hacker news with inline top comments    .. more ..    14 Aug 2015 Best
home   ask   best   4 years ago   
G is for Google googleblog.blogspot.com
2222 points by dkasper  3 days ago   560 comments top 147
chetanahuja 3 days ago 3 replies      
Actually reading the first few paragraphs of the form 8(K) was more illuminating than the blogpost.

"Under the new operating structure, its main Google business will include search, ads, maps, apps, YouTube and Android and the related technical infrastructure (the Google business)"

"In connection with the new operating structure and upon completion of the Alphabet Merger (as defined below), Larry Page will become the Chief Executive Officer (CEO) of Alphabet, Sergey Brin will become the President of Alphabet, Eric E. Schmidt will become the Executive Chairman of Alphabet, Ruth Porat will become the Senior Vice President and Chief Financial Officer (CFO) of Alphabet and David C. Drummond will become the Senior Vice President, Corporate Development, Chief Legal Officer and Secretary of Alphabet. Larry, Sergey, Eric and David will transition to these roles from their respective roles at Google, whereas Ruth will also retain her role as the CFO of Google."


ChuckMcM 3 days ago 13 replies      
Wow, they are doing letters? Really? Letters? Hey is Eric Schmidt still in the building somewhere? Ask him how well Planets worked out for Sun Microsystems.

Interesting strategy, hard to second guess from the outside of course. Sun's motivation was to figure out whether the other parts of the company could stand on their own[1], it also makes it less fiscally complicated to discharge an entire group into the void. Think HP selling off the Agilent half of itself.

Generally though this sort of move is a way of containing and then "fixing" cost problems. Divestiture is so much easier once you've created the framework of a whole organization around each chunk. It can also be weirdly inefficient, at Sun each of the "planets" paid in a sum of money to IT (Bill Raduchel's organization) for "Corporate IT support" except that Corporate IT didn't work for them, they were just the only vendor you could use to get your IT services, so what you ended up with was really crappy IT work that you couldn't shop around for. It was maddening. But the 'collection of companies' design pattern requires either that you have your "service providers" that everyone uses (HR, IT, Legal) which gives little incentive for quality service, or everyone gets their own version which means a lot of excess overhead and duplicated work.

I could think of at least two other ways Google could have re-organized without bringing that pain upon them, and as Eric lived through it at Sun as well I'm sure he has an opinion.

Oh, and having one of the sub-companies get the world's #3 brand? I wonder how that works out.

[1] Answer "No" for SunSoft, "Yes" for Sun Hardware, "No" for Sun Labs.

rbinv 3 days ago 7 replies      
From the abc.xyz source code:

Sergey and I are seriously in the business of starting new things. Alphabet will also include our X lab, which incubates new efforts like Wing, our drone delivery effort<a href="http://www.hooli.xyz/" target="_blank" class="hidden-link">.</a>

igorgue 3 days ago 3 replies      
They gonna fail cause they don't own the .com \_()_/
jordigg 3 days ago 7 replies      
So all google divisions are now individual companies inside a conglomerated called Alphabet where Larry is the CEO and Sergei the President. Sundar Pichai is now the new CEO of Google. Is that right? Why do you think they are moving this way? Regulations? Taxes? What about Eric Schmidt?

I don't know much about trading, but look at that "after hours" spike! http://postimg.org/image/ho5ecyr99/

EDIT: All google subsidiaries are now subsidiaries of a conglomerated called Alphabet. Google is a subsidiary too. Google stock will now be Alphabet stock.

loteck 3 days ago 2 replies      
To summarize (correct me if I'm wrong):

- Google will now be operated as a subsidiary of a new company called Alphabet.

- Alphabet will be publicly traded under the same symbols as Google is now traded.

- Stock will just transfer as-is.

- Sundar Pichai is now the CEO of Google.

- Larry and Sergey will run Alphabet as CEO and President, respectively.

franciscomello 3 days ago 4 replies      
Here's why I think Google's transformation into Alphabet was not a wise one.

As Google cofounder Larry Page, now CEO of the holding company Alphabet, that will have as its main subsidiary Google, the search company, said earlier today:

>As Sergey and I wrote in the original founders letter 11 years ago, Google is not a conventional company. We do not intend to become one. As part of that, we also said that you could expect us to make smaller bets in areas that might seem very speculative or even strange when compared to our current businesses. From the start, weve always strived to do more, and to do important and meaningful things with the resources we have.

Well, if Google wants to keep spending investor money into "speculative" areas, what could be dumber than reporting its financials as "Google: hugely profitable" and "other random stuff: huge cash drain"? It will just make investors all the more sensitive to the fact that Google's search business is basically what makes money, and everything else is - for now, at least - a huge cash drain.

Raising awareness to Google's - oops, Alphabet's - business unit's individual financials will attract attention of the likes of Carl Icahn, who's raided Ebay in the past, and who'll engage in open challenging of Page and Brin's capital allocation decisions. It will definitely not compensate for the advantages of having Sundar Pichai take on greater responsibilities as Google chief, etc.

Not at all a wise move.

josh2600 3 days ago 5 replies      
Is this purely a function of sharding liability across a conglomerate of businesses? It seems like concentrating Google's ad revenue in a smaller, more efficient business unit is a nod to Berkshire Hathaway's method of business.

I can't recall this sort of thing happening in my lifetime, so it will be really interesting to see how this plays out. I also wonder how this would be treated if Google didn't have the crazy corporate structure they have now (where public shares are essentially non-equity and non-voting).


Edit: I am reasonably certain this is a tax and liability optimization strategy. It allows their more risky units to operate with separate liability from their cash cow.

Edit 2: I'm actually surprised the stock value hasn't tanked because most of the future potential of Google just got moved outside of the company. How much of Google's future value was based on X? I would say a non-trivial amount of the stock price is the anticipation of future profits, which are now no longer a part of the company the stock is intended to index.

Edit 3: Disregard Edit 2, I misread the release the second time through and assumed X was not part of the company :).

daniel-levin 3 days ago 0 replies      
It seems as though Google (Alphabet) is splitting its business divisions into:

1) Google - a company comprised of reliably profitable products that run at massive scale (search, video, mobile, mail etc), and they know that Sundar Pichai can manage this

2) Everything else - these are high risk ventures with possibly enormous pay-offs. This is a breeding ground for positive black swans which Google are keen to expose themselves too.

To borrow Nassim Taleb's nomenclature, Google is splitting into mediocristan (1) (bounded variance - existing products [like YouTube] are predictably profitable) and extremistan (2) (Calico - if a major breakthrough in combating aging related diseases is made it will be both unpredictable and hugely materially beneficial)

>> We will rigorously handle capital allocation and work to make sure each business is executing well.

This sounds like the business restructuring will allow Sergey and Larry to apply just as much capital as they see fit to the extremistani business divisions. In other words they would like to control their exposure to possible consequential rare events in a simple fashion: by controlling a very simple set of parameters - i.e. how much cash each business division gets.

sz4kerto 3 days ago 4 replies      
Does this mean that running high-risk project inside Google started to damage the reputation of Google? Many (most) of the moonshot projects failed (which is normal), and I have the feeling that these events had a somewhat bad fallout on the image of the whole company (questioning its invicibility to some extent, mostly in the eyes of the press).
sethbannon 3 days ago 0 replies      
From the SEC form making this official, here are the separate companies under Alphabet Inc:

Google, Calico, Nest, Fiber, Ventures, Capital, X.

Looks like Search / ads, YouTube, Maps, Apps, and Android will stay under Google Inc.


axyjo 3 days ago 6 replies      
This is a big move, which might also possibly help with EU anti-trust accusations by splitting up the big-ol' monolithic GOOG into functionally separate units.
yashap 3 days ago 0 replies      
I wonder if part of this is to make it easier to kill the side businesses if they fail, since these ventures are inherently very risky, and require people with very different skills than normal at Google. Say 1000 people are working on Calico, but it ultimately fails, and there isn't a natural spot for them in Google anymore. If they were all Google employees, this turns into "massive layoffs at Google." Now it's just "Alphabet folds Calico business", which sounds less bad (and possibly even makes layoffs easier? Don't know, IANAL).
swalsh 3 days ago 1 reply      
So Alphabet will start a new car company, and google can continue on as a search giant. It makes a lot of sense.

So many people keep saying their biggest fear of google is that they will turn devices like Google Glass, or the Google car into products to collect information on people. When those products themselves are viable business models.

rottencupcakes 3 days ago 6 replies      
Just a stray observation, but now Microsoft and Google are both run by Indian born CEOs.
tashoecraft 3 days ago 2 replies      
Probably was done to be ahead of apple and amazon in the yellow pages.
PascLeRasc 3 days ago 7 replies      
Interesting. I suppose they'd fail PG's test of owning your own .com.
coffeebite 3 days ago 2 replies      
Is Larry Page trolling PG? A day after PG publishes an essay that companies should own the .com version of their names, he renames Google to Alphabet with .xyz as the TLD.
Yhippa 3 days ago 0 replies      
Did Google effectively just do a rotate operation on a red-black tree for their organization?
misterbwong 3 days ago 1 reply      
This sounds a lot like Berkshire Hathaway's structure. Buffet + Munger at the top, mostly as advisers and fund managers, with individual companies given autonomy. I like it but it all depends on whether Larry & Sergey can hire well.
electic 3 days ago 1 reply      
The most important part of the 8K is how the merger will happen and how stock will be effected or transformed eventually:

Alphabet will initially be a direct, wholly owned subsidiary of Google. Pursuant to the Alphabet Merger, a newly formed entity (Merger Sub), a direct, wholly owned subsidiary of Alphabet and an indirect, wholly owned subsidiary of Google, will merge with and into Google, with Google surviving as a direct, wholly owned subsidiary of Alphabet.


aesthetics1 3 days ago 1 reply      
I do not know much about big business financials, but this seems like a move that would allow Google to separate its experimental or research-based businesses that do not turn a profit from its giant bulging revenue beasts. It will likely allow Google to post better quarterlies, and push their stock up even higher.

Appointing Sundar as CEO also allows them to focus more on the cool stuff in Alphabet and let Sundar run the meat and potatoes Google operations. Interesting moves.

hyperpallium 3 days ago 4 replies      
At last, reversing Jobs' advice to combine everything, returning to the original idea of trying lots of things. Maybe 20% time will see a resurgence, too? Bonus: small, separate entities makes it easier to tackle new opportunities (which start small) that wouldn't move the needle for Google - as per Christensen.

> We did a lot of things that seemed crazy at the time. Many of those crazy things now have over a billion users, like Google Maps, YouTube, Chrome, and Android.

Seems disingenuous, since YouTube and Android (at least) were acquisitions.

dluan 3 days ago 0 replies      
Congrats the founders of Google. Monumental move.

I have very fond memories of early Google.com, and there always used to be a vivid spirit in their products that everything was so experimental and technically on the edge. That feeling has been gone for a very long time, but since Larry has come back it's been slowly returning. Call me what you want, but I feel like this is such a smart move for the founders' freedom to explore.

And the way they announced it is totally in line with the spirit. I'm sure there was a lot of technical work, and will be more, but they way it's all hidden in the back so that they can focus on the most important parts. I'm a fan.

franciscomello 9 hours ago 0 replies      
Great question now that GOOG/GOOGL is on the spotlight: Why should any investor pay a multiple (expensive, by the way) and get exposure to Google Ventures/Google Capital/Google's other crazy ideas, when he/she can just invest in Sequoia, A16Z, KKR, and other VC, growth equity, or private equity managers at book value?
akshatpradhan 2 days ago 1 reply      
I personally think they did this because Sergey Brin and Larry Page were getting bored with day-to-day Google operations but wanted to remain at the top. They can't just shift their focus on the new toys they're building like Robotics, Fiber, Vehicles, etc. So best bet, name Sundar Pichai as the new Google CEO, put Google under Alphabet, become the new CEO of Alphabet, and that allows them to get rid of day-to-day Google search operations and focus on their shiny new toys.
blackbeard 3 days ago 1 reply      
Sounds like Google is turning into Umbrella Corporation: http://umbrellacorporation.jp/aboutus.html

Life sciences, life extension, military, information, telecommunications all under one umbrella company.

electricblue 3 days ago 0 replies      
I had to look at my system clock a few times to make sure today isn't the first of april.
Osmium 3 days ago 0 replies      
Makes sense. Hopefully this can stabilise the Google brand as something more reliable (fewer products that are launched one day, taken down the next), while still allowing them to experiment. The name is genius too; it suggests that there will be other companies equal to Google's stature one day ("G is for Google, H is for ...another billion dollar company?").
HugoDaniel 3 days ago 0 replies      
I read "mad sex" on the cubes of their alphabet landing page :/ is this on purpose or am i that much of a pervert ?
arihant 3 days ago 0 replies      
This is great. The best thing about Google was their willingness to try interesting things. But the Apple-ification of Google lead them to look like a company suffering from identity crisis, at least from the outside.

This will keep Google products unified and work together, and will give them opportunity to throw mud at the wall with Alphabet.

Also worth mentioning is that this kind of corporate restructuring is fairly common. Usually it is done by X company expanding into X Industries with X being a subsidiary of X Industries. It is just more visible because they went with a different name, reasons of which are in the post.

knes 3 days ago 1 reply      
It's almost as if they read "the outsiders"[0]

[0] http://www.amazon.com/The-Outsiders-Unconventional-Radically...

thought_alarm 3 days ago 2 replies      
http://alphabet.com is getting hammered right now.
ThrustVectoring 3 days ago 2 replies      
One of the big dangers of being Google is using the profitable advertising arm to subsidize unprofitable side-ventures that don't materially affect the advertising arm of the business. This same problem lead to the decline of the Ottoman Empire - they used the profitable Balkans to pick up albatrosses like Egypt and the Levant, and then collapsed when they lost the Balkans and could no longer subsidize ruling those areas.
allencoin 2 days ago 0 replies      
Oh, I get it. Alphabet.

Alpha Bet.

They're making a Bet on the Alpha versions of these products.

reneberlin 3 days ago 0 replies      
I'd like to know what margin did the namefinding-company get paid for this extraordinary creation. And who owns all these super simple domains in all the .tlds. And what will they get paid for to let them own them? "Example" was under the near winners but didn't succeed. I am waiting for the artworks to see for "alphabet" in RGBA/cmyk/svg.
ErikAugust 3 days ago 0 replies      
They don't even own alphabet.com. Not signaling strength (sarcasm).

Also, feel bad for the owners of that domain as it is effectively being DDoS'ed.

smohnot 3 days ago 1 reply      
Fun game: Name Google products A-Z without looking them up! Here's what I got:Android, Blogger, Chrome, Drive, Earth, Finance, Google, Hangouts, Inbox, Jaiku, Keep, Local, Maps, Now, Offers, Picasa, Questions, Reader (RIP), Search, Translate, U??, Voice, Waze, X Labs, Youtube, Zagat... I couldn't think of anything for U and Jaiku was a bit of a stretch
zippzom 3 days ago 0 replies      
Doesn't this completely change what you are buying when you buy GOOGL shares?

It used to be you were investing in a search/ad company that owned a lot of other stuff. Now you are investing in a company that owns the leading search/ad company.

The difference is obviously academic but I think it will make a difference in how the shares are traded. Perception drives the market after all.

mohaps 3 days ago 1 reply      
ha! Any problem in Software Engineering can be solved by adding another layer of abstraction! :D
mattzito 3 days ago 0 replies      
This seems largely, at my admittedly brief viewing, to try to quell some of the structural concerns around all of these "non-core" businesses that the Artist Formerly Known as Google are participating in.

I think it will streamline the management of all of these different businesses, at least make it clear where Larry and Sergey are focusing their efforts.

akhilcacharya 3 days ago 3 replies      
Wow, this is really strange. Has there been any precedent for things like this?
ucaetano 2 days ago 0 replies      
You can now think of Alphabet/Google as the Berkshire Hathaway of technology.

While BH uses money from a cash cow business (insurance) to build a portfolio of companies that look like the established economy, and manage those companies in an exceptional way, improving individual returns while reducing overall unsystematic risk (effectively using good management to move beyond the Markowitz efficiency frontier), Google will use money from a cash cow business (Ads) to build a portfolio of companies the look like the new economy, using effective management in the same way.

anon4 2 days ago 0 replies      
What is Alphabet? Alphabet is mostly a collection of companies. .... Alphabet is about businesses prospering through strong leaders and independence. In general, our model is to have a strong CEO who runs each business, with Sergey and me in service to them as needed. We will rigorously handle capital allocation and work to make sure each business is executing well. We'll also make sure we have a great CEO for each business, and well determine their compensation.

The King and his vassals, ladies and gentlemen.

sangd 3 days ago 2 replies      
Congrats! It's a new chapter for Google, an exciting beginning for Alphabet. It definitely broke PG's theory on the .com
_stephan 3 days ago 1 reply      
Will the non-Google Alphabet companies still have access to Google's software engineering infrastructure?
sethammons 2 days ago 0 replies      
The first thing that went through my mind (with some additional work, and all that is needed is illustrations and a publisher..):

A is for Asynchronous, the way our code should be

B is for Beta, the first stage of our code the user will see

C is for Capacity, for this planning helps our hardware not fail,

planning capacity helps our product meet our users at scale


D is for Datagram, which you may not get from me

E is for E-tag, for caching is key

F is for Freedom, the state information wants to achieve,

follow information through history if you want to believe


G is for Google, the advertising and indexing whale

H is for Hystrix, because Netflix Tools are for scale

I is for the Internet, for without it, many start-ups would fail

I is also for iPhone who's apparently in jail


J is for Javascript, with a new frameworks each week

K is for Kill, because scripts can misbehave and memory can leak

L is for LifeSize, for meetings about meetings must be

M is for Metadata, because tracking in bulk is (mumble, mumble, something, something), look! "privacy!"


N is for NoSQL, for relational data is dead

O is for Octocat, who houses our code so it is not in our head

P is for a Penguin named tux

Q is for Quiet, lost to the the tide of the open office flux


R is for Rabbit, because some problems require a Queue

S is for Secure, for we have our our user's data to lose

T is for the terminal, for how else can we see ascii Star Wars

U is for UTF-8, who's lack of handling makes bugs in our source


V is for Vitesse, never has mysql DBs been so easy to scale

W is for the 5 Whys, that guides us in post-motems when we fail

X is for Executable, which chmod can help our script to be

Y is for YCombinator, for many a start up, encubators are key


And Z is for Zsh, not your ordinary shell

These are the letters, remember them well

These are the letters, from A to Z

These are the letters, next time will you please say them with me?

[edit: format, typo]

scott_karana 3 days ago 1 reply      
I'm really confused why they wouldn't chose to incorporate a "new Google", and split out all its other ventures, future and existing, as subsidiaries, rather than make a new brand and relegate their previously mainone to subsidiary status, with its own sub-subsidiaries.

Legal issues, I presume? Or are Brin and Page just having identity crises?

I don't think anyone will care if they see "Foobar, an Alphabet company" in the same way they would if it was Google, in any case.

acaloiar 2 days ago 0 replies      
Yesterday upon seeing the headline "Google Forms new Company" elsewhere, I assumed that Google spun their Google Forms product off into a company named Alphabet. I was profoundly confused as to how Google Forms necessitated an entire new business entity.

I'm not a proud man.

evanwarfel 3 days ago 0 replies      
I've always wondered why we don't see more of the studio model (like Pixar) in tech companies. Especially ones focused on innovation -- Thomas Edison didn't just invent a single product, and that trend still influences how GE operates today. It's a bit of a stretch, but with some fuzziness around the boundaries, the idea of an over-arching studio seems to mostly describe YCombinator too.
huac 3 days ago 0 replies      
Google (or now, Alphabet) is an less diversified Berkshire Hathaway with tons of R&D expenditures.

I think it's likely that tax benefits from the reorg are the biggest reason for the stock price increases. But it also appears likely that there will be an offering of Alphabet stock in some form so it's curious to see how the value will break out.

xbmcuser 3 days ago 0 replies      
Aplphabet is likely to ipo Google fiber now as it is something that needs big capital investments.
ThomPete 3 days ago 1 reply      
This is potentially a very clever move when you put this into the perspective with one of googles major issues of being too dominant.

If I was a conspiracy nut I would say this way it's harder for ex. the EU or any other political entity to claim they have any dominant positions as such.

suprgeek 3 days ago 0 replies      
All of the announcement makes sense except the part where the Conglomerate is the one that is trading on the market.Are the hived-off business separate in any sense if at earnings time everything sinks or swims together? the most logical move would be to trade the new GOOG
wallzz 3 days ago 0 replies      
They just changed the name of the global entity, I wonder why people are surprised by this move, I think nothing will change for the users or in the company, they will just try to create next companies by filling the letters of their alphabet which is a silly move.
mrwilliamchang 3 days ago 1 reply      
Sounds like Alphabet is setup to do lots of major acquisitions. Game changer for tech ecosystem.
normloman 2 days ago 0 replies      
Here's another possibility: Google's taking a page from the Innovators Dilemma, and moving their disruptive projects away from corporate meddling. Most innovative projects die at big corps because they don't fit into the companies existing business model. Walling-off self driving cars and contact lenses from Google's core business could give it the room it needs to grow (before some VP of whatever cuts the project for not being profitable).
anuraj 2 days ago 0 replies      
The diversification seems to be going in the way of the conglomerate - and conglomerate tax shall apply - whether it is Google or not! Hope it does not turn dystopian though.
wbillingsley 2 days ago 0 replies      
Is it just the cynic in me that thinks "We wanted to move Larry and Sergei upstairs, but Eric's in that seat; so we had to create a cool new upstairs to move them to"?
BashiBazouk 3 days ago 0 replies      
Odd name choice. I would think it would open up all kinds of Trademark problems. Alphabet as a key word in a business name must be pretty widespread and across many industries, both trademarked and not.
pitchups 2 days ago 0 replies      
Larry Page has been described as possibly the most ambitious CEO on the planet, and this announcement certainly bears that out. Alphabet represents an ambitious attempt at reinventing Google. Possibly fraught with risk - but again Larry seems to be following his own advice of "having a healthy disregard for the impossible". So they are attempting to do something crazy - break up and restructure the company rather than stay comfortable.
rmason 3 days ago 2 replies      
Am I the only one who came away wondering why they didn't buy the domain alphabet.com?

The company that owns it, ascio.com, isn't even using it. Or perhaps they were a bit too greedy?

stephendicato 3 days ago 1 reply      
All I can think of is "Hooli XYZ - The moonshot factory".


techwizrd 3 days ago 0 replies      
I love how they buried the "Sundar Pichai is new Google CEO" bit in there. In any case, this sounds promising and it'll be interesting to see how this plays out.
wineisfine 3 days ago 0 replies      
I wonder if, besides the obviously healthy restructuring, this is also to anticipate on future anti trust issues. It seems like they're getting one step ahead like this.
FlailFast 3 days ago 1 reply      
Seems like Alphabet (Google/Page/Brin) and Facebook (Zuckerberg) are in a race to become the Berkshire Hathaway of the Internet.
teddyuk 2 days ago 0 replies      
I don't understand why everyone thinks this is a bad idea, it is great - run the profitable business as a separate business, use the profits to invest in fun things and also promote people to CEO instead of watching them go CEO somewhere else (yahoo etc).

It is a win win for everyone.

silasdavis 3 days ago 0 replies      
Perhaps this partly pre-empts threats to split up Google's search from 'other businesses', https://recode.net/2015/04/20/eu-competition-commissioner-i-...
damcedami 2 days ago 0 replies      
Now every school book which have "abc" as hypothetical company name should be changed.
carlosgg 3 days ago 0 replies      
Sundar Pichai's 2014 interview with Times of India


pgroves 3 days ago 0 replies      
Seems very similar to how Berkshire Hathaway treats it's companies. CEOs run the companies, a small group at the top adds/removes companies. There is one company listed on the stock exchange, etc.

It's noteworthy that Berkshire Hathaway refuses to deal with technology companies, while Google is exclusively tech.

xd1936 3 days ago 0 replies      
I'm cool with it. "Google+ Photos" and "Google+ Hangouts" being separated into "Google Photos" and "Hangouts" helps with clarity. So does splitting Google (Google X, Nest, Google research stuff, Google Ventures) up into purposeful, yet distinct, companies.
xasos 3 days ago 1 reply      
Wow, didn't know this was so popular overseas as well: https://en.wikipedia.org/wiki/Chaebol

i.e. Japan Display Inc. is a conglomerate that encompasses the LCD businesses of Sony, Toshiba, and Hitachi

catnaroek 2 days ago 0 replies      
My email is abc.deaf.xyz@gmail.com. I'm pretty sure they used my email as a source of inspiration for the name of their company. And they aren't giving me my fair share!

(Just joking. Except for my email, that part is 100% true.)

slantedview 3 days ago 0 replies      
To the extent that shareholders are driving pressure to separate the experimental bets with the more stable parts of the business, I'm not sure that I understand the point of replacing Google's stock/ticker with a new one. Any insight here?
smoyer 2 days ago 0 replies      
Call me cynical but I'm of the opinion that this will help them continue operating the non-Internet businesses in places where the Internet businesses are facing regulation and/or sanctions.
edpichler 3 days ago 0 replies      
I did not like the name, it remembers me the Amazon original copy (from A to Z).

But I like Google company, really well administrated, it's easy to see on the annual release reports. Despite the not so good name, they are doing a great job and the right next step.

grayclhn 2 days ago 0 replies      
I wasn't expecting a "thanks for joining our incredible journey" post from google.*

* http://ourincrediblejourney.tumblr.com/

Vaanir 3 days ago 0 replies      
Google does not own https://www.alphabet.com/

Thought I'd link this to:


archagon 3 days ago 0 replies      
Funny, I would have expected a better hashing algorithm from the likes of Google. ;)
xbmcuser 3 days ago 0 replies      
tdaltonc 3 days ago 1 reply      
If android were acquired today, would the really be brought in to the google core?
calewis 2 days ago 0 replies      
G is for tax evasion.
madhurbehl 3 days ago 0 replies      
A is for Automobiles.H is for Healthcare.D is for Defence.E is for Energy.M is for Medicine.R is for Robotics

This will become the Umbrella corporation from the resident evil fame :P

Animats 2 days ago 0 replies      
It's too early to tell what this means. It may be a first step to spinning off some of the non-core businesses.

Who gets Google's airport in Mountain View?

fuzzythinker 3 days ago 0 replies      
I was really checking if today is April 1st when reading this.
breatheoften 3 days ago 0 replies      
What effect will this have on the mono-repo debate?


dspeyer 2 days ago 0 replies      
What do we know about Sundar? It sounds like he's really taking over Google. Is he likely to be up to it?
nicolethenerd 3 days ago 2 replies      
>> Susan is doing a great job as CEO, running a strong brand and driving incredible growth.

Is this supposed to say Sundar? Kind of an awkward mistake to make.

_mikz 3 days ago 2 replies      
akilism 3 days ago 1 reply      
isn't amazon already doing the a->z thing
loso 3 days ago 0 replies      
I wonder where this puts the robot stuff that Google was doing? I assume it will be under Alphabet as well as Nest.
hessenwolf 2 days ago 0 replies      
Alphabet just sounds evil, a bit like Umbrella Corp, E-Corp, etc. I am not a fan of the name.
hkmurakami 3 days ago 0 replies      
And so Google becomes Berkshire Hathaway.
have_faith 3 days ago 0 replies      
I'm very interested in the effect this will have on the public perception of Google as a company.
trequartista 3 days ago 0 replies      
Is $GOOG going the Berkshire Hathaway route? Conglomerate with a lot of non-related subsidiaries?
Yuioup 2 days ago 0 replies      
The guy who owns the @alphabet twitter handle is going to be rich.
closetnerd 3 days ago 0 replies      
Something similar to Virgin I suppose. To keep other ventures from harming Google.
f00644 2 days ago 0 replies      
Will this still be based as a US registered company then?
31reasons 3 days ago 0 replies      
A for Apple! hmm does that mean they are going to acquire Apple ? :)
jonnycowboy 3 days ago 0 replies      
Does Google robotics fall under ventures/capital or Google X?
faragon 3 days ago 0 replies      
"Don't bite off more than you can chew", anyone?
skybison 2 days ago 0 replies      
abcxyz123 3 days ago 0 replies      
sethd 3 days ago 0 replies      
motyar 3 days ago 2 replies      
Sorry, but isnt .xyz for nsfw sites?
pietaalpha 2 days ago 0 replies      
jgalt212 3 days ago 0 replies      
I fail to see this as anything but some preemptive move against European Union findings/rulings.
dotori 3 days ago 2 replies      
Alphabet (the main company)


Calico (focused on longevity)

Capital (investment)




Google (now led by Sundar Pichai and includes search, ads, maps, apps, YouTube, and Android)





Life Sciences ("that works on the glucose-sensing contact lens")










Ventures (investment)


X lab ("which incubates new efforts like Wing, our drone delivery effort")



staunch 3 days ago 1 reply      
The Google Guys are now VCs.
adventured 3 days ago 0 replies      
This is Google moving into a structure akin to Berkshire Hathaway, which is something the Google founders have admired for a long time. They're changing into a conglomerate, run with a thin layer of management at the top. Their talk about empowering strong CEOs, and having the subsidiary companies operate independently, is an exact copy of what Buffett does in regards to businesses owned by Berkshire.
asurty 3 days ago 0 replies      
rel 3 days ago 0 replies      
Congratulations to Sundar!
reneberlin 3 days ago 0 replies      
bitL 3 days ago 0 replies      
dcosson 3 days ago 1 reply      
MrBra 2 days ago 0 replies      
paragpatelone 3 days ago 0 replies      
T is for Tesla
faithfone 3 days ago 1 reply      
orionblastar 3 days ago 0 replies      
Alphabet is just a way that Google can control its liabilities. Each subdivision can be closed off or sold if it has trouble. Not take down the other subdivisions when that happens.

Oracle is suing over Android using Java APIs, Alphabet can move Android to its own subdivision if they lose the lawsuit and close it off or sell it off and then develop a new mobile OS to replace it.

oneJob 3 days ago 0 replies      
revelation 3 days ago 0 replies      
ocdtrekkie 3 days ago 1 reply      
pasbesoin 3 days ago 0 replies      
reneberlin 3 days ago 0 replies      
hisabness 3 days ago 0 replies      
seanbo 3 days ago 1 reply      
JoeCoder_ 3 days ago 0 replies      
beedogs 3 days ago 0 replies      
EGreg 3 days ago 0 replies      
0x4a42 3 days ago 3 replies      
tmpforareason 2 days ago 0 replies      
Mikho 3 days ago 0 replies      
shogun21 3 days ago 0 replies      
djhworld 3 days ago 0 replies      
diablosnuevos 3 days ago 0 replies      
endergen 3 days ago 0 replies      
tacone 3 days ago 1 reply      
Skunkleton 3 days ago 0 replies      
rch 3 days ago 0 replies      
rm_-rf_slash 3 days ago 1 reply      
awicklander 3 days ago 2 replies      
overgard 3 days ago 1 reply      
mkehrt 3 days ago 2 replies      
No, that's normal for Google. It's totally bizarre.
smitherfield 3 days ago 0 replies      
reneberlin 3 days ago 0 replies      
Its done, there is no way back. We tried, we failed kickstarter.com
631 points by danso  1 day ago   372 comments top 40
dmbaggett 1 day ago 38 replies      
I wanted to believe that a team of 6 to 10 people could make a game that looked and felt AAA. Boy was I wrong!

When we made Crash Bandicoot (with a team of 7), it was already virtually impossible to make a AAA game with 6-10 people, and that was 20 years ago.

I tell inexperienced entrepreneurs to take their honest best estimate and multiply by 10. Or, as Mark Cerny (our producer on Crash) used to tell us, "add one and increase the unit: 1 week = 2 months; 2 months = 3 years; 3 years = you're doomed".

For a less anecdotal version, read The Mythical Man Month. (The factor he arrives at is 9.)

rkangel 1 day ago 3 replies      
I'm actually finding it reassuring to see some of these 'our project failed, sorry' messages coming up.

It reassures me that kickstarter is actually being used to fund new things, rather than just as a marketplace for existing products, where you don't even have to have found any capital up front.

themoonbus 1 day ago 11 replies      
"But changing gameplay from 2D to 3D had a major impact on overall development cost (we found out a little too late)"

Not to pile on, but this was very surprising to me... how could you not know that this would have a major impact?

bobajeff 1 day ago 1 reply      
People are acting like the game wasn't able to be made. The issue is it was made but the sales didn't cover the costs.

"At first we could not believe that our baby was not more successful, in our emotions we started looking for explanations not related to the game. Maybe gamers are just spoilt brats, bashing on everything, maybe there is an oversaturation of indie market, maybe all the free-to-play games by big studios are giving players a false sense of value. How could less than $10 be to expensive for a beautiful game like Woolfe? How could this be our fault? "

"Of course none of the emotional excuses above are the reason of our mixed steam rating. We can only blame ourselves "

It's good to see someone excepting the fact that their game just wasn't good enough. Also nice to hear someone admit what a cop out blaming customers or the market is.

roel_v 1 day ago 2 replies      
The assets of this company are, essentially, worthless. I think the liquidator would jump for joy on a bid of, let's say, 5 or 10k euros for all IP of this game. I've seen cases where IP that cost orders of magnitude more to develop sell for less, sometimes under the condition 'you have to take the office inventory too, because otherwise I have to pay for getting it disposed of' (where 'I' is the liquidator).

If anyone is motivated enough, it would take just 500-1000 people who would chip in some spare change to make this open source (I'm not interested in any of this, before anyone suggests it - just hinting to those mentioning 'open source').

bko 1 day ago 4 replies      
> But we have literally no money whatsoever to pay for stamps, let alone print the artbooks and dvd-cases.

How did this happen? Shouldn't that money have been allocated earlier? Did they spend every dollar thinking that this is the dollar that turns everything around.

Maybe I just don't get the mentality of those looking to fund projects on Kickstarter.

brudgers 1 day ago 1 reply      
It's great to see people admitting their mistakes. On the other hand, the project was doomed from the start $50,000 just isn't enough money to produce a game, let alone a game and collateral merchandise. And the commitment to collateral merchandise for a project like this meant that effort that could have gone to making the game was committed to dealing with posters, printers and postage. There's a reason startups don't return dividends to early stage investors. There's a reason sophisticated early stage investors don't want their investments to pay dividends.
lobo_tuerto 1 day ago 4 replies      
From TA:

"What about our Kickstarter backers?

The people that believed in us from the beginning? People we made promises too. People we have let down. Even worse people we will not be able to give the full rewards they invested in.

The crazy thing is, that we have most of the rewards ready for postage. All the backer stickers and letters of enlistment just need a stamp. All the poster sets printed, signed and ready. The artbook is ready to be printed, the soundtrack is ready for distribution, the DVD case is ready for production. But we have literally no money whatsoever to pay for stamps, let alone print the artbooks and dvd-cases."

This could be a good closure. From comments:

"Fredrik Waage:Please honor your backers who believed in your game by releasing the DRM-free version like you promised so linux backers (hopefully via WINE) and ppl who don't like steam can enjoy your game."

Or maybe even go open source?

greggman 1 day ago 3 replies      
I haven't played the game and I see the reviews are "mixed" on steam but looking at the video they certainly did an amazing job for such a small team. Of course at the end of the day it has to be a good game but they should still be really proud about how far they got.

I hope they try again and apply whatever lessons they learned

kelukelugames 1 day ago 4 replies      
Here is the steam page.


Remind me of Alice, which had some beautiful levels.


Udo 1 day ago 3 replies      
> I guess our public silence the last few months already said a lot.

While I can personally understand this reaction to having trouble, it's not healthy nor is it fair to cease communication in this way. A lot of promising projects announce difficulties by falling silent, including Limit Theory, which I was looking forward to seeing realized some day. Maybe crowdfunded projects need to shift to a mindset where it's expected to be upfront about problems.

> So with a heavy heart I have to communicate that as of now the IP of Woolfe, all of the assets and source code is now for sale

I said it before, but I'll gladly say it again: backing a Kickstarter project is a bet, not a pre-order. When I back a project, I calculate the odds and place my money accordingly, full well knowing it could be gone. As long as makers honestly tried to achieve something, I'm fine with failure.

Not everybody sees it that way, though. It would be nice if new games on Kickstarter would include a pledge for their IP to enter public domain in case the project as a whole fails. Because the alternative being played out here is most likely not very helpful to anyone, including the defunct studio.

mattdeboard 1 day ago 0 replies      
Really honest letter that is simultaneously an apology and an explanation, without making excuses.

I wonder if more experienced game developers could have recognized the failure much further down the track and pulled the plug (or taken on a lot more funding?) before it took the company under. I also wonder, if this undertaking had been made in the US, would the outcome have been any different due to different... I dunno, funding laws or more available funding from traditional investors?

Was the completeness of the failure of GRIN down to the fact they spent way more money than they had trying to prove a point (don't need to do pixel or highly stylized art) ?

The game industry is interesting to me because of the nature of the problems they have to solve, but it is so damn brutal I don't want any part of it.

felhr 1 day ago 2 replies      
Probably I am missing something but...Making a videogame (even an indie one) with 72.139 $? They were probably doomed from the very beginning.
ErikRogneby 1 day ago 1 reply      
So the game did get created though right? It's $9.99 on Steam: http://store.steampowered.com/app/281940/ It sounds like while the game got made, they aren't profitable and can't afford to make good on the kickstarter rewards.
overgard 1 day ago 0 replies      
Wow, my heart goes out to these guys, I guess they dropped the ball but obviously they really cared. It's hard to fault people when they made a good faith effort and came up short. I hope after things settle down and maybe they get some space away from this, they try again on a new project with a bit more wisdom.

I think the lesson here (and this one really is probably important for entrepreneur types), is getting funded really should not be viewed as an achievement. It just means the stakes got higher.

methodover 1 day ago 1 reply      
This is such a hard thing for me to read.

Game development is so incredibly hard. It feels like a winner-takes-all game where the very top 1% have everything, and the rest have almost nothing.

It's a shame that this studio has to fold. The game looks pretty good. You don't get to that point without having incredibly talented artists, programmers and managers, without having a team that's working pretty well together. And yeah, their reviews on steam aren't perfect -- but to me that doesn't seem that terrible. Everyone stumbles before they really catch their stride.

It sounds like they just ran out of money, really. They ran out of time. They weren't given a real shot. What a shame. I see startups pop up all over the valley here that don't even have a tiny fraction of the ingenuity and talent of this company.

It's a shame that our economy doesn't value art like this more. A real shame.

kkt262 1 day ago 6 replies      
It's interesting that failure articles seem to always go up to #1 on HackerNews. Why is that?
jebblue 1 day ago 0 replies      
I was watching that game, I like first person more but this is a beautiful game to be sure! There's so much competition out there, I wonder how big The Fun Pimps team is in comparison, I'd assumed around the same size.
song 1 day ago 1 reply      
I'm glad public money is spent on this. 60k is nothing on the scale of public money and is certainly peanuts when it comes to game budgets. And honestly, while it didn't sell well (and the market certainly is tough right now), the game in itself is not bad. It lacks polish and would have benefitted from a bigger budget but it's not a bad showing.

Tale of Tales is another example of a studio who produced some very interesting games in term of Art. The path was a very interesting game and as influenced quite a few other games.

mirimir 1 day ago 0 replies      
I'm reminded of the Chandler project, funded and directed by Mitch Kapor. The intention was Lotus Agenda, reimagined for the 21st century. But that didn't work out. See Dreaming in Code: Two Dozen Programmers, Three Years, 4,732 Bugs, and One Quest for Transcendent Software by Scott Rosenberg. It's a very sad story. I loved Agenda, and Chandler had so much damn potential! So it goes.
kin 1 day ago 2 replies      
So if the game is on Steam right now and I try to support them by buying a copy, where does the money go?
redbar0n 1 day ago 1 reply      
"I wanted to believe that a team of 6 to 10 people could make a game that looked and felt AAA. Boy was I wrong!"

"In the video game industry, AAA (pronounced "triple A") is a classification term used for games with the highest development budgets and levels of promotion.[1][2][3][4]" https://en.wikipedia.org/wiki/AAA_(video_game_industry)

It should be obvious from this definition of an AAA game that 6-10 people in a small indie game studio can't make a game with 'the highest development budgets and levels of promotion'. It requires lots of $$$ and other resources, which an indie game company almost never has.

"Wisdom begins with the definition of terms." - attributed to Socrates

mangeletti 1 day ago 0 replies      
Serious question: why not target a platform that's more similar to what Crash Bandicoot was built for, and then run it in some sort of Steam-compatible emulation layer[1]? This would have given you a potentially great game, and at least an MVP that you should sell and also show investors with a "imagine this with way better graphics!" pitch, instead of having great graphics without as much of a complete game, given limited time and resources.

1. I'm shooting from the hip, because I have zero game dev experience, and I know even know if this is possible, let alone whether it even makes sense (are 8-bit, etc. games more simple to build than those with modern graphics?).

rebootthesystem 1 day ago 3 replies      
I don't have data to back this up other than years of entrepreneurship. I'm sure someone could invest the time to dig-up the data and corroborate or refute my statement.

I think game development must rank way up there with restaurants in terms of business failure rates. It might even be worst than restaurants but the data could be impossible to collect.


Because restaurant failures are a matter of public record while game developers more often fail privately. The data simply evaporates. It's a really tough business, even with money.

For the most part lack of business experience and idealism or hubris can play a big role in this. The good old "the market is <insert big number> billions, if we only grab 0.1%" fallacy.

To be sure, hubris and doing something because you love it has it's place and fortunes have been made because of this. That said, the cold hard reality is that the gaming industry is paved with the corpses of probably millions of entrepreneurial efforts who have tried and failed.

Generally speaking, for most developers, I think there's far more money in developing games for those who have cash to burn (whether successfully or not) than to try to create the next blockbuster.

As a small data point, years ago we were approached by a company to develop an iOS children's game for them. Lots of animation, sound, graphics creation, etc. They had no experience in software development at all. They wanted to convert this low budget cartoon character into a game because they convinced themselves they'd make millions with an app.

We told them it would cost $50K to $250K (or more) and months of development depending on specs. Of course, they had no specifications. It would be impossible to understand costs without a solid spec.

We also recommended they DO NOT develop this game and stick to their core business. In fact we pushed back hard on this point. I sat down with the CEO for a couple of hours to explain failure rates, challenges, issues, etc. They needed to fundamentally transform their company and were not equipped to do so at the time.

I got an angry email from the CEO telling me we were crooks and how they found a company in India that could build them the entire game for just $15K in three months. What the hell did I know? Right?

A year later, almost to the day, I got an email from the same CEO asking if we could meet. We did. He revealed they burned the $15K and got nothing more than a slideshow made with templates. They then found a larger company (also in India) and burned an additional $50K and got something that was buggy and wasn't even playable. By the time he asked me for a meeting they had burned through over $150K trying to have their game made and had nothing. They couldn't even submit it to the app store. They were nearly out of money.

You could probably guess what happened next. He asked if we could fix it for $20K. I explained I'd be surprised if anyone would have any interest in touching that code-base for any amount of money. And, no, $20K couldn't even touch building the app they envisioned a year earlier. I repeated my recommendation to stick to their core business. Which they did. After learning an expensive lesson.

Anyhow, long story to relate one type of scenario behind game development where ignorance and hubris meet a pile-o-cash and a bonfire follows.

Sorry to see the Woolfe team fail. I don't think I am being a pessimist when I say this is far more likely to be the outcome with games. Kudos for trying. Move on. Quickly.

agumonkey 1 day ago 2 replies      
It's interesting to see the reactions here. The matchstick project ended up giving full refunds to the backers and yet they were trashed in the comments. While here people are showing lots of love even after the bankrupt notification.
Animats 1 day ago 1 reply      
They mention problems with collision detection, which indicates they were writing their own game engine. Why? There are good game engines available, and writing one is a big job.
w3ightl355 1 day ago 0 replies      
It sounds like their heart was in the right place, an effort driven by passion, but they just ran into too many obstacles. If I had invested, I probably wouldn't feel so bad. It sounds like they tried - like they give it their best, sincere effort. That's all you can do, really.
z3t4 21 hours ago 0 replies      
This feels a bit weird, they have a ton of press and they are on steam for gods sake. This thread alone probably generated enough sales to pay for those post stamps.
DjangoBKN 1 day ago 1 reply      
That was both scary and sad. As a fellow who is starting out to make a game too.
aquanext 1 day ago 1 reply      
I think they are dead on about lack of experience being the cause here. You can't make a AAA game on $72,000 and 6 to 10 people. That's nuts. Just one person's salary is going to be 50-60k if they are paying people reasonably.
listic 1 day ago 0 replies      
player_1 1 day ago 0 replies      
We don't even need more "cinematic platformers"on steam.
asciimo 1 day ago 0 replies      
The artwork and character design is excellent. The concepts are strong. I would have backed it. I'm rewarded nonetheless with a strong warning to balance passion with pragmatism.
VikingCoder 1 day ago 1 reply      
So, I wonder how much they'd sell all the assets and source for?

Could we Kickstart a project to drop it all in the Public Domain?

chazu 1 day ago 0 replies      
Sad to see GRIN dissolve, I felt they were a very promising studio.
megablast 1 day ago 0 replies      
> But changing gameplay from 2D to 3D had a major impact on overall development cost

Really? Did anyone not think that would be huge?

jchomali 1 day ago 0 replies      
Thanks for sharing your experience with us!
marincounty 1 day ago 0 replies      
"What about our Kickstarter backers?

The people that believed in us from the beginning? People we made promises too. People we have let down. Even worse people we will not be able to give the full rewards they invested in.

The crazy thing is, that we have most of the rewards ready for postage. All the backer stickers and letters of enlistment just need a stamp. All the poster sets printed, signed and ready. The artbook is ready to be printed, the soundtrack is ready for distribution, the DVD case is ready for production. But we have literally no money whatsoever to pay for stamps, let alone print the artbooks and dvd-cases. "

I understand you failed. Find money for postage though? These were Kickstarter investors? You have money for a bankruptcy attorney? Just shopping around for a bankruptcy attorney can save thousands? (Maybe you are doing the legal in house?). My point is the Kickstarter Backers will appreciate a small gift of gratitude, and just might fund you in the future?

I think most small companies know they are going under weeks--months in advance? I knew months for myself. There's nothing illegial about keeping a small fund for the last days of a business.

Good luck, and with Capitalism, and all its risk-thank goodness for Bankruptcy. When I was younger, I didn't quite appreciate bankruptcy laws. I now keep a close ear out for any changes to bankruptcy laws.(There are entities that want to change the federal statutes. I knew the Obama administration wouldn't let lobbiests touch them. I worry about the next administration?)

If I was to do it over again, I would have incorporated every business I ever started? I might have even incorporated my legal name right out of college--if legal?

amyjess 1 day ago 0 replies      
> I guess our public silence the last few months already said a lot. It is not out of disrespect that our communication dropped to almost zero it is out of shame.

PG has actually written on this subject: http://www.paulgraham.com/die.html

Basically, if a company stops communicating, it's almost a sure sign that it's in its death throes, and if a company is doing well, it's going to try to reach out as much as possible so they can show off how well they're doing.

paulhauggis 1 day ago 0 replies      
Games are extremely hard to get right, ship on time, and make an actual profit. This doesn't surprise me.
Stop reverse engineering our code oracle.com
604 points by hughstephens  2 days ago   338 comments top 73
kabdib 2 days ago 8 replies      
Wow. Really?

This single blog post is strong evidence for why you should never, ever buy an Oracle product, and if you are running anything written by them, why you should plan to migrate away.

Now, the culture of consultants in the Oracle sphere of influence is pretty toxic and money-grubbing. I can imagine companies being badgered into paying security weasels big bucks to analyze software with tools that cough up a zillion false positives, whereupon the weasel looks like a hero and is paid a bunch of cash, the customer panics and demands that Oracle fix a pile of non-existent vulns, and some department buried inside Oracle doesn't know how to deal. Whereupon the weasel skates off to another company to run the same scam: rinse, repeat, and this blog post.

In which case Oracle should simply call it out: "Please don't send us crappy automated scanning tool reports from the shitty security weasel consultant you hired because those reports are useless, and the same weasels have been sending identical ones in, monthly, for years, and you are being ripped off." But Oracle never passes up the opportunity to express contempt for its customers, nor can it admit to being wrong.

Better to avoid that whole ecosystem.

duncan_bayne 2 days ago 6 replies      
So, I disagree with the poster on a bunch of things here (no surprise, really).

But: this is authentic. This is what we (i.e. hackers) are always claiming we want. Someone speaking her mind, shooting from the hip, etc. Not an anodyne blob of corporate-speak: this is an opinion, stated pretty clearly, and backed up with fighting words.

You'd expect: "Our legal team has advised us to remind consultants that they are bound by any and all terms and conditions to which their clients have ... etc. etc. etc."

You get: "Otherwise everyone would hire a consultant to say (legal terms follow) Nanny, nanny boo boo, big bad consultant can do X even if the customer cant!"

Here we have someone who clearly loves the company and the product with a passion, defending both against what she sees (very wrongly, in my opinion) as criminal misuse and waste of resources.

I'll take one of these posts and argue its merits any day, over a block of mealy-mouthed corporate crap.

crypt1d 2 days ago 2 replies      
Seems like the original blog post was deleted, here is the archive - https://web.archive.org/web/20150811052336/https://blogs.ora...
Stratoscope 2 days ago 2 replies      
> Q. If you dont let customers reverse engineer code, they wont buy anything else from you.

> A. I actually heard this from a customer. It was ironic because in order for them to buy more products from us (or use a cloud service offering), theyd have to sign a license agreement! With the same terms that the customer had already admitted violating. Honey, if you wont let me cheat on you again, our marriage is through. Ah, er, you already violated the forsaking all others part of the marriage vow so I think the marriage is already over.

What a thoroughly nasty comment. She is comparing her customer with someone who is cheating on their spouse. Disgusting.

kriro 2 days ago 4 replies      
This is a marketing layup for any FLOSS ERP company (or the PostgreSQLs of the world). Basically "by all means check our code for any issue you may find. We'll gladly accept any suggestions for code improvements you may have."

This post is an absolute nightmare/facepalm. Basically my takeaway is "I guess I don't want to buy Oracle software". It's really mind blowing that this is the position of a major software company in this day and age. I mean I guess I shouldn't be shocked since it is in the EULA but man I'm kind of speechless (this clause has to be illegal in some countries, too).

Edit: as an aside as a bad guy this would make me very interested in reverse engineering Oracle products. If they disallow it for their customers the reaction times to any security issues will be lower and it will be pretty valuable to find bugs in their products.

Edit2: Seems like the blog was cracked. At least the "About" on the side seems to indicate that.

quesera 2 days ago 4 replies      
Wow. Someone's been hitting the Kool-Aid pretty hard.

I've seen this institutional hubris first-hand. The unshakable belief (typically by nontechnical management) that all of the smartest people in the world are employed here, working for me.

It always ends badly.

dang 2 days ago 1 reply      
The submitted title ('Oracle CSO: ~Only we can do security, trust us and do not reverse engineer') breaks the HN guidelines: it's editorialized (whatever one thinks of the article), and it's a quote-looking-thing that isn't a quote, so misleading.

Please don't do this. The HN guidelines ask you to use the original title. If that's really not suitable, a subtitle or some representative language from the article is ok. But putting your own spin on it is not ok. HN's goal is to let readers make up their own minds, and for that we need accurate, neutral titles.

We've changed the title to a representative phrase from the article, and can change it again if someone suggests something better.

dferlemann 2 days ago 1 reply      
This is exactly the problem with legality of RE and penetration testing. "You broke the law by wasting our time, violating your license agreement." I understand author's points. Not very good points, disappointingly.

No matter how interpersonal she puts it. It makes me not ever want my system to rely on a company that threatens and belittle customers for protecting themselves.

If I bought a fridge for my house, I found a listening device and a pinhole camera in the fridge. Just because the company has a clause I am not allowed to open up the fridge, it doesn't mean I shouldn't.

Well, the company might have found the devices. Indeed maybe nothing customers can do until the company fixes it. Keep telling customers they are not allow to look for flaws it just ridiculous. Yes, it's your product, but this is my home!

reacweb 2 days ago 3 replies      
Reverse engineering is legal in France for research and computer security (http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTE...).
jaawn 2 days ago 4 replies      
I don't really see how a lot of the responses here match with the original blog post. People seem to be airing a lot of long-standing grievances about Oracle rather than responding to the specific post on its own. Viewed on its own, the post can basically be summarized as "Please stop treating our products like they are open source. They're not, and it is against the license agreement to reverse engineer our stuff to find the source code."

A lot of people think open source software is a much better methodology than proprietary, highly-protected source code. That's fine, there are a lot of good arguments there. However, it doesn't make sense to throw a bunch of other, barely related insults at a company when really, all you're upset about is that their code is not open source. Criticize that...that is what you're upset about (at least so far as this specific blog post is concerned)

macmac 2 days ago 0 replies      
The arrogance is titanic. And her legal team apparently forgot to explain to her that certain jurisdictions permit reverse engineering and decompilation under certain circumstances irrespective of what Oracles license agreement says.
owenwil 2 days ago 1 reply      
I laughed at this line where she tries to prove her point by touting that Oracle already found a bug that a security researcher reported to them (but wasn't fixed yet):

"(Small digression: I was busting my buttons today when I found out that a well-known security researcher in a particular area of technology reported a bunch of alleged security issues to us except we had already found all of them and we were already working on or had fixes. Woo hoo!)"

azinman2 2 days ago 2 replies      
There are too many points to discuss... it's really quite insane especially on the backs of Java exploit after Java exploit.

But what I really don't get is this bug bounty hateathon. If it's only 3% of bugs (currently WITHOUT incentives like a bug bounty), then that's really not that much money... and in return you get more cred, something you might use for recruitment, and the off chance that you might increase that 3% versus something going on the black market. Even more so, how much could this really cost!? And Oracle has how much money?! If you can't spend that on a bug bounty when you're security is just so awesome as the post contends, then something is really in trouble.

pkkp 2 days ago 3 replies      
Is it just me, or is the childish, mocking tone in the OP simultaneously baffling and totally befitting of the point they're trying to make? I understand that they're frustrated by the repeated submission of automated security vulnerability reports, but blanketing it entirely as "reverse engineering" and responding to it like this is... a strange approach.

Did someone at Oracle actually think that this was the best way to make this point?

hgears 2 days ago 1 reply      
Original has been deleted, cached version available:


WormyMcSquirmy 2 days ago 0 replies      
>Ah, well, we find 87% of security vulnerabilities ourselves, security researchers find about 3% and the rest are found by customers.

They admit more security vulnerabilities are found by customers than security researchers and still they release this smug "fuck off" toned blog.

EdwardDiego 2 days ago 0 replies      
> Generally, our code is shipped in compiled (executable) form (yes, I know that some code is interpreted). Customers get code that runs, not the code as written. That is for multiple reasons such as users generally only need to run code, not understand how it all gets put together, and the fact that our source code is highly valuable intellectual property (which is why we have a lot of restrictions on who accesses it and protections around it).

Your JDBC driver IP isn't that valuable, just give me the damned source code so I can figure out why my Postgres copy out stream is blocking when I insert it into your copy in stream.


gizi 2 days ago 0 replies      
I like it that Oracle openly publishes this kind of blogs. I would personally never work for a company which expects me to develop anything using Oracle gear. It's simple. I can always find another company that doesn't and that pays the same or better. That is also why I suspect that someone who works in those circumstances really has to, because he has no other options.
lorenzhs 2 days ago 0 replies      
To me, this reads like a post explaining the benefits of free software by demonstrating the disadvantages of using proprietary systems. A bit hyperbolic at that, though.

RMS would have a field day.

sqldba 2 days ago 1 reply      
It sounds like they've confused a) users submitting results from static analysis that wastes time, b) users submitting demonstrable vulnerabilities, and c) license agreements.

a) is bad, and the users should just be turned away. b) is good and far better than selling them on the black market. c) is... who cares it's a license agreement.

idlewords 2 days ago 6 replies      
Can some infosec person speak to her strongest claim, that static analysis gives "basically 100% false positives" and wastes the team's time?
ikeboy 2 days ago 1 reply      
>We will also not provide credit in any advisories we might issue. You cant really expect us to say thank you for breaking the license agreement.

Well, Apple does (for jailbreak exploits).

>I am not dissing bug bounties, just noting that on a strictly economic basis, why would I throw a lot of money at 3% of the problem

Uh ... You don't think that percentage will increase if you offer bounties?

HelloNurse 2 days ago 0 replies      
The post seems real, by comparison with other articles in the blog: in particular similar silliness and dislike for security advisories in https://blogs.oracle.com/maryanndavidson/entry/is_your_shell... and similar anti-reverse engineering stance in https://blogs.oracle.com/maryanndavidson/entry/mandated_thir... and https://web.archive.org/web/20140123033110/https://blogs.ora...
eastbayjake 2 days ago 0 replies      
When I read this, I thought for sure it was just a lower-level engineering manager. I can't believe she's the Chief Security Officer, and that someone with a Wharton MBA could write something so unprofessional and full of disdain for your customers.
selimthegrim 2 days ago 1 reply      
Is this woman aware that static analysis is a non-negotiable requirement for filing your 510(k) if you do anything vaguely medical the FDA has to look at? Not that I would willingly choose Oracle for medical device applications, but the cognitive dissonance here is amusing. Pax vobsicum indeed.
charltones 2 days ago 0 replies      
There is just no upside to this kind of response. Surely for any tech company that has reached a certain size, the only workable approach is to recruit an appropriately sized security team and politely welcome and respond to each and every security report received, triage them as quickly as possible and fix the ones that are found to be real vulnerabilities. Even if you aren't happy with the motives or the methods they employ, they are potentially finding flaws in your products for you.
DannyBee 2 days ago 0 replies      
Except, uh, in plenty of countries, those anti-reverse engineering clauses are void as a matter of public policy.

And in any product that uses LGPL code, for example, it's actually a license violation to forbid customer modification and reverse engineering for the purpose of debugging those modifications.

(Though, admittedly, everyone always violates this term)

jjoos 2 days ago 2 replies      
> I am not dissing bug bounties, just noting that on a strictly economic basis, why would I throw a lot of money at 3% of the problem

Aren't the issues not found by Oracle the problem? I'm amazed that stil 23% of the externally found security issues are reported by researchers, the incentive to responsibly disclose security issues to Oracle isn't really big. It sounds like a cumbersome process with potential legal consequences.

There also are researchers(, maybe after a first bad experience about an EULA,) that sell security issues to the grey/black market. Is there any data on how many Java zero days are exploited in the wild before being fixed?

Changing your stance and being grateful for responsible disclosures and only using your EULA to threaten and sue the bad people can potentially save everyone with java installed from a few zero days at zero cost.

hownottowrite 2 days ago 0 replies      
Mary Ann Davidson's testimony on "cybersecurity" (2009) https://www.whitehouse.gov/files/documents/cyber/Congress%20...
jurre 2 days ago 0 replies      
It seems to have been removed, here's a pastebin of the original post: http://pastebin.com/bbMshdU1
Ogre 2 days ago 0 replies      
Just today I was arguing for not moving something off of Oracle. No one's really happy the thing in question is on Oracle, but it is live in production and most of the time does what it needs to. It ain't broke. Changing to "something else" carries way too many unknowns for my comfort level.

If I'd read this last night... I still would've argued the same thing, but I would've been really unhappy about it.

16bytes 2 days ago 3 replies      
I read the blog, but now it's returning a 404? Did they take it down?

If so, then somebody at Oracle realized that post reflected poorly on their organization. Perhaps there is some hope for Oracle yet.

lawnchair_larry 2 days ago 0 replies      
This explains so much about the sorry state of Oracle security. I hope Litchfield lets loose on them again.
vlunkr 2 days ago 0 replies      
Whew. I've never read something from a company that was so insulting to it's own customers. I'd wager a bet that they won't be keeping their job for long.
dr_zoidberg 2 days ago 0 replies      
While I admit that I didn't read the whole post (to me it was a wall of text full of complaints going around the same point, always saying the same without too much variation), I really don't get this obsession with reverse engineering. Yes, their license agreement states that it can't be done. But you deploy code, executable code, but still code. Code that people can understand, if they go through the process of analyzing it.

While I don't endorse breaking the agreement (which was properly signed and "celebrated", as lawyers say), I find it funny in the first place that they're selling a glass container and say "you can't look into it, just use it".

I prefer the honesty of free software/open source projects that sell customer support to this business model (which is also adopted by others, not just Oracle). However, if I were already bound to it, and couldn't pay the cost of migration, I understand I'd have to stick with it.

It's also amusing that people/organizations seriously believe they can reverse engineer something as complex as a database engine and "fix it" without acces to the diagramas, docs, tests, source code, build environment, etc.

Ben0xA 2 days ago 0 replies      
Oracle pulled the original post - here it is on pastebin http://pastebin.com/wkk8b7FJ
minusSeven 2 days ago 0 replies      
I worked in Oracle SOA product(BPEL) for 2 years. We had to do migration from 10g to 11g because Oracle wasn't supporting 10g version anymore. While migrating we came across a lot of issues that worked fine with 10g but failed in 11g. So we raised a lot of service requests with Oracle. Most of those got rejected by Oracle as they were not high priority meaning there were terrible workarounds existing for them. They only bothered fixing those ones without which we can't work(I guess they had to or my company would have sued Oracle). We ended up writing a lot of horrible work around just to make existing code work.

Yes we did not reverse engineer that code even though I feel it would have done lot of good for us. Not to mention the tool set provided by Oracle is utter crap as in it barely works on its own.

So I am not at all surprised that Oracle have that kind of mentality here. In all our communications with Oracle I felt they never really actually cared for what we the customers really want. All they actually care about it protecting their investments.

discreditable 2 days ago 1 reply      
Link is giving me a 404. Anyone got a mirror?
Orinocco 2 days ago 0 replies      
The article seems to have been taken down from the Oracle site.. I leave this from an unclosed tab for posterity:


trymas 2 days ago 0 replies      
Not sure if trolling/hacked or serious. If later, I guess, many tech savvy (read 'hackers') people, will accept this as a challenge.
muhuk 2 days ago 0 replies      
Noticed that obscure death threat in the beginning? I'm not surprised to see it in a post about licenses.
Simulacra 2 days ago 0 replies      
This makes me want to reverse engineer Oracle code immediately.
dolfje 2 days ago 1 reply      
Apart from the legal stuff and a lot off egocentric 'we can do it better', she has one point. There are many companies giving a lot of money for security, manually scrubbing all exploits that come out, create their own patches. While some lack the basic security guidelines. I think this money can be better spend upstream, to create tools so they can test patches for exploits better and create a faster security update release pipeline, so that all downstream and customers can rely on the security releases and that it can be released quicker to everyone. (Controversial: Maybe even adding automatic security updates to the package itself, like wordpress did, so that customer cannot be on a release with exploits)

Though saying to your client that they cannot reverse engineer to look for security problems, is totally not done! What is next? "Exploits will not be fixed, because the users has signed an agreement that they will not hack?"

anonu 2 days ago 0 replies      
If you look back at the author's earlier blog posts you'll find similarly-minded thoughts: https://blogs.oracle.com/maryanndavidson/entry/mandated_thir...
khaki54 2 days ago 0 replies      
Oracle JRE is literally one of the more vulnerable pieces of software underpinning the web and computing as a whole.

JRE CVEs: http://www.cvedetails.com/vulnerability-list/vendor_id-93/pr...

It's been 5 years since Oracle took over Java, so they can't claim it was left over.

Oracle's security record is terrible by all accounts, so how can their CSO justify anything in this blog post?

ORACLE product list CVEs: http://www.cvedetails.com/product-list/product_type-/firstch...

nashashmi 2 days ago 0 replies      
What a bully! Reminds of someone at work, especially with this line: "I do not need you to analyze the code since we already do that, its our job to do that, we are pretty good at it".

This makes me want to climb the empire state building, beat my chest like a gorrilla, and yell "Let me do what I know best!"

tux 2 days ago 0 replies      
lwhalen 2 days ago 0 replies      
Some media flack must've clapped eyes on that and had a VERY bad morning. The post has since been taken down, but here's a copy:http://pastebin.com/RQA90EEb
hyperdunc 2 days ago 0 replies      
In the first paragraph the writer insinuates that she'd like to kill people who drive too close behind her.

Any subsequent valid points she makes - and there aren't many - are undermined by this bitterness.

Heightened emotion so often enables effective communication, but it doesn't do any favors in this post.

bradleyankrom 2 days ago 0 replies      
No matter how valid her points are, the tone is inexcusable in a public-facing blog, especially when discussing customer behavior. I recognize the strong points of Oracle's offerings, but let's not pretend that there is not competition from other, open software.
davidgerard 2 days ago 1 reply      
This is one of the finest pieces of Postgres marketing I can recall seeing in recent times. They've made the case for open source better than anyone in 2015.

(We're in the midst of an Oracle->Postgres conversion right now. It's going wonderfully. I strongly advise you to look into it, bet you'll find it way easier than you think.)

(One of the nicest things about it: we give every app its own cluster of two PG boxes, because you can just do that instead of running a centralised monster box with an expensive license. It turns out that just everything not having to play nice with others makes stuff stupendously easier to manage.)

ck2 2 days ago 0 replies      
Don't worry, if you won't let your paying customers check for security holes, there are plenty of people in China who are going to do it for you instead.
sprayk 2 days ago 0 replies      
I'm not sure what the author's argument is here. Is me reversing simply a nuisance and waste of Oracle's time? Is Oracle trying to obtain security via contractual obscurity? I see lots of comments here proposing that Oracle is protecting its IP, but I don't see evidence for that in the article (maybe its elsewhere, though).

I wonder if Oracle would send one of those reminders to a customer who analyzed an attack by an attacker who "broke the license agreement" by reversing the customer's copy of some Oracle software.

kuschku 2 days ago 0 replies      
Did anyone notice that the post contains Microsoft Office Word metadata?


golemotron 2 days ago 0 replies      
> A. The customer signed the Oracle license agreement, and the consultant hired by the customer is thus bound by the customers signed license agreement. Otherwise everyone would hire a consultant to say (legal terms follow) Nanny, nanny boo boo, big bad consultant can do X even if the customer cant!

Really? What if no money changes hands?

sada123 2 days ago 0 replies      
That's why everybody sane should avoid using Oracle or Microsoft for the sake of mental health.
digi_owl 2 days ago 0 replies      
Oracle seems to be like MS in that their reason for existing is that they came to be at the right time at the right place, and has pulled every trick in the book to pull up ladders behind themselves.
alediaferia 2 days ago 0 replies      
The author must have been undergoing some bad moments so far. The post seems just the outcome of a more complex series of inputs. Most points are not valid from my own personal point of view but still may have been good points if written in a more objective way.

BTW, the post is gone.

patmcguire 2 days ago 0 replies      
If you read what else she's written, static analysis is kind of her Moby Dick.
hharnisch 2 days ago 0 replies      
This appears to have been taken down, I'm directed to a 404 page
nosnos 2 days ago 1 reply      
They took it down. Mirror?
dgarbvt 2 days ago 0 replies      
Oracle took down the blog post. Link is now returning a 404.
beedogs 2 days ago 0 replies      
404 now... looks like somebody's gotten word of it...
mathiasrw 2 days ago 0 replies      
Love security by obscurity
anentropic 2 days ago 1 reply      
Also, she loathes Keynes :(
faragon 2 days ago 1 reply      
pronoiac 2 days ago 0 replies      
It's been deleted. Here's a mirror: https://web.archive.org/web/20150811052336/https://blogs.ora... - and while it's full of cringeworthy analogies, such as breaking a contract is just like cheating on your spouse, there's also, well, "logic" that defies conventional wisdom:

Q. But one of the issues I found was an actual security vulnerability so that justifies reverse engineering, right?

A. Sigh. At the risk of being repetitive, no, it doesnt, just like you cant break into a house because someone left a window or door unlocked. Id like to tell you that we run every tool ever developed against every line of code we ever wrote, but thats not true. We do require development teams (on premises, cloud and internal development organizations) to use security vulnerability-finding tools, weve had a significant uptick in tools usage over the last few years (our metrics show this) and we do track tools usage as part of Oracle Software Security Assurance program. We beat up I mean, require development teams to use tools because it is very much in our interests (and customers interests) to find and fix problems earlier rather than later.

That said, no tool finds everything. No two tools find everything. We dont claim to find everything. That fact still doesnt justify a customer reverse engineering our code to attempt to find vulnerabilities, especially when the key to whether a suspected vulnerability is an actual vulnerability is the capability to analyze the actual source code, which frankly hardly any third party will be able to do, another reason not to accept random scan reports that resulted from reverse engineering at face value, as if we needed one.

Q. Hey, Ive got an idea, why not do a bug bounty? Pay third parties to find this stuff!

A. <Bigger sigh.> Bug bounties are the new boy band (nicely alliterative, no?) Many companies are screaming, fainting, and throwing underwear at security researchers to find problems in their code and insisting that This Is The Way, Walk In It: if you are not doing bug bounties, your code isnt secure. Ah, well, we find 87% of security vulnerabilities ourselves, security researchers find about 3% and the rest are found by customers. (Small digression: I was busting my buttons today when I found out that a well-known security researcher in a particular area of technology reported a bunch of alleged security issues to us except we had already found all of them and we were already working on or had fixes. Woo hoo!)

I am not dissing bug bounties, just noting that on a strictly economic basis, why would I throw a lot of money at 3% of the problem (and without learning lessons from what you find, it really is whack a code mole) when I could spend that money on better prevention like, oh, hiring another employee to do ethical hacking, who could develop a really good tool we use to automate finding certain types of issues, and so on. This is one of those full immersion baptism or sprinkle water over the forehead issues we will allow for different religious traditions and do it OUR way and others can do it THEIR way. Pax vobiscum.

imadfy 3 hours ago 0 replies      
f00644 2 days ago 0 replies      
agounaris 2 days ago 6 replies      
Ask HN: I will help your startup in exchange for food and a place to stay
584 points by codeornocode  4 days ago   278 comments top 69
gmazzotti 4 days ago 12 replies      
Why U.S.? I understand that you dont want to live in your country, but there are many others countries. Many of them has a much flexible immigration system where you can live legally if you find a job and where there are many jobs opportunities if you know how to code. I mean, instead of working almost illegally for free in the U.S., you can be legally and earning good money in another country. Im from Uruguay and this will work here (also, you will have health insurance, as it is mandatory in any job of any type. Also, it is common that tech companies hire forgeries that dont know Spanish, as most people know English, is not a problem). I know that this is also the case in many other countries.
titomc 3 days ago 5 replies      
I am an Indian national on H1B with a top company in US. By all means please do not come to US with H1B. The U.S. has broken immigration system. My visa is locked down to my employer and I cannot ask for a raise or get promoted. I accepted the lowest payment as per DOL from my employer just to stay and work in US with my 6 year H1B validity. By all means apply for a Canada work visa. They have now something called Express Entry system. You can also apply for permanent residency. US immigration system is broken and they are not going to fix it anytime soon. Immigrate to Canada. H1B is indentured servitude.

I have started my Express Entry application and very soon I will say goodbye to US , I don't mind the cold in Canada. I will have freedom to change jobs, won't be an indentured servant. I will also get permanent residency fast. US green card for Indian citizen is around 10 years backlogged.

I suggest it's best for you to apply for the Canadian Express Entry for skilled workers.

davnicwil 4 days ago 2 replies      
You seem a highly skilled and driven individual whose talents would be savoured, and rewarded with good money, by many companies in many different countries around the world.

Do not work for free.

Once more, please, do not work for free.

1. You don't have to work for free, far from it. You have in-demand skills and experience in a global job market. You can make really good money in many, many desirable locations around the world.

2. I would be extremely wary of anyone who would take you up on the basis you're proposing. Anyone who would give you such 'charity'[1] may have very questionable morals - 'oh sure, I'll take this desperate[2] man's skills, make potentially a LOT of money off of him without giving him his due reward, and that's completely fine with me, because that's what he said he wanted'. Imagine the sort of person who would utter such a sentence - do you want to tie your livelihood for the next however many years to such a person? I'm sure you know, there is a whole class of criminal activity in developed countries which exploits illegal immigrants based around this very premise. DO NOT put yourself on that path.

3. Never put yourself at the mercy of any one person or organisation for your survival. Your current situation is awful, but what kind of life would that be to move to? How will you feel waking up in a morning in a bed someone is letting you sleep in, eating some food they gave you for breakfast, then going to work all day only to guarantee an evening meal and bed when you return home. Repeating every day for a long time. That is not a life.

[1] That's what they might justify it as, at least. The reality is the opposite.

[2] I really don't mean to offend here, I know that's not what you are, at your core. But that's how they will see you, and that's the position you will put yourself in and indeed what you will become by following such a path.

arihant 4 days ago 3 replies      
If you have 8 years of experience, wait till you get 9 years. If you do, then even if you have a year of college, you can qualify for H1B. Typically, 3 years of experience equals 1 year of college. As is popular myth, a college degree or education is not a requirement that is set in stone for H1B.

Also, money or not, if you're working in US in capacity that usually someone would get compensated for, even for a company outside the US, you need to have work permit in the country.

If I were you I would look for jobs within Middle East like Qatar, UAE. Jobs related to tech are there, US universities are there, and the requirements with immigration are basically "if employer wants you get in." Rack up a few years of experience, then getting H1B would be viable.

jdimov9 3 days ago 4 replies      
I broke the US rules. I worked on my student visa, got thrown around four different prisons throughout Pennsylvania and New York in the span of 30-something days and was finally deported (with airfare that I had to pay for). I was in my final year of my B.S. in mathematics program at university. I never finished my degree.

All of the above is absolutely, without a shadow of a doubt, THE most fortunate thing that has happened to me and I owe all of my current success to this.

What I'm trying to say is - PLEASE get back your dignity. You're not a monkey, don't make any person, government or society make you think you are one.

Zombieball 4 days ago 6 replies      
Not trying to be negative, but my understanding has always been that U.S. immigrations doesn't care whether or not money exchanges hands. If you are doing work that a U.S. citizen would normally get paid for you are still technically "taking a job" from a local.

While I am sure there are conditions that will allow you to come and stay in the country, I would be careful what your arrangement is with any potential startup and how it is worded.

Perhaps another individual on HN has more insight into U.S. visa rules and can provide better guidance?

Good luck nonetheless!

steven2012 4 days ago 2 replies      
Unfortunately this is most certainly in violation of immigration laws. And chances are at some point, you will be banned from entering the US for a minimum of 10 years. I actually know 2 people that this happened to, one of them a personal friend of mine. Immigration/Customs officials do not need proof to ban you, all they need to do is suspect it. If you enter the US with no plan, no money, etc, they will suspect, rightfully so, that you are working in violation of your visa and you will get banned on the spot, especially if you visit so often.

My suggestion is to not do this. Enter as a tourist and enjoy your time in the US. If you want to work in the US, do it legally. Do work on an open source project and try to network and get a job that that way. Maybe try to join a huge company like Google or Facebook from abroad and transfer. That's your best way, especially if you get an L1 visa.

codeornocode 4 days ago 1 reply      
I didn't expect this to be #1 post this is kind of you people, I would love to thank everyone who posted and is posting midway replying to comments with "Thank you" i found out i'd be spamming the comments in here, so this is a huge THANK YOU to everyone who wrote and will write.
arianvanp 3 days ago 1 reply      
Personally, I'd go to the European Union. There are a few very good reasons:

- Once you get citizenship in one country, you can freely work on any of the other countries, or move there and live there. Creating a much bigger area of opportunity for jobs. You could have citizenship in France, and work at a cool startup in Amsterdam

- Though it causes a lot of political instability currently (immigrants constantly drowning in the ocean, trying to get across), getting a visa here isn't that hard, especially when you're from a conflict zone and can show you have a good chance to get a job.

- Europe is pretty awesome.

verelo 3 days ago 2 replies      
Disclaimer: I scanned the comments and couldn't see anyone talking about this, but please forgive me if I've missed this as it does seem like an obvious point.

Coding for a startup and not receiving pay, is likely still not legal. In my experience with US immigration (I'm Australian, living in Canada...traveling to the US from time to time) they don't really care about the money, they really just are about if you're taking away work that could have otherwise been done by a US citizen. Which leads me to the point of:

The fact you're doing the work for free is very likely to be irrelevant, its just the fact that you're doing work that is an issue, irrespective of the reimbursement you're receiving.

outworlder 3 days ago 0 replies      
> I have 4 years remaining in my U.S visa, each visit i can stay 6 months, i don't want to break any U.S rules that's why i want to code for your startup for no money, just food and a place to live in

Wouldn't that be compensation, technically? Also, I'd expect a company to be required to pay someone at least a minimum wage, but I could be mistaken.

> I am doing this because i live in a war torn country, some issues happened and i've lost all my savings

Dude, forget the US for now. Your first priority is to get a safe place to live in and a stable job so you can build your financial life back. Try other countries, such as the Netherlands, Canada, Australia, New Zealand, Ireland. These have way better immigration policies, specially for people in tech.

Then, when you are ready, try California again. Having no money will be an obstacle otherwise. How are you going to get translated, notarized documentation otherwise? Not to mention any kind of fees, plus transportation.

> i can't get an H1B visa because i don't have a university degree

Then don't, try another route. Such as via a big US multinational company. Or get the degree, if you follow the suggestion to go to an "easier" country first. You are young, you have time.

pthreads 3 days ago 0 replies      
Not trying to be negative but the reality here is you can't legally just work for food and shelter in the US. Whoever makes you work that way is very likely breaking federal and/state laws even if you are not. At the very least you will have to get paid prevailing minimum wage. And the employer can only hire you if you are authorized to work.

A very narrow exception exists for unpaid interns. But that requires one to also be authorized to work in one form or the other for e.g. as a student who needs work experience in his/her field of study.

blrgeek 4 days ago 1 reply      
Have you considered India?

While a work visa is not likely to be easy, the current tech scene has huge demand for programmers of all kinds. Especially if you're expert in Unity/Full-stack.

If it'll help, let me know here, and I'll connect you to someone in this very area (game programming, Unity SDK programming).

Other options would be Canada, Mexico, Vietnam, or anywhere else you can work remotely.

For visa details seehttp://www.immihelp.com/nri/indiavisa/employment-visa-india....

s3nnyy 3 days ago 2 replies      
If you want to optimize for money, I would recommend Zurich. It is the only place in Europe where net salaries compare to NYC or the Bay-Area.

If you are interested in moving here, shoot me a mail. Alternatively, check out my blogpost on medium: "Eight reasons why I moved to Switzerland" (https://medium.com/@iwaninzurich/eight-reasons-why-i-moved-t...)

currentoor 4 days ago 1 reply      
If you're from a war torn country have you considered applying for asylum? I know cases were asylum was granted to guys from my old country, India, which is by no means a war torn country.

I'm going through the immigration process right now and everyday Canada looks like a good option. I know it's not the US but it's still an awesome western country and has a reasonable immigration system.

Good luck!

ahuja_s 3 days ago 0 replies      
I run a startup in Singapore. There is a huge shortage of skilled developers in Singapore. Please do email me at sudhanshu@ideatory.co if you want to consider Singapore (I saw another comment suggesting Singapore). i know friends/startups looking for developers here and in Hong Kong (another option). Good luck mate!
winash 3 days ago 0 replies      
I work in Germany, had the option to work in the US but decided against it, I find the visa regime too strict, and unless you land a great job in a great company in a good city(you don't want to live in the middle of nowhere) it's not worth the trouble.

There are plenty of Jobs which you can get without knowing German, and many employers provide free classes where you can learn some basic German. IMO knowing a new language is also a very marketable skill depending on where you are from. Depending on the company you may get 25-30 paid day offs in a year.

You can get paid well if you are qualified/experienced. Living costs are low as well, I live in Berlin in a spacious 3 room apartment in a great area (http://i.imgur.com/qLqzqN7.jpg). The infrastructure is amazing. My daily commute is 20 mins door to door (subway or cycle) and I don't need a car at all. My daughter goes to daycare for free, and the healthcare system though it has its quirks, works quite well.

Getting a blue card is easy and with your qualifications you should be able to get it quickly, with the blue card you can travel outside the EU and come back within 12 months, no questions asked.I just took a 3-week vacation back home and plan to take another one this year.

If you wanna explore some options I would be more than happy to help, drop me an email at winash@outlook.com

RomanPushkin 3 days ago 1 reply      
What you can do is to move to country like Ecuador (Cuenca, let's say) or Thailand, or Indonesia (Bali), or Phillipines. It's relatively easy to live there on a long term.

You can find a job on oDesk (upwork now). I did it before, I earned $3K/month and worked 5 hours a day only. It's a good money for these countries (well and for US too).

Just work remotely, live there, save money. One day you'll find a job and will legally move to U.S. (seems like you'll be qualified after 9 years of professional experience).

bmir-alum-007 3 days ago 0 replies      
To help make "ends meet," it's possible to get some food, healthcare and monetary assistance from federal, state, county and city programs, often managed by each county's social services agency.

Firstly, there's the Refugee Cash Assistance (RCA) program: https://www.sccgov.org/sites/ssa/debs/calworks/Pages/refugee...

Here are some other California refugee programs: http://www.dss.cahwnet.gov/refugeeprogram/

List of other refugee programs:http://www.visaus.com/benefits.html

Next, food aid (food stamps) is called CalFresh (req 5 yrs of residency for noncitizens)

After that, there's MediCal (state-run health insurance available at the county social services agency) (unsure of requirements)

Lastly, General Assistance (emergency cash, a pittance) (only 15 days of residency is required). You can sign up for it at a local social services agency office.

Here's the main website for Santa Clara county: https://www.sccgov.org/sites/ssa

(Beware of name clash: federal Social Security is also called SSA. I hear any sort of Social Security benefits usually takes a very long time and lots of paperwork to get.)

GA policies: https://www.sccgov.org/ssa/general/gachap06.pdf

Other California counties' websites are listed here: http://www.counties.org/

yadavrakesh 3 days ago 0 replies      
Please consider India as one possibility - I have good connections and can help you if interested.

Yadav.rakesh (at) gmail

No need to work for free - definitely not when you know how to program and build systems. We don't seem to have enough of those.

Good luck.

mayank 4 days ago 0 replies      
Please consider having at least an initial consultation with an immigration lawyer before trying to do this. The initial consult is usually a 20-30 minute phone call and is offered for free by many attorneys. Your intentions are good, but it would be sad if you were blacklisted by immigration for any reason.
killerpopiller 3 days ago 2 replies      
I actually could use your help and would provide a nice shelter, food, salary in an awesome town here in Germany.

if you are interested, let me know.

jpgvm 4 days ago 2 replies      
If the US visa doesn't work out try going to a country with less archaic immigration law. i.e anywhere else.

Specifically Australia, Canada, Germany all have working holiday visas which are flexible and would let you do this sort of thing. Generally anything to do with the US and visas is a bad day.

GigabyteCoin 3 days ago 1 reply      
I knew a guy who was hasseled entering the US with some tools because he planned to do renovations on his own house that he owned outright.

The border guards said that unless he was a citizen or had a work visa then he was not allowed to work on fixing up his own house, and would have to hire a local to do it.

tl;dr working for "just food and a place to live" is still technically working, and unless you have permission to do so it would be risky for all parties involved.

phantom_oracle 4 days ago 0 replies      
Have you tried applying for refugee status?

I don't know if you'd be allowed to work, but instead of taking grants from the US as a refugee, you could maybe convince them that you are a skilled-refugee who is leaving your war-torn country and you would like to work instead of being given a handout.

Something tells me that the red-tape in the US won't allow this, but it is worth a shot, especially if you speak to an immigration lawyer about it.

seikatsu 3 days ago 0 replies      
There is quite a lot of US visa related guesswork going on in this thread - please do seek expert advice. In my experience the application and compliance problems look much less scary when you talk to someone who does this every day. Lawyers are expensive, but try: http://teleborder.com YC startup)

And on the global search for alternatives, should US not work out, here's some overview data of 110 most startup-friendly cities in the world: http://my.teleport.org/ -- and a mobile app for searching among them: http://teleport.org/mobile(visa data layers coming soon, too, but dozens of other cost & quality of life criteria already there)

seablackwithink 3 days ago 1 reply      
Hello, upon reading this post I felt great sorrow for your situation.I have seen many scams,(I do not believe you to be involved in any kind of scam), and known many people with visa issues.. I believe you are a truthful, honest person who deserves the best...as well as having the best intentions towards others.While I am in Texas and have can not offer support at this time...I do know a few people in California and Oregon who may be able to help you...I am sending your post/email to them momentarily. Are there any other states have an interest in regarding living/working etc.?Please let me know and I will see what I can do to connect you with assistance.

Also, please keep us up to date regarding your situation.


D. Virgillo

jedanbik 4 days ago 0 replies      
I wouldn't want to hire you because I wouldn't want to get in trouble. I also wouldn't want you to get in trouble. There are alternatives being discussed here that would allow a win/win instead of a lose/lose: pick a different country, get another year of experience, and play by the rules.
rainereli 4 days ago 0 replies      
Hey USA is not the only place in the word where you can develope your self, with that CV to can try India , China , Shangia places where you can find a LOT of opportunities.
OoTheNigerian 3 days ago 0 replies      
Here are my suggestions.

1. Take a deep breath and be calm. It will be ok. You have a visa which is the option to move. you are in a good place already.

2. Think of the most stable (infrastructure and cost wise) country you can access visa free, go there and try getting a remote position in the US. With that, you can fun living a fairly stable life in the mean time.

3. DO NOT risk your B1/B2 by trying to trick the system. Aim for a maximum of 4 months/year in the US on it.

4. With your B1/B2 you can travel to Mexico and Turkey for a while too.

Finally, DO NOT risk your B1/B2 and always have a decent reason when entering. the paper you have in your passport is merely for the CHANCE to gain entry at the immigration border and not a visa in itself.

It will be ok bud!

siddarthan_sp 3 days ago 0 replies      
Sorry to say, but I don't think what you're asking for is legal. You cannot be employed just for food/place to stay. If you need to work in the US, it's not possible with your visa (which I'm assuming is B1/B2).
iamcurious 4 days ago 0 replies      
Talk to a lawyer that actually knows the stuff. Also, if the situation looks that bleak regarding the U.S, please consider another country that gives you a better legal standing. Broaden your search. There is more to the world than North America and Europe.
worldadventurer 3 days ago 0 replies      
How about working for a startup tackling poverty alleviation globally, based in beautiful Cebu, Philippines? Visas here are much easier to get and the startup scene is growing rapidly. We're looking for talented full stack developers to work with Go language, Python/Django, Java, Docker, and Microservices. Our customers are doing life changing work globally, including in the Middle East. https://www.engagespark.com/about/#join . And two of us co-founders based here are from the US originally.
jonsterling 3 days ago 0 replies      
I don't think this is even legal; I'm sorry for your situation, but you must see that if this sort of thing were allowed, it would pave the way for slavery.
rtpg 4 days ago 0 replies      
I'm not in the US, but some people here are.

What about working on some open source projects? I don't think that would fall into the danger zone of immigration law(since you wouldn't be working "for" anyone).

Alternatively, maybe a company here can offer you an internship? The visa requirements could be less.

Does anyone here know an immigration lawyer that could help this person get out of a bad situation?

maehwasu 4 days ago 0 replies      
Email sent. Let's get the ball rolling and see what you've got.
hal9000xp 3 days ago 3 replies      
> i can't get an H1B visa because i don't have a university degree

I have exactly the same problem. I'm from Russia and I don't have university degree so I can't get H1B visa right now (but I will when I have 12 years of exp).

US is really hard country to get in.

I relocated to Stockholm, Sweden since Sweden doesn't require university degree for work permit. Software developers are in shortage occupation list.

Sweden is easiest wealthy western country to get in.

If you will bored in Sweden, you can later apply to UK (as far as I understand Tier 2 General doesn't require degree either).

You can get your job in Hong Kong and Singapore without university degree but it will be a bit harder.

So I recommend Sweden. It's better to be normal employee in Stockholm than working for food in California.

Also, don't stay for a few months in US on tourist visa. Next time they ban you to issue new visa!

alongtheflow 3 days ago 0 replies      
Try O-1 Visa. O-1 visa is getting more popular as an alternative to H-1B. O-1 visa does not require a university degree, and I think you have a good shot depending on how well you put yourself out there.


fasteo 3 days ago 0 replies      
>>>> I am doing this because i live in a war torn country

I think your best option is to ask for Asylum [1]

[1] http://www.uscis.gov/humanitarian/refugees-asylum/asylum

humbertomn 3 days ago 0 replies      
Honestly, I think you will be more successful if you spend your time and energy looking for employers that could sponsor your visa to Australia, Canada, New Zealand, etc...

I'm from a very remote part of Brazil and I used www.seek.com.au to get a programming job in Australia in 2008.. The company ran some remote tests with me and paid for all the relocation costs. You should try this.

Also you can try to get a permanent visa even before you try to move there. You can use the Immigration Points Calculator (https://www.wannamigrate.com/tools/) to know if you have the basic requirements for these same countries.

rabbyte 4 days ago 1 reply      
Best of luck to you, I'm sorry for where the system has gotten in the way. If I could, I would offer.
davidbanham 3 days ago 0 replies      
You may be a good candidate for an Australian visa. Not sure where it goes, but this form allows you to register your interest in becoming a skilled migrant.


Also, there _may_ be nothing stopping you from living in the US but working remotely for a company in another country. That may be a good path to getting an Australian/European/other company to sponsor you for skilled migration.

Best of luck!

tinco 3 days ago 0 replies      
Why not just apply for college in The Netherlands? (I recommend NHL or if your sciencey Twente). Or Germany? You can live comfortably on a part time job and can use the degree to get into the U.S. if you want.
idibidiart 4 days ago 2 replies      

I like you and your tenacity.

Why don't you ask it differently so all those annoying comments trying to "help" you would stop.

What I'm thinking is this:

"hey guys,

Does anyone have a fun side project I could hack on? Would you also be so generous as to have a couch for me at your place and host me for couple of weeks or whatever time?"

I can't imagine why such a proposal would have any illegal implications as long as you're presence in this country is legal. You can also qualify the "side project" as non-commercial and "hobby"

Does that make any sense whatsoever in your situation?

Anyway, best of luck. I really hope things get better.

Take care.

meric 4 days ago 1 reply      
If U.S. doesn't work out, give Australia a try, a lot more lenient.
eddywebs 3 days ago 0 replies      
If you need a professional degree for potentially being able to get an H1B sponsorship, I would suggest signing up for harvard extension >> https://www.extension.harvard.edu/

Anybody can start class and you qualify to join signup for a professional degree after getting A in 3 or more classes.Good luck !

arunitc 3 days ago 0 replies      
With 8 years of experience, you should be able to get a H1B. Every 3 years of experience adds 1 year to your education. You need 16 years of education to get a H1B. I too do not have a degree and managed to get a H1B. The challenge is to get through the lottery.

However, as many others have suggested, I too would recommend you to try another country, where visa rules are relaxed.

seanccox 3 days ago 0 replies      
You should consider traveling to the US on your visa and then applying for refugee status: http://www.uscis.gov/humanitarian/refugees-asylum/refugees

You can contact the Helsinki Citizens Assembly or the International Organization for Migration for advice.

aivatra 3 days ago 0 replies      
Hey why don't you come to Costa Rica? you can ask for political asylum here and work for tech companies. I'm an engineer and have always worked for american companies here. Also you can try New Zealand which is very similar in tech jobs like Costa Rica.
zkhalique 4 days ago 0 replies      
I am not 100% sure about the rules, but I think work for free is still considered work. If you have a tourist visa, you are not allowed to work for a client in the USA, even for free.

If you have all this time, why not develop an app and sell it on the internet? You can always say you're working for your own company back home.

zakvyn 3 days ago 0 replies      
China(Shanghai, Beijing) will be a good place to go to find IT job that require English communication (good pay), and don't have to worry about visa issue. Just go to linkedin, and find local recruiter there.
rebekah-aimee 3 days ago 0 replies      
Look up this organization called "World Relief." They might take you on and help you with visa troubles. This is definitely in their department and they're super nice people; I volunteered with one of their families for a while.

Good luck; we're rooting for you.

Spoom 3 days ago 0 replies      
I'm pretty sure USCIS doesn't care if you're paid or not; the idea is that you're still potentially taking a job from an American citizen. You might want to be careful.
avellable 3 days ago 0 replies      
You can apply to jobs in companies which are targeting diversity and experience like Rakuten Inc. It's in Japan one of the safest countries. If you got the appropriate experience they will hire you.
thiago_fm 3 days ago 1 reply      
I advise you try to find a job in Germany. I'm a brazilian myself and got a job here.

For a skilled Ruby dev with a diploma(for a third world country, this is a requirement) you can get around here pretty easily.

logicrime 4 days ago 1 reply      
Best of luck to you, friend! Hearing of all the things you have learned and have experience in leads me to believe that many startups would miss out if they overlooked you. You sound awesome.
slaction 3 days ago 0 replies      
Hi OP. Thanks for posting. Now let us tell why you're technically wrong about everything and we know more than you, and we've never had a girlfriend.
bradleyankrom 3 days ago 0 replies      
It bums me out that this is so complicated for you. It also bums me out that I can't think of anything I could do to help you. I hope things work out.
bayesianhorse 3 days ago 0 replies      
Consider coming to Germany. Berlin has a nice startup scene and both English and Arabic speaking communities.

I don't know how easy it is to get a Visa in your particular situation!

greyfox 3 days ago 0 replies      
if your a good programmer why not land a job and let the company you work for take care of the visa we employ many chinese workers at our company and they all stay here visa paid for by the company, there is some real world infactuality in your premise, any company who "would" want you to work for them for free, as a skilled worker, should also want to pay you and pay for your via.
jane_is_here 3 days ago 0 replies      
Have you considered Canada ?It has nice people and is not as hostile to migrants as some other countries.
thobakr 3 days ago 0 replies      
There is no future in the US, just go to other country (like Canada or something in west Europe).
kevindeasis 3 days ago 0 replies      
Oh man if you only lived in Alberta. You would def be welcome to stay at my place.
eonw 3 days ago 0 replies      
go get em tiger, screw all the haters! good for you for trying to better yourself and doing it while following 'the rules'.
ThomPete 3 days ago 0 replies      
You should consider getting an O-1 visa.
paulhauggis 3 days ago 0 replies      
Many people here talk about how 'terrible' the US is as a country. Yet, we see people like the OP trying everything in his power to get into the country.

It should really put things into perspective.

rokhayakebe 4 days ago 1 reply      
Hey, what kind of visa do you currently have?
mmaunder 3 days ago 0 replies      
It sounds like the poster is on a B1 or B2 visa which allows 6 months max stay. It's essentially a tourist visa that is issued for up to 10 years with max stay of 6 months and no right to work.

It's highly likely that he will enter a few times with short stays outside the USA and then get denied entry, sent to secondary processing at an airport, questioned and be offered: A) the right to contest his case in court which will mean jail time until his case comes up or B) The option to withdraw his petition to enter the USA and catch the next plane back to his home country. Most people choose B for obvious reasons which leads to you being marched through the airport by security and put on a plane back home.

What I'd very strongly recommend is to not go around offering to work for free. If you do in fact live in a war torn country and have 'lost all your savings', do what many offshore folks do and get a US company to hire you for pay and just work wherever you are and get paid in your home country. Why the "work for free" offer and why the long story? It makes companies nervous. We like to pay people for their good work whether in the USA or outside the country, but legally and above board. You should get paid too.

Just posting a few data points regarding H1B stuff and immigration in general:

Time varies for visa processing and 10 years is not average for most immigrants (as has been mentioned). It took me 6 months from zero to green-card and 3 years from conditional residency (green card) to full citizenship. Not H1B. So it varies according to type of Visa, where you file and your country. Wait times can be found here:


Microsoft brings in H1B's at a rate of 2000 to 4000 people per year into the Redmond area.


Google about the same numbers, mostly into Mountain View:


I'm not sure I agree about H1B being indentured servitude. I'd also add that, if your intention is to become a citizen via H1B, make sure you understand how the process works before you even apply for H1B:


paulhauggis 3 days ago 0 replies      
Presumption of stupidity aaronkharris.com
507 points by garry  3 days ago   178 comments top 39
minikites 3 days ago 11 replies      
Chesterton's Fence:

> In the matter of reforming things, as distinct from deforming them, there is one plain and simple principle; a principle which will probably be called a paradox. There exists in such a case a certain institution or law; let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, I dont see the use of this; let us clear it away. To which the more intelligent type of reformer will do well to answer: If you dont see the use of it, I certainly wont let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it.

swanson 3 days ago 7 replies      
The same presumption happens for people, too. Developers tend to assume that the people that wrote the terribly messy code that you inherited were incompetent. I think a much more productive and healthy attitude is to assume that everyone was doing the best they could, given their resources, knowledge, and deadlines at the time.

That might be a false assumption (look, some people just don't care) but you gain very little by complaining and getting mad at things that already happened.

We love to complain about things our predecessors did wrong, but often, we don't do those things either :)

brandonb 3 days ago 5 replies      
To generalize: competitors in a market usually behave rationally, and what looks like "stupid" behavior from afar may actually be unseen incentives.

Which suggests a test for your understanding of a market: can you map out the incentives and explain why what looks like apparently-irrational behavior is happening?

For example, in healthcare, we waste 30%+ of the $3T we spend each year. Much of that waste is due to hospital readmissions for an ongoing condition like heart failure. Startups sometimes try to fix this by developing a special machine learning algorithm to predict readmissions and apply an intervention. But even when the technology succeeds, the business fails: hospitals charge for readmissions, so there's an active disincentive for the hospital to buy the product. (That is now changing with ACOs, and a change in incentives is an opportunity for new companies.)

tomcam 3 days ago 1 reply      
I have never disparaged my competitors, but I'm a small fry. I can say that during four years at Microsoft (1996-2000, Development Tools group) I never heard the products of competitors disparaged that way. In fact, there was a weekly presentation of competing products and invariably the interest was in where we were lacking, not what was bad about them.

Likewise when customers came to visit us at trade shows my boss would sit politely through their compliments, then immediately jump to the question "So what don't you like about our product?"

Fast forward to today. I'm friends with top people at a Really Big Guitar Company and a Huge Amplifier company. Even in private, these C-level execs show nothing but respect for products of their competitors. They are not ashamed to own and even personally use said products (especially vintage ones).

It seems to me that dissing your competitors even privately can make you dangerously blind to the challenges they pose to you, set a bad example for your employees, and also restrict your job prospects should you decide to work for a competitor one day.

dceddia 3 days ago 1 reply      
This is a great thing to consider, and I think this presumption of stupidity bleeds over into other areas of life too.

Developers: inherited code is considered guilty until proven innocent. Or maybe more accurately, guilty until you've rewritten it. Surely the old developer had no idea what they were doing.

The "other faction": Democrats/Republicans, different religions, rich vs. poor people... most generalizations about the faction you don't belong to start off with thinking "they're so stupid". "Look at those Republicans/Democrats. Can't they see that Trump/Obama is just lying through his teeth?"

Bad actors: The presumption of stupidity carries over into the way people think about computer hackers and terrorists and the like. You'll see stories about how "those terrorists are learning how to use cell phones to detonate bombs!" or how "criminals are migrating online to prey on people with phishing attacks!" The underlying assumption is that they're stupid, but getting (dangerously) smarter.

I think we'd make a lot more headway in most areas by assuming our competitors, detractors, and wrong-doers are probably already pretty smart.

jleader 3 days ago 0 replies      
A lot of people seem to be unaware that companies survive by satisficing. That is, you don't have to do everything "right" to succeed in business. You just have to do most things well enough to not fail (don't break the law, don't forget to file your paperwork, pay your bills, etc.), and a few (one?) things outstandingly enough to win customers.

We've been brought up in school to think we have to get nearly every answer right on the test in order to get a good grade (and get more than half of the answers right just to not flunk out). In the real world, getting one right answer, and not screwing the rest up too badly is often enough (and sometimes only barely achievable!).

So maybe your competitor did something "stupid" because they're stupid, or maybe it's because that thing doesn't actually matter that much, and they're focused on doing something else incredibly well instead.

thenomad 3 days ago 1 reply      
An important line in the piece:

"Of course, just because you presume intelligence doesn't mean that every decision made was smart."

I'd rephrase as follows: it's unwise to assume stupidity on the part of your competition, but it's very wise to allow the possibility of stupidity.

With the corollary that if there's an inexpensive way to capitalise on that stupidity if it exists, it's probably worth trying, just in case the thing that's walking like a duck and quacking like a duck is in fact a duck.

As a tangent to that - the chances that assumptions of stupidity are correct go up in direct proportion to your level of domain knowledge.

I see a lot of non-film people say "the movie industry does $FOO and that's really stupid", for example, and 95% of the time, they're wrong and there are good reasons for doing $FOO.

However, I also see people who know the film world (including me) say "a lot of / most filmmakers do $BAR and it's dumb" - and $BAR has a considerably higher chance of actually being a dumb, common mistake.

k__ 3 days ago 0 replies      
I had the experience, that things people identify as "stupid decisions" are often just "economical decisions"

For example, a company I worked for had the best technology, but bad UI and the competitors had good UI, but their tech was old and inaccurate.

For years we thought they were imbeciles, because they didn't update their tech and we would smash them in the future, because they cannot catch up with us.

But in the end the customers bought the software with the better UI and didn't look behind the scenes.

So their decision was logical. Why pour money and time in parts of the software when noone wants to pay for this.

csense 3 days ago 1 reply      
This sounds like an instance of the fundamental attribution error [1]. It's a known human cognitive bias to blame others' failings on internal characteristics while seeing your own situation as more of a product of external influences.

[1] https://en.wikipedia.org/wiki/Fundamental_attribution_error

brianmcconnell 3 days ago 0 replies      
The important thing in analyzing a competitor's behavior is to understand the incentives motivating that behavior.

A common example in startupland is a company whose senior management has short term incentives that reward a fast exit over long term growth. That company may very well behave in ways that appear dumb to competitors with a long term focus. But if the "seasoned" CEO and his cronies get their compensation even in a mediocre deal, why bother trying to build a company for the ages when they can cash out, rest a bit and land in a similar situation at the next gig?

jasode 3 days ago 0 replies      
When I read the essay, I thought of P Thiel's question of self-reflection that analyzes in the reverse direction:

"What important truth do very few people agree with you on?"[1]

I interpret "truth" to really be a highly-opinionated belief rather than something like "2+2=4". In other words, what factors do you believe in that would make the business model successful that outsiders would dismiss as insane or stupid?

(On trivia related note: I notice the blog as the title of "stupitidy" instead of "stupidity" so I'm not sure if there's an inside joke I missed.)


normloman 3 days ago 1 reply      
Founders presume the stupidity of the competition because they're arrogant. Silicon valley, with it's notion of creative destruction and disrupting the establishment, encourages arrogance. We're blinded by the notion that new always trumps old, so we never consider that the established industry has reasons behind how it runs.
PaulHoule 3 days ago 1 reply      
One thing I learned the hard way is that if you are on the right track, your competitors are probably barking up the same tree and are further along than you would think baes on what is public.

For instance there was a period of many years where both Google and Bing image search were embarrassingly bad and I was able to build something far better for a certain range of queries.

It took me a year to build out my system but in that year, Bing and Google both improved dramatically, so my demo comparing results with them was no longer impressive at all.

jacquesm 3 days ago 0 replies      
I tend to err on the side of caution with stuff like this, for instance when inheriting a code-base I assume the previous author actually knew what he/she was doing. But sometimes (not often) that can work against you as well. For instance when after spending sufficient time with said codebase you realize the original writer was entirely out of their depth and this was likely the first time they'd attempted to write something this complex.

But more often than not it is the presumption of intelligence that pays off.

suhail 3 days ago 0 replies      
Great advice.

I do think that you should try to think about how you might try to solve something before looking at what your competitors do. The reason being that it's easy to trap our minds into thinking that there are no other solutions unless they fit into a similar box of what's already working. Navet combined with thinking for yourself can often be a powerful reason why many startups succeed.

If your solution ends up looking similar, at least, it was likely derived from first principals vs the path of least resistance: blind copying.

jusben1369 3 days ago 1 reply      
I think this is the classic problem of advice giving that's so prevalent in the startup community today. It won't be too long until we're all praising a tweet or article that talks about only those who brashly challenge the status quo and assume the entrenched players are vulnerable, bogged down with legacy issues and fat and lazy on an existing revenue stream are ripe for the disrupting. Those who sit back and say "Well maybe there's a reason they do things this way I'm not sure" aren't bold enough and won't be the recipients of the spoils of disruption.

Not that this article is bad. It's just datapoint 107 that a founder has to reconcile with all the other competing advice.

bro-stick 3 days ago 0 replies      
Not much else to add. Presume a larger, smarter, better funded team is working stealthily in another office somewhere to kick our ass... anything else is complacency. Worse, following that path, leads to hubris at some juncture: excuses rationalizing cutting the wrong corners or shortchanging the customer that could prove fatal in a game of inches in the marketplace. There are at least a quadrillion ways to fail, and 99.997% of them will be my doing. Rational paranoia is healthy, because your product/service needs to be so well-regarded by people other than the team or supporters that it demoralizes potential adversaries that they don't want to compete. Even then, it still may not be currently as good in other key areas of focus as a competitors.

(Btw, the Thiel view of not picking fights you can't dominate and Buffett's sticking to defensible business models is a good mindset to calibrate a venture's success per risk gut perception. And with timing, team and execution you might just make something that hits.)

simonswords82 3 days ago 0 replies      
Great article, taking the thinking further...

Everybody watches their competitors, it's entirely natural. It's solid advice to study them, and try to stay/get ahead of them where possible. This doesn't just apply to app features, but every facet of the business across many disciplines (sales/marketing/development/back office etc).

On the other hand, building a business based solely on a competitor's business decisions and not doing your own homework is the path to madness. We might take inspiration from our competitors, but we always check in with our customers next to make sure they actually want the feature. It's also our job to get feedback on not just what we're doing but also how we're planning to do it, as our users might have unique business requirements that our competitor's users do not.

artumi-richard 3 days ago 1 reply      
I think you can generalise one more step up. Markets that look horribly inefficient may well not be.
tr352 2 days ago 0 replies      
Working in academia, I've experienced this too. I've read work in my field of research that I dismissed as bad work or not worthwhile, simply because I didn't fully understand them. Too complicated, strange background assumptions, not well motivated, etcetera.

Then later, while developing my own work, I find that I end up with the same complications, that I'm forced to make the same background assumptions, and I have the same difficulty in motivating my choices.

joseraul 3 days ago 0 replies      
People may have a sense of superiority, especially smart ones. Chess world champion (and genius) Bobby Fischer once said: "My opponents make good moves too. Sometimes I don't take these things into consideration".
colordrops 3 days ago 0 replies      
This mindset can be seen in other systems of thought. There are a large number of species known to man, yet we somehow think that we are the pinnacle of the tree of life, despite the fact that this is statistically highly unlikely when only taking into account pure numbers. Considering the dimensions now accessible to us that were completely unknown even 500 years ago, it doesn't seem a large leap at all to posit that there are other dimensions we are currentlt unaware of that contain life forms in the same tree as ours that are far more advanced and perhaps even invisible to us.
mnw21cam 3 days ago 2 replies      
Love the (deliberate? ironic?) mis-spelling of stupidity in the title/url.
lpolovets 3 days ago 0 replies      
This is so true. As a investor, I hear a lot of pitches where the founders say their competitive advantage is that they execute better (the flip side of believing everyone else is dumb is believing you're especially smart). Do you know who else claims they "execute better"? Everyone. That kind of attitude usually reveals that a founder doesn't have a real sense of what makes their company special and defensible, and is a bit of a yellow flag for investors -- well, at least for me.
DrNuke 3 days ago 0 replies      
Uh, I was thinking this article is more business-side than operational? Easily put: a business exists if it stays afloat and fences are often the way not to go under, even if they appear stupid from outside. Many times, fences are the only common ground between sellers and buyers. Removing fences is, a lot of times, pretty stupid = you geniuses operate at a loss and survive from artificial money or VCs until you are allowed to.
Bartweiss 3 days ago 0 replies      
This is an excellent observation. When you encounter a suboptimal system, there's a substantial chance that it either produces some unnoticed benefit or results from some coordination problem that can't be overcome by "just not doing that".

In either case, successful solutions have to work around the gap in the system rather than simply charging into it.

riemannzeta 3 days ago 0 replies      
Despite the flaws in the rational model of economics and the efficient market hypothesis more generally, I have always been fond of the more humble, observant posture it gives us in considering others' behavior. The flaws in the rational model are well-known. But as a presumption, it certainly works better than its opposite.
nitwit005 2 days ago 0 replies      
This is probably not a correctable problem. People don't start businesses if they think the competition is highly competitive and intelligent. They start a business of they perceive a weakness in the market, or believe they have a unique capacity to succeed.
codyguy 3 days ago 0 replies      
I am confident of the value I deliver but I don't call my competitors stupid. One person being correct or a winner doesn't mean others are stupid. Maybe some people can deliver value where the competition doesn't. Could be due to some leverage or insight or creativity.
ZoeZoeBee 3 days ago 0 replies      
This works well when considering people in your own field, you know what it took for you to get there and you can assume they've had similar experiences.

However when you are considering the general public it is best to presume stupidity and design with that in mind.

danielweber 3 days ago 0 replies      
I've experienced this myself.

Sometimes what our competitors were doing was stupid, and we ate their lunch.

Sometimes what our competitors were doing was the only way to really run things, and we had to adapt to follow them.

jhonovich 3 days ago 0 replies      
It is valuable to determine what technology, not available in the past, would cause a reasonable insider to change their decisions if they could implement that technology.
donarb 3 days ago 0 replies      
Once again, xkcd explains all.


QuantumRoar 3 days ago 2 replies      
btbuildem 3 days ago 0 replies      
Those folks are just being introspective, that's all..
shurcooL 3 days ago 0 replies      
Agree with the first 3 paragraphs so much, well put.
andyidsinga 3 days ago 0 replies      
see also: Sarah Silverman's bit on scientology and things that sound weird.
logicallee 3 days ago 2 replies      
I couldn't disagree more. When Mark Zuckerberg turned down $1 billion from Yahoo[1] when he was 22, and FB was two years old at the time, because they were "stupid and didn't get it, so they obviously were't valuing the company" properly he was right.

The direct quote is:

>Thiel described the argument Zuckerberg finally came down on like this: "[Yahoo] had no definitive idea about the future. They did not properly value things that did not yet exist so they were therefore undervaluing the business."

Yahoo's market capitalization in July 2006 was $42.51 billion. A 22 year-old presumed they were stupid, and he was right. [2]

Today FB has a market cap of $264.91B and Yahoo? Down to $35 billion after 9 years of growth.


[1] http://www.inc.com/allison-fass/peter-thiel-mark-zuckerberg-...

[2] by the way to get the market valuation at the time, I did this search: http://www.wolframalpha.com/input/?i=what+was+yahoo%27s+mark... I can't believe it worked! I used wolframalpha because this is the kind of search they promise they can answer - and they were right, they actually delivered. Nobody else on the face of the planet does this, and it shouldn't even be possible. But it is. If you think something is possible, JUST DO IT. If you think your competitors are stupid (compared to what you think you can do), you're probably right. (or you wouldn't have that thought.)

noobplusplus 3 days ago 0 replies      
Show HN: Big List of Naughty Strings for testing user-input data github.com
502 points by minimaxir  3 days ago   79 comments top 27
rspeer 3 days ago 5 replies      
Most of what I do involves the messy world of text, and I think this is a great resource. I wish the software I depended on tested against it.

I can think of a few more cases that I've seen cause havoc:

- U+FEFF in the middle of a string (people are used to seeing it at the beginning of a string, because Microsoft, but elsewhere it may be more surprising)

- U+0 (it's encoded as the null byte!)

- U+1B (the codepoint for "escape")

- U+85 (Python's "codecs" module thinks this is a newline, while the "io" module and the Python 3 standard library don't)

- U+2028 and U+2029 (even weirder linebreaks that cause disagreement when used in JSON literals)

- A glyph with a million combining marks on it, but not in NFC order (do your Unicode algorithms use insertion sort?)

- The sequence U+100000 U+010000 (triggers a weird bug in Python 3.2 only)

- "Forbidden" strings that are still encodable, such as U+FFFF, U+1FFFF, and for some reason U+FDD0

People should also test what happens with isolated surrogate codepoints, such as U+D800. But these can't properly be encoded in UTF-8, so I guess don't put them in the BLNS. (If you put the fake UTF-8 for them in a file, the best thing for a program to do would be to give up on reading the file.)

jsat 3 days ago 4 replies      
"#Server Code Injection##Strings which can cause user to run code on server as a privileged user (c.f. https://news.ycombinator.com/item?id=7665153)

/dev/null; rm -rf /*; echo"That's a little aggressive for testing no?

afandian 3 days ago 3 replies      
One fun (and very interesting) string is EICAR[0]. I worked for an antivirus company once and we had the EICAR string for testing but couldn't check it into source control because it triggered the AV software which we dogfooded...

Is it naughty to include it here?

[0] https://en.wikipedia.org/wiki/EICAR_test_file

efriese 3 days ago 1 reply      
Yeah, I would make the SQL injection and command injections test a little less kinetic =). Using a simple SELECT test, like SELECT @@VERSION, would be a little safer... Edit: Forget to say thanks! This is a pretty cool list.
tptacek 3 days ago 1 reply      
This is good. There are lots of lists like this; you might find additional strings to add to it here:


Fuzz lists are to web pentesters what drain snakes are to plumbers.

simonw 3 days ago 1 reply      
It's not completely clear to me which encoding the blns.txt file uses. Since this project is all about weird/evil bytestrings, the encoding of the file itself is very important.

Using a newline as a delimiter in that file excludes newlines from being part of the strings you are testing - but newlines are an important "naughty" character to consider. Unfortunately the same is true of basically any other common delimiter character.

Maybe base64-encoding the strings would be one way to solve for this? You could use base64-encoded values in JSON, for example.

adzicg 3 days ago 0 replies      
for anyone testing web sites, I built a chrome extension that makes things like this available in the right-click menu [1]the code is on github, so it can be easily extended [2]

[1] - https://chrome.google.com/webstore/detail/bug-magnet/efhedld...

[2] - https://github.com/gojko/bugmagnet

acehyzer 3 days ago 1 reply      
If I put this into my company's tests, we'd end up with no users... I have a lot of work ahead of me. :/
thomasfoster96 3 days ago 1 reply      
Unintentionally, this also shows that GitHub is going pretty well when it comes it sanitising user inputs.
orf 3 days ago 1 reply      
Looks interesting, but the Script Injection, SQL Injection and Server Code Injection sections need a lot more samples to be remotely useful.
siculars 3 days ago 1 reply      
Nice "in the beginning..." hebrew string:

, , ,

itaibn 3 days ago 1 reply      
The list seems to be missing the simplest naughty string of all: The empty string!

(Well, the text file has empty lines separating the comments and example strings so it technically includes the empty string, but it's not in the JSON file.)

jl6 3 days ago 1 reply      
Is the scope just well-formed strings or would you consider adding binary nasties like null bytes, mal-encoded characters, or even just newlines on their own?

What about XML billion laughs strings, or parser-busting very long runs of parentheses?

hoprocker 3 days ago 2 replies      
Nice; sort of a programming complement to Shutterstock's _List of Dirty, Naughty, Obscene, and Otherwise Bad Words_[0]. So helpful to have a bunch of minds working on useful lists like this. Good to see that GitHub passes this test!

[0] https://github.com/shutterstock/List-of-Dirty-Naughty-Obscen...

reitanqild 2 days ago 0 replies      
Anyone knows if anything similar exists for telephone numbers?

Edit: Found this two minutes later: https://github.com/googlei18n/libphonenumber, seems to be an official Google product and Apache licensed.

joelcollinsdc 3 days ago 0 replies      
Great list. A few questions:

* How could this be used to test 'corrupt' characters? Isn't the process of savign the file itself as UTF-8 un-corrupt...the file?

* Is there some recommended way to group these into "strings that should pass validation" versus "strings that should fail"... or is that too application-specific?

pbnjay 3 days ago 1 reply      
If you really intend this for use in testing, I'd suggest making the injections less nasty. I could easily see a junior dev slapping this in and deleting some important stuff.

I'd also add more invalid UTF encodings and embedded null bytes, etc. The JSON format would be preferable to plain text for that though.

userbinator 3 days ago 1 reply      
/dev/urandom can also be used as a source of random and unusual input data, as it contains by definition all 256 byte values and 65536 2-byte values, 16M 3-byte values, etc., and should eventually output every possible string.
x0 3 days ago 0 replies      
I absolutely love strange unicode strings. It's handy if you ever want to find out what a server's running. One time, I put a bunch of emoji's in a GET param of a Google site, then got a big Java error page. I had no idea Google ran Java.

Edit: Another one that tends to be fun is [] in the param, like http://example.com/?get[]=[].

And you can things inside, like http://example.com/?get['"%05<!]=[%FE%FF]

nradov 3 days ago 0 replies      
For more great examples of "naughty" strings see the Twitter @glitchr_ account.https://twitter.com/glitchr_
webo 3 days ago 0 replies      
I don't deal with user input validation, but any resources for reading about handling various inputs like the ones in blns?
TallGuyShort 3 days ago 0 replies      
I don't recall exactly where this was, but I know I've worked with an API before that sometimes dropped requests, and it was because some randomly generated data included 'naughty text' like 'xxx', or profanity. I was expecting a dataset intended to catch this problem...
homakov 2 days ago 0 replies      
Should be 1 long string, then if something fails use bsection
rectangletangle 3 days ago 0 replies      
This should be really handy for fuzz testing, nice work!
iopuy 1 day ago 0 replies      
ivanca 3 days ago 0 replies      
Complete AI is no the hardest problem in CS, parsing text is. Joking aside this reminded me of that CSS vulnerability that allowed attackers to read peoples mails: http://scarybeastsecurity.blogspot.com/2009/12/generic-cross...
ck2 3 days ago 1 reply      
OT but is there a way to see projects with the most stars on github?

This one seems to be skyrocketing.

Oh here we go, and lookie who is at the top: https://github.com/trending

The Hamburger Menu Doesn't Work deep.design
477 points by networked  3 days ago   173 comments top 51
weinzierl 3 days ago 0 replies      
I researched this topic a few days ago and beside the (excellent) article from James Archer, I found the following links worth reading:

 Why and How to Avoid Hamburger Menus[1] Hamburgers & Basements[2] An Update on the Hamburger Menu[3] The Hamburger is Bad for You[4]
A bit off-topic, but the Hamburger icon was actually invented at Xerox PARC[5].

[1] https://lmjabreu.com/post/why-and-how-to-avoid-hamburger-men...

[2] http://jxnblk.tumblr.com/post/36218805036/hamburgers-basemen...

[3] http://jxnblk.tumblr.com/post/82486816704/an-update-on-the-h...

[4] http://mor10.com/hamburger-bad/

[5] http://gizmodo.com/who-designed-the-iconic-hamburger-icon-15...

abalone 3 days ago 5 replies      
It's very interesting that Apple just adopted a hamburger menu for their apple.com redesign (mobile version). They even told everyone not to use hamburger menus at last year's WWDC! [1]

[1] WWDC 2014 Session 211 Designing Intuitive User Experiences @ 32:00, available here: https://developer.apple.com/videos/wwdc/2014/

Addendum: It's a responsive design so you can see this even on a desktop browser just by shrinking the width of the window. The top menubar collapses into a hamburger.

Addendum 2: Illustrated transcript here: http://blog.manbolo.com/2014/06/30/apple-on-hamburger-menus

dperfect 3 days ago 7 replies      
Before hamburger menus became popular, weren't people complaining about the exact opposite problem? That is, if you break out the menu items into more prominent interface elements (e.g., tab bar items), then you're at risk of cluttering your visual design with less-common functions. As in all things design, I suppose a balance needs to be found, but I personally don't find anything wrong with a hamburger menu per se.

Almost everything has or needs something like a hamburger menu somewhere. Can it be abused? Yes. Does that make it inherently bad? I don't think so.

WorldMaker 3 days ago 1 reply      
One of the things that I felt Windows Phone 7 and 8/8.1 in their design language did well was encouraging designs that were better than the hamburger (pivots and sprawling "hubs" that encourage you to explore in two dimensions; app-bars with ellipses).

It's interesting to see Hamburger menus bleeding back into the design language with Windows 10. It seems a strange, sad concession to meeting Android/iOS designs and even Desktop designs (with their million year old menu bars) "half-way". That said, one of the interesting twists that Windows 10 designs thus far tend to put on the Hamburger menu is that secretly in many cases the Hamburger icon is just a replacement for the Windows Phone 8's App Bar ellipsis:

The items on the bar show just icons at tablet size or lower and the Hamburger simply reveals app labels and maybe (rarely) lesser used text-only options. (At larger than table sizes sometimes the bar defaults expanded rather than condensed.)

This roughly corresponds with the Facebook suggestions in the article here.

The interesting differences to a WP8 app bar are that the W10 hamburger "app bars" have mostly gone vertical and the hamburger is a toggle rather than the WP8 app bar ellipsis was a "slide".

It will be interesting to see how this design language continues to accrete/evolve as Windows 10 Mobile gets closer to launch.

freshyill 3 days ago 5 replies      
It is almost always preferable to have all of your options available to the user at all times. However, it's very important to make the distinction between apps and websites when talking about a hamburger menu.

A tab bar is great in an iOS app with a limited scope of functionality. That just doesn't work a sprawling news site covering dozens of topics. A small, product-focused website may even be able to get away with showing all of their navigation options at once. For many sites, however, it's unfortunate, but sometimes you just need a well-organized junk drawer inside a hamburger menu.

corysama 3 days ago 2 replies      
My summary. Tell me if I missed something.

Hey, designer. I know screen real estate on mobile is extremely limited. I know it would be really nice to fill the whole screen with content and just have a little, square, "more" icon tucked in the corner. I know you've tried to establish the hamburger icon as the universal "more" icon.

Too bad. Users aren't catching on as quickly as you'd like. They don't notice, understand or utilize the icon. Even if they do notice and understand, an ambiguous "more" is dramatically less engaging than explicitly showing what they can get. A "more" icon is asking them to expend effort up front exploring your interface with no clear reward in sight. So, they don't bother. Like, a measurable 50+% drop in engagement don't bother.

So, stick to tab bars as much as you can. It seems like a waste of screen space. But, the results still seem worth the cost.

mark242 3 days ago 3 replies      
James Archer, author of the piece, is Chief Creative Officer of both Crowd Favorite, and Forty, both of which use -- surprise -- the hamburger menu in their mobile sites. Is this another case of "do what I say, not what I do"?
masswerk 3 days ago 1 reply      
> "and its consistent with the logic of the progressive disclosure design pattern."

And this is the crucial misinterpretation. Progressive disclosure as defined and used by Xerox is about objects and related actions. And it's all about visible objects! [1]

(Mind the classic example of a square in a drawing application: Clicking the shape discloses editing functions and displays handles to size the object.)

And here is the real problem: The hamburger icon as used today has no other object but the global context. By exposing context to the global context, it's a mere apropos without an object the user might relate to.

When Norm Cox designed the original icon for the Xerox Star user interface, it was a visual anchor for a menu revealing contextual functions to the visible content of the document. (Like selecting rows, etc. [2]) This is notably something else than the global, quite abstract context of a site navigation, disclosing navigational functions to address off-screen content.

Today's hamburger icon is just a paradigmatic misunderstanding.

[1] "A subtle thing happens when everything is visible: the display becomes reality. The user model becomes identical with what is on the screen. Objects can be understood purely in terms of their visible characteristics. Actions can be understood in terms of their effects on the screen. (...) In Star, we have tried to make the objects and actions in the system visible."(Designing the Star User Interface; David Canfield Smith, Byte, Issue 4/1982)

[2] Compare: http://g.recordit.co/8Q5oAYCaVx.gif(Outtake from a ACM CHI 1990 conference video, https://vimeo.com/61556918. Mind that the window-less bar at the top represents the global system as opposed to the document window below and its menu button(s).)

pxlpshr 3 days ago 1 reply      
It should be obvious to most designers that critical features of your product should not be buried or hidden.

I disagree with this article that hamburger menus should be burned to the ground. I think it's useful for tucking away secondary or tertiary functionality.

* Facebook still uses it for accessing your friends list. With smartphones growing in physical size, there is more vertical real-estate to bring the tabnav back.

* Despite it not working for NBC, it seems to be working well for New York Times and not yellow. And I actually really like NYT's new page layout.

* Google Maps uses it also not yellow.

oneeyedpigeon 3 days ago 1 reply      
Chrome has a hamburger menu, even on a huge desktop screen with plenty of room for a proper menu. OSX has an excellent universal menu which, due to consistent placement, behaviour, and content, provides a high level of usability. Chrome's hamburger menu duplicates some - but not all - of its functionality, and includes some bonus functions not available in the main menu at all. It also has a submenu named - and you might want to check this yourself, because it's pretty hard to believe - "More tools".

The main menu would be absolutely fine on its own; I think the hamburger menu is present because it's present on Windows, which - of course - doesn't have a universal menu. Still, I'm not letting Google off the hook here. These flagrant abuses of usability are things that the average undergrad should be able to identify, yet one of the biggest companies in the world can't? Disappointing.

danneu 3 days ago 0 replies      
The hamburger menu's entire value is that it's a simple default that you can generalize even programmatically across all websites. It's why the frameworks mentioned in the article can implement it for you. It's a place to start.

But it requires some deliberate thought, effort, and app-specific solutions to replace it with something better, and that planning makes you answer all sorts of hard questions you might've not ever had to answer about your website/product, like "how are my users actually using this?"

I'd wager that everyone agrees that their own site's hamburger menu is a sore spot, suboptimal.

But the next rung up is a taller order than these types of articles admit.

I think a good follow-up blog post would be "Design patterns for escaping the hamburger menu" that showcases a variety of real-world approaches.

makecheck 3 days ago 1 reply      
Long before these mobile menus appeared, an icon with a series of lines always meant "drag here" (e.g. in a desktop app, inside a resizable divider or a size box).

My first impression of these was therefore to try to grab them and pull, as if to slide the bars that they appear on. Unfortunately, even now, most implementations of "hamburger menus" do the worst possible thing when you try to slide them: nothing at all.

And then there's the weirdness of seeing them on the desktop where there is plenty of space. It's the same frustration I feel whenever I see a desktop app force content into a tiny, non-resizable box with scroll bars on a 1920x1200 screen! If I have the space, I really, really want to use it. Any design that refuses to expand to available space is simply wrong.

DanSmooth 3 days ago 0 replies      
I might be missing something but the first Facebook example used in the article seems wrongly applied to this problem. They just transferred the menu bar to the bottom. All the icons, which were at the top, are now just located at the bottom. They are now easier to see - the text doesn't hurt also, and probably easier to use (no conflict with the phones top-bar), which could be the explanation for the observed results. The only difference I can see is the switch of the hamburger at the top with a search icon.

Nobody ever asked me - for obvious reasons, because I might be blind - but I'm partial to an icon where you have a + sign ("additional" items) on top a V ("directional clue"; could be pointed in other directions for a pull-up menu for example) to form some sort of arrow.

johnatwork 3 days ago 0 replies      
Another good observation on this by Luke Wroblewski. http://www.lukew.com/ff/entry.asp?1945
declan 3 days ago 2 replies      
My co-founder and I debated whether to use the hamburger menu for our iOS and Android apps (currently in beta -- https://recent.io/).

We decided to keep the hamburger menu on both platforms for launch. Our reasoning was that it's a common UI convention and our primary navigation options -- Home, Recommended, Hot News, Local News, and topics -- are visible in the extended app bar. An option to follow additional topics appears inline in the Home tab.

So the three functions that are only accessible through the hamburger menu are bookmarks, history, and settings, which seems like a reasonable compromise. You could use our app fully for a year, albeit with the default settings and no bookmarks/history, without ever seeing the hamburger menu.

Analytics shows that the hamburger menu is used frequently by our beta users, so I'm fairly confident that we made the right choice. On the other hand, the new YouTube Android app -- which had more in its hamburger menu than we do -- has moved in the opposite direction and eliminated it.

asgard1024 2 days ago 2 replies      
I hate the Nondescript Icon Movement. The Hamburger should die together with Three Dots, Angle Brackets and other geometric shapes that have a chutzpah to call themselves icons. Not to mention they killed the Tooltips!

These things don't appear in the vacuum - the Hamburger Menu originated from the Celtic Knot Menu, which was originally at the end of the Ribbon. The Ribbon itself confused the use cases of the Menu and the Toolbar, and was rightly criticized for that.

I am just learning Emacs and it's a little paradox that this aspie guy Richard Stallman is the one who got so many things around the UI right. We are unfortunately confusing "easy to learn" with "dumbed down so much there is nothing to learn".

kenrikm 3 days ago 0 replies      
In my apps I generally use the Hamburger menu to hide stuff that's required but not used very often. (Settings, legal agreements etc..) Since engagement is lower for these things anyway it allows you to have them there if needed without cluttering the main content that should be the focus.
ggchappell 3 days ago 1 reply      
Dare I suggest that the "gear" menu, so ubiquitous on Google pages these days, suffers much the same problems as the "hamburger"?
unabst 2 days ago 0 replies      
Regarding NBC, their failure wasn't in the hamburger menu itself. They didn't use it properly.

Their design had what looks like a menubar which is the precise anti-pattern to a menu-button. Those items, and what is showing already as top page content, is guaranteed to catch everyone's attention first. Those menu-button items are not only hidden and require an extra click, by design they have been made less important. And since so many sites have de-cluttered themselves by simplification, users' first impression is that they got rid of everything for the better... except it wasn't what they did, so basically everything under that menu was unreachable.

Two things would have been better. First, they could have kept the menu icon but had it expanded on the top page so that people would see those items as top page content, and also make the intuitive connection that there was a button that's associated with them. When the reader goes deeper, the menu items could then safely be hidden, with the user intuitively fetching them via the button as needed. Second, they could have given the button a name, instead of use the icon. For example, Amazon's "shop by department" button is the equivalent of NBC's hamburger menu. But since they have a menubar, instead of having a menu-button on a menubar, they put a menu-item instead by giving it a name and an equal member of the top selection. This upholds the primary design pattern in use.

NBC's designers went for the hamburger without knowing how to use it or understanding what made it popular. You cannot mix competing philosophies and color is no substitute for broken intuitions. Even now that they settled for the menu-bar, they don't have an at-state, under "more" we see the same items in the menu in different order, and they use the pinned menu that doesn't go away even when you scroll -- a design already falsified by the frame paradigm of 1999.

kazinator 3 days ago 1 reply      
The desktop Firefox has one of these. It's been quite unintuitive. It contains some commands depicted by icons, which constitute an overlapping set of the functionality under the regular F)ile menu, like "New Window", "New Private Window", "Print" and whatnot. But there are commands that appear in other menus: the monkey wrench Developer icon appears to have similar content to "Tools/Web Developer".

I think what we are supposed to understand is that this Firefox Hamburger Menu (FHM) is really a TOA: Toolbar Overflow Area. It's a repository of icons for doing arbitrary things.

Its Customize button at the bottom invokes exactly the same UI as View/Toolbars/Customize: a big view where you can move icons between an editable version of the FHM, the browser toolbar, and a repository of available tools (shown in the main pane as a large area).

So any item that can be on your toolbar can go into FHM, including bookmarks. Hence: TOA: toobar overflow area for items you don't use much.

It would be better if they initialized it empty, and if it somehow clearly communicated "Hey, I am a toolbar overflow area: put stuff here that would go on the toolbar that you don't need so much, when you don't have space on the toolbar."

Robin_Message 1 day ago 0 replies      
I'm surprised no-one has mentioned Android version 2 (vintage), which had a hamburger menu as a physical/soft button. It was then ditched and replaced with a app switcher button.

That hard button was even better from a real estate point of view, and since it was consistent across all apps it seems like users ought to have grasped it.

The surprising and important thing here is that, even if the user knows the menu is there and that, if asked, it could help them, it doesn't appear salient and doesn't get clicked.

k_sze 3 days ago 0 replies      
I cannot agree with the car analogy.

There are two reasons why the signs on the highway are so prominent:

1. When you are driving a car, you are basically meat bags inside 1.5+ ton collapsible metal cages moving around at 30+ or even 100+ km/h. One wrong move and meat bags risk being injured or killed. That's why the signs need to be simple and prominent.

2. A highway network has one and only one purpose: to transport people and things around, so the number of things that you can do on a highway network is inherently rather limited, which is why you can make decisions fast: go faster, go slower, stop, yield, merge, change lanes, exit a ramp, enter a ramp, turn left, turn right. That's why the signs can be simple and prominent.

Neither condition applies to websites in general:

1. If you lose your way on a website, you generally won't injure or kill anybody.

2. Websites generally don't have one and only one purpose, the number of things that you can do on a website cannot be expected to be limited. You could argue that the website menu should have one and only one purpose - to bring visitors to various pages - but that's not always true either.

cwyers 2 days ago 0 replies      
> Here are a few reasons why the design industry is having trouble giving up the hamburger menu:

list of reasons people are doing dumb thing, mostly blaming the people

Can we be honest here for a second? The reason people are still using hamburger menus is because people have to make things work for phones. Phones with screens that are vastly smaller than the screens on even the smallest laptop, even for people who are hauling around the biggest phablets they can find. And people with phones want to visit the same websites they visit on their computers and there just... isn't... room. The hamburger menu gives you close to double the space to work with, from a UI point of view.

The alternatives presented are partial solutions. It may well be true that more people are reaching for the hamburger menu than truly need it. But the tab bar example from the article only scales up so far before it stops being a valid solution. And I don't know if there is a really good answer that doesn't involve rewriting the web from the ground up.

leepowers 3 days ago 0 replies      
Or in short: Having a single, minimalistic hamburger icon doesn't convey enough information to be useful. It may be possible to improve engagement metrics by using informational icons and titles. None of these statements are particularly controversial.

So, should we web developers start ripping out hamburger icons on our sites. NO. Avoid groupthink. Implement and test layouts that produce measurable results. Removing hamburger icons is no panacea. What are the users doing? What does the data say? If cargo cult thinking produced an over-reliance on a single navigation icon, we aren't going to solve anything by snapping back in the other direction.

Also, there's a difference between a hamburger icon and a drawer menu. On mobile devices a drawer menu is still a fantastic way to reveal additional navigation options without a page reload over a (potentially) slow network connection. Stuffing a navigation list into drawer menu is an easy solution. But it may produce poor results.

kriro 2 days ago 0 replies      
The main takeaway (which should be obvious) is that you should test your navigation and probably test it a lot. It is very important and it does matter. I've caught myself thinking of it as a pesky thing and I'm not a designer and usually don't optimize for pretty because well I'm not good at it. But the fact of the matter (imo) is that focusing on content and navigation until you get them perfect is the best approach."Silly" exercises like card sorting early with potential users (or regularly for an existing site) are actually pretty solid methods to improve sites and apps greatly.
michaelpinto 3 days ago 0 replies      
I think the real question should be: Are users using the hamburger menu and do they know what it means?

Also this may not apply to apps, but on the web the hamburger is an indirect result of responsive design techniques where a navigation menu has to compress due to limiteds screen real estate in mobile.

But the funny thing is that as a designer I hate the hamburger because it does feel like a hack. Yet I can see the popularity is due to trying to have something work on both mobile and desktop.

In fact if you look at mobile only apps they tend to avoid the hamburger trap (example: Instagram) but if you look at any app with a desktop legacy (example: Facebook) you almost have to need it (unless you are willing to cut features or make a suite of apps).

emodendroket 3 days ago 1 reply      
The neat thing about UI is that even bad designs eventually become the best ones as people get used to them and recognize them. The hamburger menu appears on a bazillion sites and it's going to be familiar to most users soon if it isn't already.
rch 3 days ago 0 replies      
I think of it as the 'menu of last resort', that should never be a primary navigation element. In that sense it works just fine.

I might also refer to it as the 'vent', since it seems to heat up after a few months of not restarting my browser.

davnicwil 3 days ago 1 reply      
> As a last-ditch attempt to solve the problem, they made it yellow

Amazing! I could almost write a script for the meeting in which that solution was decided upon.

Rough sketch:

Idea is proposed by one individual at level N in the hierarchy. Some cursory justification is provided, based on theory from a design article they read, they think, or maybe it was a youtube video - doesn't matter: Yellow attracts attention! Green makes people want to proceed! Red makes people want to stop! It's so obvious.

Numerous objections are raised by individuals at level < N in the hierarchy, who have a fairly deep understanding of design and have thought a lot about the problem. The objections are considered briefly, and then summarily ignored.

Meeting concluded.

AlwaysBCoding 3 days ago 0 replies      
Just use a tab bar where the right most tab is "more" and that brings up more navigation options. Can still have more than 5 nav links and avoids the hamburger menu, you can thank me later.
jbob2000 3 days ago 0 replies      
I think the point was not to use the hamburger as a "catch-all". It's easy to just chuck features in there without thinking about how the users will truly interact with them.

The point I took away was that menus should have logical, semantic purposes, and common functions shouldn't be buried inside them.

capex 3 days ago 0 replies      
In a substantial app like Facebook or Spotify, the hamburger menu is still there, in addition to the thumb-able tabs. Large applications have a significant navigation structure, and you can't reduce them to 3 or 4 tabs. While the OP's arguments are good, is there a valid alternative?
tomphoolery 3 days ago 0 replies      
The fact that designers think this icon looks like a hamburger is the real problem with design these days. ;-
smcl 3 days ago 0 replies      
This example from the article still has a hamburger menu, just in a different location:


detrino 3 days ago 0 replies      
Reading this article I instantly saw parallels to Gnome 3 and it reminded me what a usability nightmare it is.
oompt 3 days ago 0 replies      
Shit parallax doesn't work either.
coldcode 3 days ago 0 replies      
It shouldn't be the only thought you have. The pluses are that people are used to it; sometimes common usage is better than inventing something unusual. But design should involve thinking about what people are trying to do with your app rather than starting with some design idea.
mark_l_watson 3 days ago 0 replies      
I like the hamburger icon because (I think) almost everyone who would read my web sites (technical stuff) knows what it is.

I agree that if the hidden menu has very few options then it is a good idea to have everything visible but that is not feasible for more than a few navigation options.

prawn 3 days ago 0 replies      
I generally use "Menu" alongside the burger icon to remove ambiguity, and still show 2-3 primary nav options alongside to minimise loss for those who don't use it.
doczoidberg 3 days ago 0 replies      
hamburger menu should only contain notbso often needed actions. There can be additional buttons in the GUI. Simple as that.

also most android apps support swiping from the border which gives the user a quick access to actions not using any space. The author doesn't mention it?

GolfJimB 2 days ago 0 replies      
Awesome! Redesigning away the hamburger menu on my site immediately.
malkia 3 days ago 0 replies      
ilaksh 3 days ago 0 replies      
I thought it was about food. I'm going to In-N-Out anyway.
InclinedPlane 3 days ago 2 replies      
Here's the core question, is this a permanent or temporary problem?

I remember back in the early years of the web (mid to late '90s) and one of the most important factors in designing websites was realizing that users don't scroll. They just didn't, and if your site design relied on that fact then you'd be screwed. But users learned to scroll, and now scrolling is perhaps the most important and most universal method of interacting with the web. In another 10 years will the hamburger menu become so well known and universally relied upon that not doing it will hurt your usability? Or are there fundamental reasons why it will never be good?

vacri 3 days ago 1 reply      
Why do designers gravitate to extremes in these fads? Skeuomorphic! Flat design! Everything in the hamburger menu! Nothing in the hamburger menu!

What's wrong with moderation? Day-to-day navigation elements shouldn't be in a hamburger menu (also, an extra 'click' for common tasks is bad), but there are plenty of non-everyday things that can go in there.

mynameismonkey 3 days ago 1 reply      
They really don't. Here's a bunch of A/B test results:

http://exisweb.net/menu-eats-hamburger and followup http://exisweb.net/mobile-menu-abtest




Anecdotally, I don't use a ton of mobile social apps, and the first time I encountered this icon I thought it was some weird play on an equals sign. Never occurred to me it was a menu. Now my own dev team is using it and for some bizarre reason I cannot convince them to stop.

Marazan 3 days ago 0 replies      
Animats 3 days ago 1 reply      
natch 3 days ago 1 reply      
Discovery of a new irregular pentagon that can cover the plane theguardian.com
470 points by tokenadult  2 days ago   121 comments top 23
cft 1 day ago 4 replies      
"That same year an unlikely mathematical pioneer entered the fray: Marjorie Rice, a San Diego housewife in her 50s, who had read about James discovery in Scientific American. An amateur mathematician, Rice developed her own notation and method and over the next few years discovered another four types of pentagon that tile the plane. "


jordigh 1 day ago 1 reply      
What's the point group for the first tiling on that webpage? It's a periodic tiling (unlike a Penrose tiling, which is only quasiperiodic), so the crystallographic restriction for two dimensions says the rotation subgroup of the point group must be one of C_2, C_3, C_4 (not C_5!) or C_6:


I can't tell by eye-balling it what the symmetry is for the first one, but its periodicity says it must be one of those. Quasicrystals with 5-fold symmetry are not exactly periodic.

There are only 17 wallpaper groups. Since this is a wallpaper, what is its group?


ab 1 day ago 0 replies      
It's interesting how your eye naturally groups the pentagons into the larger primitive unit, like the pinwheels of type 5.

Wolfram Alpha also has some things about tiling:http://www.wolframalpha.com/input/?i=pentagon+tilinghttp://www.wolframalpha.com/input/?i=pentagon+type+5+tiling

est 1 day ago 4 replies      
Meta question: where can I find list of simple unsolved/undiscovered problems like these in math?

It does not appear in https://en.wikipedia.org/wiki/List_of_unsolved_problems_in_m...

1arity 1 day ago 1 reply      
Perhaps the more impressive number is that they found 7 quintillion new irregular pentagons that can't tile the plane.
sandworm101 1 day ago 1 reply      
Wait a second. Aren't there actually two different pentagon shapes in use here?

Look at the yellow and blue in the OP. They are actually mirror images of each other. Maybe a mathematician would say they are the same, but certainly not someone cutting tile for a bathroom floor. And if these were proteins trying to form a cell wall, that mirroring would be a serious hurdle.

unfamiliar 1 day ago 1 reply      
I wish I had a bathroom to tile - I reckon this could be considered "in vogue" for the next 30 years or so, until they find a newer pentagon. Does anyone know if this can be coloured with 3 colours? Obviously 4 is possible due to the 4 colour theorem and 2 will not work due to to three faces sharing a corner.
Vexs 1 day ago 1 reply      
I think it's kinda funny that most of the tessellations are just using pentagons to make other shapes that tessellate naturally. I suppose the same could be said of most tessellations though, but it's still interesting.
infinity0 1 day ago 2 replies      
Many of these types are basically combining two pentagons into an octagon (or even hexagon) then tiling it across the plane. For some reason, intuitively those seem more easy to me (2 * 3, 2 * 4), so that you could just generate a bunch of them, and split them in two to create tessellating pentagons?

Even the example in the article can be viewed as a regularly tessellating nonagon. I don't see what's "irregular" about it? The article doesn't mention that word, but the HN title does.

laverick 1 day ago 5 replies      
"Attack on the pentagon" ...aaaand the guardian has lowered themselves to buzzfeed's standards.
jagermo 1 day ago 0 replies      
very well explained article. even I (with my little grasp on math) can see why its a big thing. Cudos to the author
cammil 1 day ago 2 replies      
"Every triangle can tile the plane. Every four-sided shape can also tile the plane."

Can someone point me to a proof of this?

huuu 1 day ago 4 replies      
Besides tiling your bathroom is there any use case for this? Or is this pure for fun and gaining knowledge?

Edit: The article is talking about building structures but isn't a triangle the most rigid form? And triangles are already used in building.

ben174 1 day ago 2 replies      
With only five points and < 180 degrees at each intersection, couldn't this problem have been solved by a computer via brute force in seconds?
devindotcom 1 day ago 3 replies      
This is cool, but I'm not sure why it's a hard problem to solve for a computer running through a ton of 5-sided polygons with some basic rules and attempting to tessellate them? Is there a reason that approach doesn't work, other than being rather un-romantic as far as discovering cool new things like this goes?
brunnsbe 1 day ago 1 reply      
For those interested in the subject here is an interesting video about using penrose tiling for street tiling in Helsinki, Finland:https://www.youtube.com/watch?v=yxlEojkVJ0c
hinkley 1 day ago 0 replies      
I don't know why, but this was the first question that popped into my head after seeing the diagrams:

Does anyone make bricks in these shapes? Those would make an awesome paver pattern.

infogulch 1 day ago 0 replies      
The first of the image of other tilings at the end of the article is almost obvious: it's just a hexagonal tiling where the hexagons are bisected.
Sniffnoy 1 day ago 1 reply      
Does anyone have a link to the actual paper?
ai_ja_nai 1 day ago 0 replies      
we can shape building blocks like those, now
zkhalique 1 day ago 0 replies      
nickysielicki 1 day ago 3 replies      
nether 1 day ago 0 replies      
Relay Technical Preview facebook.github.io
469 points by cpojer  2 days ago   106 comments top 22
AlwaysBCoding 2 days ago 2 replies      
I'm totally cool with Facebook mining my data if their open source keeps up this pace. GraphQL + Relay are total game changers for structuring web + mobile applications. Code bases get cleaner and more reliable. Less data gets sent over the wire. Other cool libraries are going to be built on top of Relay (I'm pretty excited to see what can be done now with ClojureScript components in .cljc files).

This is so awesome. Much love to everyone at Facebook that has made this possible. With React, React Native, Rebound, GraphQL, Relay etc... You're saving us all from drowning in complexity when buiding web/mobile apps and I love it. Keep fighting the good fight.

stevebmark 2 days ago 2 replies      
I'm really excited about this! While working on an "isomorphic" app, data fetching gets incredibly complicated. There are many edge cases. For example, when rendering on the server, you have to block all renders until all data fetching is complete. But on the client, you can show the view with a "loading" indicator, as in not block. But you only need to fetch data for that route on the client if it hasn't been fetched on the server...the rabbit hole is full of wheels you don't want to reinvent.

I'm hoping Relay solves the data fetch problem in a way that makes isomorphic applications much cleaner.

picardo 2 days ago 3 replies      
This is very exciting. Facebook's commitment to open source never ceases to impress me. They could keep this technology to themselves and have light years or we'd only read it in academic papers, like Google has done with its core technologies, and someone else would have to reverse engineer them. But Facebook gives the entire code base. No other large company I know of has such a strong commitment to open source.
TheAceOfHearts 2 days ago 1 reply      
The release commit is really the best:https://www.dropbox.com/s/9gx377scddhxo95/Screenshot%202015-...

All I can say now is: Got RELAY

_mikz 2 days ago 5 replies      
Have you seen the actual code of the mutations?


It is ... massive!

pathsjs 1 day ago 1 reply      
Can anyone explain what this is all about? I followed the tutorial, but still cannot understand what are the ideas behind Relay/GraphQL. There must be some principles why the application is structured that way, but without seeing them, it looks like layers of indirection for the sake of complication.

When React came out, the core ideas were crystalline, and I was able to see the advantages in 5 minutes and to actually start doing something in 15. I would be happy to share the excitement for Relay... anyone care to explain? :-)

timtadh 2 days ago 0 replies      
I wish facebook had not used "GraphQL" as their name for their SOAP/REST/RPC replacement. When I hear GraphQL I think of a query language for graphs. Like in (for instance) http://dl.acm.org/citation.cfm?id=1368898 . There has been a lot of cool research over the years on query languages for graphs. Facebook's "GraphQL" is totally nerfing Google's ability to find it.
lewisl9029 1 day ago 1 reply      
Any idea why they decided to use string-based queries for GraphQL?

I feel something that can be composed programmatically without having to deal with string concatenation like Falcor's queries or the Datomic Pull syntax proposed in Om Next [1] could be more flexible and robust. I may be missing something.

[1] https://www.youtube.com/watch?v=ByNs9TG30E8

jmcatani 2 days ago 1 reply      
The major advantage of Relay/GraphQL seems to be if you have one monolithic data model for your entire codebase. You are in effect, binding your views directly to your backend. This is great if you are a company like Facebook with a single graph holding all data.

Sadly working as a consultant, using Relay as prescribed offers little use for me as I port from client to client with widely different data models. I am interested in maybe using Relay in parent React components to keep logical separation between my models and views.

knite 2 days ago 3 replies      
I've skimmed the Relay and GraphQL repos, but I can't for the life of me figure out which database backends are supported. Can I put this in front of Postgres? Redis? How do I stand this up in front of an existing DB?
polskibus 2 days ago 3 replies      
Can someone explain to me how are they using all JS (node incl server-side rendering) stack in a company that is known for using PHP on the backend ?

Do they have a specific PHP-to-Node bridge on the server side? If they write isomorphic code, either they are writing apps completely separate from PHP or they have some kind of integration (Node-in-PHP?) running?

I would be grateful for hints, I'm looking into working more with FB tech but I can't do Node on the server right now. Knowing how their architecture looks like with PHP/Hack on the backend would really help.

chadly 2 days ago 1 reply      
How does this compare with Flux? Is it intended to be used with Flux or instead of Flux?
foxhedgehog 2 days ago 0 replies      
Exciting. So does this do away with implementations of Flux (like the excellent Redux), or is there room for them to work in concert?
TeeWEE 2 days ago 0 replies      
The idea of Relay is cool. And GraphQL is indeed a nice thing for mobile engineers and product developers. I think its a novel way to query data.

Note: i'm mainly covering GraphQL

What i'm missing is implementations. For graphql you want a Java/python implementaion ready that can be hooked into your storage engine.

For iOS / Android you need some code generation tools that can generate your clientside business objects from the graphql schemas.

When i think about it, GraphQL combines the best of the SOAP/XML era (schemas, type safetype, client generation) with the new REST/JSON world (low footprint, simple structures).

However, it is still very difficult to adopt it.And most of the times, in a startup environment, you are faster implementing a rest api. And building your app on top of that. A schema (something like swagger, jsonschema) might help with client side code generation.

leothekim 2 days ago 0 replies      
This is the best commit message:

_ Give RELAY


zkhalique 2 days ago 1 reply      
Wow, looks like what we've been doing for the last 4 years is very similar to the design of Facebook's tools they've been open sourcing. That is some serious validation for our architecture!

(For anyone who's interested here was our design:http://platform.qbix.com/guide/tools, http://platform.qbix.com/guide/messages)

nwmcsween 2 days ago 0 replies      
So graphql is basically a query language and optimizer? Why not have a relational algebra library, query (sql, whatever) generator and optimizer as separate things?
platz 2 days ago 0 replies      
Seems like it has some similarites to OData.

BreezeJS is a stand-alone data library for SPAs which takes care of managing the lifecycle of data objects; querying, fetching, caching is all taken care of. Queries use OData by default

darkmarmot 2 days ago 1 reply      
Aspects of React, Relay and Flux make me feel like my company's js framework could end up like Leibniz once we release it this fall...
gamekathu 1 day ago 0 replies      
another awesome gift from facebook, thanks a lot devs! but i am still eagerly waiting for React native for Android.. any updates on its development?
fiatjaf 2 days ago 1 reply      
More undebuggable magic.
aikah 2 days ago 3 replies      
> While working on an "isomorphic" app

now you should say "universal", "isomorphic" was a poor choice of words at first place and led to a lot of misunderstanding(and bad blood between js developers and mathematicians)


> As applied to JavaScript, Charlie Robbins presented the idea in 2011. He called it "Isomorphic JavaScript" which has resulted in years of debate over the poor name. In recent months, the term Universal JavaScript has gained acceptance.

Lawrence Lessig wants to run for president in an unconventional way washingtonpost.com
440 points by nkassis  2 days ago   195 comments top 32
rayiner 2 days ago 8 replies      
Some of his ideas are great (particularly trying to take on gerrymandering), but I think on the money issue he's nearsighted.

> He launched Mayday PAC to much fanfare in the spring of 2014, billing it as the "super PAC to end super PACs." But it failed to play a decisive role in any race that year.

As Lessig found out, money by itself cannot buy power. Money is a means for magnifying the impact of forces that are already in play.

Consider, for example, climate change. During the last debate of the last Presidential election, Barak Obama was falling over himself to be more pro-coal than Mitt Romney. Was it because he hoped to court the coal-industry lobbyists and turn their firehose of political spending in his direction? There wasn't a chance in hell of that happening, and he knew it. He did it to court the voters in central and southern Illinois whose livelihoods are dependent on the coal industry there. We're a sprawling suburban nation addicted to cheap gasoline. Energy companies would have tremendous power even if they didn't spend a penny lobbying.

The same is true for banking and finance. People complain about fancy financial instruments, but at the end of the day main street businesses are utterly dependent on payroll loans, consumers are dependent on credit cards, and everyone wants to get a fat adjustable-rate mortgage so they can buy a big suburban house. Do you think banks need to spend any money lobbying to sway politicians in their favor?

And I'll also go out on a limb and suggest that money being a factor in politics isn't as bad as it seems. At least when money can influence politics, the noveau-riche can upset the old guard. Consider the auto industry. Traditional carmakers don't need to spend money to buy political power--the fact that they employ hundreds of thousands of middle-class workers guarantees that. But as traditional cars decline, and the Teslas and Googles of the world remake the industry, it's probably a good thing that those companies can use money to overcome the inertia and political mindshare of existing car companies.

ipsin 2 days ago 1 reply      


I will be surprised if he doesn't reach his $1M goal, and much more surprised if anything substantive comes of the effort.

The "launch and resign" plan smells bad -- it seems like a hack to avoid having a complete platform, implying that the government will lack a leader during that interval, and using that as motivation to pass the act seems like a bad idea. It also raises the question of who the real VP would be.

njharman 2 days ago 4 replies      
"Lessig said he would serve as president only as long as it takes to pass a package of government reforms"

Well that will take longer than two terms. Congress doesn't even play along with the people who are incahoots in rigging the system. It's beyond ridiculous to believe they will play along with their own destruction.

cryoshon 2 days ago 1 reply      
Hm, hopefully he won't act as a spoiler for Bernie. A Sanders-Lessig ticket would look pretty good if Bernie can't get Warren. Bit early in the game for that chatter, though.

Lessig still isn't a household name, so I think it's far too late for him to participate in this election cycle as a real candidate. That being said, he's also imperfect as a candidate for a few reasons. Lessig is really good at presentations and speaking eloquently, but he still doesn't quite rile people up in the way that is needed for his kind of insurgent campaign (against who, exactly?). Lessig also doesn't have the cash to get noticed nationwide. He's setting goals to raise a million, whereas Hillary is planning a billion dollar campaign, and the Republicans are likely planning a several billion dollar campaign for whoever they pick.

Also, an elephant in the room: the issues Lessig is running on (campaign finance reform, voting reform, ending gerrymandering) are not actually non-partisan in the way that he is trying to market them. Everyone (everyone!) knows that campaign finance reform, gerrymandering, and voter reform are the left's issues.

Why? Because the right in the USA needs voter exclusion and balkanization(via the false issue of voter fraud aimed at poor populations) in order to win elections. Campaign finance reform is similar; big money influences both sides heavily, but they favor the right for their business-friendly disposition. Big money favoring the right wing means that prospective candidates from the left are also vetted against how business friendly they are, pulling the mainstream left wing toward the right wing, assuming that candidates act rationally and take the money for grabs.

This series of behaviors ultimately results in the far-right wing business cartel promoters that currently comprise Congress. Claiming that Lessig isn't some kind of far-left (for the US) candidate is a tad disingenuous, even if he actually believes it. A popular and well-moneyed Lessig would be a huge threat to big money's influence on politics, to be sure-- in the way that Sanders is currently.

lvs 2 days ago 3 replies      
This may sadly pull some critical primary voters from Sanders, who stands in an ideologically similar area, assuming Lessig picks up any steam at all.
JayHost 2 days ago 0 replies      
I made 500 phone calls for Mayday last year on their behalf.

This is not Win / Lose or Patriots vs Seahawks.

This is forcing the most important issue to be confronted on the big stage.


ekianjo 2 days ago 5 replies      
> "We have this fantasy politics right now where people are talking about all the wonderful things theyre going to do while we know these things cant happen inside the rigged system.

Followed by:

> Lessig said he would serve as president only as long as it takes to pass a package of government reforms and then resign the office and turn the reins over to his vice president. He said he would pick a vice president "who is really, clearly, strongly identified with the ideals of the Democratic Party right now,"

So, wait. You don't want the "System", yet your Vice President is basically a member of the Democratic Party which is part of the precisely bi-party, rigged System right now ?

Makes a lot of sense if you want to perpetuate the said rigged System.

p_monk 2 days ago 1 reply      
If the problem is that monied interest control policy, "getting money out of politics" doesn't solve the problem.

Look as Israel as a cautionary tale of a country that did everything right according to the liberal prescriptions. Regardless of implementing everything that Lessig calls for, monied interests still control the political system.

How does it work?

Well, take a look at Sheldon Adelson's actions. In the US, he buys his influence by being one of the biggest GOP donors. In Israel, he buys his influence by operating the largest daily newspaper (Israel Hoyim), which he runs at a loss of 20+ million a year. Israel Hoyim is the mouthpiece of the Netanyahu government. The paper never strays from the party line, in the same way that Granma never strays from party line in Cuba. This gives Adelson a tremendous amount of influence over the government. Even moreso than he's able to buy in the US. Billionaires will always find creative ways skirt the rules and buy their influence.

ZoeZoeBee 2 days ago 1 reply      
It would be nice if the article articulated his ideas for change, other than just overturning the Citizens United decision. For decades the public who haven't been lulled to sleep have clamored for Campaign Finance Reform, increased Limits On Lobbyist, and Transparency.

What did we get. Citizens United, lobbyists writing 10,000 page laws riddled with loopholes, and Bills and Administrations which do the exact opposite of what they say.

jedberg 2 days ago 1 reply      
Most people don't care enough to care about or understand how important campaign finance is, so it's unlikely he'd even win the nomination, but hopefully he can get enough support to at least get into the debate and bring the issue to a wider audience.
tlb 2 days ago 1 reply      
"I will be leader just long enough to institute the necessary reforms" has led to lifelong dictatorships in other countries. Lessig doesn't seem the dictator type, but that particular promise should scare students of history.
arxpoetica 2 days ago 2 replies      
What if one likes the ideas (possibly?), but isn't a Democrat?

Makes it difficult when one doesn't like the VP.

nkurz 2 days ago 4 replies      
What't the advantage of Lessig's win-reform-resign approach rather than convincing a more electable candidate to commit to the same reform? If there is enough public support for Lessig to win the election, presumably there would be enough support for another candidate with more outside support (such as his designated successor) to win with the same platform.

The main reason I can see is that Lessig himself views his promise of reform to be more reliable than any another candidate's promise. True or not, I think it would be difficult to convince the general electorate that he should be trusted more than any other candidate.

drjesusphd 2 days ago 0 replies      
This is interesting, but I have a hard time seeing how being a transparent office holder (through voter referendums) would work for the office of POTUS. I can see it working well as a legislator and would prefer a system where one of the houses of Congress is direct referendum.

I think it would be far more interesting to completely "vacate" the office and do nothing, without formally resigning. The point being that elected officials have far less power than people think. I think the executive would function largely the same without a president or vice.

elihu 2 days ago 0 replies      
I'm having trouble imagining any outcome other than drawing votes away from Sanders. Even if he were to win the primary and the general election, congress is very unlikely to budge.

> "Even if she did say exactly the right things, I dont think its credible that she could achieve it because she and the same thing with Bernie would be coming to office with a mandate thats divided among five or six different issues," Lessig said. "The plausibility of creating the kind of mandate necessary to take on the most powerful forces inside of Washington is zero. This is what led me to recognize that we have to find a different way of doing this.

I don't agree with this logic, that "policital capitol" is split among multiple mandates, and that having more mandates makes you less likely to achieve any of them. Having a position on many issues just means that more voters have a reason to vote for (or against) you. Many of those positions are expected of someone running for office under a certain party, and not stating a clear policy preference doesn't usually win you votes from the other party, it loses you votes from your own party.

I think Lessig's efforts are better spent continuing to advocate for an article V convention and influencing congressional elections via the Mayday PAC.

drivingmenuts 2 days ago 0 replies      
It's a interesting idea, but hopelessly doomed. A viable candidate needs to articulate on many issues, as The President doesn't have the luxury of only focusing on a single issue. There's a whole cabinet full of people who run departments that he needs to have potential policies to put in place.

As a potential spoiler candidate, it might work by forcing more attention to campaign financing reform, but it's hard to take him seriously beyond that.

fractal618 2 days ago 0 replies      
Registered Independent voter here, he's got my vote.
alwaysdoit 2 days ago 0 replies      
I wish he would just run conventionally.
toyg 2 days ago 4 replies      
Depressing. The whole project basically ensures he won't be elected (who wants to vote for a President who will not rule?), he's just looking for some quick exposure.

It would have been more intellectually honest to do what Jeremy Corbyn has done in the UK: running wholeheartedly, albeit assuming he won't be elected, just to inject a range of ideas in the debate.

pbreit 2 days ago 0 replies      
If it wasn't so frowned upon for Electoral College electors to "change" their vote, wouldn't that enable more "third party" runs (which would be "a good thing")?

I'd actually like to see Trump or Lessig run but people are so worried about a like-minded candidate leading to their party's loss.

smacktoward 2 days ago 1 reply      
I admire Larry Lessig's ideals and motivations, but I feel like he consistently undermines his own efforts because of the small problem that he doesn't understand how American politics actually works and seems to have no desire to learn.
kevinpet 2 days ago 0 replies      
I guess we've now discovered our generation's Ralph Nader.
joe5150 2 days ago 0 replies      
"Lessig said he would serve as president only as long as it takes to pass a package of government reforms"

So in other words four years, eight if he gets re-elected.

Awfully roundabout way of saying that....

gweinberg 2 days ago 1 reply      
He lost me at Sanders.
Apocryphon 2 days ago 1 reply      
Would Lessig be an ideal "hackers' candidate"? Hypothetically, would he pardon Snowden and go after the NSA?
pbreit 2 days ago 0 replies      
Warren or Sanders? That's a non-starter. Those two are outlandish even to this progressive.
PythonicAlpha 2 days ago 0 replies      
For those, that do not yet know "Lesterland", should get to know it:

http://lesterland.lessig.org/(there is a great video talk of Lessig on the page)

BTW: Lessig is great!

anonbanker 2 days ago 0 replies      
He'd never win.But he's got my vote anyway.
MrZongle2 2 days ago 1 reply      
Nothing against Lessig, but he has about as much chance of becoming President as I do, and I'm not even forming an exploratory committee.

The American electorate has been conditioned to vote for Team Red or Team Blue, and within those increasingly-similar teams their preferred standard-bearers will be chosen by a consensus of large donors in a series of luncheons and closed-door meetings, primaries be damned. It's not so much a sinister New World Order conspiracy as it is a general desire by the elite to influence future governance to secure their wealth.

If this weren't the case, then Sanders' standing wouldn't be so noteworthy, and O'Malley wouldn't be concerned about his party's nebulous debate schedule. Likewise, we wouldn't be hearing as much about Jeb Bush.

I'm not saying that third-party disruption can't take place, but the time to be forming exploratory committees was months and months ago, if not years. The 2016 Presidential race is well underway, and Lessig hasn't even stepped up to the starting line.

wahsd 2 days ago 1 reply      
kuni-toko-tachi 2 days ago 2 replies      
Windows 10 phones home when you search your start menu, even with Bing disabled up1.ca
433 points by ultramancool  3 days ago   270 comments top 37
chatmasta 3 days ago 6 replies      
This also happens on iOS with spotlight. As far as I can tell there's no way to turn it off.

Source: MITM your iOS traffic.

Sidenote -- a possibly unforeseen side effect of end to end encryption everywhere is that it makes it far more difficult to man in the middle your traffic and hold companies accountable for their privacy policies.

unluckier 3 days ago 1 reply      
Is it really necessary to use a host that requires JavaScript to display an image?

Anyway, I've confirmed this. I've disabled web search and all of the other privacy options I've seen with Windows 10 during and after install. As soon as the first character is typed into the Windows 10 search box, the request goes out to www.bing.com. It doesn't say what you searched for (as the request happens before you complete the search), but it does send a lot of info to Microsoft about your platform, including a unique identifier.

blackbeard 3 days ago 3 replies      
I'm starting to think I need to worry about things getting out of my firewall more than things getting in.
justThis1Post 3 days ago 6 replies      
As time goes by, computer software begins to feel more and more hostile to the user. When I installed Windows 10, all the privacy settings made me feel like I was wrangling a beast rather than setting up something that would help me.

I don't know if there's any solution or if privacy is just a remnant of the past. Is Linux any better? And is there any way to own a smartphone which is built not to leak my information, either through the operating system or through 3rd party apps that request access to everything on the phone?

MichaelGG 3 days ago 2 replies      
I opened a bug (well, feedback item) during the preview about this. Even with the various group policy settings set, there was no way to disable web search. Rather unacceptable. One would think this has regulatory and compliance issues as well, no?
ikeboy 3 days ago 3 replies      
Just changed two rules in Windows Firewall to blocked and it appears to no longer send anything. https://i.imgur.com/a5yu5vb.png

Wondering if I should go through all the Windows stuff there and turn them off. Edit: just did (except for Edge and obvious internet related stuff).

Is there a way to change Firewall rules with a registry tweak? That would be the ideal way to distribute this.

Paul_S 3 days ago 4 replies      
Reminds me of when canononical did something similar with ubuntu and extended searching your applications to searching merchandise on amazon and other stores. It's really funny when you open the start menu equivalent at work to launch the terminal* and as you type "t" you get to see items you can buy - one of them being "The Simpsons". Genius.

* before you complain I use the start menu to launch the terminal: I never remember ubuntu shortcuts, it's meta+t on my system

nathanaldensr 2 days ago 3 replies      
The following fix worked for me. I don't see any outbound traffic on Fiddler when typing searches in the Start menu or when actually running the search. Granted, Microsoft needs to make this MUCH easier to do; the VAST majority of Windows users have no idea what group policies are.

1. Run gpedit.msc

2. Navigate to Computer Configuration\Administrative Templates\Windows Components\Search

3. Set the State to Enabled for "Do not allow web search", "Don't search the web or display web results in Search", and "Don't search the web or display web results in Search over metered connections"

4. Reboot

Enjoy. :)

abcxyz123 3 days ago 0 replies      
Foreshadowing? From April 2014:"To be able to truly benefit from this platform you need to have a data culture inside of your organization. For me, this perhaps is the most paramount thing inside of Microsoft," said Nadella.

"It's not going to happen without having that data culture where every engineer, every day, is looking at the usage data, learning from that usage data, questioning what new things to test out with our products and being on that improvement cycle which is the lifeblood of Microsoft."http://www.reuters.com/article/2014/04/15/us-microsoft-ceo-d...

RexRollman 3 days ago 0 replies      
Apple, Microsoft, and Google are on the road to destroying computing autonomy. I have been an OS geek since 1992 and I have never felt so disgusted with the commercial OS market.
bitmapbrother 3 days ago 5 replies      
Here's a list of servers Windows 10 contacts on startup. There are probably more, but these are the ones that showed up.













































ultramancool 3 days ago 3 replies      
This occurs even on Enterprise with Cortana and Bing disabled via the UI and via GPOs.
CSDude 3 days ago 2 replies      
Ubuntu does the same by default if you do not disable it via Privacy.

Not suprised that MS does this, however the sad part is for a simple search, there are literally thosaunds of bytes exchanged

blinkingled 3 days ago 4 replies      
It's the new norm apparently - everyone is doing this.

Apple gives OS X away but nobody has yet got the memo that you are becoming the product. (Yosemite does exactly that by default - you can disable it though.)

stevecalifornia 3 days ago 5 replies      
I wish this was happening on my machine so I could investigate, but it's not. Searches in Start ask if I want to search the web then open a browser.

I have the default search settings.

whalabi 3 days ago 0 replies      
Clearly, the norm is phoning home now.

Google perhaps sets the benchmark, every single action you take in Google apps, whether native or web, is tracked extensively.

As far as I know Chrome OS isn't an exception.

Perhaps we need firewalls to protect us from our own software.

jakub_g 2 days ago 1 reply      
It seems there would be a big market for an app with a nice GUI making it possible to change all the privacy settings of Windows 10 (as we go and discover stuff like this) in one single screen.
_up 2 days ago 0 replies      
I have the feeling. MS implements more Intrusive Adware and Ads in Windows 10 next year. And you basicly will have to decide if you want Ads or pay Monthly for an Advertising free experience (Enterprise Version).
Aoyagi 2 days ago 0 replies      
I don't see how is that strange considering in WP8 they send all primary contacts and calendar entries to THE CLOUD with no option to opt out and of course without telling the user, and considering what they've shown in Win10. Microsoft clearly hates privacy.
pedalpete 3 days ago 1 reply      
The start menu is a combination web-search and local search. How could it not 'phone home' on a web search? Note the address it is 'phoning home' to is Bing.

As far as what the contents of the package being sent is, I'll assume it is more information than necessary, and probably over-reaching until they get a slap on the wrist, but to call this phoning home is probably a stretch in itself.

-- Edit --Apparently the search still phones home even if search is disabled, which makes my point mostly... pointless.

I still suspect that this was an example of Microsoft (intentionally) over-reaching and that they'll backpedal on this now that it has been brought to light.

Shame is, it feels like they are breaking any goodwill that the community may have still had left for them.

ionised 2 days ago 1 reply      
Yeah I noticed this and was very annoyed.

I use Comodo firewall and have basically set up a load of rules to prevent phoning home of any kind except to check updates.

reilly3000 3 days ago 0 replies      
I'm presuming this is some kind of analytics function. Just as most sites send DOM events to GA based on every user's activity on your site, I'm guessing Microsoft wants to gather aggregated search patterns to better its usability. It's not cool that they didn't provide an explicit opt-out for this.
belgianguy 2 days ago 0 replies      
I wonder if it'd be possible to either blackhole all this nonsense, or to "quasar" their data servers with preset queries like "I like my privacy", "mind your own business" instead of your original query.
bitmapbrother 3 days ago 1 reply      
I installed Windows 10 yesterday and used it for a couple of hours before coming to the conclusion that I made an error in downgrading from Windows 7. Windows 10 feels more like their phone OS disguised as a desktop OS. Perhaps the most jarring part was how ugly legacy (Windows 7) apps looked in Windows 10. They didn't even bother trying to make these apps look nice. Also, their services are plastered all over the place and there's little you can do to turn these off. And then there's the numerous privacy invasive "features" proactively turned on for you when you install it.

Luckily, you have 30 days to change your mind and return to Windows 7. I did it within hours. I never liked Windows 8 and I think I dislike Windows 10 ever more. No wonder they're giving it away because had they tried to sell it then it would have probably met the same fate as Windows 8.

sandworm101 3 days ago 1 reply      
Another bad day for Microsoft. Another good day for linux.
narrator 3 days ago 1 reply      
I wonder what foreign governments such as China and Russia are going to do about this. How are they going to secure their networks from surveillance?
mirimir 2 days ago 0 replies      
I'm not much into Windows anymore, but this might be useful: https://www.wilderssecurity.com/threads/windows-10-privacy.3...
mark_l_watson 3 days ago 3 replies      
tremon 2 days ago 1 reply      
requires javascript; didn't read
mahouse 3 days ago 5 replies      
Do "normal" applications look blurry on high DPI screens?
jevgeni 2 days ago 1 reply      
I wonder how many people here complaining about privacy have frequent flyer cards or valued customer cards?
jug 3 days ago 0 replies      
Can you turn off search suggestions?

I assume it's like all those sort of services, like the Google Chrome address bar, etc.

vinbreau 2 days ago 0 replies      
Glad I use a launcher and rarely ever touch the start search.
orionblastar 3 days ago 2 replies      
Microsoft has almost always done this with Windows. Each new version had something new to phone home about. Previous Windows versions told Microsoft what apps you had installed, send in crash data, and other things.

Microsoft is doing the customer is the product thing that others have done for like the past decade. It is how they can give away Windows 10 upgrades for free, even to pirated copies, and still earn money off of it.

If you don't want to be tracked or spied upon:https://prism-break.org/

You shouldn't be using Windows but one of the free or open source alternatives instead.

HIPPA compliant offices cannot use Windows 10 because of the tracking it does and patient privacy laws.

Even worse is the Wifi sharing with social networks, if even one of your corporate employees has it turned on, their friends can get access to your Corporate Wifi and it is a security breach. You'll have crackers trying to friend employees on social networks of your company just to get the Windows 10 Wifi sharing password to get into your corporate network.

Even with all of the privacy settings turned off, there is most likely more stuff that phones home.

You know that given enough time video gamers will be forced into DirectX12 and have to use Windows 10. That business apps will be written for Windows 10 and force companies to upgrade. Sooner or later most people will have to upgrade to Windows 10 in order to run the software they need.

Woe be to the person who chooses express settings during startup. They will wonder why their Internet is so slow and woe be to them if they have a tablet with a data plan and wonder why they go over it.

zekevermillion 3 days ago 1 reply      
ultramancool 3 days ago 0 replies      
The difference is that in Windows 10 it can't be disabled fully.
VOYD 3 days ago 5 replies      
The magic of the Kalman filter, in pictures bzarg.com
436 points by tbabb  2 days ago   49 comments top 21
RogerL 2 days ago 5 replies      
I'll be shameless and point you to my book on Kalman filtering which I wrote in IPython Notebook, which allows you to experiment within your browser.


cr4zy 1 day ago 1 reply      
Another cool resource for learning to apply and implement Kalman filters is Udacity's AI for Robotics (focused on self driving cars) course by Sebastian Thrun. Apparently Kalman filters are how Google's self driving cars predict the velocity of other cars from their position.


jefvader 2 days ago 0 replies      
"In other words, the new best estimate is a prediction made from previous best estimate, plus a correction for known external influences.

And the new uncertainty is predicted from the old uncertainty, with some additional uncertainty from the environment."

Crystal clear - great article, thanks!

I also recommend Ramsey Faragher's lecture notes on teaching the Kalman Filter:http://www.cl.cam.ac.uk/~rmf25/papers/Understanding%20the%20...

sytelus 2 days ago 1 reply      
It's much easier to understand Kalman filtering in one dimension: http://credentiality2.blogspot.com/2010/08/simple-kalman-fil...
engi_nerd 2 days ago 0 replies      
Thank you to everyone who has posted resources in this thread. Just yesterday I was talking to a younger engineer about how one of our GPS systems works. I know the complete unit has a GPS and an IMU, and I knew of the Kalman filter, but was unable to explain it beyond "it combines the GPS and IMU inputs to create a position and velocity solution with greater precision and accuracy than can be achieved with either source separately". Now I have much reading to do, and so does the young engineer. Thanks! This will help for the long wait I have in the doctor's office tomorrow...
jongraehl 2 days ago 4 replies      
I like particle filtering because it's easy to understand and implement - https://en.wikipedia.org/wiki/Monte_Carlo_localization - and it's correct even for non-gaussian uncertainty.

Is Kalman filtering computationally more efficient (obviously particle filtering is stochastic and so trades off accuracy for compute) or does it have some other advantage?

papaf 2 days ago 1 reply      
This appears to be a really nice writeup. However, at the end:

For nonlinear systems, we use the extended Kalman filter, which works by simply linearizing the predictions and measurements about their mean.

I would recommend looking at an Unscented Kalman filter:


which sucks a lot less.

qntty 2 days ago 0 replies      
A few months ago I was trying to wrap my head around Kalman filters and this was the clearest explanation I found anywhere:


leni536 1 day ago 0 replies      
It was a surprisingly light read. I really liked the strong intuition based reasoning in each step.

When I was playing with different compass implementations in F-droid I recognized many of them uses Kalman filter for reducing the noise from the raw sensor data. Some of them (maybe only one) had some problems near the angle 0, where the sensor data jumps between almost 2pi and slightly above 0 frequently. The problem that the assumption that the measurement uncertanity is gauss-distributed is breaking there badly, since it will be a half gauss near 0 and an other half near 2pi. I don't know what is the general approach to solve this. I would solve this with either:

- Convert the angle into a unit vector and use that as measurement input. Then predict the actual vector and use its orientation for the compass.- Move the periodic window boundaries with a slow relaxation. So if I hold my compass in 0 angle direction, then all angle data is transformed into the [-pi,pi) range. If I hold it to pi direction then the raw data transformed to [0,2pi) range.

TL;DR: Be careful when applying a Karman filter on angles (or more generally R/Z).

nilkn 2 days ago 0 replies      
The literature on Kalman filters has traditionally been horrendous to a degree that is hard to believe, so this is a fantastic resource.
cshimmin 2 days ago 3 replies      
Perhaps this is a stupid question, but why is it called a _filter_? To me it just seems like a (very clever) linear projection.
acidburnNSA 1 day ago 0 replies      
We use these in the nuclear data community. Measurements of interaction probabilities between neutrons and nuclides are really complex and uncertain, especially for a few reactions like inelastic scattering. Kalman filters help tie the nuclear models and experiments together.
sharp11 2 days ago 1 reply      
This is great! Back in the '90s, I played with Kalman filters for a predictive navigation system. I had a couple of textbooks, but it was a bear to make sense of the math. Really wish I'd had this back then!

Nav applications are the ones you see most often; it would be interesting to see an example from a completely different domain.

joecomotion 1 day ago 0 replies      
In a past life, when I was mixing GPS, accelerometer, gyros, and tachometer sensors, Aided Navigation by Jay A Farrel (http://www.amazon.com/Aided-Navigation-High-Rate-Sensors/dp/...) was super handy.

Optimal State Estimation by Dan Simon helped, too:http://www.amazon.com/Optimal-State-Estimation-Nonlinear-App...

hebdo 2 days ago 3 replies      
Awesome! Kind of similar to the Viterbi algorithm, except that Kalman is on-line, while Viterbi works on the entire observed sequence at once, after it is fully known.
elliptic 1 day ago 0 replies      
Out of curiosity, how much better, typically, is the 'optimal' blending rule than blending with some random or 'reasonable' weights? Never really thought to ask myself that question...
pm90 1 day ago 0 replies      
I still find it astonishing how good of an abstraction Matrices are for representing physical data. In CS terms, the use of matrix notation has allowed the description of complex multidimensional systems to be scalable. i.e. instead of adding an entry to the equation for every equation, you represent ALL the variables in a matrix and change that one matrix instead. So, this way of representation allows one to observe the relationships between these numbers better.

Little wonder that beginner physicists spend so much time mastering matrices and linear algebra.

monochromatic 2 days ago 0 replies      
This is the clearest description I've ever seen of a Kalman filter.
codinghorror 1 day ago 0 replies      
This is a beautiful, well written, and clear explanation. The web needs much more of this, please!
sebastianavina 1 day ago 0 replies      
Even when told not to, Windows 10 doesn't stop talking to Microsoft arstechnica.co.uk
422 points by gregmolnar  16 hours ago   225 comments top 23
bsilvereagle 16 hours ago 4 replies      
> And finally, some traffic seems quite impenetrable. We configured our test virtual machine to use an HTTP and HTTPS proxy (both as a user-level proxy and a system-wide proxy) so that we could more easily monitor its traffic, but Windows 10 seems to make requests to a content delivery network that bypass the proxy.

Does this mean a Win10 machine setup to use something like Tor will leak the user's actual IP back to Microsoft? If you're VPN'd, is some traffic still leaking outside of the VPN?

From an engineering perspective, how is this happening? Does Microsoft have a second network interface hidden away using hardcoded settings for DNS, etc?

On a somewhat related note, if a Win10 app is cert pinning, is there a way to force it to use your cert so you can MITM it?

thescrewdriver 14 hours ago 5 replies      
Until recently Microsoft had taken a far more reasonable approach to privacy than say Google. Anyone remember the MS "gmail man" ads mocking the way Google inspects your email when MS doesn't? It seems that MS under Nadella has taken a decidedly Google-like turn away from privacy with Windows 10. MS seems as hell-bent as Google and Facebook to collect as much data about you as possible, even if it is for seemingly innocuous purposes.
datainplace 10 hours ago 6 replies      
Stupid question, but my Mom lives in a really rural area. Pays quite a bit for internet and is charged by the MB. Can we ask Microsoft to pay for their bandwidth usage?

Since upgrading to Windows 10 she's been hit with $200 in overages.

bhouston 11 hours ago 1 reply      
Given that it is proven that the NSA spied on European companies for economic reasons, this isn't a good idea. Now the NSA can just tap into Microsoft, either covertly or through court order, and spy on the whole world.

Details of economic spying -- may not be the best article but the easiest to find:


jammycakes 15 hours ago 4 replies      
In all these discussions about Windows 10 phoning home, there are a couple of things that I haven't yet seen properly discussed.

1. Do the different versions of Windows (Home/Pro/Enterprise/Education) behave differently? If so, how?

2. Do the pro/enterprise versions behave differently when they're connected to a domain?

I'd imagine that the answer to at least one of these questions would be "yes." This kind of behaviour would be a deal-breaker in many enterprises.

enqk 13 hours ago 1 reply      
This highlights what we really lost when consumer operating systems started replacing enterprise-grade operating systems. I would have never imagined this kind of things happening on something like Solaris or Irix, which were the base operating systems of many workstations. At some point when Linux became popular it suggested that the regular consumer would benefit from the robustness, focus, reliability of an entreprise grade OS. Not so..

That large companies accept this state of affair is extremely surprising.

That we accept that our electricity and communication bills are being diverted to serve the interest of an operating system's creator.. that sounds crazy. It's like letting the creator of your fridge eat your food and drive your car.

mark_l_watson 9 hours ago 1 reply      
I was downvoted and criticised a few days ago for defending Microsoft on Windows 10. I am starting to change my opinion after looking into the issue more. I watched a recent Richard Stallman talk on youtube and went through the process of making the tightest privacy settings I could on my iPad, Windows 10 laptop, and Android phone. (I left my Mac and Linux laptops as is since I just use those for development.)

I think that Microsoft looked at the Google Now user experience on Android phones and decided to emulate that type of AI assistent in Windows. Google collects all sorts of user context information and Microsoft decided to do the same.

This is a guess but the difference may be that (some) people are willing to have less privacy on their smartphones but care more about privacy on their computers.

pdkl95 15 hours ago 0 replies      
From the image of the captured data that is sent when telemetry is "off", a few bits are obviously Windows-style UTF-16. The GUID is obvious, and is that an assert error message? Very strange...

 prod e5ff4669-311a-0933-dee2-9444eee86460 instrumentation.cpp Instrumentation::StartQosExperience (Utilities::HashMapContains(_qosUXScenarioDataById, scenerioId) == false) Assertfailed: (Utilities::HashMapContains(_qosUXScenarioDataById, scenerioId) == false): Instrumentation is active when we try 
(it cuts off after "try")

cautious_int 14 hours ago 0 replies      
Windows 10 seems to transmit information to the server even when OneDrive is disabled and logins are using a local account that isn't connected to a Microsoft Account.

Well there you go. If you ever wondered whether this is happening only on the Microsoft Account(tm).

ultramancool 13 hours ago 0 replies      
Hah, I mentioned this a few days ago. Glad to see someone picked it up and ran it.


jcadam 13 hours ago 1 reply      
Wow. I use Linux and BSD on my own machines, but the rest of the family is on Windows 10. This sort of thing makes me seriously think about trying to get the wife and kids to consider switching :/
fumar 14 hours ago 2 replies      
I'm not savvy enough to discern whether OSX os iOS does this. Does anyone know if iDevices also ping back to Apple?
jorgecastillo 15 hours ago 2 replies      
I am sticking with Windows 7 until I get out of college and after that I am ditching Windows forever.
elcct 15 hours ago 1 reply      
Is Microsoft paying for that traffic?
otis_inf 11 hours ago 1 reply      
In the post-Snowden era, USA tech corporations, like Microsoft, felt the downturn on trust from non-USA companies and citizens in their online offerings. With Microsoft betting more and more on their cloud services, I find it strange (or maybe it isn't strange, but let's be naive for a minute here) that Microsoft goes against this and actually gives people _more_ reasons to not trust them than less.

As if they're thinking we all don't give a shit. But if we all didn't, why the downturn in trust in USA tech corporations post-Snowden?

I can't help but think that this is either massively naive from their part (people/companies won't care, they will buy our stuff and services regardless) or very short-sighted (as it will hurt their cloud services offerings in the long run, the more they hammer down the trust from their own users in MS' wares.)

w8rbt 10 hours ago 0 replies      
Windows 10 reminds me of a saying an old co-worker of mine used a lot, "Vendors lie... packets don't."
tdkl 7 hours ago 1 reply      
Funny, nowadays there seem to be more firewall rules needed for outbound traffic then inbound on Windows. In the old days we had a name for that - spyware.
cryptophreak 11 hours ago 1 reply      
Of course this is true. Companies make money by spying on their customers. Did we really imagine that flipping the Stop making money preference was going to work?
jellicle 11 hours ago 0 replies      
I have a really hard time understanding how "enterprises" are going to upgrade to Windows 10.

An operating system that is sending random internal data to random places on the internet seems to violate both a wide selection of national laws related to data privacy, and many corporate policies relating to trade secrets, privacy, internal operations and so on.

Microsoft must have thought of this. What's their plan for continuing to sell to these customers?

mjcohen 11 hours ago 1 reply      
I got a refurbished HP Stream 11 for $120 (Groupon) and spent 3 hours upgrading to Windows 10. I then installed Chrome and LibreOffice. It works fine, but, with all these privacy invasions, I see no reason to use it. My Acer C720 Chromebook (upgraded to a 128GB SSD) with Crouton and Ubuntu 14.04 is much more useful to me.
yellowapple 10 hours ago 1 reply      
It's hard to know without inspecting the exact data involved, but I feel like this is dangerously close to a HIPAA or HITECH breach, and I know of several hospitals who are strongly on the Microsoft bandwagon and are considering Windows 10.

The "send search data to an internet endpoint even if it's patently obvious that the search is for local resources" reeks strongly of Ubuntu's Amazon Shopping Lens. Did Mark Shuttleworth switch gears from Canonical to Microsoft when I wasn't looking?

tempodox 15 hours ago 3 replies      
PythonicAlpha 15 hours ago 3 replies      
You agreed to the privacy terms, so you are at the mercy of whatsoever Microsoft implemented. Windows 10 even could totally ignore your settings.

I say this, not because I think that this is OK, but to reflect, that even the change of the settings do not save you from the harm, that was done from the privacy terms!

Why downvoted? When you disagree, than give arguments, not gutless clicks!

Thor A Project to Hammer Out a Royalty Free Video Codec cisco.com
421 points by TD-Linux  2 days ago   162 comments top 22
jngreenlee 2 days ago 3 replies      
"We also hired patent lawyers and consultants familiar with this technology area. We created a new codec development process which would allow us to work through the long list of patents in this space, and continually evolve our codec to work around or avoid those patents. Our efforts are far from complete, but we felt it was time to open this up to the world."

This burden is becoming far too great, when this is the cost necessary to achieve innovation.

halosghost 2 days ago 6 replies      
Actually, I'm still rooting for Daala (from Xiph.org, the same folks that did so well with Opus). It's still a long ways away from being finished, but their work is awesome and I've been following it for a while now!

Either way, having another effort competing to make a great format is not a problem. Here's hoping it goes well!

Animats 2 days ago 1 reply      
The MP4 patent situation needs another close look. MP4, which was first standardized in 1998, ought to come out of patent soon, if it hasn't already. There are a few remaining patents in the MPEG-LA package, but they're mostly for stuff you don't need on the Internet, such as interlaced video, font loading, error tolerance for broadcast, and VRML. This hasn't been looked at hard since 2011[1] and it's time for a new look. Some of the key patents related to motion compensation expired last April.[2]

It looks like the last patent on MP3 audio decoding expires next month.

[1] http://www.osnews.com/story/24954/US_Patent_Expiration_for_M...[2] http://scratchpad.wikia.com/wiki/MPEG_patent_lists#MPEG-1_Au...

ChuckMcM 2 days ago 1 reply      
<sarcasm mode>No wonder Big Media hates tech, they are trying to take all their money away.</sarcasm mode>

I think this is a great effort, and if you'll recall Google went and attempted to do the same thing with VP8, but found that people could file patents faster than they could release code[1]. I would certainly support a 'restraint of trade' argument, and a novelty argument which implies (although I know its impossible to currently litigate this way) that if someone else (skilled in the art) could come up with the same answer (invention) given the requirements, then the idea isn't really novel, it is simply "how someone skilled in the art would do it." I've watched as the courts stayed away from that theory, probably because it could easily be abused.

[1] Conspiracy theory or not, the MPEG-LA guys kept popping up additional patent threats once the VP8 code was released.

fndrplayer13 2 days ago 3 replies      
Why not throw the weight behind VP9? edit: I actually am curious, this isn't a question pointed at the validity of Thor. I just really want to see a great, open-source standard emerge and see people get behind it.
russtrotter 2 days ago 4 replies      
Wasn't Ogg Theora created under just the same principles? I'm not smart enough in all things codec to know how it stacks up technically, but best I can tell, it's unencumbered.


JoshTriplett 2 days ago 2 replies      
> Googles proprietary VP9 codec

That's an odd choice of phrase; it's unfortunate that a press release chooses to disparage alternatives without explanation.

JustSomeNobody 2 days ago 2 replies      
I am sure that some entity holds a broad enough patent that all your bases will belong to a Texas court.
Ono-Sendai 2 days ago 1 reply      
What I would like to see is a video codec that has a library implementation for reading and writing video in that format, that is cross-platform and relatively easy to build, like libjpeg or libpng does for images.I have tried to build VP9 on windows and it was a tedious and ultimately unfruitful process.

I don't really care about the compression ratios achieved, or speed of compression/decompression.

Something like motion JPEG would be good, if it was actually a proper standard (AFAICT it isn't).

bobajeff 2 days ago 2 replies      
So... this is a separate project from Daala which Cisco also works on. Is there a story here?
donpdonp 2 days ago 2 replies      
Didn't we already go through this with VP8/VP9/WebM?
datashovel 2 days ago 0 replies      
There should be efforts outside of large corporations dedicated to building these standards. Because in general even when large corporations promise free / open-source licensing they really only mean non-commercial licensing or "open with caveats". So they pretty much own the commercial rights.

I want open-source to subsidize a small team of engineers to create a completely open standard where no single entity owns it and everyone is free to branch / fork it.

yabun 2 days ago 0 replies      
There really needs to be a change to patent law around independent derivation of a concept. At very least we need to look into generalised thicket busting laws. The current situation is fundamentally unscalable.
dharma1 2 days ago 2 replies      
Seems to me the success will depend on the quality and whether chip manufacturers will embrace this for hardware encoding/decoding. Right now looks to me like h265 is the winning horse
yjm 2 days ago 1 reply      
i wonder how many orders of magnitude slower this one will be compared to x264. vp8/9 was like 9x slower last time i checked
s9w 2 days ago 1 reply      
This seems like fantastic news after the HEVC patent disaster.

Has anyone tested this or has more information on the performance/quality vs other codecs?

electriclove 2 days ago 0 replies      
Why not simply work with the VP9 project rather than starting a new effort? Per Wikipedia: "VP9 is an open and royalty free[3] video coding format being developed by Google."
shmerl 1 day ago 0 replies      
So Daala will be fused with Thor like happened with CELT and SILK to create Opus? Does it make sense technically, or they are radically different?
jsprogrammer 2 days ago 1 reply      
Is it common to characterize BSD licensed software as proprietary? As in, 'Googles proprietary VP9 codec'?
Navarr 2 days ago 0 replies      
josu 2 days ago 1 reply      
codebeaker 2 days ago 3 replies      
CS for All hmc.edu
437 points by joeclef  3 days ago   60 comments top 14
allencoin 3 days ago 2 replies      
>At Mudd, this course is taken by almost every first-year studentirrespective of the students ultimate majoras part of our core curriculum. Thus, it serves as a first computing course for future CS majors and a first and last computing course for many other students.

This is a great thing to offer students and I wish my University had made this a part of the curriculum. Somehow I managed to have practically zero exposure to computer science or programming until after graduation--only to discover that I find it immensely challenging, interesting, and rewarding. I probably would have switched majors if I'd taken this class Freshman year.

nnnnnn 3 days ago 0 replies      
As a former student of CS5 (the class), I must say it was spectacularly well-run, fun, and educational. Zach Dodds, one of the authors of this book, was a particularly brilliant and inspiring professor.

While I'm an advocate for practical eduction, I'm equally an advocate for understanding the principles of your field. This book will much less vocational than your typical code-school/academy/etc and instead focus on building a foundation with which you can build upon.

I highly recommend this as a great primer to computer science.

bwy 3 days ago 0 replies      
Beautifully written text. I also really like the idea of an intro course but am, probably like many others, struggling with how to present the topics in an interesting (and practical) way without missing the theoretical beauty of computer science.

This course reminds me a lot of the Berkeley course posted a month ago, if anyone wants to see the discussion there: https://news.ycombinator.com/item?id=9838196. From what I can tell, the coverage is almost the same, except that the Berkeley course pretty much trades computer architecture for declarative programming and some other briefly-covered topics like machine learning, map reduce, concurrency, etc.

ufo 3 days ago 0 replies      
The prime sieve algorithm in chapter 3 is not the real sieve of Eratosthenes. Which is kind of funny because the person who pointed this out to the FP community is also a professor at Harvey Mudd.


sontakey 3 days ago 0 replies      
Mudd Alumni here. I had the pleasure of being a student of Professor Ran Libeskind-Hadas and Zach Dodds (who are two of the authors of this book). Amazing group of professors!
JustSomeNobody 3 days ago 8 replies      
Before we move to CS for all, can we at least solve the problem of Computer Literacy for all!?

There's a huge population of people who simply cannot effectively use a computer. Can we fix that first? Otherwise we're leaving them behind and that's not right.

rebekah-aimee 3 days ago 1 reply      
What if colleges started offering this as an alternative to the basic MS Word class most schools make everyone take? Then people who didn't know how to use a computer would be too intimidated by it, but students who already knew the basics could move on to this more interesting course.

You should still be able to test out, though. That way, if you're totally uninterested, you can test out of the MS Word class and move on.

I think there are enough students sufficiently interested in computers that they'd check out the harder course if its name didn't sound too obscure.

yasoob 3 days ago 1 reply      
Is there any way to download it in pdf format?
techman9 3 days ago 0 replies      
I'm a current UC San Diego student. It's awesome to see our faculty featured here, particularly Christine Alvarado. She has a fantastic reputation within our CS department and I'm really glad to see she's doing great things and getting recognition outside UCSD as well!
ggchappell 3 days ago 0 replies      
This looks like it would make for a very nice course -- a good middle ground between the hardcore practical course ("let's learn C") and the hardcore theoretical course ("let's do denotational semantics with Scheme" -- or whatever).
lynn729 3 days ago 0 replies      
This course is a great idea. Since so much of what we do each day is impacted by computers a basic understanding is important for everyone
MarkPNeyer 3 days ago 0 replies      
Ran Libeskind-Hadas is an amazing teacher. He really got us exicted about stuff in theoretical computer science. I was actually dissapointed in my advanced algorithms class in grad school because Prof Ran already taught us everything except for skip lists during his enrichment sessions in the summer of 2006.
marincounty 3 days ago 2 replies      
Great--I think every student should take a CS class!

That said, this course suffers from so many CS courses.

1. It's too wordy!

2. As usual, I don't like the layout.

3. Funnel your subjects. (I'll give that a B.)

4. Funnel your paragraphs, or eliminate most of them?

5. Most people(students) find this material extremely dry. Introductory books should be "tight"! They should go through numerous edits? Take out every non-essential word?

6. I haven't yet read an introductory CS text that gets it right?

7. As to exercises? Try to use excercises that the student might have some immediate interest in, or can use in their daily life?For example, instead of some cute game example, show the student how a simple reminder application is programmed? How Google works?(just the basics). Or, how their spellcheck program works?

8. If I was going to write a introductory computer course,after explaining the hardware(that's usually sitting in front of them), I would explain an how operating systems stores their information--"The use, and location of Folders."

I would want my students competent in the Command Line before we did any Programming. I would want them to know they can have two folders named the same, but located in different sections of the hard-drive. I would want them competent in finding them, and manipulating them.

the_cat_kittles 3 days ago 0 replies      
The Teflon Toxin firstlook.org
348 points by sidko  2 days ago   244 comments top 20
smoyer 1 day ago 5 replies      
What struck me most about this article is how much rationalization occurred. I'm amazed that a (presumably licensed) doctor can in one breath say they have a moral responsibility to safeguard the public, their workers and the environment, then in the next breath describe why the results of their own study didn't apply.

But looking inward, I wonder if our industry doesn't do the same thing in many cases - what about:

- Eye strain caused by lack of contrast due to our favorite color palette.

- Stress induced by unintelligible workflows.

- Failure to protect a user's privacy.

- Programs that induce RSI.

I realize this is a far cry from polluting the environment with toxins, but shouldn't we at least think about these factors more often?

lumberjack 1 day ago 3 replies      
And the settlement reached was around 0.0086 DuPont's yearly revenue to be provided for education, water treatment facilities and medical expenses of the class action members.

Is that really going to deter them from doing it again? Where is the real penalty?


suprgeek 1 day ago 4 replies      
Take the number of vehicles in the field, (A), and multiply it by the probable rate of failure, (B), then multiply the result by the average out-of- court settlement, (C). A times B times C equals X...If X is less than the cost of a recall, we don't do one.

What applies to the Car Industry (via Dialogue from Fight Club) applies to the Chemical Industry in Spades. DuPont Knew (or strongly suspected) that C8 & (Teflon) were causing Cancers, Birth Defects etc. But the cost was going to be too high to move away so they all "kicked the can down the road".

Time to sock them with a multi-billion dollar verdict after some of these people are locked up for long periods.

thezilch 1 day ago 12 replies      
I've never understood the gravity of Teflon pans. I can never seem to keep them non-stick, whether it be because of using too high of heat or somehow scratch the damn thing.

So, I got cast irons. It's trivial to keep them seasoned and thus non-stick, and they can take the beating of very high heat -- searing meats -- and any metal utensils or rough substances.

azinman2 1 day ago 4 replies      
Horrible. This is what's so scary about the free market and our current chemical regulations of innocent until proved guilty.

People cover up, even the biggest most "professional" here (DuPont), and the public gets decades of abuse.

Why is it that medication requires FDA approval with lots of animal/human tests before you can sell it, but chemicals do not? Here the tests internally done showed prove of issue year after year, and would have been a big red flag.

NhanH 1 day ago 4 replies      
On the topic of chemical, how do you know if something is dangerous -- in the context of household item? Even with the MSDS and/or knowledge of the compositions, layman doesn't really have any sense on how dangerous something is (as it's all missing dosage). I'm a bit on the paranoid side (mostly because I think my roommate/ housemate has always been too liberal with spraying chemicals crap everywhere), and most of the time, even if I wanted to I have no idea if I want to use something in my house.
greenyoda 2 days ago 0 replies      
More on C8, the chemical discussed in this article: https://en.wikipedia.org/wiki/Perfluorooctanoic_acid
joeyspn 1 day ago 0 replies      
As the article says: this is another tobacco case, so they'll deny everything even with fake/bought peer-reviewed studies. Just look how they treat their own workers... My family already moved from non-stick cookware to stainless steel. Consider doing the same in the mean time. As with the tobacco this will be a marathon, and hopefully common sense will win.
1arity 1 day ago 0 replies      
Stick with cast iron ( or even aluminium ) chef's skillets. Season them with oil or lard and build up that patina. No need for any teflon or manufacturing. Plus the heft and look is way cooler. If you want to cook on plastic, do it in a microwave. :)
kragen 1 day ago 0 replies      
I guessed this might be about PFOA when I saw the headline! https://en.wikipedia.org/wiki/Perfluorooctanoic_acid has the whole story, minus the anecdotes. Apparently a few parts per billion of PFOA in your drinking water is enough to detectably raise your risk of some cancers. Most environmental regulatory agencies propose 0.5 to 1 ppb as a safe limit for drinking water, while 45 ppb blood serum levels of PFOA are currently common among "unexposed Germans".

I was pleased to see that they aren't hyping the risk of cooking on Teflon.

acd 1 day ago 2 replies      
You can make superhydrophobic surfaces with laser etching that affects the nano structure of the metal. Thus if you take a strong metal and laser etch it there is no need for potentially dangerous Teflon coating.


avirambm 1 day ago 0 replies      
I highly recommend watching The Human Experiment documentary about chemicals, toxins and the chemical industry strong lobby. It's available on Netflix.
jjw1414 1 day ago 0 replies      
It may seem nit-picky, but the word "toxin" refers to a harmful substance produced by a living organism (e.g. snake venom). For a synthesized or manufactured chemical that is harmful, "toxicant" or simply toxic chemical is the correct term.
egypturnash 1 day ago 0 replies      
> A DuPont lawyer referred to C8 as the material 3M sells us that we poop to the river and into drinking water along the Ohio River.

Yet another lovely thing I'm sure I ingested when I grew up drinking tap water in New Orleans what with the Ohio being the biggest tributary to the Mississippi.

codexjourneys 1 day ago 4 replies      
stretchwithme 1 day ago 3 replies      
All that teflon is going somewhere when it falls off the pan. Its going in the food and into your body. I'd rather not run that experiment.

So many years ago I started using a glass frying pan.

Nano2rad 1 day ago 0 replies      
gambiting 1 day ago 1 reply      
Question - I use these pans:http://www.amazon.co.uk/Circulon-Infinite-Hard-Anodised-Skil...

They are non-stick. But are they covered with Teflon? I honestly don't know. They are oven safe up to 240C, I can put them in the dishwasher...they are seriously the most durable pans I've ever used, unlike normal Tefal Teflon covered pans which scratch easily. Does anyone know?

im3w1l 1 day ago 2 replies      
Tl;dr? How badly am I destroying my health by using a Teflon pan?
m_eiman 1 day ago 0 replies      
Like the government has the power or time to regulate the huge amounts of "chemicals"

How about instead of having "government" do the testing, we instead require that anyone creating a new chemical needs to test it for safety and publish the results (and raw data) before allowing it to be sold? Seems reasonable to me that you verify that whatever you're selling isn't dangerous (or if it turns out to be dangerous, inform the buyers so that they can act accordingly). Should be the same with any product too, not just chemicals.

Oracles license agreement as it pertains to reverse engineering archive.org
348 points by shin_lao  2 days ago   117 comments top 28
sctb 2 days ago 0 replies      
The original post discussed here: https://news.ycombinator.com/item?id=10039202
zamalek 2 days ago 1 reply      
Disclaimer: cross-posted from the original post, but the irony is absolutely beautiful and is a stern lesson to everyone who might think the same way as Oracle.

[1]> Oracle has told people to stop using @Veracode to test their AppSec. They already got AppSec covered [picture of JS injection attack in the blog post]

[1]: https://twitter.com/thegrugq/status/631056841670135808

werber 2 days ago 3 replies      
I'm pretty surprised Oracle deleted the post, it feels like a great representation of the company and their values.
SCHiM 2 days ago 2 replies      
I work at a security company and sometimes reverse engineer systems and/or code to see if it is vulnerable to a plethora of attacks.

Presumably the only reason a closed source vendor would be against someone reversing their source is because they're afraid someone will steal their ideas and/or redistribute their code for free.

That not being my goal I really couldn't care less. I'll just go ahead and reverse whatever I want whenever I want. I value my security, and that of clients, over some legal piece of toilet-paper. Everyone who doesn't agree, should reconsider. Do you truly believe that people should not be allowed to look at code that is running on their systems for their security's sake? I will not redistribute what I learnt, but I will analyse it to see if it is safe.

If you didn't want me looking, you should not have put it out in the open.

fortytw2 2 days ago 4 replies      
Not that I agree with the sentiments in the article, but am I the only one who thought this article was reasonably well thought out?

It may have been a bit abrasive, but the points were well made, at least from the perspective of a closed source, enterprise software vendor

pgaddict 2 days ago 5 replies      
I'm really confused why everyone's so upset by the blog post, for a number of reasons.

Firstly, it's perfectly aligned with the world of proprietary software. Oracle is probably more protective than the other vendors, because the restricted access to the source code is at the heart of their business model. But none of the vendors I'm aware of is very keen on reverse engineering.

Secondly, the reverse engineering is prohibited for ages - it's not that it was added to the license agreement yesterday. And there are other restrictions (e.g. on publishing benchmark results), so rather that "Oracle is bad" I'd say "people who sign accept license agreements without reading them are morons."

And thirdly, the article is spot-on about usefulness of the reports generated from a reverse-engineered binary. I've seen shitloads of such reports, usually generated by some clueless consultant with the sole competence to run an automated tool and print the result. So it's probably (at least partially) a protection against a flooding the support with bullshit reports.

And it's also true that many of the companies don't have proper security rules (like encryption, identity or password management, network security) yet pay some consultant for reverse engineering one of the components. Because it's easier to spend a large amount of money than evaluating and rebuilding their infrastructure.

So while I dislike Oracle, you can't blame them for everything - the customers are the ones choosing the vendor. If you happily accept their license agreement, you can't later complain "but we want to do reverse-engineering" no matter how many MBA titles you have. If you want such freedoms, ditch Oracle and proprietary vendors in general. That's what open-source is for.

uptown 2 days ago 3 replies      
This is a deleted blog post by ORACLE's Chief Security Officer.

edit: corrected my error

someguy342432 2 days ago 1 reply      
We sold you the car but don't you dare look under the hood, 97% of problems that these cars come with may one day be solved by us. Someone else may be trying to build the same car you already purchased from us! Why didn't we obfuscate access to the engine? Well that would have required some of the same effort it would have taken to write more secure software err make better cars in the first place! What do you take us for, competent!
jezclaremurugan 2 days ago 1 reply      
Perhaps an apology/clarification would have been better than sheepishly deleting the entry. They seem to be only digging the hole deeper.
wereHamster 2 days ago 4 replies      
> Oh, and we require customers/consultants to destroy the results of such reverse engineering and confirm they have done so.

Are they being serious? "Uhm, yeah, sure, Mr. CSO, I deleted the file. Here, I'll show you a screenshot of a terminal where I ran the 'rm' command to delete the results. As you can clearly see, the 'ls' command does not see the files anymore."

mangeletti 2 days ago 1 reply      
What in the world is going on?

Why did this article just disappear off of the front page after receiving 318 up-votes in 2 hours?

How does post to drop from position #1 to somewhere below #150 in less than 1 minute, unless it was deleted by HN moderators, and if that's the case, why did it happen?

dolfje 2 days ago 0 replies      
Disclaimer: cross-posted from the original HN Post, but still relevant.

Apart from the legal stuff and a lot off egocentric 'we can do it better', she has one point. There are many companies giving a lot of money for security, manually scrubbing all exploits that come out, create their own patches. While some lack the basic security guidelines. I think this money can be better spend upstream, to create tools so they can test patches for exploits better and create a faster security update release pipeline, so that all downstream and customers can rely on the security releases and that it can be released quicker to everyone. (Controversial: Maybe even adding automatic security updates to the package itself, like wordpress did, so that customer cannot be on a release with exploits)

Though saying to your client that they cannot reverse engineer to look for security problems, is totally not done! What is next? "Exploits will not be fixed, because the users has signed an agreement that they will not hack?"

facetube 2 days ago 1 reply      
Honest question: So I'm hired as a consultant. Someone gives me a database login to an Oracle machine. I haven't been presented with a license agreement for the Oracle database system, nor have I signed anything indicating I agreed to give reverse engineering rights away. How am I bound by the Oracle end user license agreement?
kazinator 2 days ago 1 reply      
Selling machine language code and asking people not to understand it is like selling books and asking people not to read them.

"This cookbook is to be read by your personal chef only; if you read it and understand it yourself, you're breaking the book's license agreement."

If you pay for some string of bits, you have a right to look at them. Period.

bkeroack 2 days ago 0 replies      
Oracle appears to be Microsoft circa ~1999/2000. Some of us remember when all the big software companies had this type of attitude.
parasubvert 2 days ago 0 replies      
The bit about loathing Keynes at the end makes for comedy gold.
marcosdumay 2 days ago 0 replies      
Life would be a lot better if it wasn't for those annoying clients. Oracle should just refuse to deliver software to anybody, that'd fix it all.

Anyway, I've never read a better article supporting the use of free software.

PaulHoule 2 days ago 0 replies      
It sounds like Oracle doesn't want to have any customers.
scyllax 2 days ago 0 replies      
It's funny and scary how it's the opposite of what Free Software stands for.
zzleeper 2 days ago 0 replies      
> I was busting my buttons today when I found out that a well-known security researcher in a particular area of technology reported a bunch of alleged security issues to us except we had already found all of them and we were already working on or had fixes. Woo hoo!

That's like what 5yrs old kids say when they mom ask them something.. "Mooom I was already thinking about it! Hush!"

ceejayoz 2 days ago 2 replies      
Plus, Oracle's approach is like renting from a landlord who won't let you check that the locks work.
jongraehl 2 days ago 0 replies      
We've just been Oraclesplained.
jacknews 2 days ago 0 replies      
gambiting 2 days ago 3 replies      
" We will also not provide credit in any advisories we might issue. You cant really expect us to say thank you for breaking the license agreement."

This is so pretentious I am completely baffled. Are people at Oracle so full of themselves?

dimman 2 days ago 0 replies      
Afternoon laughter, thanks :D
0xdeadbeefbabe 2 days ago 0 replies      
Do they light sparklers and throw rice when you enter into an Oracle license agreement?

For all Mary's entertaining points, I think likening the license agreement to marriage is a civil offense.

tux 2 days ago 1 reply      
kagamine 2 days ago 1 reply      
Ember.js 2.0 Released emberjs.com
363 points by makepanic  20 hours ago   124 comments top 15
nercury 18 hours ago 9 replies      
> If your app runs on Ember 1.13 without raising deprecations, it should run on 2.0.

Every framework should take note: that's how you avoid creating another framework and fragmenting community!

It's is great to see this in action :). Amazing work.

mrinterweb 10 hours ago 1 reply      
One dependency that has been holding me back is ember list-view https://github.com/emberjs/list-view. List-view does not work with Ember 1.13 and does not work with 2.0 since it does not support the new Glimmer engine. In a post on the ember site http://emberjs.com/blog/2015/06/16/ember-project-at-2-0.html, they said "Starting with Ember 2.0, we will coordinate every release of Ember with releases of the main ecosystem tools maintained by the core team:" and list ember list-view as one of the main ecosystem tools. Without list-view, I can't upgrade my app past 1.12.

I guess the best thing would be for me to quit complaining and just fix list-view, I just haven't had time available. I suppose the same is true for the maintainers. Is it planned for ember list-view to still be treated as part of the main ecosystem and updated to work with 2.0 soon?

lclemente 18 hours ago 4 replies      
The file size (ember.min.js) went down due to the cleanup:

 1.13.8: 488K, 126K gzipped 2.0.0: 424K, 110K gzipped

atonse 14 hours ago 0 replies      
Congratulations to the Ember team! It's been a real pleasure upgrading each minor version with minimal headaches. I can't imagine making this process more simple it's one of the main reasons I use Ember a lot (mature, well thought out moves like this).
richerlariviere 15 hours ago 0 replies      
I'm amazed with that kind of release. Ember didn't do the same thing like Angular, CakePHP, Python, etc. That ensure that the documentation and all the Stack Overflow questions will stay relevant.
joeevans1000 5 hours ago 1 reply      
Ember is an interesting example of when an also-ran doesn't catch up in time. It was better than Angular, but React came along. This seems to be a pattern... something cool happens and then improved versions crop up, but by the time they get traction, the paradigm has shifted.
Dorian-Marie 19 hours ago 1 reply      

 Doesn't add new features Remove all depreciated features

outside1234 12 hours ago 0 replies      
Ember is a really a great project and miles ahead of its competitors - thanks so much for your hard work and congrats on the release!
thejosh 14 hours ago 3 replies      
So I wanted to try it out, being a nodejs newbie I tried:

sudo npm install -g ember-cli

And it gave me:

$ ember -vversion: 1.13.8Could not find watchman, falling back to NodeWatcher for file system events.Visit http://www.ember-cli.com/user-guide/#watchman for more info.node: 0.12.7npm: 2.13.4os: linux x64

Is cli still 1.x?

imauld 14 hours ago 2 replies      
Will I need to update ember-cli or will it automagically use Ember 2.0?
sparaker 13 hours ago 0 replies      
I was waiting for this. Thanks alot keep up the good work. Can't wait to start using it in this new app that i am trying to build for a while.
hknd 19 hours ago 0 replies      
"Angle-Bracket Components and One-Way Data Flow" in the pipeline => Awesome!
fokinsean 11 hours ago 0 replies      
This is awesome! It is my dream that one day our team can move to ember from sproutcore...
hliyan 17 hours ago 1 reply      
Where does Ember Data stand?
revskill 18 hours ago 10 replies      
Ferrolic ferrolic.com
341 points by jpatokal  23 hours ago   63 comments top 25
rolfvandekrol 19 hours ago 2 replies      

The designer (http://zelfkoelman.com/) is Dutch, and the name is actually a pun in Dutch. The word 'Ferrolic' is pronounced almost the same as the Dutch word 'vrolijk', which means 'happy' or 'joyful'.

edent 19 hours ago 1 reply      
It reminds me of the game World of Goo - those uncanny black blobs floating around.

As the site says, the device can only withstand a few months of sustained use - which is a pity.

codeshaman 12 hours ago 4 replies      
At first I thought 'this is so cool' , but then after thinking about it for a while, I realised that it's no cooler than any of the 200 videos or pictures with 'cool stuff' that I see every day.

I think it's a pretty useless expensive gimmick created out of toxic materials to excite the numb neurons of the bored inhabitants of the digital realm for 2 minutes or so.Then we'll all forget about it and move on to the next thing.I'm already looking for something else :).

adiabatty 18 hours ago 0 replies      
My first thought after seeing the video was "you could make a really cool James Bond-movie introductory title scene or five with this".
matthewmcg 12 hours ago 0 replies      
If you like this sort of machine for art's sake, you'll love the kinetic sculptures of Arthur Ganson: http://www.arthurganson.com/pages/Sculptures.html

Check out "Machine with Oil": https://www.youtube.com/watch?v=__GhJl_UQg0

haliax 18 hours ago 1 reply      
How are they creating a magnetic field that writes out the time? Is it a large grid of magnets or something more clever?
toothbrush 15 hours ago 0 replies      
This paper (PDF) contains some more information on the design. http://isea2015.org/proceeding/submissions/ISEA2015_submissi...
linkydinkandyou 14 hours ago 2 replies      
This is very beautiful. The clock is probably the "killer app" for this.

It would also keep the cats amused; like watching a fishtank for them.

Kiro 16 hours ago 1 reply      
What will this cost in retail? I hope it isn't anywhere close to 7.500 euro.
startswithaj 16 hours ago 4 replies      
Does anybody know where I can find other music similar to that of the video?
joshfraser 17 hours ago 0 replies      
That video is the most mesmerizing thing I've watched in a while.
pronoiac 19 hours ago 0 replies      
Things I want to see:

* the game of life

* someone blowing smoke rings

* Robert Patrick from Terminator 2

* maybe a waterfall

joshontheweb 11 hours ago 1 reply      
If you have seen Ridley Scott's Prometheus, this might be a bit unsettling to have in your home. Last thing I need is a Xenomorph running around the house!
jvandonsel 11 hours ago 0 replies      
Almost as good (and cheaper and longer lasting) would be a nice JS tool to render text in a "Ferrolic" font, with dripping, re-forming, etc.

Maybe this will be my next weekend project.

PSeitz 9 hours ago 0 replies      
This first urge is to build an AI around this, because it seems to be alive. But it's too expensive as a gadget.
oori 16 hours ago 0 replies      
24 pieces on pre-order at 7500
manibatra 12 hours ago 0 replies      
Amazing! Loved how I felt an instant emotional connection with the product! Great product, great video!
amelius 15 hours ago 1 reply      
I'd be interested if they made a clock out of this, somehow.
fit2rule 18 hours ago 0 replies      
This is brilliant .. a wonderful piece of artwork and technological whimsy in a way that playfully pushes the edge of display as an art-laden tool, and of course makes me wonder the difficulties of emulating it in software, so that everyone can have one and so that the ferro-fluid part isn't necessary (runs out of magnet-juice, requires containment, is icky in real life, etc.)
otis_inf 11 hours ago 0 replies      
Modern day Lava Lamp. Very nice!
daveloyall 13 hours ago 0 replies      
Shut up and take my money.
IshKebab 19 hours ago 0 replies      
rezamoaiandin 19 hours ago 0 replies      
drinchev 19 hours ago 3 replies      
Firefox 42 will not allow unsigned extensions mozilla.org
286 points by fernandotakai  3 days ago   300 comments top 44
nathanb 2 days ago 8 replies      
It's the "no override" part that concerns me.

I created and maintain an extension that is used by visually-impaired people around the world (it has been translated by volunteers into Dutch and Chinese, for example).

Occasionally a Firefox update breaks this extension. OK, fine, that's the cost of doing business. Of course, the automated compatibility report that Firefox creates is utterly useless; it almost never catches the breakage. But that's a side rant....

There can be a decent turnaround lag (sometimes on the order of a few days) to get a new version of an extension reviewed by addons.mozilla.org. In the meantime, I have made a habit of building a new version of the extension and giving it to anyone who asks. Some people rely on it to use the web and can't wait for Mozilla to do their thing (another side rant: I once stupidly forgot to check in a key resource. I've since changed my development process to keep this from happening again. But the non-functional extension that I pushed passed Mozilla's review just fine. Makes me wonder how much value the review process is really adding.)

If I want to be able to continue this process, I will need to sign the extension myself (and who knows what histrionics Firefox will throw if a user tries to replace an extension with one that has the same UUID but a different signature!)

userbinator 2 days ago 5 replies      
Mozilla's hypocrisy is astounding:


"Users should have the choice of what software and plugins run on their machine."


"Firefox is dedicated to putting users in control of their online experience"

More recently:


"Firefox Puts You in Control of Your Online Life".

The slogan, as found on https://www.mozilla.org/en-US/firefox/new/ , is now "Firefox is created by a global non-profit dedicated to putting individuals in control online." I believe it used to be "users" - see above - but was silently changed. I suppose these "individuals" are the people at Mozilla...?

kragen 2 days ago 9 replies      
This is deeply disappointing.

Two details: the extensions need to be signed by Mozilla, and only US English speakers will be allowed to disable this requirement.

The point of free software is that users, individually and collectively, are free to modify it as they wish, without requiring approval from third parties. (And of course to use, copy, and redistribute.) This is a sharp turn away from the free-software ethos that made Firefox possible in the first place.

I understand the issue of users being tricked into downloading and installing malicious extensions. If you let someone program, they will be able to paste malicious code. I just dont think that taking away users ability to modify their own browsers is an acceptable solution to that.

If this disturbing move sticks, Mozilla will become an increasingly tempting target for whatever group wants to control what software you can install on your own computerwhether thats Sony Pictures, the NSA, or Amazon.

The old free software movement has died. We need a new free software movement.

scintill76 2 days ago 2 replies      
Ah, feels like they're following Chrome's example, which decreed that it should be exceedingly difficult for Windows Chrome users to install extensions from somewhere other than https://chrome.google.com/webstore/ . This basically killed an internal app we had at work (a fork of a "REST client", with some added request-signing features specific to our internal APIs.) There was no strong reason to keep it secret, but there had previously been no need to put it in the store either, and there was a $5 charge to publish in the Web Store, which I didn't feel like dealing with.

Anyway, they are both measures taken to stop malware, by taking an option away from the user, that most users won't even notice, but many "power users" will be inconvenienced to varying degrees. I'm guessing Firefox's won't be as bad, since the "developer version" that will let you keep doing the old way probably won't differ from the normal version as much as Chrome's does.

soapdog 2 days ago 1 reply      

There are FOUR VERSIONS OF FIREFOX WITH A SWITCH TO DISABLE THIS if you're so inclined. You can use: Nightly, Dev Edition, Unbranded Stable and Unbranded Beta. All of which have a switch that you can set to disable addons signing requirement.

In contrast there are only two versions where this is a requirement, Stable and Beta. If you doubt the usefulness of this you haven't seen a browser being hijacked by malware overriding search results, inserting all types of toolbars and more. This will prevent malware from sideloading extensions. And this is good.

The signing process is not the same as the AMO review process. The process takes only seconds and the signed addon is returned to the developer. They can distribute as they see fit.

Now, lets face the fact: Simple signing process that takes only seconds and will help prevent lots of malware, not the most nasty ones but a huge lot of sideloaded crap. Four versions of the browser for those power users who want to disable this.

Now, can someone explain to me without hate why this is a bad thing?

tyho 2 days ago 1 reply      
How does this policy interact with greasemonkey, an extension that allows running random JavaScript on sites with access to the extension API. You could write your malware as a greasemonkey extension, convince a user to install a signed greasemonkey release, and then convince them to install your malicious extension.
GeorgeOrr 3 days ago 6 replies      
It's important to note that the Developers Editions (and the Nightlys) will have a setting for disabling the requirement.

The assumption being that developers need to test as they develop. And are a more informed user.

sergimansilla 2 days ago 3 replies      
I recently made an update my own Firefox extension, called Tab Grenade. It took them 4 months to review. 4 months. And that's for a (very) minor update.

Because of that, I was definitely considering to start releasing it on my own, instead of through Mozilla's add-on website. It looks like I will be able to do that, but I'll have to use the signed extension process.

I'll believe this system works when I see it. After my experience with add-on reviewing, I am very skeptical.

RexRollman 2 days ago 2 replies      
And slowly, freedom everywhere was destroyed in the name of security.
dannysu 2 days ago 0 replies      
It's been one month and the new version of an extension I wrote is still waiting to be reviewed. I've since stopped waiting and started using the new version myself rather than download from AMO. I was already very disappointed by the review process and now this.

Tweeted to Chris Beard: "Dear @cbeard, please give your users the choice and control they deserve in @firefox. Allow extension signing to be disabled in FF42."

You want to protect the user, then start making extensions more secure and require permissions to do things. E.g. If an extension can access contents of webpages, pop up a dialog and ask the first time. There are other ways to protect users without going authoritarian on us.

mercurial 2 days ago 0 replies      
An important point is that the review process before signing takes seconds, according to the article. Considering the frequency of FF updates, it's an important point.

Now, let's just hope that the other side of the coin is a concern for API backward compatibility, so that people don't need nightly versions of addons and a developer edition to keep their addons in a usable state...

Sir_Cmpwn 2 days ago 1 reply      
I use several small add-ons I wrote myself. Why should I have to get Mozilla's approval before I can install my own damn add-ons? One of them executes processes and I'm 99% sure it'll fail the automated review.

EDIT: It passed the automated review, but my point stands. If I wrote the code, then you can be damn sure I trust it.

verusfossa 2 days ago 2 replies      
This is disappointing. Everything is becoming centralized, even Firefox extensions. I wish there was an opt out like "unknown sources" in android, but they keep saying we're not smart enough to make or own decisions. They won't even put one in about:config. This change well undoubtedly upset developers and other techy folk, exactly the kind of people you want working with your software.

Fdroid is working on third party repositories, maybe that will catch on to decentralize the mobile world a bit. Something like that for browser extensions would be sweet. Take a look at Fennec Fdroid for a cleaner Firefox mobile experience at least.

mveety 2 days ago 2 replies      
What is the point of this? Shouldn't users be allowed to make their own decisions no matter how stupid or dangerous?
legulere 2 days ago 1 reply      
I wonder how long it will take until adware producers patch out the requirement for signed extensions in the binary when you install stuff from them on your computer.
Taylor_OD 2 days ago 2 replies      
Isnt chrome already like this? I spent 45 minutes trying to find a way to install a non extension store extension this weekend and gave up after being blocked repeatedly.
pwman 2 days ago 0 replies      
Mozilla used to be the best place in the world for extension developers -- it was natural to have your best extension on Firefox because you could release early and often. Active developers made the platform.

When Chrome came along they decided to go in a different direction entirely slowly making it more and more painful to accomplish what used to be easy in the name of security. The review process went from automatic if you were trusted to weeks and then months and then more than a quarter year. They started demanding source code. It became scary to release to addons.mozilla.org because you never knew how long it would be before your next release would be approved.

Mozilla needs to realize they're hastening their own demise - Chrome now offers better features than when Mozilla was the leader including releasing to a percentage of users and faster nearly invisible to the user updates. They should go back to their roots and embrace developers again.

ekianjo 2 days ago 4 replies      
It should still possible to fork Firefox and remove this requirement, right ?
jsingleton 2 days ago 1 reply      
I wonder if this will mean that all the extension version numbers will stop ending in -signed. I'm used to having any build number with -label in its name denote it's a pre-release and isn't stable [0].

I was recently searching for user agent switcher add-ons as part of a blog post [1] and almost all have -signed in the name. To some people it could look like the un-signed ones are more stable and better.

[0] http://semver.org

[1] https://unop.uk/dev/how-to-watch-bbc-news-videos-on-a-deskto...

mukundmr 2 days ago 1 reply      
What happens to all of those extensions that are on they gray area of DMCA? Who is this move benefiting? The users or the sponsors?
wtbob 2 days ago 1 reply      
You know, there was something beautiful about users being able to pick up a tutorial and extend their browsers, if they wanted. There was something very empowering about being able to write extensions even in a corporate environment.

I've written Firefox extensions for personal and business use, and Mozilla are preventing that from every happening again. Why? Cui bono?

I'll mention, again, that they completely broke the security of Firefox Sync: it's no longer a trustworthy place to store passwords. Why? Cui bono?

dogma1138 1 day ago 0 replies      
An automated review which takes seconds? What will it be looking for exactly? Seems to be something that will either break every extension out there or will be so easy to bypass that it won't do much.

"This is not the same process that currently applies to AMO add-ons, which has been typically slower."

Also the fact that you can't seem to be able to disable it even with some "debug/developer" mode in FF seems to be a bit over the top.

What happens if you are tied to an older FF extension that isn't signed? What happens when you want to develop an extension? yes beta extensions will be signed also but what happens before the BETA what happens when i just want to make hello world and to learn what i can do?

tenfingers 2 days ago 1 reply      
So much for beta-testing your extension prior to release. It's already hard to get users involved, now they just can't.

Or using any other channel to get your extension.

!Thanks Mozilla, really.

systemz 2 days ago 1 reply      
Mozilla is doing everything to stop using their browser.
SCHiM 2 days ago 1 reply      
I like the fact that a security issue is being tackled. What I absolutely hate is the fact that there are no ways to turn this option off.

Just like HSTS I can't turn this off and it leaves a bad taste in my mouth. Were originally I considered firebox to be a browser for power users, now I'm not too sure any more.

norea-armozel 2 days ago 1 reply      
This is going to be an annoying change me since I use the 1Password extension which isn't signed as far as I know. So, it's likely I'll switch over to Chrome (which I've had performance issues with in the past) or Pale Moon. Seriously, it's my browser. It's fine if you want to make users white list extensions but to completely block unsigned extensions is a bit over zealous. Unless Mozilla makes the signing process automatic (since it seems some extensions on addons.mozilla.org can go months before being updated to the current version) I don't see this working out at all.
alfapla 2 days ago 3 replies      
It's little more than a year ago that Brendan Eich was ousted from Mozilla by an ugly orchestrated cabal. When I read Mitchell Baker's vapid blog post [1] on the decision, filled with polite backstabbing and politically correct buzzwordery I understood that Mozilla has been taken over by politicians and that its decline is just a matter of time.

[1] https://blog.mozilla.org/blog/2014/04/03/brendan-eich-steps-...

rquirk 2 days ago 2 replies      
Will this also affect Firefox for Android?

Mozilla currently don't provide a dev build for Android, just regular and beta versions https://play.google.com/store/apps/developer?id=Mozilla

The security problem that this "fixes" is not really an issue on Android due to Android's own app sandboxing, so maybe the Android build will allow unsigned extensions? It's not mentioned in the FAQ.

flippinburgers 2 days ago 0 replies      
Who wants malware affecting all of the naive users on the internet? I don't. I think you can all put your pitchforks away and take a deep breath knowing that Firefox is trying to improve the experience for people who are not like yourselves. The process is automated and takes little time. Stop acting so entitled.
djent 2 days ago 0 replies      
Firefox disabled HTTPS Everywhere with no warning to me whatsoever. I use Dev Edition. I always just assumed it would always work, but apparently I can't rely on that anymore. Wasn't Mozilla pushing for non-encrypted HTTP to be deprecated? They should wait for that to happen before disabling HTTPS Everywhere.
Communitivity 2 days ago 1 reply      
hobarrera 2 days ago 2 replies      
> [...] plugins don't need to be signed.

So the worst kind of threat is still there. Great job, Mozilla!

mashed_potato 2 days ago 0 replies      
As if it wasn't already difficult enough explaining to people why I use Firefox...
gdulli 2 days ago 1 reply      
I hope Firefox 41 is really good because it's the last one I'll be using.
benmccann 2 days ago 0 replies      
This is very frustrating. Made worse by the fact that they just replaced their packaging tool with a new jpm tool that doesn't yet match the functionality of the old tool.
droithomme 2 days ago 0 replies      
I wonder if extensions will be allowed that facilitate illegal activity, such as downloading youtube videos in violation of copyright.
norea-armozel 2 days ago 1 reply      
Does anyone know if the maintainers of Pale Moon or Waterfox intend to keep the extension signing requirement on their builds?
mindcrime 2 days ago 1 reply      
Well, at least they're paying lip-service to enterprise users who may have internal extensions to deal with:

 What about private add-ons used in enterprise environments? We haven't announced our plan for this case yet. Stay tuned. In the interim, ESR will not support signing at least until version 45, which won't come out until 2016.

rjempson 2 days ago 0 replies      
dieg0 2 days ago 0 replies      
ck2 2 days ago 1 reply      
rak_112 2 days ago 2 replies      
debacle 2 days ago 1 reply      
bpodgursky 2 days ago 2 replies      
Google reveals details about its datacenters highscalability.com
278 points by toddh  3 days ago   52 comments top 10
lorenzhs 2 days ago 0 replies      
The key takeaway for algorithms research seems to be that "[w]e dont know how to build big networks that deliver lots of bandwidth". This is exactly what S. Borkar argued in his IPDPS'13 keynote [1]. An exa-scale cluster can't be cost-efficient unless the bisection bandwidth is highly sublinearly in the cluster's computing power.

We need new algorithms that- require communication volume and latency significantly sublinear in the local input size (ideally polylogarithmic)- don't depend on randomly distributed input data (most older work does)

It's really too bad that many in the theoretical computer science community think that distributed algorithms were solved in the 90s. They weren't.

[1] http://www.ipdps.org/ipdps2013/SBorkar_IPDPS_May_2013.pdf

ucaetano 2 days ago 3 replies      
I once saw the co-founder of Cloudera saying that Google exists in a time-warp 5-10 years in the future, and every now and then it gives the rest of us a glimpse of what the future looks like.

Felt exaggerated at the time, but it often seems like the truth.

mkj 2 days ago 5 replies      
So every cluster machine has 40gbit ethernet (?) - does anywhere else do that?

Looking at Table 2 http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p183....

fauigerzigerk 2 days ago 1 reply      
Ironically, if you look at the data center as a computer, this looks very much like scaling up, not scaling out.

I wonder if one day we will find that sending all data to a data center for processing doesn't scale. I think that's already a given for some realtime'ish types of applications and it could become more important.

Obviously, the success of decentralised computing depends a lot on the kinds of connected devices and whether or not data makes sense without combining it with data from other devices and users.

With small mobile devices you always have battery issues. With cars, factory equipment or buildings, not so much. But management issues could still make everyone prefer centralisation.

kordless 2 days ago 1 reply      
> The amount of bandwidth that needs to be delivered to Googles servers is outpacing Moores Law.

Which means, roughly, that compute and storage continue to track with Moore's Law but bandwidth doesn't. I keep wondering if this isn't some sort of universal limitation on this reality that will force high decentralization.

GauntletWizard 2 days ago 4 replies      
One of the biggest things I've had to unlearn as an SRE leaving google is this: RPC traffic is not free, fast, and reliable (So long as you don't go cross-datacenter). For most companies it is expensive and slow. Facebook's networks are still designed for early-2000s era topologies and their newer topologies won't fix that; They've still got way too little top-of-rack bandwidth to the other racks nearby.

Microsoft hasn't even caught on yet, and is still designing for bigger and bigger monolithic servers. I can't tell what Amazon is doing, but they seem to have the idea with ELBs at multiple layers.

andrewstuart2 2 days ago 0 replies      
> The I/O gap is huge. Amin says it has to get solved, if it doesnt then well stop innovating.

I can imagine you can solve the throughput problem with relative ease, but the speed of light limits latency at a fundamental level, so proximity will always win there.

I tend to think that storage speed/density tech rather than networking is where the true innovations will eventually need to happen for datacenters. You can treat a datacenter as a computer, but you can't ignore the fact that light takes longer to travel from one end of a DC to another than it would from one end of a microchip.

Mettalknight 2 days ago 1 reply      
stingraycharles 2 days ago 0 replies      
Since you add no value to the discussion, this is just spam -- imho pretty shameless indeed.

Next time, at least share a story of something cool you have done, that would make your post much more appealing.

Coca-Cola Funds Scientists Who Shift Blame for Obesity Away from Bad Diets well.blogs.nytimes.com
279 points by drsilberman  3 days ago   189 comments top 28
kfk 3 days ago 30 replies      
One thing with the beverages is that if you choose to not drink them, you will most likely be the weird one in most social situations. Especially if you cut on alcohol. I have nothing against drinks in general, but they should be an exception, not the rule. We should not drink beer or cola or any of this stuff on a daily or almost daily basis. Mainly because they introduce a truckload of useless calories that do no good to us and do not even fill our appetite.

Now, that's the logic, and it's a sound logic, go explain that to people every time you are drinking water in a pub and they go: "ehm, uh, you don't drink?". Which, by the way, if not explained properly can seem like you are a recovering alcoholic, if explained properly will make you sound like a food/diet nazy.

samtp 3 days ago 0 replies      
It should be notied the Dr. Blair is one of the most cited exercise science researchers of all time. He's not simply a shrew for Coca Cola, he has produces some of the most monumental papers in the field. If you look at his career timeline, his research matched with what Coca Cola wanted to promote (before they started working together), not the opposite.

He is also extremely passionate about helping reduce obesity in South Carolina especially. One of the nicest and most honest people I've ever met.

*disclaimer, I've worked with him on startups combining exercise science and mobile apps.

davidf18 3 days ago 3 replies      
One 20oz (vending machine size) bottle of Coke per day is 52 lbs of sugar (well, actually high fructose corn syrup) per year. Next time you go shopping, count 10 5-lb bags of sugar. Each and every year.

The NYC Dept of Health estimates that 30% of adult New Yorkers have one sugar-added beverage per day. 20 years ago there were 10oz bottle in vending machines, then 12oz cans, now also 20oz bottles, thus, those consuming a bottle a day today now consume 52 lbs of sugar per year compared with 26 lbs 20 or so years ago.

Many of the poor (and others) have no idea how many sugar calories they are consuming each year when they drink Coke and other sugar-added beverages.

Besides tobacco use, obesity and lack of exercise is one of the major contributors to our increased health care costs.

The previous NY Mayor, Bloomberg, tried to have a state tax on sugar-added beverages passed which is what is recommended by public health officials such as the CDC but that was turned down. Then he lobbied the Federal Government to not allow food stamps to be used for sugar-added beverages but that was turned down. Then the health dept. tried to ensure that in venues where they had control that sugar-added beverages would have a 16oz size limit, but they lost in court.

Ironically, the land for Centers for Disease Control and Prevention (CDC) which is located in Atlanta, Georgia was donated by none other than The Coca Cola Company.

balabaster 3 days ago 4 replies      
It's articles like this that deplete what little faith I have remaining in "science." The science that is released to the public has been subverted and corrupted by so many orders of magnitude that I'm not even sure why they bother calling it science any more. The lack of objectivity and conflict of interest in the studies/results is astounding. When politics is funding biased studies in the name of furthering corporate profits and then releasing it as "actual science", it's more than disheartening, it's downright sickening.

It's funny how many scientific atheists sneer at the religious for their beliefs when there's so much corruption in their own ranks... and that's coming from someone who'd rather believe in science than any form of organized religion...

mlrtime 3 days ago 0 replies      
Just watched 'Fed Up' this week. It is your typical one sided documentary however it does shed a lot of light into this topic.


Also, I'd recommend going here and looking at the FDA's proposal on labeling %DV for added sugars: http://www.fda.gov/Food/GuidanceRegulation/GuidanceDocuments...

rm_-rf_slash 3 days ago 3 replies      
Their message is shamelessly misleading, but there is something to it: most people will find it requires far less willpower to put down the fork than to put on some running shorts and go out for a jog.
awjr 3 days ago 4 replies      
I recently watched http://thatsugarfilm.com/ which looks into why sugar is so bad. Sugar consists of Glucose and Fructose. Your body knows what to do with glucose, releases insulin preventing fat from being burnt and enables your cells to use glucose. Fructose is converted into fat by your liver but cannot be used until the insulin subsides. Fructose really is "bad". Sweetners do not help either as they keep your body addicted to sugar. It also looked at the impact sugar had on brain function. Note that in the film he kept to similar calorie intake, just swapped out his good fat sources with low fat "healthy" choices. He gained 8kg primarily around the waste within 40 days.

Combine that with the meta study that showed exercise was not something to take up as part of a weight reduction regime http://www.independent.co.uk/life-style/health-and-families/... and you can begin to understand how important it is that Coca Cola need to push this message.

The reality is, added sugar products need taxation which is then ring-fenced to support healthy eating education and healthy transport schemes (Walking, cycling and public transport). We need to recognise that added sugar, in particular fructose, has to be treated on the same level as smoking is.

Hermel 3 days ago 3 replies      
To be fair, obesity is caused by a multitude of factors. For example, one often overlooked factor is the speed of eating. Your body only notices that you had enough with a certain delay. The faster you eat, the more you get in before feeling full. So regardless of food quality, fast food poses an elevated obesity risk.
pkulak 3 days ago 0 replies      
Here's the video that started a lot of the public awareness of the issue:


And there's also now a great documentary on Netflix called "Fed Up" (https://www.youtube.com/watch?v=aCUbvOwwfWM), for anyone who has a subscription. It particularly tackles this silly idea that it's okay to eat and drink shitty food all day, so long as you exercise for a little bit too.

bsdpython 3 days ago 0 replies      
I am far from knowledgeable regarding diet and nutrition but I recently switched from drinking a good amount of fruit juice and an occasional soda to drinking 100% water. I wasn't really even overweight but I shed 10 lbs within a month and I feel in much better health. I don't think it's just sodas - pretty much any drink with a lot of calories and sugar seem like a waste. Now when I see those giant sized sodas in restaurants I can't believe I used to drink them.
rayiner 3 days ago 3 replies      
I don't get the whole anti-"processed food" thing. The whole change in weight in the U.S. can be explained by increased caloric intake since the 1970's. It's not like we didn't have Coke back then.

I think the real problem is capitalism. It makes good economic sense to sell your customers too much food. Consider Starbucks. Your parents' coffee and a donut was a 250-300 calorie breakfast. Today's latte and a scone is double that and yields a much nicer profit margin.

mason240 3 days ago 3 replies      
Are the studies still producing valid, peer-reviewed results?
will_brown 3 days ago 1 reply      
This post reminds me of the mouse experiment showing mice preferred the reward of refined sugar over cocaine, even when the mice were already addicted to cocaine. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1931610/

Perhaps their should very basic study on general health/weight of people who regularly consume refined sugars and those who abstain from refined sugar (with neither group engaging in structured exercise. Or have these scientists answer a more basic question about obesity...all things being equal, if you took a person (whether they exercise or not) would that person be more likely to be obese if they consumed a 200 calorie soda every day or replaced the soda with 200 calories of almonds. I think people would be greatly surprised to find out a calorie is not simply a calorie as is often suggested and that sugar has a lot more impact on obesity than fats.

acd 3 days ago 0 replies      
There was an article here that 50% of food science is not valid research. Further companies in the food industry pay researchers to do research which by chance often returns positive studies in favor for those who paid for it.

"No connection with Fructose and obesity"Sponsored by the Canadian sugarinstitutewho is owned by: Coca Cola and Pepsi co and corn producers.

whizzkid 3 days ago 2 replies      
It is little bit weird that we are hearing this from scientists but apart from that there is nothing wrong with what it says I think.

Just because some people can not resist and drink responsibly, why should the company take the blame?

Having too much of almost everything is bad for you, am i missing something here?

raverbashing 3 days ago 0 replies      
Free soda refills in restaurants may make sense economically but it makes no sense from a diet point of view

Same thing with most crap people eat every day.

I'm not against processed foods per se, the increase in food safety and storage time makes sense.

Now, people make meal-sized (calory-wise) snacks by stuffing a bag of Doritos in between meals, eating a whole pack of Oreos, or just eating unbalanced (usually both micro and macronutrient unbalanced) meals etc

tlb 3 days ago 1 reply      
Is there much high quality, original research left to be done around "sugary diets cause obesity?"

It's not my field, but I suspect that the only original research left to be done examines other potential causes. There's lots of good work on the Microbiome, for example.

Can someone from the field tell me, if they had a big fund to counter-balance the bias caused by Coca-Cola, what original research it would fund?

kelvin0 3 days ago 1 reply      
Here is an alternative view to these corporate 'studies':https://www.youtube.com/watch?v=dBnniua6-oMOr simply watch pictures taken in the 1920-60's, it's pretty shocking how most north americans were much much leaner.
cowardlydragon 3 days ago 0 replies      
ChrisLTD 3 days ago 0 replies      
This is reminiscent of the tactics tobacco companies used to keep selling cigarettes after research and experience started to suggest their products caused cancer.
frogpelt 3 days ago 0 replies      
absolutenumber 3 days ago 0 replies      
Simulacra 3 days ago 0 replies      
This is a duplicate.
pinaceae 3 days ago 2 replies      
BiboBonn 3 days ago 0 replies      
PepeGomez 3 days ago 0 replies      
EliRivers 3 days ago 0 replies      
Samsung unveils 2.5-inch 16TB SSD arstechnica.com
261 points by twsted  14 hours ago   125 comments top 14
jaawn 9 hours ago 6 replies      
Every piece of storage news I've seen for the past year or two reinforces my opinion that there is a great deal of price-fixing happening in the consumer storage market. The price trend of 2TB HDDs, for example, just does not make sense.

When I see that a company can now create SSDs with ~16x more capacity than the best consumer option, I feel like something fishy is going on that is artificially slowing the pace of larger capacity drives making it into the hands of consumers at a reasonable price.

intrasight 1 hour ago 1 reply      
A version of Moore's Law seems to apply to storage, which is very much a good thing. The first IBM Winchester I used cost a couple year's salary and stored 30MB on 14" platters. The next I used was an 8" ~150MB and only cost a couple months salary. Forward 30 years and I can buy a 500GB drive the size of a stick of gum for a couple hours salary. 30 more years? Can't wait to see. I assume I will eat the stick of gum and by doing so know everything in the Library of Congress.
HorizonXP 5 hours ago 2 replies      
I'm reading the Innovator's Dilemma right now, and I just finished the chapter about the storage industry. The author draws the conclusion that solid-state drives may eventually move upmarket from cash registers and embedded applications to PCs and such.

Having seen the move from 5.25" HDDs to 3.5" HDDs, then the move from desktops to laptops, and now seeing SSDs becoming extremely common in laptops, tablets, and phones, I have to believe that the author predicted the future when he wrote the book.

Since PC sales have dropped, people are not buying as many HDDs, and buying more SSDs, usually indirectly. Cloud infrastructure has likely gobbled up the existing HDD supply.

But even there, SSDs are preferred for many applications, such as databases, since they're faster overall, storage limitations be damned.

And now we're seeing the first SSD that has a capacity greater than HDDs, in a similar sized package. And no current HDD company has an SSD offering worth mentioning.

It's disruption happening right before our eyes. History seems to repeat itself all too often!

jtchang 11 hours ago 4 replies      
Holy that is a lot of storage in a very small amount of space. Besides the fact that I want one right now I am starting to wonder how much heat this will generate.

A lot of 1 unit rack servers can fit about 8 2.5" drives. 128TB of storage in 1U is pretty crazy storage density.

Everytime they reveal a larger capacity drive I just wonder what the backup strategy is going to be. Longer tapes?

IanDrake 9 hours ago 5 replies      
Can someone explain to my why SSDs still cost more than HDDs?

When I look at all the moving parts in an HDD, I'm shocked they can still be produced for less.

ChuckMcM 4 hours ago 0 replies      
Interesting given the reliability news Facebook posted on their SSDs. With a 5x10^11 UBER you could not even read all the sectors on a 16TB disk reliably. Something I'll be looking at when I get my hands on one.
MaysonL 4 hours ago 1 reply      
The really amazing thing is one of their other announcements [0]:

Samsung has designed the PM1725 to cater towards next-generation enterprise storage market. This new half-height, half-length card-type NVMe SSD offers high-performance data transmission in 3.2TB or 6.4TB storage capacities. The new NVMe card is quoted with random read speed of up to 1,000,000 IOPS and random writes up to 120,000 IOPS. In addition, sequential reads can reach up to an impressive 5,500MB/s with sequential writes up to 1,800MB/s. The 6.4TB PM1725 also features five DWPDs for five years, which is a total writing of 32TBs per day during that timeframe.

[0] http://www.storagereview.com/samsung_announces_tcooptimized_...

markhahn 11 hours ago 2 replies      
what's that in stationwagons full of LTO6 tapes?
AlexEatsKittens 6 hours ago 1 reply      
I'm slightly surprised by the numbers given for IOps. The example they give is 48 drives giving 2MM IOps:

2,000,000 / 48 = 41,666.66 IOps

45k IOps for 16TB limits its use cases a bit. I don't know enough about storage to make an educated guess, but anyone know what the constraint there might be? Aren't there controllers that can do 1MM IOPS on single EFDs? 45k is still a ton of operations, but I expected more somehow.

Gladdyu 9 hours ago 1 reply      
I wonder how this will compare to Intels 3D NAND flash chips (http://www.ipwatchdog.com/2015/08/12/intel-micron-develop-3d...). Some competition on similar technologies is never wrong!
riobard 11 hours ago 3 replies      
Am I right to assume that NAND flash has higher storage density than magnetic disks? I've been trying to find some definitive data about this but failed so far. I'd really appreciate if someone can point me the right direction to search.
vegabook 9 hours ago 2 replies      
Moore's law is passing the baton from GHz to the storage stack. Whereas you once had a simple RAM + HD setup, you now have a teamworking hierarchy of storage technologies: Cache / 3d stacked mem / DRAM / X-point / SSD / HD. Each one of these is behaving just like GHz did: doubling in speed/capacity every 18 months. Given that this is where the performance bottleneck has been, we're looking good on exponential performance upside for a long time to come if we extrapolate the recent trend. Excellent.
logicallee 9 hours ago 2 replies      
if they really wanted to make waves they would unveil the world's fastest AND the world's largest hard-drive, two in one, with an onboard battery and hybrid 64, 128, or 256 GB of RAM (not SSD) in 2x, 4x, or 8x 32gig dimms exposed as a physical Drive, costing +/- $800, $1600, and $3200 respectively, in addition to the 16 TB second physical drive, all integrated in one package so you can't disconnect the battery and nuke your lightning-fast drive without being extremely aware that you're doing so.

The hard drives would have ironclad firmware that keeps the RAM refrehsed until its battery goes down to 15% (or whatever the conservative 10 minutes of power is), at which point it takes the ten minutes to dump the contents of that RAM to SSD, and reverts to having that drive also be SSD until the power is reconnected long enough to charge battery back up to 80%. Then it reads it back into RAM and continues as a Lightning Fast 64 GB + Very fast 16 TB drive.

You would store your operating system on the lightning-fast drive.

The absolute nightmare failure state isn't even that bad, as even though the RAM drive should be as ironclad as SSD, in case it ever should lose power unexpectedly through someone opening the device and disconnecting the battery or something, it can still periodically be backed up, so that if you pick up the short end of six sigma, you can just revert to reading the drive from SSD rather than RAM and lose, say, at most 1 day of work.

thoughts? I bet a lot of people would be happy to pay an extra $800 to have their boot media operate at DIMM speed, as long as the non-leaky abstraction is that it is a physical hard drive, and the engineering holds up to this standard.

There is a lot of software out there that is very conservative about when it considers data to be fully written - it would be quite a hack for Samsung to hack that abstraction by doing six or seven sigma availability on a ramdrive with battery and onboard ssd to dump to.

ck2 8 hours ago 0 replies      
How yuppies hacked the hacker ethos aeon.co
281 points by edward  3 days ago   211 comments top 39
Animats 3 days ago 5 replies      
I suspect that the author has read Derrida. He's obsessing on the meaning of a word and following semi-random threads trying to deconstruct it. That's classic Derrida. That approach doesn't solve any problems, but it's a useful way to generate papers. If you read some Derrida, you too can learn to generate blithering of that type.

As for yuppies vs. hackers, it helps to go back further, to understand how hippies morphed into yuppies. Hippies were mostly self-indulgent types who spouted bogus philosophy to justify their existence. Yuppies are mostly self-indulgent types who spout bogus philosophy to justify their existence. Stewart Brand, of Whole Earth Catalog fame, led the transition from hippie to yuppie, from the commune to the "lifestyle industry", from growing your own food to Whole Foods.

What happened to the hacker ethos was the absorption of computing into the advertising industry. The hacker ethos survived the Microsoft era, but not the Google era. Microsoft was about tools, which was consistent with the hacker ethos. Google is about ad clicks, and its success created a whole industry focused on ads and user exploitation, not tools for user empowerment. That's what destroyed hacker culture.

rm_-rf_slash 3 days ago 11 replies      
When I realized that the kids of the old money elite began to see Silicon Valley, not Wall Street, as the means to big money, I decided I could never go back.

The elitists came to Northern California - a vanguard of social liberalism, student protest, and most importantly communitarianism - and brought their elitism with them.

Northern California still exists in the nostalgic hippie image of the 60s, but it's compartmentalised, like the Dropbox brogrammers elbowing out kids at a playground. Public spaces increasingly become private in the name of profit.

Over time, the feel of free love will fade away entirely in the Bay Area. Everyone interesting who isn't a millionaire will be pushed to the margins, and eventually, more welcoming spaces, like Detroit. I implore the tech elite of Silicon Valley to consider a future where an expensive tech-centered monoculture makes the Bay Area an unattractive location for long-term employees, and instead relying on mercenary college grads who put up with the cost and the crazy for a few years before moving on to a more fulfilling job and place to call home.

bcg1 3 days ago 1 reply      
This article is bound to ruffle some feathers around here.

The writing is spot on but will cause some cognitive dissonance for some as the words ring true but conflict with the structures they have set up in their minds and in their lives.

I think that the commercialization can be good though... the culture gets to live on and propagate when there is a way for hackers to make money doing what they love. Any successful counterculture is bound to be co-opted and exploited, but that doesn't mean that true participants in that culture shouldn't be able to subsist off of it.

Author makes the comparison to hip-hop culture which I think is a good one... there is a highly commercialized side of that culture in rap music, but there are still "underground" emcees not to mention deejays, beatboxers, graffiti writers, and others who are able to build up their culture due in no small part to the money coming in. Of course, to maintain a good balance, you need keepers-of-the-faith like the author who are willing to smack down arrogant upstarts who think they can piss all over and redefine the culture they claim to hail from.

adricnet 3 days ago 1 reply      
I scanned this before coffee this morning and in short I'm not sure anyone else should read it in its present state.

Although the author poses some interesting ideas the piece feels long and muddled and I'm not at all sure who the audience is or what the call to action might be. Voice is unclear as some paragraphs are personal statements ("I") and others are observations about culture and economics.

It might be more powerful if it was drastically shorter and simpler ... or maybe if it was three times longer with more references and a stronger set of recommendations. I really can't say.

jaegerpicker 3 days ago 1 reply      
This is such a poorly thought out article. The term hacker has also meant so many different things to so many people. I grew up with the 90's hacker scene. I was a teenager for almost all of the decade and I started programming and reading about, interacting with, and being a part of the 90's hackers groups. Those groups were called criminals, crackers, or cybergangs but a lot of the old school MIT crowd of hackers. Then the mainstream media picked up the term to mean criminals. Then my age group entered the workforce and redefined the term to mean an excellent programmer, as in hacker news. It's been constantly changing and meaning different things to different groups. How can you co-opt something that fluid? This article smacks of someone complaining about a culture they don't understand themselves.
clavalle 3 days ago 3 replies      
You know what's cool? Ignoring what other people think is cool.

Who cares if 'yuppies' 'gentrify' hacking. You neither have to stop doing what you like because groups you don't care for have noticed nor do you have to waste energy and time and fight against them for doing so.

Do what you want to do regardless. That is the answer to the author's questions.

If you are a hacker, or artist or music lover or anything else of a certain type merely because someone else isn't of that type you are not really that thing.

You are going to find posers as a sub-culture enters the general awareness but you are also going to find trickster godlings in suits with boring titles on their business cards if you don't let the trappings blind you.

Sir_Cmpwn 3 days ago 2 replies      
This hits home. I read hacker news and sites like it, but I know in my heart that the people here are not, for the most part, hackers.
veddox 3 days ago 1 reply      
I get the distinct impression that the author of this article doesn't really know what he is talking about. He doesn't bother mentioning (if he is even aware of the fact) that "hacker" != "cracker", but kind of muddles both groups into one. The very fact that he talks about "The construct of the good hacker" tells me that he never did his homework properly.

Last time I checked my history books, hackers used to be "good" when they started out. Yes, they were counter-cultural and yes, many had more or less pronounced anarchists tendencies. But they were definitely not the rebellious threat to public safety that the author portrays. In fact, the author gets it back to front: the real corruption of the term "hacker" happened twenty-five years ago, when the media started applying that label to cyber criminals. If anything, Silicon Valley is actively countering that original corruption by their current use of the term. (Though it is quite possible that they are misusing/over-using it in smaller ways.)

In short, this is a prime example of an article about a subculture that is untainted by any understanding of the same.

jasode 3 days ago 5 replies      
This unremarkable essay is another one of hundreds repeating the theme about "money destroying true hackers". One can rewrite the same article using other synonyms such as "Silicon Valley Has Lost Its Way" or "How Greed Is Ruling Silicon Valley."

This theme can be further generalized into "money is ruining <insert_whatever>".

"Money is ruining music. Bing Crosby was a true artist; Today's performers like Lady Gaga is a commercial pandering."

"Money is ruining movies. The 1970s had auteur directors but now all we get at theaters is superheroes in spandex and Disney princesses because they need ROI from international blockbusters."

Writers, thinking they have something new to say, like to write on those themes. Readers, with a predisposition to seeing what's wrong with the world, like to read them. I suppose it's some sort of 1st-World ritual of commiseration. Personally, I find those essays devoid of any insight. I can acknowledge that there are undeniable trends there but I try to avoid categorizing them into value judgments of "good vs evil". I understand the economics of why Disney's "Frozen" is the type of film that theaters prefer to show rather than Michael Cimino's "Heaven's Gate".

An example of force-fitting his observations into categories of Hackers-vs-Yuppies (aka good-vs-evil) is his claim:

"Im going to stake a claim on the word though, and state that the true hacker spirit does not reside at Google, guided by profit targets."

That broad-stroked brush is amateur writing. Google is a big place with ~57,000 employees. Sure, there are probably engineers doing soul-crushing work of parsing logs for server reliability or optimizing ad click conversions. But I'm sure there are other pockets of engineering where "hackers" are innovating and trying to change the world: driverless cars, balloon wifi, etc. It's the same contradictory pockets of bored employees coexisting with passionate hackers in different areas of large companies like Lockheed, AT&T Labs, Apple, etc.

As far as "yuppies" ruining the hackers, I'm not sure who's supposed to be an exemplar of the "hacker" that he wants to run SV. Steve Wozniak & Steve Jobs both came from middle class families. They weren't hobos living out of their cars and overturning the world with their hacker ethos. Apple took money from VC investors within 1 year of its founding. Even Richard Stallman's family background can also be considered "yuppie".

erikb 3 days ago 0 replies      
"Go home, yuppies!" - Yes and no. Hacker spirit is flexible, so why are we still sitting on that name? It's dead for that spirit since the 90s. In some regard I think, that I even care might be a good proof that I don't really belong. Wouldn't be strange to see the "real hackers" to just go hack something else while we sit here discussing "community norms" and "special terms".
return0 3 days ago 0 replies      
They could just stop calling it hacking. It's such a cliche term nowadays. Look at me, i'm writing in an entrepreneurial forum, and even that is called 'hacker news'. Yesterday drchrono was looking for 'healthcare hackers' by which they meant programmers. I giggled. Hacking is like the new indie. It will come, and pass.
radmuzom 3 days ago 0 replies      
One of the earliest articles on "hacking" which I read was by Richard Stallman - On Hacking [1]. The article seems to agree in spirit with what RMS was talking about.

[1] https://stallman.org/articles/on-hacking.html

m-i-l 3 days ago 0 replies      
The countercultural trickster has been pressed into the service of the preppy tech entrepreneur class

Concern has been expressed that the new generation of artists (musicians, actors etc.) in the UK seem to primarily come from upper middle class backgrounds[0]. I have started to wonder if the same could be said of the tech startup scene, e.g. in London. This could be due to the increasing difficulties someone would have living on a period of effectively zero income, unless they had the backing of rich parents.

[0] Could cite lots of articles, but http://www.standard.co.uk/business/markets/confessions-from-... is just one recent one.

gambler 3 days ago 0 replies      
This reads like a typical cultural critique article. Long text, contrived definitions, lack of overall insights into the subject. At least I didn't see anything that would make go "ah, I never thought of that". It's mostly word games.

Even though many people try to draw parallels between hackers who creatively modify systems and hackers who break into systems, there is little overlap these days, except, maybe some common roots in history and the fact that the latter usually have ample skills to do "creative" hacks as well.

Hacker culture being subverted? With multitude of security conferences, daily news about research into new vulnerabilities and increasingly frequent criminal hacks, I think hacker culture is actually doing pretty well in many of its diverse forms.

roneesh 3 days ago 3 replies      
Look, you can construct whatever narrative you want about power, people and the ebb and flow of capital, but it's pointless.

People like nice things. There I said it. Most people like nice cedar lined floors, expensive drinks and well cut clothes. And when you have those things, it's marvelous how quickly your disdain for the 'institution' evaporates.

Most of us aren't really hackers in that nostalgic sense. We're normal people, yuppies, kids, nerds, dorks, that one dude really into Aphex Twin in your office (everyone has one). We just happen to be good with computers.

steeples 3 days ago 0 replies      
Hacking for me was always about pushing the envelope, and if that meant getting the right tools for the job, then that also meant working for old industrial monopolists and building out my crystal palace in my own free time. After work I would come home, switch on my Pandora's box, and use my paycheck to have fun. The problem with doing this for extended periods of one's life is that you see all your peers getting stinking rich, and you almost feel left behind, like a lone wolf hacker who missed the proverbial boat of investor money. On one hand this can feel miserable because Fear of Missing Out (F.O.M.O) feels like a legitimate thing to be concerned about. On the other hand, the hacking escapades are exhilarating and quickly drown out F.O.M.O because those same people that are getting rich are missing out on the joys of low level disk hacking, and twitter bots that can disrupt markets and sway the stock market any way one wants. The F.O.M.O is quickly drenched by fun. Let fun precede every other activity. This is the hacker way.
aluhut 3 days ago 0 replies      
clickok 3 days ago 1 reply      
The main objection against the ending refrain of "go home, yuppies" is that, since hackers (however you define the term) have valuable skills, they should be able to earn money using them.If the alternative is working in a menial capacity for some large alienating infrastructure (see what I did there?) with hacking as a hobby, then I'd rather be working on something interesting, even if it makes me complicit in gentrification[0].

So, that's the whole issue right there-- being a hacker has become a career path, and it's iteratively becoming more mainstream as the expected benefits are formalized and the stigmas exorcized[1]. That doesn't really sound all that bad, but the problem with gentrification is that it pushes the original tenants out, which is kinda scary when we're talking about the gentrification of an idea.

"Real" hackers become hard to identify among the masses who can sling a little javascript, and so they end up on the fringes of their own movement.

Of course, I'm not really sure how much such real hackers care.It'll be inconvenient when you can no longer identify a member of the tribe by a simple shibboleth, but that is not an insurmountable obstacle.

In my opinion, l33t H4x0r status is something you earn[2].A yuppie having "hacker" on their business card is likely doing about as much damage to hackerdom as the self-titled programming rock stars, ninjas, wizards, etc. etc. did to those professional groups.


0. Incidentally, does anyone else get reminded of things like The Rebel Sell or The Conquest of Cool by pieces like this? All of this handwringing serves to subtly indicate that the author is the sort of person who happens on these scenes before they were cool.

1. Even if you can't get rid of the more Stallman-esque members of the tribe, they get romanticized, deified, reduced to stories instead of people who could be brilliant, visionary, and kind, but moments later gross or needlessly rude.

2. Generally by spelling with your number keys.

humbleMouse 3 days ago 1 reply      
Don't really like this article, the writing is embellished and the thesis unclear.
irl_zebra 3 days ago 0 replies      
I have to say, I really enjoyed how they placed their newsletter signup. I actively rebel (maybe that's the hacker ethos per this article, haha) against the ones that have a giant popup and often put totally incorrect information just because I'm so annoyed. This one has the signup unobtrusively in the middle of the article a little ways down. Thus, if you found the article interesting enough to keep reading, you came across the newsletter signup embedded unobtrusively. I signed up for a newsletter from a website/blog for the first time in a long time.
busterarm 3 days ago 1 reply      
I'm working too hard and too sleep deprived to read the full article, but am I the only person noticing that every single lawyer and MBA under 35, almost without exception, is attending or trying to attend a code school to change careers? Many of the ones I meet talking about it have very limited tech experience.

That's very much how it seems in NY right now.

stillsut 3 days ago 3 replies      
Here's the key point where the author and me diverge:

> In this context, the hacker ethic is hollowed out and subsumed into the ideology of solutionism, to use a term coined by the Belarusian-born tech critic Evgeny Morozov. It describes the tech-industry vision of the world as a series of problems waiting for (profitable) solutions.

Trade is the ultimate form of autonomy because when someone willingly buys what you're selling you can be self-sufficient (as opposed to dependent on a beneficent family/non-profit organization/gov't). Obviously tech startups have deviated from the hobbyist "I'm getting my kicks" ethos because they're trying to hack the softer domain that is customer behavior. Solutions to real problems are always win-win, and to believe otherwise is pretty weird.

danjc 3 days ago 0 replies      
It's pieces like this that keep me coming back to HN. They also make me wish I could write as well!

It always irks me when I hear people refer to themselves as hackers (Zuckerberg for one) and this article articulates why far better than I could.

jkot 3 days ago 1 reply      
Lets be grateful for yuppies and their money. Computers and gadgets are today cheap and widely available. And there is finally no social stigma related to nerds. 'Real hacker' who works on AI, security etc.. has now life easier.
kazinator 3 days ago 0 replies      

1. Define what hacker means (prior to the yuppie gentrification), for numerous paragraphs. Bulk of article.

2. Big drop G paragraph: point actually starts here. (Just scroll down until you see a big G).

3. Fizzle on about gentrification of hacking, sort of making a point.

4. Send yuppies home.

Bohahahaha 3 days ago 0 replies      
I'd rather say, 80s hackers are todays yuppies. So it might be the same people.
api 3 days ago 1 reply      
Fight the man hard enough and you win. Now you're the man.

It wasn't colonization that yuppified hackerdom. It was evolution. Most of the old school hackers became yuppies when they found out they could make lots of money off this stuff. New school hackers are entering the scene now and this is all they know.

The same thing happened to old school counterculture hippies who found out their ideas and their styles sell. Hippies founded loads of clothing brands, trendy shops, 'new urbanism', and the whole organic food movement, all of which are now massively profitable. Whole Foods Market (Nasdaq: WFM, an S&P500 component) is a direct evolutionary descendant of the dirt-worshipping weirdos that spurned 1950s white bread culture and danced in the streets on acid.

Nothing really goes extinct. The dinosaurs are still here. In America we have a custom of roasting one on Thanksgiving.

I grew up with the old school 90s cyberculture, and I miss it dearly. I remember downloading text files on phone phreaking from H/P/V/A BBSes, hacking PBXes to dial demo scene boards in Europe, and watching Second Reality (https://www.youtube.com/watch?v=rFv7mHTf0nA) for the first time on my 80386 with 4mb RAM.

I keep a few museum pieces of stuff I made back then here: http://adam.ierymenko.name/ye_olde_source_code.html

Today I am doing this: https://www.zerotier.com/

In its original form this old hacker culture is mostly dead. Its successor in an evolutionary sense is the startup scene.

If you doubt this thesis consider that you're hanging out at Hacker News, which is run by a billion dollar VC firm. I rest my case.

Yesterday we had Future Crew and L0PHT Heavy Industries. Today we have Y-Combinator and Andressen Horowitz. Today's hacker groups have cap tables.

By saying this I am not claiming that this was an entirely positive change. Evolution is not a progressive march 'upward'. The word evolution just means 'change over time.' Some features are gained, others are lost.

In evolving along these lines the hacker scene gained a lot but it also lost a lot. It lost the creative ethos of play and experimentation, replacing it with an engineering culture ruled by the hidebound plodding competence exported by top-ten universities and their engineering programs -- excellence at doing things we already know how to do. It also lost its countercultural and social ethos, replacing it with a yuppie get-rich mentality. But it gained the ability to act on the world stage. I would argue that hackerdom evolved into a global economic superpower with the capacity to influence not only global geopolitics but the future of human evolution.

You'll say it lost its soul and I won't argue with you. It certainly lost the things that made it great in its time and its place.

But that's the thing. Dinosaurs became birds because the dinosaur thing was played out. 90s hacker culture was great in its time and place. I wonder how relevant it would be today. This is not the 1980s or the 1990s. Everything has changed.

I think the question we need to be asking is what now? Where can we go from here? What might we evolve into that is perhaps more interesting than what we are today and how do we get there? The answer (IMHO) is never going back to the way things were. It's always the forward escape.

Edit: another useful question to ask is: what was it about old school hacker culture that predisposed it to evolve into this? It's particularly interesting to ask this about aspects of today's startup scene and Silicon Valley culture that you don't like. For example: I find the fratty 'brogrammer' thing irritating, but I can see its ancestry in the overwhelmingly male and somewhat sexist hacker culture of yore. It's just that minus the counterculture trappings.

traverseda 3 days ago 0 replies      
>We are currently witnessing the gentrification of hacker culture. The countercultural trickster has been pressed into the service of the preppy tech entrepreneur class.

Ouch. That hits hard.

pietaalpha 2 days ago 0 replies      
The best way of eliminating the hacker ethos is to create economic forces, starving programmers and Ph.D people, low wages so that the search for money is key. Is HN about hacker ethos or about making money?
omouse 3 days ago 0 replies      
The only thing I took away from this is that more hackers who are hacking on hackathon projects and for-profit code bases should be hacking on free/open source to maintain the spirit of the hacker ethos.
rumcajz 3 days ago 0 replies      
Dunno about America but why not take part in CCC? That still has the old-school hacker feeling about it.
cafard 3 days ago 1 reply      
I thought that yuppies had disappeared along with hippies, beatniks, Teddies, etc. etc.
77f89faf 3 days ago 0 replies      
Hint: the phrase 'to suffer fools gladly' comes to mind.
smadge 3 days ago 0 replies      
paulhauggis 3 days ago 1 reply      
"Gentrification is the process by which nebulous threats are pacified and alchemised into money"

I never understood why the citizens of a city are against Genetrification. It improves not only the quality of an area, but can make you money if you own property there. Creating laws against it essentially keeps the poor, poor. On top of this, anyone with a little bit of succes and/or money leave.

It's just another example of politicians decreasing social mobility under the guise of helping the poor.

peterwwillis 3 days ago 0 replies      
The author is confused because they think a 'hacker' is a tangible thing. It isn't. It's an idea without shape, a calling without purpose.

The prototypical self-described hacker is an insecure person who attaches themselves to a romantic, powerful identity in order that they might attain these qualities themselves. But the power of the hacker is that of a magician: conjuring tricks in order to amaze the public and seem mysterious, powerful, skilled.

Here you see a normal web server with a firewall. It's totally secure. Nothing up my sleeve, as you can see. But wait... Alacazam! Now I have a remote shell!

If the author wanted to 'resist' traditional economic institutions they could become a circus performer. But then they couldn't fulfill the true 'fetish', which is that anti-authoritarian action through intellectual skill and craftiness is a pursuit to be proud of; one that the audience should revere.

The fact that this author's lofty rejection of traditional economic forces packaged in a sexy identity also has the ability to provide them a very comfortable living is, it would seem, totally accidental.

seiji 3 days ago 0 replies      
If you want to see how true "hacker ethos" existed as compared to today's "WE HIRE HACKERS" brandvertising placed in IPO filings, check out early or pre-www FAQs.

Here's a good one (a few MB of text) about hacker encryption: https://www.cypherpunks.to/faq/cyphernomicron/cyphernomicon.... other traditional sources are the anarchist's cookbook and anything with more of a "fight the man" sense from the 70s and less of a "give us billions of dollars" sense from the post-popular-Internet era.

Hacking is about a nerd underclass fighting an oblivious overclass. Up until the late 90s, hackers had never "won." But with Internet mania sweeping the world, the nerds started to win. They became "the new man." Now the new overclass needs to be brought down themselves. You don't win hacking, you just become a more prominent target.

Hacking is also about exactly not that.

Hacking is just ignoring everybody else and doing good work you can be proud of. It's the only reason Apple exists. Hacking is about not trying to win, it's just about being clever.

Companies promote hiring the second kind of hacker because those people pay no attention to the value they create as long as they're having fun. So, you get someone puzzle-obsessed, give them a $50 million problem to solve, they solve it, and you keep paying them their $125k/year. Everybody's happy and the CEO gets to join the three comma club even sooner thanks to the selfless hackers who enjoy subsidizing billionaires while living at the bottom of the org chart.

Gigamouse 3 days ago 2 replies      
For those who think this article is too long, here is summary:

This gist of the article is that the hacker impulse or hacker ethic is a natural human response to large alienating infrastructures that allow little agency on the part of individuals. Hackers take different forms, but are identified by 1) a tendency towards creative rebellion that seeks to increase the agency of underdogs in the face of systems that are otherwise complex or oppressive or that limit access to experts 2) a tendency to acting out that rebellion by bending the rules of those who currently dominate such infrastructures (this is in contrast to the open rebellion of liberation leaders who stand in direct defiance of such rules). They thus are figures of deviance, seeking to queer boundaries that are otherwise viewed as concrete and static.

Having set up a definition of what the hacker ethic is, the article goes on to argue that the ethic has been corrupted due to its association with computer culture in the public eye.

On the one hand, in a world where people increasingly rely on computers for subsistence, the bogeyman figure of the criminal computer hacker has emerged, a figure of media sensationalism and moral panic.

On the other hand, the increasingly powerful technology industry has honed in on the desirable, unthreatening elements of the hacker ethic to present a friendly form of hacking as on-the-fly problem-solving for profit.This is described a process of gentrification: In most gentrification you have twin processes: On the one hand, a source culture is demonised as something scary to be avoided. On the other hand, it is simultaneously pacified, scrubbed of subversive content, and made to fit mainstream tastes. This has happened to rap culture, street culture, and even pagan rituals. And the article argues, it is now happening to hacker culture: The countercultural trickster has been pressed into the service of the preppy tech entrepreneur class.

The article concludes with a reflection on whether you abandon the gentrified form, or whether you fight for it. There is reflection on whether the hacker impulse perhaps has always been an element of capitalist commodification processes, but argues that it is an ethos that needs to be protected: In a world with increasingly large and unaccountable economic institutions, we need these everyday forms of resistance. Hacking, in my world, is a route to escaping the shackles of the profit-fetish, not a route to profit.

astroteller 3 days ago 0 replies      
Garbage article.
Every 30 minutes Windows 10 sends all typed text to Microsoft translate.google.com
287 points by cantrevealname  16 hours ago   201 comments top 20
czechdeveloper 15 hours ago 3 replies      
About information source: Aeronet.cz is known Russian propaganda website in Czech. Nothing close to credible source. I don't judge content, but this should be noted.

Just try


Beltiras 15 hours ago 8 replies      
It's in the privacy policy. I didn't believe what I was reading. Windows 10 is unusable for anyone handling any sensitive data. Think doctors, psychologists, anyone under an NDA.


knowaveragejoe 15 hours ago 1 reply      
Analysis here:


Doesn't look like the original source of the info is very trustworthy, will need other people to verify this.

guardian5x 15 hours ago 0 replies      
Is there any other reliable source for this? Extraordinary claims require extraordinary evidence. Having a keylogger in the system by default sounds like a move that would exclude MS from competing in any businesses in the future.A move that seems illogical.So it would be nice to back that story up with some more information.
signal11 15 hours ago 0 replies      
I don't have a Windows 10 box near me but I remember an option to send typing data back to Microsoft, which I switched off. I see they have a short FAQ about it too: http://windows.microsoft.com/en-us/windows-10/speech-inking-...

"Go to Start, then select Settings > Privacy > General, and then turn Send Microsoft info about how I write to help us improve typing and writing in the future on or off."

Does anyone know if this stops Windows 10 from sending typing data across?

llama052 14 hours ago 7 replies      
What is it lately with Windows 10 privacy issues blowing up in Hacker-news since windows 10 came out? I know most of you guys are Apple/Linux guys (I myself love Linux like the rest of you) but come on, Apple does this, your smartphone does this, most services you use do this. Just getting tired of the big bad M$ hate bandwagon. This isn't even a credible article and people are already going off about it. This is no different than Yosemite which logs your location and searches that you make with Spotlight and Safari. Yet, I don't recall seeing articles constantly on the front page about that? Seems a little biased to me.

NOTE: Not that I condone what Microsoft is doing, just a little hypocritical to think that big bad Microsoft is doing anything new in the industry, especially when the products you guys are talking about jumping ship to, have the same problems. This is nothing new

dothis 14 hours ago 0 replies      
I don't want the OS to talk to anywhere except for a clearly defined, lean, verifiable process that fetches security updates.

That's why I use Debian. And hope they do the right thing.

wtbob 15 hours ago 2 replies      
I wonder if Microsoft also send typed-in passwords to themselves.
splitbrain 15 hours ago 1 reply      
However this will turn out (for now it looks like the source not very trustworthy) I wonder if there's a small little tool you can install on a fresh Windows 10 that will let you disable all the various privacy related setting in one screen. Just a list of checkboxes with short descriptions of the setting and what feature you will lose when disabling it.
amelius 15 hours ago 1 reply      
When using Google Docs, the same thing happens :)

It is just part of the new trend, that everything runs in the cloud somehow.

chris_wot 13 hours ago 0 replies      
What is with these privacy violations? Lenovo just got caught out installing a BIOS root kit on a wide range of laptops [0], now Microsoft is phoning home?

0. https://news.ycombinator.com/item?id=10053419

mahouse 15 hours ago 5 replies      
Off-topic, and please believe me I'm not trying to start a flame war, but I'm really concerned about this and I think it could be time to switch -- is OS X any better in this regard? I had heard it has been phoning Apple since forever. (I'm not going to consider Linux for a desktop)
steeples 14 hours ago 3 replies      
steeples 14 hours ago 1 reply      


jand 15 hours ago 0 replies      
Just in case anybody wants to know:

If you want a Windows 10 without Cortana, simply disable the sound card during installation (BIOS or physically).

This is not a solution, but a workaround for those having no other choice. Tested with Windows 10 Pro N.

adam12 13 hours ago 0 replies      
I guess we won't be seeing any more of those Scroogled ads.
beauzero 12 hours ago 0 replies      
...and I just watched Kingsman the other day too. I don't need this crap.
arca_vorago 14 hours ago 0 replies      
First of all, as others have said, this source may be slightly dubious, but I have seen a handful of similar sources saying similar things, but I have yet to see an extensive reverse engineering effort. For the time being though, because of the variety of similar reports and side effects, I am considering Windows 10 an surveillance state approved operating system.

For example, in another HN submission where someone posted a tool to delete/disable tracking services and add ip lists to the hosts file, a user has reported startup errors. To me this indicates Windows 10 is trying to communicate even during boot without the users knowledge! That's a big deal in my book... I don't know about yall.

The one reason I have suffered the slings and arrows of Windows so long is for gaming purposes, more recently because I wanted to release my hobby side-project, a game in Unreal Engine 4, on Windows and so I have kept one of my computers on Windows 8.1.

Last night that machine was compromised, and despite my fairly extensive malware fighting abilities, I couldn't get rid of it. That means a complete wipe and only moving data over that I must have, and not trusting that data, not to mention never trusting the HDD again (going to have to throw it away). I also question my bios, so I'll need to flash bios too.

I run three main computers, Windows on a Asus laptop, OSX on a Mac Air, and Linux/DragonFlyBSD dual boot on a Macbook Pro 2014. I think Windows 10 just might be the excuse I need to push myself completely away from the MS ecosystem. I've been talking about it for years, but the power of their tie-in is not to be trifled with.

I also fear for the state of linux in the same way though. At >10 million lines of kernel code, I think the many eyes theory has a weakness, namely that complex and huge codebases are antithetical to the many eyes theory working. that's why I personally think the future of computing will be in code simplicity and pairing down existing codebases. A good example of a try at this is Minix 3. <10k loc. (of course lacks many features).

That's also why, even thought I'm a huge GPL/GNU guy, I am increasingly leaning towards the top down ecosystem of the BSD's.

I think there are a lot of fundamental issues in personal computing that many of us just ignore and don't want to discuss because the implications of the conclusions could be uncomfortable. I think it's time for those of us who are considered power users to start having this difficult discussions more often and in more public ways.

systemz 14 hours ago 1 reply      
CmonDev 15 hours ago 4 replies      
Why Not Insider Trade on Every Company? bloombergview.com
265 points by dsri  2 days ago   124 comments top 12
nostromo 2 days ago 15 replies      
It's actually still possible to perform a specific type of legal insider trading.

Example: you are an executive at E Corp and the company will announce its acquisition in two months. You had previously set up planned trades to sell x number of shares each month before then. Because the acquisition is at a premium on the current price, you will make much less money if you go forward with your trades before the announcement. So, what do you do? You cancel the trades.

Was this insider trading according to the SEC? Surprisingly, no! Even though you're profiting from insider information, the SEC rules are such that for insider trading to occur, you actually need a trade.


Martha Stewart did exactly this before her company was acquired earlier this year:


tokenadult 2 days ago 2 replies      
I think I will end up upvoting every share of this Bloomberg View columnist's columns here on Hacker News. The author, Matt Levine, thinks like a hacker in the best sense, by pushing ideas to their extremes and seeing what the consequences might be. He adopts a humorous tone, but his columns are full of food for thought.


Taek 2 days ago 6 replies      
Perhaps someone will change my mind, but I see the block on insider trading and spoofing as harmful to the financial industry overall.

Someone starts shorting a ton of Apple stock? That probably means something big is happen at Apple, and it's not good. It's information.

Spoofing as a technique can be used to combat and inhibit other types of trading, and is in some sense an algorithm to 'keep the opponent honest'.

As best as I can tell, the biggest reason that we as a culture are against insider trading is because 'it's not fair'. (happy to read a response that adds more depth to my understanding). It isn't fair, and the people with insider information are going to make a lot of money. But in the process of making that money they bring the information to everyone else. And insider trading incentivizes knowing as much as possible so that you can have an edge on the competition.

nomailing 2 days ago 1 reply      
I am wondering if this centralized infrastructure for financial news is actually a good idea. This could always happen again and again. All the employees in these news companies could get a mass of insider information which they could sell.

Isn't maybe an alternative decentralized news publishing service a better idea? Couldn't the CEO of a company publish their financial news only on their own website at the given publication date? Why is it necessary for these news to be stored in some central news database days before their publishing date? And I mean these as honest questions because I have really no idea what the advantage would be?

And another related question: wouldn't it make sense with today's Internet infrastructure to reduce the interval between earnings reports. Maybe it could even be something like a continous automatic publishing of these company finances. Always when some financials change it could directly be published. That way all investors would at all times have the same information as the insiders, so everyone would be on the same level. Of course some extraordinary news like mergers or acquisitions might still give some people insider information who prepare the deal, but at least the quarterly earnings could not be insider information.

random_rr 2 days ago 5 replies      
The tone of this article was really, like, interrupted by a prolific use of "likes."

I wish it were so simple to hand-wave all security risks. Mr. Levine's ability to find a MySQL tutorial was quite impressive, but his dismissal of very real security concerns is childish. It's like saying cars are known to crash, so quit crashing cars. It's so, like, simple!

uptown 2 days ago 1 reply      
Replace hackers with the NSA. Imagine the trades one could make with access to the world's email inboxes.
pbreit 2 days ago 2 replies      
Would it be so bad if insider trading laws just went away? Information is spreading faster than ever. So a few Mak outsized gains on some inside info. Is it that big a deal?
dmourati 2 days ago 0 replies      
I enjoyed the tone and the piece. His assessments of brute-forcing and SQL injections were quite accurate.
fitzwatermellow 2 days ago 0 replies      
I've been noticing a lot of spikes across assets lately. Always timed a minute or two before the official release print. That used to constitute a somewhat unusual occurrence. One expects relative calm before the storm. Now it seems to happen with every bit of data. It could be chalked up to algos pre-positioning in anticipation. But many times if you are tracking fellow traders on your twitter feed as well as the price action, you'll notice a cry of "Leaked!" coupled with the price swings. I always assumed something far more nefarious and insidery was taking place. Powerful forces manipulating markets for various geo-political ends and so forth. So am somewhat relieved to see ordinary everyday greed to be the culprit. Am waiting for a Nanex style expose on this phenomenon.
bbcbasic 2 days ago 2 replies      
Then there is the story of the really sophisticated guys who didn't get caught. Unfortunately that's a story you won't be reading online, but will just have to imagine.

It really makes me question the sanity of doing this illegal trading. For as much effort you could do something legal and make money. Maybe not as much but surely without the risk of going to prison.

tgpc 1 day ago 0 replies      
cheez 2 days ago 1 reply      
What blows my mind is that these people don't encrypt their emails with some form of plausible deniability envelope. I mean, if you're smart enough to set up servers for customers of your illegal activities, you should be smart enough to know what to avoid.
GitHub Desktop is now available github.com
292 points by bpierre  1 day ago   237 comments top 40
harel 1 day ago 8 replies      
Its a shame that a Linux version is not included. A significant volume of developers work on Linux. If doing a multi platform application, why exclude it?
grandalf 1 day ago 2 replies      
Github probably considers the "depth" of git use by the average user to be one of its KPIs. Git is extremely powerful, if you are only doing checkouts and commits you are under-utilizing the tool and also underutilizing the service.

So it's smart for Github to build tools that lower the bar for a) understanding git, and b) using git's more powerful features.

Useful metrics would be things like the percentage of users who use the pull request flow, use it with at least one comment per pull request, have pull requests that get revised, etc. etc.

I'd guess that part of the growth potential driving Github's valuation is the notion that git's power features add significant productivity/value and that github is uniquely positioned to let a significantly large number of developers and teams make optimal use of those features for development and collaboration.

jvehent 1 day ago 10 replies      
While I find this initiative fantastic, it's a bit frustrating that Github, a company that lives on source code being open, does not publish the code of tools like this one.
insulanian 1 day ago 5 replies      
I tried GitHub for Windows but found it a bit dumbed down. Switched over to Atlasian's Source Tree and never looked back.
BoppreH 1 day ago 0 replies      
Is this related to the recent Github For Windows redesign? It used to be a great product, but the last version made some really odd UI changes and the whole thing became 10x slower.

Github For Windows used to be as important to my workflow as my code editor. I absolutely loved the "click to select which lines to commit" feature, and I'm pretty sure it improved the quality of my commits drastically. And it was constantly improving.

A few weeks ago came a new version that changed everything. Previous updates used to be incremental, but this one seemed to replace everything at once. Overall the UI was still good, even though important parts became hidden behind tabs. But the performance... Oh god the performance. Syncing repos became a multi-minute operation. Listing commits went from instantaneous to taking several seconds. It became so unusable I switched back to Linux for development.

mwcampbell 1 day ago 3 replies      
The Windows app is still WPF-based and still uses ClickOnce for its installer. The web page claims that this is a new unified app, replacing GitHub for Mac and GitHub for Windows. But it seems to me that there are still two separate apps. I had expected something like a desktop app using web technologies via Electron, like Atom.
lucisferre 1 day ago 0 replies      
My initial impression is that I like it, but I'm confused what "git sync" is. I've never done a "sync" before so I'm uncertain what will happen when I click the button.

Seriously, I get it, people don't love git's choice of verbs and syntax. Picking different ones arbitrarily helps no one however.

bluetidepro 1 day ago 2 replies      
When I saw "Desktop" in the name, I was really hoping this also brought some of the web features to the app. Things such as being able to view/edit the wiki, or issues of the repo. I wonder if that is in their long term plans for the app at all? That would be really awesome.
XzetaU8 1 day ago 2 replies      
"Why don't you support the Linux platform?

At this time, we're focused on optimizing the Mac and Windows experience. We're always thinking about potential improvements for the diverse needs of our users, though!"


Something tells me that the Linux version will come up later.

rjv 1 day ago 3 replies      
I'd love to see more development in the Git GUI space; a GUI really enabled git adoption and comprehension on my team. SourceTree has been my go-to for over a year now and it generally gets the job done, but it can be flakey at times (on Windows) and it seems like Atlassian has taken a hiatus from active development. I hope Atlassian takes up the reins again - this tool is pretty essential for me and I'd be happy to pay for it.
the_ancient 1 day ago 2 replies      
For Mac or Windows....

it is just insulting that GitHub continues to Treat linux has a second class citizen when with out Linux Git would not be a project...

jaytaylor 1 day ago 0 replies      
This is confusing to me. Why is it "GitHub Desktop is now available" rather "GitHub Desktop App Updated"?

What is actually new here? I know the native GitHub GUI app has been available for a number of years before now.

nwienert 1 day ago 1 reply      
I've always wanted something where I can see the status of all my projects at once:

- Have other people committed things to origin on any of my repos?

- Do I have uncommitted changes on any of my repos?

- Notifications for when people push

Basically this but focusing more on collaboration.

jschulenklopper 14 hours ago 0 replies      
I wonder why, after downloading and installing the GitHub Desktop application I should use my GitHub account and password to connect the client to GitHub (with no other way available)?

Would it not have been better if GitHub Desktop was a seperate application that gets permissions (for example via OAuth 2.0) as an application in the "Authorized applications" section of the GitHub profile?

Or am I missing something here?

AdmiralAsshat 1 day ago 0 replies      
Can't access my Windows desktop to look now, but I thought I've had Github Desktop running on my PC for awhile now. Was this previously in beta?
cenaymer 1 day ago 0 replies      
I've heard numerous times that Linux's lackluster popularity is due 'chicken and egg' problem in the application space. If a company that gets the maximum possible percentage of Linux users is not willing to support the application for Linux then we can't expect anyone else will even attempt. May be because Linux users are 'smarter' and better off with CLI ;)
krisgenre 1 day ago 2 replies      
Hmm.. are there really no good cross platform GUI toolkits? Why is Linux being ignored often even by companies that target developers?
leeoniya 1 day ago 1 reply      
i wish they would make a decent mobile web interface, the current one is just painful to use. i always have to switch to desktop mode.
paublyrne 1 day ago 2 replies      
I've been using Github on Mac for a while now. It won't do all the fancy things that the CLI will, but I love it for the ability to break up large bunches of files into separate commits, for when I forget to commit for a while or my local repo gets a little messy.
cshimmin 1 day ago 0 replies      
Can I do anything with this that I can't already do from the website, or is it just the same tools with a nicer native UI? In other words, is this somehow bridging the gap between the site and the git CLI (which could be useful for some of my less tech-savvy collaborators)?
bamazizi 1 day ago 1 reply      
What's the advantage to SourceTree? aside from nicer ui.

I wish it had the code review, commenting, issue tracking of the web app in a desktop application, all in one place. It's a pain to move constantly between the editor, CLI/SourceTree and Github web app for everyday tasks.

andyfleming 21 hours ago 0 replies      
I really like the GitHub desktop app. Although, I honestly I could care less about the fancy new graph feature. I would rather they had added a couple of simpler, more useful features:

the ability to organize repos by organization or with custom folders/lists

the option to open a repo in a new window by right-clicking on one from the list in the left column

koyote 1 day ago 4 replies      
So does anyone know what they used to build the 'unified' app UI? If I remember rightly they used WPF on Windows in earlier versions. Is the UI now abstracted using a third-party framework/inhouse framework?
boardwaalk 1 day ago 0 replies      
Well, that update turned the app into flickering, unresponsive mess on my Mac (10.11). And I have to use some sort of old school contact form to report a bug to GitHub? I'm a bit incredulous.

I like GitHub for the basic "see what you're committing and commit it" work flow, using the command line otherwise, but I suppose I'll switch to Sourcetree for now.

lewisl9029 1 day ago 0 replies      
I've been using the beta for a while and have found it to be quite nice.

Simple operations are quick and intuitive. If you need anything more advanced, a git shell for the current project is just 2 clicks away.

Having all the visual diffs readily available in the client before committing is quite convenient, as is being able to push your branch and open a pull request for it at the press of a button.

I'm hoping issues and PR management is next on the plate. You can open PRs from the client right now, but to review and merge them you'd still need to open a browser.

shurcooL 20 hours ago 1 reply      
The new layout looks great!

But there's an immediately obvious bug, the middle pane keeps resizing to become wider every time you switch between repos.

Also, one large repo I had simply shows 0 commits. It worked just fine before. And another even larger repo works fine.

msluyter 1 day ago 0 replies      
Just downloaded it and tried it out. Looks pretty nice, but the history view isn't populating when I try to use it for github enterprise projects (I did login successfully). I'm just seeing a completely black rectangle and no commits.

One theory I have is that our default upstream branch isn't master, but I'm not sure where to set that in the app. Anyone else noticed this?

kstenerud 1 day ago 0 replies      
Oh wonderful. Installed it, and now none of the git repos I pointed it to are recognized by git command line anymore :/
toxican 1 day ago 0 replies      
Hasn't this been available for a while now? I know I'd been using it for at least a few months up until recently. I made the switch to Sourcetree the other day and haven't looked back. I never realize how infuriating not being able to see changes in a repo at a glance without clicking into it was until I suddenly could.

Can't speak to any more advanced differences though. I'm still very, very new to git.

rcarmo 1 day ago 0 replies      
There's an UX/affordance issue with merges.

Took me a while to figure out how do do them via the UI, it's not immediately obvious that the side pane (which tries to take you to the web site for submitting pull requests) has nothing to do with local merges, which are now accomplished via an option that only appears when you're comparing branches (on the new timeline/graph thingy).

porker 1 day ago 3 replies      
Is there a way to clone BitBucket repositories from inside Github Desktop? It looks like they've locked it down to clone from Github only.
xirdstl 1 day ago 1 reply      
I use Atlassian Sourcetree as a git GUI on Windows. Does GitHub Desktop do anything different / better?
nedludd 1 day ago 0 replies      
What's the difference between this and the former "Github" app?
tychuz 1 day ago 0 replies      
It has been out for a while (I guess in beta form), atleast for Windows.

Still using GitExtensions. This has a nice interface for hobby projects, but when working with "enterprise" huge projects at work - it lags noticeably.

yeldarb 1 day ago 0 replies      
The new tutorial is pretty spiffy. It teaches you the branch-commit-pull request workflow by actually taking you through the process on a mock repo!
gideon_b 1 day ago 0 replies      
I was really hoping this would be a native app for the collaborative/social aspects of github.
justboxing 1 day ago 0 replies      
jchomali 1 day ago 0 replies      
This is awesome!
untilHellbanned 1 day ago 0 replies      
What to do with the scary message? Does this affect the OS version of git or just the version that this Github application uses?

 OS X 10.9 and later includes Git, so GitHub Desktop will no longer install Git as part of its command line tools. The version of Git you have installed through GitHub Desktop is no longer supported. It's recommended that you uninstall it as soon as possible.

gcb0 1 day ago 0 replies      
Projects and Companies samaltman.com
262 points by runesoerensen  1 day ago   47 comments top 19
cossatot 1 day ago 3 replies      
I like the long-standing definitions of the words: the company is the entity composed of the workers in their official capacity as well as its other resources, legal rights and so forth, and the project is the work the company has undertaken, and you are a beautiful if monomaniacal human being.

>Its far better to be thought ofand to think of yourselfas a project than a company for as long as possible.

'You' are neither the company nor the project, even if you are the sole person in the company. Startups are of course typically single-project companies, but the two are still not to be conflated.

If any of these things were synonymous, there would be some serious implications. If your project fails, then you as the projectcompanyperson, are a failure and may cease to exist(instead of you still being an alive person whose project failed and whose company may or may not be on the rocks). If the company is the project, then after a pivot the company is not the same company (instead of it being still the same company with a different project). But with the real concepts, definitions and identities, these are different abstraction layers essentially, and everything is more transferable, fault tolerant, and so on.

I get that with sufficient dedication and focus these things can feel like the same. I also believe that I have been someone's project.

This being said, I agree with the general analysis of the essay, specifically with regards to throwing bureaucracy to the wind in favor of lean-and-mean experimentation (and who really wants to grow up?).

jordigg 1 day ago 0 replies      
I've been my entire life working on projects, where I'm from no one knows anything about startups. I didn't know anything either. I thought Google and Microsoft had been there for years and were created like any other traditional company. Couldn't imagine anything built out of a garage or a dorm room.

I got money from all my different projects but never thought about them as companies, I used them to learn and pay for my hobbies. I never thought they could turn into real companies so I worked on them at night after my normal job.

Right now I got back to a project and idea I had back in 2008 when I even registered the domain and created the landing page and sketched a logo. Finally, I want to turn it into a real thing, into a company, but I still think about it as a project.

Same happens when I have to explain to family and friends why I left a well-paid job on tech in Ireland and moved back to my parents home in Spain to work on a website while the country is still broke. By saying "I'm working on a project" seems less serious. They still ask if I can live out of that but if I try to explain I'm working on a company people just freak out and things get really difficult to justify taking the attention out of what's important. Hope one day they understand.

babababa 1 day ago 3 replies      
"All of these were ideas that seemed bad but turned out to be good, and this is the magic formula for major success."

I see this sentiment expressed often, like it's a good thing that you want to pursue an idea that seems bad.

If I were to think about founding a start-up, I'd rather find an opportunity that makes sense and sounds good, validate the opportunity, talk to potential customers, and do as much diligence as possible before diving in. So essentially, if something seems like a bad idea, I'd move on to the next idea.

This may make it harder to create a unicorn (since I'd clearly miss some aspect that makes the idea not bad), but I bet it's a better, less risky way of trying to achieve a high-growth start-up with great potential. Good ideas fail as well, but I'd wager it's less often than bad ideas.

w1ntermute 1 day ago 2 replies      
> The best companies start out with ideas that dont sound very good. They start out as projects, and in fact sometimes they sound so inconsequential the founders wouldn't let themselves work on them if they had to defend them as a company.

Isn't this just cherry-picking of examples that validate a preconception? What about Uber? Dropbox? Amazon? Xiaomi?


> In the fall of 2003, Elizabeth Holmes, a 19-year-old sophomore at Stanford, plopped herself down in the office of her chemical engineering professor, Channing Robertson, and said, Lets start a company.


neilk 1 day ago 0 replies      
About a year ago I started being careful to call my things projects too.

In the current climate people want to hear what your monetization strategy is first, or they think you're a loser. And a lot of the time I don't have one, or it's really vague. I just have an idea that seems like it will be really important to at least some people.

Calling it a project also liberates me from feeling guilty about not having a corporation around it, or going to meetups to yammer with my city's alleged startup entrepreneur scene, etc.

pcmaffey 1 day ago 0 replies      
I've been thinking about this recently. Especially as the term "startup" feels distasteful, a verb that's been turned into a noun. I'm not building a startup. Nor am I continually starting (though sometimes it feels that way.)

So what's the right word?

Project - Sam gives good reason why this word works in the beginning, so long as you're not looking for external validation. At some point though, your project becomes something more.

Company - the people working on the project, and all the processes and resources that go into supporting those people.

Business - the transactional model that enables the company to make money and keep doing what they're doing.

Mission - for some people, the business is the mission. But for most success stories, even in the beginning when it was just a project, there was an underlying mission, a purpose and a plan. Unfortunately, the word feels mushy. I'd hate to hear people going around saying they're "working on a mission."

Ultimately, the word I use will likely depend on the context.

paulsutter 1 day ago 0 replies      
Peter Thiel has a famous Venn diagram with two circles: "good idea" and "sounds like a bad idea". He says that the best opportunities fall in the overlap between the two circles.

Here's a picture of the diagram:


Calling an effort a project (or even, an experiment) helps free us up to be more flexible and receptive to the market, and removes a bit of our personal identity from the mix. Sam's great point is for a "project" we're more likely to pursue an idea inside the magic overlap zone of Thiel's diagram

sytse 1 day ago 0 replies      
GitLab we always talk about GitLab the company and GitLab the project as separate things. This because the open source project is bigger than the company. Hopefully this helps us keep thinking like a project.
pcmonk 1 day ago 0 replies      
I'm not sure the words "project" and "company" are the best words for it, but this idea is definitely important. It's a general principle in life to never take yourself too seriously.

If you find yourself not doing something because you don't think it's worthy of the fine company you've built, you're thinking way too much about the formal company and not enough about the ideas, work, and vision that made the company what it is.

zeeshanm 1 day ago 0 replies      
The point about having self-discipline to work on projects is very true. I have found that the best way to stay motivated is to write as little code as possible and deploy as mush as possible. My usual commit is never more than ~50 lines of code. There is no better satisfaction than seeing your code doing magic in the wild.
rdlecler1 22 hours ago 1 reply      
While Sam may ultimately be correct, in practice this is only great advice if your a nth time entrepreneur who has made VCs a lot of money. The problem here is that most entrepreneurs don't fall into this category and most investors don't want to invest in projects. Unless you have an extremely compelling mission driven project you also won't be able to attract talent in this market.
studentrob 1 day ago 0 replies      
"Don't take your job so seriously" is something we all could do well to remember. Keep learning, keep it fun
malcolmocean 1 day ago 0 replies      
I've had a similar-but-different experience around being taken seriously with my app Complice. I'd be making small talk with other entrepreneurs (often students or whatever) and people would regularly break the ice with, "So what's your idea?"

...and I'm like "idea? I have a business. I make my living off of this idea."

kepano 1 day ago 0 replies      
I've always liked the word project when talking about startups. The word inherently conveys the idea that you're building up to something that will exist in the future (in Latin it means "throw forward"). It gives you the flexibility to change and evolve. "Company" feels like something established and somewhat static.
gozo 1 day ago 0 replies      
I think the middle road between a project and a company is a small business.

Company over project is probably a bigger problem in SF/SV than anywhere else. I see a lot of people in both hardware and software making very elaborate and technically successful projects that never graduate from being projects.

pbreit 1 day ago 1 reply      
"Companies" seem like terrible vehicles to work on "projects". Is there a better answer? The dreaded incubator?
adventured 1 day ago 0 replies      
> If you dont have the self-discipline to work hard without external pressure, projects can be a license to slack off.

I agree with this, with one caveat. Some of my most productive bursts of output or problem solving have occurred right after a self-imposed, brief period of slacking off. There can be a tremendous benefit from the mental break that goes with 'controlled slacking off,' so long as it's intentional rather than an indication of something more serious (like not wanting to work on the project).

jessedhillon 1 day ago 0 replies      
7Figures2Commas 1 day ago 2 replies      
> The best companies start out with ideas that dont sound very good. They start out as projects, and in fact sometimes they sound so inconsequential the founders wouldn't let themselves work on them if they had to defend them as a company. Google and Yahoo started as grad students projects. Facebook was a project Zuckerberg built while he was a sophomore in college. Twitter was a side project that started with a single engineer inside a company doing something totally different. Airbnb was a side project to make some money to afford rent. They all became companies later.

This is hardly a list of the best companies, and a few of them don't support the argument:

1. The search/portal market was already significant when Google launched. Companies like Yahoo, Excite, Lycos were already public traded at the time, and were some of the hottest issues in the tech space. So it's no wonder Andy Bechtolsheim cut Larry and Sergey a check for $100,000 before a corporate entity even existed.

2. When Facebook launched, Friendster already had millions of users and had received a $30 million acquisition offer from Google. MySpace, which was created by people who saw Friendster's popularity, was founded by people trying to capitalize on the social networking hype that was already present in 2003.

3. Even Airbnb is hardly a post child for Sam's argument. Homeaway, VRBO and Couchsurfing were all well established when Airbnb launched.

For most entrepreneurs, "start out with an idea that doesn't sound very good" isn't likely to turn out very good.

The ethics of modern web ad-blocking marco.org
256 points by kyleslattery  2 days ago   242 comments top 41
RodericDay 2 days ago 12 replies      
What I really can't understand, that permeates this whole discussion, is plenty of people that try to sell the idea that ads let us have content "for free", and that all we have to tolerate is "a little annoyance".

It's insane. If companies are buying ad-space, it's because they expect to get more business in return. This means that someone out there is being influenced by said ads, so that if the content cost X to put up online (hosting, funding its creation), someone is paying X+(ad company overhead) for it.

If these costs are being borne evenly, then it's complete societal waste. We could pay X for the content, and not incur the overhead. If these costs are not borne evenly, and some people are paying for the consumption of more disciplined people, it's probably contributing to terrible cycles of poverty (ie: some kid spending money on fancy new shoes he doesn't need and can't afford is paying for a well-paid tech-users YouTube habits, because it preys on their lack of education). Either way it's terrible.

Advertising isn't free. Insofar it works, for some people, it's basically coercive via psychology and simulated peer pressure.

jpmattia 2 days ago 4 replies      
I'm beginning to find the various articles about ad-blocking fatuous, and I doubt I'm the only one.

Ads served via a centralized vendor can be blocked trivially, and people are choosing to block them. You can make a whole lot of arguments about ethics, or you can just admit that it's a broken business model.

Worse, it is becoming apparent that ads increase the attack surface. Failing to clean that up will cause armies of IT folks to actively work against you.

Maybe the business model is that you're serving ads in a non-centralized way, or maybe you're serving centralized ads to people with locked-down computers, but good luck serving blockable ads and relying on the good graces of the population to unblock your ads out of charity.

bediger4000 2 days ago 11 replies      
How is ad blocking an ethical issue? I get to control my computer, at least until some legislation passes that says I don't.

Even if I don't control my computer entirely, how about my DNS? I have a lot of the more intrusive domains (tynt, doubleclick, etc) set up as in my dnsmasq config.

The "whose computer is it anyway" question seems key here. In order to make advertising possible, we have to take control away from owners. That seems like a generally bad outcome.

agd 2 days ago 1 reply      
people arent agreeing to write a blank check and give up reasonable expectations of privacy by clicking a link. They cant even know what the cost of visiting a page will be until theyve already visited it and paid the price.

This is the crucial point to me. How can I agree to a website's trackers before I know they exist?

clarky07 2 days ago 1 reply      
I never used an ad blocker until the last month or so. Ive made money with content and ads before and I know it's hard to do. Sadly, things have gotten absurd lately. Chrome basically slowed my computer to a halt on an almost daily basis. The performance improvement from using an ad blocker has been tremendous. So much difference I have a hard time believing it.

As a side bonus I also don't have to deal with auto playing video ads and popover boxes asking me to subscribe to content I haven't yet had a chance to see if I like.

mikestew 2 days ago 1 reply      
In my book, it's no longer a question of ethics, at least not directly. Way back when, we all agreed that if I look at some ads, a web site will let me view some content. Fair enough, it's a proven model and though I might not particularly like advertising, I'll trade some eyeballs for some content. Way back when, maybe it _was_ a question of ethics. But not anymore.

What "we" didn't agree to was being tracked all over the web, malware being shoved down the pipe via ads, ignoring "do not track", and all of the other nefarious things ad networks have been trying to get away with. Ethics have gone out the window, if ethics ever existed on the side of advertisers. So I run an ad blocker, and I make no apologies for doing so.

"What about the little guy who pays for hosting with ads?" You mean the "little guy" who has to scrape couch change to pay for the site that contains his latest post about artisanal mayonnaise and her latest gadget acquisition? Yeah, that $100/year for hosting is really going to break her, might not be able to get next year's Apple Watch on release day.

The big boys and girls like The Verge and what have you? Well, using The Verge as an example, they could go under tomorrow and IMO the world would be no poorer, given that they've kind of turned to poo in recent days. I blame the web advertising model for part of their deterioration, but that's a long digression. Specific examples aside, what about the sites I like? I pay money to the sites I like, specifically Ars Technica, NYT, and the Economist (and some others I'm sure I've forgotten about). Some, like Daring Fireball, use unobtrusive, single-image ads that I'll occasionally click on because they interest me, as well as a desire to reward a job well done.

But at the end of the day, the whole thing isn't my problem. If a few bad actors (or, in reality, a lot of bad actors) want to crawl into my machine and have their way, I'm blocking all of them. If there's collatoral damage because of some bad actors, it's not my job to fix it. I did my part and said, "no, you don't". Don't lay the onus on me to play nice, because you're berating the wrong party.

qopp 2 days ago 2 replies      
"What, then, is ethics? Ethics is two things. First, ethics refers to well-founded standards of right and wrong that prescribe what humans ought to do, usually in terms of rights, obligations, benefits to society, fairness, or specific virtues." -- https://www.scu.edu/ethics/practicing/decision/whatisethics....

Kant 1st Imperative -- Violates -- If everyone used Adblock, many websites would shutdown. I.e. "Adblock is okay because sites can still run if just some people do it" -- cannot be universally applied, contradiction

Kant 2st Imperative -- Violates -- You treat website developers as a means to an end -- to get content, instead of rational human beings who, given a sufficient outcry against their ads, could change their ad service or offer a different model.

Utilitarianism -- Violates -- Ad Revenue - Well being of site owner: -Site Costs / Visitors + Ad Revenue For just you. Well being of you: Site benefit - time wasted * time value. (Blocking "Ad will play for x seconds" in this specific ethical system might not violate)

Rule Utilitarianism -- Violates -- Well being of site owners: Cannot make ad supported sites, current ad supported sites -site cost. Well being of society: Less websites -- more inefficiency and less units of entertainment good.

Social Contract -- Violates -- People accept ads knowing that others will do this as well and this supports the site. Another: Site owners create sites relying on users's ability to see them and thus pay for site creation.

Virtue Ethics -- Violates -- You might feel more shame being in a room with someone who made a site supported by ads and showing them that you use adblock then if you were invisible to the site owner.

The systems above are the ethical systems allowed in the book "Ethics for the Information Age (6th Edition)" by Michael J. Quinn (the list is his, but not the theories themselves, just mentioning my source to show I'm not cherry-picking ethical systems)

k__ 2 days ago 0 replies      
We went from the "static" newspaper/TV ads, that didn't know about what you did with them, to "dynamic" web/mobile apps, that know exactly if you watched them, clicked on them AND eventually bought something coming from that ad. Also, which ad from the same ad-network you watched before, what apps/websites you used before etc.

Advertisement got much more power on the Internet and got much more predictable for advertisers.

But we also switched from turning pages or switching channels, if we don't like the ads, to blocking whole advertising companies with the help of software. We can now even prevent the ad from being "overseen" at all, because it doesn't even get shown to us in the first place. newspaper adds always hit your subconsciousness.

Both sides stepped up their game. Don't see any problem with this.

Vintila 2 days ago 0 replies      
Tangentially related but:I think the ethical way forward for ad-blocking extentions/software would be for it to self-identify [1]. That way if a website owner wants to block you or be more upfront about asking for donations, they don't have to resort to JS hacks to determine if you are using an adblocker.If they don't want me to see their site ad-free [2] I can either move on or decide that the content is worth a few ads.

[1] I only know the basics about the http protocol but I'm guessing something in the header could be added.[2] Which is completely within their rights as virtual "land owners".

btbuildem 2 days ago 0 replies      
Not sure how ethics play into this. If your service is of such low quality that nobody is willing to pay for it, and you resort to ads to support your business.. well, tough. Make something that sells, or try a different way of making a living.

People are blocking ads because nobody likes a firehose of garbage pointed right at their face.

To crank that tired old record, "this sector is ripe for disruption" aka somebody go already make an ad network stand-in where the user can pay the equivalent of per-impression cost and visit any participating site ad-free.

petercooper 2 days ago 1 reply      
The bigger issue, IMHO, is quality of advertising rather than its presence. People pay $15 for a theater ticket and sit through 10 minutes of ads, buy Vogue magazine and have 30%+ of pages be ads, buy The New York Times and be hit with ads all over the place, watch the Superbowl specifically to see the ads, and more. What people seem to really want are better ads or even ads that are entertainment or content in their own right (which is why native advertising has taken off).
brillenfux 2 days ago 0 replies      
Maybe if ads weren't such a malware cesspool people would have less reason to block them.

The people providing ads do a dirt-poor job curating them, so blocking ads isn't about convenience but about security.

abustamam 1 day ago 0 replies      
I think one of the big problems is that most end-users don't know everything that goes into displaying an ad (myself included).

Yes, we can say, "I consent to viewing an ad in order to receive X free service" in the same way that we consent to viewing a commercial when we watch TV or listening to an ad on the radio.

However, in those latter two examples, the information is one-way. Those advertisers don't collect any personal information (outside of perhaps our viewing/listening location).

When it comes to website ads, most consumers do not know/realize that a) the advertisers are collecting a WEALTH of your personal information and b) that information comes at a cost of your bandwidth (which, for many mobile users, is limited). There are probably many other things that happen between the end-user and the third-party that I am not aware of.

Sure, they may consent to viewing a free ad, but most of them do NOT consent to collection of information nor increased usage of bandwidth.

I am happy that many websites are now (at least trying to) put a visible cookie privacy policy, but I think even those little policies are getting banner blindness.

arenaninja 2 days ago 1 reply      
I whitelist ads on websites now, and I wish I could do the same on my phone. I think someone here or on reddit mentioned, and I had the same experience, trying out IE Edge and it being a decent browser, but as soon as the autoplaying video ads start, I downloaded FF, added uBlock and didn't look back. I use the same browser setup on my phone, and now and then I use some apps that emulate a browser (like Reddit is Fun or HN app), and the experience is wholly broken. I was reading an article and it was miserable - the fixed header for the site plus fixed footer for the ads took up about 1/3rd of the real estate, not to mention they were jittery and I couldn't focus because I'd scroll too far, then the ads would load where I was reading.

There's no ethics involved with me. Poor experience? Get blocked. Decent experience? Welcome to the whitelist

edent 2 days ago 1 reply      
Why is this becoming an issue now? I've been blocking adverts on-and-off for 10 years or so. Back then it was manually editing a HOSTS file - is it just in the news now because it's becoming slightly easier on iPhone?
splat 2 days ago 1 reply      
I used to use ad-block and later disabled it to support websites that generate good content, but now I'm going back. What's driven me back to ad-blocking software is that ad tracking makes it nearly impossible to buy gifts for a spouse. If I want to buy my wife a pair of sunglasses and google "Ray Ban sunglasses", guess what she starts seeing ads for all over the web. We noticed this a while back and would do gift shopping in incognito mode, but I've gotten fed up enough with it that I'm just going to start blocking everything again.
anc84 2 days ago 2 replies      
How come everyone is using the closed-source, ad-network friendly Ghostery instead of the open-source https://disconnect.me/ ?
gambiter 1 day ago 0 replies      
I really truly don't understand why people this this is an ethical issue at all.

I personally own 12 personal domains, all for various content that I personally put up. Some blogs, some game servers, etc, etc. I don't charge for my content, and I don't advertise. I'm not in it to make money, I'm in it to share things with people, and I do it all out of my own wallet.

Why is there this assumption that all content needs to be subsidized by the readers? I mean, I get it... there's certainly value in compensating content producers for their time, and even allowing them to do it full time... but there is SO much content out there that is basically put up out of the goodness of the creators' hearts. Why can't we keep it that way?

bachmeier 2 days ago 0 replies      
The current model can't work. The internet is becoming unusable due to ads. I am not sure how it will evolve, in terms of paying for content, but this is surely not the answer. I expect that we will be paying for content in some form. Perhaps a Spotify-type model where you pay a monthly fee and the fee is distributed to content providers.

On the issue of ethics, I'd say it's not ethical to spread out a small amount of content across six pages just to get more page views. It's bad for advertisers and for consumers.

frou_dh 2 days ago 1 reply      
The formal name for the browser is "User Agent".

Your agent should act in you, the user's, interest. Decidedly partisan and so what? You shouldn't have to explicitly instruct it to defend you from surveillance and pollution - it should do that of its own accord from day zero.

Or is your browser a double-agent?

hkon 2 days ago 0 replies      
Nowdays content is there for the sake of the ad.Nowdays the content in many cases is an ad.Block that...
minimuffins 2 days ago 0 replies      
"Ads help us to be more informed about what products are available to us" (paraphrasing)

A kind public service! We should really be paying them, but the advertisers inform us for free!

Asking about the ethics of hiding ads seems a little like asking about the ethics of taking shelter during a carpet bombing attack.

I wish we would steer these discussions away from economics (Do the ads work? Are there better ways to monetize, do they stabilize or destabilize markets, etc) and toward culture. What is the cultural effect of saturating the internet (and the rest of the world for that matter) with ads? I am not the first person to ask...

seanconaty 2 days ago 0 replies      
I'm glad someone wrote this article. I used to work at an ad network and for that reason, I've ethically chosen not to use an ad blocker. But I do agree that consolidation of tracking, over-abundance of ad spots and nasty performance have reached new lows that I've considered using one.

I think it would be nice if publishers just went back to <img> tags. Script tags and iframes and flash give to much power and result in lots of performance issues.

You can still track and consolidate with an img tag but the tracking is limited to what's in the http headers.

LukeB_UK 2 days ago 1 reply      
I have a question for everyone advocating the use of ad blockers: Do you just do a blanket block for all ads, ban the big networks with the trackers along with the malware serving ones or something else?

I understand wanting to block the ones with the trackers for privacy reasons and the malware ones because nobody wants malware, but blanket blocking all ads tars everyone with the same brush.

Edit: Personally, I used to just blanket ban but I've recently moved towards having uBlock only block the malware ones and will manually block any spammy sites.

Animats 2 days ago 1 reply      
serve_yay 2 days ago 0 replies      
A good writeup, though I don't agree with the statement about web devs and browser makers -- we read the web too, perhaps more than anyone! :)

It's possible to want to make the platform more powerful and not like some of the ways the power is being used.

drdaeman 2 days ago 0 replies      
I wonder, what opponents of ad-blocking think about email spam? Is it different if spam ads are injected by email client? (some email and even messaging apps do this -- not to the actual mailbox, of course, but to the displayed inbox contents)
romaniv 2 days ago 0 replies      
Why do ads need to track you anyway? Doesn't it make more sense to customize ads based on the specific page you're looking at? It seems like this is rarely done. At least it doesn't seem that way most of the time.
faragon 2 days ago 0 replies      
In my opinion, DRM will "fix" that in the future: browser plugins could not be able to identify those ads. So we could reach "Black Mirror"-like ads sooner o later. Brave new world...
guelo 2 days ago 3 replies      
It would be great if the ad business model on the web died. Hopefully the new business models that would popup would be more upfront. People used to pay 25 cents to read a newspaper or a few bucks for a magazine.
TheCoelacanth 2 days ago 0 replies      
Any ethical framework in which it is unethical to take minimal steps to protect myself from psychological manipulation is an ethical framework that I have no interest in adhering to.
eddd 2 days ago 1 reply      
The average cost for displaying and ad is 0.005$. I am assuming that 30% of that goes to publisher. Would you pay 0.005*0.3 = 0.0015$ per page view? I would.
Paul_S 2 days ago 0 replies      
Ethics? You mean business. There is no ethical dilemma here, just a business model that might be not working as well as you'd like.
seiji 2 days ago 1 reply      
Before the web, people changed channels or got up during TV commercials,

Many people still don't realize it's trivial to have a DVR automatically skip commercials, but advertising companies and TV networks sued TiVo to make sure they will never implement it.

Modern web ads and trackers are far over the line for many people today,

Not just "over the line," but for over 5 years now, advertising networks have allowed exploits to be delivered over their advertising networks. There's nothing like browsing a website then having a drive-by crypto locker installed on your machine.

As of 2015, blocking advertising isn't a moral question, it's a question of do you value your own security.

But publishers, advertisers, and browser vendors are all partly responsible for the situation were all in.

People say "trust the wisdom of the free market," but they forget the important part: free markets always become corrupt and always accumulate power towards the top. A market without government oversight and intervention is just a way to exploit and abuse people for profit with no repercussions.

It has never been easier to collect small direct payments online,

That's more tricky, isn't it? We've all viewed some article at a tiny city's online newspaper then been hit with a "SUBSCRIBE TO PODUNK DAILY ONLINE TO KEEP READING, ONLY $24.99/month." It's not sustainable for every small thing to receive direct payments and we don't have a clean disaggregation of a common "subscribe to internet publicans" pool (like iTunes Match, but for writing? Still useless if you get 0.00002 cents per page viewbut, that's basically online advertising again).

Joeboy 2 days ago 2 replies      
Aren't we just going to start making websites that don't serve the content until they've served the ads?
harryovers 2 days ago 3 replies      
logfromblammo 2 days ago 0 replies      
I see ad revenue as someone who has an audience opening up access to that audience for a third party in exchange for a fee. It is entirely up to the third party to figure out how to get a return on that investment.

Neither the content creator nor the audience bears any responsibility to the third party to ensure that the opened channel is used effectively.

If shit comes through the channel, I'm going to route it right into the sewer. If gold comes through, I'll route it into my pocket. Either way, I still care more about my relationship with the content creators than about their sponsored side-channels.

The ads do not pay for the content. The content creators pay for their own content. Then they hold their nose and make a deal with shady web-advertisers to capitalize a bit more on what they have already done. Those advertisers aren't buying content. They are buying access to the audience.

PopeOfNope 2 days ago 0 replies      
Forget about advertisers and site runners and economics and the rest of it. I run ad blocking software because ads are too good a delivery mechanism for malware.
VLM 2 days ago 0 replies      
Kenji 2 days ago 0 replies      
charles2013 2 days ago 1 reply      
RethinkDB 2.1 is out: high availability rethinkdb.com
263 points by coffeemug  2 days ago   104 comments top 20
williamstein 2 days ago 1 reply      
This is soooo awesome. I started rewriting SageMathCloud to use RethinkDB when I learned in May about your plans to support high availability. I've been rewriting everything, doing tests (building from sources, then using the beta you kindly provided), and finally after months of work, I'm ready to release the new version of SageMathCloud last night, but RethinkDB 2.1 isn't out yet. So I'm torn about whether to go with 2.1beta and cross my fingers, or just wait, or what. And this! Thank you so much. RethinkDB is, for my use, the first database I've ever actually really loved (and React.js+flux the first web framework). Here's my client code in case anybody is curious: https://github.com/sagemathinc/smc/blob/rethinkdb/salvus/ret...
coffeemug 2 days ago 12 replies      
Slava @ RethinkDB here.

I'll be around all day to answer questions about the release (along with a few other engineers on our team).

We're very excited about this release -- it makes the lives of RethinkDB users dramatically better because they won't have to wake up anymore in the middle of the night in case of most hardware failures :) It also took over a year to build and test, and has been one of the most challenging engineering problems we ever had to solve.

dantiberian 2 days ago 2 replies      
RethinkDB is great and has a lot of great features, however the thing that has impressed me the most is the way they communicate with the community. They are incredibly responsive and friendly on GitHub and IRC. It's not uncommon to get a response to a bug report within an hour or two (not that they have any obligation to this). They're incredibly nice.

It looks like they try to follow http://www.defmacro.org/2013/04/03/issue-etiquette.html, it'd be great to see other companies adopt it too.

Thanks folks!

tracker1 2 days ago 0 replies      
I've said before how I really appreciate the approach the guys at RethinkDB have taken... With the automatic failover support baked in, this would definitely be one of my go to solutions. The management/admin interface is much nicer than any other NoSQL database out there, while offering a lot of the things that a traditional RDBMS offers.

I'd probably reach for RethinkDB before Postgres or others simply for the better administrative experience. Especially for small teams or start-ups that don't have a dedicated DBA role.

For anyone curious, the databases I would most likely reach for, depending on the situation would be RethinkDB, ElasticSearch and Cassandra. I really do like MongoDB a lot as well, but RethinkDB offers the features with far less friction, though the query interface takes a bit of getting used to.

That said, I also like more traditional RDBMS options as well. I REALLY like what PostreSQL offers, but have no desire to administer such a beast, failover isn't really baked in, and the best options are only commercially available, at a significant cost. There are also hosted options for AWS and Azure for various SQL RDBMS. That said, I find being able to have data structure hierarchies in collections tends to be a better fit for MANY data needs.

Congratulations to Slava and everyone else at RethinkDB.

uberneo 2 days ago 4 replies      
This looks awesome .. great job guys .. Just a question on licenses . Server is "GNU Affero General Public License v3.0" and drivers are "Apache License v2.0." , so in simple english does it means that can i use make commercial products with backend as RethinkDB? these things always confuses me so apologies if i ask something stupid here ..
akbar501 2 days ago 1 reply      
@coffeemug, do you have an ETA on when performance benchmarks will be released?
uberneo 2 days ago 1 reply      
Great documentation with some useful examples and tutorials to get you started. I just tried it and very impressed with the performance and ease of use , especially the admin section is very handy. Need to try it with cluster , any docs/videos on creating the cluster with different machines across the globe?
juijasmem 2 days ago 2 replies      
Can I ask please why you don't provide ready to use, fine tunned amazon images? This is preventing me to use it now as I cannot find reliable configuration or information. Also the current image is out of date. Thanks
mateuszf 2 days ago 3 replies      
As a heavy Heroku user - I'm wondering - is there some hosted RethinkDB solution?
chadlung 2 days ago 1 reply      
Very cool, thanks for all the hard work that went into this. Will the docs [1][2] be updated at some point to reflect the Python 3.4.x asyncio support? Right now just Tornado is documented.

[1] http://rethinkdb.com/docs/async-connections/[2] http://www.rethinkdb.com/api/python/set_loop_type/

wilsonfiifi 2 days ago 1 reply      
Great news! Keep up the good work. It's getting harder and harder to justify not using rethinkdb in production :-)

...Doesn't seem available on homebrew yet though.

kureikain 2 days ago 0 replies      
Finally, we can convince our management to start to use it.All of the beautiful of ReQL, then addhing high availability What else I can expect more.
barosl 2 days ago 0 replies      
> Always on you can add and remove nodes from a live cluster without experiencing downtime.

This has been a long-awaited feature for me. While I loved nearly every aspect of RethinkDB, it was the reason that made me hold back from using RethinkDB. Good to see RethinkDB keep improving!

mikes25 1 day ago 1 reply      
Any support for Windows yet?I'm keen to move to rethinkDB from using redis, but my development is done on Windows at the moment.
GordyMD 2 days ago 0 replies      
So happy you've added in Math functions into ReQL. Thank you!
Spiritus 2 days ago 3 replies      
I couldn't really find any good docs on how to use the various async Python drivers...? All I found was some references to Tornado under `set_loop_type`.

Also, very much looking forward to trying this out!

EugeneOZ 2 days ago 0 replies      
Comics is awesome.
level09 1 day ago 0 replies      
Great news, Does any one know/recommend a python ORM for RethinkDB ?
gauravphoenix 2 days ago 5 replies      
official JDBC drivers please :)
shockzzz 2 days ago 1 reply      
       cached 14 August 2015 04:11:02 GMT