hacker news with inline top comments    .. more ..    12 Aug 2015 Best
home   ask   best   4 years ago   
G is for Google googleblog.blogspot.com
2216 points by dkasper  1 day ago   556 comments top 146
chetanahuja 1 day ago 3 replies      
Actually reading the first few paragraphs of the form 8(K) was more illuminating than the blogpost.

"Under the new operating structure, its main Google business will include search, ads, maps, apps, YouTube and Android and the related technical infrastructure (the Google business)"

"In connection with the new operating structure and upon completion of the Alphabet Merger (as defined below), Larry Page will become the Chief Executive Officer (CEO) of Alphabet, Sergey Brin will become the President of Alphabet, Eric E. Schmidt will become the Executive Chairman of Alphabet, Ruth Porat will become the Senior Vice President and Chief Financial Officer (CFO) of Alphabet and David C. Drummond will become the Senior Vice President, Corporate Development, Chief Legal Officer and Secretary of Alphabet. Larry, Sergey, Eric and David will transition to these roles from their respective roles at Google, whereas Ruth will also retain her role as the CFO of Google."


ChuckMcM 1 day ago 13 replies      
Wow, they are doing letters? Really? Letters? Hey is Eric Schmidt still in the building somewhere? Ask him how well Planets worked out for Sun Microsystems.

Interesting strategy, hard to second guess from the outside of course. Sun's motivation was to figure out whether the other parts of the company could stand on their own[1], it also makes it less fiscally complicated to discharge an entire group into the void. Think HP selling off the Agilent half of itself.

Generally though this sort of move is a way of containing and then "fixing" cost problems. Divestiture is so much easier once you've created the framework of a whole organization around each chunk. It can also be weirdly inefficient, at Sun each of the "planets" paid in a sum of money to IT (Bill Raduchel's organization) for "Corporate IT support" except that Corporate IT didn't work for them, they were just the only vendor you could use to get your IT services, so what you ended up with was really crappy IT work that you couldn't shop around for. It was maddening. But the 'collection of companies' design pattern requires either that you have your "service providers" that everyone uses (HR, IT, Legal) which gives little incentive for quality service, or everyone gets their own version which means a lot of excess overhead and duplicated work.

I could think of at least two other ways Google could have re-organized without bringing that pain upon them, and as Eric lived through it at Sun as well I'm sure he has an opinion.

Oh, and having one of the sub-companies get the world's #3 brand? I wonder how that works out.

[1] Answer "No" for SunSoft, "Yes" for Sun Hardware, "No" for Sun Labs.

rbinv 1 day ago 7 replies      
From the abc.xyz source code:

Sergey and I are seriously in the business of starting new things. Alphabet will also include our X lab, which incubates new efforts like Wing, our drone delivery effort<a href="http://www.hooli.xyz/" target="_blank" class="hidden-link">.</a>

igorgue 1 day ago 3 replies      
They gonna fail cause they don't own the .com \_()_/
jordigg 1 day ago 7 replies      
So all google divisions are now individual companies inside a conglomerated called Alphabet where Larry is the CEO and Sergei the President. Sundar Pichai is now the new CEO of Google. Is that right? Why do you think they are moving this way? Regulations? Taxes? What about Eric Schmidt?

I don't know much about trading, but look at that "after hours" spike! http://postimg.org/image/ho5ecyr99/

EDIT: All google subsidiaries are now subsidiaries of a conglomerated called Alphabet. Google is a subsidiary too. Google stock will now be Alphabet stock.

loteck 1 day ago 2 replies      
To summarize (correct me if I'm wrong):

- Google will now be operated as a subsidiary of a new company called Alphabet.

- Alphabet will be publicly traded under the same symbols as Google is now traded.

- Stock will just transfer as-is.

- Sundar Pichai is now the CEO of Google.

- Larry and Sergey will run Alphabet as CEO and President, respectively.

franciscomello 1 day ago 4 replies      
Here's why I think Google's transformation into Alphabet was not a wise one.

As Google cofounder Larry Page, now CEO of the holding company Alphabet, that will have as its main subsidiary Google, the search company, said earlier today:

>As Sergey and I wrote in the original founders letter 11 years ago, Google is not a conventional company. We do not intend to become one. As part of that, we also said that you could expect us to make smaller bets in areas that might seem very speculative or even strange when compared to our current businesses. From the start, weve always strived to do more, and to do important and meaningful things with the resources we have.

Well, if Google wants to keep spending investor money into "speculative" areas, what could be dumber than reporting its financials as "Google: hugely profitable" and "other random stuff: huge cash drain"? It will just make investors all the more sensitive to the fact that Google's search business is basically what makes money, and everything else is - for now, at least - a huge cash drain.

Raising awareness to Google's - oops, Alphabet's - business unit's individual financials will attract attention of the likes of Carl Icahn, who's raided Ebay in the past, and who'll engage in open challenging of Page and Brin's capital allocation decisions. It will definitely not compensate for the advantages of having Sundar Pichai take on greater responsibilities as Google chief, etc.

Not at all a wise move.

josh2600 1 day ago 5 replies      
Is this purely a function of sharding liability across a conglomerate of businesses? It seems like concentrating Google's ad revenue in a smaller, more efficient business unit is a nod to Berkshire Hathaway's method of business.

I can't recall this sort of thing happening in my lifetime, so it will be really interesting to see how this plays out. I also wonder how this would be treated if Google didn't have the crazy corporate structure they have now (where public shares are essentially non-equity and non-voting).


Edit: I am reasonably certain this is a tax and liability optimization strategy. It allows their more risky units to operate with separate liability from their cash cow.

Edit 2: I'm actually surprised the stock value hasn't tanked because most of the future potential of Google just got moved outside of the company. How much of Google's future value was based on X? I would say a non-trivial amount of the stock price is the anticipation of future profits, which are now no longer a part of the company the stock is intended to index.

Edit 3: Disregard Edit 2, I misread the release the second time through and assumed X was not part of the company :).

daniel-levin 1 day ago 0 replies      
It seems as though Google (Alphabet) is splitting its business divisions into:

1) Google - a company comprised of reliably profitable products that run at massive scale (search, video, mobile, mail etc), and they know that Sundar Pichai can manage this

2) Everything else - these are high risk ventures with possibly enormous pay-offs. This is a breeding ground for positive black swans which Google are keen to expose themselves too.

To borrow Nassim Taleb's nomenclature, Google is splitting into mediocristan (1) (bounded variance - existing products [like YouTube] are predictably profitable) and extremistan (2) (Calico - if a major breakthrough in combating aging related diseases is made it will be both unpredictable and hugely materially beneficial)

>> We will rigorously handle capital allocation and work to make sure each business is executing well.

This sounds like the business restructuring will allow Sergey and Larry to apply just as much capital as they see fit to the extremistani business divisions. In other words they would like to control their exposure to possible consequential rare events in a simple fashion: by controlling a very simple set of parameters - i.e. how much cash each business division gets.

sz4kerto 1 day ago 4 replies      
Does this mean that running high-risk project inside Google started to damage the reputation of Google? Many (most) of the moonshot projects failed (which is normal), and I have the feeling that these events had a somewhat bad fallout on the image of the whole company (questioning its invicibility to some extent, mostly in the eyes of the press).
sethbannon 1 day ago 0 replies      
From the SEC form making this official, here are the separate companies under Alphabet Inc:

Google, Calico, Nest, Fiber, Ventures, Capital, X.

Looks like Search / ads, YouTube, Maps, Apps, and Android will stay under Google Inc.


axyjo 1 day ago 6 replies      
This is a big move, which might also possibly help with EU anti-trust accusations by splitting up the big-ol' monolithic GOOG into functionally separate units.
yashap 1 day ago 0 replies      
I wonder if part of this is to make it easier to kill the side businesses if they fail, since these ventures are inherently very risky, and require people with very different skills than normal at Google. Say 1000 people are working on Calico, but it ultimately fails, and there isn't a natural spot for them in Google anymore. If they were all Google employees, this turns into "massive layoffs at Google." Now it's just "Alphabet folds Calico business", which sounds less bad (and possibly even makes layoffs easier? Don't know, IANAL).
swalsh 1 day ago 1 reply      
So Alphabet will start a new car company, and google can continue on as a search giant. It makes a lot of sense.

So many people keep saying their biggest fear of google is that they will turn devices like Google Glass, or the Google car into products to collect information on people. When those products themselves are viable business models.

rottencupcakes 1 day ago 6 replies      
Just a stray observation, but now Microsoft and Google are both run by Indian born CEOs.
tashoecraft 1 day ago 2 replies      
Probably was done to be ahead of apple and amazon in the yellow pages.
PascLeRasc 1 day ago 7 replies      
Interesting. I suppose they'd fail PG's test of owning your own .com.
Yhippa 1 day ago 0 replies      
Did Google effectively just do a rotate operation on a red-black tree for their organization?
coffeebite 1 day ago 2 replies      
Is Larry Page trolling PG? A day after PG publishes an essay that companies should own the .com version of their names, he renames Google to Alphabet with .xyz as the TLD.
misterbwong 1 day ago 1 reply      
This sounds a lot like Berkshire Hathaway's structure. Buffet + Munger at the top, mostly as advisers and fund managers, with individual companies given autonomy. I like it but it all depends on whether Larry & Sergey can hire well.
electic 1 day ago 1 reply      
The most important part of the 8K is how the merger will happen and how stock will be effected or transformed eventually:

Alphabet will initially be a direct, wholly owned subsidiary of Google. Pursuant to the Alphabet Merger, a newly formed entity (Merger Sub), a direct, wholly owned subsidiary of Alphabet and an indirect, wholly owned subsidiary of Google, will merge with and into Google, with Google surviving as a direct, wholly owned subsidiary of Alphabet.


aesthetics1 1 day ago 1 reply      
I do not know much about big business financials, but this seems like a move that would allow Google to separate its experimental or research-based businesses that do not turn a profit from its giant bulging revenue beasts. It will likely allow Google to post better quarterlies, and push their stock up even higher.

Appointing Sundar as CEO also allows them to focus more on the cool stuff in Alphabet and let Sundar run the meat and potatoes Google operations. Interesting moves.

hyperpallium 1 day ago 4 replies      
At last, reversing Jobs' advice to combine everything, returning to the original idea of trying lots of things. Maybe 20% time will see a resurgence, too? Bonus: small, separate entities makes it easier to tackle new opportunities (which start small) that wouldn't move the needle for Google - as per Christensen.

> We did a lot of things that seemed crazy at the time. Many of those crazy things now have over a billion users, like Google Maps, YouTube, Chrome, and Android.

Seems disingenuous, since YouTube and Android (at least) were acquisitions.

akshatpradhan 23 hours ago 1 reply      
I personally think they did this because Sergey Brin and Larry Page were getting bored with day-to-day Google operations but wanted to remain at the top. They can't just shift their focus on the new toys they're building like Robotics, Fiber, Vehicles, etc. So best bet, name Sundar Pichai as the new Google CEO, put Google under Alphabet, become the new CEO of Alphabet, and that allows them to get rid of day-to-day Google search operations and focus on their shiny new toys.
dluan 1 day ago 0 replies      
Congrats the founders of Google. Monumental move.

I have very fond memories of early Google.com, and there always used to be a vivid spirit in their products that everything was so experimental and technically on the edge. That feeling has been gone for a very long time, but since Larry has come back it's been slowly returning. Call me what you want, but I feel like this is such a smart move for the founders' freedom to explore.

And the way they announced it is totally in line with the spirit. I'm sure there was a lot of technical work, and will be more, but they way it's all hidden in the back so that they can focus on the most important parts. I'm a fan.

blackbeard 1 day ago 1 reply      
Sounds like Google is turning into Umbrella Corporation: http://umbrellacorporation.jp/aboutus.html

Life sciences, life extension, military, information, telecommunications all under one umbrella company.

allencoin 15 hours ago 0 replies      
Oh, I get it. Alphabet.

Alpha Bet.

They're making a Bet on the Alpha versions of these products.

HugoDaniel 1 day ago 0 replies      
I read "mad sex" on the cubes of their alphabet landing page :/ is this on purpose or am i that much of a pervert ?
Osmium 1 day ago 0 replies      
Makes sense. Hopefully this can stabilise the Google brand as something more reliable (fewer products that are launched one day, taken down the next), while still allowing them to experiment. The name is genius too; it suggests that there will be other companies equal to Google's stature one day ("G is for Google, H is for ...another billion dollar company?").
electricblue 1 day ago 0 replies      
I had to look at my system clock a few times to make sure today isn't the first of april.
arihant 1 day ago 0 replies      
This is great. The best thing about Google was their willingness to try interesting things. But the Apple-ification of Google lead them to look like a company suffering from identity crisis, at least from the outside.

This will keep Google products unified and work together, and will give them opportunity to throw mud at the wall with Alphabet.

Also worth mentioning is that this kind of corporate restructuring is fairly common. Usually it is done by X company expanding into X Industries with X being a subsidiary of X Industries. It is just more visible because they went with a different name, reasons of which are in the post.

sethammons 12 hours ago 0 replies      
The first thing that went through my mind (with some additional work, and all that is needed is illustrations and a publisher..):

A is for Asynchronous, the way our code should be

B is for Beta, the first stage of our code the user will see

C is for Capacity, for this planning helps our hardware not fail,

planning capacity helps our product meet our users at scale


D is for Datagram, which you may not get from me

E is for E-tag, for caching is key

F is for Freedom, the state information wants to achieve,

follow information through history if you want to believe


G is for Google, the advertising and indexing whale

H is for Hystrix, because Netflix Tools are for scale

I is for the Internet, for without it, many start-ups would fail

I is also for iPhone who's apparently in jail


J is for Javascript, with a new frameworks each week

K is for Kill, because scripts can misbehave and memory can leak

L is for LifeSize, for meetings about meetings must be

M is for Metadata, because tracking in bulk is (mumble, mumble, something, something), look! "privacy!"


N is for NoSQL, for relational data is dead

O is for Octocat, who houses our code so it is not in our head

P is for a Penguin named tux

Q is for Quiet, lost to the the tide of the open office flux


R is for Rabbit, because some problems require a Queue

S is for Secure, for we have our our user's data to lose

T is for the terminal, for how else can we see ascii Star Wars

U is for UTF-8, who's lack of handling makes bugs in our source


V is for Vitesse, never has mysql DBs been so easy to scale

W is for the 5 Whys, that guides us in post-motems when we fail

X is for Executable, which chmod can help our script to be

Y is for YCombinator, for many a start up, encubators are key


And Z is for Zsh, not your ordinary shell

These are the letters, remember them well

These are the letters, from A to Z

These are the letters, next time will you please say them with me?

[edit: format, typo]

knes 1 day ago 1 reply      
It's almost as if they read "the outsiders"[0]

[0] http://www.amazon.com/The-Outsiders-Unconventional-Radically...

acaloiar 10 hours ago 0 replies      
Yesterday upon seeing the headline "Google Forms new Company" elsewhere, I assumed that Google spun their Google Forms product off into a company named Alphabet. I was profoundly confused as to how Google Forms necessitated an entire new business entity.

I'm not a proud man.

anon4 17 hours ago 0 replies      
What is Alphabet? Alphabet is mostly a collection of companies. .... Alphabet is about businesses prospering through strong leaders and independence. In general, our model is to have a strong CEO who runs each business, with Sergey and me in service to them as needed. We will rigorously handle capital allocation and work to make sure each business is executing well. We'll also make sure we have a great CEO for each business, and well determine their compensation.

The King and his vassals, ladies and gentlemen.

thought_alarm 1 day ago 2 replies      
http://alphabet.com is getting hammered right now.
ThrustVectoring 1 day ago 2 replies      
One of the big dangers of being Google is using the profitable advertising arm to subsidize unprofitable side-ventures that don't materially affect the advertising arm of the business. This same problem lead to the decline of the Ottoman Empire - they used the profitable Balkans to pick up albatrosses like Egypt and the Levant, and then collapsed when they lost the Balkans and could no longer subsidize ruling those areas.
ucaetano 18 hours ago 0 replies      
You can now think of Alphabet/Google as the Berkshire Hathaway of technology.

While BH uses money from a cash cow business (insurance) to build a portfolio of companies that look like the established economy, and manage those companies in an exceptional way, improving individual returns while reducing overall unsystematic risk (effectively using good management to move beyond the Markowitz efficiency frontier), Google will use money from a cash cow business (Ads) to build a portfolio of companies the look like the new economy, using effective management in the same way.

smohnot 1 day ago 1 reply      
Fun game: Name Google products A-Z without looking them up! Here's what I got:Android, Blogger, Chrome, Drive, Earth, Finance, Google, Hangouts, Inbox, Jaiku, Keep, Local, Maps, Now, Offers, Picasa, Questions, Reader (RIP), Search, Translate, U??, Voice, Waze, X Labs, Youtube, Zagat... I couldn't think of anything for U and Jaiku was a bit of a stretch
reneberlin 1 day ago 0 replies      
I'd like to know what margin did the namefinding-company get paid for this extraordinary creation. And who owns all these super simple domains in all the .tlds. And what will they get paid for to let them own them? "Example" was under the near winners but didn't succeed. I am waiting for the artworks to see for "alphabet" in RGBA/cmyk/svg.
ErikAugust 1 day ago 0 replies      
They don't even own alphabet.com. Not signaling strength (sarcasm).

Also, feel bad for the owners of that domain as it is effectively being DDoS'ed.

mohaps 1 day ago 1 reply      
ha! Any problem in Software Engineering can be solved by adding another layer of abstraction! :D
zippzom 1 day ago 0 replies      
Doesn't this completely change what you are buying when you buy GOOGL shares?

It used to be you were investing in a search/ad company that owned a lot of other stuff. Now you are investing in a company that owns the leading search/ad company.

The difference is obviously academic but I think it will make a difference in how the shares are traded. Perception drives the market after all.

mattzito 1 day ago 0 replies      
This seems largely, at my admittedly brief viewing, to try to quell some of the structural concerns around all of these "non-core" businesses that the Artist Formerly Known as Google are participating in.

I think it will streamline the management of all of these different businesses, at least make it clear where Larry and Sergey are focusing their efforts.

akhilcacharya 1 day ago 3 replies      
Wow, this is really strange. Has there been any precedent for things like this?
sangd 1 day ago 2 replies      
Congrats! It's a new chapter for Google, an exciting beginning for Alphabet. It definitely broke PG's theory on the .com
_stephan 1 day ago 1 reply      
Will the non-Google Alphabet companies still have access to Google's software engineering infrastructure?
normloman 14 hours ago 0 replies      
Here's another possibility: Google's taking a page from the Innovators Dilemma, and moving their disruptive projects away from corporate meddling. Most innovative projects die at big corps because they don't fit into the companies existing business model. Walling-off self driving cars and contact lenses from Google's core business could give it the room it needs to grow (before some VP of whatever cuts the project for not being profitable).
scott_karana 1 day ago 1 reply      
I'm really confused why they wouldn't chose to incorporate a "new Google", and split out all its other ventures, future and existing, as subsidiaries, rather than make a new brand and relegate their previously mainone to subsidiary status, with its own sub-subsidiaries.

Legal issues, I presume? Or are Brin and Page just having identity crises?

I don't think anyone will care if they see "Foobar, an Alphabet company" in the same way they would if it was Google, in any case.

anuraj 16 hours ago 0 replies      
The diversification seems to be going in the way of the conglomerate - and conglomerate tax shall apply - whether it is Google or not! Hope it does not turn dystopian though.
evanwarfel 1 day ago 0 replies      
I've always wondered why we don't see more of the studio model (like Pixar) in tech companies. Especially ones focused on innovation -- Thomas Edison didn't just invent a single product, and that trend still influences how GE operates today. It's a bit of a stretch, but with some fuzziness around the boundaries, the idea of an over-arching studio seems to mostly describe YCombinator too.
huac 1 day ago 0 replies      
Google (or now, Alphabet) is an less diversified Berkshire Hathaway with tons of R&D expenditures.

I think it's likely that tax benefits from the reorg are the biggest reason for the stock price increases. But it also appears likely that there will be an offering of Alphabet stock in some form so it's curious to see how the value will break out.

xbmcuser 1 day ago 0 replies      
Aplphabet is likely to ipo Google fiber now as it is something that needs big capital investments.
wbillingsley 22 hours ago 0 replies      
Is it just the cynic in me that thinks "We wanted to move Larry and Sergei upstairs, but Eric's in that seat; so we had to create a cool new upstairs to move them to"?
ThomPete 1 day ago 1 reply      
This is potentially a very clever move when you put this into the perspective with one of googles major issues of being too dominant.

If I was a conspiracy nut I would say this way it's harder for ex. the EU or any other political entity to claim they have any dominant positions as such.

suprgeek 1 day ago 0 replies      
All of the announcement makes sense except the part where the Conglomerate is the one that is trading on the market.Are the hived-off business separate in any sense if at earnings time everything sinks or swims together? the most logical move would be to trade the new GOOG
wallzz 1 day ago 0 replies      
They just changed the name of the global entity, I wonder why people are surprised by this move, I think nothing will change for the users or in the company, they will just try to create next companies by filling the letters of their alphabet which is a silly move.
pitchups 22 hours ago 0 replies      
Larry Page has been described as possibly the most ambitious CEO on the planet, and this announcement certainly bears that out. Alphabet represents an ambitious attempt at reinventing Google. Possibly fraught with risk - but again Larry seems to be following his own advice of "having a healthy disregard for the impossible". So they are attempting to do something crazy - break up and restructure the company rather than stay comfortable.
mrwilliamchang 1 day ago 1 reply      
Sounds like Alphabet is setup to do lots of major acquisitions. Game changer for tech ecosystem.
teddyuk 16 hours ago 0 replies      
I don't understand why everyone thinks this is a bad idea, it is great - run the profitable business as a separate business, use the profits to invest in fun things and also promote people to CEO instead of watching them go CEO somewhere else (yahoo etc).

It is a win win for everyone.

damcedami 16 hours ago 0 replies      
Now every school book which have "abc" as hypothetical company name should be changed.
BashiBazouk 1 day ago 0 replies      
Odd name choice. I would think it would open up all kinds of Trademark problems. Alphabet as a key word in a business name must be pretty widespread and across many industries, both trademarked and not.
catnaroek 16 hours ago 0 replies      
My email is abc.deaf.xyz@gmail.com. I'm pretty sure they used my email as a source of inspiration for the name of their company. And they aren't giving me my fair share!

(Just joking. Except for my email, that part is 100% true.)

rmason 1 day ago 2 replies      
Am I the only one who came away wondering why they didn't buy the domain alphabet.com?

The company that owns it, ascio.com, isn't even using it. Or perhaps they were a bit too greedy?

stephendicato 1 day ago 1 reply      
All I can think of is "Hooli XYZ - The moonshot factory".


techwizrd 1 day ago 0 replies      
I love how they buried the "Sundar Pichai is new Google CEO" bit in there. In any case, this sounds promising and it'll be interesting to see how this plays out.
wineisfine 1 day ago 0 replies      
I wonder if, besides the obviously healthy restructuring, this is also to anticipate on future anti trust issues. It seems like they're getting one step ahead like this.
smoyer 17 hours ago 0 replies      
Call me cynical but I'm of the opinion that this will help them continue operating the non-Internet businesses in places where the Internet businesses are facing regulation and/or sanctions.
FlailFast 1 day ago 1 reply      
Seems like Alphabet (Google/Page/Brin) and Facebook (Zuckerberg) are in a race to become the Berkshire Hathaway of the Internet.
calewis 16 hours ago 0 replies      
G is for tax evasion.
silasdavis 1 day ago 0 replies      
Perhaps this partly pre-empts threats to split up Google's search from 'other businesses', https://recode.net/2015/04/20/eu-competition-commissioner-i-...
carlosgg 1 day ago 0 replies      
Sundar Pichai's 2014 interview with Times of India


grayclhn 22 hours ago 0 replies      
I wasn't expecting a "thanks for joining our incredible journey" post from google.*

* http://ourincrediblejourney.tumblr.com/

pgroves 1 day ago 0 replies      
Seems very similar to how Berkshire Hathaway treats it's companies. CEOs run the companies, a small group at the top adds/removes companies. There is one company listed on the stock exchange, etc.

It's noteworthy that Berkshire Hathaway refuses to deal with technology companies, while Google is exclusively tech.

archagon 1 day ago 0 replies      
Funny, I would have expected a better hashing algorithm from the likes of Google. ;)
xasos 1 day ago 1 reply      
Wow, didn't know this was so popular overseas as well: https://en.wikipedia.org/wiki/Chaebol

i.e. Japan Display Inc. is a conglomerate that encompasses the LCD businesses of Sony, Toshiba, and Hitachi

dspeyer 15 hours ago 0 replies      
What do we know about Sundar? It sounds like he's really taking over Google. Is he likely to be up to it?
xd1936 1 day ago 0 replies      
I'm cool with it. "Google+ Photos" and "Google+ Hangouts" being separated into "Google Photos" and "Hangouts" helps with clarity. So does splitting Google (Google X, Nest, Google research stuff, Google Ventures) up into purposeful, yet distinct, companies.
slantedview 1 day ago 0 replies      
To the extent that shareholders are driving pressure to separate the experimental bets with the more stable parts of the business, I'm not sure that I understand the point of replacing Google's stock/ticker with a new one. Any insight here?
edpichler 1 day ago 0 replies      
I did not like the name, it remembers me the Amazon original copy (from A to Z).

But I like Google company, really well administrated, it's easy to see on the annual release reports. Despite the not so good name, they are doing a great job and the right next step.

xbmcuser 1 day ago 0 replies      
Vaanir 1 day ago 0 replies      
Google does not own https://www.alphabet.com/

Thought I'd link this to:


tdaltonc 1 day ago 1 reply      
If android were acquired today, would the really be brought in to the google core?
Animats 22 hours ago 0 replies      
It's too early to tell what this means. It may be a first step to spinning off some of the non-core businesses.

Who gets Google's airport in Mountain View?

madhurbehl 1 day ago 0 replies      
A is for Automobiles.H is for Healthcare.D is for Defence.E is for Energy.M is for Medicine.R is for Robotics

This will become the Umbrella corporation from the resident evil fame :P

fuzzythinker 1 day ago 0 replies      
I was really checking if today is April 1st when reading this.
breatheoften 1 day ago 0 replies      
What effect will this have on the mono-repo debate?


hessenwolf 20 hours ago 0 replies      
Alphabet just sounds evil, a bit like Umbrella Corp, E-Corp, etc. I am not a fan of the name.
f00644 15 hours ago 0 replies      
Will this still be based as a US registered company then?
nicolethenerd 1 day ago 2 replies      
>> Susan is doing a great job as CEO, running a strong brand and driving incredible growth.

Is this supposed to say Sundar? Kind of an awkward mistake to make.

Yuioup 18 hours ago 0 replies      
The guy who owns the @alphabet twitter handle is going to be rich.
_mikz 1 day ago 2 replies      
akilism 1 day ago 1 reply      
isn't amazon already doing the a->z thing
loso 1 day ago 0 replies      
I wonder where this puts the robot stuff that Google was doing? I assume it will be under Alphabet as well as Nest.
have_faith 1 day ago 0 replies      
I'm very interested in the effect this will have on the public perception of Google as a company.
hkmurakami 1 day ago 0 replies      
And so Google becomes Berkshire Hathaway.
trequartista 1 day ago 0 replies      
Is $GOOG going the Berkshire Hathaway route? Conglomerate with a lot of non-related subsidiaries?
skybison 20 hours ago 0 replies      
31reasons 1 day ago 0 replies      
A for Apple! hmm does that mean they are going to acquire Apple ? :)
closetnerd 1 day ago 0 replies      
Something similar to Virgin I suppose. To keep other ventures from harming Google.
jonnycowboy 1 day ago 0 replies      
Does Google robotics fall under ventures/capital or Google X?
faragon 1 day ago 0 replies      
"Don't bite off more than you can chew", anyone?
abcxyz123 1 day ago 0 replies      
sethd 1 day ago 0 replies      
motyar 1 day ago 2 replies      
Sorry, but isnt .xyz for nsfw sites?
jgalt212 1 day ago 0 replies      
I fail to see this as anything but some preemptive move against European Union findings/rulings.
dotori 1 day ago 2 replies      
Alphabet (the main company)


Calico (focused on longevity)

Capital (investment)




Google (now led by Sundar Pichai and includes search, ads, maps, apps, YouTube, and Android)





Life Sciences ("that works on the glucose-sensing contact lens")










Ventures (investment)


X lab ("which incubates new efforts like Wing, our drone delivery effort")



asurty 1 day ago 0 replies      
adventured 1 day ago 0 replies      
This is Google moving into a structure akin to Berkshire Hathaway, which is something the Google founders have admired for a long time. They're changing into a conglomerate, run with a thin layer of management at the top. Their talk about empowering strong CEOs, and having the subsidiary companies operate independently, is an exact copy of what Buffett does in regards to businesses owned by Berkshire.
staunch 1 day ago 1 reply      
The Google Guys are now VCs.
MrBra 17 hours ago 0 replies      
rel 1 day ago 0 replies      
Congratulations to Sundar!
reneberlin 1 day ago 0 replies      
pietaalpha 20 hours ago 0 replies      
bitL 1 day ago 0 replies      
dcosson 1 day ago 1 reply      
orionblastar 1 day ago 0 replies      
Alphabet is just a way that Google can control its liabilities. Each subdivision can be closed off or sold if it has trouble. Not take down the other subdivisions when that happens.

Oracle is suing over Android using Java APIs, Alphabet can move Android to its own subdivision if they lose the lawsuit and close it off or sell it off and then develop a new mobile OS to replace it.

faithfone 1 day ago 1 reply      
paragpatelone 1 day ago 0 replies      
T is for Tesla
oneJob 1 day ago 0 replies      
revelation 1 day ago 0 replies      
ocdtrekkie 1 day ago 1 reply      
pasbesoin 1 day ago 0 replies      
reneberlin 1 day ago 0 replies      
hisabness 1 day ago 0 replies      
EGreg 1 day ago 0 replies      
seanbo 1 day ago 1 reply      
JoeCoder_ 1 day ago 0 replies      
beedogs 1 day ago 0 replies      
0x4a42 1 day ago 3 replies      
tmpforareason 21 hours ago 0 replies      
shogun21 1 day ago 0 replies      
Mikho 1 day ago 0 replies      
djhworld 1 day ago 0 replies      
diablosnuevos 1 day ago 0 replies      
endergen 1 day ago 0 replies      
Skunkleton 1 day ago 0 replies      
tacone 1 day ago 1 reply      
rch 1 day ago 0 replies      
rm_-rf_slash 1 day ago 1 reply      
awicklander 1 day ago 2 replies      
mkehrt 1 day ago 2 replies      
No, that's normal for Google. It's totally bizarre.
reneberlin 1 day ago 0 replies      
overgard 1 day ago 1 reply      
smitherfield 1 day ago 0 replies      
Stop reverse engineering our code oracle.com
578 points by hughstephens  22 hours ago   320 comments top 72
kabdib 16 hours ago 8 replies      
Wow. Really?

This single blog post is strong evidence for why you should never, ever buy an Oracle product, and if you are running anything written by them, why you should plan to migrate away.

Now, the culture of consultants in the Oracle sphere of influence is pretty toxic and money-grubbing. I can imagine companies being badgered into paying security weasels big bucks to analyze software with tools that cough up a zillion false positives, whereupon the weasel looks like a hero and is paid a bunch of cash, the customer panics and demands that Oracle fix a pile of non-existent vulns, and some department buried inside Oracle doesn't know how to deal. Whereupon the weasel skates off to another company to run the same scam: rinse, repeat, and this blog post.

In which case Oracle should simply call it out: "Please don't send us crappy automated scanning tool reports from the shitty security weasel consultant you hired because those reports are useless, and the same weasels have been sending identical ones in, monthly, for years, and you are being ripped off." But Oracle never passes up the opportunity to express contempt for its customers, nor can it admit to being wrong.

Better to avoid that whole ecosystem.

duncan_bayne 19 hours ago 6 replies      
So, I disagree with the poster on a bunch of things here (no surprise, really).

But: this is authentic. This is what we (i.e. hackers) are always claiming we want. Someone speaking her mind, shooting from the hip, etc. Not an anodyne blob of corporate-speak: this is an opinion, stated pretty clearly, and backed up with fighting words.

You'd expect: "Our legal team has advised us to remind consultants that they are bound by any and all terms and conditions to which their clients have ... etc. etc. etc."

You get: "Otherwise everyone would hire a consultant to say (legal terms follow) Nanny, nanny boo boo, big bad consultant can do X even if the customer cant!"

Here we have someone who clearly loves the company and the product with a passion, defending both against what she sees (very wrongly, in my opinion) as criminal misuse and waste of resources.

I'll take one of these posts and argue its merits any day, over a block of mealy-mouthed corporate crap.

crypt1d 16 hours ago 2 replies      
Seems like the original blog post was deleted, here is the archive - https://web.archive.org/web/20150811052336/https://blogs.ora...
Stratoscope 18 hours ago 2 replies      
> Q. If you dont let customers reverse engineer code, they wont buy anything else from you.

> A. I actually heard this from a customer. It was ironic because in order for them to buy more products from us (or use a cloud service offering), theyd have to sign a license agreement! With the same terms that the customer had already admitted violating. Honey, if you wont let me cheat on you again, our marriage is through. Ah, er, you already violated the forsaking all others part of the marriage vow so I think the marriage is already over.

What a thoroughly nasty comment. She is comparing her customer with someone who is cheating on their spouse. Disgusting.

kriro 18 hours ago 4 replies      
This is a marketing layup for any FLOSS ERP company (or the PostgreSQLs of the world). Basically "by all means check our code for any issue you may find. We'll gladly accept any suggestions for code improvements you may have."

This post is an absolute nightmare/facepalm. Basically my takeaway is "I guess I don't want to buy Oracle software". It's really mind blowing that this is the position of a major software company in this day and age. I mean I guess I shouldn't be shocked since it is in the EULA but man I'm kind of speechless (this clause has to be illegal in some countries, too).

Edit: as an aside as a bad guy this would make me very interested in reverse engineering Oracle products. If they disallow it for their customers the reaction times to any security issues will be lower and it will be pretty valuable to find bugs in their products.

Edit2: Seems like the blog was cracked. At least the "About" on the side seems to indicate that.

quesera 20 hours ago 4 replies      
Wow. Someone's been hitting the Kool-Aid pretty hard.

I've seen this institutional hubris first-hand. The unshakable belief (typically by nontechnical management) that all of the smartest people in the world are employed here, working for me.

It always ends badly.

dang 20 hours ago 1 reply      
The submitted title ('Oracle CSO: ~Only we can do security, trust us and do not reverse engineer') breaks the HN guidelines: it's editorialized (whatever one thinks of the article), and it's a quote-looking-thing that isn't a quote, so misleading.

Please don't do this. The HN guidelines ask you to use the original title. If that's really not suitable, a subtitle or some representative language from the article is ok. But putting your own spin on it is not ok. HN's goal is to let readers make up their own minds, and for that we need accurate, neutral titles.

We've changed the title to a representative phrase from the article, and can change it again if someone suggests something better.

dferlemann 17 hours ago 1 reply      
This is exactly the problem with legality of RE and penetration testing. "You broke the law by wasting our time, violating your license agreement." I understand author's points. Not very good points, disappointingly.

No matter how interpersonal she puts it. It makes me not ever want my system to rely on a company that threatens and belittle customers for protecting themselves.

If I bought a fridge for my house, I found a listening device and a pinhole camera in the fridge. Just because the company has a clause I am not allowed to open up the fridge, it doesn't mean I shouldn't.

Well, the company might have found the devices. Indeed maybe nothing customers can do until the company fixes it. Keep telling customers they are not allow to look for flaws it just ridiculous. Yes, it's your product, but this is my home!

jaawn 15 hours ago 4 replies      
I don't really see how a lot of the responses here match with the original blog post. People seem to be airing a lot of long-standing grievances about Oracle rather than responding to the specific post on its own. Viewed on its own, the post can basically be summarized as "Please stop treating our products like they are open source. They're not, and it is against the license agreement to reverse engineer our stuff to find the source code."

A lot of people think open source software is a much better methodology than proprietary, highly-protected source code. That's fine, there are a lot of good arguments there. However, it doesn't make sense to throw a bunch of other, barely related insults at a company when really, all you're upset about is that their code is not open source. Criticize that...that is what you're upset about (at least so far as this specific blog post is concerned)

reacweb 18 hours ago 3 replies      
Reverse engineering is legal in France for research and computer security (http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTE...).
owenwil 19 hours ago 1 reply      
I laughed at this line where she tries to prove her point by touting that Oracle already found a bug that a security researcher reported to them (but wasn't fixed yet):

"(Small digression: I was busting my buttons today when I found out that a well-known security researcher in a particular area of technology reported a bunch of alleged security issues to us except we had already found all of them and we were already working on or had fixes. Woo hoo!)"

macmac 21 hours ago 0 replies      
The arrogance is titanic. And her legal team apparently forgot to explain to her that certain jurisdictions permit reverse engineering and decompilation under certain circumstances irrespective of what Oracles license agreement says.
azinman2 19 hours ago 2 replies      
There are too many points to discuss... it's really quite insane especially on the backs of Java exploit after Java exploit.

But what I really don't get is this bug bounty hateathon. If it's only 3% of bugs (currently WITHOUT incentives like a bug bounty), then that's really not that much money... and in return you get more cred, something you might use for recruitment, and the off chance that you might increase that 3% versus something going on the black market. Even more so, how much could this really cost!? And Oracle has how much money?! If you can't spend that on a bug bounty when you're security is just so awesome as the post contends, then something is really in trouble.

WormyMcSquirmy 16 hours ago 0 replies      
>Ah, well, we find 87% of security vulnerabilities ourselves, security researchers find about 3% and the rest are found by customers.

They admit more security vulnerabilities are found by customers than security researchers and still they release this smug "fuck off" toned blog.

EdwardDiego 17 hours ago 0 replies      
> Generally, our code is shipped in compiled (executable) form (yes, I know that some code is interpreted). Customers get code that runs, not the code as written. That is for multiple reasons such as users generally only need to run code, not understand how it all gets put together, and the fact that our source code is highly valuable intellectual property (which is why we have a lot of restrictions on who accesses it and protections around it).

Your JDBC driver IP isn't that valuable, just give me the damned source code so I can figure out why my Postgres copy out stream is blocking when I insert it into your copy in stream.


gizi 18 hours ago 0 replies      
I like it that Oracle openly publishes this kind of blogs. I would personally never work for a company which expects me to develop anything using Oracle gear. It's simple. I can always find another company that doesn't and that pays the same or better. That is also why I suspect that someone who works in those circumstances really has to, because he has no other options.
lorenzhs 16 hours ago 0 replies      
To me, this reads like a post explaining the benefits of free software by demonstrating the disadvantages of using proprietary systems. A bit hyperbolic at that, though.

RMS would have a field day.

pkkp 22 hours ago 3 replies      
Is it just me, or is the childish, mocking tone in the OP simultaneously baffling and totally befitting of the point they're trying to make? I understand that they're frustrated by the repeated submission of automated security vulnerability reports, but blanketing it entirely as "reverse engineering" and responding to it like this is... a strange approach.

Did someone at Oracle actually think that this was the best way to make this point?

hgears 13 hours ago 1 reply      
Original has been deleted, cached version available:


digi_owl 37 minutes ago 0 replies      
Oracle seems to be like MS in that their reason for existing is that they came to be at the right time at the right place, and has pulled every trick in the book to pull up ladders behind themselves.
ikeboy 16 hours ago 1 reply      
>We will also not provide credit in any advisories we might issue. You cant really expect us to say thank you for breaking the license agreement.

Well, Apple does (for jailbreak exploits).

>I am not dissing bug bounties, just noting that on a strictly economic basis, why would I throw a lot of money at 3% of the problem

Uh ... You don't think that percentage will increase if you offer bounties?

sqldba 19 hours ago 1 reply      
It sounds like they've confused a) users submitting results from static analysis that wastes time, b) users submitting demonstrable vulnerabilities, and c) license agreements.

a) is bad, and the users should just be turned away. b) is good and far better than selling them on the black market. c) is... who cares it's a license agreement.

eastbayjake 12 hours ago 0 replies      
When I read this, I thought for sure it was just a lower-level engineering manager. I can't believe she's the Chief Security Officer, and that someone with a Wharton MBA could write something so unprofessional and full of disdain for your customers.
DannyBee 12 hours ago 0 replies      
Except, uh, in plenty of countries, those anti-reverse engineering clauses are void as a matter of public policy.

And in any product that uses LGPL code, for example, it's actually a license violation to forbid customer modification and reverse engineering for the purpose of debugging those modifications.

(Though, admittedly, everyone always violates this term)

selimthegrim 14 hours ago 1 reply      
Is this woman aware that static analysis is a non-negotiable requirement for filing your 510(k) if you do anything vaguely medical the FDA has to look at? Not that I would willingly choose Oracle for medical device applications, but the cognitive dissonance here is amusing. Pax vobsicum indeed.
idlewords 21 hours ago 6 replies      
Can some infosec person speak to her strongest claim, that static analysis gives "basically 100% false positives" and wastes the team's time?
HelloNurse 15 hours ago 0 replies      
The post seems real, by comparison with other articles in the blog: in particular similar silliness and dislike for security advisories in https://blogs.oracle.com/maryanndavidson/entry/is_your_shell... and similar anti-reverse engineering stance in https://blogs.oracle.com/maryanndavidson/entry/mandated_thir... and https://web.archive.org/web/20140123033110/https://blogs.ora...
charltones 17 hours ago 0 replies      
There is just no upside to this kind of response. Surely for any tech company that has reached a certain size, the only workable approach is to recruit an appropriately sized security team and politely welcome and respond to each and every security report received, triage them as quickly as possible and fix the ones that are found to be real vulnerabilities. Even if you aren't happy with the motives or the methods they employ, they are potentially finding flaws in your products for you.
jjoos 17 hours ago 2 replies      
> I am not dissing bug bounties, just noting that on a strictly economic basis, why would I throw a lot of money at 3% of the problem

Aren't the issues not found by Oracle the problem? I'm amazed that stil 23% of the externally found security issues are reported by researchers, the incentive to responsibly disclose security issues to Oracle isn't really big. It sounds like a cumbersome process with potential legal consequences.

There also are researchers(, maybe after a first bad experience about an EULA,) that sell security issues to the grey/black market. Is there any data on how many Java zero days are exploited in the wild before being fixed?

Changing your stance and being grateful for responsible disclosures and only using your EULA to threaten and sue the bad people can potentially save everyone with java installed from a few zero days at zero cost.

denwer 22 hours ago 5 replies      
hownottowrite 16 hours ago 0 replies      
Mary Ann Davidson's testimony on "cybersecurity" (2009) https://www.whitehouse.gov/files/documents/cyber/Congress%20...
jurre 15 hours ago 0 replies      
It seems to have been removed, here's a pastebin of the original post: http://pastebin.com/bbMshdU1
16bytes 16 hours ago 3 replies      
I read the blog, but now it's returning a 404? Did they take it down?

If so, then somebody at Oracle realized that post reflected poorly on their organization. Perhaps there is some hope for Oracle yet.

Ogre 20 hours ago 0 replies      
Just today I was arguing for not moving something off of Oracle. No one's really happy the thing in question is on Oracle, but it is live in production and most of the time does what it needs to. It ain't broke. Changing to "something else" carries way too many unknowns for my comfort level.

If I'd read this last night... I still would've argued the same thing, but I would've been really unhappy about it.

vlunkr 11 hours ago 0 replies      
Whew. I've never read something from a company that was so insulting to it's own customers. I'd wager a bet that they won't be keeping their job for long.
dr_zoidberg 12 hours ago 0 replies      
While I admit that I didn't read the whole post (to me it was a wall of text full of complaints going around the same point, always saying the same without too much variation), I really don't get this obsession with reverse engineering. Yes, their license agreement states that it can't be done. But you deploy code, executable code, but still code. Code that people can understand, if they go through the process of analyzing it.

While I don't endorse breaking the agreement (which was properly signed and "celebrated", as lawyers say), I find it funny in the first place that they're selling a glass container and say "you can't look into it, just use it".

I prefer the honesty of free software/open source projects that sell customer support to this business model (which is also adopted by others, not just Oracle). However, if I were already bound to it, and couldn't pay the cost of migration, I understand I'd have to stick with it.

It's also amusing that people/organizations seriously believe they can reverse engineer something as complex as a database engine and "fix it" without acces to the diagramas, docs, tests, source code, build environment, etc.

lawnchair_larry 20 hours ago 0 replies      
This explains so much about the sorry state of Oracle security. I hope Litchfield lets loose on them again.
minusSeven 8 hours ago 0 replies      
I worked in Oracle SOA product(BPEL) for 2 years. We had to do migration from 10g to 11g because Oracle wasn't supporting 10g version anymore. While migrating we came across a lot of issues that worked fine with 10g but failed in 11g. So we raised a lot of service requests with Oracle. Most of those got rejected by Oracle as they were not high priority meaning there were terrible workarounds existing for them. They only bothered fixing those ones without which we can't work(I guess they had to or my company would have sued Oracle). We ended up writing a lot of horrible work around just to make existing code work.

Yes we did not reverse engineer that code even though I feel it would have done lot of good for us. Not to mention the tool set provided by Oracle is utter crap as in it barely works on its own.

So I am not at all surprised that Oracle have that kind of mentality here. In all our communications with Oracle I felt they never really actually cared for what we the customers really want. All they actually care about it protecting their investments.

Ben0xA 15 hours ago 0 replies      
Oracle pulled the original post - here it is on pastebin http://pastebin.com/wkk8b7FJ
discreditable 16 hours ago 1 reply      
Link is giving me a 404. Anyone got a mirror?
Simulacra 12 hours ago 0 replies      
This makes me want to reverse engineer Oracle code immediately.
Orinocco 4 hours ago 0 replies      
The article seems to have been taken down from the Oracle site.. I leave this from an unclosed tab for posterity:


trymas 20 hours ago 0 replies      
Not sure if trolling/hacked or serious. If later, I guess, many tech savvy (read 'hackers') people, will accept this as a challenge.
muhuk 18 hours ago 0 replies      
Noticed that obscure death threat in the beginning? I'm not surprised to see it in a post about licenses.
khaki54 15 hours ago 0 replies      
Oracle JRE is literally one of the more vulnerable pieces of software underpinning the web and computing as a whole.

JRE CVEs: http://www.cvedetails.com/vulnerability-list/vendor_id-93/pr...

It's been 5 years since Oracle took over Java, so they can't claim it was left over.

Oracle's security record is terrible by all accounts, so how can their CSO justify anything in this blog post?

ORACLE product list CVEs: http://www.cvedetails.com/product-list/product_type-/firstch...

dolfje 17 hours ago 1 reply      
Apart from the legal stuff and a lot off egocentric 'we can do it better', she has one point. There are many companies giving a lot of money for security, manually scrubbing all exploits that come out, create their own patches. While some lack the basic security guidelines. I think this money can be better spend upstream, to create tools so they can test patches for exploits better and create a faster security update release pipeline, so that all downstream and customers can rely on the security releases and that it can be released quicker to everyone. (Controversial: Maybe even adding automatic security updates to the package itself, like wordpress did, so that customer cannot be on a release with exploits)

Though saying to your client that they cannot reverse engineer to look for security problems, is totally not done! What is next? "Exploits will not be fixed, because the users has signed an agreement that they will not hack?"

sprayk 12 hours ago 0 replies      
I'm not sure what the author's argument is here. Is me reversing simply a nuisance and waste of Oracle's time? Is Oracle trying to obtain security via contractual obscurity? I see lots of comments here proposing that Oracle is protecting its IP, but I don't see evidence for that in the article (maybe its elsewhere, though).

I wonder if Oracle would send one of those reminders to a customer who analyzed an attack by an attacker who "broke the license agreement" by reversing the customer's copy of some Oracle software.

kuschku 11 hours ago 0 replies      
Did anyone notice that the post contains Microsoft Office Word metadata?


hyperdunc 18 hours ago 0 replies      
In the first paragraph the writer insinuates that she'd like to kill people who drive too close behind her.

Any subsequent valid points she makes - and there aren't many - are undermined by this bitterness.

Heightened emotion so often enables effective communication, but it doesn't do any favors in this post.

lwhalen 9 hours ago 0 replies      
Some media flack must've clapped eyes on that and had a VERY bad morning. The post has since been taken down, but here's a copy:http://pastebin.com/RQA90EEb
ck2 17 hours ago 0 replies      
Don't worry, if you won't let your paying customers check for security holes, there are plenty of people in China who are going to do it for you instead.
patmcguire 9 hours ago 0 replies      
If you read what else she's written, static analysis is kind of her Moby Dick.
davidgerard 18 hours ago 0 replies      
This is one of the finest pieces of Postgres marketing I can recall seeing in recent times. They've made the case for open source better than anyone in 2015.

(We're in the midst of an Oracle->Postgres conversion right now. It's going wonderfully. I strongly advise you to look into it, bet you'll find it way easier than you think.)

(One of the nicest things about it: we give every app its own cluster of two PG boxes, because you can just do that instead of running a centralised monster box with an expensive license. It turns out that just everything not having to play nice with others makes stuff stupendously easier to manage.)

anonu 14 hours ago 0 replies      
If you look back at the author's earlier blog posts you'll find similarly-minded thoughts: https://blogs.oracle.com/maryanndavidson/entry/mandated_thir...
nashashmi 14 hours ago 0 replies      
What a bully! Reminds of someone at work, especially with this line: "I do not need you to analyze the code since we already do that, its our job to do that, we are pretty good at it".

This makes me want to climb the empire state building, beat my chest like a gorrilla, and yell "Let me do what I know best!"

tux 15 hours ago 0 replies      
golemotron 17 hours ago 0 replies      
> A. The customer signed the Oracle license agreement, and the consultant hired by the customer is thus bound by the customers signed license agreement. Otherwise everyone would hire a consultant to say (legal terms follow) Nanny, nanny boo boo, big bad consultant can do X even if the customer cant!

Really? What if no money changes hands?

alediaferia 15 hours ago 0 replies      
The author must have been undergoing some bad moments so far. The post seems just the outcome of a more complex series of inputs. Most points are not valid from my own personal point of view but still may have been good points if written in a more objective way.

BTW, the post is gone.

bradleyankrom 16 hours ago 0 replies      
No matter how valid her points are, the tone is inexcusable in a public-facing blog, especially when discussing customer behavior. I recognize the strong points of Oracle's offerings, but let's not pretend that there is not competition from other, open software.
dgarbvt 9 hours ago 0 replies      
Oracle took down the blog post. Link is now returning a 404.
hharnisch 11 hours ago 0 replies      
This appears to have been taken down, I'm directed to a 404 page
nosnos 15 hours ago 1 reply      
They took it down. Mirror?
sada123 10 hours ago 0 replies      
That's why everybody sane should avoid using Oracle or Microsoft for the sake of mental health.
beedogs 14 hours ago 0 replies      
404 now... looks like somebody's gotten word of it...
anentropic 18 hours ago 1 reply      
Also, she loathes Keynes :(
pronoiac 11 hours ago 0 replies      
It's been deleted. Here's a mirror: https://web.archive.org/web/20150811052336/https://blogs.ora... - and while it's full of cringeworthy analogies, such as breaking a contract is just like cheating on your spouse, there's also, well, "logic" that defies conventional wisdom:

Q. But one of the issues I found was an actual security vulnerability so that justifies reverse engineering, right?

A. Sigh. At the risk of being repetitive, no, it doesnt, just like you cant break into a house because someone left a window or door unlocked. Id like to tell you that we run every tool ever developed against every line of code we ever wrote, but thats not true. We do require development teams (on premises, cloud and internal development organizations) to use security vulnerability-finding tools, weve had a significant uptick in tools usage over the last few years (our metrics show this) and we do track tools usage as part of Oracle Software Security Assurance program. We beat up I mean, require development teams to use tools because it is very much in our interests (and customers interests) to find and fix problems earlier rather than later.

That said, no tool finds everything. No two tools find everything. We dont claim to find everything. That fact still doesnt justify a customer reverse engineering our code to attempt to find vulnerabilities, especially when the key to whether a suspected vulnerability is an actual vulnerability is the capability to analyze the actual source code, which frankly hardly any third party will be able to do, another reason not to accept random scan reports that resulted from reverse engineering at face value, as if we needed one.

Q. Hey, Ive got an idea, why not do a bug bounty? Pay third parties to find this stuff!

A. <Bigger sigh.> Bug bounties are the new boy band (nicely alliterative, no?) Many companies are screaming, fainting, and throwing underwear at security researchers to find problems in their code and insisting that This Is The Way, Walk In It: if you are not doing bug bounties, your code isnt secure. Ah, well, we find 87% of security vulnerabilities ourselves, security researchers find about 3% and the rest are found by customers. (Small digression: I was busting my buttons today when I found out that a well-known security researcher in a particular area of technology reported a bunch of alleged security issues to us except we had already found all of them and we were already working on or had fixes. Woo hoo!)

I am not dissing bug bounties, just noting that on a strictly economic basis, why would I throw a lot of money at 3% of the problem (and without learning lessons from what you find, it really is whack a code mole) when I could spend that money on better prevention like, oh, hiring another employee to do ethical hacking, who could develop a really good tool we use to automate finding certain types of issues, and so on. This is one of those full immersion baptism or sprinkle water over the forehead issues we will allow for different religious traditions and do it OUR way and others can do it THEIR way. Pax vobiscum.

mathiasrw 17 hours ago 0 replies      
faragon 15 hours ago 1 reply      
f00644 13 hours ago 0 replies      
agounaris 17 hours ago 6 replies      
Ask HN: I will help your startup in exchange for food and a place to stay
583 points by codeornocode  2 days ago   276 comments top 69
gmazzotti 2 days ago 12 replies      
Why U.S.? I understand that you dont want to live in your country, but there are many others countries. Many of them has a much flexible immigration system where you can live legally if you find a job and where there are many jobs opportunities if you know how to code. I mean, instead of working almost illegally for free in the U.S., you can be legally and earning good money in another country. Im from Uruguay and this will work here (also, you will have health insurance, as it is mandatory in any job of any type. Also, it is common that tech companies hire forgeries that dont know Spanish, as most people know English, is not a problem). I know that this is also the case in many other countries.
titomc 1 day ago 4 replies      
I am an Indian national on H1B with a top company in US. By all means please do not come to US with H1B. The U.S. has broken immigration system. My visa is locked down to my employer and I cannot ask for a raise or get promoted. I accepted the lowest payment as per DOL from my employer just to stay and work in US with my 6 year H1B validity. By all means apply for a Canada work visa. They have now something called Express Entry system. You can also apply for permanent residency. US immigration system is broken and they are not going to fix it anytime soon. Immigrate to Canada. H1B is indentured servitude.

I have started my Express Entry application and very soon I will say goodbye to US , I don't mind the cold in Canada. I will have freedom to change jobs, won't be an indentured servant. I will also get permanent residency fast. US green card for Indian citizen is around 10 years backlogged.

I suggest it's best for you to apply for the Canadian Express Entry for skilled workers.

davnicwil 2 days ago 2 replies      
You seem a highly skilled and driven individual whose talents would be savoured, and rewarded with good money, by many companies in many different countries around the world.

Do not work for free.

Once more, please, do not work for free.

1. You don't have to work for free, far from it. You have in-demand skills and experience in a global job market. You can make really good money in many, many desirable locations around the world.

2. I would be extremely wary of anyone who would take you up on the basis you're proposing. Anyone who would give you such 'charity'[1] may have very questionable morals - 'oh sure, I'll take this desperate[2] man's skills, make potentially a LOT of money off of him without giving him his due reward, and that's completely fine with me, because that's what he said he wanted'. Imagine the sort of person who would utter such a sentence - do you want to tie your livelihood for the next however many years to such a person? I'm sure you know, there is a whole class of criminal activity in developed countries which exploits illegal immigrants based around this very premise. DO NOT put yourself on that path.

3. Never put yourself at the mercy of any one person or organisation for your survival. Your current situation is awful, but what kind of life would that be to move to? How will you feel waking up in a morning in a bed someone is letting you sleep in, eating some food they gave you for breakfast, then going to work all day only to guarantee an evening meal and bed when you return home. Repeating every day for a long time. That is not a life.

[1] That's what they might justify it as, at least. The reality is the opposite.

[2] I really don't mean to offend here, I know that's not what you are, at your core. But that's how they will see you, and that's the position you will put yourself in and indeed what you will become by following such a path.

arihant 2 days ago 3 replies      
If you have 8 years of experience, wait till you get 9 years. If you do, then even if you have a year of college, you can qualify for H1B. Typically, 3 years of experience equals 1 year of college. As is popular myth, a college degree or education is not a requirement that is set in stone for H1B.

Also, money or not, if you're working in US in capacity that usually someone would get compensated for, even for a company outside the US, you need to have work permit in the country.

If I were you I would look for jobs within Middle East like Qatar, UAE. Jobs related to tech are there, US universities are there, and the requirements with immigration are basically "if employer wants you get in." Rack up a few years of experience, then getting H1B would be viable.

jdimov9 1 day ago 4 replies      
I broke the US rules. I worked on my student visa, got thrown around four different prisons throughout Pennsylvania and New York in the span of 30-something days and was finally deported (with airfare that I had to pay for). I was in my final year of my B.S. in mathematics program at university. I never finished my degree.

All of the above is absolutely, without a shadow of a doubt, THE most fortunate thing that has happened to me and I owe all of my current success to this.

What I'm trying to say is - PLEASE get back your dignity. You're not a monkey, don't make any person, government or society make you think you are one.

Zombieball 2 days ago 6 replies      
Not trying to be negative, but my understanding has always been that U.S. immigrations doesn't care whether or not money exchanges hands. If you are doing work that a U.S. citizen would normally get paid for you are still technically "taking a job" from a local.

While I am sure there are conditions that will allow you to come and stay in the country, I would be careful what your arrangement is with any potential startup and how it is worded.

Perhaps another individual on HN has more insight into U.S. visa rules and can provide better guidance?

Good luck nonetheless!

steven2012 2 days ago 2 replies      
Unfortunately this is most certainly in violation of immigration laws. And chances are at some point, you will be banned from entering the US for a minimum of 10 years. I actually know 2 people that this happened to, one of them a personal friend of mine. Immigration/Customs officials do not need proof to ban you, all they need to do is suspect it. If you enter the US with no plan, no money, etc, they will suspect, rightfully so, that you are working in violation of your visa and you will get banned on the spot, especially if you visit so often.

My suggestion is to not do this. Enter as a tourist and enjoy your time in the US. If you want to work in the US, do it legally. Do work on an open source project and try to network and get a job that that way. Maybe try to join a huge company like Google or Facebook from abroad and transfer. That's your best way, especially if you get an L1 visa.

codeornocode 2 days ago 1 reply      
I didn't expect this to be #1 post this is kind of you people, I would love to thank everyone who posted and is posting midway replying to comments with "Thank you" i found out i'd be spamming the comments in here, so this is a huge THANK YOU to everyone who wrote and will write.
arianvanp 1 day ago 1 reply      
Personally, I'd go to the European Union. There are a few very good reasons:

- Once you get citizenship in one country, you can freely work on any of the other countries, or move there and live there. Creating a much bigger area of opportunity for jobs. You could have citizenship in France, and work at a cool startup in Amsterdam

- Though it causes a lot of political instability currently (immigrants constantly drowning in the ocean, trying to get across), getting a visa here isn't that hard, especially when you're from a conflict zone and can show you have a good chance to get a job.

- Europe is pretty awesome.

verelo 1 day ago 2 replies      
Disclaimer: I scanned the comments and couldn't see anyone talking about this, but please forgive me if I've missed this as it does seem like an obvious point.

Coding for a startup and not receiving pay, is likely still not legal. In my experience with US immigration (I'm Australian, living in Canada...traveling to the US from time to time) they don't really care about the money, they really just are about if you're taking away work that could have otherwise been done by a US citizen. Which leads me to the point of:

The fact you're doing the work for free is very likely to be irrelevant, its just the fact that you're doing work that is an issue, irrespective of the reimbursement you're receiving.

outworlder 1 day ago 0 replies      
> I have 4 years remaining in my U.S visa, each visit i can stay 6 months, i don't want to break any U.S rules that's why i want to code for your startup for no money, just food and a place to live in

Wouldn't that be compensation, technically? Also, I'd expect a company to be required to pay someone at least a minimum wage, but I could be mistaken.

> I am doing this because i live in a war torn country, some issues happened and i've lost all my savings

Dude, forget the US for now. Your first priority is to get a safe place to live in and a stable job so you can build your financial life back. Try other countries, such as the Netherlands, Canada, Australia, New Zealand, Ireland. These have way better immigration policies, specially for people in tech.

Then, when you are ready, try California again. Having no money will be an obstacle otherwise. How are you going to get translated, notarized documentation otherwise? Not to mention any kind of fees, plus transportation.

> i can't get an H1B visa because i don't have a university degree

Then don't, try another route. Such as via a big US multinational company. Or get the degree, if you follow the suggestion to go to an "easier" country first. You are young, you have time.

pthreads 1 day ago 0 replies      
Not trying to be negative but the reality here is you can't legally just work for food and shelter in the US. Whoever makes you work that way is very likely breaking federal and/state laws even if you are not. At the very least you will have to get paid prevailing minimum wage. And the employer can only hire you if you are authorized to work.

A very narrow exception exists for unpaid interns. But that requires one to also be authorized to work in one form or the other for e.g. as a student who needs work experience in his/her field of study.

blrgeek 2 days ago 1 reply      
Have you considered India?

While a work visa is not likely to be easy, the current tech scene has huge demand for programmers of all kinds. Especially if you're expert in Unity/Full-stack.

If it'll help, let me know here, and I'll connect you to someone in this very area (game programming, Unity SDK programming).

Other options would be Canada, Mexico, Vietnam, or anywhere else you can work remotely.

For visa details seehttp://www.immihelp.com/nri/indiavisa/employment-visa-india....

s3nnyy 1 day ago 2 replies      
If you want to optimize for money, I would recommend Zurich. It is the only place in Europe where net salaries compare to NYC or the Bay-Area.

If you are interested in moving here, shoot me a mail. Alternatively, check out my blogpost on medium: "Eight reasons why I moved to Switzerland" (https://medium.com/@iwaninzurich/eight-reasons-why-i-moved-t...)

currentoor 2 days ago 1 reply      
If you're from a war torn country have you considered applying for asylum? I know cases were asylum was granted to guys from my old country, India, which is by no means a war torn country.

I'm going through the immigration process right now and everyday Canada looks like a good option. I know it's not the US but it's still an awesome western country and has a reasonable immigration system.

Good luck!

winash 1 day ago 0 replies      
I work in Germany, had the option to work in the US but decided against it, I find the visa regime too strict, and unless you land a great job in a great company in a good city(you don't want to live in the middle of nowhere) it's not worth the trouble.

There are plenty of Jobs which you can get without knowing German, and many employers provide free classes where you can learn some basic German. IMO knowing a new language is also a very marketable skill depending on where you are from. Depending on the company you may get 25-30 paid day offs in a year.

You can get paid well if you are qualified/experienced. Living costs are low as well, I live in Berlin in a spacious 3 room apartment in a great area (http://i.imgur.com/qLqzqN7.jpg). The infrastructure is amazing. My daily commute is 20 mins door to door (subway or cycle) and I don't need a car at all. My daughter goes to daycare for free, and the healthcare system though it has its quirks, works quite well.

Getting a blue card is easy and with your qualifications you should be able to get it quickly, with the blue card you can travel outside the EU and come back within 12 months, no questions asked.I just took a 3-week vacation back home and plan to take another one this year.

If you wanna explore some options I would be more than happy to help, drop me an email at winash@outlook.com

ahuja_s 1 day ago 0 replies      
I run a startup in Singapore. There is a huge shortage of skilled developers in Singapore. Please do email me at sudhanshu@ideatory.co if you want to consider Singapore (I saw another comment suggesting Singapore). i know friends/startups looking for developers here and in Hong Kong (another option). Good luck mate!
RomanPushkin 1 day ago 1 reply      
What you can do is to move to country like Ecuador (Cuenca, let's say) or Thailand, or Indonesia (Bali), or Phillipines. It's relatively easy to live there on a long term.

You can find a job on oDesk (upwork now). I did it before, I earned $3K/month and worked 5 hours a day only. It's a good money for these countries (well and for US too).

Just work remotely, live there, save money. One day you'll find a job and will legally move to U.S. (seems like you'll be qualified after 9 years of professional experience).

bmir-alum-007 1 day ago 0 replies      
To help make "ends meet," it's possible to get some food, healthcare and monetary assistance from federal, state, county and city programs, often managed by each county's social services agency.

Firstly, there's the Refugee Cash Assistance (RCA) program: https://www.sccgov.org/sites/ssa/debs/calworks/Pages/refugee...

Here are some other California refugee programs: http://www.dss.cahwnet.gov/refugeeprogram/

List of other refugee programs:http://www.visaus.com/benefits.html

Next, food aid (food stamps) is called CalFresh (req 5 yrs of residency for noncitizens)

After that, there's MediCal (state-run health insurance available at the county social services agency) (unsure of requirements)

Lastly, General Assistance (emergency cash, a pittance) (only 15 days of residency is required). You can sign up for it at a local social services agency office.

Here's the main website for Santa Clara county: https://www.sccgov.org/sites/ssa

(Beware of name clash: federal Social Security is also called SSA. I hear any sort of Social Security benefits usually takes a very long time and lots of paperwork to get.)

GA policies: https://www.sccgov.org/ssa/general/gachap06.pdf

Other California counties' websites are listed here: http://www.counties.org/

yadavrakesh 1 day ago 0 replies      
Please consider India as one possibility - I have good connections and can help you if interested.

Yadav.rakesh (at) gmail

No need to work for free - definitely not when you know how to program and build systems. We don't seem to have enough of those.

Good luck.

killerpopiller 1 day ago 2 replies      
I actually could use your help and would provide a nice shelter, food, salary in an awesome town here in Germany.

if you are interested, let me know.

mayank 2 days ago 0 replies      
Please consider having at least an initial consultation with an immigration lawyer before trying to do this. The initial consult is usually a 20-30 minute phone call and is offered for free by many attorneys. Your intentions are good, but it would be sad if you were blacklisted by immigration for any reason.
jpgvm 2 days ago 2 replies      
If the US visa doesn't work out try going to a country with less archaic immigration law. i.e anywhere else.

Specifically Australia, Canada, Germany all have working holiday visas which are flexible and would let you do this sort of thing. Generally anything to do with the US and visas is a bad day.

GigabyteCoin 1 day ago 1 reply      
I knew a guy who was hasseled entering the US with some tools because he planned to do renovations on his own house that he owned outright.

The border guards said that unless he was a citizen or had a work visa then he was not allowed to work on fixing up his own house, and would have to hire a local to do it.

tl;dr working for "just food and a place to live" is still technically working, and unless you have permission to do so it would be risky for all parties involved.

seablackwithink 1 day ago 1 reply      
Hello, upon reading this post I felt great sorrow for your situation.I have seen many scams,(I do not believe you to be involved in any kind of scam), and known many people with visa issues.. I believe you are a truthful, honest person who deserves the best...as well as having the best intentions towards others.While I am in Texas and have can not offer support at this time...I do know a few people in California and Oregon who may be able to help you...I am sending your post/email to them momentarily. Are there any other states have an interest in regarding living/working etc.?Please let me know and I will see what I can do to connect you with assistance.

Also, please keep us up to date regarding your situation.


D. Virgillo

phantom_oracle 2 days ago 0 replies      
Have you tried applying for refugee status?

I don't know if you'd be allowed to work, but instead of taking grants from the US as a refugee, you could maybe convince them that you are a skilled-refugee who is leaving your war-torn country and you would like to work instead of being given a handout.

Something tells me that the red-tape in the US won't allow this, but it is worth a shot, especially if you speak to an immigration lawyer about it.

seikatsu 1 day ago 0 replies      
There is quite a lot of US visa related guesswork going on in this thread - please do seek expert advice. In my experience the application and compliance problems look much less scary when you talk to someone who does this every day. Lawyers are expensive, but try: http://teleborder.com YC startup)

And on the global search for alternatives, should US not work out, here's some overview data of 110 most startup-friendly cities in the world: http://my.teleport.org/ -- and a mobile app for searching among them: http://teleport.org/mobile(visa data layers coming soon, too, but dozens of other cost & quality of life criteria already there)

jedanbik 2 days ago 0 replies      
I wouldn't want to hire you because I wouldn't want to get in trouble. I also wouldn't want you to get in trouble. There are alternatives being discussed here that would allow a win/win instead of a lose/lose: pick a different country, get another year of experience, and play by the rules.
rainereli 2 days ago 0 replies      
Hey USA is not the only place in the word where you can develope your self, with that CV to can try India , China , Shangia places where you can find a LOT of opportunities.
OoTheNigerian 1 day ago 0 replies      
Here are my suggestions.

1. Take a deep breath and be calm. It will be ok. You have a visa which is the option to move. you are in a good place already.

2. Think of the most stable (infrastructure and cost wise) country you can access visa free, go there and try getting a remote position in the US. With that, you can fun living a fairly stable life in the mean time.

3. DO NOT risk your B1/B2 by trying to trick the system. Aim for a maximum of 4 months/year in the US on it.

4. With your B1/B2 you can travel to Mexico and Turkey for a while too.

Finally, DO NOT risk your B1/B2 and always have a decent reason when entering. the paper you have in your passport is merely for the CHANCE to gain entry at the immigration border and not a visa in itself.

It will be ok bud!

worldadventurer 1 day ago 0 replies      
How about working for a startup tackling poverty alleviation globally, based in beautiful Cebu, Philippines? Visas here are much easier to get and the startup scene is growing rapidly. We're looking for talented full stack developers to work with Go language, Python/Django, Java, Docker, and Microservices. Our customers are doing life changing work globally, including in the Middle East. https://www.engagespark.com/about/#join . And two of us co-founders based here are from the US originally.
siddarthan_sp 1 day ago 0 replies      
Sorry to say, but I don't think what you're asking for is legal. You cannot be employed just for food/place to stay. If you need to work in the US, it's not possible with your visa (which I'm assuming is B1/B2).
iamcurious 2 days ago 0 replies      
Talk to a lawyer that actually knows the stuff. Also, if the situation looks that bleak regarding the U.S, please consider another country that gives you a better legal standing. Broaden your search. There is more to the world than North America and Europe.
jonsterling 1 day ago 0 replies      
I don't think this is even legal; I'm sorry for your situation, but you must see that if this sort of thing were allowed, it would pave the way for slavery.
rtpg 2 days ago 0 replies      
I'm not in the US, but some people here are.

What about working on some open source projects? I don't think that would fall into the danger zone of immigration law(since you wouldn't be working "for" anyone).

Alternatively, maybe a company here can offer you an internship? The visa requirements could be less.

Does anyone here know an immigration lawyer that could help this person get out of a bad situation?

humbertomn 1 day ago 0 replies      
Honestly, I think you will be more successful if you spend your time and energy looking for employers that could sponsor your visa to Australia, Canada, New Zealand, etc...

I'm from a very remote part of Brazil and I used www.seek.com.au to get a programming job in Australia in 2008.. The company ran some remote tests with me and paid for all the relocation costs. You should try this.

Also you can try to get a permanent visa even before you try to move there. You can use the Immigration Points Calculator (https://www.wannamigrate.com/tools/) to know if you have the basic requirements for these same countries.

hal9000xp 1 day ago 3 replies      
> i can't get an H1B visa because i don't have a university degree

I have exactly the same problem. I'm from Russia and I don't have university degree so I can't get H1B visa right now (but I will when I have 12 years of exp).

US is really hard country to get in.

I relocated to Stockholm, Sweden since Sweden doesn't require university degree for work permit. Software developers are in shortage occupation list.

Sweden is easiest wealthy western country to get in.

If you will bored in Sweden, you can later apply to UK (as far as I understand Tier 2 General doesn't require degree either).

You can get your job in Hong Kong and Singapore without university degree but it will be a bit harder.

So I recommend Sweden. It's better to be normal employee in Stockholm than working for food in California.

Also, don't stay for a few months in US on tourist visa. Next time they ban you to issue new visa!

maehwasu 2 days ago 0 replies      
Email sent. Let's get the ball rolling and see what you've got.
fasteo 1 day ago 0 replies      
>>>> I am doing this because i live in a war torn country

I think your best option is to ask for Asylum [1]

[1] http://www.uscis.gov/humanitarian/refugees-asylum/asylum

alongtheflow 1 day ago 0 replies      
Try O-1 Visa. O-1 visa is getting more popular as an alternative to H-1B. O-1 visa does not require a university degree, and I think you have a good shot depending on how well you put yourself out there.


rabbyte 2 days ago 1 reply      
Best of luck to you, I'm sorry for where the system has gotten in the way. If I could, I would offer.
davidbanham 1 day ago 0 replies      
You may be a good candidate for an Australian visa. Not sure where it goes, but this form allows you to register your interest in becoming a skilled migrant.


Also, there _may_ be nothing stopping you from living in the US but working remotely for a company in another country. That may be a good path to getting an Australian/European/other company to sponsor you for skilled migration.

Best of luck!

tinco 1 day ago 0 replies      
Why not just apply for college in The Netherlands? (I recommend NHL or if your sciencey Twente). Or Germany? You can live comfortably on a part time job and can use the degree to get into the U.S. if you want.
eddywebs 1 day ago 0 replies      
If you need a professional degree for potentially being able to get an H1B sponsorship, I would suggest signing up for harvard extension >> https://www.extension.harvard.edu/

Anybody can start class and you qualify to join signup for a professional degree after getting A in 3 or more classes.Good luck !

idibidiart 2 days ago 2 replies      

I like you and your tenacity.

Why don't you ask it differently so all those annoying comments trying to "help" you would stop.

What I'm thinking is this:

"hey guys,

Does anyone have a fun side project I could hack on? Would you also be so generous as to have a couch for me at your place and host me for couple of weeks or whatever time?"

I can't imagine why such a proposal would have any illegal implications as long as you're presence in this country is legal. You can also qualify the "side project" as non-commercial and "hobby"

Does that make any sense whatsoever in your situation?

Anyway, best of luck. I really hope things get better.

Take care.

meric 2 days ago 1 reply      
If U.S. doesn't work out, give Australia a try, a lot more lenient.
arunitc 1 day ago 0 replies      
With 8 years of experience, you should be able to get a H1B. Every 3 years of experience adds 1 year to your education. You need 16 years of education to get a H1B. I too do not have a degree and managed to get a H1B. The challenge is to get through the lottery.

However, as many others have suggested, I too would recommend you to try another country, where visa rules are relaxed.

seanccox 1 day ago 0 replies      
You should consider traveling to the US on your visa and then applying for refugee status: http://www.uscis.gov/humanitarian/refugees-asylum/refugees

You can contact the Helsinki Citizens Assembly or the International Organization for Migration for advice.

aivatra 1 day ago 0 replies      
Hey why don't you come to Costa Rica? you can ask for political asylum here and work for tech companies. I'm an engineer and have always worked for american companies here. Also you can try New Zealand which is very similar in tech jobs like Costa Rica.
zakvyn 1 day ago 0 replies      
China(Shanghai, Beijing) will be a good place to go to find IT job that require English communication (good pay), and don't have to worry about visa issue. Just go to linkedin, and find local recruiter there.
zkhalique 2 days ago 0 replies      
I am not 100% sure about the rules, but I think work for free is still considered work. If you have a tourist visa, you are not allowed to work for a client in the USA, even for free.

If you have all this time, why not develop an app and sell it on the internet? You can always say you're working for your own company back home.

Spoom 1 day ago 0 replies      
I'm pretty sure USCIS doesn't care if you're paid or not; the idea is that you're still potentially taking a job from an American citizen. You might want to be careful.
rebekah-aimee 1 day ago 0 replies      
Look up this organization called "World Relief." They might take you on and help you with visa troubles. This is definitely in their department and they're super nice people; I volunteered with one of their families for a while.

Good luck; we're rooting for you.

avellable 1 day ago 0 replies      
You can apply to jobs in companies which are targeting diversity and experience like Rakuten Inc. It's in Japan one of the safest countries. If you got the appropriate experience they will hire you.
thiago_fm 1 day ago 1 reply      
I advise you try to find a job in Germany. I'm a brazilian myself and got a job here.

For a skilled Ruby dev with a diploma(for a third world country, this is a requirement) you can get around here pretty easily.

slaction 1 day ago 0 replies      
Hi OP. Thanks for posting. Now let us tell why you're technically wrong about everything and we know more than you, and we've never had a girlfriend.
bradleyankrom 1 day ago 0 replies      
It bums me out that this is so complicated for you. It also bums me out that I can't think of anything I could do to help you. I hope things work out.
greyfox 1 day ago 0 replies      
if your a good programmer why not land a job and let the company you work for take care of the visa we employ many chinese workers at our company and they all stay here visa paid for by the company, there is some real world infactuality in your premise, any company who "would" want you to work for them for free, as a skilled worker, should also want to pay you and pay for your via.
logicrime 2 days ago 1 reply      
Best of luck to you, friend! Hearing of all the things you have learned and have experience in leads me to believe that many startups would miss out if they overlooked you. You sound awesome.
bayesianhorse 1 day ago 0 replies      
Consider coming to Germany. Berlin has a nice startup scene and both English and Arabic speaking communities.

I don't know how easy it is to get a Visa in your particular situation!

jane_is_here 1 day ago 0 replies      
Have you considered Canada ?It has nice people and is not as hostile to migrants as some other countries.
thobakr 1 day ago 0 replies      
There is no future in the US, just go to other country (like Canada or something in west Europe).
kevindeasis 1 day ago 0 replies      
Oh man if you only lived in Alberta. You would def be welcome to stay at my place.
eonw 1 day ago 0 replies      
go get em tiger, screw all the haters! good for you for trying to better yourself and doing it while following 'the rules'.
ThomPete 1 day ago 0 replies      
You should consider getting an O-1 visa.
rokhayakebe 2 days ago 1 reply      
Hey, what kind of visa do you currently have?
mmaunder 1 day ago 0 replies      
It sounds like the poster is on a B1 or B2 visa which allows 6 months max stay. It's essentially a tourist visa that is issued for up to 10 years with max stay of 6 months and no right to work.

It's highly likely that he will enter a few times with short stays outside the USA and then get denied entry, sent to secondary processing at an airport, questioned and be offered: A) the right to contest his case in court which will mean jail time until his case comes up or B) The option to withdraw his petition to enter the USA and catch the next plane back to his home country. Most people choose B for obvious reasons which leads to you being marched through the airport by security and put on a plane back home.

What I'd very strongly recommend is to not go around offering to work for free. If you do in fact live in a war torn country and have 'lost all your savings', do what many offshore folks do and get a US company to hire you for pay and just work wherever you are and get paid in your home country. Why the "work for free" offer and why the long story? It makes companies nervous. We like to pay people for their good work whether in the USA or outside the country, but legally and above board. You should get paid too.

Just posting a few data points regarding H1B stuff and immigration in general:

Time varies for visa processing and 10 years is not average for most immigrants (as has been mentioned). It took me 6 months from zero to green-card and 3 years from conditional residency (green card) to full citizenship. Not H1B. So it varies according to type of Visa, where you file and your country. Wait times can be found here:


Microsoft brings in H1B's at a rate of 2000 to 4000 people per year into the Redmond area.


Google about the same numbers, mostly into Mountain View:


I'm not sure I agree about H1B being indentured servitude. I'd also add that, if your intention is to become a citizen via H1B, make sure you understand how the process works before you even apply for H1B:


paulhauggis 1 day ago 0 replies      
Many people here talk about how 'terrible' the US is as a country. Yet, we see people like the OP trying everything in his power to get into the country.

It should really put things into perspective.

paulhauggis 1 day ago 0 replies      
Presumption of stupidity aaronkharris.com
494 points by garry  1 day ago   176 comments top 39
minikites 1 day ago 11 replies      
Chesterton's Fence:

> In the matter of reforming things, as distinct from deforming them, there is one plain and simple principle; a principle which will probably be called a paradox. There exists in such a case a certain institution or law; let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, I dont see the use of this; let us clear it away. To which the more intelligent type of reformer will do well to answer: If you dont see the use of it, I certainly wont let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it.

swanson 1 day ago 7 replies      
The same presumption happens for people, too. Developers tend to assume that the people that wrote the terribly messy code that you inherited were incompetent. I think a much more productive and healthy attitude is to assume that everyone was doing the best they could, given their resources, knowledge, and deadlines at the time.

That might be a false assumption (look, some people just don't care) but you gain very little by complaining and getting mad at things that already happened.

We love to complain about things our predecessors did wrong, but often, we don't do those things either :)

brandonb 1 day ago 5 replies      
To generalize: competitors in a market usually behave rationally, and what looks like "stupid" behavior from afar may actually be unseen incentives.

Which suggests a test for your understanding of a market: can you map out the incentives and explain why what looks like apparently-irrational behavior is happening?

For example, in healthcare, we waste 30%+ of the $3T we spend each year. Much of that waste is due to hospital readmissions for an ongoing condition like heart failure. Startups sometimes try to fix this by developing a special machine learning algorithm to predict readmissions and apply an intervention. But even when the technology succeeds, the business fails: hospitals charge for readmissions, so there's an active disincentive for the hospital to buy the product. (That is now changing with ACOs, and a change in incentives is an opportunity for new companies.)

tomcam 1 day ago 1 reply      
I have never disparaged my competitors, but I'm a small fry. I can say that during four years at Microsoft (1996-2000, Development Tools group) I never heard the products of competitors disparaged that way. In fact, there was a weekly presentation of competing products and invariably the interest was in where we were lacking, not what was bad about them.

Likewise when customers came to visit us at trade shows my boss would sit politely through their compliments, then immediately jump to the question "So what don't you like about our product?"

Fast forward to today. I'm friends with top people at a Really Big Guitar Company and a Huge Amplifier company. Even in private, these C-level execs show nothing but respect for products of their competitors. They are not ashamed to own and even personally use said products (especially vintage ones).

It seems to me that dissing your competitors even privately can make you dangerously blind to the challenges they pose to you, set a bad example for your employees, and also restrict your job prospects should you decide to work for a competitor one day.

jleader 1 day ago 0 replies      
A lot of people seem to be unaware that companies survive by satisficing. That is, you don't have to do everything "right" to succeed in business. You just have to do most things well enough to not fail (don't break the law, don't forget to file your paperwork, pay your bills, etc.), and a few (one?) things outstandingly enough to win customers.

We've been brought up in school to think we have to get nearly every answer right on the test in order to get a good grade (and get more than half of the answers right just to not flunk out). In the real world, getting one right answer, and not screwing the rest up too badly is often enough (and sometimes only barely achievable!).

So maybe your competitor did something "stupid" because they're stupid, or maybe it's because that thing doesn't actually matter that much, and they're focused on doing something else incredibly well instead.

dceddia 1 day ago 1 reply      
This is a great thing to consider, and I think this presumption of stupidity bleeds over into other areas of life too.

Developers: inherited code is considered guilty until proven innocent. Or maybe more accurately, guilty until you've rewritten it. Surely the old developer had no idea what they were doing.

The "other faction": Democrats/Republicans, different religions, rich vs. poor people... most generalizations about the faction you don't belong to start off with thinking "they're so stupid". "Look at those Republicans/Democrats. Can't they see that Trump/Obama is just lying through his teeth?"

Bad actors: The presumption of stupidity carries over into the way people think about computer hackers and terrorists and the like. You'll see stories about how "those terrorists are learning how to use cell phones to detonate bombs!" or how "criminals are migrating online to prey on people with phishing attacks!" The underlying assumption is that they're stupid, but getting (dangerously) smarter.

I think we'd make a lot more headway in most areas by assuming our competitors, detractors, and wrong-doers are probably already pretty smart.

thenomad 1 day ago 1 reply      
An important line in the piece:

"Of course, just because you presume intelligence doesn't mean that every decision made was smart."

I'd rephrase as follows: it's unwise to assume stupidity on the part of your competition, but it's very wise to allow the possibility of stupidity.

With the corollary that if there's an inexpensive way to capitalise on that stupidity if it exists, it's probably worth trying, just in case the thing that's walking like a duck and quacking like a duck is in fact a duck.

As a tangent to that - the chances that assumptions of stupidity are correct go up in direct proportion to your level of domain knowledge.

I see a lot of non-film people say "the movie industry does $FOO and that's really stupid", for example, and 95% of the time, they're wrong and there are good reasons for doing $FOO.

However, I also see people who know the film world (including me) say "a lot of / most filmmakers do $BAR and it's dumb" - and $BAR has a considerably higher chance of actually being a dumb, common mistake.

k__ 1 day ago 0 replies      
I had the experience, that things people identify as "stupid decisions" are often just "economical decisions"

For example, a company I worked for had the best technology, but bad UI and the competitors had good UI, but their tech was old and inaccurate.

For years we thought they were imbeciles, because they didn't update their tech and we would smash them in the future, because they cannot catch up with us.

But in the end the customers bought the software with the better UI and didn't look behind the scenes.

So their decision was logical. Why pour money and time in parts of the software when noone wants to pay for this.

brianmcconnell 1 day ago 0 replies      
The important thing in analyzing a competitor's behavior is to understand the incentives motivating that behavior.

A common example in startupland is a company whose senior management has short term incentives that reward a fast exit over long term growth. That company may very well behave in ways that appear dumb to competitors with a long term focus. But if the "seasoned" CEO and his cronies get their compensation even in a mediocre deal, why bother trying to build a company for the ages when they can cash out, rest a bit and land in a similar situation at the next gig?

csense 1 day ago 1 reply      
This sounds like an instance of the fundamental attribution error [1]. It's a known human cognitive bias to blame others' failings on internal characteristics while seeing your own situation as more of a product of external influences.

[1] https://en.wikipedia.org/wiki/Fundamental_attribution_error

jasode 1 day ago 0 replies      
When I read the essay, I thought of P Thiel's question of self-reflection that analyzes in the reverse direction:

"What important truth do very few people agree with you on?"[1]

I interpret "truth" to really be a highly-opinionated belief rather than something like "2+2=4". In other words, what factors do you believe in that would make the business model successful that outsiders would dismiss as insane or stupid?

(On trivia related note: I notice the blog as the title of "stupitidy" instead of "stupidity" so I'm not sure if there's an inside joke I missed.)


normloman 1 day ago 1 reply      
Founders presume the stupidity of the competition because they're arrogant. Silicon valley, with it's notion of creative destruction and disrupting the establishment, encourages arrogance. We're blinded by the notion that new always trumps old, so we never consider that the established industry has reasons behind how it runs.
jacquesm 1 day ago 0 replies      
I tend to err on the side of caution with stuff like this, for instance when inheriting a code-base I assume the previous author actually knew what he/she was doing. But sometimes (not often) that can work against you as well. For instance when after spending sufficient time with said codebase you realize the original writer was entirely out of their depth and this was likely the first time they'd attempted to write something this complex.

But more often than not it is the presumption of intelligence that pays off.

PaulHoule 1 day ago 1 reply      
One thing I learned the hard way is that if you are on the right track, your competitors are probably barking up the same tree and are further along than you would think baes on what is public.

For instance there was a period of many years where both Google and Bing image search were embarrassingly bad and I was able to build something far better for a certain range of queries.

It took me a year to build out my system but in that year, Bing and Google both improved dramatically, so my demo comparing results with them was no longer impressive at all.

suhail 1 day ago 0 replies      
Great advice.

I do think that you should try to think about how you might try to solve something before looking at what your competitors do. The reason being that it's easy to trap our minds into thinking that there are no other solutions unless they fit into a similar box of what's already working. Navet combined with thinking for yourself can often be a powerful reason why many startups succeed.

If your solution ends up looking similar, at least, it was likely derived from first principals vs the path of least resistance: blind copying.

jusben1369 1 day ago 1 reply      
I think this is the classic problem of advice giving that's so prevalent in the startup community today. It won't be too long until we're all praising a tweet or article that talks about only those who brashly challenge the status quo and assume the entrenched players are vulnerable, bogged down with legacy issues and fat and lazy on an existing revenue stream are ripe for the disrupting. Those who sit back and say "Well maybe there's a reason they do things this way I'm not sure" aren't bold enough and won't be the recipients of the spoils of disruption.

Not that this article is bad. It's just datapoint 107 that a founder has to reconcile with all the other competing advice.

bro-stick 1 day ago 0 replies      
Not much else to add. Presume a larger, smarter, better funded team is working stealthily in another office somewhere to kick our ass... anything else is complacency. Worse, following that path, leads to hubris at some juncture: excuses rationalizing cutting the wrong corners or shortchanging the customer that could prove fatal in a game of inches in the marketplace. There are at least a quadrillion ways to fail, and 99.997% of them will be my doing. Rational paranoia is healthy, because your product/service needs to be so well-regarded by people other than the team or supporters that it demoralizes potential adversaries that they don't want to compete. Even then, it still may not be currently as good in other key areas of focus as a competitors.

(Btw, the Thiel view of not picking fights you can't dominate and Buffett's sticking to defensible business models is a good mindset to calibrate a venture's success per risk gut perception. And with timing, team and execution you might just make something that hits.)

tr352 16 hours ago 0 replies      
Working in academia, I've experienced this too. I've read work in my field of research that I dismissed as bad work or not worthwhile, simply because I didn't fully understand them. Too complicated, strange background assumptions, not well motivated, etcetera.

Then later, while developing my own work, I find that I end up with the same complications, that I'm forced to make the same background assumptions, and I have the same difficulty in motivating my choices.

simonswords82 1 day ago 0 replies      
Great article, taking the thinking further...

Everybody watches their competitors, it's entirely natural. It's solid advice to study them, and try to stay/get ahead of them where possible. This doesn't just apply to app features, but every facet of the business across many disciplines (sales/marketing/development/back office etc).

On the other hand, building a business based solely on a competitor's business decisions and not doing your own homework is the path to madness. We might take inspiration from our competitors, but we always check in with our customers next to make sure they actually want the feature. It's also our job to get feedback on not just what we're doing but also how we're planning to do it, as our users might have unique business requirements that our competitor's users do not.

artumi-richard 1 day ago 1 reply      
I think you can generalise one more step up. Markets that look horribly inefficient may well not be.
joseraul 1 day ago 0 replies      
People may have a sense of superiority, especially smart ones. Chess world champion (and genius) Bobby Fischer once said: "My opponents make good moves too. Sometimes I don't take these things into consideration".
colordrops 1 day ago 0 replies      
This mindset can be seen in other systems of thought. There are a large number of species known to man, yet we somehow think that we are the pinnacle of the tree of life, despite the fact that this is statistically highly unlikely when only taking into account pure numbers. Considering the dimensions now accessible to us that were completely unknown even 500 years ago, it doesn't seem a large leap at all to posit that there are other dimensions we are currentlt unaware of that contain life forms in the same tree as ours that are far more advanced and perhaps even invisible to us.
lpolovets 1 day ago 0 replies      
This is so true. As a investor, I hear a lot of pitches where the founders say their competitive advantage is that they execute better (the flip side of believing everyone else is dumb is believing you're especially smart). Do you know who else claims they "execute better"? Everyone. That kind of attitude usually reveals that a founder doesn't have a real sense of what makes their company special and defensible, and is a bit of a yellow flag for investors -- well, at least for me.
mnw21cam 1 day ago 2 replies      
Love the (deliberate? ironic?) mis-spelling of stupidity in the title/url.
nitwit005 23 hours ago 0 replies      
This is probably not a correctable problem. People don't start businesses if they think the competition is highly competitive and intelligent. They start a business of they perceive a weakness in the market, or believe they have a unique capacity to succeed.
DrNuke 1 day ago 0 replies      
Uh, I was thinking this article is more business-side than operational? Easily put: a business exists if it stays afloat and fences are often the way not to go under, even if they appear stupid from outside. Many times, fences are the only common ground between sellers and buyers. Removing fences is, a lot of times, pretty stupid = you geniuses operate at a loss and survive from artificial money or VCs until you are allowed to.
Bartweiss 1 day ago 0 replies      
This is an excellent observation. When you encounter a suboptimal system, there's a substantial chance that it either produces some unnoticed benefit or results from some coordination problem that can't be overcome by "just not doing that".

In either case, successful solutions have to work around the gap in the system rather than simply charging into it.

riemannzeta 1 day ago 0 replies      
Despite the flaws in the rational model of economics and the efficient market hypothesis more generally, I have always been fond of the more humble, observant posture it gives us in considering others' behavior. The flaws in the rational model are well-known. But as a presumption, it certainly works better than its opposite.
ZoeZoeBee 1 day ago 0 replies      
This works well when considering people in your own field, you know what it took for you to get there and you can assume they've had similar experiences.

However when you are considering the general public it is best to presume stupidity and design with that in mind.

codyguy 1 day ago 0 replies      
I am confident of the value I deliver but I don't call my competitors stupid. One person being correct or a winner doesn't mean others are stupid. Maybe some people can deliver value where the competition doesn't. Could be due to some leverage or insight or creativity.
danielweber 1 day ago 0 replies      
I've experienced this myself.

Sometimes what our competitors were doing was stupid, and we ate their lunch.

Sometimes what our competitors were doing was the only way to really run things, and we had to adapt to follow them.

jhonovich 1 day ago 0 replies      
It is valuable to determine what technology, not available in the past, would cause a reasonable insider to change their decisions if they could implement that technology.
donarb 1 day ago 0 replies      
Once again, xkcd explains all.


QuantumRoar 1 day ago 2 replies      
shurcooL 1 day ago 0 replies      
Agree with the first 3 paragraphs so much, well put.
btbuildem 1 day ago 0 replies      
Those folks are just being introspective, that's all..
andyidsinga 1 day ago 0 replies      
see also: Sarah Silverman's bit on scientology and things that sound weird.
logicallee 1 day ago 2 replies      
I couldn't disagree more. When Mark Zuckerberg turned down $1 billion from Yahoo[1] when he was 22, and FB was two years old at the time, because they were "stupid and didn't get it, so they obviously were't valuing the company" properly he was right.

The direct quote is:

>Thiel described the argument Zuckerberg finally came down on like this: "[Yahoo] had no definitive idea about the future. They did not properly value things that did not yet exist so they were therefore undervaluing the business."

Yahoo's market capitalization in July 2006 was $42.51 billion. A 22 year-old presumed they were stupid, and he was right. [2]

Today FB has a market cap of $264.91B and Yahoo? Down to $35 billion after 9 years of growth.


[1] http://www.inc.com/allison-fass/peter-thiel-mark-zuckerberg-...

[2] by the way to get the market valuation at the time, I did this search: http://www.wolframalpha.com/input/?i=what+was+yahoo%27s+mark... I can't believe it worked! I used wolframalpha because this is the kind of search they promise they can answer - and they were right, they actually delivered. Nobody else on the face of the planet does this, and it shouldn't even be possible. But it is. If you think something is possible, JUST DO IT. If you think your competitors are stupid (compared to what you think you can do), you're probably right. (or you wouldn't have that thought.)

noobplusplus 1 day ago 0 replies      
Show HN: Big List of Naughty Strings for testing user-input data github.com
482 points by minimaxir  1 day ago   74 comments top 26
rspeer 1 day ago 5 replies      
Most of what I do involves the messy world of text, and I think this is a great resource. I wish the software I depended on tested against it.

I can think of a few more cases that I've seen cause havoc:

- U+FEFF in the middle of a string (people are used to seeing it at the beginning of a string, because Microsoft, but elsewhere it may be more surprising)

- U+0 (it's encoded as the null byte!)

- U+1B (the codepoint for "escape")

- U+85 (Python's "codecs" module thinks this is a newline, while the "io" module and the Python 3 standard library don't)

- U+2028 and U+2029 (even weirder linebreaks that cause disagreement when used in JSON literals)

- A glyph with a million combining marks on it, but not in NFC order (do your Unicode algorithms use insertion sort?)

- The sequence U+100000 U+010000 (triggers a weird bug in Python 3.2 only)

- "Forbidden" strings that are still encodable, such as U+FFFF, U+1FFFF, and for some reason U+FDD0

People should also test what happens with isolated surrogate codepoints, such as U+D800. But these can't properly be encoded in UTF-8, so I guess don't put them in the BLNS. (If you put the fake UTF-8 for them in a file, the best thing for a program to do would be to give up on reading the file.)

jsat 1 day ago 3 replies      
"#Server Code Injection##Strings which can cause user to run code on server as a privileged user (c.f. https://news.ycombinator.com/item?id=7665153)

/dev/null; rm -rf /*; echo"That's a little aggressive for testing no?

afandian 1 day ago 3 replies      
One fun (and very interesting) string is EICAR[0]. I worked for an antivirus company once and we had the EICAR string for testing but couldn't check it into source control because it triggered the AV software which we dogfooded...

Is it naughty to include it here?

[0] https://en.wikipedia.org/wiki/EICAR_test_file

efriese 1 day ago 1 reply      
Yeah, I would make the SQL injection and command injections test a little less kinetic =). Using a simple SELECT test, like SELECT @@VERSION, would be a little safer... Edit: Forget to say thanks! This is a pretty cool list.
tptacek 1 day ago 1 reply      
This is good. There are lots of lists like this; you might find additional strings to add to it here:


Fuzz lists are to web pentesters what drain snakes are to plumbers.

simonw 1 day ago 1 reply      
It's not completely clear to me which encoding the blns.txt file uses. Since this project is all about weird/evil bytestrings, the encoding of the file itself is very important.

Using a newline as a delimiter in that file excludes newlines from being part of the strings you are testing - but newlines are an important "naughty" character to consider. Unfortunately the same is true of basically any other common delimiter character.

Maybe base64-encoding the strings would be one way to solve for this? You could use base64-encoded values in JSON, for example.

adzicg 1 day ago 0 replies      
for anyone testing web sites, I built a chrome extension that makes things like this available in the right-click menu [1]the code is on github, so it can be easily extended [2]

[1] - https://chrome.google.com/webstore/detail/bug-magnet/efhedld...

[2] - https://github.com/gojko/bugmagnet

acehyzer 1 day ago 1 reply      
If I put this into my company's tests, we'd end up with no users... I have a lot of work ahead of me. :/
reitanqild 16 hours ago 0 replies      
Anyone knows if anything similar exists for telephone numbers?

Edit: Found this two minutes later: https://github.com/googlei18n/libphonenumber, seems to be an official Google product and Apache licensed.

thomasfoster96 1 day ago 1 reply      
Unintentionally, this also shows that GitHub is going pretty well when it comes it sanitising user inputs.
orf 1 day ago 1 reply      
Looks interesting, but the Script Injection, SQL Injection and Server Code Injection sections need a lot more samples to be remotely useful.
siculars 1 day ago 1 reply      
Nice "in the beginning..." hebrew string:

, , ,

itaibn 1 day ago 1 reply      
The list seems to be missing the simplest naughty string of all: The empty string!

(Well, the text file has empty lines separating the comments and example strings so it technically includes the empty string, but it's not in the JSON file.)

jl6 1 day ago 1 reply      
Is the scope just well-formed strings or would you consider adding binary nasties like null bytes, mal-encoded characters, or even just newlines on their own?

What about XML billion laughs strings, or parser-busting very long runs of parentheses?

hoprocker 1 day ago 2 replies      
Nice; sort of a programming complement to Shutterstock's _List of Dirty, Naughty, Obscene, and Otherwise Bad Words_[0]. So helpful to have a bunch of minds working on useful lists like this. Good to see that GitHub passes this test!

[0] https://github.com/shutterstock/List-of-Dirty-Naughty-Obscen...

userbinator 1 day ago 1 reply      
/dev/urandom can also be used as a source of random and unusual input data, as it contains by definition all 256 byte values and 65536 2-byte values, 16M 3-byte values, etc., and should eventually output every possible string.
joelcollinsdc 1 day ago 0 replies      
Great list. A few questions:

* How could this be used to test 'corrupt' characters? Isn't the process of savign the file itself as UTF-8 un-corrupt...the file?

* Is there some recommended way to group these into "strings that should pass validation" versus "strings that should fail"... or is that too application-specific?

pbnjay 1 day ago 1 reply      
If you really intend this for use in testing, I'd suggest making the injections less nasty. I could easily see a junior dev slapping this in and deleting some important stuff.

I'd also add more invalid UTF encodings and embedded null bytes, etc. The JSON format would be preferable to plain text for that though.

x0 1 day ago 0 replies      
I absolutely love strange unicode strings. It's handy if you ever want to find out what a server's running. One time, I put a bunch of emoji's in a GET param of a Google site, then got a big Java error page. I had no idea Google ran Java.

Edit: Another one that tends to be fun is [] in the param, like http://example.com/?get[]=[].

And you can things inside, like http://example.com/?get['"%05<!]=[%FE%FF]

nradov 1 day ago 0 replies      
For more great examples of "naughty" strings see the Twitter @glitchr_ account.https://twitter.com/glitchr_
webo 1 day ago 0 replies      
I don't deal with user input validation, but any resources for reading about handling various inputs like the ones in blns?
TallGuyShort 1 day ago 0 replies      
I don't recall exactly where this was, but I know I've worked with an API before that sometimes dropped requests, and it was because some randomly generated data included 'naughty text' like 'xxx', or profanity. I was expecting a dataset intended to catch this problem...
homakov 15 hours ago 0 replies      
Should be 1 long string, then if something fails use bsection
rectangletangle 1 day ago 0 replies      
This should be really handy for fuzz testing, nice work!
ivanca 1 day ago 0 replies      
Complete AI is no the hardest problem in CS, parsing text is. Joking aside this reminded me of that CSS vulnerability that allowed attackers to read peoples mails: http://scarybeastsecurity.blogspot.com/2009/12/generic-cross...
ck2 1 day ago 1 reply      
OT but is there a way to see projects with the most stars on github?

This one seems to be skyrocketing.

Oh here we go, and lookie who is at the top: https://github.com/trending

The Hamburger Menu Doesn't Work deep.design
467 points by networked  1 day ago   171 comments top 50
weinzierl 1 day ago 0 replies      
I researched this topic a few days ago and beside the (excellent) article from James Archer, I found the following links worth reading:

 Why and How to Avoid Hamburger Menus[1] Hamburgers & Basements[2] An Update on the Hamburger Menu[3] The Hamburger is Bad for You[4]
A bit off-topic, but the Hamburger icon was actually invented at Xerox PARC[5].

[1] https://lmjabreu.com/post/why-and-how-to-avoid-hamburger-men...

[2] http://jxnblk.tumblr.com/post/36218805036/hamburgers-basemen...

[3] http://jxnblk.tumblr.com/post/82486816704/an-update-on-the-h...

[4] http://mor10.com/hamburger-bad/

[5] http://gizmodo.com/who-designed-the-iconic-hamburger-icon-15...

abalone 1 day ago 5 replies      
It's very interesting that Apple just adopted a hamburger menu for their apple.com redesign (mobile version). They even told everyone not to use hamburger menus at last year's WWDC! [1]

[1] WWDC 2014 Session 211 Designing Intuitive User Experiences @ 32:00, available here: https://developer.apple.com/videos/wwdc/2014/

Addendum: It's a responsive design so you can see this even on a desktop browser just by shrinking the width of the window. The top menubar collapses into a hamburger.

Addendum 2: Illustrated transcript here: http://blog.manbolo.com/2014/06/30/apple-on-hamburger-menus

dperfect 1 day ago 7 replies      
Before hamburger menus became popular, weren't people complaining about the exact opposite problem? That is, if you break out the menu items into more prominent interface elements (e.g., tab bar items), then you're at risk of cluttering your visual design with less-common functions. As in all things design, I suppose a balance needs to be found, but I personally don't find anything wrong with a hamburger menu per se.

Almost everything has or needs something like a hamburger menu somewhere. Can it be abused? Yes. Does that make it inherently bad? I don't think so.

WorldMaker 1 day ago 1 reply      
One of the things that I felt Windows Phone 7 and 8/8.1 in their design language did well was encouraging designs that were better than the hamburger (pivots and sprawling "hubs" that encourage you to explore in two dimensions; app-bars with ellipses).

It's interesting to see Hamburger menus bleeding back into the design language with Windows 10. It seems a strange, sad concession to meeting Android/iOS designs and even Desktop designs (with their million year old menu bars) "half-way". That said, one of the interesting twists that Windows 10 designs thus far tend to put on the Hamburger menu is that secretly in many cases the Hamburger icon is just a replacement for the Windows Phone 8's App Bar ellipsis:

The items on the bar show just icons at tablet size or lower and the Hamburger simply reveals app labels and maybe (rarely) lesser used text-only options. (At larger than table sizes sometimes the bar defaults expanded rather than condensed.)

This roughly corresponds with the Facebook suggestions in the article here.

The interesting differences to a WP8 app bar are that the W10 hamburger "app bars" have mostly gone vertical and the hamburger is a toggle rather than the WP8 app bar ellipsis was a "slide".

It will be interesting to see how this design language continues to accrete/evolve as Windows 10 Mobile gets closer to launch.

freshyill 1 day ago 5 replies      
It is almost always preferable to have all of your options available to the user at all times. However, it's very important to make the distinction between apps and websites when talking about a hamburger menu.

A tab bar is great in an iOS app with a limited scope of functionality. That just doesn't work a sprawling news site covering dozens of topics. A small, product-focused website may even be able to get away with showing all of their navigation options at once. For many sites, however, it's unfortunate, but sometimes you just need a well-organized junk drawer inside a hamburger menu.

corysama 1 day ago 2 replies      
My summary. Tell me if I missed something.

Hey, designer. I know screen real estate on mobile is extremely limited. I know it would be really nice to fill the whole screen with content and just have a little, square, "more" icon tucked in the corner. I know you've tried to establish the hamburger icon as the universal "more" icon.

Too bad. Users aren't catching on as quickly as you'd like. They don't notice, understand or utilize the icon. Even if they do notice and understand, an ambiguous "more" is dramatically less engaging than explicitly showing what they can get. A "more" icon is asking them to expend effort up front exploring your interface with no clear reward in sight. So, they don't bother. Like, a measurable 50+% drop in engagement don't bother.

So, stick to tab bars as much as you can. It seems like a waste of screen space. But, the results still seem worth the cost.

mark242 1 day ago 3 replies      
James Archer, author of the piece, is Chief Creative Officer of both Crowd Favorite, and Forty, both of which use -- surprise -- the hamburger menu in their mobile sites. Is this another case of "do what I say, not what I do"?
oneeyedpigeon 1 day ago 1 reply      
Chrome has a hamburger menu, even on a huge desktop screen with plenty of room for a proper menu. OSX has an excellent universal menu which, due to consistent placement, behaviour, and content, provides a high level of usability. Chrome's hamburger menu duplicates some - but not all - of its functionality, and includes some bonus functions not available in the main menu at all. It also has a submenu named - and you might want to check this yourself, because it's pretty hard to believe - "More tools".

The main menu would be absolutely fine on its own; I think the hamburger menu is present because it's present on Windows, which - of course - doesn't have a universal menu. Still, I'm not letting Google off the hook here. These flagrant abuses of usability are things that the average undergrad should be able to identify, yet one of the biggest companies in the world can't? Disappointing.

masswerk 1 day ago 1 reply      
> "and its consistent with the logic of the progressive disclosure design pattern."

And this is the crucial misinterpretation. Progressive disclosure as defined and used by Xerox is about objects and related actions. And it's all about visible objects! [1]

(Mind the classic example of a square in a drawing application: Clicking the shape discloses editing functions and displays handles to size the object.)

And here is the real problem: The hamburger icon as used today has no other object but the global context. By exposing context to the global context, it's a mere apropos without an object the user might relate to.

When Norm Cox designed the original icon for the Xerox Star user interface, it was a visual anchor for a menu revealing contextual functions to the visible content of the document. (Like selecting rows, etc. [2]) This is notably something else than the global, quite abstract context of a site navigation, disclosing navigational functions to address off-screen content.

Today's hamburger icon is just a paradigmatic misunderstanding.

[1] "A subtle thing happens when everything is visible: the display becomes reality. The user model becomes identical with what is on the screen. Objects can be understood purely in terms of their visible characteristics. Actions can be understood in terms of their effects on the screen. (...) In Star, we have tried to make the objects and actions in the system visible."(Designing the Star User Interface; David Canfield Smith, Byte, Issue 4/1982)

[2] Compare: http://g.recordit.co/8Q5oAYCaVx.gif(Outtake from a ACM CHI 1990 conference video, https://vimeo.com/61556918. Mind that the window-less bar at the top represents the global system as opposed to the document window below and its menu button(s).)

pxlpshr 1 day ago 1 reply      
It should be obvious to most designers that critical features of your product should not be buried or hidden.

I disagree with this article that hamburger menus should be burned to the ground. I think it's useful for tucking away secondary or tertiary functionality.

* Facebook still uses it for accessing your friends list. With smartphones growing in physical size, there is more vertical real-estate to bring the tabnav back.

* Despite it not working for NBC, it seems to be working well for New York Times and not yellow. And I actually really like NYT's new page layout.

* Google Maps uses it also not yellow.

danneu 1 day ago 0 replies      
The hamburger menu's entire value is that it's a simple default that you can generalize even programmatically across all websites. It's why the frameworks mentioned in the article can implement it for you. It's a place to start.

But it requires some deliberate thought, effort, and app-specific solutions to replace it with something better, and that planning makes you answer all sorts of hard questions you might've not ever had to answer about your website/product, like "how are my users actually using this?"

I'd wager that everyone agrees that their own site's hamburger menu is a sore spot, suboptimal.

But the next rung up is a taller order than these types of articles admit.

I think a good follow-up blog post would be "Design patterns for escaping the hamburger menu" that showcases a variety of real-world approaches.

makecheck 1 day ago 1 reply      
Long before these mobile menus appeared, an icon with a series of lines always meant "drag here" (e.g. in a desktop app, inside a resizable divider or a size box).

My first impression of these was therefore to try to grab them and pull, as if to slide the bars that they appear on. Unfortunately, even now, most implementations of "hamburger menus" do the worst possible thing when you try to slide them: nothing at all.

And then there's the weirdness of seeing them on the desktop where there is plenty of space. It's the same frustration I feel whenever I see a desktop app force content into a tiny, non-resizable box with scroll bars on a 1920x1200 screen! If I have the space, I really, really want to use it. Any design that refuses to expand to available space is simply wrong.

DanSmooth 1 day ago 0 replies      
I might be missing something but the first Facebook example used in the article seems wrongly applied to this problem. They just transferred the menu bar to the bottom. All the icons, which were at the top, are now just located at the bottom. They are now easier to see - the text doesn't hurt also, and probably easier to use (no conflict with the phones top-bar), which could be the explanation for the observed results. The only difference I can see is the switch of the hamburger at the top with a search icon.

Nobody ever asked me - for obvious reasons, because I might be blind - but I'm partial to an icon where you have a + sign ("additional" items) on top a V ("directional clue"; could be pointed in other directions for a pull-up menu for example) to form some sort of arrow.

unabst 9 hours ago 0 replies      
Regarding NBC, their failure wasn't in the hamburger menu itself. They didn't use it properly.

Their design had what looks like a menubar which is the precise anti-pattern to a menu-button. Those items, and what is showing already as top page content, is guaranteed to catch everyone's attention first. Those menu-button items are not only hidden and require an extra click, by design they have been made less important. And since so many sites have de-cluttered themselves by simplification, users' first impression is that they got rid of everything for the better... except it wasn't what they did, so basically everything under that menu was unreachable.

Two things would have been better. First, they could have kept the menu icon but had it expanded on the top page so that people would see those items as top page content, and also make the intuitive connection that there was a button that's associated with them. When the reader goes deeper, the menu items could then safely be hidden, with the user intuitively fetching them via the button as needed. Second, they could have given the button a name, instead of use the icon. For example, Amazon's "shop by department" button is the equivalent of NBC's hamburger menu. But since they have a menubar, instead of having a menu-button on a menubar, they put a menu-item instead by giving it a name and an equal member of the top selection. This upholds the primary design pattern in use.

NBC's designers went for the hamburger without knowing how to use it or understanding what made it popular. You cannot mix competing philosophies and color is no substitute for broken intuitions. Even now that they settled for the menu-bar, they don't have an at-state, under "more" we see the same items in the menu in different order, and they use the pinned menu that doesn't go away even when you scroll -- a design already falsified by the frame paradigm of 1999.

johnatwork 1 day ago 0 replies      
Another good observation on this by Luke Wroblewski. http://www.lukew.com/ff/entry.asp?1945
asgard1024 20 hours ago 2 replies      
I hate the Nondescript Icon Movement. The Hamburger should die together with Three Dots, Angle Brackets and other geometric shapes that have a chutzpah to call themselves icons. Not to mention they killed the Tooltips!

These things don't appear in the vacuum - the Hamburger Menu originated from the Celtic Knot Menu, which was originally at the end of the Ribbon. The Ribbon itself confused the use cases of the Menu and the Toolbar, and was rightly criticized for that.

I am just learning Emacs and it's a little paradox that this aspie guy Richard Stallman is the one who got so many things around the UI right. We are unfortunately confusing "easy to learn" with "dumbed down so much there is nothing to learn".

declan 1 day ago 2 replies      
My co-founder and I debated whether to use the hamburger menu for our iOS and Android apps (currently in beta -- https://recent.io/).

We decided to keep the hamburger menu on both platforms for launch. Our reasoning was that it's a common UI convention and our primary navigation options -- Home, Recommended, Hot News, Local News, and topics -- are visible in the extended app bar. An option to follow additional topics appears inline in the Home tab.

So the three functions that are only accessible through the hamburger menu are bookmarks, history, and settings, which seems like a reasonable compromise. You could use our app fully for a year, albeit with the default settings and no bookmarks/history, without ever seeing the hamburger menu.

Analytics shows that the hamburger menu is used frequently by our beta users, so I'm fairly confident that we made the right choice. On the other hand, the new YouTube Android app -- which had more in its hamburger menu than we do -- has moved in the opposite direction and eliminated it.

kenrikm 1 day ago 0 replies      
In my apps I generally use the Hamburger menu to hide stuff that's required but not used very often. (Settings, legal agreements etc..) Since engagement is lower for these things anyway it allows you to have them there if needed without cluttering the main content that should be the focus.
ggchappell 1 day ago 1 reply      
Dare I suggest that the "gear" menu, so ubiquitous on Google pages these days, suffers much the same problems as the "hamburger"?
cwyers 23 hours ago 0 replies      
> Here are a few reasons why the design industry is having trouble giving up the hamburger menu:

list of reasons people are doing dumb thing, mostly blaming the people

Can we be honest here for a second? The reason people are still using hamburger menus is because people have to make things work for phones. Phones with screens that are vastly smaller than the screens on even the smallest laptop, even for people who are hauling around the biggest phablets they can find. And people with phones want to visit the same websites they visit on their computers and there just... isn't... room. The hamburger menu gives you close to double the space to work with, from a UI point of view.

The alternatives presented are partial solutions. It may well be true that more people are reaching for the hamburger menu than truly need it. But the tab bar example from the article only scales up so far before it stops being a valid solution. And I don't know if there is a really good answer that doesn't involve rewriting the web from the ground up.

kazinator 1 day ago 1 reply      
The desktop Firefox has one of these. It's been quite unintuitive. It contains some commands depicted by icons, which constitute an overlapping set of the functionality under the regular F)ile menu, like "New Window", "New Private Window", "Print" and whatnot. But there are commands that appear in other menus: the monkey wrench Developer icon appears to have similar content to "Tools/Web Developer".

I think what we are supposed to understand is that this Firefox Hamburger Menu (FHM) is really a TOA: Toolbar Overflow Area. It's a repository of icons for doing arbitrary things.

Its Customize button at the bottom invokes exactly the same UI as View/Toolbars/Customize: a big view where you can move icons between an editable version of the FHM, the browser toolbar, and a repository of available tools (shown in the main pane as a large area).

So any item that can be on your toolbar can go into FHM, including bookmarks. Hence: TOA: toobar overflow area for items you don't use much.

It would be better if they initialized it empty, and if it somehow clearly communicated "Hey, I am a toolbar overflow area: put stuff here that would go on the toolbar that you don't need so much, when you don't have space on the toolbar."

k_sze 1 day ago 0 replies      
I cannot agree with the car analogy.

There are two reasons why the signs on the highway are so prominent:

1. When you are driving a car, you are basically meat bags inside 1.5+ ton collapsible metal cages moving around at 30+ or even 100+ km/h. One wrong move and meat bags risk being injured or killed. That's why the signs need to be simple and prominent.

2. A highway network has one and only one purpose: to transport people and things around, so the number of things that you can do on a highway network is inherently rather limited, which is why you can make decisions fast: go faster, go slower, stop, yield, merge, change lanes, exit a ramp, enter a ramp, turn left, turn right. That's why the signs can be simple and prominent.

Neither condition applies to websites in general:

1. If you lose your way on a website, you generally won't injure or kill anybody.

2. Websites generally don't have one and only one purpose, the number of things that you can do on a website cannot be expected to be limited. You could argue that the website menu should have one and only one purpose - to bring visitors to various pages - but that's not always true either.

kriro 22 hours ago 0 replies      
The main takeaway (which should be obvious) is that you should test your navigation and probably test it a lot. It is very important and it does matter. I've caught myself thinking of it as a pesky thing and I'm not a designer and usually don't optimize for pretty because well I'm not good at it. But the fact of the matter (imo) is that focusing on content and navigation until you get them perfect is the best approach."Silly" exercises like card sorting early with potential users (or regularly for an existing site) are actually pretty solid methods to improve sites and apps greatly.
leepowers 1 day ago 0 replies      
Or in short: Having a single, minimalistic hamburger icon doesn't convey enough information to be useful. It may be possible to improve engagement metrics by using informational icons and titles. None of these statements are particularly controversial.

So, should we web developers start ripping out hamburger icons on our sites. NO. Avoid groupthink. Implement and test layouts that produce measurable results. Removing hamburger icons is no panacea. What are the users doing? What does the data say? If cargo cult thinking produced an over-reliance on a single navigation icon, we aren't going to solve anything by snapping back in the other direction.

Also, there's a difference between a hamburger icon and a drawer menu. On mobile devices a drawer menu is still a fantastic way to reveal additional navigation options without a page reload over a (potentially) slow network connection. Stuffing a navigation list into drawer menu is an easy solution. But it may produce poor results.

michaelpinto 1 day ago 0 replies      
I think the real question should be: Are users using the hamburger menu and do they know what it means?

Also this may not apply to apps, but on the web the hamburger is an indirect result of responsive design techniques where a navigation menu has to compress due to limiteds screen real estate in mobile.

But the funny thing is that as a designer I hate the hamburger because it does feel like a hack. Yet I can see the popularity is due to trying to have something work on both mobile and desktop.

In fact if you look at mobile only apps they tend to avoid the hamburger trap (example: Instagram) but if you look at any app with a desktop legacy (example: Facebook) you almost have to need it (unless you are willing to cut features or make a suite of apps).

rch 1 day ago 0 replies      
I think of it as the 'menu of last resort', that should never be a primary navigation element. In that sense it works just fine.

I might also refer to it as the 'vent', since it seems to heat up after a few months of not restarting my browser.

emodendroket 1 day ago 1 reply      
The neat thing about UI is that even bad designs eventually become the best ones as people get used to them and recognize them. The hamburger menu appears on a bazillion sites and it's going to be familiar to most users soon if it isn't already.
davnicwil 1 day ago 1 reply      
> As a last-ditch attempt to solve the problem, they made it yellow

Amazing! I could almost write a script for the meeting in which that solution was decided upon.

Rough sketch:

Idea is proposed by one individual at level N in the hierarchy. Some cursory justification is provided, based on theory from a design article they read, they think, or maybe it was a youtube video - doesn't matter: Yellow attracts attention! Green makes people want to proceed! Red makes people want to stop! It's so obvious.

Numerous objections are raised by individuals at level < N in the hierarchy, who have a fairly deep understanding of design and have thought a lot about the problem. The objections are considered briefly, and then summarily ignored.

Meeting concluded.

AlwaysBCoding 1 day ago 0 replies      
Just use a tab bar where the right most tab is "more" and that brings up more navigation options. Can still have more than 5 nav links and avoids the hamburger menu, you can thank me later.
jbob2000 1 day ago 0 replies      
I think the point was not to use the hamburger as a "catch-all". It's easy to just chuck features in there without thinking about how the users will truly interact with them.

The point I took away was that menus should have logical, semantic purposes, and common functions shouldn't be buried inside them.

capex 1 day ago 0 replies      
In a substantial app like Facebook or Spotify, the hamburger menu is still there, in addition to the thumb-able tabs. Large applications have a significant navigation structure, and you can't reduce them to 3 or 4 tabs. While the OP's arguments are good, is there a valid alternative?
tomphoolery 1 day ago 0 replies      
The fact that designers think this icon looks like a hamburger is the real problem with design these days. ;-
smcl 1 day ago 0 replies      
This example from the article still has a hamburger menu, just in a different location:


detrino 1 day ago 0 replies      
Reading this article I instantly saw parallels to Gnome 3 and it reminded me what a usability nightmare it is.
oompt 1 day ago 0 replies      
Shit parallax doesn't work either.
coldcode 1 day ago 0 replies      
It shouldn't be the only thought you have. The pluses are that people are used to it; sometimes common usage is better than inventing something unusual. But design should involve thinking about what people are trying to do with your app rather than starting with some design idea.
mark_l_watson 1 day ago 0 replies      
I like the hamburger icon because (I think) almost everyone who would read my web sites (technical stuff) knows what it is.

I agree that if the hidden menu has very few options then it is a good idea to have everything visible but that is not feasible for more than a few navigation options.

prawn 1 day ago 0 replies      
I generally use "Menu" alongside the burger icon to remove ambiguity, and still show 2-3 primary nav options alongside to minimise loss for those who don't use it.
GolfJimB 19 hours ago 0 replies      
Awesome! Redesigning away the hamburger menu on my site immediately.
doczoidberg 1 day ago 0 replies      
hamburger menu should only contain notbso often needed actions. There can be additional buttons in the GUI. Simple as that.

also most android apps support swiping from the border which gives the user a quick access to actions not using any space. The author doesn't mention it?

malkia 1 day ago 0 replies      
ilaksh 1 day ago 0 replies      
I thought it was about food. I'm going to In-N-Out anyway.
InclinedPlane 1 day ago 2 replies      
Here's the core question, is this a permanent or temporary problem?

I remember back in the early years of the web (mid to late '90s) and one of the most important factors in designing websites was realizing that users don't scroll. They just didn't, and if your site design relied on that fact then you'd be screwed. But users learned to scroll, and now scrolling is perhaps the most important and most universal method of interacting with the web. In another 10 years will the hamburger menu become so well known and universally relied upon that not doing it will hurt your usability? Or are there fundamental reasons why it will never be good?

vacri 1 day ago 1 reply      
Why do designers gravitate to extremes in these fads? Skeuomorphic! Flat design! Everything in the hamburger menu! Nothing in the hamburger menu!

What's wrong with moderation? Day-to-day navigation elements shouldn't be in a hamburger menu (also, an extra 'click' for common tasks is bad), but there are plenty of non-everyday things that can go in there.

mynameismonkey 1 day ago 1 reply      
They really don't. Here's a bunch of A/B test results:

http://exisweb.net/menu-eats-hamburger and followup http://exisweb.net/mobile-menu-abtest




Anecdotally, I don't use a ton of mobile social apps, and the first time I encountered this icon I thought it was some weird play on an equals sign. Never occurred to me it was a menu. Now my own dev team is using it and for some bizarre reason I cannot convince them to stop.

Marazan 1 day ago 0 replies      
Animats 1 day ago 1 reply      
natch 1 day ago 1 reply      
Lawrence Lessig wants to run for president in an unconventional way washingtonpost.com
422 points by nkassis  12 hours ago   184 comments top 32
rayiner 12 hours ago 8 replies      
Some of his ideas are great (particularly trying to take on gerrymandering), but I think on the money issue he's nearsighted.

> He launched Mayday PAC to much fanfare in the spring of 2014, billing it as the "super PAC to end super PACs." But it failed to play a decisive role in any race that year.

As Lessig found out, money by itself cannot buy power. Money is a means for magnifying the impact of forces that are already in play.

Consider, for example, climate change. During the last debate of the last Presidential election, Barak Obama was falling over himself to be more pro-coal than Mitt Romney. Was it because he hoped to court the coal-industry lobbyists and turn their firehose of political spending in his direction? There wasn't a chance in hell of that happening, and he knew it. He did it to court the voters in central and southern Illinois whose livelihoods are dependent on the coal industry there. We're a sprawling suburban nation addicted to cheap gasoline. Energy companies would have tremendous power even if they didn't spend a penny lobbying.

The same is true for banking and finance. People complain about fancy financial instruments, but at the end of the day main street businesses are utterly dependent on payroll loans, consumers are dependent on credit cards, and everyone wants to get a fat adjustable-rate mortgage so they can buy a big suburban house. Do you think banks need to spend any money lobbying to sway politicians in their favor?

And I'll also go out on a limb and suggest that money being a factor in politics isn't as bad as it seems. At least when money can influence politics, the noveau-riche can upset the old guard. Consider the auto industry. Traditional carmakers don't need to spend money to buy political power--the fact that they employ hundreds of thousands of middle-class workers guarantees that. But as traditional cars decline, and the Teslas and Googles of the world remake the industry, it's probably a good thing that those companies can use money to overcome the inertia and political mindshare of existing car companies.

p_monk 1 hour ago 1 reply      
If the problem is that monied interest control policy, "getting money out of politics" doesn't solve the problem.

Look as Israel as a cautionary tale of a country that did everything right according to the liberal prescriptions. Regardless of implementing everything that Lessig calls for, monied interests still control the political system.

How does it work?

Well, take a look at Sheldon Adelson's actions. In the US, he buys his influence by being one of the biggest GOP donors. In Israel, he buys his influence by operating the largest daily newspaper (Israel Hoyim), which he runs at a loss of 20+ million a year. Israel Hoyim is the mouthpiece of the Netanyahu government. The paper never strays from the party line, in the same way that Granma never strays from party line in Cuba. This gives Adelson a tremendous amount of influence over the government. Even moreso than he's able to buy in the US. Billionaires will always find creative ways skirt the rules and buy their influence.

ipsin 11 hours ago 1 reply      


I will be surprised if he doesn't reach his $1M goal, and much more surprised if anything substantive comes of the effort.

The "launch and resign" plan smells bad -- it seems like a hack to avoid having a complete platform, implying that the government will lack a leader during that interval, and using that as motivation to pass the act seems like a bad idea. It also raises the question of who the real VP would be.

njharman 11 hours ago 4 replies      
"Lessig said he would serve as president only as long as it takes to pass a package of government reforms"

Well that will take longer than two terms. Congress doesn't even play along with the people who are incahoots in rigging the system. It's beyond ridiculous to believe they will play along with their own destruction.

cryoshon 11 hours ago 1 reply      
Hm, hopefully he won't act as a spoiler for Bernie. A Sanders-Lessig ticket would look pretty good if Bernie can't get Warren. Bit early in the game for that chatter, though.

Lessig still isn't a household name, so I think it's far too late for him to participate in this election cycle as a real candidate. That being said, he's also imperfect as a candidate for a few reasons. Lessig is really good at presentations and speaking eloquently, but he still doesn't quite rile people up in the way that is needed for his kind of insurgent campaign (against who, exactly?). Lessig also doesn't have the cash to get noticed nationwide. He's setting goals to raise a million, whereas Hillary is planning a billion dollar campaign, and the Republicans are likely planning a several billion dollar campaign for whoever they pick.

Also, an elephant in the room: the issues Lessig is running on (campaign finance reform, voting reform, ending gerrymandering) are not actually non-partisan in the way that he is trying to market them. Everyone (everyone!) knows that campaign finance reform, gerrymandering, and voter reform are the left's issues.

Why? Because the right in the USA needs voter exclusion and balkanization(via the false issue of voter fraud aimed at poor populations) in order to win elections. Campaign finance reform is similar; big money influences both sides heavily, but they favor the right for their business-friendly disposition. Big money favoring the right wing means that prospective candidates from the left are also vetted against how business friendly they are, pulling the mainstream left wing toward the right wing, assuming that candidates act rationally and take the money for grabs.

This series of behaviors ultimately results in the far-right wing business cartel promoters that currently comprise Congress. Claiming that Lessig isn't some kind of far-left (for the US) candidate is a tad disingenuous, even if he actually believes it. A popular and well-moneyed Lessig would be a huge threat to big money's influence on politics, to be sure-- in the way that Sanders is currently.

lvs 12 hours ago 3 replies      
This may sadly pull some critical primary voters from Sanders, who stands in an ideologically similar area, assuming Lessig picks up any steam at all.
JayHost 11 hours ago 0 replies      
I made 500 phone calls for Mayday last year on their behalf.

This is not Win / Lose or Patriots vs Seahawks.

This is forcing the most important issue to be confronted on the big stage.


ekianjo 12 hours ago 5 replies      
> "We have this fantasy politics right now where people are talking about all the wonderful things theyre going to do while we know these things cant happen inside the rigged system.

Followed by:

> Lessig said he would serve as president only as long as it takes to pass a package of government reforms and then resign the office and turn the reins over to his vice president. He said he would pick a vice president "who is really, clearly, strongly identified with the ideals of the Democratic Party right now,"

So, wait. You don't want the "System", yet your Vice President is basically a member of the Democratic Party which is part of the precisely bi-party, rigged System right now ?

Makes a lot of sense if you want to perpetuate the said rigged System.

ZoeZoeBee 12 hours ago 1 reply      
It would be nice if the article articulated his ideas for change, other than just overturning the Citizens United decision. For decades the public who haven't been lulled to sleep have clamored for Campaign Finance Reform, increased Limits On Lobbyist, and Transparency.

What did we get. Citizens United, lobbyists writing 10,000 page laws riddled with loopholes, and Bills and Administrations which do the exact opposite of what they say.

jedberg 12 hours ago 1 reply      
Most people don't care enough to care about or understand how important campaign finance is, so it's unlikely he'd even win the nomination, but hopefully he can get enough support to at least get into the debate and bring the issue to a wider audience.
tlb 10 hours ago 1 reply      
"I will be leader just long enough to institute the necessary reforms" has led to lifelong dictatorships in other countries. Lessig doesn't seem the dictator type, but that particular promise should scare students of history.
arxpoetica 12 hours ago 2 replies      
What if one likes the ideas (possibly?), but isn't a Democrat?

Makes it difficult when one doesn't like the VP.

elihu 9 hours ago 0 replies      
I'm having trouble imagining any outcome other than drawing votes away from Sanders. Even if he were to win the primary and the general election, congress is very unlikely to budge.

> "Even if she did say exactly the right things, I dont think its credible that she could achieve it because she and the same thing with Bernie would be coming to office with a mandate thats divided among five or six different issues," Lessig said. "The plausibility of creating the kind of mandate necessary to take on the most powerful forces inside of Washington is zero. This is what led me to recognize that we have to find a different way of doing this.

I don't agree with this logic, that "policital capitol" is split among multiple mandates, and that having more mandates makes you less likely to achieve any of them. Having a position on many issues just means that more voters have a reason to vote for (or against) you. Many of those positions are expected of someone running for office under a certain party, and not stating a clear policy preference doesn't usually win you votes from the other party, it loses you votes from your own party.

I think Lessig's efforts are better spent continuing to advocate for an article V convention and influencing congressional elections via the Mayday PAC.

nkurz 11 hours ago 4 replies      
What't the advantage of Lessig's win-reform-resign approach rather than convincing a more electable candidate to commit to the same reform? If there is enough public support for Lessig to win the election, presumably there would be enough support for another candidate with more outside support (such as his designated successor) to win with the same platform.

The main reason I can see is that Lessig himself views his promise of reform to be more reliable than any another candidate's promise. True or not, I think it would be difficult to convince the general electorate that he should be trusted more than any other candidate.

drjesusphd 12 hours ago 0 replies      
This is interesting, but I have a hard time seeing how being a transparent office holder (through voter referendums) would work for the office of POTUS. I can see it working well as a legislator and would prefer a system where one of the houses of Congress is direct referendum.

I think it would be far more interesting to completely "vacate" the office and do nothing, without formally resigning. The point being that elected officials have far less power than people think. I think the executive would function largely the same without a president or vice.

drivingmenuts 11 hours ago 0 replies      
It's a interesting idea, but hopelessly doomed. A viable candidate needs to articulate on many issues, as The President doesn't have the luxury of only focusing on a single issue. There's a whole cabinet full of people who run departments that he needs to have potential policies to put in place.

As a potential spoiler candidate, it might work by forcing more attention to campaign financing reform, but it's hard to take him seriously beyond that.

fractal618 12 hours ago 0 replies      
Registered Independent voter here, he's got my vote.
kuni-toko-tachi 8 hours ago 2 replies      
The problem isn't money in politics, the problem is government. Nearly all taxes that don't fund a very limited set of government functions should be completely eliminated.

Your tax money is what gives politicians power. Leftists want more government, more taxes, and centralization of power into the hands of even fewer politicians and yet are puzzled - dumbfounded even - why things are "working". Bernie Sanders is a Hugo Chavez, a fool.

pbreit 7 hours ago 0 replies      
If it wasn't so frowned upon for Electoral College electors to "change" their vote, wouldn't that enable more "third party" runs (which would be "a good thing")?

I'd actually like to see Trump or Lessig run but people are so worried about a like-minded candidate leading to their party's loss.

alwaysdoit 12 hours ago 0 replies      
I wish he would just run conventionally.
kevinpet 7 hours ago 0 replies      
I guess we've now discovered our generation's Ralph Nader.
toyg 12 hours ago 4 replies      
Depressing. The whole project basically ensures he won't be elected (who wants to vote for a President who will not rule?), he's just looking for some quick exposure.

It would have been more intellectually honest to do what Jeremy Corbyn has done in the UK: running wholeheartedly, albeit assuming he won't be elected, just to inject a range of ideas in the debate.

Apocryphon 7 hours ago 1 reply      
Would Lessig be an ideal "hackers' candidate"? Hypothetically, would he pardon Snowden and go after the NSA?
joe5150 10 hours ago 0 replies      
"Lessig said he would serve as president only as long as it takes to pass a package of government reforms"

So in other words four years, eight if he gets re-elected.

Awfully roundabout way of saying that....

anonbanker 5 hours ago 0 replies      
He'd never win.But he's got my vote anyway.
pbreit 7 hours ago 0 replies      
Warren or Sanders? That's a non-starter. Those two are outlandish even to this progressive.
gweinberg 12 hours ago 1 reply      
He lost me at Sanders.
smacktoward 11 hours ago 1 reply      
PythonicAlpha 12 hours ago 0 replies      
For those, that do not yet know "Lesterland", should get to know it:

http://lesterland.lessig.org/(there is a great video talk of Lessig on the page)

BTW: Lessig is great!

MrZongle2 11 hours ago 1 reply      
Nothing against Lessig, but he has about as much chance of becoming President as I do, and I'm not even forming an exploratory committee.

The American electorate has been conditioned to vote for Team Red or Team Blue, and within those increasingly-similar teams their preferred standard-bearers will be chosen by a consensus of large donors in a series of luncheons and closed-door meetings, primaries be damned. It's not so much a sinister New World Order conspiracy as it is a general desire by the elite to influence future governance to secure their wealth.

If this weren't the case, then Sanders' standing wouldn't be so noteworthy, and O'Malley wouldn't be concerned about his party's nebulous debate schedule. Likewise, we wouldn't be hearing as much about Jeb Bush.

I'm not saying that third-party disruption can't take place, but the time to be forming exploratory committees was months and months ago, if not years. The 2016 Presidential race is well underway, and Lessig hasn't even stepped up to the starting line.

wahsd 12 hours ago 1 reply      
Windows 10 phones home when you search your start menu, even with Bing disabled up1.ca
422 points by ultramancool  1 day ago   258 comments top 37
chatmasta 1 day ago 6 replies      
This also happens on iOS with spotlight. As far as I can tell there's no way to turn it off.

Source: MITM your iOS traffic.

Sidenote -- a possibly unforeseen side effect of end to end encryption everywhere is that it makes it far more difficult to man in the middle your traffic and hold companies accountable for their privacy policies.

unluckier 1 day ago 1 reply      
Is it really necessary to use a host that requires JavaScript to display an image?

Anyway, I've confirmed this. I've disabled web search and all of the other privacy options I've seen with Windows 10 during and after install. As soon as the first character is typed into the Windows 10 search box, the request goes out to www.bing.com. It doesn't say what you searched for (as the request happens before you complete the search), but it does send a lot of info to Microsoft about your platform, including a unique identifier.

blackbeard 1 day ago 3 replies      
I'm starting to think I need to worry about things getting out of my firewall more than things getting in.
justThis1Post 1 day ago 6 replies      
As time goes by, computer software begins to feel more and more hostile to the user. When I installed Windows 10, all the privacy settings made me feel like I was wrangling a beast rather than setting up something that would help me.

I don't know if there's any solution or if privacy is just a remnant of the past. Is Linux any better? And is there any way to own a smartphone which is built not to leak my information, either through the operating system or through 3rd party apps that request access to everything on the phone?

nathanaldensr 15 hours ago 2 replies      
The following fix worked for me. I don't see any outbound traffic on Fiddler when typing searches in the Start menu or when actually running the search. Granted, Microsoft needs to make this MUCH easier to do; the VAST majority of Windows users have no idea what group policies are.

1. Run gpedit.msc

2. Navigate to Computer Configuration\Administrative Templates\Windows Components\Search

3. Set the State to Enabled for "Do not allow web search", "Don't search the web or display web results in Search", and "Don't search the web or display web results in Search over metered connections"

4. Reboot

Enjoy. :)

MichaelGG 1 day ago 2 replies      
I opened a bug (well, feedback item) during the preview about this. Even with the various group policy settings set, there was no way to disable web search. Rather unacceptable. One would think this has regulatory and compliance issues as well, no?
ikeboy 1 day ago 3 replies      
Just changed two rules in Windows Firewall to blocked and it appears to no longer send anything. https://i.imgur.com/a5yu5vb.png

Wondering if I should go through all the Windows stuff there and turn them off. Edit: just did (except for Edge and obvious internet related stuff).

Is there a way to change Firewall rules with a registry tweak? That would be the ideal way to distribute this.

Paul_S 1 day ago 4 replies      
Reminds me of when canononical did something similar with ubuntu and extended searching your applications to searching merchandise on amazon and other stores. It's really funny when you open the start menu equivalent at work to launch the terminal* and as you type "t" you get to see items you can buy - one of them being "The Simpsons". Genius.

* before you complain I use the start menu to launch the terminal: I never remember ubuntu shortcuts, it's meta+t on my system

abcxyz123 1 day ago 0 replies      
Foreshadowing? From April 2014:"To be able to truly benefit from this platform you need to have a data culture inside of your organization. For me, this perhaps is the most paramount thing inside of Microsoft," said Nadella.

"It's not going to happen without having that data culture where every engineer, every day, is looking at the usage data, learning from that usage data, questioning what new things to test out with our products and being on that improvement cycle which is the lifeblood of Microsoft."http://www.reuters.com/article/2014/04/15/us-microsoft-ceo-d...

RexRollman 1 day ago 0 replies      
Apple, Microsoft, and Google are on the road to destroying computing autonomy. I have been an OS geek since 1992 and I have never felt so disgusted with the commercial OS market.
bitmapbrother 1 day ago 4 replies      
Here's a list of servers Windows 10 contacts on startup. There are probably more, but these are the ones that showed up.













































ultramancool 1 day ago 3 replies      
This occurs even on Enterprise with Cortana and Bing disabled via the UI and via GPOs.
CSDude 1 day ago 2 replies      
Ubuntu does the same by default if you do not disable it via Privacy.

Not suprised that MS does this, however the sad part is for a simple search, there are literally thosaunds of bytes exchanged

blinkingled 1 day ago 4 replies      
It's the new norm apparently - everyone is doing this.

Apple gives OS X away but nobody has yet got the memo that you are becoming the product. (Yosemite does exactly that by default - you can disable it though.)

stevecalifornia 1 day ago 5 replies      
I wish this was happening on my machine so I could investigate, but it's not. Searches in Start ask if I want to search the web then open a browser.

I have the default search settings.

whalabi 1 day ago 0 replies      
Clearly, the norm is phoning home now.

Google perhaps sets the benchmark, every single action you take in Google apps, whether native or web, is tracked extensively.

As far as I know Chrome OS isn't an exception.

Perhaps we need firewalls to protect us from our own software.

_up 20 hours ago 0 replies      
I have the feeling. MS implements more Intrusive Adware and Ads in Windows 10 next year. And you basicly will have to decide if you want Ads or pay Monthly for an Advertising free experience (Enterprise Version).
jakub_g 20 hours ago 1 reply      
It seems there would be a big market for an app with a nice GUI making it possible to change all the privacy settings of Windows 10 (as we go and discover stuff like this) in one single screen.
Aoyagi 21 hours ago 0 replies      
I don't see how is that strange considering in WP8 they send all primary contacts and calendar entries to THE CLOUD with no option to opt out and of course without telling the user, and considering what they've shown in Win10. Microsoft clearly hates privacy.
pedalpete 1 day ago 1 reply      
The start menu is a combination web-search and local search. How could it not 'phone home' on a web search? Note the address it is 'phoning home' to is Bing.

As far as what the contents of the package being sent is, I'll assume it is more information than necessary, and probably over-reaching until they get a slap on the wrist, but to call this phoning home is probably a stretch in itself.

-- Edit --Apparently the search still phones home even if search is disabled, which makes my point mostly... pointless.

I still suspect that this was an example of Microsoft (intentionally) over-reaching and that they'll backpedal on this now that it has been brought to light.

Shame is, it feels like they are breaking any goodwill that the community may have still had left for them.

belgianguy 13 hours ago 0 replies      
I wonder if it'd be possible to either blackhole all this nonsense, or to "quasar" their data servers with preset queries like "I like my privacy", "mind your own business" instead of your original query.
ionised 20 hours ago 1 reply      
Yeah I noticed this and was very annoyed.

I use Comodo firewall and have basically set up a load of rules to prevent phoning home of any kind except to check updates.

reilly3000 1 day ago 0 replies      
I'm presuming this is some kind of analytics function. Just as most sites send DOM events to GA based on every user's activity on your site, I'm guessing Microsoft wants to gather aggregated search patterns to better its usability. It's not cool that they didn't provide an explicit opt-out for this.
bitmapbrother 1 day ago 1 reply      
I installed Windows 10 yesterday and used it for a couple of hours before coming to the conclusion that I made an error in downgrading from Windows 7. Windows 10 feels more like their phone OS disguised as a desktop OS. Perhaps the most jarring part was how ugly legacy (Windows 7) apps looked in Windows 10. They didn't even bother trying to make these apps look nice. Also, their services are plastered all over the place and there's little you can do to turn these off. And then there's the numerous privacy invasive "features" proactively turned on for you when you install it.

Luckily, you have 30 days to change your mind and return to Windows 7. I did it within hours. I never liked Windows 8 and I think I dislike Windows 10 ever more. No wonder they're giving it away because had they tried to sell it then it would have probably met the same fate as Windows 8.

sandworm101 1 day ago 1 reply      
Another bad day for Microsoft. Another good day for linux.
mirimir 20 hours ago 0 replies      
I'm not much into Windows anymore, but this might be useful: https://www.wilderssecurity.com/threads/windows-10-privacy.3...
narrator 1 day ago 1 reply      
I wonder what foreign governments such as China and Russia are going to do about this. How are they going to secure their networks from surveillance?
tremon 18 hours ago 1 reply      
requires javascript; didn't read
mark_l_watson 1 day ago 3 replies      
jevgeni 20 hours ago 1 reply      
I wonder how many people here complaining about privacy have frequent flyer cards or valued customer cards?
vinbreau 13 hours ago 0 replies      
Glad I use a launcher and rarely ever touch the start search.
mahouse 1 day ago 5 replies      
Do "normal" applications look blurry on high DPI screens?
jug 1 day ago 0 replies      
Can you turn off search suggestions?

I assume it's like all those sort of services, like the Google Chrome address bar, etc.

orionblastar 1 day ago 2 replies      
Microsoft has almost always done this with Windows. Each new version had something new to phone home about. Previous Windows versions told Microsoft what apps you had installed, send in crash data, and other things.

Microsoft is doing the customer is the product thing that others have done for like the past decade. It is how they can give away Windows 10 upgrades for free, even to pirated copies, and still earn money off of it.

If you don't want to be tracked or spied upon:https://prism-break.org/

You shouldn't be using Windows but one of the free or open source alternatives instead.

HIPPA compliant offices cannot use Windows 10 because of the tracking it does and patient privacy laws.

Even worse is the Wifi sharing with social networks, if even one of your corporate employees has it turned on, their friends can get access to your Corporate Wifi and it is a security breach. You'll have crackers trying to friend employees on social networks of your company just to get the Windows 10 Wifi sharing password to get into your corporate network.

Even with all of the privacy settings turned off, there is most likely more stuff that phones home.

You know that given enough time video gamers will be forced into DirectX12 and have to use Windows 10. That business apps will be written for Windows 10 and force companies to upgrade. Sooner or later most people will have to upgrade to Windows 10 in order to run the software they need.

Woe be to the person who chooses express settings during startup. They will wonder why their Internet is so slow and woe be to them if they have a tablet with a data plan and wonder why they go over it.

zekevermillion 1 day ago 1 reply      
ultramancool 1 day ago 0 replies      
The difference is that in Windows 10 it can't be disabled fully.
VOYD 1 day ago 5 replies      
CS for All hmc.edu
429 points by joeclef  1 day ago   56 comments top 14
allencoin 1 day ago 2 replies      
>At Mudd, this course is taken by almost every first-year studentirrespective of the students ultimate majoras part of our core curriculum. Thus, it serves as a first computing course for future CS majors and a first and last computing course for many other students.

This is a great thing to offer students and I wish my University had made this a part of the curriculum. Somehow I managed to have practically zero exposure to computer science or programming until after graduation--only to discover that I find it immensely challenging, interesting, and rewarding. I probably would have switched majors if I'd taken this class Freshman year.

nnnnnn 1 day ago 0 replies      
As a former student of CS5 (the class), I must say it was spectacularly well-run, fun, and educational. Zach Dodds, one of the authors of this book, was a particularly brilliant and inspiring professor.

While I'm an advocate for practical eduction, I'm equally an advocate for understanding the principles of your field. This book will much less vocational than your typical code-school/academy/etc and instead focus on building a foundation with which you can build upon.

I highly recommend this as a great primer to computer science.

bwy 1 day ago 0 replies      
Beautifully written text. I also really like the idea of an intro course but am, probably like many others, struggling with how to present the topics in an interesting (and practical) way without missing the theoretical beauty of computer science.

This course reminds me a lot of the Berkeley course posted a month ago, if anyone wants to see the discussion there: https://news.ycombinator.com/item?id=9838196. From what I can tell, the coverage is almost the same, except that the Berkeley course pretty much trades computer architecture for declarative programming and some other briefly-covered topics like machine learning, map reduce, concurrency, etc.

ufo 1 day ago 0 replies      
The prime sieve algorithm in chapter 3 is not the real sieve of Eratosthenes. Which is kind of funny because the person who pointed this out to the FP community is also a professor at Harvey Mudd.


sontakey 1 day ago 0 replies      
Mudd Alumni here. I had the pleasure of being a student of Professor Ran Libeskind-Hadas and Zach Dodds (who are two of the authors of this book). Amazing group of professors!
JustSomeNobody 1 day ago 8 replies      
Before we move to CS for all, can we at least solve the problem of Computer Literacy for all!?

There's a huge population of people who simply cannot effectively use a computer. Can we fix that first? Otherwise we're leaving them behind and that's not right.

rebekah-aimee 1 day ago 1 reply      
What if colleges started offering this as an alternative to the basic MS Word class most schools make everyone take? Then people who didn't know how to use a computer would be too intimidated by it, but students who already knew the basics could move on to this more interesting course.

You should still be able to test out, though. That way, if you're totally uninterested, you can test out of the MS Word class and move on.

I think there are enough students sufficiently interested in computers that they'd check out the harder course if its name didn't sound too obscure.

yasoob 1 day ago 1 reply      
Is there any way to download it in pdf format?
techman9 1 day ago 0 replies      
I'm a current UC San Diego student. It's awesome to see our faculty featured here, particularly Christine Alvarado. She has a fantastic reputation within our CS department and I'm really glad to see she's doing great things and getting recognition outside UCSD as well!
ggchappell 1 day ago 0 replies      
This looks like it would make for a very nice course -- a good middle ground between the hardcore practical course ("let's learn C") and the hardcore theoretical course ("let's do denotational semantics with Scheme" -- or whatever).
lynn729 1 day ago 0 replies      
This course is a great idea. Since so much of what we do each day is impacted by computers a basic understanding is important for everyone
MarkPNeyer 1 day ago 0 replies      
Ran Libeskind-Hadas is an amazing teacher. He really got us exicted about stuff in theoretical computer science. I was actually dissapointed in my advanced algorithms class in grad school because Prof Ran already taught us everything except for skip lists during his enrichment sessions in the summer of 2006.
marincounty 1 day ago 2 replies      
Great--I think every student should take a CS class!

That said, this course suffers from so many CS courses.

1. It's too wordy!

2. As usual, I don't like the layout.

3. Funnel your subjects. (I'll give that a B.)

4. Funnel your paragraphs, or eliminate most of them?

5. Most people(students) find this material extremely dry. Introductory books should be "tight"! They should go through numerous edits? Take out every non-essential word?

6. I haven't yet read an introductory CS text that gets it right?

7. As to exercises? Try to use excercises that the student might have some immediate interest in, or can use in their daily life?For example, instead of some cute game example, show the student how a simple reminder application is programmed? How Google works?(just the basics). Or, how their spellcheck program works?

8. If I was going to write a introductory computer course,after explaining the hardware(that's usually sitting in front of them), I would explain an how operating systems stores their information--"The use, and location of Folders."

I would want my students competent in the Command Line before we did any Programming. I would want them to know they can have two folders named the same, but located in different sections of the hard-drive. I would want them competent in finding them, and manipulating them.

the_cat_kittles 1 day ago 0 replies      
Oracles license agreement as it pertains to reverse engineering archive.org
344 points by shin_lao  15 hours ago   112 comments top 28
sctb 13 hours ago 0 replies      
The original post discussed here: https://news.ycombinator.com/item?id=10039202
zamalek 14 hours ago 1 reply      
Disclaimer: cross-posted from the original post, but the irony is absolutely beautiful and is a stern lesson to everyone who might think the same way as Oracle.

[1]> Oracle has told people to stop using @Veracode to test their AppSec. They already got AppSec covered [picture of JS injection attack in the blog post]

[1]: https://twitter.com/thegrugq/status/631056841670135808

werber 14 hours ago 3 replies      
I'm pretty surprised Oracle deleted the post, it feels like a great representation of the company and their values.
fortytw2 14 hours ago 4 replies      
Not that I agree with the sentiments in the article, but am I the only one who thought this article was reasonably well thought out?

It may have been a bit abrasive, but the points were well made, at least from the perspective of a closed source, enterprise software vendor

SCHiM 13 hours ago 2 replies      
I work at a security company and sometimes reverse engineer systems and/or code to see if it is vulnerable to a plethora of attacks.

Presumably the only reason a closed source vendor would be against someone reversing their source is because they're afraid someone will steal their ideas and/or redistribute their code for free.

That not being my goal I really couldn't care less. I'll just go ahead and reverse whatever I want whenever I want. I value my security, and that of clients, over some legal piece of toilet-paper. Everyone who doesn't agree, should reconsider. Do you truly believe that people should not be allowed to look at code that is running on their systems for their security's sake? I will not redistribute what I learnt, but I will analyse it to see if it is safe.

If you didn't want me looking, you should not have put it out in the open.

pgaddict 13 hours ago 5 replies      
I'm really confused why everyone's so upset by the blog post, for a number of reasons.

Firstly, it's perfectly aligned with the world of proprietary software. Oracle is probably more protective than the other vendors, because the restricted access to the source code is at the heart of their business model. But none of the vendors I'm aware of is very keen on reverse engineering.

Secondly, the reverse engineering is prohibited for ages - it's not that it was added to the license agreement yesterday. And there are other restrictions (e.g. on publishing benchmark results), so rather that "Oracle is bad" I'd say "people who sign accept license agreements without reading them are morons."

And thirdly, the article is spot-on about usefulness of the reports generated from a reverse-engineered binary. I've seen shitloads of such reports, usually generated by some clueless consultant with the sole competence to run an automated tool and print the result. So it's probably (at least partially) a protection against a flooding the support with bullshit reports.

And it's also true that many of the companies don't have proper security rules (like encryption, identity or password management, network security) yet pay some consultant for reverse engineering one of the components. Because it's easier to spend a large amount of money than evaluating and rebuilding their infrastructure.

So while I dislike Oracle, you can't blame them for everything - the customers are the ones choosing the vendor. If you happily accept their license agreement, you can't later complain "but we want to do reverse-engineering" no matter how many MBA titles you have. If you want such freedoms, ditch Oracle and proprietary vendors in general. That's what open-source is for.

uptown 15 hours ago 3 replies      
This is a deleted blog post by ORACLE's Chief Security Officer.

edit: corrected my error

jezclaremurugan 14 hours ago 1 reply      
Perhaps an apology/clarification would have been better than sheepishly deleting the entry. They seem to be only digging the hole deeper.
wereHamster 14 hours ago 4 replies      
> Oh, and we require customers/consultants to destroy the results of such reverse engineering and confirm they have done so.

Are they being serious? "Uhm, yeah, sure, Mr. CSO, I deleted the file. Here, I'll show you a screenshot of a terminal where I ran the 'rm' command to delete the results. As you can clearly see, the 'ls' command does not see the files anymore."

someguy342432 14 hours ago 1 reply      
We sold you the car but don't you dare look under the hood, 97% of problems that these cars come with may one day be solved by us. Someone else may be trying to build the same car you already purchased from us! Why didn't we obfuscate access to the engine? Well that would have required some of the same effort it would have taken to write more secure software err make better cars in the first place! What do you take us for, competent!
mangeletti 13 hours ago 1 reply      
What in the world is going on?

Why did this article just disappear off of the front page after receiving 318 up-votes in 2 hours?

How does post to drop from position #1 to somewhere below #150 in less than 1 minute, unless it was deleted by HN moderators, and if that's the case, why did it happen?

dolfje 13 hours ago 0 replies      
Disclaimer: cross-posted from the original HN Post, but still relevant.

Apart from the legal stuff and a lot off egocentric 'we can do it better', she has one point. There are many companies giving a lot of money for security, manually scrubbing all exploits that come out, create their own patches. While some lack the basic security guidelines. I think this money can be better spend upstream, to create tools so they can test patches for exploits better and create a faster security update release pipeline, so that all downstream and customers can rely on the security releases and that it can be released quicker to everyone. (Controversial: Maybe even adding automatic security updates to the package itself, like wordpress did, so that customer cannot be on a release with exploits)

Though saying to your client that they cannot reverse engineer to look for security problems, is totally not done! What is next? "Exploits will not be fixed, because the users has signed an agreement that they will not hack?"

kazinator 13 hours ago 1 reply      
Selling machine language code and asking people not to understand it is like selling books and asking people not to read them.

"This cookbook is to be read by your personal chef only; if you read it and understand it yourself, you're breaking the book's license agreement."

If you pay for some string of bits, you have a right to look at them. Period.

parasubvert 14 hours ago 0 replies      
The bit about loathing Keynes at the end makes for comedy gold.
PaulHoule 14 hours ago 0 replies      
It sounds like Oracle doesn't want to have any customers.
bkeroack 13 hours ago 0 replies      
Oracle appears to be Microsoft circa ~1999/2000. Some of us remember when all the big software companies had this type of attitude.
facetube 13 hours ago 1 reply      
Honest question: So I'm hired as a consultant. Someone gives me a database login to an Oracle machine. I haven't been presented with a license agreement for the Oracle database system, nor have I signed anything indicating I agreed to give reverse engineering rights away. How am I bound by the Oracle end user license agreement?
scyllax 13 hours ago 0 replies      
It's funny and scary how it's the opposite of what Free Software stands for.
marcosdumay 13 hours ago 0 replies      
Life would be a lot better if it wasn't for those annoying clients. Oracle should just refuse to deliver software to anybody, that'd fix it all.

Anyway, I've never read a better article supporting the use of free software.

zzleeper 13 hours ago 0 replies      
> I was busting my buttons today when I found out that a well-known security researcher in a particular area of technology reported a bunch of alleged security issues to us except we had already found all of them and we were already working on or had fixes. Woo hoo!

That's like what 5yrs old kids say when they mom ask them something.. "Mooom I was already thinking about it! Hush!"

ceejayoz 13 hours ago 2 replies      
Plus, Oracle's approach is like renting from a landlord who won't let you check that the locks work.
jongraehl 13 hours ago 0 replies      
We've just been Oraclesplained.
jacknews 13 hours ago 0 replies      
gambiting 14 hours ago 3 replies      
" We will also not provide credit in any advisories we might issue. You cant really expect us to say thank you for breaking the license agreement."

This is so pretentious I am completely baffled. Are people at Oracle so full of themselves?

0xdeadbeefbabe 5 hours ago 0 replies      
Do they light sparklers and throw rice when you enter into an Oracle license agreement?

For all Mary's entertaining points, I think likening the license agreement to marriage is a civil offense.

dimman 14 hours ago 0 replies      
Afternoon laughter, thanks :D
tux 14 hours ago 1 reply      
kagamine 14 hours ago 1 reply      
Thor A Project to Hammer Out a Royalty Free Video Codec cisco.com
345 points by TD-Linux  11 hours ago   120 comments top 21
jngreenlee 10 hours ago 3 replies      
"We also hired patent lawyers and consultants familiar with this technology area. We created a new codec development process which would allow us to work through the long list of patents in this space, and continually evolve our codec to work around or avoid those patents. Our efforts are far from complete, but we felt it was time to open this up to the world."

This burden is becoming far too great, when this is the cost necessary to achieve innovation.

halosghost 10 hours ago 4 replies      
Actually, I'm still rooting for Daala (from Xiph.org, the same folks that did so well with Opus). It's still a long ways away from being finished, but their work is awesome and I've been following it for a while now!

Either way, having another effort competing to make a great format is not a problem. Here's hoping it goes well!

Animats 9 hours ago 1 reply      
The MP4 patent situation needs another close look. MP4, which was first standardized in 1998, ought to come out of patent soon, if it hasn't already. There are a few remaining patents in the MPEG-LA package, but they're mostly for stuff you don't need on the Internet, such as interlaced video, font loading, error tolerance for broadcast, and VRML. This hasn't been looked at hard since 2011[1] and it's time for a new look. Some of the key patents related to motion compensation expired last April.[2]

It looks like the last patent on MP3 audio decoding expires next month.

[1] http://www.osnews.com/story/24954/US_Patent_Expiration_for_M...[2] http://scratchpad.wikia.com/wiki/MPEG_patent_lists#MPEG-1_Au...

ChuckMcM 10 hours ago 1 reply      
<sarcasm mode>No wonder Big Media hates tech, they are trying to take all their money away.</sarcasm mode>

I think this is a great effort, and if you'll recall Google went and attempted to do the same thing with VP8, but found that people could file patents faster than they could release code[1]. I would certainly support a 'restraint of trade' argument, and a novelty argument which implies (although I know its impossible to currently litigate this way) that if someone else (skilled in the art) could come up with the same answer (invention) given the requirements, then the idea isn't really novel, it is simply "how someone skilled in the art would do it." I've watched as the courts stayed away from that theory, probably because it could easily be abused.

[1] Conspiracy theory or not, the MPEG-LA guys kept popping up additional patent threats once the VP8 code was released.

fndrplayer13 10 hours ago 3 replies      
Why not throw the weight behind VP9? edit: I actually am curious, this isn't a question pointed at the validity of Thor. I just really want to see a great, open-source standard emerge and see people get behind it.
russtrotter 8 hours ago 2 replies      
Wasn't Ogg Theora created under just the same principles? I'm not smart enough in all things codec to know how it stacks up technically, but best I can tell, it's unencumbered.


JoshTriplett 9 hours ago 2 replies      
> Googles proprietary VP9 codec

That's an odd choice of phrase; it's unfortunate that a press release chooses to disparage alternatives without explanation.

JustSomeNobody 10 hours ago 2 replies      
I am sure that some entity holds a broad enough patent that all your bases will belong to a Texas court.
bobajeff 10 hours ago 2 replies      
So... this is a separate project from Daala which Cisco also works on. Is there a story here?
donpdonp 10 hours ago 2 replies      
Didn't we already go through this with VP8/VP9/WebM?
Ono-Sendai 7 hours ago 1 reply      
What I would like to see is a video codec that has a library implementation for reading and writing video in that format, that is cross-platform and relatively easy to build, like libjpeg or libpng does for images.I have tried to build VP9 on windows and it was a tedious and ultimately unfruitful process.

I don't really care about the compression ratios achieved, or speed of compression/decompression.

Something like motion JPEG would be good, if it was actually a proper standard (AFAICT it isn't).

datashovel 8 hours ago 0 replies      
There should be efforts outside of large corporations dedicated to building these standards. Because in general even when large corporations promise free / open-source licensing they really only mean non-commercial licensing or "open with caveats". So they pretty much own the commercial rights.

I want open-source to subsidize a small team of engineers to create a completely open standard where no single entity owns it and everyone is free to branch / fork it.

dharma1 10 hours ago 1 reply      
Seems to me the success will depend on the quality and whether chip manufacturers will embrace this for hardware encoding/decoding. Right now looks to me like h265 is the winning horse
yabun 6 hours ago 0 replies      
There really needs to be a change to patent law around independent derivation of a concept. At very least we need to look into generalised thicket busting laws. The current situation is fundamentally unscalable.
s9w 10 hours ago 1 reply      
This seems like fantastic news after the HEVC patent disaster.

Has anyone tested this or has more information on the performance/quality vs other codecs?

yjm 10 hours ago 1 reply      
i wonder how many orders of magnitude slower this one will be compared to x264. vp8/9 was like 9x slower last time i checked
electriclove 7 hours ago 0 replies      
jsprogrammer 9 hours ago 1 reply      
Is it common to characterize BSD licensed software as proprietary? As in, 'Googles proprietary VP9 codec'?
Navarr 10 hours ago 0 replies      
josu 10 hours ago 1 reply      
codebeaker 10 hours ago 3 replies      
Change Your Name paulgraham.com
346 points by franze  2 days ago   334 comments top 80
booruguru 2 days ago 11 replies      
If the .com name you want is already registered, you can always buy it later once you business is successful enough to justify the investment (much like betali.st and getdropbox.com).

There's no point in buying an expensive domain name for a company that may not survive past the startup stage.

Note: a large swath of web users don't even understand the concept of a domain name or address bar...instead they google terms like "Gmail" and "YouTube" thinking this is how they are supposed to visit web sites.

What's more, tech-savvy users wouldn't think twice about visiting domain name ending in ".io", ".ly" and so on. (Hence their proliferation.)


I can't help but wonder if this article is some kind of prank--it's far too ill-considered compared to Graham's usual standards.

ThomPete 2 days ago 9 replies      
Great names are made not found.

I think Paul for once have it the wrong way around.

If you become big enough and happen to have enough of a market you might need to .com name to optimize your numbers.

If you happen to find a good name you can afford that you still think represents you and is .com you should most probably change your name.

But for most people just like their logo it's it's not that important until you become big and you can become big without .com name. Whether you can stay big is another discussion.

Far too often we fool ourselves thinking the wrong things are important.

But just as you most probably can easily find another name because your current one isn't as great as you might think, you can probably also wait a little until it becomes an actual issue.

rjvir 2 days ago 6 replies      
> 100% of the top 20 YC companies by valuation have the .com of their name. 94% of the top 50 do. But only 66% of companies in the current batch have the .com of their name.

That's not a straight comparison. A better stat would be, what percentage of the top 20 YC companies had the .com while they were in the active YC batch?

BinaryIdiot 2 days ago 12 replies      
I couldn't disagree more with this article and am kinda surprised Paul wrote about this.

Domain names are transitioning into becoming useless. When you open any web browser or mobile phone and go to look for a company it does a search. The most relevant results come back at the top. This type of trend, as we abstract away from using TLDs, is only going to continue. Owning a .com isn't nearly as meaningful today as it was 5 years ago.

What I think will happen is ICANN will continue adding more, useless TLDs as quick cash grabs and the next 10 years you're going to see people stop referring to their domain name at all. I mean, why would you? You're Uber, you look for "Uber" in the app stores, you open your browser and type in "Uber". All of these take you exactly where you need to go.

> 100% of the top 20 YC companies by valuation have the .com of their name. 94% of the top 50 do. But only 66% of companies in the current batch have the .com of their name. Which suggests there are lessons ahead for most of the rest, one way or another.

Correlation is not necessarily causation; this statistic should be compared with general domain name availability with the time periods mentioned because an incredible amount are purchased every year making it impossible to even compare in this way.

sivers 2 days ago 3 replies      
Best advice I've ever seen on naming a business is from this old Seth Godin gem:


I read that in 2003, and have never forgotten the "Lemon Pie" example since.

xamuel 2 days ago 4 replies      
>Don't believe a domain is for sale unless the owner has already told you an asking price.

One of my favorite examples: http://nissan.com

ssharp 2 days ago 0 replies      
To anyone naming their company and moving on when the Whois comes back as registered -- if you're really like the name, you should follow up with whoever owns it!

I was recently trying to come up with names for a website / app I've been working on and wanted to finalize a name. The couple of ideas I had were already registered, including the name I really wanted. I ended up sending out emails to the contact on record for the domains I was interested in and ended up buying the exact name I wanted for around $100, which was far less than I was expecting them to settle for. The name had been registered for 13 years and nobody who owned it ever did anything with it.

nostrademons 2 days ago 4 replies      
"It turns out almost any word or word pair that is not an obviously bad name is a sufficiently good one, and the number of such domains is so large that you can find plenty that are cheap or even untaken."

So, after reading this advice, I decided I'd actually try it out - it's easy enough to download a word list and write a script that pings a WHOIS API to check every single word or word pair. Turns out most such APIs are rate-limited, so I couldn't get as far as I wanted, but in a random spot check of 30 or so words off the word list, every single one of them was taken (as was the word-pair that I'm actually using for my startup). Even things as out-there as absurder.com or tektites.com.

I think it's a good bet that somebody has already done this and registered every single English word and many word pair in the .com TLD.

The good news is that by shitting all over .com, there will be no more startups founded with .com domain names. Either companies will buy them as they get bigger, creating a big transfer of wealth from startups to domain squatters, or more likely they'll just give up and we'll get more .ly, .io, or other gTLD domains in the future.

flylib 2 days ago 3 replies      
this is telling

Just take a look at all these successful startups which either had a temporary domain name, or which still have a different domain name to their name:

Square was squareup.com,DropBox was getdropbox.com,Facebook was thefacebook.com,Instagram was instagr.am,Twitter was twttr.com,Foursquare was playfoursquare.com,Basecamp is basecamphq.com,Pocket is getpocket.com,Bitly was/is bit.ly,Delicious was del.icio.us,Freckle is letsfreckle.com


loup-vaillant 2 days ago 1 reply      
> The problem with not having the .com of your name is that it signals weakness.

Note to anyone who disagrees with Paul Graham on this one: he's not talking about the genuine importance of the domain name. He's talking about its perceived importance by important people namely the investor community. That's the way it is with most status signals: they're not very important by themselves, but how they influence the people who have power over you is important.

Simply put, if the investor community believes that lacking the relevant .com name is a sign of weakness, then lacking such a name signals that weakness. As such, they will be less likely to invest, making your company weaker. It doesn't matter if they're right in the first place. Their belief is sufficient.

It's a self fulfilling prophecy: if investors believe you're weak, that belief can make you weak.

johnhess 2 days ago 3 replies      
100% of the top 20 by valuation have their .com

What proportion had it at their founding or shortly after? Surely a well funded and successful company had the means and motivation to purchase their .com

matt1 2 days ago 2 replies      
If you're struggling to find a solid available .com for your startup, I'd encourage you to check out my free service, Lean Domain Search [1]. The site asks you for a keyword then pairs your keyword with 5,000 other words and instantly shows you which are available. For example, if you search for "food" [2], it will pair it with "free" and check "FreeFood.com", "hub" and check "FoodHub.com", and so on, and it also allows you to sort the results by length or popularity of that additional word. With a few searches you should be able to find a great domain, saving you a lot of time and potentially a lot of money.

[1] http://www.leandomainsearch.com

[2] http://www.leandomainsearch.com/search?q=food

jim_greco 2 days ago 0 replies      
I have some personal experience with this. Our company is Direct Match. We used to use the directmatchx.com website. Adding an X on the end isn't that odd in the trading world, but we would get comments on it all the time. directmatch.com ended up costing us $8k and well worth the purchase.

For me it came down to, how can I tell customers, recruits, or investors that I'm going to be this huge impactful startup if I didn't even own the .com of my name? I couldn't. And now I never get a question about if my company's name is "Direct Match X" or why there's an X at the end of the domain name.

jimminy 2 days ago 2 replies      
> "Whereas (as Stripe shows) having x.com signals strength even if it has no relation to what you do."

I would contest that it has no relation, I could be wrong since I have no knowledge. That said I always saw it as a relation to the cards themselves and the magnetic-strip on the back of the card.

Animats 2 days ago 2 replies      
The latest "new TLD" thing was a money-making scheme for domain registrars. Nobody goes to those domains. Even the previous round of TLDs (".museum", ".aero") are not used much; ".aero" has entries for all the major airport codes, but they're redirects.

Amusingly, even if you have your very own TLD, it doesn't help you. Most browsers send single-word lookups to a search engine before they send them to DNS. Try "ca" in a browser. There is a web site at "ca". But to get there, you'll have to use "ca.", to force a DNS lookup from the root. Nobody knows to do that unless they're into how DNS works. There are some low-level bugs embedded in very common C libraries which cause problems with single-word domains, and they probably won't be fixed.

As for the original poster's advice, the price of the domain you want in .com is probably more than YCombinator's initial funding. With all of today's domain hoarding, the ".com" domain usually comes later. Facebook started as "thefacebook.com".

arihant 2 days ago 3 replies      
> 100% of the top 20 YC companies by valuation have the .com of their name. 94% of the top 50 do. But only 66% of companies in the current batch have the .com of their name. Which suggests there are lessons ahead for most of the rest, one way or another.

I wonder how much of that is due to the fact that landscape has changed in past 8 years and top 20 YC companies are all at least a few years (5-ish?) old. I appreciate the rest of the sentiment of the post, but I don't think the numbers he chose to share clearly support the assertions. Correlation isn't causation.

sandGorgon 2 days ago 1 reply      
Is this signaling as simple as having a .com ?

Or are there other considerations such as SEO uniqueness, easy-to-pronounce (especially critical for enterprise software), length of url.

Is kuickkoder.com a better domain than quickcoder.io ?

persona 1 day ago 2 replies      
Someone from Google, er, Alphabet didn't read PG's essay: https://abc.xyz
Brushfire 2 days ago 1 reply      
I'm not sure.

I'd rather have a memorable name with a sub-par TLD, than I would have a confusing / hard to remember name with a .com.

Obviously, the ideal is memorable + .com, but most of those will cost 50-100k+, which is not feasible for seed-stage budget.

Sounds like a series A problem.

tptacek 2 days ago 1 reply      
If your numbers are going up and to the right, what does it mean to "signal weakness" with your name?
rsardeha 17 hours ago 0 replies      
I couldn't agree more. We see more and more startups end up with the wrong name for their business. That's why we created and launched the "Unused Domains" index a couple of weeks ago.

We index all(+50M so far) domains that are unused and give you access to them here: undeveloped.com/search

At least now you know which options you have and which alternatives are out there. The search and acquisition of the right name for your startup doesn't have to be that painful anymore.

PS: we help/advice/consult startups for free with finding and picking the right name in the right extension. So feel free to reach out to us if you're struggling with your name.

pknerd 2 days ago 0 replies      
Evan Williams of Blogger/Twitter fame disagree with it.


webmuzer 1 day ago 1 reply      
Before startup founders disregarding PG's advice about prefering .com domains if feasiable, consider 2015 RSA Conference cyber security speaker Paul Vixie recommendation for corporate sysadmins to filter out new TLD's to cut down on cyberthreats. Startups considering sexy new cheap TLD's may want to reconsider cost / benefit metrics of such path.

On Thursday, April 23 at 9:10am, there is a session called Domain Name Abuse: How Cheap New Domain Names Fuel the eCrime Economy. The panel will be led by Paul Vixie, CEO of a company called Farsight Security, Inc.


ikeboy 2 days ago 2 replies      
>100% of the top 20 YC companies by valuation have the .com of their name. 94% of the top 50 do. But only 66% of companies in the current batch have the .com of their name. Which suggests there are lessons ahead for most of the rest, one way or another.

How much of that is due to the pressure that he admittedly puts on them to change names? (And that higher valued ones are likely to be older and have had this pressure for longer?)

gwu78 2 days ago 0 replies      

Let's say you are a founder and VC tell you that you need to pay off someone to get a certain domain name that matches your startup name.

Let's say that someone knows how badly you need this name, and they charge you an absurd price.[1]

Finally, let's say your startup fails.


Who gets the domain name?

Considering the money that has been spent to get it, the domain name could be your startup's most valuable and liquid asset?

[1] "Absurd" because the cost of creating and maintaining a domain name (editing a zone file and running a DNS server) is quite low. In the early days of the www, domain names were registered for free. These days some people pay thousands of dollars for "domain names". Funnily enough, in some cases the names being "sold" for thousands of dollars are the same ones that were once given away for free. After one has paid a one-time, exorbitant "price" for a domain name, then they must pay the annual fee each year to keep the domain name registered. Usually this fee is under $100. Even the annual fee charged is far above the cost of creating and maintaining a domain name.

Maybe I should start a new TLD, e.g., ".startup".

I could distribute a copy of root.zone with .startup added.

I could give away a free, preconfigured localhost DNS cache, freeing users from ISP provided DNS, open resolvers like Google and Cisco (OpenDNS), and most importantly freeing them from the ICANN racket.

Then I could give away domain names for free, upon a proper showing of need. No hoarding.

Nah, it would never work. No one wants "alternative" TLD's.

(I wonder how much pure profit .io has made in recent years.)

Olivier26 2 days ago 1 reply      
I have a related question. When you have one product, which name is different from the company's name, is it better to use comapany.com or product.com?
alialkhatib 2 days ago 0 replies      
My sense of Graham's thesis - and I'm reading this really loosely here - is that he's saying a name's not worth sticking with if obvious metrics suggest it's a bad choice. The most obvious metric of whether you have a good name or not is whether it's already been taken, especially by someone else with their own idea and access to 6 or 10 or 20 dollars per year or whatever the annual registration fee is. The space for available names (the "name space", if you will ;) is still large enough that being very stubborn about your startup's names is probably hazardous, and certainly not a sign of health.

Ignoring the minutiae of the rest of the post (and you can argue I'm really doing this quite intently), I think I agree with the principle. The name's not that important. If you're processing financial transactions you could be named PayPal, sure, but you could also be named Stripe or Square or BrainTree[0] or any of dozens of weird names that make no sense at face value (if these names are in fact deeply meaningful, I'd be curious to hear the stories... privately, or on Twitter, not necessarily here/now).

There are reasonable things to get stuck on - if you're committed to being a B2C product or service, and others are telling you your startup is more of a B2B idea, then you should wrestle with that. But you shouldn't be wrestling over the name for such a great deal of time. If Paul Graham tells you to change your name when you're pitching to him so you can get a .com, you probably shouldn't (he argues) protest all that much.

I don't think I hold his view as strongly as he does, but I'm neither a successful VC nor widely respected in Silicon Valley, so his argument about perception is admittedly a little self-fulfilling and it seems impossible to reject.

[0] the irony is not lost on me, now that I check, that BrainTree doesn't own braintree.com - although first glance suggests Square only has squareup.com, square.com redirects to it; I'd be interested to hear Graham's thoughts on that, and I think it would signal strongly whether I understood his argument correctly.

humanfromearth 2 days ago 0 replies      
We'll buy it when we raise series A. We'll use our hipster version until then. Thanks.
rebekah-aimee 1 day ago 0 replies      
If you're better at coming up with different names, as PG apparently is (he mentions in the article), then yeah, this would be a net win to just change your name.

For most of us who are pretty awful at naming, it may not be a great idea to focus on the name when there are other TLDs out there like .io, .co, or most recently, .tech. And there's also the highly acceptable alternative of using a derivative of your name, such as (name)app.com, get(name).com, and that sort of thing.

It's also notable that a startup registering its domain name is probably early stages and their name may change anyway, because their idea may change. You don't want to spend hundreds or more on lavalamps.com and then later decide you're actually going to sell those puzzle/IQ lights. Doing that might even make you hesitate to change your idea.* But if you spend $12 on lavalamps.net, the cost of heading for greener pastures is epsilon.

If you've got another name stashed on a scrap of paper in a drawer, dig it up and check whether its .com is available. But if figuring out a new name is going to take you a week, just take what you can get for now.

Probably you don't want to use (name).ru, though. ;)


*Although if you were that foolish and then that inflexible, you probably weren't going to get anywhere anyway.

martin-adams 2 days ago 0 replies      
So it feels like this is a prejudice against startups who aren't using the .com TLD and I suspect would come more from investors and partners than users.

Maybe the point is that for startups that do get traction and funding, finding a .com is an inevitable task, one that could save a lot of money/energy by addressing it in the early stages. That inevitable task may be borne out of the CEO being tired of answering why they didn't go for a .com.

There has actually been no justification as to why a .com is required. Simply saying non .com is "marginal" and "it signals weakness" is not a root reason. All it shows is that some people have a differing opinion on the value of a .com and not agreeing with 'them' means you're weak.

I personally do feel more comfortable having a good sounding .com, but if I'm going to do it, it has to be for the right reasons. That I don't think has been clearly expressed in this essay.

My reasons are that it's a global identity, globally indexable by search engines, the most common global LTD and therefore the most memorable by end users, and more stable from a root server point of view. Would I think a startup with another name is weak? No. I would assume that they understand the implications of a non-.com TLD.

throwthrowty 2 days ago 0 replies      
I agree with some other commentators here - I am surprised at this article and it doesn't appear to be up to PG's usual standards. There are trends I believe PG is missing.

Today, we consider the .COM to be the true, authentic, creme dela creme. However, available .COM domains are becoming harder and harder to find, while there has been an explosion in new TLDs such as .ly, .io, .pro, .guru, .camp, .rentals, .pub, .management etc.

More and more, we will be seeing startups and large companies with alternative domain names which they will promote online, in magazines, on TV, etc. It will be common to see alternative TLDs. I wouldn't be surprised if the next Super Bowl had a couple ads which included an alternative TLD. Marketing is about rising above the noise and right now a .PRO is much more noticeable than a .COM.

Many commenters and PG acknowledge that while .COM names are less valuable today than they were just a few years ago, they are still perceived to be very valuable. However, that is less and less true for the younger generation (which is the trend I believe PG is missing). As they grow up seeing ly, .io, .pro, .guru, etc., a .COM will have no more inherent authenticity than any other TLD. Would they really be more attracted to a magazine/tv/online ad with sportsshoe.com than to sportsshoe.pro? More willing to eat lunch at goodfood.com over goodfood.pub? More likely to attend bestsummercamp.com over bestsummer.camp? More likely to download a fun app from puzzle.com over puzzle.app?

As a potential investor, does spending time and money securing a .COM really signal someone's dedication and company strength? Should a startup founder really spend a lot of money to secure a .COM so the company appears stronger? Seems like a false metric.

Shed 2 days ago 0 replies      
Man, this advice may be tough to hear, (especially for someone like myself who currently only owns sellervision.net for the app I've been working on for ten months) but if the 'Godfather Of Startups' PG believes it's vital to have a dot com, then I'd change the name of my app in a heartbeat. Now I'm just waiting for YC to take me on to their Fellowship or main intake so I can have some budget to buy a cracking new name...ha ha!
endymi0n 2 days ago 0 replies      
It's a hard choice to make, but especially when building a B2C brand & product and a large enough SEO channel (where a domain change might hurt your rankings), I'd definitely stick with PG here.

Lots of good examples and counterexamples in the comments, but if you want something memorable AND searchable, sometimes it's best to just churn out the money early on if you know very well what you're doing.

For justwatch.com we paid a small fortune - almost a tenth of the seed investment - to a shady squatter that just wouldn't give in, but in retrospect I'd still say it was definitely worth it.

Even in 2015, it still makes you come across a tad more serious, determined and professional to outsiders and the brand searches and direct openings of the domain are significant.

When you've built a brand already, squatters will be happy to charge you for the work you did (which might or might not be a better deal overall than burning the valuable money in the beginning). YMMV.

If you're shooting for a B2B SAAS business that's more sales or SEM driven, I guess you're off just fine with an .io or temp domain, but your main focus should be a clean search neigbourhood then where you have the chance to make the Google front page eventually.

dshankar 2 days ago 1 reply      
PG is recommending you get the X.com, but that doesn't mean you need to pay $50,000 for X.com on Day 1 of your startup. I see people making this mistake all the time, buying expensive domains before validating their startup in the first place.

Think about what Dropbox, Stripe, and AirBnB did!

 getdropbox.com -> dropbox.com devpayments.com -> stripe.com airbedandbreakfast.com -> airbnb.com

noobie 2 days ago 0 replies      
Exactly! This why I commended Casey Neistat for waiting to announce his startup name to the public until he secured the domain name.
phantom_oracle 2 days ago 0 replies      
I read through all the comments, hoping for someone to match the irony of this Paul Graham article.

ycombinator is not exactly memorable like a "stripe" or "parse", yet they are presumably one of the most successful accelerators in the world.

Naming is secondary, marketing that name is primary. Of course, you can't have a shitty name like ookabugiedandwig, but ask yourself why English-speaking people know words like: Samsung, Nissan, Ubuntu, Volkswagen and you can even apply that in reverse and find out why people who may not even use English to write, know words like: Apple, Mercedes Benz, Windows.

Also, I don't mean this in a bad light, but I am glad to see people disagreeing with Paul Graham. This shows that HN is healthy and even a YC members opinion can be wrangled down to reality.

lsc 2 days ago 0 replies      
I think that changing your name is almost always the wrong thing to do. It's a sort of 'reputation bankruptcy' that only makes sense when your "credit" has been damaged beyond repair.

I imagine it would be different if you are primarily concerned about your reputation with your investors rather than your reputation with your users; but I think that big companies regularly undervalue the customer familiarity with their brand.

Sure, when choosing a name, choose a name that has an available .com. Why not? Before you've invested anything in a name, it is all but valueless, so the cost to getting a .com is very low.

The value in a name is in how many people recognize and remember it; if nobody knows your name, it's worthless. If people do remember it, it doesn't matter how awkward or weird the name is; the value is in that recognition. Once you have that, don't fuck with it.

caf 2 days ago 0 replies      
So having the .com of your name is the equivalent to, in earlier times, banks, churches and police basing themselves in large, impressive stone buildings.

Of course, signalling architecture has become less important over time, and probably the same will become true of the domain name equivalent.

tedunangst 2 days ago 1 reply      
Actually, paypal owns x.com, not Stripe. :)
declan 2 days ago 1 reply      
The advice seems like a bit of an anachronism in the mobile world.

Nice, short .com domain names were probably more important for desktop web browsing -- and I suspect are less relevant to startups that are focused on the iOS App Store, Google Play Store, third-party app stores, Twitter, Facebook, etc. for discovery.

Mz 2 days ago 0 replies      
This makes me so tempted to write up the name history of BigCo where I used to work. I have searched before and cannot find a good write up on line. But it would basically require me to out myself because much of what I know is from having worked there for over five years. I can't find online sources with some of this information. But, previously, I have just stated I worked at BigCo and not named the company.

I was actually considering doing such a write up a day or two ago. So it really hits a nerve to see this here today.

Short version of the story: Even really big, wildly successful companies do name changes and most folks founding a company are waaaay over-attached to whatever they first decided to name their baby.

machbio 2 days ago 2 replies      
I have a doubt about names - sorry to stray away from the topic but it would help me giving away the domain i have for the future.

I have a domain name which is registered as trademark by one of the organizations, can the organization claim the domain name since they own the trademark ?

jxm262 2 days ago 1 reply      
After reading this, I'm a bit perplexed and sad at the same time. My current strategy was to not use a .com since it was up for sale more than I'm willing to pay. Instead, I decided to go with something similar but different and hopefully change it once the idea/company got traction.

Whether or not I agree with this, PG is a source of authority, which makes me think about my current strategy. Sort of sucks, do I listen to my gut and what many others here are saying, or fork over the money into a domain that could be used for other areas in the business?

I'm going with option#1 btw, just sucks to hear this from someone I respect, because it makes me believe it's true.

gpvos 1 day ago 0 replies      
Pretty ironic that hours after posting this, Google announced it split up under a new umbrella company called Alphabet, and it doesn't own alphabet.com .

Although I guess Google is above the rules that startups have to play by. Quod licet Iovi non licet bovi.

elwell 2 days ago 1 reply      
My startup's name is Purple. This is what we have to deal with : https://en.wikipedia.org/wiki/Purple.com
snake117 2 days ago 0 replies      
Nowadays, it seems that if your startup is primarily a web application, then choosing the right domain is a little more important than if you make an app like Snapchat. Is there really a big difference if you type in "snapchat.com" vs "snapchatapp.com"?

However, if you can avoid more obscure and complicated URLs, then by all means do it. I think its best practice to have something straight forward so the user doesn't have to search first to come on your site. You never know what kind of distraction can present itself in those few seconds leading a user away from your site.

matobago 1 day ago 0 replies      
Much of the comments mention that you should buy the .com until your startup is well funded (stronger). And that exactly the whole point of this post is make it stronger since the beginning.
dave1619 2 days ago 3 replies      
I knew I needed to change our company's name but this article really sealed the deal. The problem is I don't have the skill of naming. If you do, I'd love your help (email me at lalalee at hotmail.com).
rsp1984 2 days ago 0 replies      
There is another problem with Paul's suggestion, which is that it only really works for very young startups that don't have many customers or other business relationships yet.

Once you sell product and have established partnerships changing your name just doesn't make sense any longer and becomes a measure of last resort, e.g. if your brand is so damaged that continuing business under the old name becomes very complicated. But then again, if you're in that kind of a situation you probably have a lot more things to care about which are at least as important.

taytus 2 days ago 1 reply      
We started working in our startup one week ago. I'm signaling weakness because I don't want to spend 5 grands in a .com domain? This post is so confusing.
baristaGeek 2 days ago 0 replies      
If you search for a .com domain and it's already taken, you're not being creative enough. You're looking where someone has already looked in the world of ideas, you're not expanding the world of ideas.

Whereas if you force yourself to buy an untaken .com domain, you are pushing yourself to think creatively. You might even get so lucky to come up with a fantastic name such as Airbnb or Zenefits.

tzury 2 days ago 1 reply      

 a) Thanks for writing new posts. I have been missing your writings for quite long. b) IIRC, Dropbox started as getdropbox.com, just later on, when money "was not an issue", they purchased the more expensive one - dropbox.com. same applies to uber.com, square (which started as squareapp.com) and many others.

linky123 2 days ago 0 replies      
If you don't have .com, it looks lame, with few exceptions. Also domains that are impossible to spell correctly if you just hear the name.
Freebo 2 days ago 0 replies      
This can help if you're looking:


New names coming soon

abalashov 1 day ago 0 replies      
The best way to think of names, in an environment where nearly every intelligible verbal particle is trademarked, copyrighted, or domain-squatted, is unquestionably Erlich-style:


paulpauper 2 days ago 0 replies      
Yea, this article would have been applicable in 1998, but not so much today. Even domain names are becoming antiquated, with everything moving to apps and cloud. The most popular blogs I read are still hosted on blogspot and wordpress...Having a good domain won't save your business if the execution and other aspects are flawed.
beau 2 days ago 0 replies      
.com is dominant. Even domai.nr changed their name to domainr.com. Over 90% of users at https://instantdomainsearch.com/ buy .com names.
adamzerner 2 days ago 2 replies      
> How do you find them? One answer is the default way to solve problems you're bad at: find someone else who can think of names.

Imagine a website where startups could describe what they do and users could propose and vote on ideas for names. It's been on my list of potentially decent project ideas.

dis123233 2 days ago 1 reply      
I'm skeptical to see that PG wrote this article. There is no doubt that owning a snazzy .com domain is good but saying this

 If you have a US startup called X and you don't have x.com, you should probably change your name.
doesn't make sense. Sorry.

staunch 2 days ago 0 replies      
Buying a credible domain like stripe.com usually requires funding. Should bootstrappers be stripepay.com?
telecuda 2 days ago 0 replies      
If Whois returns a private registration and the site doesn't provide contact information, try the Wayback Machine http://archive.org/web/
drchiu 2 days ago 0 replies      
I wonder, however, if one wanted to convey a sense of underdog or grass roots if it's better to choose a non dot-com domain?

For example, sometimes the .com domain just seems too corporate sounding -- but your audience is not. Isn't it more strategic to get a newer extension?

nodesocket 2 days ago 0 replies      
I think there should a distinction made between consumer startups and b2b.

If you are a database or developer tools company, .io actually makes more sense. .io is the standard, and it has become de facto.

However, if your startup is a food rating service, or Uber for X, you gotta have the .com.

devanti 2 days ago 3 replies      
Is there a way to start a name consultancy?

I'm fairly good at coming up with names, and wouldn't mind offering my services, but I'm not sure how to secure my idea before selling it.

I would also be open to testing my skills for anyone looking for a company name.

vorg 2 days ago 0 replies      
Why should Coke own "coke.com" when they could own ".coke" one day?
moubarak 2 days ago 0 replies      
Well bad names which own their .com are far more worse. bvckup2.com? seriously? too bad for a great product. There are other examples out there it baffles me.
nginx404 2 days ago 0 replies      
"Nearly all your attachment to it comes from it being attached to you".Interesting.Very interesting as this is truth in the real sense.
seasoup 2 days ago 1 reply      
Disruptive_Dave 2 days ago 0 replies      
danielrhodes 2 days ago 0 replies      
These days an alternative is to just not have a (public) domain at all.
iamwil 2 days ago 0 replies      
I remember hearing a couple stories about Octopop.
pbreit 2 days ago 0 replies      
And if you're Elon Musk you get x.com.
erikpukinskis 2 days ago 0 replies      
bra-ket 2 days ago 0 replies      
this is all kind of secondary
graycat 2 days ago 0 replies      
Not sure the domain name reallymatters much now. Reasons:

(1) Do users really pay attention to the extension, COM or anything else?

(2) IMHO, now users mostly just click on links while paying little or no attention to the actual URL or domain name. Of course, the HTMLlink element (tag) doesn't have to expose anythingabout the extension.

So, why do 1+ billion users know orcare about COM?

For PG's point about the most successfulYC companies use COM, that was then, whenCOM didn't cost so much, not now.

Zigurd 2 days ago 0 replies      
This is why "Zigurd" is a very advantageous name.
gojomo 2 days ago 0 replies      
I like how esoterically, the footnotes imply you may want to consider changing your nationality or religion, as well.
daodedickinson 2 days ago 0 replies      
steam.com is NOT for sale.
curiousjorge 2 days ago 0 replies      
majority of people just enter the name in their address bar and click the search result. domain name is not as important as it was.
DenisM 2 days ago 1 reply      
Relay Technical Preview facebook.github.io
353 points by cpojer  8 hours ago   93 comments top 19
AlwaysBCoding 8 hours ago 2 replies      
I'm totally cool with Facebook mining my data if their open source keeps up this pace. GraphQL + Relay are total game changers for structuring web + mobile applications. Code bases get cleaner and more reliable. Less data gets sent over the wire. Other cool libraries are going to be built on top of Relay (I'm pretty excited to see what can be done now with ClojureScript components in .cljc files).

This is so awesome. Much love to everyone at Facebook that has made this possible. With React, React Native, Rebound, GraphQL, Relay etc... You're saving us all from drowning in complexity when buiding web/mobile apps and I love it. Keep fighting the good fight.

stevebmark 8 hours ago 2 replies      
I'm really excited about this! While working on an "isomorphic" app, data fetching gets incredibly complicated. There are many edge cases. For example, when rendering on the server, you have to block all renders until all data fetching is complete. But on the client, you can show the view with a "loading" indicator, as in not block. But you only need to fetch data for that route on the client if it hasn't been fetched on the server...the rabbit hole is full of wheels you don't want to reinvent.

I'm hoping Relay solves the data fetch problem in a way that makes isomorphic applications much cleaner.

picardo 7 hours ago 3 replies      
This is very exciting. Facebook's commitment to open source never ceases to impress me. They could keep this technology to themselves and have light years or we'd only read it in academic papers, like Google has done with its core technologies, and someone else would have to reverse engineer them. But Facebook gives the entire code base. No other large company I know of has such a strong commitment to open source.
TheAceOfHearts 8 hours ago 1 reply      
The release commit is really the best:https://www.dropbox.com/s/9gx377scddhxo95/Screenshot%202015-...

All I can say now is: Got RELAY

_mikz 7 hours ago 4 replies      
Have you seen the actual code of the mutations?


It is ... massive!

timtadh 5 hours ago 0 replies      
I wish facebook had not used "GraphQL" as their name for their SOAP/REST/RPC replacement. When I hear GraphQL I think of a query language for graphs. Like in (for instance) http://dl.acm.org/citation.cfm?id=1368898 . There has been a lot of cool research over the years on query languages for graphs. Facebook's "GraphQL" is totally nerfing Google's ability to find it.
leothekim 3 hours ago 0 replies      
This is the best commit message:

_ Give RELAY


jmcatani 6 hours ago 0 replies      
The major advantage of Relay/GraphQL seems to be if you have one monolithic data model for your entire codebase. You are in effect, binding your views directly to your backend. This is great if you are a company like Facebook with a single graph holding all data.

Sadly working as a consultant, using Relay as prescribed offers little use for me as I port from client to client with widely different data models. I am interested in maybe using Relay in parent React components to keep logical separation between my models and views.

knite 6 hours ago 3 replies      
I've skimmed the Relay and GraphQL repos, but I can't for the life of me figure out which database backends are supported. Can I put this in front of Postgres? Redis? How do I stand this up in front of an existing DB?
polskibus 7 hours ago 3 replies      
Can someone explain to me how are they using all JS (node incl server-side rendering) stack in a company that is known for using PHP on the backend ?

Do they have a specific PHP-to-Node bridge on the server side? If they write isomorphic code, either they are writing apps completely separate from PHP or they have some kind of integration (Node-in-PHP?) running?

I would be grateful for hints, I'm looking into working more with FB tech but I can't do Node on the server right now. Knowing how their architecture looks like with PHP/Hack on the backend would really help.

nwmcsween 48 minutes ago 0 replies      
So graphql is basically a query language and optimizer? Why not have a relational algebra library, query (sql, whatever) generator and optimizer as separate things?
foxhedgehog 4 hours ago 0 replies      
Exciting. So does this do away with implementations of Flux (like the excellent Redux), or is there room for them to work in concert?
TeeWEE 5 hours ago 0 replies      
The idea of Relay is cool. And GraphQL is indeed a nice thing for mobile engineers and product developers. I think its a novel way to query data.

Note: i'm mainly covering GraphQL

What i'm missing is implementations. For graphql you want a Java/python implementaion ready that can be hooked into your storage engine.

For iOS / Android you need some code generation tools that can generate your clientside business objects from the graphql schemas.

When i think about it, GraphQL combines the best of the SOAP/XML era (schemas, type safetype, client generation) with the new REST/JSON world (low footprint, simple structures).

However, it is still very difficult to adopt it.And most of the times, in a startup environment, you are faster implementing a rest api. And building your app on top of that. A schema (something like swagger, jsonschema) might help with client side code generation.

chadly 6 hours ago 1 reply      
How does this compare with Flux? Is it intended to be used with Flux or instead of Flux?
darkmarmot 2 hours ago 1 reply      
Aspects of React, Relay and Flux make me feel like my company's js framework could end up like Leibniz once we release it this fall...
zkhalique 7 hours ago 1 reply      
Wow, looks like what we've been doing for the last 4 years is very similar to the design of Facebook's tools they've been open sourcing. That is some serious validation for our architecture!

(For anyone who's interested here was our design:http://platform.qbix.com/guide/tools, http://platform.qbix.com/guide/messages)

platz 7 hours ago 0 replies      
Seems like it has some similarites to OData.

BreezeJS is a stand-alone data library for SPAs which takes care of managing the lifecycle of data objects; querying, fetching, caching is all taken care of. Queries use OData by default

fiatjaf 5 hours ago 0 replies      
More undebuggable magic.
aikah 8 hours ago 3 replies      
> While working on an "isomorphic" app

now you should say "universal", "isomorphic" was a poor choice of words at first place and led to a lot of misunderstanding(and bad blood between js developers and mathematicians)


> As applied to JavaScript, Charlie Robbins presented the idea in 2011. He called it "Isomorphic JavaScript" which has resulted in years of debate over the poor name. In recent months, the term Universal JavaScript has gained acceptance.

Firefox 42 will not allow unsigned extensions mozilla.org
278 points by fernandotakai  1 day ago   286 comments top 43
nathanb 23 hours ago 8 replies      
It's the "no override" part that concerns me.

I created and maintain an extension that is used by visually-impaired people around the world (it has been translated by volunteers into Dutch and Chinese, for example).

Occasionally a Firefox update breaks this extension. OK, fine, that's the cost of doing business. Of course, the automated compatibility report that Firefox creates is utterly useless; it almost never catches the breakage. But that's a side rant....

There can be a decent turnaround lag (sometimes on the order of a few days) to get a new version of an extension reviewed by addons.mozilla.org. In the meantime, I have made a habit of building a new version of the extension and giving it to anyone who asks. Some people rely on it to use the web and can't wait for Mozilla to do their thing (another side rant: I once stupidly forgot to check in a key resource. I've since changed my development process to keep this from happening again. But the non-functional extension that I pushed passed Mozilla's review just fine. Makes me wonder how much value the review process is really adding.)

If I want to be able to continue this process, I will need to sign the extension myself (and who knows what histrionics Firefox will throw if a user tries to replace an extension with one that has the same UUID but a different signature!)

userbinator 16 hours ago 5 replies      
Mozilla's hypocrisy is astounding:


"Users should have the choice of what software and plugins run on their machine."


"Firefox is dedicated to putting users in control of their online experience"

More recently:


"Firefox Puts You in Control of Your Online Life".

The slogan, as found on https://www.mozilla.org/en-US/firefox/new/ , is now "Firefox is created by a global non-profit dedicated to putting individuals in control online." I believe it used to be "users" - see above - but was silently changed. I suppose these "individuals" are the people at Mozilla...?

kragen 21 hours ago 9 replies      
This is deeply disappointing.

Two details: the extensions need to be signed by Mozilla, and only US English speakers will be allowed to disable this requirement.

The point of free software is that users, individually and collectively, are free to modify it as they wish, without requiring approval from third parties. (And of course to use, copy, and redistribute.) This is a sharp turn away from the free-software ethos that made Firefox possible in the first place.

I understand the issue of users being tricked into downloading and installing malicious extensions. If you let someone program, they will be able to paste malicious code. I just dont think that taking away users ability to modify their own browsers is an acceptable solution to that.

If this disturbing move sticks, Mozilla will become an increasingly tempting target for whatever group wants to control what software you can install on your own computerwhether thats Sony Pictures, the NSA, or Amazon.

The old free software movement has died. We need a new free software movement.

soapdog 13 hours ago 1 reply      

There are FOUR VERSIONS OF FIREFOX WITH A SWITCH TO DISABLE THIS if you're so inclined. You can use: Nightly, Dev Edition, Unbranded Stable and Unbranded Beta. All of which have a switch that you can set to disable addons signing requirement.

In contrast there are only two versions where this is a requirement, Stable and Beta. If you doubt the usefulness of this you haven't seen a browser being hijacked by malware overriding search results, inserting all types of toolbars and more. This will prevent malware from sideloading extensions. And this is good.

The signing process is not the same as the AMO review process. The process takes only seconds and the signed addon is returned to the developer. They can distribute as they see fit.

Now, lets face the fact: Simple signing process that takes only seconds and will help prevent lots of malware, not the most nasty ones but a huge lot of sideloaded crap. Four versions of the browser for those power users who want to disable this.

Now, can someone explain to me without hate why this is a bad thing?

scintill76 22 hours ago 2 replies      
Ah, feels like they're following Chrome's example, which decreed that it should be exceedingly difficult for Windows Chrome users to install extensions from somewhere other than https://chrome.google.com/webstore/ . This basically killed an internal app we had at work (a fork of a "REST client", with some added request-signing features specific to our internal APIs.) There was no strong reason to keep it secret, but there had previously been no need to put it in the store either, and there was a $5 charge to publish in the Web Store, which I didn't feel like dealing with.

Anyway, they are both measures taken to stop malware, by taking an option away from the user, that most users won't even notice, but many "power users" will be inconvenienced to varying degrees. I'm guessing Firefox's won't be as bad, since the "developer version" that will let you keep doing the old way probably won't differ from the normal version as much as Chrome's does.

tyho 21 hours ago 1 reply      
How does this policy interact with greasemonkey, an extension that allows running random JavaScript on sites with access to the extension API. You could write your malware as a greasemonkey extension, convince a user to install a signed greasemonkey release, and then convince them to install your malicious extension.
GeorgeOrr 1 day ago 6 replies      
It's important to note that the Developers Editions (and the Nightlys) will have a setting for disabling the requirement.

The assumption being that developers need to test as they develop. And are a more informed user.

sergimansilla 19 hours ago 3 replies      
I recently made an update my own Firefox extension, called Tab Grenade. It took them 4 months to review. 4 months. And that's for a (very) minor update.

Because of that, I was definitely considering to start releasing it on my own, instead of through Mozilla's add-on website. It looks like I will be able to do that, but I'll have to use the signed extension process.

I'll believe this system works when I see it. After my experience with add-on reviewing, I am very skeptical.

dannysu 14 hours ago 0 replies      
It's been one month and the new version of an extension I wrote is still waiting to be reviewed. I've since stopped waiting and started using the new version myself rather than download from AMO. I was already very disappointed by the review process and now this.

Tweeted to Chris Beard: "Dear @cbeard, please give your users the choice and control they deserve in @firefox. Allow extension signing to be disabled in FF42."

You want to protect the user, then start making extensions more secure and require permissions to do things. E.g. If an extension can access contents of webpages, pop up a dialog and ask the first time. There are other ways to protect users without going authoritarian on us.

RexRollman 18 hours ago 2 replies      
And slowly, freedom everywhere was destroyed in the name of security.
Sir_Cmpwn 16 hours ago 1 reply      
I use several small add-ons I wrote myself. Why should I have to get Mozilla's approval before I can install my own damn add-ons? One of them executes processes and I'm 99% sure it'll fail the automated review.

EDIT: It passed the automated review, but my point stands. If I wrote the code, then you can be damn sure I trust it.

verusfossa 14 hours ago 2 replies      
This is disappointing. Everything is becoming centralized, even Firefox extensions. I wish there was an opt out like "unknown sources" in android, but they keep saying we're not smart enough to make or own decisions. They won't even put one in about:config. This change well undoubtedly upset developers and other techy folk, exactly the kind of people you want working with your software.

Fdroid is working on third party repositories, maybe that will catch on to decentralize the mobile world a bit. Something like that for browser extensions would be sweet. Take a look at Fennec Fdroid for a cleaner Firefox mobile experience at least.

mercurial 23 hours ago 0 replies      
An important point is that the review process before signing takes seconds, according to the article. Considering the frequency of FF updates, it's an important point.

Now, let's just hope that the other side of the coin is a concern for API backward compatibility, so that people don't need nightly versions of addons and a developer edition to keep their addons in a usable state...

Taylor_OD 16 hours ago 2 replies      
Isnt chrome already like this? I spent 45 minutes trying to find a way to install a non extension store extension this weekend and gave up after being blocked repeatedly.
mveety 23 hours ago 2 replies      
What is the point of this? Shouldn't users be allowed to make their own decisions no matter how stupid or dangerous?
legulere 21 hours ago 1 reply      
I wonder how long it will take until adware producers patch out the requirement for signed extensions in the binary when you install stuff from them on your computer.
pwman 14 hours ago 0 replies      
Mozilla used to be the best place in the world for extension developers -- it was natural to have your best extension on Firefox because you could release early and often. Active developers made the platform.

When Chrome came along they decided to go in a different direction entirely slowly making it more and more painful to accomplish what used to be easy in the name of security. The review process went from automatic if you were trusted to weeks and then months and then more than a quarter year. They started demanding source code. It became scary to release to addons.mozilla.org because you never knew how long it would be before your next release would be approved.

Mozilla needs to realize they're hastening their own demise - Chrome now offers better features than when Mozilla was the leader including releasing to a percentage of users and faster nearly invisible to the user updates. They should go back to their roots and embrace developers again.

ekianjo 21 hours ago 4 replies      
It should still possible to fork Firefox and remove this requirement, right ?
jsingleton 17 hours ago 1 reply      
I wonder if this will mean that all the extension version numbers will stop ending in -signed. I'm used to having any build number with -label in its name denote it's a pre-release and isn't stable [0].

I was recently searching for user agent switcher add-ons as part of a blog post [1] and almost all have -signed in the name. To some people it could look like the un-signed ones are more stable and better.

[0] http://semver.org

[1] https://unop.uk/dev/how-to-watch-bbc-news-videos-on-a-deskto...

wtbob 15 hours ago 1 reply      
You know, there was something beautiful about users being able to pick up a tutorial and extend their browsers, if they wanted. There was something very empowering about being able to write extensions even in a corporate environment.

I've written Firefox extensions for personal and business use, and Mozilla are preventing that from every happening again. Why? Cui bono?

I'll mention, again, that they completely broke the security of Firefox Sync: it's no longer a trustworthy place to store passwords. Why? Cui bono?

mukundmr 22 hours ago 1 reply      
What happens to all of those extensions that are on they gray area of DMCA? Who is this move benefiting? The users or the sponsors?
tenfingers 17 hours ago 1 reply      
So much for beta-testing your extension prior to release. It's already hard to get users involved, now they just can't.

Or using any other channel to get your extension.

!Thanks Mozilla, really.

systemz 18 hours ago 1 reply      
Mozilla is doing everything to stop using their browser.
norea-armozel 13 hours ago 1 reply      
This is going to be an annoying change me since I use the 1Password extension which isn't signed as far as I know. So, it's likely I'll switch over to Chrome (which I've had performance issues with in the past) or Pale Moon. Seriously, it's my browser. It's fine if you want to make users white list extensions but to completely block unsigned extensions is a bit over zealous. Unless Mozilla makes the signing process automatic (since it seems some extensions on addons.mozilla.org can go months before being updated to the current version) I don't see this working out at all.
SCHiM 16 hours ago 1 reply      
I like the fact that a security issue is being tackled. What I absolutely hate is the fact that there are no ways to turn this option off.

Just like HSTS I can't turn this off and it leaves a bad taste in my mouth. Were originally I considered firebox to be a browser for power users, now I'm not too sure any more.

flippinburgers 10 hours ago 0 replies      
Who wants malware affecting all of the naive users on the internet? I don't. I think you can all put your pitchforks away and take a deep breath knowing that Firefox is trying to improve the experience for people who are not like yourselves. The process is automated and takes little time. Stop acting so entitled.
rquirk 15 hours ago 2 replies      
Will this also affect Firefox for Android?

Mozilla currently don't provide a dev build for Android, just regular and beta versions https://play.google.com/store/apps/developer?id=Mozilla

The security problem that this "fixes" is not really an issue on Android due to Android's own app sandboxing, so maybe the Android build will allow unsigned extensions? It's not mentioned in the FAQ.

djent 12 hours ago 0 replies      
Firefox disabled HTTPS Everywhere with no warning to me whatsoever. I use Dev Edition. I always just assumed it would always work, but apparently I can't rely on that anymore. Wasn't Mozilla pushing for non-encrypted HTTP to be deprecated? They should wait for that to happen before disabling HTTPS Everywhere.
alfapla 20 hours ago 3 replies      
It's little more than a year ago that Brendan Eich was ousted from Mozilla by an ugly orchestrated cabal. When I read Mitchell Baker's vapid blog post [1] on the decision, filled with polite backstabbing and politically correct buzzwordery I understood that Mozilla has been taken over by politicians and that its decline is just a matter of time.

[1] https://blog.mozilla.org/blog/2014/04/03/brendan-eich-steps-...

hobarrera 13 hours ago 2 replies      
> [...] plugins don't need to be signed.

So the worst kind of threat is still there. Great job, Mozilla!

Communitivity 16 hours ago 1 reply      
gdulli 14 hours ago 1 reply      
I hope Firefox 41 is really good because it's the last one I'll be using.
benmccann 13 hours ago 0 replies      
This is very frustrating. Made worse by the fact that they just replaced their packaging tool with a new jpm tool that doesn't yet match the functionality of the old tool.
droithomme 12 hours ago 0 replies      
I wonder if extensions will be allowed that facilitate illegal activity, such as downloading youtube videos in violation of copyright.
norea-armozel 14 hours ago 1 reply      
Does anyone know if the maintainers of Pale Moon or Waterfox intend to keep the extension signing requirement on their builds?
mashed_potato 15 hours ago 0 replies      
As if it wasn't already difficult enough explaining to people why I use Firefox...
mindcrime 22 hours ago 1 reply      
Well, at least they're paying lip-service to enterprise users who may have internal extensions to deal with:

 What about private add-ons used in enterprise environments? We haven't announced our plan for this case yet. Stay tuned. In the interim, ESR will not support signing at least until version 45, which won't come out until 2016.

rjempson 18 hours ago 0 replies      
dieg0 15 hours ago 0 replies      
ck2 17 hours ago 1 reply      
rak_112 19 hours ago 2 replies      
debacle 14 hours ago 1 reply      
bpodgursky 15 hours ago 2 replies      
Coca-Cola Funds Scientists Who Shift Blame for Obesity Away from Bad Diets well.blogs.nytimes.com
278 points by drsilberman  1 day ago   189 comments top 28
kfk 1 day ago 30 replies      
One thing with the beverages is that if you choose to not drink them, you will most likely be the weird one in most social situations. Especially if you cut on alcohol. I have nothing against drinks in general, but they should be an exception, not the rule. We should not drink beer or cola or any of this stuff on a daily or almost daily basis. Mainly because they introduce a truckload of useless calories that do no good to us and do not even fill our appetite.

Now, that's the logic, and it's a sound logic, go explain that to people every time you are drinking water in a pub and they go: "ehm, uh, you don't drink?". Which, by the way, if not explained properly can seem like you are a recovering alcoholic, if explained properly will make you sound like a food/diet nazy.

samtp 1 day ago 0 replies      
It should be notied the Dr. Blair is one of the most cited exercise science researchers of all time. He's not simply a shrew for Coca Cola, he has produces some of the most monumental papers in the field. If you look at his career timeline, his research matched with what Coca Cola wanted to promote (before they started working together), not the opposite.

He is also extremely passionate about helping reduce obesity in South Carolina especially. One of the nicest and most honest people I've ever met.

*disclaimer, I've worked with him on startups combining exercise science and mobile apps.

davidf18 1 day ago 3 replies      
One 20oz (vending machine size) bottle of Coke per day is 52 lbs of sugar (well, actually high fructose corn syrup) per year. Next time you go shopping, count 10 5-lb bags of sugar. Each and every year.

The NYC Dept of Health estimates that 30% of adult New Yorkers have one sugar-added beverage per day. 20 years ago there were 10oz bottle in vending machines, then 12oz cans, now also 20oz bottles, thus, those consuming a bottle a day today now consume 52 lbs of sugar per year compared with 26 lbs 20 or so years ago.

Many of the poor (and others) have no idea how many sugar calories they are consuming each year when they drink Coke and other sugar-added beverages.

Besides tobacco use, obesity and lack of exercise is one of the major contributors to our increased health care costs.

The previous NY Mayor, Bloomberg, tried to have a state tax on sugar-added beverages passed which is what is recommended by public health officials such as the CDC but that was turned down. Then he lobbied the Federal Government to not allow food stamps to be used for sugar-added beverages but that was turned down. Then the health dept. tried to ensure that in venues where they had control that sugar-added beverages would have a 16oz size limit, but they lost in court.

Ironically, the land for Centers for Disease Control and Prevention (CDC) which is located in Atlanta, Georgia was donated by none other than The Coca Cola Company.

balabaster 1 day ago 4 replies      
It's articles like this that deplete what little faith I have remaining in "science." The science that is released to the public has been subverted and corrupted by so many orders of magnitude that I'm not even sure why they bother calling it science any more. The lack of objectivity and conflict of interest in the studies/results is astounding. When politics is funding biased studies in the name of furthering corporate profits and then releasing it as "actual science", it's more than disheartening, it's downright sickening.

It's funny how many scientific atheists sneer at the religious for their beliefs when there's so much corruption in their own ranks... and that's coming from someone who'd rather believe in science than any form of organized religion...

mlrtime 1 day ago 0 replies      
Just watched 'Fed Up' this week. It is your typical one sided documentary however it does shed a lot of light into this topic.


Also, I'd recommend going here and looking at the FDA's proposal on labeling %DV for added sugars: http://www.fda.gov/Food/GuidanceRegulation/GuidanceDocuments...

rm_-rf_slash 1 day ago 3 replies      
Their message is shamelessly misleading, but there is something to it: most people will find it requires far less willpower to put down the fork than to put on some running shorts and go out for a jog.
awjr 1 day ago 4 replies      
I recently watched http://thatsugarfilm.com/ which looks into why sugar is so bad. Sugar consists of Glucose and Fructose. Your body knows what to do with glucose, releases insulin preventing fat from being burnt and enables your cells to use glucose. Fructose is converted into fat by your liver but cannot be used until the insulin subsides. Fructose really is "bad". Sweetners do not help either as they keep your body addicted to sugar. It also looked at the impact sugar had on brain function. Note that in the film he kept to similar calorie intake, just swapped out his good fat sources with low fat "healthy" choices. He gained 8kg primarily around the waste within 40 days.

Combine that with the meta study that showed exercise was not something to take up as part of a weight reduction regime http://www.independent.co.uk/life-style/health-and-families/... and you can begin to understand how important it is that Coca Cola need to push this message.

The reality is, added sugar products need taxation which is then ring-fenced to support healthy eating education and healthy transport schemes (Walking, cycling and public transport). We need to recognise that added sugar, in particular fructose, has to be treated on the same level as smoking is.

Hermel 1 day ago 3 replies      
To be fair, obesity is caused by a multitude of factors. For example, one often overlooked factor is the speed of eating. Your body only notices that you had enough with a certain delay. The faster you eat, the more you get in before feeling full. So regardless of food quality, fast food poses an elevated obesity risk.
pkulak 1 day ago 0 replies      
Here's the video that started a lot of the public awareness of the issue:


And there's also now a great documentary on Netflix called "Fed Up" (https://www.youtube.com/watch?v=aCUbvOwwfWM), for anyone who has a subscription. It particularly tackles this silly idea that it's okay to eat and drink shitty food all day, so long as you exercise for a little bit too.

bsdpython 1 day ago 0 replies      
I am far from knowledgeable regarding diet and nutrition but I recently switched from drinking a good amount of fruit juice and an occasional soda to drinking 100% water. I wasn't really even overweight but I shed 10 lbs within a month and I feel in much better health. I don't think it's just sodas - pretty much any drink with a lot of calories and sugar seem like a waste. Now when I see those giant sized sodas in restaurants I can't believe I used to drink them.
rayiner 1 day ago 3 replies      
I don't get the whole anti-"processed food" thing. The whole change in weight in the U.S. can be explained by increased caloric intake since the 1970's. It's not like we didn't have Coke back then.

I think the real problem is capitalism. It makes good economic sense to sell your customers too much food. Consider Starbucks. Your parents' coffee and a donut was a 250-300 calorie breakfast. Today's latte and a scone is double that and yields a much nicer profit margin.

mason240 1 day ago 3 replies      
Are the studies still producing valid, peer-reviewed results?
will_brown 1 day ago 1 reply      
This post reminds me of the mouse experiment showing mice preferred the reward of refined sugar over cocaine, even when the mice were already addicted to cocaine. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1931610/

Perhaps their should very basic study on general health/weight of people who regularly consume refined sugars and those who abstain from refined sugar (with neither group engaging in structured exercise. Or have these scientists answer a more basic question about obesity...all things being equal, if you took a person (whether they exercise or not) would that person be more likely to be obese if they consumed a 200 calorie soda every day or replaced the soda with 200 calories of almonds. I think people would be greatly surprised to find out a calorie is not simply a calorie as is often suggested and that sugar has a lot more impact on obesity than fats.

acd 1 day ago 0 replies      
There was an article here that 50% of food science is not valid research. Further companies in the food industry pay researchers to do research which by chance often returns positive studies in favor for those who paid for it.

"No connection with Fructose and obesity"Sponsored by the Canadian sugarinstitutewho is owned by: Coca Cola and Pepsi co and corn producers.

whizzkid 1 day ago 2 replies      
It is little bit weird that we are hearing this from scientists but apart from that there is nothing wrong with what it says I think.

Just because some people can not resist and drink responsibly, why should the company take the blame?

Having too much of almost everything is bad for you, am i missing something here?

tlb 1 day ago 1 reply      
Is there much high quality, original research left to be done around "sugary diets cause obesity?"

It's not my field, but I suspect that the only original research left to be done examines other potential causes. There's lots of good work on the Microbiome, for example.

Can someone from the field tell me, if they had a big fund to counter-balance the bias caused by Coca-Cola, what original research it would fund?

raverbashing 1 day ago 0 replies      
Free soda refills in restaurants may make sense economically but it makes no sense from a diet point of view

Same thing with most crap people eat every day.

I'm not against processed foods per se, the increase in food safety and storage time makes sense.

Now, people make meal-sized (calory-wise) snacks by stuffing a bag of Doritos in between meals, eating a whole pack of Oreos, or just eating unbalanced (usually both micro and macronutrient unbalanced) meals etc

kelvin0 1 day ago 1 reply      
Here is an alternative view to these corporate 'studies':https://www.youtube.com/watch?v=dBnniua6-oMOr simply watch pictures taken in the 1920-60's, it's pretty shocking how most north americans were much much leaner.
cowardlydragon 1 day ago 0 replies      
ChrisLTD 1 day ago 0 replies      
This is reminiscent of the tactics tobacco companies used to keep selling cigarettes after research and experience started to suggest their products caused cancer.
frogpelt 1 day ago 0 replies      
absolutenumber 1 day ago 0 replies      
Simulacra 1 day ago 0 replies      
This is a duplicate.
pinaceae 1 day ago 2 replies      
BiboBonn 1 day ago 0 replies      
PepeGomez 1 day ago 0 replies      
EliRivers 1 day ago 0 replies      
Google reveals details about its datacenters highscalability.com
269 points by toddh  1 day ago   50 comments top 10
lorenzhs 16 hours ago 0 replies      
The key takeaway for algorithms research seems to be that "[w]e dont know how to build big networks that deliver lots of bandwidth". This is exactly what S. Borkar argued in his IPDPS'13 keynote [1]. An exa-scale cluster can't be cost-efficient unless the bisection bandwidth is highly sublinearly in the cluster's computing power.

We need new algorithms that- require communication volume and latency significantly sublinear in the local input size (ideally polylogarithmic)- don't depend on randomly distributed input data (most older work does)

It's really too bad that many in the theoretical computer science community think that distributed algorithms were solved in the 90s. They weren't.

[1] http://www.ipdps.org/ipdps2013/SBorkar_IPDPS_May_2013.pdf

ucaetano 19 hours ago 3 replies      
I once saw the co-founder of Cloudera saying that Google exists in a time-warp 5-10 years in the future, and every now and then it gives the rest of us a glimpse of what the future looks like.

Felt exaggerated at the time, but it often seems like the truth.

kordless 13 hours ago 1 reply      
> The amount of bandwidth that needs to be delivered to Googles servers is outpacing Moores Law.

Which means, roughly, that compute and storage continue to track with Moore's Law but bandwidth doesn't. I keep wondering if this isn't some sort of universal limitation on this reality that will force high decentralization.

fauigerzigerk 15 hours ago 1 reply      
Ironically, if you look at the data center as a computer, this looks very much like scaling up, not scaling out.

I wonder if one day we will find that sending all data to a data center for processing doesn't scale. I think that's already a given for some realtime'ish types of applications and it could become more important.

Obviously, the success of decentralised computing depends a lot on the kinds of connected devices and whether or not data makes sense without combining it with data from other devices and users.

With small mobile devices you always have battery issues. With cars, factory equipment or buildings, not so much. But management issues could still make everyone prefer centralisation.

mkj 18 hours ago 5 replies      
So every cluster machine has 40gbit ethernet (?) - does anywhere else do that?

Looking at Table 2 http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p183....

andrewstuart2 11 hours ago 0 replies      
> The I/O gap is huge. Amin says it has to get solved, if it doesnt then well stop innovating.

I can imagine you can solve the throughput problem with relative ease, but the speed of light limits latency at a fundamental level, so proximity will always win there.

I tend to think that storage speed/density tech rather than networking is where the true innovations will eventually need to happen for datacenters. You can treat a datacenter as a computer, but you can't ignore the fact that light takes longer to travel from one end of a DC to another than it would from one end of a microchip.

GauntletWizard 22 hours ago 4 replies      
One of the biggest things I've had to unlearn as an SRE leaving google is this: RPC traffic is not free, fast, and reliable (So long as you don't go cross-datacenter). For most companies it is expensive and slow. Facebook's networks are still designed for early-2000s era topologies and their newer topologies won't fix that; They've still got way too little top-of-rack bandwidth to the other racks nearby.

Microsoft hasn't even caught on yet, and is still designing for bigger and bigger monolithic servers. I can't tell what Amazon is doing, but they seem to have the idea with ELBs at multiple layers.

Mettalknight 13 hours ago 1 reply      
stingraycharles 18 hours ago 0 replies      
Since you add no value to the discussion, this is just spam -- imho pretty shameless indeed.

Next time, at least share a story of something cool you have done, that would make your post much more appealing.

How yuppies hacked the hacker ethos aeon.co
274 points by edward  1 day ago   208 comments top 39
Animats 1 day ago 5 replies      
I suspect that the author has read Derrida. He's obsessing on the meaning of a word and following semi-random threads trying to deconstruct it. That's classic Derrida. That approach doesn't solve any problems, but it's a useful way to generate papers. If you read some Derrida, you too can learn to generate blithering of that type.

As for yuppies vs. hackers, it helps to go back further, to understand how hippies morphed into yuppies. Hippies were mostly self-indulgent types who spouted bogus philosophy to justify their existence. Yuppies are mostly self-indulgent types who spout bogus philosophy to justify their existence. Stewart Brand, of Whole Earth Catalog fame, led the transition from hippie to yuppie, from the commune to the "lifestyle industry", from growing your own food to Whole Foods.

What happened to the hacker ethos was the absorption of computing into the advertising industry. The hacker ethos survived the Microsoft era, but not the Google era. Microsoft was about tools, which was consistent with the hacker ethos. Google is about ad clicks, and its success created a whole industry focused on ads and user exploitation, not tools for user empowerment. That's what destroyed hacker culture.

rm_-rf_slash 1 day ago 11 replies      
When I realized that the kids of the old money elite began to see Silicon Valley, not Wall Street, as the means to big money, I decided I could never go back.

The elitists came to Northern California - a vanguard of social liberalism, student protest, and most importantly communitarianism - and brought their elitism with them.

Northern California still exists in the nostalgic hippie image of the 60s, but it's compartmentalised, like the Dropbox brogrammers elbowing out kids at a playground. Public spaces increasingly become private in the name of profit.

Over time, the feel of free love will fade away entirely in the Bay Area. Everyone interesting who isn't a millionaire will be pushed to the margins, and eventually, more welcoming spaces, like Detroit. I implore the tech elite of Silicon Valley to consider a future where an expensive tech-centered monoculture makes the Bay Area an unattractive location for long-term employees, and instead relying on mercenary college grads who put up with the cost and the crazy for a few years before moving on to a more fulfilling job and place to call home.

bcg1 1 day ago 1 reply      
This article is bound to ruffle some feathers around here.

The writing is spot on but will cause some cognitive dissonance for some as the words ring true but conflict with the structures they have set up in their minds and in their lives.

I think that the commercialization can be good though... the culture gets to live on and propagate when there is a way for hackers to make money doing what they love. Any successful counterculture is bound to be co-opted and exploited, but that doesn't mean that true participants in that culture shouldn't be able to subsist off of it.

Author makes the comparison to hip-hop culture which I think is a good one... there is a highly commercialized side of that culture in rap music, but there are still "underground" emcees not to mention deejays, beatboxers, graffiti writers, and others who are able to build up their culture due in no small part to the money coming in. Of course, to maintain a good balance, you need keepers-of-the-faith like the author who are willing to smack down arrogant upstarts who think they can piss all over and redefine the culture they claim to hail from.

adricnet 1 day ago 1 reply      
I scanned this before coffee this morning and in short I'm not sure anyone else should read it in its present state.

Although the author poses some interesting ideas the piece feels long and muddled and I'm not at all sure who the audience is or what the call to action might be. Voice is unclear as some paragraphs are personal statements ("I") and others are observations about culture and economics.

It might be more powerful if it was drastically shorter and simpler ... or maybe if it was three times longer with more references and a stronger set of recommendations. I really can't say.

jaegerpicker 1 day ago 1 reply      
This is such a poorly thought out article. The term hacker has also meant so many different things to so many people. I grew up with the 90's hacker scene. I was a teenager for almost all of the decade and I started programming and reading about, interacting with, and being a part of the 90's hackers groups. Those groups were called criminals, crackers, or cybergangs but a lot of the old school MIT crowd of hackers. Then the mainstream media picked up the term to mean criminals. Then my age group entered the workforce and redefined the term to mean an excellent programmer, as in hacker news. It's been constantly changing and meaning different things to different groups. How can you co-opt something that fluid? This article smacks of someone complaining about a culture they don't understand themselves.
clavalle 1 day ago 3 replies      
You know what's cool? Ignoring what other people think is cool.

Who cares if 'yuppies' 'gentrify' hacking. You neither have to stop doing what you like because groups you don't care for have noticed nor do you have to waste energy and time and fight against them for doing so.

Do what you want to do regardless. That is the answer to the author's questions.

If you are a hacker, or artist or music lover or anything else of a certain type merely because someone else isn't of that type you are not really that thing.

You are going to find posers as a sub-culture enters the general awareness but you are also going to find trickster godlings in suits with boring titles on their business cards if you don't let the trappings blind you.

veddox 1 day ago 1 reply      
I get the distinct impression that the author of this article doesn't really know what he is talking about. He doesn't bother mentioning (if he is even aware of the fact) that "hacker" != "cracker", but kind of muddles both groups into one. The very fact that he talks about "The construct of the good hacker" tells me that he never did his homework properly.

Last time I checked my history books, hackers used to be "good" when they started out. Yes, they were counter-cultural and yes, many had more or less pronounced anarchists tendencies. But they were definitely not the rebellious threat to public safety that the author portrays. In fact, the author gets it back to front: the real corruption of the term "hacker" happened twenty-five years ago, when the media started applying that label to cyber criminals. If anything, Silicon Valley is actively countering that original corruption by their current use of the term. (Though it is quite possible that they are misusing/over-using it in smaller ways.)

In short, this is a prime example of an article about a subculture that is untainted by any understanding of the same.

Sir_Cmpwn 1 day ago 2 replies      
This hits home. I read hacker news and sites like it, but I know in my heart that the people here are not, for the most part, hackers.
jasode 1 day ago 5 replies      
This unremarkable essay is another one of hundreds repeating the theme about "money destroying true hackers". One can rewrite the same article using other synonyms such as "Silicon Valley Has Lost Its Way" or "How Greed Is Ruling Silicon Valley."

This theme can be further generalized into "money is ruining <insert_whatever>".

"Money is ruining music. Bing Crosby was a true artist; Today's performers like Lady Gaga is a commercial pandering."

"Money is ruining movies. The 1970s had auteur directors but now all we get at theaters is superheroes in spandex and Disney princesses because they need ROI from international blockbusters."

Writers, thinking they have something new to say, like to write on those themes. Readers, with a predisposition to seeing what's wrong with the world, like to read them. I suppose it's some sort of 1st-World ritual of commiseration. Personally, I find those essays devoid of any insight. I can acknowledge that there are undeniable trends there but I try to avoid categorizing them into value judgments of "good vs evil". I understand the economics of why Disney's "Frozen" is the type of film that theaters prefer to show rather than Michael Cimino's "Heaven's Gate".

An example of force-fitting his observations into categories of Hackers-vs-Yuppies (aka good-vs-evil) is his claim:

"Im going to stake a claim on the word though, and state that the true hacker spirit does not reside at Google, guided by profit targets."

That broad-stroked brush is amateur writing. Google is a big place with ~57,000 employees. Sure, there are probably engineers doing soul-crushing work of parsing logs for server reliability or optimizing ad click conversions. But I'm sure there are other pockets of engineering where "hackers" are innovating and trying to change the world: driverless cars, balloon wifi, etc. It's the same contradictory pockets of bored employees coexisting with passionate hackers in different areas of large companies like Lockheed, AT&T Labs, Apple, etc.

As far as "yuppies" ruining the hackers, I'm not sure who's supposed to be an exemplar of the "hacker" that he wants to run SV. Steve Wozniak & Steve Jobs both came from middle class families. They weren't hobos living out of their cars and overturning the world with their hacker ethos. Apple took money from VC investors within 1 year of its founding. Even Richard Stallman's family background can also be considered "yuppie".

erikb 1 day ago 0 replies      
"Go home, yuppies!" - Yes and no. Hacker spirit is flexible, so why are we still sitting on that name? It's dead for that spirit since the 90s. In some regard I think, that I even care might be a good proof that I don't really belong. Wouldn't be strange to see the "real hackers" to just go hack something else while we sit here discussing "community norms" and "special terms".
return0 1 day ago 0 replies      
They could just stop calling it hacking. It's such a cliche term nowadays. Look at me, i'm writing in an entrepreneurial forum, and even that is called 'hacker news'. Yesterday drchrono was looking for 'healthcare hackers' by which they meant programmers. I giggled. Hacking is like the new indie. It will come, and pass.
radmuzom 1 day ago 0 replies      
One of the earliest articles on "hacking" which I read was by Richard Stallman - On Hacking [1]. The article seems to agree in spirit with what RMS was talking about.

[1] https://stallman.org/articles/on-hacking.html

m-i-l 1 day ago 0 replies      
The countercultural trickster has been pressed into the service of the preppy tech entrepreneur class

Concern has been expressed that the new generation of artists (musicians, actors etc.) in the UK seem to primarily come from upper middle class backgrounds[0]. I have started to wonder if the same could be said of the tech startup scene, e.g. in London. This could be due to the increasing difficulties someone would have living on a period of effectively zero income, unless they had the backing of rich parents.

[0] Could cite lots of articles, but http://www.standard.co.uk/business/markets/confessions-from-... is just one recent one.

gambler 1 day ago 0 replies      
This reads like a typical cultural critique article. Long text, contrived definitions, lack of overall insights into the subject. At least I didn't see anything that would make go "ah, I never thought of that". It's mostly word games.

Even though many people try to draw parallels between hackers who creatively modify systems and hackers who break into systems, there is little overlap these days, except, maybe some common roots in history and the fact that the latter usually have ample skills to do "creative" hacks as well.

Hacker culture being subverted? With multitude of security conferences, daily news about research into new vulnerabilities and increasingly frequent criminal hacks, I think hacker culture is actually doing pretty well in many of its diverse forms.

roneesh 1 day ago 3 replies      
Look, you can construct whatever narrative you want about power, people and the ebb and flow of capital, but it's pointless.

People like nice things. There I said it. Most people like nice cedar lined floors, expensive drinks and well cut clothes. And when you have those things, it's marvelous how quickly your disdain for the 'institution' evaporates.

Most of us aren't really hackers in that nostalgic sense. We're normal people, yuppies, kids, nerds, dorks, that one dude really into Aphex Twin in your office (everyone has one). We just happen to be good with computers.

steeples 1 day ago 0 replies      
Hacking for me was always about pushing the envelope, and if that meant getting the right tools for the job, then that also meant working for old industrial monopolists and building out my crystal palace in my own free time. After work I would come home, switch on my Pandora's box, and use my paycheck to have fun. The problem with doing this for extended periods of one's life is that you see all your peers getting stinking rich, and you almost feel left behind, like a lone wolf hacker who missed the proverbial boat of investor money. On one hand this can feel miserable because Fear of Missing Out (F.O.M.O) feels like a legitimate thing to be concerned about. On the other hand, the hacking escapades are exhilarating and quickly drown out F.O.M.O because those same people that are getting rich are missing out on the joys of low level disk hacking, and twitter bots that can disrupt markets and sway the stock market any way one wants. The F.O.M.O is quickly drenched by fun. Let fun precede every other activity. This is the hacker way.
aluhut 1 day ago 0 replies      
clickok 1 day ago 1 reply      
The main objection against the ending refrain of "go home, yuppies" is that, since hackers (however you define the term) have valuable skills, they should be able to earn money using them.If the alternative is working in a menial capacity for some large alienating infrastructure (see what I did there?) with hacking as a hobby, then I'd rather be working on something interesting, even if it makes me complicit in gentrification[0].

So, that's the whole issue right there-- being a hacker has become a career path, and it's iteratively becoming more mainstream as the expected benefits are formalized and the stigmas exorcized[1]. That doesn't really sound all that bad, but the problem with gentrification is that it pushes the original tenants out, which is kinda scary when we're talking about the gentrification of an idea.

"Real" hackers become hard to identify among the masses who can sling a little javascript, and so they end up on the fringes of their own movement.

Of course, I'm not really sure how much such real hackers care.It'll be inconvenient when you can no longer identify a member of the tribe by a simple shibboleth, but that is not an insurmountable obstacle.

In my opinion, l33t H4x0r status is something you earn[2].A yuppie having "hacker" on their business card is likely doing about as much damage to hackerdom as the self-titled programming rock stars, ninjas, wizards, etc. etc. did to those professional groups.


0. Incidentally, does anyone else get reminded of things like The Rebel Sell or The Conquest of Cool by pieces like this? All of this handwringing serves to subtly indicate that the author is the sort of person who happens on these scenes before they were cool.

1. Even if you can't get rid of the more Stallman-esque members of the tribe, they get romanticized, deified, reduced to stories instead of people who could be brilliant, visionary, and kind, but moments later gross or needlessly rude.

2. Generally by spelling with your number keys.

humbleMouse 1 day ago 1 reply      
Don't really like this article, the writing is embellished and the thesis unclear.
irl_zebra 1 day ago 0 replies      
I have to say, I really enjoyed how they placed their newsletter signup. I actively rebel (maybe that's the hacker ethos per this article, haha) against the ones that have a giant popup and often put totally incorrect information just because I'm so annoyed. This one has the signup unobtrusively in the middle of the article a little ways down. Thus, if you found the article interesting enough to keep reading, you came across the newsletter signup embedded unobtrusively. I signed up for a newsletter from a website/blog for the first time in a long time.
stillsut 1 day ago 3 replies      
Here's the key point where the author and me diverge:

> In this context, the hacker ethic is hollowed out and subsumed into the ideology of solutionism, to use a term coined by the Belarusian-born tech critic Evgeny Morozov. It describes the tech-industry vision of the world as a series of problems waiting for (profitable) solutions.

Trade is the ultimate form of autonomy because when someone willingly buys what you're selling you can be self-sufficient (as opposed to dependent on a beneficent family/non-profit organization/gov't). Obviously tech startups have deviated from the hobbyist "I'm getting my kicks" ethos because they're trying to hack the softer domain that is customer behavior. Solutions to real problems are always win-win, and to believe otherwise is pretty weird.

busterarm 1 day ago 1 reply      
I'm working too hard and too sleep deprived to read the full article, but am I the only person noticing that every single lawyer and MBA under 35, almost without exception, is attending or trying to attend a code school to change careers? Many of the ones I meet talking about it have very limited tech experience.

That's very much how it seems in NY right now.

danjc 1 day ago 0 replies      
It's pieces like this that keep me coming back to HN. They also make me wish I could write as well!

It always irks me when I hear people refer to themselves as hackers (Zuckerberg for one) and this article articulates why far better than I could.

jkot 1 day ago 1 reply      
Lets be grateful for yuppies and their money. Computers and gadgets are today cheap and widely available. And there is finally no social stigma related to nerds. 'Real hacker' who works on AI, security etc.. has now life easier.
kazinator 1 day ago 0 replies      

1. Define what hacker means (prior to the yuppie gentrification), for numerous paragraphs. Bulk of article.

2. Big drop G paragraph: point actually starts here. (Just scroll down until you see a big G).

3. Fizzle on about gentrification of hacking, sort of making a point.

4. Send yuppies home.

api 1 day ago 1 reply      
Fight the man hard enough and you win. Now you're the man.

It wasn't colonization that yuppified hackerdom. It was evolution. Most of the old school hackers became yuppies when they found out they could make lots of money off this stuff. New school hackers are entering the scene now and this is all they know.

The same thing happened to old school counterculture hippies who found out their ideas and their styles sell. Hippies founded loads of clothing brands, trendy shops, 'new urbanism', and the whole organic food movement, all of which are now massively profitable. Whole Foods Market (Nasdaq: WFM, an S&P500 component) is a direct evolutionary descendant of the dirt-worshipping weirdos that spurned 1950s white bread culture and danced in the streets on acid.

Nothing really goes extinct. The dinosaurs are still here. In America we have a custom of roasting one on Thanksgiving.

I grew up with the old school 90s cyberculture, and I miss it dearly. I remember downloading text files on phone phreaking from H/P/V/A BBSes, hacking PBXes to dial demo scene boards in Europe, and watching Second Reality (https://www.youtube.com/watch?v=rFv7mHTf0nA) for the first time on my 80386 with 4mb RAM.

I keep a few museum pieces of stuff I made back then here: http://adam.ierymenko.name/ye_olde_source_code.html

Today I am doing this: https://www.zerotier.com/

In its original form this old hacker culture is mostly dead. Its successor in an evolutionary sense is the startup scene.

If you doubt this thesis consider that you're hanging out at Hacker News, which is run by a billion dollar VC firm. I rest my case.

Yesterday we had Future Crew and L0PHT Heavy Industries. Today we have Y-Combinator and Andressen Horowitz. Today's hacker groups have cap tables.

By saying this I am not claiming that this was an entirely positive change. Evolution is not a progressive march 'upward'. The word evolution just means 'change over time.' Some features are gained, others are lost.

In evolving along these lines the hacker scene gained a lot but it also lost a lot. It lost the creative ethos of play and experimentation, replacing it with an engineering culture ruled by the hidebound plodding competence exported by top-ten universities and their engineering programs -- excellence at doing things we already know how to do. It also lost its countercultural and social ethos, replacing it with a yuppie get-rich mentality. But it gained the ability to act on the world stage. I would argue that hackerdom evolved into a global economic superpower with the capacity to influence not only global geopolitics but the future of human evolution.

You'll say it lost its soul and I won't argue with you. It certainly lost the things that made it great in its time and its place.

But that's the thing. Dinosaurs became birds because the dinosaur thing was played out. 90s hacker culture was great in its time and place. I wonder how relevant it would be today. This is not the 1980s or the 1990s. Everything has changed.

I think the question we need to be asking is what now? Where can we go from here? What might we evolve into that is perhaps more interesting than what we are today and how do we get there? The answer (IMHO) is never going back to the way things were. It's always the forward escape.

Edit: another useful question to ask is: what was it about old school hacker culture that predisposed it to evolve into this? It's particularly interesting to ask this about aspects of today's startup scene and Silicon Valley culture that you don't like. For example: I find the fratty 'brogrammer' thing irritating, but I can see its ancestry in the overwhelmingly male and somewhat sexist hacker culture of yore. It's just that minus the counterculture trappings.

Bohahahaha 1 day ago 0 replies      
I'd rather say, 80s hackers are todays yuppies. So it might be the same people.
omouse 1 day ago 0 replies      
The only thing I took away from this is that more hackers who are hacking on hackathon projects and for-profit code bases should be hacking on free/open source to maintain the spirit of the hacker ethos.
traverseda 1 day ago 0 replies      
>We are currently witnessing the gentrification of hacker culture. The countercultural trickster has been pressed into the service of the preppy tech entrepreneur class.

Ouch. That hits hard.

pietaalpha 19 hours ago 0 replies      
The best way of eliminating the hacker ethos is to create economic forces, starving programmers and Ph.D people, low wages so that the search for money is key. Is HN about hacker ethos or about making money?
rumcajz 1 day ago 0 replies      
Dunno about America but why not take part in CCC? That still has the old-school hacker feeling about it.
cafard 1 day ago 1 reply      
I thought that yuppies had disappeared along with hippies, beatniks, Teddies, etc. etc.
77f89faf 1 day ago 0 replies      
Hint: the phrase 'to suffer fools gladly' comes to mind.
smadge 1 day ago 0 replies      
paulhauggis 1 day ago 0 replies      
"Gentrification is the process by which nebulous threats are pacified and alchemised into money"

I never understood why the citizens of a city are against Genetrification. It improves not only the quality of an area, but can make you money if you own property there. Creating laws against it essentially keeps the poor, poor. On top of this, anyone with a little bit of succes and/or money leave.

It's just another example of politicians decreasing social mobility under the guise of helping the poor.

peterwwillis 1 day ago 0 replies      
The author is confused because they think a 'hacker' is a tangible thing. It isn't. It's an idea without shape, a calling without purpose.

The prototypical self-described hacker is an insecure person who attaches themselves to a romantic, powerful identity in order that they might attain these qualities themselves. But the power of the hacker is that of a magician: conjuring tricks in order to amaze the public and seem mysterious, powerful, skilled.

Here you see a normal web server with a firewall. It's totally secure. Nothing up my sleeve, as you can see. But wait... Alacazam! Now I have a remote shell!

If the author wanted to 'resist' traditional economic institutions they could become a circus performer. But then they couldn't fulfill the true 'fetish', which is that anti-authoritarian action through intellectual skill and craftiness is a pursuit to be proud of; one that the audience should revere.

The fact that this author's lofty rejection of traditional economic forces packaged in a sexy identity also has the ability to provide them a very comfortable living is, it would seem, totally accidental.

seiji 1 day ago 0 replies      
If you want to see how true "hacker ethos" existed as compared to today's "WE HIRE HACKERS" brandvertising placed in IPO filings, check out early or pre-www FAQs.

Here's a good one (a few MB of text) about hacker encryption: https://www.cypherpunks.to/faq/cyphernomicron/cyphernomicon.... other traditional sources are the anarchist's cookbook and anything with more of a "fight the man" sense from the 70s and less of a "give us billions of dollars" sense from the post-popular-Internet era.

Hacking is about a nerd underclass fighting an oblivious overclass. Up until the late 90s, hackers had never "won." But with Internet mania sweeping the world, the nerds started to win. They became "the new man." Now the new overclass needs to be brought down themselves. You don't win hacking, you just become a more prominent target.

Hacking is also about exactly not that.

Hacking is just ignoring everybody else and doing good work you can be proud of. It's the only reason Apple exists. Hacking is about not trying to win, it's just about being clever.

Companies promote hiring the second kind of hacker because those people pay no attention to the value they create as long as they're having fun. So, you get someone puzzle-obsessed, give them a $50 million problem to solve, they solve it, and you keep paying them their $125k/year. Everybody's happy and the CEO gets to join the three comma club even sooner thanks to the selfless hackers who enjoy subsidizing billionaires while living at the bottom of the org chart.

Gigamouse 1 day ago 2 replies      
For those who think this article is too long, here is summary:

This gist of the article is that the hacker impulse or hacker ethic is a natural human response to large alienating infrastructures that allow little agency on the part of individuals. Hackers take different forms, but are identified by 1) a tendency towards creative rebellion that seeks to increase the agency of underdogs in the face of systems that are otherwise complex or oppressive or that limit access to experts 2) a tendency to acting out that rebellion by bending the rules of those who currently dominate such infrastructures (this is in contrast to the open rebellion of liberation leaders who stand in direct defiance of such rules). They thus are figures of deviance, seeking to queer boundaries that are otherwise viewed as concrete and static.

Having set up a definition of what the hacker ethic is, the article goes on to argue that the ethic has been corrupted due to its association with computer culture in the public eye.

On the one hand, in a world where people increasingly rely on computers for subsistence, the bogeyman figure of the criminal computer hacker has emerged, a figure of media sensationalism and moral panic.

On the other hand, the increasingly powerful technology industry has honed in on the desirable, unthreatening elements of the hacker ethic to present a friendly form of hacking as on-the-fly problem-solving for profit.This is described a process of gentrification: In most gentrification you have twin processes: On the one hand, a source culture is demonised as something scary to be avoided. On the other hand, it is simultaneously pacified, scrubbed of subversive content, and made to fit mainstream tastes. This has happened to rap culture, street culture, and even pagan rituals. And the article argues, it is now happening to hacker culture: The countercultural trickster has been pressed into the service of the preppy tech entrepreneur class.

The article concludes with a reflection on whether you abandon the gentrified form, or whether you fight for it. There is reflection on whether the hacker impulse perhaps has always been an element of capitalist commodification processes, but argues that it is an ethos that needs to be protected: In a world with increasingly large and unaccountable economic institutions, we need these everyday forms of resistance. Hacking, in my world, is a route to escaping the shackles of the profit-fetish, not a route to profit.

astroteller 1 day ago 0 replies      
Garbage article.
AWS S3 Outage
267 points by gschier  1 day ago   131 comments top 48
nmjohn 1 day ago 2 replies      
I'm seeing it as well - majority of connections are being dropped for us atm

 The Amazon S3 team recently completed some maintenance changes to Amazon S3s DNS configuration for the US STANDARD region on July 30th, 2015. You are receiving this email because we noticed that your bucket is still receiving requests on the IP addresses which were removed from DNS rotation. These IP addresses will be disabled on August 10th at 11:00 am PDT, at which time any requests still using those addresses will receive an HTTP 503 response status code. Applications should use the published Amazon S3 DNS names for US STANDARD: either s3.amazonaws.com or s3-external-2.amazonaws.com with their associated time to live (TTL) values. Please refer to our documentation at: http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region for more information on Amazon S3 DNS names.
Something to do with that perhaps? AWS sent us that last thursday

fizx 1 day ago 5 replies      
I wonder what it would take for amazon to show one of the yellow icons on their status page? Has it ever happened? Would a datacenter have to fall in the ocean?
jschorr 1 day ago 3 replies      
Latest Update from http://status.aws.amazon.com/:

1:52 AM PDT We are actively working on the recovery process, focusing on multiple steps in parallel. While we are in recovery, customers will continue to see elevated error rate and latencies.

hughstephens 1 day ago 0 replies      
Next update is live

 2:38 AM PDT We continue to execute on our recovery plan and have taken multiple steps to reduce latencies and error rates for Amazon S3 in US-STANDARD. Customers may continue to experience elevated latencies and error rates as we proceed through our recovery plan.

adamtulinius 1 day ago 2 replies      
Can't pull docker images from the hub either, and their statuspage currently shows S3-problems: https://status.docker.com/
crodjer 1 day ago 2 replies      
Could this be a reason why Heroku is misbehaving?https://status.heroku.com/incidents/792K
simonpantzare 1 day ago 2 replies      
Seeing the same thing. Got back from vacation an hour ago, probably related. :)
ranrub 1 day ago 0 replies      
"1:08 AM PDT We believe we have identified the root cause of the elevated error rates and latencies for requests to the US-STANDARD Region and are working to resolve the issue."

looks like the cavalry are coming

chncdcksn 1 day ago 1 reply      
GitHub is having release download issues, possibly due to this. https://status.github.com/
xenoclast 1 day ago 1 reply      

 [3:25] AM PDT We are still working through our recovery plan.
Man, I'd love to see that plan.

clebio 1 day ago 1 reply      
Seems Hasicorp is maybe affected by this as well.

 $ vagrant up Bringing machine '...' up with 'virtualbox' provider... ==> ...: Box 'debian/jessie64' could not be found. ... ...: Downloading: https://atlas.hashicorp.com/debian/boxes/jessie64/versions/8.1.0/providers/virtualbox.box An error occurred while downloading the remote file. The error message, if any, is reproduced below. Please fix this error and try again. The requested URL returned error: 500 Internal Server Error
EDIT: not Markdown.

cperciva 1 day ago 0 replies      
As of 10:29:33 UTC, everything is back to normal as far as I can measure.
mryan 1 day ago 0 replies      
Should be back to normal now. The latest update is:

3:46 AM PDT Between 12:08 AM and 3:40 AM PDT, Amazon S3 experienced elevated error rates and latencies. We identified the root cause and pursued multiple paths to recovery. The error has been corrected and the service is operating normally.

dangravell 1 day ago 0 replies      
Looks like I picked a bad week to stop sniffing glue.
jakozaur 1 day ago 5 replies      
Open-source library request: A library that lets you use S3 and Google Storage Cloud simultaneously and fail-back to another if one have problems.

There are many use-case when paying 2x for storage is a reasonable tradeoff for higher availability and also be provider independent.

jontro 1 day ago 0 replies      
Looks like this brought down typekit too. "Font Network is experiencing issues caused by an outage at our storage provider."http://status.typekit.com/
mrsuprawsm 1 day ago 0 replies      
From http://status.aws.amazon.com/:

12:36 AM PDT We are investigating elevated errors for requests made to Amazon S3 in the US-STANDARD Region.

pydevops 10 hours ago 0 replies      
AWS API still works while AWS web console is not.
kevindeasis 1 day ago 0 replies      
That would explain why my console was not performing well even if http://status.aws.amazon.com/ says "Service is operating normally", good thing their api seems to be functioning during that outage, for me at least
cubicfur 1 day ago 0 replies      
Good thing I built myself a local game streaming server instead of putting that in a remote GPU instance.
colinbartlett 1 day ago 1 reply      
I started receiving lots of alerts from my side project https://StatusGator.io which monitors status pages. It's astonishing to me how many services depend on AWS directly or indirectly.
ramon 1 day ago 0 replies      
This happens a couple of times, specially when replacing files frequently! I submit things to S3 everyday, if you're uploading a chunck of files you'll get errors every now and then when replacing files.
pemp 1 day ago 1 reply      
As it has happened before, Amazon AWS status page is lying to us.

S3 is in yellow, which means "performance issues". But not being able to download files from many buckets it's clearly a "service disruption" (red).

theyeti 1 day ago 2 replies      
It seems to have come back now for me. Could someone else confirm the same ?
JoshGlazebrook 1 day ago 1 reply      
I'm assuming this is also why I can't start any instances.

> 12:51 AM PDT We are investigating increased error rates for the EC2 APIs and launch failures for new EC2 instances in the US-EAST-1 Region.

blowski 1 day ago 2 replies      
I'm also having issues connecting to buckets based in Ireland (eu-west-1). Just hangs at authentication stage. Tried from 3 different internet connections, all having the same problem.
ranrub 1 day ago 0 replies      
Looks like it's getting better on our side now
mentat 1 day ago 0 replies      
Now updates about ELB scaling and Lambda failures.
whyleyc 1 day ago 0 replies      

 3:36 AM PDT Customers should start to see declines in elevated errors and latencies in the Amazon S3 service.
Fixed ?

greenleafjacob 1 day ago 0 replies      
We are seeing lots of 503s, empty response bodies, and peer reset / dropped connections.
gedrap 1 day ago 1 reply      
I see this thread as a list of services depending on S3 being healthy.
thinkindie 1 day ago 1 reply      
I'm also getting problems with Cloudfront attached to an S3 bucket
rwitoff 1 day ago 0 replies      
same here. our s3 services are reporting similar 503's and network timeouts. a few of our partners are already down as well with their own 500s. another stormy night in the cloud.
zubairov 1 day ago 0 replies      
+1 for us it's CDN (CloudFront) - only HTTP 503 responses
kernel_sanders 1 day ago 1 reply      
Can't launch instances in EC2 in US-East-1 at the moment.
geomark 1 day ago 0 replies      
Yep. Can't even get a response to a s3cmd command.
vaibhavrajput 1 day ago 1 reply      
Why it is behaving like this each other day?
mentat 1 day ago 0 replies      
Current list of additional services affected:CloudSearch

Elastic Compute Cloud

Elastic Load Balancing

Elastic MapReduce

Relational Database Service





rgbrgb 1 day ago 0 replies      
yep, we're seeing timeouts and 404s for images stored on s3 :(

good luck to the on-call engineers at amazon!

jackyjjc 1 day ago 1 reply      
jtwaleson 1 day ago 0 replies      
lostdd 1 day ago 0 replies      
gschier 1 day ago 0 replies      
jsonperl 1 day ago 0 replies      
shaper60 1 day ago 0 replies      
zyzyis 1 day ago 0 replies      
shaper60 1 day ago 0 replies      
kureikain 1 day ago 3 replies      
The ethics of modern web ad-blocking marco.org
238 points by kyleslattery  13 hours ago   229 comments top 39
RodericDay 13 hours ago 12 replies      
What I really can't understand, that permeates this whole discussion, is plenty of people that try to sell the idea that ads let us have content "for free", and that all we have to tolerate is "a little annoyance".

It's insane. If companies are buying ad-space, it's because they expect to get more business in return. This means that someone out there is being influenced by said ads, so that if the content cost X to put up online (hosting, funding its creation), someone is paying X+(ad company overhead) for it.

If these costs are being borne evenly, then it's complete societal waste. We could pay X for the content, and not incur the overhead. If these costs are not borne evenly, and some people are paying for the consumption of more disciplined people, it's probably contributing to terrible cycles of poverty (ie: some kid spending money on fancy new shoes he doesn't need and can't afford is paying for a well-paid tech-users YouTube habits, because it preys on their lack of education). Either way it's terrible.

Advertising isn't free. Insofar it works, for some people, it's basically coercive via psychology and simulated peer pressure.

jpmattia 13 hours ago 4 replies      
I'm beginning to find the various articles about ad-blocking fatuous, and I doubt I'm the only one.

Ads served via a centralized vendor can be blocked trivially, and people are choosing to block them. You can make a whole lot of arguments about ethics, or you can just admit that it's a broken business model.

Worse, it is becoming apparent that ads increase the attack surface. Failing to clean that up will cause armies of IT folks to actively work against you.

Maybe the business model is that you're serving ads in a non-centralized way, or maybe you're serving centralized ads to people with locked-down computers, but good luck serving blockable ads and relying on the good graces of the population to unblock your ads out of charity.

bediger4000 13 hours ago 11 replies      
How is ad blocking an ethical issue? I get to control my computer, at least until some legislation passes that says I don't.

Even if I don't control my computer entirely, how about my DNS? I have a lot of the more intrusive domains (tynt, doubleclick, etc) set up as in my dnsmasq config.

The "whose computer is it anyway" question seems key here. In order to make advertising possible, we have to take control away from owners. That seems like a generally bad outcome.

agd 13 hours ago 1 reply      
people arent agreeing to write a blank check and give up reasonable expectations of privacy by clicking a link. They cant even know what the cost of visiting a page will be until theyve already visited it and paid the price.

This is the crucial point to me. How can I agree to a website's trackers before I know they exist?

clarky07 13 hours ago 1 reply      
I never used an ad blocker until the last month or so. Ive made money with content and ads before and I know it's hard to do. Sadly, things have gotten absurd lately. Chrome basically slowed my computer to a halt on an almost daily basis. The performance improvement from using an ad blocker has been tremendous. So much difference I have a hard time believing it.

As a side bonus I also don't have to deal with auto playing video ads and popover boxes asking me to subscribe to content I haven't yet had a chance to see if I like.

mikestew 12 hours ago 1 reply      
In my book, it's no longer a question of ethics, at least not directly. Way back when, we all agreed that if I look at some ads, a web site will let me view some content. Fair enough, it's a proven model and though I might not particularly like advertising, I'll trade some eyeballs for some content. Way back when, maybe it _was_ a question of ethics. But not anymore.

What "we" didn't agree to was being tracked all over the web, malware being shoved down the pipe via ads, ignoring "do not track", and all of the other nefarious things ad networks have been trying to get away with. Ethics have gone out the window, if ethics ever existed on the side of advertisers. So I run an ad blocker, and I make no apologies for doing so.

"What about the little guy who pays for hosting with ads?" You mean the "little guy" who has to scrape couch change to pay for the site that contains his latest post about artisanal mayonnaise and her latest gadget acquisition? Yeah, that $100/year for hosting is really going to break her, might not be able to get next year's Apple Watch on release day.

The big boys and girls like The Verge and what have you? Well, using The Verge as an example, they could go under tomorrow and IMO the world would be no poorer, given that they've kind of turned to poo in recent days. I blame the web advertising model for part of their deterioration, but that's a long digression. Specific examples aside, what about the sites I like? I pay money to the sites I like, specifically Ars Technica, NYT, and the Economist (and some others I'm sure I've forgotten about). Some, like Daring Fireball, use unobtrusive, single-image ads that I'll occasionally click on because they interest me, as well as a desire to reward a job well done.

But at the end of the day, the whole thing isn't my problem. If a few bad actors (or, in reality, a lot of bad actors) want to crawl into my machine and have their way, I'm blocking all of them. If there's collatoral damage because of some bad actors, it's not my job to fix it. I did my part and said, "no, you don't". Don't lay the onus on me to play nice, because you're berating the wrong party.

qopp 12 hours ago 2 replies      
"What, then, is ethics? Ethics is two things. First, ethics refers to well-founded standards of right and wrong that prescribe what humans ought to do, usually in terms of rights, obligations, benefits to society, fairness, or specific virtues." -- https://www.scu.edu/ethics/practicing/decision/whatisethics....

Kant 1st Imperative -- Violates -- If everyone used Adblock, many websites would shutdown. I.e. "Adblock is okay because sites can still run if just some people do it" -- cannot be universally applied, contradiction

Kant 2st Imperative -- Violates -- You treat website developers as a means to an end -- to get content, instead of rational human beings who, given a sufficient outcry against their ads, could change their ad service or offer a different model.

Utilitarianism -- Violates -- Ad Revenue - Well being of site owner: -Site Costs / Visitors + Ad Revenue For just you. Well being of you: Site benefit - time wasted * time value. (Blocking "Ad will play for x seconds" in this specific ethical system might not violate)

Rule Utilitarianism -- Violates -- Well being of site owners: Cannot make ad supported sites, current ad supported sites -site cost. Well being of society: Less websites -- more inefficiency and less units of entertainment good.

Social Contract -- Violates -- People accept ads knowing that others will do this as well and this supports the site. Another: Site owners create sites relying on users's ability to see them and thus pay for site creation.

Virtue Ethics -- Violates -- You might feel more shame being in a room with someone who made a site supported by ads and showing them that you use adblock then if you were invisible to the site owner.

The systems above are the ethical systems allowed in the book "Ethics for the Information Age (6th Edition)" by Michael J. Quinn (the list is his, but not the theories themselves, just mentioning my source to show I'm not cherry-picking ethical systems)

k__ 13 hours ago 0 replies      
We went from the "static" newspaper/TV ads, that didn't know about what you did with them, to "dynamic" web/mobile apps, that know exactly if you watched them, clicked on them AND eventually bought something coming from that ad. Also, which ad from the same ad-network you watched before, what apps/websites you used before etc.

Advertisement got much more power on the Internet and got much more predictable for advertisers.

But we also switched from turning pages or switching channels, if we don't like the ads, to blocking whole advertising companies with the help of software. We can now even prevent the ad from being "overseen" at all, because it doesn't even get shown to us in the first place. newspaper adds always hit your subconsciousness.

Both sides stepped up their game. Don't see any problem with this.

Vintila 12 hours ago 0 replies      
Tangentially related but:I think the ethical way forward for ad-blocking extentions/software would be for it to self-identify [1]. That way if a website owner wants to block you or be more upfront about asking for donations, they don't have to resort to JS hacks to determine if you are using an adblocker.If they don't want me to see their site ad-free [2] I can either move on or decide that the content is worth a few ads.

[1] I only know the basics about the http protocol but I'm guessing something in the header could be added.[2] Which is completely within their rights as virtual "land owners".

btbuildem 12 hours ago 0 replies      
Not sure how ethics play into this. If your service is of such low quality that nobody is willing to pay for it, and you resort to ads to support your business.. well, tough. Make something that sells, or try a different way of making a living.

People are blocking ads because nobody likes a firehose of garbage pointed right at their face.

To crank that tired old record, "this sector is ripe for disruption" aka somebody go already make an ad network stand-in where the user can pay the equivalent of per-impression cost and visit any participating site ad-free.

petercooper 9 hours ago 0 replies      
The bigger issue, IMHO, is quality of advertising rather than its presence. People pay $15 for a theater ticket and sit through 10 minutes of ads, buy Vogue magazine and have 30%+ of pages be ads, buy The New York Times and be hit with ads all over the place, watch the Superbowl specifically to see the ads, and more. What people seem to really want are better ads or even ads that are entertainment or content in their own right (which is why native advertising has taken off).
brillenfux 12 hours ago 0 replies      
Maybe if ads weren't such a malware cesspool people would have less reason to block them.

The people providing ads do a dirt-poor job curating them, so blocking ads isn't about convenience but about security.

arenaninja 11 hours ago 1 reply      
I whitelist ads on websites now, and I wish I could do the same on my phone. I think someone here or on reddit mentioned, and I had the same experience, trying out IE Edge and it being a decent browser, but as soon as the autoplaying video ads start, I downloaded FF, added uBlock and didn't look back. I use the same browser setup on my phone, and now and then I use some apps that emulate a browser (like Reddit is Fun or HN app), and the experience is wholly broken. I was reading an article and it was miserable - the fixed header for the site plus fixed footer for the ads took up about 1/3rd of the real estate, not to mention they were jittery and I couldn't focus because I'd scroll too far, then the ads would load where I was reading.

There's no ethics involved with me. Poor experience? Get blocked. Decent experience? Welcome to the whitelist

edent 12 hours ago 1 reply      
Why is this becoming an issue now? I've been blocking adverts on-and-off for 10 years or so. Back then it was manually editing a HOSTS file - is it just in the news now because it's becoming slightly easier on iPhone?
splat 12 hours ago 1 reply      
I used to use ad-block and later disabled it to support websites that generate good content, but now I'm going back. What's driven me back to ad-blocking software is that ad tracking makes it nearly impossible to buy gifts for a spouse. If I want to buy my wife a pair of sunglasses and google "Ray Ban sunglasses", guess what she starts seeing ads for all over the web. We noticed this a while back and would do gift shopping in incognito mode, but I've gotten fed up enough with it that I'm just going to start blocking everything again.
bachmeier 11 hours ago 0 replies      
The current model can't work. The internet is becoming unusable due to ads. I am not sure how it will evolve, in terms of paying for content, but this is surely not the answer. I expect that we will be paying for content in some form. Perhaps a Spotify-type model where you pay a monthly fee and the fee is distributed to content providers.

On the issue of ethics, I'd say it's not ethical to spread out a small amount of content across six pages just to get more page views. It's bad for advertisers and for consumers.

anc84 12 hours ago 2 replies      
How come everyone is using the closed-source, ad-network friendly Ghostery instead of the open-source https://disconnect.me/ ?
frou_dh 12 hours ago 1 reply      
The formal name for the browser is "User Agent".

Your agent should act in you, the user's, interest. Decidedly partisan and so what? You shouldn't have to explicitly instruct it to defend you from surveillance and pollution - it should do that of its own accord from day zero.

Or is your browser a double-agent?

minimuffins 10 hours ago 0 replies      
"Ads help us to be more informed about what products are available to us" (paraphrasing)

A kind public service! We should really be paying them, but the advertisers inform us for free!

Asking about the ethics of hiding ads seems a little like asking about the ethics of taking shelter during a carpet bombing attack.

I wish we would steer these discussions away from economics (Do the ads work? Are there better ways to monetize, do they stabilize or destabilize markets, etc) and toward culture. What is the cultural effect of saturating the internet (and the rest of the world for that matter) with ads? I am not the first person to ask...

hkon 12 hours ago 0 replies      
Nowdays content is there for the sake of the ad.Nowdays the content in many cases is an ad.Block that...
seanconaty 11 hours ago 0 replies      
I'm glad someone wrote this article. I used to work at an ad network and for that reason, I've ethically chosen not to use an ad blocker. But I do agree that consolidation of tracking, over-abundance of ad spots and nasty performance have reached new lows that I've considered using one.

I think it would be nice if publishers just went back to <img> tags. Script tags and iframes and flash give to much power and result in lots of performance issues.

You can still track and consolidate with an img tag but the tracking is limited to what's in the http headers.

LukeB_UK 12 hours ago 1 reply      
I have a question for everyone advocating the use of ad blockers: Do you just do a blanket block for all ads, ban the big networks with the trackers along with the malware serving ones or something else?

I understand wanting to block the ones with the trackers for privacy reasons and the malware ones because nobody wants malware, but blanket blocking all ads tars everyone with the same brush.

Edit: Personally, I used to just blanket ban but I've recently moved towards having uBlock only block the malware ones and will manually block any spammy sites.

Animats 10 hours ago 1 reply      
serve_yay 12 hours ago 0 replies      
A good writeup, though I don't agree with the statement about web devs and browser makers -- we read the web too, perhaps more than anyone! :)

It's possible to want to make the platform more powerful and not like some of the ways the power is being used.

drdaeman 12 hours ago 0 replies      
I wonder, what opponents of ad-blocking think about email spam? Is it different if spam ads are injected by email client? (some email and even messaging apps do this -- not to the actual mailbox, of course, but to the displayed inbox contents)
faragon 10 hours ago 0 replies      
In my opinion, DRM will "fix" that in the future: browser plugins could not be able to identify those ads. So we could reach "Black Mirror"-like ads sooner o later. Brave new world...
TheCoelacanth 10 hours ago 0 replies      
Any ethical framework in which it is unethical to take minimal steps to protect myself from psychological manipulation is an ethical framework that I have no interest in adhering to.
romaniv 12 hours ago 0 replies      
Why do ads need to track you anyway? Doesn't it make more sense to customize ads based on the specific page you're looking at? It seems like this is rarely done. At least it doesn't seem that way most of the time.
guelo 12 hours ago 3 replies      
It would be great if the ad business model on the web died. Hopefully the new business models that would popup would be more upfront. People used to pay 25 cents to read a newspaper or a few bucks for a magazine.
Paul_S 10 hours ago 0 replies      
Ethics? You mean business. There is no ethical dilemma here, just a business model that might be not working as well as you'd like.
eddd 12 hours ago 1 reply      
The average cost for displaying and ad is 0.005$. I am assuming that 30% of that goes to publisher. Would you pay 0.005*0.3 = 0.0015$ per page view? I would.
harryovers 11 hours ago 3 replies      
Joeboy 12 hours ago 2 replies      
Aren't we just going to start making websites that don't serve the content until they've served the ads?
seiji 13 hours ago 1 reply      
Before the web, people changed channels or got up during TV commercials,

Many people still don't realize it's trivial to have a DVR automatically skip commercials, but advertising companies and TV networks sued TiVo to make sure they will never implement it.

Modern web ads and trackers are far over the line for many people today,

Not just "over the line," but for over 5 years now, advertising networks have allowed exploits to be delivered over their advertising networks. There's nothing like browsing a website then having a drive-by crypto locker installed on your machine.

As of 2015, blocking advertising isn't a moral question, it's a question of do you value your own security.

But publishers, advertisers, and browser vendors are all partly responsible for the situation were all in.

People say "trust the wisdom of the free market," but they forget the important part: free markets always become corrupt and always accumulate power towards the top. A market without government oversight and intervention is just a way to exploit and abuse people for profit with no repercussions.

It has never been easier to collect small direct payments online,

That's more tricky, isn't it? We've all viewed some article at a tiny city's online newspaper then been hit with a "SUBSCRIBE TO PODUNK DAILY ONLINE TO KEEP READING, ONLY $24.99/month." It's not sustainable for every small thing to receive direct payments and we don't have a clean disaggregation of a common "subscribe to internet publicans" pool (like iTunes Match, but for writing? Still useless if you get 0.00002 cents per page viewbut, that's basically online advertising again).

logfromblammo 12 hours ago 0 replies      
I see ad revenue as someone who has an audience opening up access to that audience for a third party in exchange for a fee. It is entirely up to the third party to figure out how to get a return on that investment.

Neither the content creator nor the audience bears any responsibility to the third party to ensure that the opened channel is used effectively.

If shit comes through the channel, I'm going to route it right into the sewer. If gold comes through, I'll route it into my pocket. Either way, I still care more about my relationship with the content creators than about their sponsored side-channels.

The ads do not pay for the content. The content creators pay for their own content. Then they hold their nose and make a deal with shady web-advertisers to capitalize a bit more on what they have already done. Those advertisers aren't buying content. They are buying access to the audience.

PopeOfNope 7 hours ago 0 replies      
Forget about advertisers and site runners and economics and the rest of it. I run ad blocking software because ads are too good a delivery mechanism for malware.
VLM 11 hours ago 0 replies      
Kenji 12 hours ago 0 replies      
charles2013 9 hours ago 0 replies      
The magic of the Kalman filter, in pictures bzarg.com
239 points by tbabb  12 hours ago   26 comments top 13
RogerL 4 hours ago 2 replies      
I'll be shameless and point you to my book on Kalman filtering which I wrote in IPython Notebook, which allows you to experiment within your browser.


engi_nerd 2 hours ago 0 replies      
Thank you to everyone who has posted resources in this thread. Just yesterday I was talking to a younger engineer about how one of our GPS systems works. I know the complete unit has a GPS and an IMU, and I knew of the Kalman filter, but was unable to explain it beyond "it combines the GPS and IMU inputs to create a position and velocity solution with greater precision and accuracy than can be achieved with either source separately". Now I have much reading to do, and so does the young engineer. Thanks! This will help for the long wait I have in the doctor's office tomorrow...
jefvader 6 hours ago 0 replies      
"In other words, the new best estimate is a prediction made from previous best estimate, plus a correction for known external influences.

And the new uncertainty is predicted from the old uncertainty, with some additional uncertainty from the environment."

Crystal clear - great article, thanks!

I also recommend Ramsey Faragher's lecture notes on teaching the Kalman Filter:http://www.cl.cam.ac.uk/~rmf25/papers/Understanding%20the%20...

sytelus 6 hours ago 1 reply      
It's much easier to understand Kalman filtering in one dimension: http://credentiality2.blogspot.com/2010/08/simple-kalman-fil...
qntty 2 hours ago 0 replies      
A few months ago I was trying to wrap my head around Kalman filters and this was the clearest explanation I found anywhere:


cshimmin 2 hours ago 1 reply      
Perhaps this is a stupid question, but why is it called a _filter_? To me it just seems like a (very clever) linear projection.
papaf 9 hours ago 1 reply      
This appears to be a really nice writeup. However, at the end:

For nonlinear systems, we use the extended Kalman filter, which works by simply linearizing the predictions and measurements about their mean.

I would recommend looking at an Unscented Kalman filter:


which sucks a lot less.

nilkn 4 hours ago 0 replies      
The literature on Kalman filters has traditionally been horrendous to a degree that is hard to believe, so this is a fantastic resource.
jongraehl 3 hours ago 2 replies      
I like particle filtering because it's easy to understand and implement - https://en.wikipedia.org/wiki/Monte_Carlo_localization - and it's correct even for non-gaussian uncertainty.

Is Kalman filtering computationally more efficient (obviously particle filtering is stochastic and so trades off accuracy for compute) or does it have some other advantage?

sharp11 5 hours ago 1 reply      
This is great! Back in the '90s, I played with Kalman filters for a predictive navigation system. I had a couple of textbooks, but it was a bear to make sense of the math. Really wish I'd had this back then!

Nav applications are the ones you see most often; it would be interesting to see an example from a completely different domain.

hebdo 6 hours ago 2 replies      
Awesome! Kind of similar to the Viterbi algorithm, except that Kalman is on-line, while Viterbi works on the entire observed sequence at once, after it is fully known.
monochromatic 6 hours ago 0 replies      
This is the clearest description I've ever seen of a Kalman filter.
Ubuntu One file syncing code Open Sourced ubuntu.com
227 points by progval  14 hours ago   75 comments top 11
rocky1138 12 hours ago 6 replies      
An active FOSS alternative to this is Syncthing. https://github.com/syncthing
mariocesar 13 hours ago 0 replies      
One year ago I said it will be awesome if they did, https://news.ycombinator.com/item?id=8347760 It is AWESOME :)
glabifrons 2 hours ago 0 replies      
I wonder how long until someone creates an Android client for this (one that is configurable, not hard-coded to point to the defunct Ubuntu One servers).

I'd love to run a ZFS-backed Ubuntu One server for all my family's portable devices.

flowerpot 13 hours ago 3 replies      
Neat. I really liked Ubuntu One. However, if they seek to receive contributions I think GitHub would give them more exposure than launchpad, from what I can tell the history is not preserved (probably with good reasons) so the switch from bazaar would not have been painful.
nisa 12 hours ago 0 replies      
So could this evolve into a better owncloud server? I don't think AGPL is a problem for the majority of owncloud usecases. It looks it's based on Python & Postgres - maybe it has better performance than owncloud?
flurpitude 11 hours ago 0 replies      
That's good news, but in my experience Ubuntu One file sync never worked very well. Maybe someone can improve it now we have the code.

It's also worth noting that this is a centralized, server-based file sync, unlike the peer-to-peer Syncthing and BTSync. It's more like Dropbox.

stevegood 7 hours ago 0 replies      
As a person who does not always want or need to install another VCS tool (Bazaar) I have created a cloned copy on Github (I'm sure others have done so as well but they haven't posted here yet from what I could find). Enjoy! https://github.com/stevegood/filesync-server
emsy 12 hours ago 2 replies      
Does anyone know why they didn't open source it in the first place? Couldn't find anything in the article.
IgorPartola 12 hours ago 3 replies      
This is exciting. Alternatives currently are things like Dropbox (proprietary and somewhat pricy) and TorrentSync (proprietary). I look forward to firing this thing up on my own server and have a private remote file storage. I do currently run a NAS but without a VPN connection home it's not as useful.
amelius 11 hours ago 0 replies      
Any chance of seeing any docs covering this? For example, addressing the overall architecture?
sandworm101 13 hours ago 1 reply      
RethinkDB 2.1 is out: high availability rethinkdb.com
229 points by coffeemug  10 hours ago   96 comments top 18
williamstein 9 hours ago 1 reply      
This is soooo awesome. I started rewriting SageMathCloud to use RethinkDB when I learned in May about your plans to support high availability. I've been rewriting everything, doing tests (building from sources, then using the beta you kindly provided), and finally after months of work, I'm ready to release the new version of SageMathCloud last night, but RethinkDB 2.1 isn't out yet. So I'm torn about whether to go with 2.1beta and cross my fingers, or just wait, or what. And this! Thank you so much. RethinkDB is, for my use, the first database I've ever actually really loved (and React.js+flux the first web framework). Here's my client code in case anybody is curious: https://github.com/sagemathinc/smc/blob/rethinkdb/salvus/ret...
coffeemug 10 hours ago 12 replies      
Slava @ RethinkDB here.

I'll be around all day to answer questions about the release (along with a few other engineers on our team).

We're very excited about this release -- it makes the lives of RethinkDB users dramatically better because they won't have to wake up anymore in the middle of the night in case of most hardware failures :) It also took over a year to build and test, and has been one of the most challenging engineering problems we ever had to solve.

dantiberian 5 hours ago 2 replies      
RethinkDB is great and has a lot of great features, however the thing that has impressed me the most is the way they communicate with the community. They are incredibly responsive and friendly on GitHub and IRC. It's not uncommon to get a response to a bug report within an hour or two (not that they have any obligation to this). They're incredibly nice.

It looks like they try to follow http://www.defmacro.org/2013/04/03/issue-etiquette.html, it'd be great to see other companies adopt it too.

Thanks folks!

tracker1 5 hours ago 0 replies      
I've said before how I really appreciate the approach the guys at RethinkDB have taken... With the automatic failover support baked in, this would definitely be one of my go to solutions. The management/admin interface is much nicer than any other NoSQL database out there, while offering a lot of the things that a traditional RDBMS offers.

I'd probably reach for RethinkDB before Postgres or others simply for the better administrative experience. Especially for small teams or start-ups that don't have a dedicated DBA role.

For anyone curious, the databases I would most likely reach for, depending on the situation would be RethinkDB, ElasticSearch and Cassandra. I really do like MongoDB a lot as well, but RethinkDB offers the features with far less friction, though the query interface takes a bit of getting used to.

That said, I also like more traditional RDBMS options as well. I REALLY like what PostreSQL offers, but have no desire to administer such a beast, failover isn't really baked in, and the best options are only commercially available, at a significant cost. There are also hosted options for AWS and Azure for various SQL RDBMS. That said, I find being able to have data structure hierarchies in collections tends to be a better fit for MANY data needs.

Congratulations to Slava and everyone else at RethinkDB.

uberneo 7 hours ago 4 replies      
This looks awesome .. great job guys .. Just a question on licenses . Server is "GNU Affero General Public License v3.0" and drivers are "Apache License v2.0." , so in simple english does it means that can i use make commercial products with backend as RethinkDB? these things always confuses me so apologies if i ask something stupid here ..
uberneo 4 hours ago 1 reply      
Great documentation with some useful examples and tutorials to get you started. I just tried it and very impressed with the performance and ease of use , especially the admin section is very handy. Need to try it with cluster , any docs/videos on creating the cluster with different machines across the globe?
akbar501 10 hours ago 1 reply      
@coffeemug, do you have an ETA on when performance benchmarks will be released?
barosl 2 hours ago 0 replies      
> Always on you can add and remove nodes from a live cluster without experiencing downtime.

This has been a long-awaited feature for me. While I loved nearly every aspect of RethinkDB, it was the reason that made me hold back from using RethinkDB. Good to see RethinkDB keep improving!

juijasmem 6 hours ago 2 replies      
Can I ask please why you don't provide ready to use, fine tunned amazon images? This is preventing me to use it now as I cannot find reliable configuration or information. Also the current image is out of date. Thanks
chadlung 6 hours ago 1 reply      
Very cool, thanks for all the hard work that went into this. Will the docs [1][2] be updated at some point to reflect the Python 3.4.x asyncio support? Right now just Tornado is documented.

[1] http://rethinkdb.com/docs/async-connections/[2] http://www.rethinkdb.com/api/python/set_loop_type/

wilsonfiifi 7 hours ago 1 reply      
Great news! Keep up the good work. It's getting harder and harder to justify not using rethinkdb in production :-)

...Doesn't seem available on homebrew yet though.

kureikain 8 hours ago 0 replies      
Finally, we can convince our management to start to use it.All of the beautiful of ReQL, then addhing high availability What else I can expect more.
GordyMD 5 hours ago 0 replies      
So happy you've added in Math functions into ReQL. Thank you!
mateuszf 8 hours ago 3 replies      
As a heavy Heroku user - I'm wondering - is there some hosted RethinkDB solution?
Spiritus 8 hours ago 3 replies      
I couldn't really find any good docs on how to use the various async Python drivers...? All I found was some references to Tornado under `set_loop_type`.

Also, very much looking forward to trying this out!

gauravphoenix 4 hours ago 5 replies      
official JDBC drivers please :)
EugeneOZ 8 hours ago 0 replies      
Comics is awesome.
shockzzz 10 hours ago 1 reply      
Windows 10 IoT Core for Raspberry Pi 2 windows.com
211 points by vyrotek  13 hours ago   134 comments top 20
tigeba 12 hours ago 8 replies      
When they released this a couple of months ago I was pretty excited to try it out. I think the barrier to installation is a bit high. First install Windows 10, then custom install of VS, install IoT Templates, then about 30 more steps before you get the image to flash on your SD. How about a link to the image I can blast on the SD and kick the tires without a couple hours of downloading and installing prerequisites?
escobar 12 hours ago 2 replies      
There's a heading that reads:

> Developers, Developers, Developers

I've always cracked up whenever I see Ballmer's developers video, so I was pretty happy that Microsoft's IoT team has a sense of humor and was able to get that approved (if they had to)

reference if you haven't seen the original Ballmer video: https://www.youtube.com/watch?v=Vhh_GeBPOhs

stillsut 9 hours ago 0 replies      
The AirHockey Demo seems like a complete rip-off of a Spanish maker's product, which he has been promoting: https://github.com/JJulio/AHRobot

Maybe I'm wrong, but I think some credit is due

joezydeco 12 hours ago 3 replies      
A robotic hockey table doesn't seem very IoT to me.

I'm a little confused as to what Windows brings to the table for embedded devices at this point, especially screenless ones.

doomspork 12 hours ago 2 replies      
Next on the list of bad IoT ideas, we port Flash to the Raspberry Pi.
typon 12 hours ago 1 reply      
Does it come with the same privacy issues as its older sister?
MiguelHudnandez 11 hours ago 0 replies      
For anyone wondering what IoT stands for, it's "Internet of Things."
joeyspn 11 hours ago 0 replies      
Sincerely I prefer to run ubuntu. Last week I installed Ubuntu Server 14.04 in my Pi 2 and it works like a charm. Totally recommended...


Ubuntu Snappy Core (also marketed for IoT)... mmm not so much great. IMO still few community and howtos for building your snappy apps (even Raspbian is better)

intrasight 12 hours ago 2 replies      
I just don't get why they would put up a barrier to entry by requiring Windows 10 - at least I can't think of any technical rationale.
jchrisa 12 hours ago 0 replies      
I'm in the middle of writing my first C# app, targeting the Intel IoT Gateway (all with MonoDevelop on Ubuntu.) How things come full circle...
rcarmo 12 hours ago 2 replies      
I'm curious as to the mention of a "Web Control" and how long we have to wait until we can use DirectX for graphics, seeing as I've been trying to use Pis for digital signage[1] for a while with varying results (we've since started using cheap Android boxes with great results, but I wish I had more choices).

[1]: https://github.com/sapo/digital-signage-client

revelation 8 hours ago 0 replies      
Is the Internet of Things now a Raspberry Pi 2?! A quad-core 900MHz CPU with a whopping 1GiB of RAM and a dedicated GPU?

So, for how long can you run a RPi 2 from a CR2032 cell or an AAA battery? A minute or two on full bore? Because that's the kind of energy budget people are generally talking about when they mean internet of things.

The RPi2 is a fully-featured media center, not a door lock or light switch or power sensor.

I guess the problem for Microsoft with the whole IoT thing is simply that they will never have Windows there, the devices you actually use for IoT measure their RAM in KiB. And, frankly, operating systems are very far down the on list of things we need to make IoT a reality.

pen2l 11 hours ago 3 replies      
Sorry, silly question: can one use this Win10 R-pi as a "real computer"? (more to the point: I want to run labview programs on this r-pi, because of its small size/cost -- give/receive triggers various home automation equipment etc., I'm wondering if that'll be possible with this)
jbb555 12 hours ago 1 reply      
Does this run win32 applications?
jpablo 9 hours ago 0 replies      
Seeing that they just added Wi-Fi and Bluetooth support I find ironic that Windows has the disadvantage on drivers and Linux has the upper hand.
VLM 10 hours ago 0 replies      
License? Seems hard to find online. Not looking for anything unusual for the existing raspi community, just what do I have to do to make a project on it then distribute a bootable sdcard image to users around the world for free. I'm guessing its a total non-starter but if I were surprised by it being BSD/GPL that would be interesting.

The hardware compatibility part of the release notes look like a bad linux install from 1995, which is pretty funny.

williesleg 3 hours ago 0 replies      
lhaussknecht 12 hours ago 1 reply      
Sad that they showed a node example. What about asp.net on .net core?
mtgx 11 hours ago 3 replies      
Supporting a proprietary platform on Raspberry Pi kind of defeats the point of the openness on which Raspberry Pi was built, no?
MrZongle2 11 hours ago 0 replies      
I'd love to try this out.

But I have zero interest in migrating any of my perfectly fine Windows 7 systems to Windows 10. Other than a shiny "FREE!" sticker, I have yet to see a compelling case for me to upgrade.

Why Not Insider Trade on Every Company? bloombergview.com
204 points by dsri  7 hours ago   99 comments top 11
nostromo 6 hours ago 10 replies      
It's actually still possible to perform a specific type of legal insider trading.

Example: you are an executive at E Corp and the company will announce its acquisition in two months. You had previously set up planned trades to sell x number of shares each month before then. Because the acquisition is at a premium on the current price, you will make much less money if you go forward with your trades before the announcement. So, what do you do? You cancel the trades.

Was this insider trading according to the SEC? Surprisingly, no! Even though you're profiting from insider information, the SEC rules are such that for insider trading to occur, you actually need a trade.


Martha Stewart did exactly this before her company was acquired earlier this year:


tokenadult 6 hours ago 2 replies      
I think I will end up upvoting every share of this Bloomberg View columnist's columns here on Hacker News. The author, Matt Levine, thinks like a hacker in the best sense, by pushing ideas to their extremes and seeing what the consequences might be. He adopts a humorous tone, but his columns are full of food for thought.


Taek 5 hours ago 5 replies      
Perhaps someone will change my mind, but I see the block on insider trading and spoofing as harmful to the financial industry overall.

Someone starts shorting a ton of Apple stock? That probably means something big is happen at Apple, and it's not good. It's information.

Spoofing as a technique can be used to combat and inhibit other types of trading, and is in some sense an algorithm to 'keep the opponent honest'.

As best as I can tell, the biggest reason that we as a culture are against insider trading is because 'it's not fair'. (happy to read a response that adds more depth to my understanding). It isn't fair, and the people with insider information are going to make a lot of money. But in the process of making that money they bring the information to everyone else. And insider trading incentivizes knowing as much as possible so that you can have an edge on the competition.

nomailing 5 hours ago 1 reply      
I am wondering if this centralized infrastructure for financial news is actually a good idea. This could always happen again and again. All the employees in these news companies could get a mass of insider information which they could sell.

Isn't maybe an alternative decentralized news publishing service a better idea? Couldn't the CEO of a company publish their financial news only on their own website at the given publication date? Why is it necessary for these news to be stored in some central news database days before their publishing date? And I mean these as honest questions because I have really no idea what the advantage would be?

And another related question: wouldn't it make sense with today's Internet infrastructure to reduce the interval between earnings reports. Maybe it could even be something like a continous automatic publishing of these company finances. Always when some financials change it could directly be published. That way all investors would at all times have the same information as the insiders, so everyone would be on the same level. Of course some extraordinary news like mergers or acquisitions might still give some people insider information who prepare the deal, but at least the quarterly earnings could not be insider information.

pbreit 5 hours ago 2 replies      
Would it be so bad if insider trading laws just went away? Information is spreading faster than ever. So a few Mak outsized gains on some inside info. Is it that big a deal?
uptown 5 hours ago 1 reply      
Replace hackers with the NSA. Imagine the trades one could make with access to the world's email inboxes.
dmourati 5 hours ago 0 replies      
I enjoyed the tone and the piece. His assessments of brute-forcing and SQL injections were quite accurate.
random_rr 7 hours ago 5 replies      
The tone of this article was really, like, interrupted by a prolific use of "likes."

I wish it were so simple to hand-wave all security risks. Mr. Levine's ability to find a MySQL tutorial was quite impressive, but his dismissal of very real security concerns is childish. It's like saying cars are known to crash, so quit crashing cars. It's so, like, simple!

fitzwatermellow 6 hours ago 0 replies      
I've been noticing a lot of spikes across assets lately. Always timed a minute or two before the official release print. That used to constitute a somewhat unusual occurrence. One expects relative calm before the storm. Now it seems to happen with every bit of data. It could be chalked up to algos pre-positioning in anticipation. But many times if you are tracking fellow traders on your twitter feed as well as the price action, you'll notice a cry of "Leaked!" coupled with the price swings. I always assumed something far more nefarious and insidery was taking place. Powerful forces manipulating markets for various geo-political ends and so forth. So am somewhat relieved to see ordinary everyday greed to be the culprit. Am waiting for a Nanex style expose on this phenomenon.
bbcbasic 5 hours ago 2 replies      
Then there is the story of the really sophisticated guys who didn't get caught. Unfortunately that's a story you won't be reading online, but will just have to imagine.

It really makes me question the sanity of doing this illegal trading. For as much effort you could do something legal and make money. Maybe not as much but surely without the risk of going to prison.

cheez 4 hours ago 0 replies      
What blows my mind is that these people don't encrypt their emails with some form of plausible deniability envelope. I mean, if you're smart enough to set up servers for customers of your illegal activities, you should be smart enough to know what to avoid.
Parallels Between Math and Software Engineering oreilly.com
224 points by grfl  2 days ago   90 comments top 21
rathereasy 2 days ago 5 replies      
At the end of the article, the author mentions how we could possibly find other designs of mathematics. Well, some people already have!

Some mathematicians did not like the law of excluded middle, which states that for any proposition A, either A is true or A is false. So they invented intuitionistic logic, which is normal logic without the excluded middle, and started rewriting mathematical proofs in this new system. Turns out there's a lot of stuff you can prove in intuitionistic logic.

Some mathematicians did not like the axiom of choice. One of the consequences of this axiom is that every subset of the real numbers has a least element according to some ordering. Think about it, what is the least element of {1/n : n >= 1} ? Who knows! So what did they do? Some people found it so weird they either replaced it with a weaker axiom or a contradictory one.

There's even syntax arguments in mathematics! What's the derivative of a function f? is it f'(x) or df/dx ? Is multiplication represented by a dot (.) or a cross (x) or by a juxtaposition of expressions?

Sometimes we use big existing proofs in the middle of a proof to save time. And sometimes we use the big proof to prove something far simpler than the big proof. This creates a big dependency and some people dislike hate these dependencies because the reader of the new proof will have trouble understanding the proof completely. It's like dropping in some magic in the middle of the proof and saying: "if you want to understand this proof completely, go read this other 50 page article" Sound familiar? Some mathematicians hate this so much they insist on proving things from the ground up whenever possible so that the proof is as comprehensible as possible. This is the mathematical equivalent of dependency management.

ivan_ah 2 days ago 2 replies      
Very nicely put.

I'm a big fan of linear algebra because it's the best example of why learning math is useful. Sure knowing about equation and calculus come in handy, but linear algebra is pure modelling superpowers and a much more valuable tool overall.

Related: An awesome LA introductory lecture by Prof. Strang: http://ocw.mit.edu/courses/mathematics/18-06-linear-algebra-...

Related 2: A short tutorial on LA that I wrote: http://minireference.com/static/tutorials/linear_algebra_in_...

rivalis 2 days ago 5 replies      
Mathematical truths and objects are real things with existence independent of our minds that we "discover," not just designed things. The author seems to believe that the language used to describe mathematics (which is indeed a designed thing, just like software) is the only thing "there." She is probably a formalist.

I think it is important to remember this, because mathematics, like a computer, "fights back." You cannot simply dream up whatever structure you want and have it mean what you want and behave how you want. See Godel's incompleteness theorems. No matter what you are doing, your mathematical constructs (including your implicit Turing Machines in your computer programs) must obey certain underlying constraints that are completely mind-independent. These constraints are what mathematicians study, albeit through a glass, darkly.

Regardless of ontological issues with the post, I like that it emphasizes the designed nature of our mathematical tools. The space of possible tools is so large that there is near-limitless room for human creativity and design in mathematical research. It is a shame that most mathematics classes don't really get that across.

edit: fixed misgendering, sorry, that was sexist.

mshron 2 days ago 1 reply      
Well said. Advanced math is mostly about working with properties higher up the chain of abstraction, and then seeing what happens when you bring the insights learned up there back down to more concrete examples.

From an OO point of view, the real numbers inherit almost every useful trait: they're a field, they have a topology, they have a measure. Studying the parent classes, so to speak, gives you abstract algebra, topology, and analysis, respectively.

Once you get the basics of each, you can study how they interact. Then, once that stuff is clear, they can be recombined in beautiful ways to give you new objects to study.

shockzzz 2 days ago 1 reply      
I have, on multiple occasions, looked at math equations in CS paper and been like, "WTF?"

But when I look at the implementation in code it's so obvious what's going on.

ky3 1 day ago 0 replies      
You can play creatively in a particular nexus of math and software engineering called Djinn [0], the Haskell program that writes your Haskell programs for you.

1. An ancestor of Djinn is automated theorem proving. Why can't machines prove math theorems for us? This quest goes back to the dawn of computing science.

2. A more recent development is the Curry-Howard Correspondence. Programming in a (typed) FP language is like playing tetris. Solving symbolic logic problems [1] is also like playing tetris. Djinn exposes the connection in a REPL you can play with. And see how the computer plays tetris for you!

3. Don't want to install Djinn? No problem, just hop over to the Haskell IRC [2]. Lambdabot has a working Djinn plugin.

[0] https://hackage.haskell.org/package/djinn

[1] https://www.coursera.org/course/intrologic

[2] https://wiki.haskell.org/IRC_channel

ccvannorman 2 days ago 1 reply      
What a great article. Paraphrased "Math is a designed thing, for humans and by humans, not an absolute truth." Also this post is the BEST introduction to linear algebra that I have seen.
matheweis 2 days ago 2 replies      
I've had a similar thought as the author, and often wondered - could we develop alternative systems for intermediate-to-advanced mathematical concepts that would make it easier to parse?
abc_lisper 2 days ago 1 reply      
Very good article. Studying computer science as my sole field, I am starting to realize how much I have missed out on getting an alternative take on things.
rdlecler1 1 day ago 0 replies      
Understanding programming languages definitely helped my understanding of Math. Smarter people than myself can do this the other way around, but I always needed to understand the why before it could start to stick. I didn't really understand programming languages until I could dig into the source code and the standard libraries to see how and why everything was done. The problem with modern math teaching is that is starts with fully baked axioms and it doesn't walk you through the process of discovery before it was all cleaned up into a neat terse explanation. One exception is a great book from the 40s called a Mathameticians Delight. It was recommended to my by my Yale professor and I highly recommend it.
euske 2 days ago 3 replies      
The other day I realized that a man-made law is also a bit like mathematics or computer software. It is carefully designed and constructed. Ideally, it is intended to work like a machine with as little room for human discretion as possible. And just like mathematics, adding an another "axiom" to the law has far, far-reaching consequences.
a3_nm 2 days ago 1 reply      
It is also interesting that there are many parallels between software engineering and the design of mathematical proofs (or theoretical CS proofs, which I am more familiar with).

In theoretical CS, people talk of catching and fixing "bugs" in proofs, namely, mistakes that make the proof fail but can hopefully be fixed while sticking to essentially the same idea.

One can "refactor" proofs, in superficial ways (e.g., renaming of concepts), but in deeper ways also, e.g., extract part of a proof to make it an independent lemma that you can reuse (or "invoke") from other parts of the proof. One often tries to "decouple" large proofs into independent parts with clearly defined "interfaces", that the reader can understand separately from each other, though this usually implies a tradeoff (a more tightly integrated proof requires more mental space but is usually shorter overall).

One can think of the statement of sub-results (lemmas) as providing an "interface" to invoke them elsewhere, which you try to "decouple" from the actual "implementation", namely, the way the lemmas are really proven. It takes practice to find the right way to abstract away the essence of a result to state it correctly, without burdening it with implementation details, but without forgetting an important aspect of the result that will be necessary later. As in software engineering, once a result is proven, you stop burdening your mind with the implementation and mostly think about the statement (i.e., what the result is supposed to be doing) when using it.

In software engineering, one must decide which part of the code is "responsible" for checking certain properties on the objects, and that code may "assume" some preconditions on its inputs and must "guarantee" some preconditions on its outputs. In the same way, in proofs, one often wonders where certain conditions should be verified. Should they be part of the definition of the object? Does this lemma enforce more conditions on the object than what is guaranteed by its statement?

The parallel is not perfect. In software engineering, you can rely on the computer to check that your code is correct, and to execute it. In mathematics you rely on other humans to do this and check that they are convinced by your proofs. This means you can get away with appeals to human intuition which are not fully formal, but on the other hand there is no safety net when you make an error in your reasoning, no reality check that you can invoke to avoid exploring erroneous consequences. Also, this does not apply to all types of proofs; but it applies especially well to proofs that describe a construction, i.e., a way to "build" a certain abstract object, often to justify that an object with a certain desirable set of properties exists.

currentoor 2 days ago 0 replies      
Interesting article. I always thought math felt like programming but in a language far higher level than any of the available programming languages. So like programming but with a lot less friction when going from thought to symbols.

For example, creating new domain specific control flows with Lisp macros versus defining a Dirac delta function using limits and integrals. In programming it's easy for bugs to seep in because there are more little/subtle details and leaky abstractions. But math on the other hand feels much more abstract and clean.

Perhaps this is just because dumb silicon boxes interpret our code and humans interpret our math which gives us a much more sophisticated base language to work with.

agumonkey 2 days ago 1 reply      
Not trying to evangelize but FP was an great hint for that. Seeing 'tangible' (that I can create, see, step through) incarnations of groups, monoids, transitive relations etc gave an operational grounding to abstract algebra. Something needed for some of us before see the abstraction behind the notation, and understanding it.
vayarajesh 1 day ago 0 replies      
Any more recommendation for books on Math? I am a web developer and I wanted to learn Math from the basics (I only did Math till my 10th Grade)

I have a keen interest in neural networks and it requires good foundation of Math.

louithethrid 1 day ago 0 replies      
Is there legacy code in mathematics ?
Dramatize 2 days ago 0 replies      
I never got into programming growing up because I thought it involved complex math. I wish I knew it's mostly logic rather than algebra.
throwaway593492 2 days ago 0 replies      
brandonium21 2 days ago 0 replies      
linky123 2 days ago 0 replies      
Nvidia Digits DevBox nvidia.com
192 points by hendler  2 days ago   147 comments top 15
modeless 2 days ago 8 replies      
Nvidia owns deep learning. They are alone at the top. Intel and AMD aren't even in the picture. I think this could end up being a bigger business than graphics accelerators. There's a huge opportunity here for the first company to put out a specialized deep learning chip that can beat GPUs (which is definitely possible; probably by 10x or more).
sandGorgon 2 days ago 6 replies      
installed standard Ubuntu 14.04 w/ Caffe, Torch, Theano, BIDMach, cuDNN v2, and CUDA 7.0

whoa - are you telling me that the nVidia drivers on Linux are so stable that they are building a commercial deep learning system on top of that. Is this the same thing as normal graphics drivers ?

sxp 2 days ago 3 replies      
The price for a custom build with these specs is ~$8k: http://pcpartpicker.com/p/NP4MNG Spending that money on an EC2 GPU instance would be a better use of money unless you really need a local workstation.
bobjordan 1 day ago 1 reply      
We built our own quad-titan devbox a few months ago, same general components as this, except used Core i7-5960X and threw in a few 1TB samsung SSD's in Raid, came in just at $9,000 USD hardware cost, which I think Nvidia was charging about $15,000. Still, I'm sure they aren't making a ton of money, and you get hardware guarantee with configuration (but config wasn't so bad..).
alricb 2 days ago 0 replies      
FWIW, the case is a Corsair A540 with hard drive sleds in the two 5.25" bays: http://www.corsair.com/en-us/carbide-series-air-540-high-air...

Makes sense to me, since you want the best airflow possible getting to the cards in a multi-GPU setup, and unlike in conventional cases, the A540 doesn't have a drive cage between the front fans and the video cards.

kfor 2 days ago 1 reply      
I wonder how Nvidia building their own machines goes over with the many, many third party partners building similar rigs. On the Supercomputing 2014 showroom floor it seemed like half the booths were selling something like this and were covered in Nvidia branding.
afsina 2 days ago 1 reply      
I think Boxx Apexx-5 boxes are already on par with these (even more powerful).


happycube 2 days ago 1 reply      
The Pascal cards are going to be much better, with HBM2 memory and possibly even actual double-precision performance (which isn't a problem for deep learning, but still...)
bagels 2 days ago 3 replies      
Why would I buy this, vs. renting a cluster of ec2 gpu nodes?
erikj 1 day ago 0 replies      
Twirrim 2 days ago 2 replies      
Titans are $1.5k each, so that's $6k down before you even account for the rest of the hardware to run it. Ouch.
nextos 2 days ago 0 replies      
I'm working on probabilistic programming. Hierarchical models are very close to deep learning. PyMC3 has a Theano backend, so this kind of setup is very exciting. Anyone else with the same thought/interests?
mobileexpert 2 days ago 1 reply      
NVidia should also market this for people who want to do molecular dynamics and other gpu enabled physics sim locally.
z3t4 2 days ago 1 reply      
Why not get a server tower case and motherboard while you're at it? Supermicro has some good ones.
seiji 2 days ago 0 replies      
newegg has been selling quad 12GB Titan X GPU combo packs for a while. single-click add-to-cart for 18 components: http://www.newegg.com/Product/ComboBundleDetails.aspx?ItemLi...
60 years ago: The famous Boeing 707 prototype barrel roll over Lake Washington seattletimes.com
199 points by Turing_Machine  2 days ago   59 comments top 15
userbinator 1 day ago 5 replies      
Interestingly enough, if the occupants weren't looking outside, a "1G roll" would feel almost the same as level flight; here's a video showing how "gravity" seems to invert along with the plane:


This is also why pilots can become spatially disoriented:


Steko 1 day ago 1 reply      
What were you doing Tex?

I was selling airplanes.


Here's Boeing, doing a 'near vertical' takeoff in the Dreamliner (spoilers: not really but still impressive), also presumably selling airplanes.


JacobAldridge 1 day ago 1 reply      
I use this example whenever I'm presenting on the difference between 'Radical' (High Risk, High Return) and 'Strategic' (Low Risk, High Return) plans. The difference between the two is Capability - ie, having strategic capability lowers risk.

This barrel roll, while not a strenuous manoeuvre on the 707, nevertheless demonstrates confidence in Boeing's manufacturing capability and by executing it Tex Johnstone convinced plane buyers that purchasing a jet was not a high risk strategy. "Selling planes" indeed!

binarymax 1 day ago 0 replies      
When you hire a pilot with the nickname 'Tex', expect showmanship.
termain 1 day ago 1 reply      
That aircraft is more properly called the 367-80, or "Dash 80". While it did serve as the prototype of the 707, its fuselage isn't as wide.

The KC-135 tanker and its derivatives also derive directly from the Dash 80, rather than the 707. It retains the 80's more narrow fuselage.

jlangenauer 1 day ago 1 reply      
It's also claimed, though there's no footage in existence, that a barrel roll has been performed in a Concorde.


cfj 1 day ago 4 replies      
Technically called an aileron roll.


sosuke 1 day ago 0 replies      
I'm stunned that Bill Allen left behind the photo he was presented with at the banquet. While he may have not liked it at the time it seems like he never forgave or recovered from it.
wkcamp 1 day ago 1 reply      
How quickly would the 707 drop in altitude while doing a barrel roll? And did he need a minimum speed to be able to successfully do it (sort of like an escape velocity)?
georgerobinson 1 day ago 1 reply      
Is there anything about the Boeing 707 structurally that makes it possible to do a barrel roll that would not be possible in later generation jets, such as the 757, 767, 777 and 787?
WalterBright 1 day ago 0 replies      
That picture is one of the two most famous aviation pictures. The other one, of course, is the 1903 first flight.
mannykannot 1 day ago 0 replies      
Perhaps inspired by Falk's performance in an Avro Vulcan prototype at the '55 Farnborough, which I think was in July.


inthewoods 1 day ago 2 replies      
Does the size of the plane make executing a roll of this nature challenging?
tempodox 1 day ago 2 replies      
Is it unreasonable to expect the ability to barrel-roll from any motorised plane (i.e. not a glider)?
stefap2 1 day ago 1 reply      
I have a feeling that in today's corporate culture he would be probably fired.
Exploiting Android Users codeword.xyz
191 points by Rudism  2 days ago   63 comments top 13
methou 1 day ago 2 replies      
As living in China, it doesn't seem they were crossing a line. Things gone mad here.

If you want to type Chinese, you'll need an IME. Most of Chinese people relies on them. It was indeed an exploitable point, that you slip a lot of stuff into it:

- News pop-ups of course;- System information gatherer? Sure;- Search engine, convenient;- Anti-Malware software, certainly;- Anti-Virus software, you'll have it;- Homepage? Come on, let's make a bolder move- Browser!- A PC Manager. It's a combination of AV/AM and a software catalog, and the sweetest feature is to tell you how many seconds it took to boot up to your desktop, and shows a % of population you've beat across the nation, people can be bitchy over this.

Not just one major software vendor did this, everyone capable did, and still doing. There's also large internet companies that used by people on daily basis uses 0day exploits to push their desktop software. Like if you browse the Chinese part of the internet for one day, you'll end up with bunch of cute little Anti-Virus/cleanup/tweaking goodies rest in your notification area, some times they fight each other and cause BSoD.

FilterSweep 1 day ago 0 replies      
Along the same vein, I highly recommend this read from Aral Balkan[0] on how advertising and analytics data is now really just a fancy word for what we considered spyware back in the older (freer) days of the Internet.

[0]: https://aralbalkan.com/notes/spyware-2.0/

tracker1 1 day ago 3 replies      
I can't speak for anyone else, but there's only so far I would be able to go in a job. I once turned down a job because a major client of the company was the RIAA. It reminds me of what LinkedIn did with their iPhone app and Email.. I can't believe that either Android or iOS would allow any of their apps after they did that.

I don't have either FB or FB messenger installed, since the split... mostly because they ate my battery life, and breaking apart existing/working functionality sucks. Not to mention they've been gimping their mobile website ever since, I've been avoiding them much more lately. But FB is nowhere near this level of sleaze.

pests 1 day ago 5 replies      
There was a single mention of Paint.NET in the article with no other comment. Is that the company involved in this? It was not clear to me nor do I recognize the name of the author.

There are two technical holes in how this was achieved, disregarding the initial drive-by update install:

* Unprotected browser cookie storage

* Android web-based App Install requires no user interaction past a request to a web endpoint

Are these holes still open?

robin_reala 1 day ago 0 replies      
obisw4n 1 day ago 1 reply      
Its funny the author mentions all the Google Play stuff about installing apps to users phones without them ever even knowing.. I actually found a company exploiting this in the wild using browser extensions, I wrote about it on this blog:


I'm not sure if the news I released had any effect, but they rapidly pivoted from a "desktop to mobile" ad network:https://web.archive.org/web/20141209085229/http://vulcun.com...

To some kind of e-Sports betting site:https://vulcun.com/

Oddly enough I submitted a bug report to google telling them they should set a content-security-policy on play.google.com, and was basically told "wont-fix" so the vulnerability to play store still exists.

joshstrange 1 day ago 0 replies      
This raises an interesting point I've thought a lot on which is "Developer Moral Responsibility" (Best way I can sum it it). I've started 2-3 blog posts on this subject only to shelve them indefinitely as the "gray" things I've been involved in were minor on the grand scale and the places I worked at when those things occurred were 99% "good" and I wouldn't want to smear their names over things that were minor at best (the "everyone else is doing it argument/excuse"). I would love it if a "Developer Morality Manifesto" or similar were created and accepted at both a developer and company level to cover some of these "dark" practices
dpifke 1 day ago 1 reply      
For those wondering how to protect against a "malware-steals-cookie" attack, see:


I believe Google does this now for their auth cookies.

gbin 1 day ago 3 replies      
But why?

Money? You said "thousands" of "users", even if you sell those owned computers/phones at let's say $1 you don't make that much as a company.

Fame/street creds? Look how I got those lusers?

Or you don't even care? you could optimise the deadliness of an atomic weapon and you would feel the same: code done ! Awesome !

tomaskafka 1 day ago 0 replies      
Thanks for honesty!
fapjacks 1 day ago 0 replies      
Way back when I was young and webvan.com was hot, I also worked on similar stuff. I didn't know then who I was, or even slightly what I wanted in life. Typical early-20s kind of thing. Anyways, I understand exactly what this guy feels like, as I feel the same way about the things I did back then. And these days I have turned down a couple of jobs that I felt were being too aggressive about advertising. One company's product was to give you a kind of GMail search, at the cost of collecting all kinds of information about you and aggregating it on remote servers to use for advertising. The founders were real cool guys, but this was just not something I am willing to contribute to.
fwn 1 day ago 1 reply      
Wow, why? HN isn't 4chan.

Things like that will lead to nothing more than a worse enviroment for everyone.

avinoth 1 day ago 2 replies      
Employees at Google, Yahoo, and Amazon lose nothing if they unionize michaelochurch.wordpress.com
177 points by mrfusion  1 day ago   143 comments top 13
asuffield 1 day ago 4 replies      
I'm an engineer at Google. This article's description of stack ranking and perf is fundamentally and completely wrong. There is no stack ranking for perf ratings, there is no percentage of people that have to fail, and managers are not allowed or empowered to give people poor perf ratings in the way described here.

I have no comment on the stuff about unions.

steven777400 1 day ago 1 reply      
We have a union for IT workers (including developers) at my workplace. I was only recently allowed to leave it as a result of becoming a supervisor.

In my opinion, the union was manipulative and not beneficial to employee outcomes. They were first and foremost politicians who used union funds to support various unrelated political objectives and didn't really offer any substantive help or improvement with salary/benefits.

After I left (completely in accordance with procedure and my position), the union sent me a threatening letter demanding that I continue sending them dues.

As a very "left leaning" person politically, I'm totally pro-labor, but unions often only pay lip service to the employees they are supposed to benefit.

digitalzombie 1 day ago 4 replies      
I would love it if they unionize.

The only thing I dislike is protecting the bad apples such as police union or teacher union style tenured.

I feel like company HR aren't there for you but for the company and unions are there for you.

I was in a situation were I was harass by my boss and HR was never there for me. After twice reporting, there was an incident where I decided I'm going to quit because I couldn't handle the harassment. This was in a gov agency mind you and I regret not joining a union.

We also had an option to take out of our paycheck a monthly fee for legal advice and retainers. I got that option just cause I thought it was a nice security I really don't know why I would need it. It turns out these retainers cannot help you legally against your boss or company btw.

Kurtz79 1 day ago 8 replies      
Unions historically were organized by people that were individually very replaceable, could not find easily another job if fired, had limited education and means to fight for their rights and improve their condition.

For this reasons ther employers could force upon them punishing work conditions and contracts, and unions allowed workers to leverage their number electing representatives that could organize them and would be better suited to negotiate with the employers.

I fail to see any connection with engineers which can easily move between jobs, command decent salaries and benefits and are more than able to negotiate better conditons individually with their employers.

Maybe a more suitable organization would resemble the medieval artisan and merchant guilds...

outside1234 1 day ago 1 reply      
In Germany they have this alternative structure called the work council. My understanding of it (I had 2-3 workers in Germany 5 years ago) was that it was essentially a union, but only the "good parts". They spoke up around things like stack ranking (and could vote it down) and generally acted as the "employee's HR". Everyone in the council also had to be an employee so you didn't have the overhead (or mob influences) of a traditional "pay in" union scheme.

Anyone here from Germany that can describe it more and talk about what you like / dislike about this system?

appleflaxen 1 day ago 6 replies      
When I was in a unionized position, it was frustrating because I couldn't choose to not join (technically I guess I could, but the union and the employer had already agreed that non-union employees still paid 90+% of union dues to the union. why this is legal I have no idea). Anyway, the union (which I became part of because, hey, 10% difference) really didn't help me. They were an entity with lots of institutional power, but they all had their own agenda. It's not like they really had my best interests at heart. It just became one more level of power to answer to. It was really frustrating, and I was happy when I was able to leave.
meesles 1 day ago 6 replies      
Can someone explain a bit more the actual current problem? I like to think that in our field of work, we prove ourselves by our abilities and nothing else. I feel like unions are first a way for the less competent to kind of hang in there and not have to try harder. I can see how it's a bit cut-throat currently, but if I'm protected then what do I have to gain by improving my skills? When I think of the industries that are heavily unionized, I picture demoralized workers with union leaders replacing their actual bosses and forcing the group to go along with things they would never find reasonable individually.

Personally, not a fan of the article. Also this line: and nothing will be done about it so long as most software engineers remain apolitical cowards who refuse to fight for themselves.. Thanks...?

6t6t6 1 day ago 0 replies      
This kind of hate that Americans have for unions is something I will never understand.

Unions have clear purpose: help the workers negotiate with the company with equal opportunities and prevent abuse from the employer. Companies have power, money and lawyers and, usually, a worker has none of those; so, if one day the worker has a conflict with the company, the Union will be there to assist the worker.

I've been working in a couple of companies that had a Union (in Europe, not USA) and it has been always a good experience. The guys in the Union knew quite well how law works in the country and helped the employer to always keep a relationship between the employer and the employee according to the law. Unpaid overtime? Mmmm... it's not going to happen. Firing someone just because the manager doesn't like him? Nahhh.... Abusive boss? Mmm... Lets talk with him about the consequences of a Lawsuit for Bullying.

Of course, if an employee did something really wrong, there was not much the Union could do for him.

But the main thing is that the employee is always in inferiority when dealing with the employer, and the Unions are there to solve that.

yarper 1 day ago 2 replies      
Aside from labour issues and collective bargaining over employees getting "shafted", unions are the first to pick up unsafe working practices. As software and tech in general ingrains itself into society the risk of deadly mistakes becomes ever greater - people already die due to bugs, and we can't remove the possibility entirely but we should be damn sure when the finger is pointed at our profession that we've got it covered. The free market typically doesn't cause this kind of enlightenment.
dennisgorelik 1 day ago 0 replies      
Step 1: Unionize software companies.

Step 2: Turn Silicon Valley into Detroit.

bpodgursky 1 day ago 5 replies      
Everyone loses union dues.

High performers lose high compensation relative to the mean engineer.

There are plenty more arguable things you can say engineers lose (stock option value with lost company competitiveness, etc) but I'm not going to bother with those. The top two are not arguable, which is enough to invalidate a simplistic clickbait title.

gadders 1 day ago 3 replies      
Are we supposed to flag this because MichaelOChurch the user id got banned? Not bothered either way, but wondered what the policy was.
oldmanjay 1 day ago 2 replies      
Miyazaki's Beautiful Anti-War Dreams medium.com
174 points by shadowmoses  1 day ago   99 comments top 10
grownseed 1 day ago 3 replies      
It makes me deeply happy to see this here. Miyazaki's mind is truly unique (and by extension most Ghibli films too), nothing else quite compares (and as the author points out, certainly not Disney & co. despite being Ghibli's distributors in the West). I've introduced many people to Ghibli, a lot of whom would have never even considered watching an animated film (even less so a foreign one), and most came away truly touched.

Miyazaki is anti-war, but he's also extremely pro-ecology as is obvious in most of his films (Nausicaa is an obvious one, but perhaps more obvious would be Pom Poko or Totoro). Broadly speaking, he advocates balance in all its forms. A lot of his main protagonists are strong female characters, and not the "overly girly unicorn princess with magical powers" kind. Violence, like greed, is a disease as opposed to an end (in fact those two concepts are often expressed together in his films, e.g. Spirited Away).

But maybe the best accomplishment in most, if not all, of Miyazaki's work, is his ability to capture the interest and the imagination of the viewers without resorting to cheesy gimmicks, gratuitous violence or sexual innuendos, which seem to be the go-to for a lot of cinema (animation and otherwise, Western and Eastern).

fitzwatermellow 1 day ago 2 replies      
Might be in the minority, but I strongly disagree with the assessment that Miyazaki-san's final film "The Wind Rises" was not amongst his greatest. I re-view it every few months for inspiration and find it holds up quite powerfully with each repetition. Japanese anime does Italian neo-realism in epic scale. The engineer as the manifestor of dreams. War as a terrible catalyst of progress. Surreally creepy voice acting by Werner Herzog as the mysterious Castorp in an homage to Thomas Mann. What's not to love?

For more on the controversy here's a link to the Chicago Reader review that sums up why some perceived it as being sympathetic to fascism:


stavrogin 1 day ago 1 reply      
This article rightfully praises the Ghibli movies for their non-Manichean stories, especially when compared to Disney or Hollywood blockbusters. Yet I'm surprised it missed an important example: in the first film entirely directed by Hayao Miyazaki, Nausica is far from an angel. In my eyes, she is Miyazaki's most ambiguous character. Warning, spoiler ahead.

When her valley is invaded, the peaceful Nausica runs to the room of her ill and bedridden father. He's dead, surrounded by soldiers. She screams, seizes her father's sword, and enters a killing rage. Truly, even a young and sweet girl can feel hate and killing intent, and she may even act accordingly. Nobody's born an angel nor a demon, but we can all become insensitive or cruel. Just read Primo Levi or Herman Langbein to see how most people transform in a few weeks. Anyway, that sequence made me cry.

I'd also like to mention the opening of this movie, inspired from the medieval "tapisserie de Bayeux" that relates England's invasion in the XIth century. The ballet of robots along a burning city is incredibly beautiful and moving. How stunning that Miyazaki starts his first film with the artistic beauty of a war scene!

netcan 1 day ago 0 replies      
Two points:

One is that I'm tired of both the congratulatory and the flagellative uses of "Western." Feminism is no more a western tradition than it is an Arab, Chinese or Congolese one. It's a modern cultural movement. Similarly, simple good vs evil plot settings are not western. They exist everywhere. They're often from propaganda, naturally occurring hero worship, morality tales and depictions of a culture's own history. GRRM (mentioned here) is as western as Tolkien and is definitely a modern example western literature.

The complicated moral depictions in Game of Thrones are not new, but they are definitely strong in the current zetgeist. It comes and goes and has often reached the point of cliche. Hercules (and his analogues like Samson and Cuchulainn) are often depicted with character flaws, often involving women and madness in some way. We've been through a period when it was out of fashion. I think hollywood film tradition is very largely to blame, their perfect hero classics. The awesome comedic writer like Adams, Pratchet, Joseph Heller or even Franz Kafka earlier on mock this constantly. Humour is great for this kind of thing, satirising the current literary cliches.

That brings me to my second point. Today's storytelling is taking this stuff to a whole new level. The complex morality tales and decompacting of group decision making dynamics that we see in everything today is really awesome, in my opinion. I think it's great art, or at least to my taste. Playing with moral perspective and depicting the complexity of people acting in groups is an awesome thing to explore. There's a ton of depth there and a ton of artistic flair required to bite into it. In my opinion, it hits the best notes when you have been wrenched so much that your sheltered sense of morality breaks down. It still exists, but its grim rather than fiery. Evil gets demystified, banal and sad. When a bad guy gets a just end you take on the role of a reluctant but dutiful executioner rather than a hot blooded cheerleader at the gallows.

Walter White is awesome because he's complex like a real person. His angst isn't just a flat "he's angsty because X." That's very hard to do. I think the only way to get that stuff across is the moral grey areas and the "shit happens" unfolding of a person. Long format TV series give writers time to do it.

This stuff is really fantastic in modern art. TV shows, books...

hacktavist 1 day ago 0 replies      
This is really an awesome article, thanks for sharing!
bracewel 1 day ago 1 reply      
The post seems a little confusing, Howl's Moving Castle was in fact written by Diana Wynne Jones 18 years before the Studio Ghibli adaptation.
shadowmoses 1 day ago 1 reply      
August 6th and 9th 2015 marked the 70th anniversary of the atomic bombs dropped on Japan in WWII; Thought this was an appropriate time to post this
delinka 1 day ago 6 replies      
everyone 1 day ago 2 replies      
ekianjo 1 day ago 1 reply      
       cached 12 August 2015 04:11:02 GMT