
20
bumbledraven 1 day ago 2 replies      
Why aren't the stars more visible in the background? Does it have to do with the camera's exposure?
21
hybridtupel 1 day ago 0 replies      
The only thing I could think about was Iron Sky busted :D
22
xigency 23 hours ago 0 replies      
This looks unreal.
23
xedarius 1 day ago 3 replies      
Should I be able to see Earth orbiting satellites in this picture?
24
Thiz 1 day ago 1 reply      
25
jgalt212 1 day ago 0 replies      
Everyone gets excited about a journey to Mars (and other manned spaceflight ventures), but NASA's unmanned probes are far and and way the best science its done.
26
Bohahahaha 1 day ago 0 replies      
27
gojomo 1 day ago 1 reply      
28
hetman 1 day ago 1 reply      
For anyone looking for the original link: http://www.nasa.gov/feature/goddard/from-a-million-miles-awa...
Windows Bridge for iOS github.com
400 points by jmsaunders  21 hours ago   133 comments top 29
1
pavlov 20 hours ago 7 replies      
In the late '90s, NeXT/Apple actually had a Cocoa runtime for Windows. It was called Yellow Box (but only shipped as part of Enterprise WebObjects, IIRC). It was closed source, of course, and 3rd parties couldn't ship apps using it.

In this bizarro world we live in, Microsoft has rebuilt essentially the exact same thing and has released it as MIT-licensed open source.

3
mrec 20 hours ago 2 replies      
Is this not vulnerable to the horrible precedent on copyrightability of APIs, established by Oracle vs Google and which the SC just refused to review?

https://en.wikipedia.org/wiki/Oracle_America,_Inc._v._Google....

https://www.eff.org/deeplinks/2015/06/bad-news-supreme-court...

4
icodestuff 11 hours ago 1 reply      
It looks like they took an approach similar to GNUStep, with its inverted layers compared to Apple's implementation. CF on top of Foundation on top of UIKit.

Looking a little deeper, it's missing some things... KVC/KVO are entirely absent. libdispatch looks to be pretty broken. NSNull is wrong in about 3 ways. There are several classes which are just stubs. Most of the NSLock subclasses are missing.

It's a good start, but I don't see it becoming the ObjC standard library by any stretch of the imagination.

5
lukeh 18 hours ago 0 replies      
http://blogs.windows.com/buildingapps/2015/08/06/windows-bri... has some more details. Projections look cool!
6
jchendy 20 hours ago 3 replies      
Sorry for the totally n00b question, but does this enable running iOS apps on Windows or the opposite?
7
azinman2 15 hours ago 3 replies      
So I'm going to assume this ultimately a way to prop up windows phones by making it much easier for developers to put something on the windows store. What surprising (to me) is that they didn't go the Android route given it's open source to begin with, and they already have patent licenses in place.
8
x0054 20 hours ago 3 replies      
I hope when Swift becomes open source, MS will add a bridge for Swift as well. I am really looking foreword to making Swift my go to language for web app and utility development. It's a very neat language.
9
LeoNatan25 20 hours ago 1 reply      
Interesting... So they are using ObjFW as their ObjC runtime, which is relatively an old implementation. So if your app has some Obj C Runtime use, you may see trouble here. It would be interesting to test their other implementations.
10
blackbeard 20 hours ago 1 reply      
It appears their strategy is now "embrace everything".
11
lukeh 19 hours ago 1 reply      
I'm surprised they didn't use Apple's libobjc nor CoreFoundation; a quick look at the Foundation/CoreFoundation code suggests it's nowhere near as complete as Apportable's. The rest looks impressive though and it's great the open sourced it. Instead of complaining I suppose one should just fix things! (For example, where is CFGetTypeID()?)
12
wsc981 7 hours ago 0 replies      
On Channel9 Microsoft introduced Islandwood (building Windows app with ObjC) in this video:

https://channel9.msdn.com/Events/Build/2015/3-610 start at 35 mins)

It's an interesting (and funny) video. Some things Microsoft _might_ work on are:

- Swift support might be on the roadmap

- Export (changes) to Xcode project might be on the roadmap

- There's interop between ObjC and C++ / C# using some sort of event system.

- Visual Studio 2015 has autocomplete and syntax colouring for ObjC

13
nelmaven 17 hours ago 1 reply      
I'm loving the openness of this new Microsoft. They keep launching cool stuff!
14
LeoNatan25 19 hours ago 2 replies      
Interesting, new SDK released today includes `TARGET_OS_WIN32` in many headers. Is Apple planning a surprise?
15
timdierks 18 hours ago 2 replies      
Some of this code is just... WTF? For example, https://github.com/Microsoft/WinObjC/blob/106d8b2738101872a1... ; even setting aside the fact that some minutes don't have 60 seconds, 30.42 days per month?!
16
Jarred 20 hours ago 1 reply      
Wow, this must've been enormously complicated to implement
17
perfectstorm 19 hours ago 0 replies      
"No autolayout support"

Guess I'm gonna hold off this until the final version is released.

18
seivan 19 hours ago 0 replies      
Would be cool if they added SpriteKit, the games would work on iOS, Mac Os and Xbox One (Windows
19
elchief 8 hours ago 1 reply      
MS should build an amazing version of Visual Studio that lets you build Android, iPhone, and Windows Phone apps. It's free if you release Windows Phone apps along with your Android or iPhone apps.
20
0x0 20 hours ago 0 replies      
Interesting how they built their UIView/CALayer stuff on top of Xaml to the point where you can apparently just add any random Xaml windows component into an UIView.

Reminds me about the whole Visual J embrace-and-extend thing in the old MSJava debacle.

21
carlosrg 19 hours ago 1 reply      
Someone with enough Cocoa knowledge should use it as the basis for an OS X implementation of UIKit. And for other OSes like GNU/Linux using GNUstep.

Very interesting stuff, diving into the Frameworks directory in the repo.

22
lukeh 19 hours ago 1 reply      
sysctlbyname() implementation in Frameworks/CoreFoundation/CFMisc.mm does not check the destination buffer size.
23
mwcampbell 19 hours ago 0 replies      
Maybe once Tengu (http://www.tengu.com/) comes out of closed beta, developers will be able to use Objective-C as a cross-platform language targeting all major mobile platforms. The only question is how native the UI will feel on the non-iOS platforms.
24
dubcanada 19 hours ago 1 reply      
Any chance of the MacOSX APIs coming along for the ride? Or how much extra effort would it be to use this and port the MacOSX apis as well?

I'd love to get Mac Apps on Windows.

25
miguelrochefort 19 hours ago 1 reply      
Can this be used to generate XAML from UIKit elements?

Let's say I want to see the Rendered XAML template of a standard UIButton?

26
curiousjorge 10 hours ago 0 replies      
does this mean we can compile iphone apps on windows now?
27
dabalanag 20 hours ago 1 reply      
28
vxNsr 19 hours ago 3 replies      
29
ctdonath 20 hours ago 6 replies      
Tesla unveils new car-charging robo-snake washingtonpost.com
387 points by daegloe  19 hours ago   182 comments top 41
1
corysama 19 hours ago 8 replies      
The gif is sped up. This vid is actual speed https://www.youtube.com/watch?v=uMM0lRfX6YI

I think it's awesome. But, it obvious that the current implementation will inspire the creeps in lots of people. Sci-fi horror has put an unfortunate bad rap on robotic tentacles and chromed vertebrae.

2
Animats 18 hours ago 3 replies      
Nice. Robotic fueling has been done before [1][2], but this is much less clunky. This looks like the OC Robotics snake robot.[3] Finally, a use for snake robots, which have been around for 25 years but are not used much. Tesla has a good application for this - the car end is cooperative and standard. The car's parking guidance system can be programmed to recognize visual targets and get itself into the proper position.

The mechanism is simple. There are many linear actuators in the base pulling on cables that run through the snake segments and attach to plates at the joints.[4] Cable wear is a common problem, but that can be overcome. Charging robots won't cycle that fast; tens of cycles per hour, not thousands.

[1] http://fuelmatics.com/videos-2/video-demonstration/[2] http://www.robosoft.com/robotic-solutions/transport--logisit...[3] http://www.ocrobotics.com/[4] https://www.youtube.com/watch?v=WTkmyDO2ubs

3
uniformlyrandom 18 hours ago 7 replies      
After watching this GIF, I imagined what it would feel like walking past a charging station with this thing on it. How it slowly turns its 10KV-charged head towards me.

"- You definitely do look like a charging socket to me.

- I really do not. Look, I am human...

- No, you really do. You just need a quick charge..."

4
shostack 18 hours ago 5 replies      
Are there any engineering advantages from choosing this design vs. a more traditional arm, or plug that just moves on two rails up or down and then extends out?

In theory, there is minimal height distance from where such a charging station would be in relation to the car and the charging port height, even when accounting for different Tesla models. As such, I'm not clear why they went with something that on the surface appears overly complicated unless it was for the "wow" factor.

5
GeorgeOrr 19 hours ago 3 replies      
That is an interesting video to watch. I immediately imagine a self driving car, on its way to pick me up, swinging by this robot arm to charge up.

I wonder if it would be possible for something like this to provide a charge while moving? Like airplanes that can be fueled in the air.

I suspect the energy to keep the charger itself moving would make that a pretty inefficient way of doing things, but it's fun to imagine.

6
tormeh 18 hours ago 2 replies      
I've long been disappointed that, even as far as we've come, most robots or moving computer-controlled things have been a box with something going round on it (car, washing machine etc.) or sometimes back and forth along a straight line. This therefore pleases me greatly.

(and it totally gives me the creeps)

7
brianstorms 17 hours ago 3 replies      
Can you imagine how pets are going to react to this?

A real-world use-case involves this in a garage, and you pull into the garage (or tell the car to) and it parks and then this snake starts its dance and finds the chargeport and connects and starts charging... and your dog goes completely ape-shit. And barks and shrieks and jumps and snaps its teeth and gets a nice vise-grip with the snake in its jaws and next thing you know, just like in cartoons, you suddenly see a black silhouette of the dog and inside the silhouette the white skeleton bones of said dog flashing brightly as it electrocutes itself at 80 amps and 240 volts. Tesla 1, Dog 0.

8
jewbacca 18 hours ago 1 reply      
Not strictly on-topic or generally interesting, but for any of us who've read Neal Stephenson's new novel 'Seveneves', this reveal has a thin extra layer of interestingness:

In that book, a character who is an obvious analogue for Elon Musk sponsors the development of a variety of asteroid mining robots, including a type that superficially resembles this thing. 'Siwis' are, unlike this real thing, modular, semi-autonomous, self-propelling, and meant for operating in zero-gravity.

But still... snake robot sponsored by Elon Musk, out of nowhere.

9
Negitivefrags 18 hours ago 2 replies      
Somehow this feels like an overcomplicated / expensive solution given that they control both the car and the charger. How much would it cost to install a robosnake in my garage.

Could they put a charging port on the back of the car that you back onto something? Or something on the floor that you drive over? There has to be a cheaper solution. If a Roomba can do it we must be able to.

I mean, that wouldn't be backwards compatible with existing teslas but I wouldn't think the installed base would be so high that that is a big issue yet.

10
rmason 18 hours ago 4 replies      
As a native Michigander I continue to be amazed at how Tesla is able to out innovate Detroit. After 100+ years of gasoline powered automobiles where is the gas robo snake?
11
Dylan16807 19 hours ago 0 replies      
Very neat tech.

Also interesting delivery method for the image in the article... and you can do https://images.washingtonpost.com/?url=https://www.google.co...

12
stickydink 15 hours ago 0 replies      
I think a lot of people were waiting for it, Elon basically described this last December!

> Btw, we are actually working on a charger that automatically moves out from the wall & connects like a solid metal snake. For realz.

https://twitter.com/elonmusk/status/550297212769402881

13
TranquilMarmot 19 hours ago 1 reply      
Why do they want me to enter my email address to continue reading? I had to delete 3 HTML nodes to get past their "drawbridge"...

Here's the gif for anyone who doesn't want to deal with the (totally useless) article:https://img.washingtonpost.com/blogs/the-switch/files/2015/0...

14
bane 17 hours ago 0 replies      
This is pretty cool, I kind of wish it pulsed a little, like it was feeding, while it's plugged in and charging.
15
jeromeflipo 15 hours ago 1 reply      
Why not put that thing into the car? It would take both space and weight (i.e impact range and performance) but then we could install outlets anywhere. The car (fleet) owner would be responsible for everything, including maintenance and replacements.

Maybe there's a reason why cables are part of the appliances instead of the outlets? Also, car owners would certainly prefer a snake that works everywhere and not just at home.

16
jadell 13 hours ago 0 replies      
I'm picturing an interview with Elon Musk next week.

Interviewer: So what's next for you?

Musk: Well, I've been reading a lot about the teledildonics industry, and I think there's some real opportunities for synergy with some of the technologies we've been developing for Tesla. Especially in the Japanese hentai markets...

17
achr2 18 hours ago 2 replies      
Definitely a PR move to compete with the simultaneous hacking story.
18
tamersalama 18 hours ago 2 replies      
Why isn't it a bottom/base charging devise? I imaging placing a plug at the bottom of the car (perhaps at the back or front of the battery pack) isn't difficult.
19
whitej125 15 hours ago 1 reply      
Looks much like to robotics made by Festo. I recall seeing a "elephant trunk" type of arm. Wonder if this is based on anything from these guys.

http://news.discovery.com/tech/robotics/robotic-arm-inspired...

20
sandworm101 17 hours ago 3 replies      
Really? Is the need to get out and hook up the hose yourself really what's holding back electric cars?

There is certainly a cool factor with this thing, but think about how it will work at a real fuel/charging station. The driver will only ever see it in a mirror. And it looks like the range of motion is very limited, requiring the plug to be within a 30x30cm box. A later model will probably have a greater range of motion but I cannot see that be any less cumbersome. Give me a wire and a plug.

But maybe Tesla has done some market research. Maybe their target market is old people for whom getting out of the car is a real struggle. Maybe they fear large electrical cables more than rubber ones filled with gasoline. Or maybe they so distrust attendants that they prefer a mechanical octopus fuel their precious car ... until it misses the mark and does some actual damage to the paint.

21
iNerdier 5 hours ago 0 replies      
Having watched a large number of David Attenborough nature documentaries all I can think of is the footage of whales mating when seeing this thing...
22
cmiller1 16 hours ago 1 reply      
I think Infiniti's induction charging concept seems much cooler: https://www.youtube.com/watch?v=vlYADNqxrPw
23
j1vms 18 hours ago 0 replies      
Guess they want to get this out in time for:

http://backtothefuture.wikia.com/wiki/Texaco_service_station...

24
dewarrn1 17 hours ago 0 replies      
Interesting idea. Before Shai Agassi's electric car company (Better Place) folded there was talk of a similar motorized arm [0]. I don't know whether that ever got past the discussion stage at BP, and they're out of business in any event.

[0] http://archive.wired.com/cars/futuretransport/magazine/16-09...

25
keerthiko 16 hours ago 0 replies      
Should have seen this coming.

Oct 10, 2014 - https://youtu.be/FZ6lZJWL_Xk?t=9m23s

26
wavesum 9 hours ago 0 replies      
"they were able to hack into the Model S and hit the brakes"

This is bullshit right? They were able to disable the engine, but the onboard logic makes sure that the car comes to a gradual stop.

27
FrojoS 18 hours ago 0 replies      
Finally a consumer application for a robotic arm!
28
blackbeard 18 hours ago 1 reply      
My wife has a phobia of snakes and worms. This isn't going well for my Model X sales pitch to her...
29
kubov 17 hours ago 0 replies      
Looks a bit like a elephant trunk robotic arm[1], really neat I wonder if that's not a little bit over engineered, though.

[1] https://www.youtube.com/watch?v=2ZF35JUNaDg

30
smokinjoe 17 hours ago 0 replies      
For whatever reason this immediately made me think of NJ's laws requiring an attendant to fill up your gas tank. Does the law apply to electric charging stations currently?

If it does, I wonder what this innovation might mean to that law.

31
takee 13 hours ago 1 reply      
I really don't understand the creep factor that everyone's talking about. To me it just looks like a metallic robotic arm. Am I missing anything?
32
erickhill 17 hours ago 0 replies      
I wouldnt mind these in Oregon when I fill up for gas (where the gas attendants have to pump your gas for you). Way less awkward as long as I stay in the car.
33
vlunkr 18 hours ago 2 replies      
Do they really intend to release this, or is it just an experiment? Because there's no way that thing is going to save enough time to be worth the cost.
34
assaflavie 9 hours ago 0 replies      
Should be tagged NSFW.
35
bliti 16 hours ago 1 reply      
36
daveloyall 17 hours ago 1 reply      
37
thomasrossi 16 hours ago 0 replies      
38
curiousjorge 16 hours ago 0 replies      
this better not awaken anything in me.
39
return0 18 hours ago 0 replies      
40
legohead 18 hours ago 2 replies      
41
elwell 16 hours ago 1 reply      
We're heading for AOL 2.0 jacquesmattheij.com
312 points by ericdykstra  2 days ago   141 comments top 32
1
Tiksi 2 days ago 8 replies      
I absolutely agree with this, and I'm not looking forward to the near future of the internet, but it's inevitable. We will hit AOL 2.0, well a few of them. We'll have the Apple internet, the Facebook internet, the Google internet, etc. but it won't last.

The rein of aol was killed by stagnation and outside innovation, people seeing that there's more and better outside of aol, and the second round will probably die a similar death. People will start to see cool new things happening outside their silo, or get fed up with them and the silos will eventually fall. These trends seem cyclical, we go from mainframes and silos to personal computers and an open network, then back to the same mainframes, this time called the cloud, and the same silos. It's not gonna be a fun time for those of us who don't like the confines of the new internet, but the handful of us who care won't stop the inevitable.

Me, I still run an irc server because I can, because there's a million clients to choose from, and everyone can have their own interface, and the protocol is so simple a decent programmer can hash out their own in a day. Nothing has come close to it yet (xmpp was great in theory but too complex for its own good). If you want a pretty ui and emojis and images, well there's a client that can do it, if you just want text, plenty of those too.

I'll be over here riding out the inevitable with my own file sync, git server, chat server, web server, and making my internet how I want it to be, hoping that in time people will notice that you don't have to just accept your preferred silos interpretation of it.

2
alexro 2 days ago 1 reply      
The Internet has been raised on the shoulders of giants - people who basically devoted their lives to it.

The current wave is brought up by these trying to grab a piece of the Web and keep others at bay, the game is ruled by investors. This bunch only understands walled gardens, no hope to talk them into open thinking. At all.

We've already had this discussed more than once that people themselves do not care about any particular approach, people just want something to work.As long as commercial services do the job people will use them.

Like with any freedom movement there should be the underlying philosophy that will live long enough for others to finally catch on.

But going just head on like the author suggests will not help. If you start a new service the last thing you want to spend your resources on is a RFC. And you won't ever get more resources than the investors of AOL 2.0. Unfortunately.

3
captainmuon 2 days ago 4 replies      
Technically, it would be not too difficult to use Facebooks API and some scraping and make it connect to gnusocial for example. But it is explicitly against the TOS (of the API and Facebook itself) to do so, so you can't.

I would be really, really happy if lawmakers would realize that Facebook (just one example of many) has now become infrastructure, and has to be regulated as such. What to do? Make every service with more than, say, a million users required to offer federation. There must be an API, and everybody must be able to get their data in and out free of charge, and there should be no limitations (except for fighting spam).

This way, Facebook would loose their network effect which makes it impossible for a competitor to be successful. They would still have their users, rich features, mature codebase, and infrastructure as an advantage, so this will not drive them out of business. But they will be forced to compete with others on terms of user-friendliness, features, non-invasiveness and so on.

Here's an idea. The next time you invent a nifty protocol for social, don't make it proprietary. Don't release the source under copyleft either. Make a license such as: "You may use this protocol / implementation free of charge in any way you like (source closed or open) under one condition: you have to offer federation."

(* Federation means that users with accounts on different services can communicate freely, like it is the case with email. Imagine you could use your Twitter account and write to a friend's Facebook wall. Or you could even host your own gnusocial instance and use it to take part in other social networks.)

4
angrybits 2 days ago 2 replies      
> when the last user of it finally gives up and moves to gmail so they can continue to communicate with their contacts or maybe they give up entirely

Between the title and the quoted, I think you have used up your hyperbole quota for one day.

I guess I don't see the issue. The internet is a large piece of infrastructure on which citizens and companies can publish (almost) anything they want. Lamenting that for-profit ventures have tried to wall off their parts is curious, as I am not sure how that impacts me or my decisions. I don't facebook, I don't tweet, and I could not care less that these things exist. (Not entirely true, but my objections to them would be off-topic.) The world is a very large place, and there will always be people who hang out in the more distant corners of the net, you can go be with like-minded people and talk about the good ole days of (insert bygone era here).

Now if you are lamenting this because you want a piece of the action and the big kids are being bullies, then I suppose my answer isn't going to comfort you any. But for just simple usage, I think this is a tempest in a teapot.

5
decasteve 2 days ago 2 replies      
The key (IMO) to a distributed and decentralised Internet is a net-equality for upload:download speeds. There used to be an argument that we download more than we upload. To phrase it another way: we used to consume more content than we published. The fact is, we individually produce more content now than we consume, much more than the traditional media companies of the previous generation, as evidenced by the content on Facebook, Google/YouTube, Twitter, WordPress, et cetera. But the Internet in 2015 is an AOL-2.0-like one and we need to nudge it in the direction of a distributed one again.

The solutions are within our grasp because they exist already. The software and the communication protocols exist, and are open and tested. A small change at the root, like Net-Equality, would result in an avalanche effect change in how we communicate and store information. The Internet of 5 years from now could be vastly different (and better in my opinion) than the one we have today. It could fulfil the 1990's predictions of people like Bill Gates and Mark Andreesen, who now sing a different tune, but used to preach the power of a distributed Internet.

6
Canada 2 days ago 0 replies      
> That document would then be sent out to various parties that might have an interest in using this protocol who then would supply their feedback and as a result of that a more complete version of the original document would be released. And so on until the resulting protocol was considered mature enough for implementation.

Is that so? The early IETF process was, "Rough consensus and running code."

Protocols were implemented first, then revised and described in RFCs later, weren't they?

7
dvh 2 days ago 1 reply      
I blame firewall admins for this. If app was using port 1234, it was simpler just to block this port. After while this make app unusable so app creators tunneled everything through port 80.
8
bsaunder 2 days ago 2 replies      
In some ways, it may be worse than the OP suggests as we apparently race towards mobile apps. Seems about the right time for PointCast+. Its the proverbial technology pendulum. It seems obvious that we'll continue our momentum and maybe even abandon the generic browser and revert to the (now mobile-based) fat client past.

Much of the article seems devoted to concerns about proprietary protocols and closes with a plea to keep protocols open with a published specification. I think this is a reasonable concern and a noble plea, but yet also an (unfortunately) unreasonable request. Companies are developing their protocols to support their needs, not yours.

Its reasonable to want access to the data companies are collecting. Its valuable data. But these companies are not in the data services business. And if they were, its reasonable for them to charge a handsome price for the access you are looking for. Imagine the black eye a company would get for trying that approach.

Perhaps there's a view that says, users freely give the data so they should be able to freely get it back. But there's a counter argument that users are "compensated" for contributing their data in the form of free access to the services it provides. Given the amount of time people spend on social apps, its reasonable to think they value the "free" service highly.

IIRC there was a start-up that attempted to build an alternative social network based on open standards... It didn't go very far. Perhaps people need to learn to vote with their actions. Maybe we need to try that again and convince more of the influential technical folks to jump ship. Maybe through competition the non-open establish players can be shown the value of openness.

9
abrgr 2 days ago 1 reply      
We're in a world of APIs and de facto protocols now. The bulk of the interesting communication at this point is about data. REST over HTTP provides a decent mechanism for interacting with arbitrary nouns. Anything significantly more structured would, I imagine, essentially be an exercise of modeling a particular domain of data. With rapid innovation, it becomes difficult to codify a particular data model ahead of time, so we end up in a world of RESTful APIs, some well-documented and some not-so-well-documented, and, when one emerges as the winner, it becomes the de facto protocol.

That said, the walled garden approach of all platforms today (especially Apple) certainly endangers future innovation. Though, I see that as a content delivery problem, not a protocol problem.

10
jessaustin 2 days ago 2 replies      
And please never do what twitter did (start open, then close as soon as you gain traction).

Posted by Jacques Mattheij August 5, 2015

If you read this far you should probably follow me on twitter:

Is there a contradiction here? Why do you use twitter? (Rather than following you on twitter, I have your RSS feed in my newsreader.)

11
otis_inf 2 days ago 1 reply      
It might be me, but the article seems to make the same point as "The Web we have to save" https://medium.com/matter/the-web-we-have-to-save-2eb1fe15a4...
13
smoyer 1 day ago 0 replies      
"Since then there has been a lot of movement on the web application front but none of those has resulted in an open protocol for more than one vendor (or open source projects) to implement."

I know of several RFCs that are in the process of being created/approved that specifically detail protocols over REST/JSON. Probably the most impressive is the System for Cross-domain Identity Management (SCIM) [1].

In general I agree with the sentiment of the OP - that we should have more standardized protocols if HTTP is going to be the new TCP. I should also mention that HTML is a data specification for pages transported via HTTP, so there's definitely precedence.

[1] http://www.simplecloud.info/

14
jegutman 2 days ago 0 replies      
AOL seems to think they're on version 9.7:https://help.aol.com/articles/upgrade-to-the-latest-version-...
15
tsunamifury 1 day ago 0 replies      
The Death and Life of Great American Cities by Jane Jacobs strongly outlines that this pattern is a problem of segregation in almost all communities. The best superficial designs are static and proprietary. The best, long living designs are open and engage with inevitable chaos at scale. High end segregated suburbs eventually die, as people move to open, less segregated environments that provide more serendipitous opportunity.

It seems to be natural in complex networks that proprietary systems that don't serve the entire population function better due to like-mindness, conservation of resources by the wealthy, and bias.

Apple is like a private community for those who can afford it. Systems and resources can be allocated centrally, and designed for a limited number of static requirements. Its great, until requirements change.

I would argue that Google should continue to support the open environment it is designed on. Its software is inherently linkable (you can link to documents, G+, youtube videos), it is mostly open to non-logged in experiences, and it is free for anyone.

It comes at great cost to support those ideas, sometimes in the form of money, and sometimes resources, but I think its absolutely worthwhile.

16
bane 2 days ago 1 reply      
Abstracting problems is not always the right solution, but for some reason (I think it's mostly a social effect) seem to have an overwhelming desire to abstract away problems.

"XMPP support is slowly but surely being removed (just imagine a phone system where every number you call to may require a different telephone)"

So what happens in these kinds of cases is that somebody invents an abstraction (a metaprotocol) that cross-connects all of these. And then somebody comes up with yet another protocol that doesn't fit into the metaprotocol (or some slow moving standards body can't fit the new one in), so somebody else comes up with a metametaprotocol that bundles the metaprotocol and the new one in....and its abstractions all the way up..

Until somebody realizes that the tower of abstraction is introducing 300ms of lag into things and we all pine away for the good old days of just XMPP or whatever.

There's nothing that prevents technically oriented people from setting up ftp, nntp, smtp, mtp, etc. servers and so on except that these things really tend to rely on some kind of software running on the user's OS and these days people pretty much just run a browser and not much else.

The answer then is move the functions those protocols supported into the browser (like in the way that most browsers support ftp), but it's just not worth trying to shove telnet or whatever into browser support, so people just replicate whatever telnet is supposed to do into a web app that's access over http.

I think more troubling though is non-browser server-server communication is now just http. Sure it's pretty simple, but for server-to-server communication there's almost always a better protocol to use, but people can't be bothered to come up with one.

17
cvwright 1 day ago 0 replies      
I see what he's saying, and he makes some good points.

But I think he's too pessimistic. There are still some bright spots of open protocols on the Internet, even if they're now predominantly used through web browsers and/or HTTP.

I'll name two that are more recent than the last RFC referenced in the article, from 2009:

JMAP - the JSON Mail Access Protocol, here to save us from the dark ages of IMAP. http://jmap.io/

WebRTC - cross-browser, cross-platform voice and video chat without being locked in to a single provider like Skype. http://www.webrtc.org/

18
sosuke 2 days ago 0 replies      
I've been saying the same thing, but I feel this goes too far into an alarmist view.

When Facebook, Google, and Apple hold all the cards the creators, the developers, will move back out and create the 'old' Internet again. Then the people will follow to the new creations. Eventually we'll hit AOL 3.0 and the cycle will continue.

At least that is my hope.

19
hendry 1 day ago 0 replies      
Good post! Protocol Handlers aka chrome://settings/handlers are really really badly done or utilised. If there were done better, maybe we would see some more interoperability between the silos.

I created an example showcasing mailto: https://www.youtube.com/watch?v=HeE9XPmYcq8

Though for example ICS: http://sg.hackandtell.org/ics/ I've not managed to make it work with Google or Fastmail Calendar.

BIG SIGH.

20
cwyers 2 days ago 1 reply      
I think the author makes a lot of good points, but misses a key point. We're not shuffling off into walled gardens because Google and Facebook want to "own" their users -- they do, of course, but users aren't just being herded like cattle by Facebook. Users are getting into walled gardens because walled gardens offer users a lot of advantages right now.

1) Internet users are becoming less technical as the number of Internet users increases, and they want things to just work. They don't want to know whether their mail server is POP or IMAP, they just want to send and receive e-mail. They don't want to have to try and figure out which IRC server to get on to get a decent ping or to avoid a netsplit, they just want to chat. Zero setup, zero installation, just go to a webapp and all those details are handled for you.

2) Internet users are becoming increasingly mobile, and most of our pre-HTTP Internet protocols scale poorly over mobile. Mobile devices are power and bandwidth constrained in ways that protocols didn't envision. Chat applications not written with mobile in mind are giant battery hogs.

3) The open web is a dumpster fire. SEO makes a lot of Google search results difficult if not impossible to wade through (try searching for information on a particular printer or lawnmower and see how many results you can find about anything other than someone who wants to sell you one). An article with pictures that measures under half a megabyte comes with four megabytes of ads and trackers. If you peek behind the spam filters, something like 90% of the e-mail anyone gets is best described as junk. Some of it's malicious junk at that. Most open forums quickly degenerate into a showcase of the worst humanity has to offer -- go check the comments on a newspaper or TV news website if you don't believe me.

4) Nobody can make any money except through advertising, and even that's becoming problematic. The problem with things like subscriptions is that they reduce the value of the hyperlink towards zero. And you can say, "for just the price of a cup of coffee you can keep this website open," but having to buy 50 to 100 cups of coffee every month to support all the websites you like to visit at some point during a month quickly becomes untenable. And so advertising comes to dominate the web in increasingly perverse ways (which explains about half of point three). Walled gardens are one way to offer a respite from the worst abuses of advertising -- Facebook doesn't need to send you 5mb of JavaScript to track you, they can do a much better job of tracking you with a lot less overhead than third-party trackers can.

If you want to fight walled gardens, you need to find ways to solve these problems in ways that don't involve walled gardens or offer ordinary users (users who don't share this community's convictions that open is inherently better) benefits that a walled garden doesn't or can't.

21
jasode 2 days ago 2 replies      
I agree that it would be helpful if we had more open protocols but I disagree with the conclusion that not having them inevitably leads to AOL 2.0.

First, I think it's helpful to clarify what jacquesm is saying. My interpretation in concrete terms of URI[1].

 URI: <scheme>://<location>:<port>
As of 2015, the scheme is almost always "http" or "https" and the port is almost always "80" or "443".

Because of many factors (I'd say mostly social dynamics[2], not technical), companies end up layering their proprietary/opaque protocols on top of "http".

I believe the essay asserts that the web would be more "free" and "open" if we pursued more "schemes"[3]

For example, if you're starting a new company that lets people crowdshare cooking recipes, the 1980s mindset may have been to submit a new RFC so everyone could then do:

 cooking://johndoe.com
(and default port for "cooking://" would be 867 or whatever)

Instead, we now have a situation where we have a cooking REST API or cooking iPhone/Android app that sends proprietary undocumented bytes over "http". Yes, the "http" is open in an academic sense, but for practical purposes, the cooking data is "closed" because the bytes over it are proprietary. Related to this is that the bytes go to a central entity that has self-interested economic motives instead of a peer-to-peer situation like "ftp://" or SMTP email.

I don't have to time at the moment fully explain my disagreement but I don't believe this leads to AOL 2.0.

Instead, what happens is that the proprietary protocols simply become more inefficient by "tunneling" or "layering" in or on top of "http". We collectively waste lots of HTML/MIME overhead bytes to send opaque data. We also expend a lot of security effort with cat & mouse "deep packet inspection" of "http" because of this. Lots of cpu cycles are burned up to pay for these inefficiencies.

As for pushing for the ideal of more schemes with public and transparent RFCs, this is a goal that's couched in technical terms and it hides what we're really asking of each other: we are asking economic actors to forego their economic interests. That is a very tough sell.

For example, in the USA, there's Intuit Quicken and they have a proprietary transport for downloading financial transactions. I loathe Intuit and their business practices but I do understand why their protocol is opaque instead of being an RFC. They are the ones that did all the legwork of convincing the banks to open up their mainframes to facilitate data downloads. The government didn't grease the wheels; Intuit did. Now they want to be rewarded economically for it. Can't blame them. That's why it's not an open RFC.

Contrast Intuit's situation with the public RFCs for "ftp://" and SMTP. The people creating those protocols were economically secure. They had stable jobs at universities or government institutions.

Today, the opaque protocols are made by actors in a different economic landscape. If a YC2015 company takes $130k from ycombinator and several million $$$ from VC rounds, defining a transparent RFC that harms their economic interests doesn't make sense. This goes against human nature. The essays pushing for a more open web are not addressing the hard-to-resolve economic interests.

[1]https://en.wikipedia.org/wiki/URI_scheme#Generic_syntax

[2]corporate firewalls and network appliances policies of restricting ports, users' home computers' firewalls default config of blocking ports, etc. New software can't expect to reverse the conservatism of Cisco admins, etc. Also look at why residential SMTP mail servers are blocked by others even though SMTP is theoretically "open". That's a social problem caused by spam.

[3]https://www.iana.org/assignments/uri-schemes/uri-schemes.xht...

22
bsaul 2 days ago 2 replies      
I think one solution would be for internet providers to upgrade their offer. They started by offering you an email box, then stopped. Some offer storage space, and a few of them offer blog platform, but they've all surrendered against facebook.

Why wouldn't internet providers offer your own personnal profile page and news feed, only instead of being stored and owned by a company whose respect for private data and business model seem contradictory, let someone you already pay something for handles it.

Then we would need protocols again, because internet providers are numerous, and don't need to dominate the world to be profitable.

Note : i can think of many other services that would be good candidates for an isp to offer : youtube, linked in, photo sharing, etc.

23
siculars 1 day ago 0 replies      
Sandstorm[0] and projects like it are the future of the internet and the digitally connected world. Data silos, privacy, inability to interoperate, data ownership will all collude to bring down the wall. At the same time, virtual compute providers and software like sandstorm will become ubiquitous and intuitively easy to use. I, for one, am long term optimistic.

[0] https://sandstorm.io/

24
wyclif 2 days ago 1 reply      
Heads up, this post is great but it really needs a once over editorially:

NNTP has been mostly dead for years (though it still has some use the real replacement usenet for discussion purposes appears to be Reddit and mailinglists) and so on.

25
jessaustin 2 days ago 1 reply      
ISTM this is just the end-to-end principle taken one step farther. Instead of intelligence residing in the endpoint node, now it resides in an app running on the endpoint node.

That isn't to say that the "aol2" phenomenon doesn't pose the risks to users described in TFA. I only observe that the same factors that encourage end-to-end (flexibility, reliability, loose coupling, etc.) probably encourage "aol2" as well.

26
snarfy 1 day ago 0 replies      
I had a similar feeling the moment I started seeing browsers hide the protocol in the URL bar as much as possible. The protocol is important and I didn't like them munging the protocol and address together.
27
syats 1 day ago 0 replies      
AOL never sold hardware, but google, apple do. It's going to be worse.
28
k__ 2 days ago 3 replies      
29
api 1 day ago 0 replies      
There are many reasons for this, but a big one only hinted at in this article is the firewall. Firewalls and NAT effectively break the Internet. They require centralization -- two devices cannot communicate without it. We've adopted a topology that forces centralization, and now we're surprised at the result.
30
vdm 2 days ago 0 replies      
Slack.
31
orionblastar 1 day ago 0 replies      
I remember AOL it was a dial-up network with its own custom GUI that set up a TCP/IP stack at the time that getting on the Internet with WINSOCK programs was difficult because you had to configure a SLIP or PPP profile with other ISPS.

AOL made it easy for anyone to get on the Internet, they mailed out floppy disks for a free month for example. The hard part was canceling the service and getting them to stop billing you once you stopped using their service.

AOL software grew and went on CD-ROMs, at least with floppies you could reformat them and use them for other stuff, the CD-ROMs were drink coasters and made wind mobiles out of them.

AOL software grew when they merged with Time Warner, the AOL software was a web browser and media surfer and email client.

When broadband began to take over there was a $20/month option to add in your AOL account to it and use it over broadband.

If you want AOL 2.0 today you have to have a phone company or cable company bundle their broadband service with the software that is part web browser, chat client, email reader, news reader, media surfer, stock ticker, and other stuff rolled into one app.

Google or Apple if they wanted to do this would have to lay down some fiber optics to provide broadband Internet access and then bundle their AOL 2.0 software with it. It is not a cheap thing to do, the dial-up modem was better because you could plug a modem into any phone line and get Internet, but it was slow. Today you need a high speed phone line and a DSL modem, cable modem, some sort of high speed modem that uses fiber optic, etc. They company has to send someone to install the high speed cable and modem to hook you up, and it is not so easy to do that these days. You have to wait for someone to be available to do that, and hope there is no technical delays.

AOL was killed by broadband Internet and Web 2.0 sites replacing what AOL software did.

Oddly enough you still find the elderly using AOL dial-up for $35/month on really old Windows PCs. They don't want to lose their aol.com address.

32
mahouse 2 days ago 3 replies      
Index Funds May Work a Little Too Well bloombergview.com
305 points by chollida1  2 days ago   196 comments top 21
1
bcg1 1 day ago 10 replies      
A bigger problem with index funds is the inherent bias they create towards consolidation of capital at the top. A company that becomes part of the S&P 500 will automatically have bi-weekly buyers of their shares as people pump money into index funds via payroll deduction. Nearly every piece of mainstream financial advice in the US suggests such behavior... "d% of mutual funds fail outperform the S&P 500" etc. Of course such comparison ignores transaction costs, administrative costs, risk, diversification across asset classes, et al. However, it leads to many people who want to "Set it and forget it" to just buy the S&P 500 index companies automatically every 2 weeks, pumping up the values of large cap corporations whether they perform well or not.

I know that companies don't necessarily benefit directly from an increasing stock price, but in reality it allows them to raise capital by issuing new shares with less dilution. Also it makes it costlier for smaller competitors to raise capital, crowding out competition. At the end of the day, the "antitrust" question is not about Apple v. Microsoft... it is moving more in the direction of "Apple & Microsoft" vs. anyone trying to claw and scrape their way into the game.

2
howeyc 1 day ago 3 replies      
Interesting. The idea is that index funds implicitly favor collusion between companies in the same industry since investors/institutions own the competing companies (perhaps even at the same weight). That is, an index owning both Coke and Pepsi may not be too keen on one slaying the other, but instead for them both to become bigger together, yet separate.

There's also the idea that index investing "should" be considered illegal because of the possible antitrust issues.

Also, the rise of index investing puts more favor to stock buybacks/dividends as opposed to reinvestment. The idea being (as an example) that the index would rather take Coke's profits and redirect to a smaller higher-growth-potential company (or even spread it out more evenly among all holdings). However, if no index investing, perhaps investors would be more willing to "ride it out" with Coke reinvesting a lot more profits back into the business (maybe the don't own Pepsi, or other soft-drink companies and want to see them all get demolished).

3
elipsey 1 day ago 2 replies      
The quote "stock acquisitions that create such anticompetitive horizontal shareholdings are illegal under current antitrust law" doesn't seem to include any reference that I can find to any original text written by Elhauge. Instead the footnote links to a bunch of the author's own articles about Elhauge.

The only properly cited textual evidence offered is a series of denials by Elhauge that he ever said index funds are illegal.

Levine has been writing about this for months in articles with linkbait titles like: "Should Mutual Funds Be Illegal?" (http://www.bloombergview.com/articles/2015-04-16/should-mutu...)and "Labor Department Wants to Tweak Your Retirement Plan" (http://www.bloombergview.com/articles/2015-04-15/labor-depar...)

It seems like Levine has an axe to grind with regulators, and doesn't want anyone to talk about research that might suggest regulation. He might be right, but he is making a crappy argument.

EDIT: Ok, I stand corrected. Elhauge totally said that. It's in the abstract. I had trouble finding it because Levine cited himself instead of the paper at the end of that that paragraph. Sorry.

4
praptak 1 day ago 5 replies      
Interesting. With enough optimisation of the mechanisms of modern capitalism we arrive at a state where a single amorphous entity owns the economy so there are no incentives created by competition.
5
obblekk 1 day ago 2 replies      
This is cool, but incomplete. An index fund would still want competition if by competing, Pepsi gains 100% and Coke loses 1%. i.e., in any case where competition grows the pie rather than cuts it up differently, the index fund would want competition.

I claim this is the right result. We should discourage competition where everyone ends off worse, and encourage competition otherwise. Individuals competing do things like dump goods below cost to bankrupt smaller competitors; an index would perhaps not do that.

6
assaflavie 9 hours ago 0 replies      
Say index funds become illegal, just for the sake of argument. Aren't they replaceable by an algorithm - trading software that balances a portfolio that copies an index per investor? It's less efficient, of course, but it's essentially the same thing. You get millions of tiny, cross-sector owners instead of few big index funds. So in that sense the argument in favor of banning index funds is really pointless. They're just one implementation of a strategy that investors could follow on their own, just less efficiently. Essentially, banning them is just a way of enriching brokers because of the expected rise in transaction fees.
7
morgante 1 day ago 0 replies      
This is a fascinating line of thought and, at least from a game theoretic perspective, seems to be a mechanism for creating automatic, passive collusion between companies.

If we model the market as a prisoner's dilemma where a lawyer is deciding whether their client should defect or not, mutual defection is the normal Nash equilibrium. But if both lawyers are representing the same client then cooperation becomes the dominant strategy: regardless of what the other lawyer does (cooperate-defect and cooperate-cooperate both have higher total payoffs than defect-defect).

Notably, this mechanism is entirely passive: it requires no communication between managers or even managers and their investors. Merely knowing that my investors are also investors in my biggest competitor would make "cooperation" the dominant strategy without requiring any conscious collusion.

Taken to the extreme, this actually undermines the entire free market: every manager in a 2+ place firm would have a fiduciary responsibility to drive their company out of business so that the first place firm could enjoy monopolist profits (and thus maximize their shared investor's total return).

8
roymurdock 1 day ago 1 reply      
Which institutional investor should I specifically be concerned about?

Show me the institutional investor that owns 30% of American, 30% of Delta, 30% of Southwest, and 30% of United. [1] If this is the case, then yes we have a problem. The manager of this fund has a major incentive to have these 4 major firms collude and price gouge its customers, as competition among the firms would minimize profit for the index fund. It would major shares of the companies that own the entire market. I think it's safe to say that this institutional investor doesn't exist.

Which concentrated group of 3-4 (oligarchy) institutional investors own a combined 50% of American, 50% of Delta, 50% of Southwest, and 50% of United?

If this is the case, then yes, we have a problem. Collusion will occur between these funds, who will agree to use their voting/management rights to collude at the airline level, as they own the companies that own the market.

We're usually used to seeing collusion between the CEO's and boards of major companies in concentrated markets because we tend to think of these people as the people who profit the most from price gouging. Antitrust lawsuits against AT&T, Kodak, Standard Oil - these are all pretty concrete examples of collusion from brands that we (used to) interface with. [2]

Now we could be seeing collusion abstracted one layer - the owners/shareholders are institutional investors who don't have a well-known brand. Which institutional investors specifically should we be worried about? Unlike AT&T + Verizon, I don't interface directly with any of them, so I'm not sure which firms I should be concerned about.

Where's the data?

[1] 30% is an arbitrarily large number.

[2] http://www.hg.org/article.asp?id=6025

9
sandworm101 1 day ago 1 reply      
Why the assumption that an index must represent a market?

Wikipedia def:"An index fund (also index tracker) is an investment fund ... that aims to replicate the movements of an index of a specific financial market, or a set of rules of ownership that are held constant, regardless of market conditions."

The OP only discusses the former, not the later. I see the point that an indexed fund tied to a specific market, the narrower the better, may bring antitrust rules into play. But the later concept, that a indexed fund is simply a fund with fixed buy rules, need not get anywhere close to antitrust. They need not have a presence across any "market" as conceived by antitrust.

How about an indexed fund with the rule: Own equal numbers of share from all publicly-traded social media firms, except facebook. Such an indexed fund might find lots of investors without getting anywhere close to antitrust.

10
dataker 1 day ago 0 replies      
I just can't see it as something positive.

This is signaling that monopolies have massive power in their industry horizontals. 'To compete', they must take over another industry horizontal.

11
bickfordb 1 day ago 1 reply      
If index funds create larger voting blocks of shares, wouldn't that create a more powerful pool of voting power to influence changes than if all shareholders were voting individually? Index funds could turn over voting control to a proxy/research based voting service or survey their investors to determine how to vote.

I'm embarrassed to admit I actually don't know the voting policies of the major index funds I'm invested in (VTI, AGG mostly).

12
11thEarlOfMar 1 day ago 0 replies      
Maybe it's upside down.

Index funds effectively buy and sell at prices set by non-index fund investors. They are reacting to market price, not trying to predict where the stocks will go in the future.

All other investors are betting on the future price moving one way or the other.

I'd argue that index funds are an amplifier for demand, but that the actual demand is still generated based on 'analysis' by investors seeing the the current price as an opportunity.

13
cmsmith 1 day ago 2 replies      
The article's focus on the temptation for collusion seems overblown to me. Yes, the interests of Pepsi+Coke's index shareholders are served if the companies avoid cannibalizing each other's value, but those shareholders have no way to apply pressure on the companies to do that. Index shareholders do not vote, and by their nature cannot sell shares of a company that they are displeased with.

The other concern seems more well-placed. An efficient market requires that shareholders buy and sell companies in response to performance. Index funds buy and sell companies in response to the performance of the fund, or the market as a whole, or some other arbitrary factor. If 50% or 80% or 90% of a company is owned by 'dumb' funds, what does that do to their market value? And how could that affect the choices of the CEO?

14
paulpauper 1 day ago 0 replies      
index allocation as a % of total assets will keep rising, but total assets will also keep rising.. That means individual stocks will still have price discovery despite a futuristic scenario where 99% of all money is indexed. The mechanism for how this leads to collusion is unclear.
15
jwatte 1 day ago 0 replies      
For an individual index fund, who is making the argument that it's big enough for anti trust? If one fund owns 1% of American Airlines, and 1% of United Airlines, they have no monopoly/dominating power over either.
16
guimarin 1 day ago 0 replies      
As someone who derives most of his income from the value created by start-ups disrupting incumbents, I'm all in favor of index funds making firms anti-competitive in their own industries.
17
mathattack 1 day ago 0 replies      
Matt Levine is awesome at separating arguments from interests, and writes very clearly. He was great on Dealbreaker, and I'm glad that he's not tempering his voice on Bloomberg.
18
animefan 1 day ago 0 replies      
19
curiousjorge 1 day ago 0 replies      
Index fund works well because it's diluted. When you invest in a single company there are many unknowns and downsides but stretched across the sector, you find less risk (how likely is it that other than Toshiba and Kodak are cooking books).

However, the returns are also limited to the sector as well.

I admit picking undervalued companies AND being solvent enough before the market reacts rationally is a huge undertaking and why there's so little of successful value investors.

20
VLM 1 day ago 1 reply      
21
chad_strategic 1 day ago 1 reply      
Insufficient Sleep Is a Public Health Epidemic cdc.gov
296 points by dpflan  1 day ago   218 comments top 13
1
Domenic_S 1 day ago 26 replies      
Having just been officially diagnosed with obstructive sleep apnea today, let me tell you why that part of insufficient sleep is an epidemic: the system is a racket. Here are the steps to get your sleep apnea solved:

1. Go to your GP and have them refer you to a sleep specialist.

2. Make an appointment with the sleep specialist (one major clinic here in the Bay Area is booked out weeks in advance). Do that office visit where you get the prescription for an overnight sleep study.

3. Wait 2-3 more weeks for your sleep study date, where you get wired up like you're joining the Matrix, and then told to go to sleep at 9:30pm. Riiight.

4. Have a follow up visit at the office in step 2. Go over results. Possibly get prescribed a CPAP machine.

5. Find an in-network provider to buy the CPAP from, and make an appointment with them. This is not an off the shelf thing, expect to spend 2-3 hours in the office/store. Wait time: a couple days to a couple weeks.

6. (optional, if the study from step 3 wasn't split-phase) Return for another sleep study with your new machine so they can calibrate it.

7. Make another follow up appointment to have the doc look at the report from step 6 and actually perform the calibration.

Dude, WHO HAS TIME FOR THIS? Ironically, this whole process is a bit of a nightmare.

2
christiangenco 23 hours ago 7 replies      
If anyone here has trouble falling asleep, I have two hacks I've recently implemented that have reduced my TTFA (time to fall asleep) from over two hours to about 15 minutes:

1. Don't look at a screen for an hour before going to bed.

2. Wear a sleep mask. If you can open your eyes and see any sliver of light or a distinguishable shape, you need something different.

The effect is complete lack of visual stimulus making it really easy to start hallucinating (an overly strong word) which is an easy ramp into deeper sleep. The lack of bright blue light beforehand does something something melatonin, and you'll feel significantly more tired before bed (the lack of stimulus will also help).

3
jensen123 1 day ago 2 replies      
I'm shocked that they don't mention sitting in front of the computer or TV before bedtime. Computer monitors and TVs have a bluish light. Blue light down-regulates melatonin, which is the hormone that makes you sleepy.

I used to have a serious acne problem. Cutting down on meat and dairy really helped, but I was still getting a few small pimples now and then after that. It was only when I stopped using my computer or TV late in the evening that I got 100% clear skin.

4
mschuster91 1 day ago 5 replies      
I miss "Job-caused sleep deprivation" aka "what happens when you have to work 2 jobs+care for a child" to pay rent.
5
chatmasta 1 day ago 4 replies      
I've always thought of sleep from a libertarian perspective. For the most part, it's your choice how much you sleep. Yeah, some people have trouble sleeping... but that's largely a result of individual choices. Factors like lack of exercise, too much caffeine, and poor diet all collude to reduce quality of sleep. In that sense, insufficient sleep is a public health epidemic in the same way as obesity. Lots of people are affected by it, but it's still avoidable with proper preparation and habits.

Everybody knows you should get 8-9 hours of sleep per night, and most people are at least vaguely familiar with studies that say lack of sleep can reduce life expectancy. Yet people still choose to sleep less than the optimal amount. That's a choice. There is a tradeoff of time now, vs time at age 70+. If time now is more valuable, then it could be rational to sacrifice time at 70+ by sleeping less now. People make this choice every day, subconsciously or not.

Of course, the choice of how much sleep to get is often not an easy one. We have to go to school or work. We have obligations. Perhaps the easiest win from a public health perspective would be changing the start time of public high schools. Why are we forcing kids to wake up at 6am to go to school? That's just stupid, and flies in the face of all sorts of research.

6
joshsharp 1 day ago 2 replies      
It's not a huge sample set to draw from but the average amount of sleep across all of our Exist[1] users is 6:56 (as tracked by a device like a Fitbit, Jawbone UP, etc). So not quite as bad as in the article, but not quite enough either.

[1]: https://exist.io

7
bitJericho 1 day ago 2 replies      
Very important to get your sleep. I recommend no caffeine 4 hours before bed. It seems like everytime I can't fall asleep its because I accidentally drank caffeine. I sleep 6 to 10 hours weirdly enough. It seems to depend largely on the previous nights sleep and the physical exertion I've done in the day.
8
doczoidberg 1 day ago 2 replies      
sometimes I feel like an alien when I say that I need 8-9 hours sleep to feel awake the whole day. 6h seems to be normal nowadays.

Can I train to sleep (a little bit) less?

9
afarrell 23 hours ago 2 replies      
As someone who went to a university where "sleep is for the weak" was a slogan among undergrads, I want to go back in time and throw chalk at anyone who says that.
10
znt 22 hours ago 0 replies      
There is this IndieGogo project for a mini sleep apnea mask, if anyone is interested: https://www.indiegogo.com/projects/airing-the-first-hoseless...
11
rm_-rf_slash 1 day ago 0 replies      
I would be interested in hearing the opinion of startup employees who were not a part of the early team (yardstick: <1% equity/options) and what their company's attitudes are about proper sleep and work-life balance.
12
gavreh 23 hours ago 1 reply      
13
Gnarl 23 hours ago 1 reply      
Privacy Badger Block spying ads and invisible trackers eff.org
303 points by swartzcr  22 hours ago   105 comments top 22
1
bobsky 22 hours ago 2 replies      
Nice. It works well with other extensions i.e. adblockers - Privacy Badger can significantly increase your privacy online because Adblock does not block invisible trackers by default; via FAQ.

Another fantastic extension from the EFF team with collaboration from The Tor Project, is HTTPS Everywhere, get it here https://www.eff.org/https-everywhere

2
antsar 19 hours ago 3 replies      
According to EFF's Panopticlick[0], the biggest thing making my browser unique is the list of plugins that I am running. Short of disabling JavaScript, I don't know of a way to prevent that. Can this hypothetically be solved with Privacy Badger and are there plans to do so?

[0] https://panopticlick.eff.org/

3
SwellJoe 20 hours ago 2 replies      
This may be exactly what I want. I don't actually mind ads that respect my privacy and my attention. If ads didn't track my every move and didn't disrupt my workflow by making noises without permission or otherwise stealing my attention and time, I would have zero use for an ad blocking tool.

Of course, this doesn't say anything about stopping those invasive noisy ads or ads that block content, so I may still have to keep using uBlock. Maybe in some future ideal world, advertisers will learn that if they want me to see their ads, at all, they have to respect my privacy, my time, and my attention.

Maybe someone needs to make a "show only ads from people who aren't assholes" plugin.

4
eridal 21 hours ago 6 replies      
Nice addition to my list

 - uBlock Origin - Self-Destructing Cookies - BetterPrivacy - HTTPS-Everywhere - Privacy Badger

5
peteretep 21 hours ago 2 replies      
I would be interested in an easy-to-use local packet sniffer that attempted to give me hints on what I was leaking - what isn't via https from all apps on my machine, for example.

Obviously wireshark would get you 50% of the way there - to add to that then, a pretty UI focussed on scaring users with what information is being leaked - hostnames for SSL sites they're visiting for example.

6
escobar 21 hours ago 2 replies      
> in fact Privacy Badger is based on the ABP code!

This makes me sad. They should have based it on uBlock. ABP is very bloated, and really caused issues for my browsing experience. Not sure if I want to try it after reading that.

7
mey 20 hours ago 1 reply      
I've been using this plugin since it's beta days and it's an excellent approach to privacy issues online and 3rd party entities.
8
dannysu 17 hours ago 0 replies      
I was using Privacy Badger, Ghostery, Disconnect, AdBlock Edge or uBlock. Nowadays I just use uMatrix[0] & Self-Destructing Cookies to have a whitelist browsing experience rather than a blacklist experience.

Perhaps when Privacy Badger does more for detection of first party stuff, then I'll add it back again.

 [0]: https://addons.mozilla.org/en-US/firefox/addon/umatrix/

9
xs 15 hours ago 0 replies      
EFF team. Grats on having this out for almost a year now. Any stats from this that you're willing to share? Like for instance have any advertisers noticed this yet and stopped tracking people so ads can be displayed? I've got widgets on my website for disqus, twitter, facebook, etc and each of these are blocked by PB. This upsets me as the website owner that content I want my user to see is being blocked. Any word from them about this?
10
chmars 19 hours ago 1 reply      
I got the following Chrome warning about the extension:

This extension is slowing down Google Chrome. You should disable it to restore Google Chrome's performance.

Any other users with this issue?

11
sethd 21 hours ago 1 reply      
You have to enable JavaScript on that page just to read the text in a sane manor, otherwise it's mostly white on a light gray background and barely legible. (Firefox / OS X)
12
nivla 19 hours ago 1 reply      
Does anyone know if this includes a database of tracking hosts or if its self learning? Because for me on Reddit it counts all the CDN's as tracking domains and the actual tracking domains as the non-tracking ones [1].

[1] http://i.imgur.com/7aw6rHo.jpg

13
retube 21 hours ago 1 reply      
Is not simply turning off cookies for external domains a fairly effective way of cutting a lot of tracking?

What's the downside to doing this?

14
core2 7 hours ago 0 replies      
How much money will EFF negotiate from Google to enable Ads? AdBlock got 500 Mil, you can go for a Billion. Go Go Go.
15
phantom_oracle 21 hours ago 2 replies      
Question to EFF:

Does Privacy Badger itself track me?

I know I could read through the source-code, but it would be quicker for myself (and others) to know if any tracking is done by EFF itself.

16
bni 21 hours ago 2 replies      
Safari already has a setting,Cookies and Website data: Allow from websites I visit.

Is Privacy Badger the functional equivalent of that Safari feature?

17
unicornporn 19 hours ago 0 replies      
Badger is based on ABP code, so I suspect it would affect the performance gains I got by switching to uBlock Origin.
18
slxh 18 hours ago 0 replies      
The back and forward browser buttons appear to break the status reported by this extension.
19
justizin 21 hours ago 0 replies      
Would be great to see Safari support for this, was a happy Privacy Badger user on FF for some time.
20
joosters 21 hours ago 1 reply      
Is their hand-crafted 'yellow list' of allowed trackers viewable online?
21
ocdtrekkie 19 hours ago 0 replies      
22
core2 20 hours ago 0 replies      
Firefox exploit found in the wild mozilla.org
261 points by _jomo  7 hours ago   157 comments top 32
1
jebblue 20 minutes ago 0 replies      
Browsers are supposed to browse that's all. More and more stuff like this will come up with HTML5/JavaScript and people will begin to wonder why the world is jumping through all the JavaScript hoops to build a web app that is essentially a rich client app when they could use tools that are designed for that. Are they more or less secure, neither, once you can touch the user's filesystem the risk is the same which is why it still baffles me that developers actually want to code in JavaScript and dozens of one off libs when they could use first class tools which are far better designed. Browsers are supposed to browse, that is all they are supposed to do.
2
cesarb 4 hours ago 2 replies      
How many PDF.js security vulnerabilities have been found so far?

A quick Google search found only four:

https://www.mozilla.org/en-US/security/advisories/mfsa2013-9... another local file disclosure)

https://www.mozilla.org/en-US/security/advisories/mfsa2015-3... needs to be "combined with a separate vulnerability" to be exploitable)

https://www.mozilla.org/en-US/security/advisories/mfsa2015-6... (needs to be "combined with a separate vulnerability" to be exploitable)

https://www.mozilla.org/en-US/security/advisories/mfsa2015-7... (this one)

It still is looking better than the plugin it replaced.

3
jacquesm 5 hours ago 7 replies      
I don't even want my browser to have a 'local file context', is there a way to switch such behavior off entirely until explicit permission is given?

All these extra bells and whistles added to browsers to allow websites to pretend they're 'native apps' should require a very large switch to be thrown from 'safe' to 'unsafe' whenever an application requests such a thing. And what a pdf reader has to do with javascript is a mystery as well. Systems that are too complex are almost by definition insecure.

4
riquito 10 minutes ago 0 replies      
This exploit made me change my Ubuntu mirror because after hours the updated package wasn't yet in my configured mirror (but was available elsewhere).

If you need it too, here's the list

https://launchpad.net/ubuntu/+archivemirrors

5
Nanzikambe 5 hours ago 3 replies      
The lack of additional detail in this very sparse announcement really compromises users' ability to damage control effectively.

Would like to know if an installation is vulnerable if:

 1) If Applications, PDF is set to "Always ask" 2) Ublock and/or privoxy are used 3) Javascript is disabled 4) pdfjs.previousHandler.alwaysAskBeforeHandling == false 5) pdfjs.disabled == true
Also which advertising network and which Russian site would be helpful for blocklists.

6
lorenzhs 4 hours ago 2 replies      
Once again, this demonstrates that blocking advertisements is a really good idea from an InfoSec perspective. Ad blocking not only abates a nuisance, it's an important security measure.

cf https://twitter.com/swiftonsecurity/status/62840155490772582...

7
lloydde 37 minutes ago 2 replies      
I find the first phrase "Yesterday morning, August 5, a Firefox user" interesting. I'd love to know more about this person and their skill set. How was the exploit detected and isolated? How did this issue get reported and resolved in s day?

Assuming the Mozilla way, I wonder what the bugzilla report will read when it comes out of embargo.

8
aembleton 5 hours ago 4 replies      
If at all possible it would be worth naming and shaming the advertising network that is allowing this exploit through.

Why do advertising networks allow advertisers to exectue Javascript? What need is there for it?

Every time one of these exploits that use advertising networks is found, it just increases the value of blockers such as uBlock. Whether you accept adverts or not, you shouldn't have to accept javascript being executed on your machine that isn't from the site you visited.

9
raldu 12 minutes ago 0 replies      
PDF.js reader can be disabled in Firefox by setting "pdfjs.disabled" value to true in "about:config".
10
jonaslejon 4 hours ago 1 reply      
Since the vulnerability is in pdf.js, is the Tor Browser Bundle vulnerable?
11
mike-cardwell 5 hours ago 3 replies      
I'll just chuck this old blog post of mine out there:

https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sop...

Specifically, the "Securing the Web browser" section.

[edit] Also worth mentioning is the stuff about smartcards on that blog post. You can steal my ~/.ssh/ and my ~/.gnupg/, but because I'm using a smartcard, it wont do you any good.

12
ommunist 42 minutes ago 0 replies      
I am not security pro, but I wonder if server-side installations of PDF.js are exploitable? WordPress plugins using PDF.js, can these become a new vector to attack webservers? Case, site uses PDF.js plugin to render pDFs for users. Is it possible to access server filesystem through PDF.js?
13
mrbig4545 3 hours ago 0 replies      
I guess now is a good time to change my ssh keys. joy

even though I don't use pdf.js, have ublock and a strong key password, I'm not risking it.

I have access to so many servers, I'd rather spend 30 mins changing keys than take the chance

14
johnnydoebk 4 hours ago 2 replies      
Well, sending some user files to Ukrainian server is a bug.

But sending hashes of your downloads to Google [1][2] is a feature, right?

1. https://support.mozilla.org/en-US/kb/how-does-phishing-and-m...2. https://bugzilla.mozilla.org/show_bug.cgi?id=1138721

15
nandhp 31 minutes ago 0 replies      
Could this exploit also be used to write to files? I have a feeling that it probably could, and that makes it even scarier.
16
currysausage 3 hours ago 1 reply      
Semi off-topic: What does the security track record of Chrome's integrated PDF viewer (PDFium) look like? Should I make it Click-to-play or is it about as secure as any other part of the browser?

Edit: NVD does list a bunch of vulnerabilities with "PDFium" in them [1], and I guess there are a few more from when it wasn't called PDFium yet, but I'm curious as to how an expert would interpret these numbers.

[1] https://web.nvd.nist.gov/view/vuln/search-results?query=pdfi...

17
ffuseronlinux 4 hours ago 0 replies      
I believe using "about:config" and setting "pdfjs.disabled" to "true" will neutralize the vulnerability, at least from the description they gave of it, but confirmation from them to that effect would be appreciated, especially for users stuck on the current (or older) version, as the download page acknowledges some might be:

Note: If you use your Linux distribution's packaged version of Firefox, you will need to wait for an updated package to be released to its package repository

It would be particularly scandalous if they knew that disabling pdfjs would suffice yet refused to mention it because they couldn't bear to see their precious CPU/memory-hogging scribd knockoff no one asked for being disabled by their users, in effect putting their grandiose vision of the browser-as-OS ahead of their users' security.

18
0xffffabcd 5 hours ago 0 replies      
Yet another reason to use uBlock and NoScript.

previous discussion: https://news.ycombinator.com/item?id=10020361

19
callum85 1 hour ago 1 reply      
It's awesome that Mozilla detailed exactly what the exploit did, even which file paths it searched for.
20
51Cards 1 hour ago 0 replies      
I sit on the Firefox Beta channel; not seeing an update at the moment. Any word on the status of this?
21
legulere 1 hour ago 0 replies      
And this is why we need working sandboxing on the desktop.
22
Grue3 3 hours ago 0 replies      
Another good idea is to never visit news sites based in Russia. Not only you won't get infected with random malware, you also won't have to read blatant propaganda that passes as "news" over here.
23
meapix 1 hour ago 0 replies      
For PDF, I never view pdf using browser, save it then open it using your pdf viewer.
24
hornbill 3 hours ago 3 replies      
Out of curiosity, how many users will be opening pdf using pdf.js? Is it widely used?

I was never comfortable with pdf.js and changed the setting to use the default pdf viewer in all my machines.

25
Rexxar 4 hours ago 1 reply      
Why the new version number is "39.0.3" ? Did I miss "39.0.1" and "39.0.2" ?
26
Silhouette 5 hours ago 2 replies      
Some more details would be helpful here. Specifically:

1. If PDF files aren't set to open using Firefox's built-in PDF viewer, was the relevant system still vulnerable? (That is, if under Options->Applications, PDFs were set to something other than "Preview in Firefox", would this attack still work?)

2. Which were the 8 popular FTP clients potentially affected?

3. Was this specific case all that could be done or was it an example of a wider class of potential exploits? (That is, can we actually trust any sensitive credentials in any applications on any system that has been running Firefox before today? And could we have disclosed other sensitive information that was held in well known local files?)

I do deal with sensitive details, and have access to lots of external systems run by various clients. If there is a real danger here then I need to act. If there isn't, then I would prefer not to spend the next 1-2 days of my time updating everything that could have been silently compromised instead of doing revenue-generating work, and worse, contacting every client I work with to notify them that their security may have been compromised and it's my responsibility.

27
6d6b73 1 hour ago 0 replies      
28
joosters 5 hours ago 1 reply      
29
mtgx 1 hour ago 0 replies      
Great, I applied the update, and now I got "Couldn't load the XPCOM", and I assume I have to reinstall Firefox.
30
afeef 2 hours ago 0 replies      
31
bitmapbrother 35 minutes ago 0 replies      
32
drvortex 5 hours ago 3 replies      
OS X sudoers exploit found in the wild malwarebytes.org
250 points by hew  14 hours ago   144 comments top 17
1
flashman 12 hours ago 9 replies      
I'm not sure who makes me more cranky: Apple for apparently sitting on the fix, or Stefan Esser for flinging the vulnerability into the breeze for anyone to catch.

Esser has his reasons - "Short reminder: Europeans are not allowed to disclose vulns privately to a foreign company like Apple without registering dual-use export"[1] - but it's hard to believe he couldn't have told them anonymously. Disclosures make careers, though, so there's a strong incentive to go public.

[1] https://twitter.com/i0n1c/status/624172774915973120

2
pqdbr 1 hour ago 0 replies      
More and more news about Apple's software quality degrading. They are really, really losing it.
3
chjj 12 hours ago 6 replies      
I'm seriously shocked. This is ridiculous. This looks like possibly the easiest root exploit ever discovered on a desktop OS (a one-liner in bash). Why in the world would they allow an env variable to write to a file in a setuid'd binary?

I'm suddenly very glad I don't use my macbook as my main machine, but I guess I'll remove the set{u,g}id bits on newgrp for now. Don't know if that will break things, but it's better than getting a rootkit.

4
mey 13 hours ago 9 replies      
I keep asking this question and Mac people keep looking at me like I'm an alien, so I guess I'll turn to the HN community for this questions.

What do you recommend as security software for OSX currently? How do you help secure your devices from public wifi and the internet in general? Especially for novice users?

5
esusatyo 13 hours ago 2 replies      
Isn't this the time when Mac App Store supposed to shine? When they found something that's dodgy and linked to a company that has apps on App Store, can't they just turn on the kill switch? That way the malware won't have anywhere to direct the users to.
6
twic 2 hours ago 1 reply      
Would it make sense for the kernel to use a fresh, empty environment when executing a setuid binary?

Or perhaps a fresh environment with a few of the most important variables sanitised and copied over? And perhaps with the old variables available with a prefix (_UNPRIVILEGED_DYLD_PRINT_TO_FILE etc)?

What would this break?

7
odonnellryan 11 hours ago 1 reply      
For anyone looking for the patch: https://github.com/sektioneins/SUIDGuard
8
athenot 11 hours ago 3 replies      
Would it be possible to mitigate this by setting the immutable flag on /etc/sudoers:

 chflags uchg /etc/sudoers

9
kordless 10 hours ago 1 reply      
I seriously wonder if issues that have highly polarized responses aren't some sort of rip in reality.
10
zwetan 8 hours ago 0 replies      
I don't see in the article where they all blame the fault on Flash ?
11
ganessh 7 hours ago 0 replies      
Does this issue arise from Unnix or Mac OS?
12
qudat 10 hours ago 1 reply      
13
geofft 11 hours ago 0 replies      
There's a reason that the store staff are instructed to encourage you to leave the store if you open a terminal.
14
BinaryIdiot 12 hours ago 0 replies      
Because that means bugs are impossible?
15
ikeboy 12 hours ago 0 replies      
16
chadscira 8 hours ago 1 reply      
17
cmurf 13 hours ago 1 reply      
It Just Works danielandrews.com
245 points by danielandrews  1 day ago   181 comments top 39
1
geophile 1 day ago 6 replies      
Major Apple applications have become inscrutable and frustrating.

- iTunes, Music and the iTunes store are a mess. I understood the old iTunes organization. Navigation within my music collection has become highly non-intuitive. It seems that there are multiple paradigms (long list of tracks, and another sectioned off by album), and it isn't always clear why one or the other is used. I keep forgetting how to get to the store. Once there, the integration with the stuff I've bought is unclear (especially for video content). I once got extremely confused watching a series, not realizing that one particular view of the episodes were ordered by POPULARITY, not in chronological order. And ratings! I get the 0-5 star rating system. Then they added the heart icon for -- uhh -- something. Why not just use the existing rating system? Why do I have to rate things again for a different purpose?

- Podcasts have become very confusing. I want to be able to control what is physically present on my devices, to control data usage on my phone, and space usage on all devices. They've intentionally made that difficult.

- Photos is a disaster. There are many different organization paradigms, and it is unclear why some of my recent photos appear in some of them but not others. What are the differences among events and photo stream? Why do some pictures show up in the by-date organization but not photo stream? What's in the cloud? When does it sync with my phone? Why is it easy to sync with my phone by cable but not IP?

If current trends continue, my beautiful Mac hardware will be nothing but a boot loader for VMWare and Linux.

2
planetjones 1 day ago 6 replies      
It's really frustrating for me just how many bugs Apple software has. Let's look at a simple one - the icons on iOS safari for frequently visited websites. They "randomly" assign the wrong favicon e.g. I click the Facebook icon and it loads Hacker News. This has been present since iOS 8. Yesterday I pulled down the notification screen and it occupies only 50% of my screen. Cue another reboot of the iPhone.

My iMac. Upgrading to Yosemite was the worst mistake ever. Now I have to use a cheap mouse and keyboard, as Apple's Bluetooth versions no longer wake the sleeping iMac. I have tried every solution on the Internet to this and none fix it. The beachball is becoming ever more prominent on the iMac too. Very disappointing for a machine which isn't 3 years old.

My Macbook Air. It's better, but the power button no longer does anything when I press it.

Apple products have a huge premium and the quality of the software is not matching the price tag. I am not surprised to see the stock falling; usually when IBM buy your products en masse you know something is wrong :)

I don't know what the culture at Apple is. But I don't think their software developers can be anything other than the "norm" - and I am extremely worried about their automated testing culture. Maybe someone can comment.

EDIT: I just remembered my Apple Cr*p folder home to Podcasts, Tips, Apple Watch, Calendar, Health, Apple Store, Apple Maps, Videos, Reminders and Newstand. Podcasts actually cost me money when it started downloaded podcasts over 3G despite me saying wifi only. I think that bug got fixed, but I'll never trust it again. I also forgot about the white elephant that is the Apple Time capsule I purchased. It's slow over wifi from the iMac and was one of the causes of my beachball, but the main issue was it kept saying it couldn't back up because the disk was locked. For a company like Apple who should supposedly simplify backup, the product is a shambles. Maybe this is better now, but I won't be upgrading.

3
suresk 1 day ago 0 replies      
The thing about saying "it just works" and attempting to hide everything from the user is that it is really, really frustrating when it doesn't "just work".

The amount of hardware and software bugs I've encountered in Apple products has been steadily increasing, to the point where I'm really only happy with my iPhone (and even that has some problems) -

- Connecting a wired keyboard to a Thunderbolt display that is connected to my MBP rarely worked after disconnecting/reconnecting my MBP. I'd have to change which USB port the keyboard connected to - until discovering that this was a common problem that connecting a USB extender fixes. It just works?

- We use Apple TVs in our conference rooms to connect our laptops to and project via a projector/tv. The Apple TVs routinely reboot, fail to connect, and drop connections. I've had my laptop lock up for several minutes trying to connect to one.

- iMessage routinely gets into a state where it shows ghost notifications that I have to clear by deleting conversations one-by-one until I find out which one is causing it.

- iMessage routinely reorders previous messages.

- Safari randomly uses the wrong favicon for frequently visited websites.

And so many more. It is really disappointing that I'm not really that surprised when something doesn't work or feels clunky. At this point, I trust my Windows machine more than I do my Mac.

4
bilbo0s 1 day ago 1 reply      
"...In my opinion, Yosemite is the worst non-beta Mac OS release Ive ever used and Ive used everything other than the public betas of 10.0 ..."

???

Personally I find Yosemite AND Windows 10 to be wanting in most every respect. But I think there is a bit of a tendency to view the past through rose colored glasses.

There is no way that Yosemite is worse than 10.0 or 10.1. I know I'm going to date myself a bit here... but 10.1 on that Titanium powerbook, that sagged like rubber if you held it from one end by the way, had to be the single worst computing experience of my life. That INCLUDES waiting for time on the mainframe, punchcards in hand, in the basement of the computer science building at the University of Wisconsin.

"... While I didnt run into any data loss issues or anything particularly catastrophic..."

That right there should tell you it's better than early OSX. Thank who- or whatever you deem divine for Perforce... because I once lost an entire Solaris build of the Photoshop engine to early OSX. And it waited until I had fixed quite a few bugs to make the engine work on BSD before it crapped on me too.

AWESOME times!!! No actually it SUCKED!!!

Maybe I'm just being harsh on 10.0 and 10.1, or maybe harsh on Titanium powerbooks??? I don't know. Maybe other people were not as annoyed as I was with the crashes and slowness. But it was BAD!!! HORRIBLE actually. I think Vista was a sack of crap... but even Vista gave a better experience than the early OSX versions. Though Vista and early OSX probably are neck and neck for worst desktop OS experiences to date.

I don't know... I could be wrong. I mean... I also think Windows XP has probably delivered mankind the BEST desktop OS experience to date. So what do I know ???

Anyway... Yosemite is bad... but for those too young to remember... BELIEVE me when I say... early OSX was FAR, far worse.

5
Sir_Cmpwn 1 day ago 6 replies      
I don't understand why the hacker scene these days is full of proud OSX users. What happened to the proud Linux hackers we've always had? They told me to use OSX at the job I recently started, and I only lasted a week before I told them I wanted to install Linux.
6
stdbrouw 1 day ago 3 replies      
I dunno. I've never experienced any of the problems described in the post. Always kind of dangerous to extrapolate from n=1. It also feels somewhat myopic to claim that people don't like apps like Notes or Calendar because there's more featureful alternatives. The point of stock apps isn't to please the power user.
7
gskye 1 day ago 0 replies      
I've been watching apple's software quality decrease over the past few years with increasing disappointment . It still astounds me that their test suites haven't caught the multitude of issues i've seen before shipping.

It makes me wonder if Apple actually uses their own products. Don't even get me started on the Remote app...

8
drb311 1 day ago 3 replies      
"It just works" is a tricky promise to make good on. Microsoft never made this promise and nor does Google.

As a Google fan I accept a certain amount of flakiness as part of the brand identity. It's always celebrated a quirky, rough feel. In some ways, Google is starting to get TOO slick.

People expect Apple to be innovative and reliable; too push the boundaries without ever falling over them. It's hard to do either consistently, successfully, at scale. It might be impossible to do both.

9
post_break 1 day ago 2 replies      
I got into Apple in 2006, loved the ride up to Snow Leopard. Then things got weird. UI choices that made little sense. Hardware bugs that were impossible to diagnose or fix. Like my parents Mac Mini that would show snow on the display after it went to sleep. Try troubleshooting that remotely. My work rMBP has some similar issues where my monitor just goes green. And then it also has a SystemUI freeze for upwards of 30 seconds that is completely impossible to fix. DiscoveryD, oh god why.

Apple just doesn't seem as focused on a main goal of shipping stable and perfect solutions. The "me too!" attitude shows it.

Oh and lets not forget when they ship iWork with missing features and then slowly add them back over time...

10
leonroy 1 day ago 0 replies      
Excellent article.

I too find myself looking at ways I can reduce my reliance on Apple these days. For me it's getting burnt with Aperture, discoveryd causing all my Airplay speakers to constantly act up, $1000 Thunderbolt displays flickering on my $6000 Mac Pro as well as parts of my iTunes library getting spoilt by the new Apple Music stuff. List goes on, but Daniel is right, I just don't really have much (if any) faith in Apple when it comes to my data.

I think that this erosion of trust will take years to rebuild. The sad thing is that Apple in the mid 90s had a similar rep for flaky products and Tim Cook was widely credited for tightening ops to improve product manufacture, quality and reliability.

11
msluyter 1 day ago 2 replies      
Yes, I've also noticed an increasing number of software bugs on my Macs. FWIW, I wanted to try out the Dell XPS "Developer Edition," which appears to be about as close as you can get to a Macbook level build quality in a linux box (without having to jump though the hoops of installing linux on a macbook itself), and you simply can't order it from Dell's website. A chat with a rep suggested that it's out of stock.

So, I think Apple is creating market opportunity -- a high quality linux based laptop aimed at developers that, like the Mac, doesn't require constant fiddling or kernel rebuilds to get working.

12
mkozlows 1 day ago 7 replies      
It's certainly the case that OSX, at least, has gotten flaky as heck, but at the same time: What's the competition?

While Apple was releasing Yosemite, Microsoft was going down the Windows 8 rabbit-hole, releasing the worst version of Windows since ME. And while desktop Linux has been getting better over time, I don't think anyone would say that it "Just Works" yet.

The only desktop/laptop OS that actually does "Just Work" is ChromeOS; and while that's a wonderful experience for its use cases, there are still plenty of situations that it's not great for.

13
hahainternet 1 day ago 1 reply      
A very interesting article. I'm not part of the Apple ecosystem so I have no way to judge its veracity, but in my experience this is a feeling common to quite a lot of users regardless of product or manufacturer.

Is this driven by competition? complacency? capriciousness? I've no idea.

14
willcodeforfoo 1 day ago 3 replies      
I've been increasingly feeling the same way, especially about OS X, but what's the alternative for a developer-friendly desktop operating system that looks and works beautifully (almost) out of the box?
15
JimmaDaRustla 1 day ago 0 replies      
As an Android, linux, and Windows user...I've been having the most outrageous time getting anything to work as expected with my girlfriend's iPhones. Issues, upon issues, upon issues of how services or software is expected to work...yet never having desired results.

A few days ago, I held her iPhone 6 for the first time since she got it a month or two ago. I felt like I was holding the greatest piece of mobile technology in existence, except I knew it ran iOS and only iOS.

16
swang 1 day ago 1 reply      
1. I'm still on 10.9. Still have not moved over to Yosemite. Mavericks runs smooth for me.

2. It is 2015 and iTunes/iPhone syncing is still the absolute worst. I just want to add a couple of albums to my iPhone, why do I need to connect over a cable (wifi syncing almost never works for me) and why do I need to wait more than 5 minutes? I don't want to sync my entire phone again! (If you know how to not have iTunes do this, please tell me. It is the worst).

17
mijustin 1 day ago 0 replies      
"Like every tech company nowadays, Apple wants to do it all."

I'd say that Apple has always wanted to do it all. They've always built the OS + the hardware + the software. Arguably, it's that "end to end design" that's helped them achieve their success.

18
omarforgotpwd 1 day ago 0 replies      
I think Apple software is generally good but occasionally buggy, especially close to release. Apple's iOS-era policy of free updates every year has just subjected more people to these bugs more often.
19
bane 1 day ago 1 reply      
I dunno, I just don't use Apple produced software on my Mac for the most part and the experience is mostly fine. I use Windows at home and Mac for work, so I probably spend a bit more time on my work Mac.

I loath finder with a passion that would reduce stars to quarks, but that's just because its poorly designed, not particularly buggy. And outside of the OS, that's pretty much all the Apple software I tend to use on a day-to-day basis. I learned a long time ago to just stop trying to make their software work, and I don't know why people keep returning to it after years of dealing with increasingly bad software. Just avoid it.

My day pretty much consists of Chrome, iterm2, MS-Office and a handful of other apps, and things work mostly fine. I could probably have an absolutely equal day on a Windows laptop since most of what I use is cross-platform or has an equivalent.

My only real gripe is that I wish the screen animation and updating was more "snappy" like in windows. It always feels like it's just making the little graphics hamsters work a little extra hard to do things like scrolling quickly.

I think the larger point here is that the apps apple makes all have better replacements in their segment. I can kind of see that for a terminal application or whatever that's tossed in with the OS, but for other kinds of applications, ones you pay good money for, Apple really should be more neck-and-neck with the competition.

There's also really little excuse these days for the huge ecosystem of addons and patches that unfuck missing and broken core OS features. Bettertouchtool, for example, shouldn't actually need to exist. But there's something like half a dozen applications kind of like it, and zero support for what it does built in OS X. People don't really complain about it too much because once you install and set these little widgets up, you forget about them. But the user should never have to install this stuff in the first place.

This seems to me like a combination of a lack of focus, lack of dedicated teams, lack of product ownership and vision, and lack of attention to detail in the software development practice at Apple vs. the software design teams.

20
serve_yay 1 day ago 2 replies      
Apple makes things that "do more" than their products of old, and we expect them to do more than devices past. The combination of features plus our expectation that all our devices be aware of what is happening on the others at all times is a recipe for a combinatorial explosion of unpredicted states, race conditions, you name it. I too miss the simplicity and "it just works" factor of past days. But it's a lot easier to pull that off with an iPod and a Mac, than iPhone + Mac + iPad + watch, etc.

They're the biggest company in the world and nobody needs to make excuses for them - I'm not saying "well, it's to be expected and it's not their fault." But I always think, who would be able to do this better than Apple? And I think the answer to that question reveals the depth of the situation we're in. As much as Apple screws up, could you imagine using a watch + phone + PC + tablet from some other vendor, and it being better? That's what really sucks about now - Apple screws up and they're the best we can hope for.

21
kaffeinecoma 1 day ago 2 replies      
Do you rely on Time Machine? Drop to the shell right now and try "tmutil compare -n" to see which files are not making it onto your backups. For me, Time Machine randomly ignores certain files, for no discernible reason. Files that have sat on my disk literally for years will never get backed up. It's happened to me on two different Macs, and I've lost data because of it.
22
davidw 1 day ago 0 replies      
I got a Mac for my new job, and I gave it a few weeks, but ended up putting Parallels on it so I can use Ubuntu. I just don't like how Macs work, and don't like that I can't customize it (focus follows the mouse, dammit!) like I can Linux.

There are a lot of things that 'just work' on Ubuntu (for me, at least), like git bash completion, that seem to require more fiddling on the Mac.

23
xenadu02 1 day ago 0 replies      
It seems clear Apple feels the same way given that El Capitan and iOS 9 are light on fancy new features. My hope is that both represent a "Snow Leopard" style polish release.

I know that dumping discoveryd has solved my WiFi/AirPlay/AirDrop issues so they seem to be listening.

24
afterburner 1 day ago 0 replies      
It never really "just worked". People have been complaining about, for example, iTunes, ever since it came out. Apple stuff always had a ton of annoyances. Perhaps the experience was more restricted before, or Jobs' pitch more convincing.
25
baseballmerpeak 1 day ago 1 reply      
When it works, it is brilliant and seamless. On the other hand, there is not any redundancy, in the sense that if one piece of the equation (OS + the hardware + the software) is rubbish, it cannot be readily replaced by substitution (e.g. swapping Windows for Linux).
26
volaski 1 day ago 1 reply      
I switched to mac when when MS lost its mind and came up with Vista--it was unusable, so much so that switching cost to mac was lower than trying to get Windows to work. Nowadays the only reason I stay with Mac is because I make iOS apps and realize it will be annoying if I abandon Mac. Apple is no more in a "just works" business. It's in a lock-in business. I used to be delighted to download their new OS's, and I'm sure everyone used to too, but nowadays I NEVER download their new versions and try not to upgrade as much as possible, I've been burned too many times and lost so many hours of productivity because the upgrade fucked me up
27
nathan_long 1 day ago 0 replies      
My first iPod had a scroll wheel. No matter what I was listening to, I could fast forward or reverse as much or little as I wanted. It was the first Apple-designed product I owned, and I learned why people loved Apple stuff.

My current iPod (Nano, a few generations old) has a touch screen with controls that vary based on what it thinks I'm doing. If I'm listening to a known podcast, I can swipe once and tap once to back up 30 seconds. I can't easily go forward. If I'm listening to a long track that it doesn't recognize as a podcast, the "back 30 seconds" isn't there.

I think the consistent, physical control was better than the inconsistent touchscreen control. But they don't sell it anymore.

28
arturhoo 1 day ago 0 replies      
The discoveryd fiasco was the biggest let down for me. Every single Macbook in the office suffered connectivity issues and it took them too long to go back to the old, perfectly fine state.

It's almost 20 years of internet ferociously consuming and producing digital music and pictures and no one has been able to improve upon what Winamp and Foobar2000 or a minimally organized photo folder delivered - Picasa worked quite well, but I guess, as google reader, being stable and functional is not enough.

How can a 600B dollar company sustain a buggy software like iTunes for so many years? Dreadful experiences include podcasts, album art, and even simple music organization! Apple Music... what makes you, the biggest digital music store in the world, release a cloud based product that thinks that a live version of a song is the same one as the album version?

It seems Apple is trying to make its user base - that helped it become the most world's most valuable company - user their version of every digital service/product possible but at the cost of lacking in the areas that made it thrive in the first place. Heck, even my last MBP had hardware issue (staingate)...

29
ihnorton 1 day ago 0 replies      
1000x this. I've turned to dtrace twice in the past several weeks to find fixes for serious issues on other people's computers. One was a segfault at startup in iTunes caused by a corrupted cookie cache. The other one was a corrupted plist that prevented adding new exchange accounts or calendars to mail (with no indicators at all -- the new account would just hang indefinitely).
30
guscost 1 day ago 0 replies      
> People lose their minds when Google services go down because it happens once a year. When Apple services go down, people just shrug or write a blog post like this.

Well hang on a minute, I thought people lose their minds when Google services go down because Google is a software company and their core products are online services. When Apple services go down, it isn't as noteworthy since Apple is a hardware (dare I say fashion?) company. But when Apple sells a cellphone that can get faraday-caged by your hand, that's when people freak out.

Now is that any excuse for Apple services to be broken as often as they are? Not at all, it projects a shoddy brand image. And when it's a service that is required to make the hardware function, users won't care which part of the "experience" is breaking.

Anyway, good writeup.

31
kraig911 1 day ago 0 replies      
I dislike photos - like for my life I can't figure out how to delete a photo.

Itunes is a huge mess. Creating a playlist with apple music is just difficult. I have to add it to my playlist then go to my my music and create a playlist there? weird.

Podcasts I giveup.

I understand this guys gripe. I have to say this though to me things aren't great anywhere. I've lost data on google drive, and messages on gmail. Adobe Cloud is so problematic to me I get extremely frustrated that i have to have 4 versions of illustrator installed to use the features and export to SVG like we all need. I think somewhere with everyone implementing AGILE the question of quality being important has been forgotten in the rush to push releases often.

32
twsted 1 day ago 0 replies      
My thesis: part of this feeling comes from the fact that more eyes are on the OS and the apps, but many issues existed before.

- I have some complaints about OS X: wifi, bluetooth, etc.

- I like iTunes as it is today (not considering the synchronization process)

- I struggle with the weakened "iWorks" applications

33
kybernetyk 1 day ago 1 reply      
I'm frustrated with Apple when it comes to services. Don't misunderstand me: I love their hardware. I love OS X. It's the best computing experience since my C64 days.

But when it comes to services I tend to avoid them as much as I can. Latest example: Apple music.

I was a little annoyed by Spotify's continuously disappearing music tracks so I was eager to try out iTunes Music. But the problems started when I tried to get into the trial: You need a valid* credit card.

Now valid is a pretty interesting definition because I'm from Germany, currently living in Germany but my banking is done via a Dutch bank (back from when I lived there). So my credit card is dutch. And I live in Germany. But it's the EU so it shouldn't be a problem, right?

Right. And no one has ever raised an eyebrow when I used a credit card that has been issued by a Dutch bank with my German address (not even the online poker websites I frequent from time to time). Not even once I had any problems with that. I'm paying my taxes in Germany via my Dutch bank account. The German tax office accepts it (they even issue transfers to that account). So if the German tax office (which still hasn't completely switched to electronic tax filing) can deal with that case then everyone on this planet should be able to. Well, expect for Apple. I just can not use that credit card with anything iTunes related. I get always an "invalid country error".

Now I'm in Germany, I'm from Germany, my iTunes account is a German iTunes account. But the fact that my credit card has been issued by a bank in a country that's just 20km from my current residence makes it invalid for Apple. A country that is part of the EU. It's like I wouldn't be able to use a credit card from California when I were living in Washington.

So I have to buy those pre-paid iTunes cards to top up my account. And so I had to add three months of pre-paid money to my iTunes account just to start the 3 months free trial.

Everything OK? Nope! I was too bold and I opted for a "family account". Now the most funny thing: Even though I am in the free trial period for the "family account" and I have enough money in my iTunes account to pay for the service I can't use the family sharing feature because for that I would need a valid credit card. iTunes just aborts with an "add a valid credit card" error when I try to configure family sharing.

It's like Kafka has risen from his grave and started a music streaming service.

/rant

34
Joeri 1 day ago 0 replies      
Consistently delivering high quality software features is impossible. Even great teams mess up every once in a while. The way apple used to get around that was to throw things away, or to send them back to the drawing board. There was someone at the top who detected when things weren't ready, and prevented them from getting released or dared teams to do better, even at great cost. In the jobs era there were many things which were rumored to ship and cut at the last moment. Apple has stopped not shipping things, and it's what will turn them into just another software company.
35
karmakaze 1 day ago 0 replies      
There's an easy way to explain all these artifacts: Apple no longer does things "as if they themselves are the user", or if they do then they've significantly lowered their standards.
36
chejazi 1 day ago 0 replies      
This trend has been very apparent to me, starting a couple years after Steve Jobs passed. I waited until July 2015 to upgrade from Mavericks to Yosemite because of all the bugs I kept hearing about.
37
wineisfine 1 day ago 0 replies      
It keeps on being strange that Steve, just one man, had so much influence on quality control. I find it mind boggling.
38
LordHumungous 1 day ago 1 reply      
Boot times for my Macbook Pro have gotten really long since a recent upgrade to Mavericks. Went from ~3 seconds to ~30 seconds.
39
mbrock 1 day ago 0 replies      
Why don't Apple just make a laptop that runs iOS?

Call it... iBook!

In Zimbabwe, We Dont Cry for Lions nytimes.com
240 points by zabramow  2 days ago   207 comments top 30
1
mjfl 2 days ago 14 replies      
It is amazing how everyone can jump on this wave of political bandwagon, including the government in Zimbabwe, without really acknowledging the irony that much more terrible things have happened in Zimbabwe in the past 20 years without nearly the same outcry. Massive hyperinflation, people starving to death, and we suddenly have tears in the West over "Cecile the lion". The corrupt government of Zimbabwe is quick to wipe away our tears and assure us that this will never happen again, all the while continuing to neglect their human citizens. I can agree that big game hunting is stupid and wasteful, but killing a lion simply isn't that big of a deal, not in the grand scheme of things, and not when we rely every day on the deaths of millions of cattle to provide us food. That's just cognitive dissonance. If anything, the doctor was paying a high price for a stupid hobby, which ultimately benefits the local people of Zimbabwe. How many people in Zimbabwe can be fed for $25,000, the price of hunting a male lion?
2
charlesray 2 days ago 9 replies      
>Dont tell us what to do with our animals when you allowed your own mountain lions to be hunted to near extinction in the eastern United States. Dont bemoan the clear-cutting of our forests when you turned yours into concrete jungles.

So don't learn from our mistakes, basically?

This is among the most ignorant things I have ever read. Terrible article from a person with a terrible mentality.

3
leothekim 2 days ago 4 replies      
"We Zimbabweans are left shaking our heads, wondering why Americans care more about African animals than about African people."

That's on point.

4
chipgap98 2 days ago 7 replies      
If people are hitting the paywall the gist of the article is that lions are dangerous animals. People living in rural village are terrorized by lions and it has a serious impact on their way of life. Zimbabweans have a lot of respect for wild animals but aren't opposed to them being hunted. America once again stirred up a social media frenzy when they don't understand the issue at all.
5
wehadfun 2 days ago 3 replies      
Honestly Zimbabwe has so many problems a lion dying is not a big issue. Hell Zimbabwe children were being tied up and set on fire a few months ago in South Africa[0].

[0]https://www.youtube.com/watch?v=HyX4aOd_2BY

6
trhway 2 days ago 2 replies      
>Dont tell us what to do with our animals

the animals aren't yours or anybody else's. They belong to that planet which we just happen to share. Human race, having achieved the ability to destroy the planet's eco-sphere, thus got a duty of steward of the eco-sphere which it has been carrying poorly so far.

Anyway, killing big game this days is a serious mental sickness.

7
caio1982 2 days ago 0 replies      
It's a pity there is so much confusion between 1) how foreigners reacted to the incident, 2) the problem of endangered species and violated habitats and 3) the poor situation of the locals. It seems nearly impossible to have a rational conversation about a damn lion while these three things aren't considered separately first. Yeah, I've tried to read the article's comments, my bad...
8
pistoriusp 1 day ago 0 replies      
I've been trying for weeks to start an honest discussion on the Internet about a hunter's role in conservation. At almost every turn I get hit with the "he's a poacher" stick!

Can we just forget about the dentist? He's not a poacher! Maybe he's just a bad person?! No one really knows. But he's not a poacher.

/*If you want to see what a poacher does and if you don't want to sleep for a few days then just ask me for a video of a live Rhino, suffering, with half it's face chainsawed off for his horn... (Brings me half to tears to just describe the video!) */

He's not what's important here. People are loving the animals that they care about to death. They're so against someone killing them that they're hurting the hunting, and in turn, the conservation industry.

One of the most beloved people on Earth, Nelson Mandela, hunted and described the benefits that hunting had on conversation: http://imgur.com/a/ZJ0QK

Nelson is cited for marketability, for the real numbers there are plenty of credible sources and institutions that'll provide the same information.

9
jonknee 2 days ago 1 reply      
... Well except that Zimbabwe is trying to extradite the dentist for poaching. The lion was in a national park that brings in significant tourism dollars for the state, they quite literally were crying for this lion.
10
lentil_soup 2 days ago 1 reply      
It is way different having to kill a lion that is making life in your village miserable to having this foreigner come in and do it for "fun" disregarding the laws of your country. One thing doesn't excuse the other.

Having said that, he is right on " ... dont offer me condolences about Cecil unless youre also willing to offer me condolences for villagers killed ..."

11
S_A_P 2 days ago 0 replies      
The best way to turn me off of a cause is to see a bunch of people soapboxing on facebook/twitter. Regardless of whether or not I agree with Cecil the lion being hunted down, the internet mob is disgusting.
12
ub 2 days ago 1 reply      
I find all these articles that try to compare and measure sympathy and emotion as pointless. People are comparing the outpouring of grief for Cecil to apathy towards human killings and inhuman treatment of animals in the meat industry. A person can be severely depressed if they lose a dog, and another can show no emotion when they lose a parent. You can't compare human emotion because it's not always rational.

In this specific case though, I would also argue given the declining numbers of lions, the anger is justified.

13
64bitbrain 1 day ago 0 replies      
I grew up in small town in eastern part of India, where Tigers were rolling on the streets and wild elephants were more dangerous than any other animal. Just dont piss them off, that was told to anyone new in that area. My dad use to take me to elephant(trained off course) rides into the jungle(the real jungle) to watch tigers and all other wild animals. I started to enjoy it more and more. My uncle was a forest ranger and had a tiger cub, so I played with him every weekend or whenever I get a chance to visit him. One day I came to know a tiger was shot dead by "some guy" as kid I felt really bad, I was like "why kill a tiger for no reason?" I was more surprised when the local people were really sad about this. Like, they have develop some kind of affection to this animals, no matter how deadly they can be. An unspoken bond between the people and the wild animals. Off course the government was not going to investigate much about it, because of local corrupt officials. Officials were more concerned about food, jobs, education and medical facilities. Which took more highlight than the killing a tiger, which for majority of people in that locality was a big deal.
14
justinhj 2 days ago 0 replies      
I live near Vancouver in BC. We still have large mammal wildlife, grizzly bears, black bears, Cougars. They are killed by park rangers or police if they become comfortable in the human world. You can also pay to go on grizzly hunting trips further north in the province. We have just as far to go as we want Zimbabwe too.

But just because it's the same here, and because there are worse things there, can't we just agree that culling these magnificent animals should be done by officials as the grim task it is, and not by rich for recreation?

Lions that attack villagers do have to be killed sadly, but why not embrace Eco tourism instead of trophy hunting for the ones that are not a threat?

15
theafrican 1 day ago 0 replies      
The frankly appalling discussion going on over at the nyt's comments section with first world environmentalists saying the author and the rest of that third world people should just "move to the city" without even the slightness sign of empathy towards people who make less in a year than what many nyt readers make in a day ironically reminds me of the attitude many far-right US nationals have regarding immigration. Basically most of them simply ignore the realities of the immigration process and honestly believe that people can just walk to the nearest US embassy and request a greencard and that the reason there are so many illegals its simply because they wont do that.

Of course even a glimpse at the US visa system shows that there is no such option, that many visas are just temporary and tied to employment or studies that will eventually end, and honestly the only real option left is to just marry a US citizen, an option which is already becoming more and more difficult. The far-right is unwilling to understand this and how if their grandfathers in the 20th century had been faced with these strict immigration rules they would been forced to return home and stay there when in reality many came here unannounced and uninvited, just as illegals do today.

Back to the lion issue, the problem with this line of thinking that rejects the idea that opinions from outside the US hold any value nor should be considered at all is that it doesn't solves the problem. Hunting in Zimbabwe, a dirt-poor country with a collapsed economy, its actually the only way some people have to make a living. US environmentalists much like the far-right don't share that problem with the other side and thus can afford the luxury of disregarding their suffering and even ask the foreigners for further sacrifices so they don't have to admit they were dead wrong.

16
pvaldes 1 day ago 0 replies      
No problem, you will cry for lions in the future, probably.

"Using the calculations of Hayward et al. (2007), biomass density of preferred lion prey in Gonarezhou national park was calculated... the protected area could support enough preys for between 115 and 357 lions.

... the 2014 census found 33 lions in the protected area.

Lions where positive only in the 5% of the points analyzed in the census.

For the Tuli Safari Area the scientific model predict a population of about 40 lions and the 2014 census found...

zero lions

Source: "Surveys of lions Panthera leo in protected areas in Zimbabwe yield disturbing results: what is drivingthe population collapse?" Groom et al. 2014.

Models also predict that the park could support a population of Hyaena of 354 animals... 2014 census found between 400-490 hyaena in the national park instead.

This is hardly a surprise because is the same ecological rule for the whole freaking planet earth: Mesocarnivore liberation. Same that leads to the american coyote, and the english fox and the jackals now expanding to the west and reconquering Europe. You are bassically destroying the big fauna in cascade. A really expensive mistake.

> How many people in Zimbabwe can be fed for $25,000, the price of hunting a male lion?

This will depend on how many money and goats they have still after figthing the strange new hyaenas plague. And don't forget the bovine tuberculosis also.

Ok I have one idea, If we wipped the local lion pride we could kill also those 50 new hyaenas!.

(some months later) end of the hyaena problem, hum, how this new 500 jackals appeared?

17
musesum 2 days ago 0 replies      
Sport hunting changes lion social behavior, as per: http://www.sciencedirect.com/science/article/pii/S0006320710... I don't have an Elsevier account, so only read the abstract, which states that lions are seeking denser cover.

Some conjecture:

Do Zimbabwe villagers live in denser cover? If so, maybe sport hunting increase the threat by forcing lions closer to villagers? That would add a bit of irony to the situation.

18
skylan_q 2 days ago 0 replies      
People are coming to the defence of man-eating lions in a place where lions eat people.

How are there 7 billion of us when we hate ourselves and each other so much?

19
mixmastamyk 1 day ago 0 replies      
Though I don't care much about the subject in general, I'm already tired of this backlash against the backlash. :/

However yes, we can be angry about the Cecil incident. It went viral for whatever reason, other incidents didn't. That's the nature of social media, you'll have to get used to it. No, we don't have to "fix" Zimbabwe or the world before being angry at one needless death, thanks.

The author's point about lions scaring villagers when he was young is interesting yet not a justification, these lions are now in a reserve and the species is now vulnerable, if not soon to be endangered.Of course behind the words there is always the lingering self-serving idea that people are so much more important than our cousins in the animal kingdom. Well, guess what at 7 billion vs. 25k lions, which population could use a little thinning?

20
arafa 1 day ago 0 replies      
I'll never forget our tour guide in Zimbabwe saying his last paycheck before dollarization was 4 quadrillion Zimbabwean dollars. For a tour guide. So yeah, they might have bigger problems than Cecil the Lion.
21
devy 1 day ago 0 replies      
Sure, there may have been much worse things happened in Zimbabwe than a beloved wildlife Cecil, but the fact that this event raises awareness about wildlife conservation is a BIG DEAL! [1]

[1]: http://www.theatlantic.com/international/archive/2015/08/cec...

PS: I was wondering if Palmer's PR team paied for this NYT article.

22
hiou 2 days ago 0 replies      
23
vegabook 2 days ago 1 reply      
24
gadders 2 days ago 0 replies      
25
jasonlotito 2 days ago 3 replies      
26
uniformlyrandom 2 days ago 0 replies      
27
kristjankalm 2 days ago 0 replies      
28
chasing 2 days ago 0 replies      
29
vonnik 1 day ago 0 replies      
30
dragonsh 2 days ago 1 reply      
X86 rootkit github.com
215 points by jsprogrammer  15 hours ago   36 comments top 15
1
vardump 13 hours ago 2 replies      
Read through it all. Seems legit so far. This is bad.

Exploiting non-vulnerable SMM code through a remap flaw in x86 architecture. Ouch.

Not only can this arbitrarily exploit the running OS. It might actually be able to physically destroy the computer it's running on, for example by abusing thermal controls.

Doesn't affect Sandy bridge or newer.

2
mjn 11 hours ago 0 replies      
Looks like this was a talk at the Black Hat conference today. In addition to the slides PDF in the Github repository, the Black Hat site also has a short paper: https://www.blackhat.com/us-15/briefings.html#the-memory-sin...
3
thomasrossi 4 hours ago 0 replies      
Hm, what is really interesting would be to understand how this can impact a shared machine, say an EC2. Is there any more reasearch on this?
4
anonbanker 18 minutes ago 1 reply      
Does this affect AMD processors as well? if so, this would be a huge step toward rooting a PS4/XboxOne.
5
x0 10 hours ago 1 reply      
Oh man... when I read the title, I was thinking "sure, x86, whatever, but what OS is this rootkit for?"

Scary.

6
strstr 9 hours ago 1 reply      
The APIC's registers are an unusual form of per core black magic. As far as I know, no other memory addresses behave in the same way -- visible and reacting only to that specific core. It's unsurprising that Intel initially didn't catch this case.

Fortunately, it's `just` a root => SMM escalation, which are already more common than anyone would really like to admit.

7
Rantenki 10 hours ago 1 reply      
It's going to be interesting to see what the ramifications are this for trusted execution environments, where people are validating the hardware they are running on via tboot.

It's fortunate that newer platforms seem to be immune (see https://security-center.intel.com/advisory.aspx?intelid=INTE... ), but remediation after exploit via total hardware replacement would _suck_ for anybody with servers just a couple of years old.

8
mappu 9 hours ago 1 reply      
The PDF indicates this requires ring 0 to work, right? So you can't go from user to root.

However it does mention ring -2 is under the hypervisor, so.. that allows guest->host escape under VT-x?

9
flashman 9 hours ago 1 reply      
10
im3w1l 9 hours ago 2 replies      
Is it a coincidence that newer CPU's aren't vulnerable, or was it fixed because of discussions with Intel?
11
MrBra 9 hours ago 0 replies      
What does this imply?
12
jsprogrammer 10 hours ago 0 replies      
13
cft 10 hours ago 0 replies      
Does this apply to all server boards or only some?
14
hmottestad 8 hours ago 0 replies      
Should we call it "halt and catch fire 2015"?
15
pmalynin 7 hours ago 3 replies      
Things I would build if I worked at GitHub kevin.is
228 points by holic  1 day ago   138 comments top 50
1
felixgallo 1 day ago 13 replies      
These are great, but they're bugfixes. You'd finish them in the first few months. Then what are you going to do? Stare at an aquarium all day? Here's what I would build if I worked at github:

* Github CI - simple CI for every language, integrating with:

* Github Artifacts - repository for versioned deployable build packages (binaries, tar.gz files, ios builds, android builds...), integrating with:

* Github Deploy - deploy tooling for deploying runnable artifacts or artifact combinations to either your own infrastructure, or to aws/azure/google, or:

* Github Cloud - instances/containers as a service

and the 'fork' button would be a pulldown that would include the options 'fork', 'fork and test', 'fork, test and deploy'. Now that's a nice little 3-4 year career.

2
danielsamuels 1 day ago 5 replies      
I've gotta say, I strongly disagree with this:

> GitHub already has a great code search

At some point in the last year or so Github rolled out a new search engine which drastically reduced it's usefulness. Any moderately complex search query now has all of the modifiers and key bits stripped out making your search results unnecessarily cluttered and somewhat useless. I consider it to be one of the worst parts of the site these days.

3
Buetol 1 day ago 1 reply      
Just see the top requested features: https://github.com/isaacs/github/issues?q=is%3Aissue+is%3Aop...

* Change the target branch of a pull request pull-requests

* Delete / remove an issue completely.

* Gist comments and mentions don't trigger notifications

* Add HTTPS support to Github Pages

* Add ability to follow organizations like a user

* Insert automatically generated table of contents TOC on rendered markdown files like README.md.

* pre { tab-size: 4 }

4
Jemaclus 23 hours ago 0 replies      
The only thing I really, really want is paginated diffs for pull requests. C'mon. If I have 300 files, don't show me the first 15 and then say "well, this is too big, you'll just have to imagine what the rest of the diff looks like." Does Google return the first page and then say "the rest of the internet isn't available to you because we don't want to paginate things"? No, of course not. Just freaking paginate long diffs.

Gah.

5
geofft 1 day ago 2 replies      
It seems like some of these (perhaps all of them other than fixing the "+1" problem) can be done via API clients instead of via GitHub itself implementing it. A third-party website can do wiki searches. A separate service can send you email notifications, and you can turn off built-in emails.

Even the +1 thing might be solvable with a bot that edits each bug report to add a clickable +1 badge (a la the CI build-passing badges) at the top; all you need is to give the bot ownership of your repository. The badge can display the current +n count, and the service can give you a sorted list of open issues by +n. For bonus points, have the bot also harvest and remove comments that consist of just "+1" or ":+1".

This is GitHub after all; why don't we build stuff ourselves instead of waiting for a centralized closed-source company to decide they care about our features?

6
simonw 1 day ago 1 reply      
The biggest thing I want from GitHub is the ability to search commits. GitHub are pretty good at search (their issue search is fantastic, and their code search is decent enough) - but the data I most want to search are the commit messages in my repo.

I understand this will be a huge amount of data (they must have hundreds of millions if not billions of commits by now). I'd be perfectly happy if this was only available for paid repositories.

The ability to then further facet and filter searches by author, file, directory etc would be unbelievably useful.

7
andrewbinstock 1 day ago 1 reply      
By far the biggest thing I wish github would do is change the text entry beside the file names. Right now, it shows the comment of the last push of edits to that file. That's great for members of the project.

However, for non-members it would be far more useful to know what the file is. Here, enabling a one-line description would be hugely helpful.

Since GH knows if you're a member of the project it can show you the right text--description or latest update. And presumably, a button would allow you to see the other text if you needed it.

8
fiatjaf 1 day ago 2 replies      
A better way to browse forks.

If today you see that a major repository has a fork with a lot of commits, you cannot know without looking through THEM ALL if they are just typo fixes or if the fork is really changing/improving things over the main repo.

9
kzhahou 1 day ago 1 reply      
They'll need another $100 million to get these done!

(Yes, by which I am saying their website has not improved much given their massive funding)

10
stevekemp 1 day ago 1 reply      
I see people here posting issues of their own, but I'm amazed nobody has yet mentioned the lack of IPv6.

I've setup a few machines with IPv6-only network connections, and it makes pulling my dotfiles from github a pain since I need an IPv4-proxy/tunnel to access github.com

11
foolfoolz 1 day ago 2 replies      
git hubs worst problem: FIXED WIDTH CODE READING

code is read way more often than written. and on github website all you can do is read it. why the viewports don't take up the entire screen width i will never understand.

12
sytse 1 day ago 0 replies      
Great list, we're working on making something that makes +1's less noisey. If you want the possibility to contribute to the tools you use daily consider using our GitLab. It is open source and more than 800 people have contributed already.
13
jarjoura 1 day ago 1 reply      
My biggest pet-peeve about GitHub is its issue tracker system. It's great for one-off issues or tracking a pull-request, but beyond that its design is super unwieldy. Such a missed opportunity to crush JIRA, et. al.
14
nickbauman 1 day ago 1 reply      
Absolutely fix the pull request interface. It currently reads like a ransom note. Go over to bitbucket.org and copy theirs. It's 100x better.
15
andrewchambers 1 day ago 1 reply      
One thing that has bitten me is the code review submitting each line of feedback instantly, before you have finished reviewing the whole pull request.
16
hlfcoding 1 day ago 0 replies      
An unordered list of missing features from me:

- No ability to store the tab size setting. While appending '?ts=2' to the url is ok, it's not convenient and usable on a daily basis. The same for omitting whitespace changes in a diff / pr ('?ws=1').

- No ability to step through history on a single file while in blob view, or blame view. In blame view, the commit link goes to the commit, not the blame of the file at that commit.

- Agree with OP that notifications need to be grouped / summarized better. Perhaps expandable summary items per repo per type. This is mostly useful for private, work-related repos. Pulse and notifications are basically the same thing.

- Stars cannot be tagged. This makes managing hundreds of stars difficult. There's apps like Astral, but even those are lacking.

17
lhnz 1 day ago 1 reply      
Personally, I'd like a nice GUI to pick and squash commits with new commit messages against them on creating a pull request. I don't enjoy using the CLI for this, and it would be nice to thread thoughts on the solution into the commits themselves rather than explaining solely in the PR description.
18
epberry 1 day ago 1 reply      
Wiki search is #1 on my wish list for Github. I see others talking about cloning the wiki repo locally and searching it but for big projects this would be the equivalent of downloading something like the Python docs and searching them. It could be done but it would be a massive pain in the ass.

I have written most of the documentation for the project I contribute to the most and I organized the wiki like a two level tree where a top level page has links to category pages and each page on the wiki is linked to from one of those category pages. Then there are links interspersed among the pages like a normal wiki. This structure works okay but I know it can be better because sometimes I cannot even find information that I produced!

19
jasode 1 day ago 1 reply      
Those are interesting suggestions, but my guess is that they are probably focusing on features to make github more enterprise friendly. If a16z invests $100 million in github, it doesn't seem like streamlining emails will have the ROI that investors expect.

Maybe github is focusing on creating a full software development lifecycle management (ALM) in the cloud. (Like Microsoft Team Foundation Server and JIRA.) A dashboard for sprints, defect fixes, issues tracking, etc. That's the type of "enterprisey" thing that attracts more business subscriptions. They use the storage of sourcecode repositories to open doors to other sw development related business.

These are just my guesses. I haven't seen any explicit roadmap from github.

20
arikrak 1 day ago 0 replies      
I feel one could have more ambitious goals. E.g. Could Github build a powerful developers careers site based on all the data they have? Could they provide more tools to help people program? (Could they automatically create programs? https://news.ycombinator.com/item?id=9973088
21
masklinn 1 day ago 0 replies      
> The suggested alternative is to "Subscribe" to an issue for updates, which is what I've started doing to issues that I want to show my support for. My support, however, isn't visible to anyone else.

Though following the resolution of an issue usually means I'd like for it to be resolved, the converse isn't true: I've hit thousands of issues over the years but most of the time I've been able to work around them and haven't hit it since, resolving the issue would be nice for people coming after me, but I don't really care to be spammed by its status updates.

So yes, "subscribe" could count as a +1, but no "subscribe" should not be the only way to "+1" an issue.

22
kranzky 1 day ago 1 reply      
Things I would build:

* Push conflicted branches so developers in a distributed team can work together to resolve conflicts.

* A git-powered version of Rake, which runs only those tests that need to be run based on the git history since the last run.

* A tool to identify what code changes caused a particular test to fail, based on the above.

* Language syntax detection for smarter diffs, improving the display when blocks of code are moved around or indented/outdented.

* Language linters built in, to detect when a change is introducing a syntax error. Same for coding style.

I'd also move the "Close Pull Request" button a little farther away from the "Comment" button, and make it possible to add comments to a diff when you've hidden whitespace differences (with `&w=1`... I'd also make it a bit more obvious that you could do that).

23
kevinSuttle 1 day ago 0 replies      
I started this as well: https://github.com/kevinSuttle/github/issues (not the same Kevin as link author
24
bronson 1 day ago 1 reply      
How about making pull requests less centralized? Right now, if I file a PR, only the project admins or I can modify/rebase it. I'd like to give other (non-admin) collaborators permission to work on it too.

Or, maybe it could use a forking model? Let anyone fork their own PR from mine, make those forks prominently visible in my base PR, and make it easy for me to merge their edits back in.

25
TheRealWatson 1 day ago 1 reply      
I always wished GitHub had a chat room per repo. Fully integrated with github features, like mentions, issues, pull requests. Maybe even hubot builtin.
26
davidcelis 1 day ago 0 replies      
For the "voting on issues" feature I'd really just love to see them clone Slack's recent "Emoji Reactions" feature.
27
eam 1 day ago 1 reply      
Getting notifications/emails when a new release is released of a repo I'm watching or have starred would be awesome!
28
adamnemecek 1 day ago 0 replies      
I would make the search results deduplicated. It happens to me a lot that I search for something and the first 10 pages of search results are from the same 5 projects, but from different locations within the single projects. I usually lose patience sometime around page 5.
29
web007 1 day ago 0 replies      
I reported this a while back, so it's in their backlog somewhere but obviously not super-important:

I'd like to see an option to turn off fork notifications for org projects without turning off all org notifications. As-is, I get an email for every dev forking every project, sometimes more than once due to lack of git knowledge.

30
jpdlla 1 day ago 0 replies      
* Search code in a branch other than master.* Advanced code search inside a repo(match searches with symbols, etc.)
31
pietherr 1 day ago 0 replies      
Things @teabass would build if he quit GitHub: https://libraries.io

Really useful to get updates on new releases of libraries you use.

32
rocky1138 1 day ago 1 reply      
Search can be easily worked around by using Google with the site: parameter, e.g., search on Google with this query:

wireless site:https://github.com/esp8266/esp8266-wiki/wiki

33
electic 1 day ago 0 replies      
I would also like to see GitHub Chat. Complete Slack killer with the same heart and spirit of Atom.
34
mpdehaan2 1 day ago 0 replies      
This is a really good list.

As for sorting things by file, here's a pretty cool project to do that using GitHub API - https://github.com/sivel/pr-triage

35
TheRealWatson 1 day ago 0 replies      
It's very common, at least on my team, to create pull requests for the wrong target branch. I don't see why GitHub doesn't allow you to fix it before any comments are posted. This would save some useful time.
36
thinkbohemian 1 day ago 1 reply      
Better filters for emails. Would love to subscribe to only new issues on a repo or random issues on a repo. Basically http://codetriage.com
37
tacone 1 day ago 0 replies      
To be frank, it is pretty much ok for the +1 to be annoying: it's often what they are meant to. Thus, if a vote button were to be implemented, it would not be used all the time.
38
fogonthedowns 1 day ago 0 replies      
I would really like to have the ability to Edit commit messages using the web interface. I'm often stuck with a poorly crafted message and an edit function would help that.
39
jkmcf 1 day ago 0 replies      
Better blame history navigation, functionally the same as how Textmate does it.

1. git blame file2. click on a hash for the change3. show the file for that change

Right now, (3) shows you the diff for the hash

40
qntmfred 1 day ago 0 replies      
https://github.com/isaacs/github has a ton of these missing features
41
choward 1 day ago 0 replies      
> These are great, but they're bugfixes.

I agree with every you said but that first sentence. How are these bugs? They are features that never existed.

42
artur_roszczyk 1 day ago 0 replies      
+1

I would also implement a button for reverting pull requests already merged in master. Reverting merges may be not trivial for less experienced users

43
Linell 1 day ago 1 reply      
I'd also love for commit messages to be parsed as markdown. I can't really think of a downside to it.
44
tsuresh 1 day ago 1 reply      
GitHub wiki is a repo and can be cloned locally. Searching through a local files is trivial.
45
sandGorgon 1 day ago 0 replies      
I would build a Slack alternative + Jira alternative that is deeply integrated into Github.

QED.

46
fred2133 1 day ago 0 replies      
Github Firehose if it was me.

Something to build tools on top of.

47
jafingi 1 day ago 0 replies      
+1

;-)

48
ocdtrekkie 1 day ago 0 replies      
I'd kill for merge conflict resolution in the web UI.
49
brobdingnagian 1 day ago 0 replies      
50
OedipusRex 1 day ago 0 replies      
Hacker shows he can locate, unlock and remote start GM vehicles computerworld.com
211 points by henrik_w  2 days ago   175 comments top 21
1
uptown 2 days ago 0 replies      
OnStar sent this email out on July 31st:

 Thank you for being a loyal OnStar customer. We're happy to have you as part of the OnStar family and appreciate the confidence you have in us. We are writing to inform you that we have recently made a security update to your OnStar RemoteLink mobile app. As a result, the current version of the app you have on your Apple device will no longer be functional and you will need to update to the most recent version. Click here to download the Remote Link app. We hope that you will continue to use OnStar services and experience all that OnStar has to offer. OnStar advisors are ready and available 24/7 to assist you. Sincerely, Onstar Terry M. Inch OnStar, Chief Operating Officer

2
aleh 2 days ago 3 replies      
I would never ever want to be in a car which acceleration can be controlled remotely via Internet, even in theory.
3
PinguTS 2 days ago 1 reply      
Actually, that is not really a car hack.

He intercepted the communication from the app. So it is an app hack like we have seen numerous times. It my be different, but it sound like cookie stealing what was possible with the Facebook app and the Instagram app. Then with those credentials you can do all those things that you are supposed to do like if you where the legit user.

All those functions are functions supposed to be done by the app. So there is no hacking on the car side done. The interesting piece of information would be: can that be used to actually hack the car?

4
hoopism 2 days ago 1 reply      
I am a volt owner and have the app mentioned in the article...

It appears that the hacker can gain access to whatever the phone app is capable of... which is not THAT much really. You can absolutely start and stop the car but you need the key fob to actually drive the car and I don't believe you can stop it when it is actually being driven.

There is no speed or braking controls in the app. You can unlock/lock, start/stop and trigger the alarm.

In addition the the device must be near the car and the user must be using the app.

I am glad they are patching this, but it's really not on par with prior vulnerabilities as far as I can tell.

5
Aoyagi 2 days ago 3 replies      
       cached 7 August 2015 15:11:03 GMT