hacker news with inline top comments    .. more ..    8 Dec 2015 Best
home   ask   best   4 years ago   
Swift is Open Source swift.org
1818 points by psuter  5 days ago   431 comments top 95
ruddct 5 days ago 3 replies      
A lot of folks to thank at Apple right now, can't wait until all of this propagates so we can take a look at what's new in Swift 3. Two thoughts:

- VERY happy to see the open sourcing of much of the Foundation libraries (which includes strings, dates, networking primitives, concurrency/task queues, I/O, etc). It'll provide a very strong start and make working with Swift immediately productive.

- Holy crap, there's a package manager. This has been sorely needed since about day one of Swift development, glad to see that it's been a priority as part of the effort to open source!

nikon 4 days ago 6 replies      
jdub 5 days ago 2 replies      
Apache 2.0 License + Runtime Library Exception + copyright owned by the contributor (i.e. no assignment or CLA) + good community structure and documentation + code of conduct... well done, Apple!
practicalswift 4 days ago 2 replies      
Happy to see that my collection of Swift compiler crashes (see https://github.com/practicalswift/swift-compiler-crashes) has been part of the official Swift repo since September 2014: https://github.com/apple/swift/commit/e5ca8be1a090335d401cd1... :-)

A previous HN thread about the swift-compiler-crashes project: https://news.ycombinator.com/item?id=9020206

bamazizi 4 days ago 1 reply      
The programming language eco system is really improving rapidly and efficiently. It seemed the developer's toolkit was limited by the languages created 20+ years ago but within the last few years we're seeing a renaissance in developer toolkits as well as development philosophies.

Languages like Go, Rust, and now Swift are not only great from almost every aspect over the last generation languages like C, C++, Java, but a lot noobs or scripting language developers are also converting to more low level languages. So the barrier to pick up a lower level language and become productive in it has really diminished.

Go has had a head start and introduced minimal simplicity. It's a great/powerful language and almost everybody can pick it up quickly within a few days. I wouldn't listen to people who dismiss the language for its lack of "features" and have never written more than "hello world" in it.

Swift is "important" because of Apple & iOS. It has a much steeper learning curve than Go and naturally it takes a few weeks of dedication to get comfortable with it. However, once you overcome the introductory challenge then you'll start to appreciate the language and its capabilities.

Already the job market for both languages are really high with higher than average salaries. So learning/mastering both Go and Swift is the best decision you can make.

justplay 4 days ago 3 replies      
I still remember max howel tweet[1] in which he publicly said that we was rejected by Google. Looking at his linkedin profile[2] , he was later hired by Apple in August 2015. Now he is biggest[3] contributed to Swift package manager. It is good to see that the person who has lot of experience in handing Apple and package system is handing this stuff. I guess, things happens for good.

[1] https://twitter.com/mxcl/status/608682016205344768

[2] https://www.linkedin.com/in/maxhowell

[3] https://github.com/apple/swift-package-manager/graphs/contri...

alblue 5 days ago 1 reply      
Fantastic news that Swift is now open-source, though it came about 4 hours too late for my GotoBerlin presentation on Swift 2 Under the Hood (on SpeakerDeck at https://speakerdeck.com/alblue/swift-2-under-the-hood-gotobe... if you're interested)

I've also open-sourced the SIL Inspector that I demonstrated (https://github.com/alblue/SILInspector) and written up a post on InfoQ covering the important points of this release


ihuman 5 days ago 3 replies      
It looks like Apple is also releasing an official package manager for swift.[1] I wonder how that will effect Cocoapods.

[1] https://swift.org/package-manager

dangjc 4 days ago 4 replies      
Super excited! I will totally be exploring Swift for quantitative work. Julia has been great so far, but a lack of good IDE tooling is making a large codebase difficult to navigate and keep clean. Python has even less type safety than Julia. Swift has a REPL! Go doesn't, and its lack of generics makes writing most algorithms very limited (there isn't even a matrix 32 library, just 64 bit). Java has horrible native interfacing. C# is pretty anemic on Linux. C++ has too many gotchas, slow compile, to feel productive. Bonus: Swift libs will probably be very easy to deploy on both Android and ios.
iheart2code 5 days ago 3 replies      
It's great to see them follow through with this. I remember when Steve Jobs went on stage and said that FaceTime would be an open standard. Haven't seen that happen yet.
glenntzke 4 days ago 2 replies      
I find the number of typo PRs to be amusing. Makes me wonder if there's a mass effort to slog through commented code just to jump into the contributor list.

Correct spelling is certainly good, but the interesting phenomenon is getting a PR merged in a high-profile project - however slight the change - as a badge of cool.


mwcampbell 4 days ago 3 replies      
Interesting that they rewrote the Foundation library in Swift for the open-source release rather than open-sourcing the ObjC one and bringing along the ObjC runtime. I wonder if this means they still believe the ObjC runtime and Foundation library are still worth keeping proprietary, or just that this is a step toward phasing out ObjC.
mojuba 4 days ago 0 replies      
Just re-stating the obvious, but it's also interesting how GitHub has become the default go-to of repos for everyone, like Google is for - well - googling. Kudos to both GiHub and git, you are simply awesome.
hokkos 4 days ago 4 replies      
What kind of trolling is that ?

>I think we should use GPL v3 instead.


insulanian 4 days ago 1 reply      
With open-sourcing C# and Swift, the era of major closed source programming languages is now officially over.
inglor 4 days ago 6 replies      
Am I the only one who finds it odd that while pushing two high level but performant languages (Objective-C and Swift) Apple wrote their Swift compiler in C++?
sebastiank123 4 days ago 2 replies      
Great news! Coding in Swift is fantastic and I would love to see it coming to more platforms, maybe even on servers. It could become a serious Javascript competitor due to its elegant syntax, the type safety and speed.
mingodad 5 days ago 3 replies      
Testing the binaries on ubuntu decompressed to to $HOME/swift and trying to execute swift:

Welcome to Swift version 2.2-dev (LLVM 46be9ff861, Clang 4deb154edc, Swift 778f82939c). Type :help for assistance.

 1> help
opening import file for module 'SwiftShims': No such file or directory

I could not find any mention to environment variables that could be used to override default locations, like SWIFT_LIBRARY_PATH or something like it.

iheart2code 5 days ago 0 replies      
The more I think about this, the more I wonder how existing third-party libraries will respond. Similar to Android and Java, I'd imagine we'll start seeing "vanilla" Swift libraries crop up that only use public/standard libraries and can work on iOS/OS X apps as well as open source projects.
makecheck 4 days ago 3 replies      
There's one thing I can't understand about Apple's approach, and that is their pathnames.

As good as Swift is, putting it by default in asinine paths like "/Library/Developer/Toolchains/swift-latest.xctoolchain/usr/bin" doesn't help anybody (and a ton of stuff in OS X is like this).

A more Unixy way to do this would be /opt/swift-3.0/bin, where /opt/swift is a symlink to /opt/swift-3.0. Even Apple used to limit the path insanity to merely /Developer/usr/bin. Not sure what happened...

renownedmedia 4 days ago 0 replies      

It's not just you! http://swift.org looks down from here.

blumomo 4 days ago 3 replies      
I would love to see Swift for Android programing. I'm already using Kotlin, a language very close to Swift, for programming our Android apps. But I find Swift niftier than Kotlin.
cbeach 4 days ago 2 replies      
Such good news. I've bet my career on Scala, but Swift is sufficiently similar in style that it will be an easy transition.

A language to write native (not VM-based) apps for the desktop, iPhone, iPad, Apple Watch, CarPlay and Apple TV is becoming very compelling indeed.

athenot 5 days ago 5 replies      
I wonder if Apple is positionning it as a competitor to Google's Go? They are hinting at a usage beyond just iOS and OS X.
SXX 5 days ago 0 replies      
Hope it's will have brighter future outside Apple ecosystem. It's nice to have more tools for server-side development, but wish it's will be better on desktop than ObjC / Cocoa / GNUstep was.
Ingon 4 days ago 0 replies      
One of the biggest things for me is that now I can draw upon the knowledge and knowhow of the people making Swift itself. Coming from Java, I'm used to reading the sources of all the things and now I can finally do it. So exciting, congrats to everyone involved!
sinatra 5 days ago 2 replies      
This is good news (hoping the github link etc will start working in a day or two)! One side effect of swift being open sourced is that more developers will start looking at it for server side development. However, I personally think that Swift will continue to have strong reliance on Apple (esp considering that most external Swift developers will come from iOS development). So, till I see Apple showing interest in Swift getting used on server side, I'll not use it there.
cromwellian 4 days ago 1 reply      
This is pretty awesome. If all of the platform dependencies could be abstracted away, this could form the core of yet another cross-mobile-platform development framework, but with better performance and richer tooling.

I think it really depends on how much control Apple intends to exercise over the IP. Could someone fork it and use it to create a mobile platform that would be free from legal harassment if it competed with the iPhone?

kenbellows 4 days ago 1 reply      
So does this mean we might finally get officially supported iOS development on Windows and/or Linux soon?
INTPnerd 3 days ago 0 replies      
I like that it's open source now, but until they remove the need to mark certain references as weak or unknown, it still just feels like Apple doesn't get modern languages. Until the automatic memory management is more automatic, I will avoid swift if I can. I know many will say it is "not a big deal", but that is not true. It is an extra thing the developer needs to keep track of and to get right if they want to prevent bugs in their code. It makes programming more stressful and less fun. It is something that is very easy make a mistake with. It is a step backwards from other technologies. I know ARC is supposed to be faster than other automatic memory management techniques, but that is just an excuse. Yes, lower performance could be a problem with fully automatic memory management. But problems were meant to be solved, not dumped onto the users of your language. I'm sure it is possible to get it fast enough for most projects. There should at least be a compiler option to enable fully automatic memory management for projects that don't need that extra bit of speed. Computers, including mobile devices, are getting faster and faster. This is especially true for the iPhone and iPad.
sbarre 5 days ago 0 replies      
Must be brand new because the Github links on the site don't work (assuming they haven't made the repos public yet).
KevinMS 4 days ago 2 replies      
Somebody compare and contrast swift for backend development with golang, node, etc. Google is giving me nothing useful.
melling 4 days ago 1 reply      
If you're new to Swift, I maintain a list of blogs, etc about Swift. I just past 2500 urls:


It can be viewed daily or weekly, if you're only interest in recent blogs:



Finally, all the data is on Github:


cdnsteve 5 days ago 3 replies      
How is developing on iOS these days? Swift seems like such nice a nice language.
connorshea 5 days ago 1 reply      
Swift Package Manager? It looks like Apple has developed their own version CocoaPods for Swift? Interesting.
BuckRogers 4 days ago 0 replies      
Congrats to Chris Lattner and the others at Apple who were promoting this! I've been watching Swift develop from the initial announcement because it would be a bit like C#. A great backend language that gives you first-class access on one of the most popular platforms.
giancarlostoro 4 days ago 0 replies      
I'm hoping to see builds for other distros and Windows as well. I'm curious what GUI applications would be like for Swift on Linux. I hope we see a great new platform for development with Swift :)
dubcanada 5 days ago 1 reply      
The site is barely even indexed by Google yet, and the github repo is not even done. I don't think it's ready yet.
zmanian 5 days ago 4 replies      
Wonders about the state of Swift on Linux? Was expecting this to be timed with the open source announcement.
theflagbug 4 days ago 1 reply      
Shameless self-promotion: Here is a great way to learn Swift on your phone: http://swifty-app.com/
return_0e 4 days ago 1 reply      
The Swift port for Linux seems to only support x86-64 for now. https://swift.org/blog/swift-linux-port/ I would like to see how swift could run on Linux ARM devices (Raspberry Pi 2/Beagleboard/etc) and other platforms; given that the runtime is already on iOS devices. Kudos to Apple for open-sourcing Swift.
i_don_t_know 4 days ago 1 reply      
Very nice that you can debug functions in the repl and set breakpoints:


I don't know any other repl that can do that. I know you can debug in (some) lisps and smalltalk, but I don't know if you can set breakpoints too. Still a nice and welcome feature.

ricksplat 4 days ago 0 replies      
As a sometime Apple developer I do welcome this. Hopefully it will legitimise some of the grey (non-official) toolchains and support the development of tools and community that much of the rest of the software development world enjoys, and people won't be tied solely to Apple's own dev tools.

Does anybody else think it's a little strange though? To have open source tools solely to target a closed platform? I haven't used Swift myself but from what I've seen it seems to be something like Javascript with libraries for iOS, perhaps with a few semantic adjustments. Would that be a fair assessment?

I can't imagine it being used for much else beyond developing for iOS devices. Perhaps Macs. So while it's free as in "beer", but could it truly be said to be free as in "speech" in any substantial fashion?

justplay 5 days ago 1 reply      
Scarbutt 4 days ago 2 replies      
A Golang killer?
billybilly1920 5 days ago 2 replies      
Can this do GUI programming on Lin/Win? Or Are there usable gui libraries for doing cross platform development like QT?
crudbug 4 days ago 3 replies      
What was the design decision that required function declaration to be :

func hello(name: String) -> String { }

rather than,

func hello(name: String) : String { }

espadrine 5 days ago 4 replies      
Linux support is hinted at in examples:

 #if os(Linux) import Glibc #else import Darwin.C #endif

talles 5 days ago 1 reply      
atmosx 4 days ago 0 replies      
It's WAY too slow to load and most pages time-out for me... I understand the hug of death coming from HN and twitter and reddit (and God where from) but this is Apple-backed right?!
pjmlp 5 days ago 0 replies      
Congratulations on the efforts done by whole involved to make it open source.

But I wonder if it will fare better than Objective-C outside Apple eco-systems without the tools and OS libraries...

lassejansen 4 days ago 0 replies      
Interesting, the compiler seems to be implemented in C++.
golergka 5 days ago 4 replies      

This organization has no public repositories.

AlphaSite 4 days ago 1 reply      
There is one more very interesting project under the swift umbrella: https://github.com/apple/swift-corelibs-libdispatch so now swift should have a useful approach to concurrency.
ehPReth 5 days ago 0 replies      
Here's an archive.is mirror of the swift.org index page: https://archive.is/L0J97
peterle 4 days ago 2 replies      
Initial commit was made 4,5 ago...Is it normal it takes so long for a language to become Open Source?

commit 18844bc65229786b96b89a9fc7739c0fc897905e

Author: Chris Lattner <clattner@apple.com>

AuthorDate: Sat Jul 17 23:50:59 2010 +0000

Commit: Chris Lattner <clattner@apple.com>

CommitDate: Sat Jul 17 23:50:59 2010 +0000

 initial swift test

codingvelocity 4 days ago 1 reply      
Now that swift is opensource i'm looking forward to some better tools being released for it. Right now xcodes support of swift is pretty lacking. No refactoring, and compile errors are fairly ambiguous sometimes.

Since this has linux support i wonder if xcode or something similar will be ported to linux.

phatbyte 4 days ago 0 replies      
I love this! I got say, that I've been a fan of Swift since the day Apple announced it. It's a such a beautiful language, with so many new paradigms implemented, safe and easy to learn.

I really hope this boosts the widespread of Swift. I'd love to use it for back-end dev for instance.

trymas 4 days ago 0 replies      
Nice, I am excited.

And probably I am more excited not about the open-sourcing of it, but that there will be a package manager [0].

[0] https://swift.org/package-manager/#conceptual-overview

praseodym 4 days ago 0 replies      
Happily surprised by the fact that they merged 16 pull requests since the repo got open sourced :)
imranismail 4 days ago 0 replies      
Been learning Elixir for the past few months and it's been a fun experience learning a functional language and OTP.

This might just be the thing to cross the "native" on my language learning checklist.

therockhead 4 days ago 1 reply      
Any news regarding Swifts ability to interoperate with CPP, like Objective C++?
tornilloo 4 days ago 1 reply      
I couldn't git with

git clone git@github.com:apple/swift.git swift

but you can use:

git clone https://...../apple/.... swift

and the same for the remaining libraries.

estefan 4 days ago 2 replies      
Is it possible to write complex iOS apps using swift alone, without having to learn any Obj-C? Is there full library support, good ecosystem, etc.?
SXX 5 days ago 0 replies      
Wow. Less than 30 minutes pass and site already loading with huge delay.
sdegutis 5 days ago 2 replies      
They're releasing the source code to libdispatch? I thought that was one of Apple's trade secrets, and more applicable than just Swift apps since it's a C lib?
pbreit 4 days ago 2 replies      
Would anyone use Swift if it wasn't necessary for iOS?
sandis 4 days ago 0 replies      
Repositories starting to go public now on Github - https://github.com/apple
piratebroadcast 4 days ago 1 reply      
Maybe now we can add a way to get a random value from an array like array,sample in Ruby. Lots of work currently to do such a simple thing in Swift.
lsm 5 days ago 0 replies      
Be patient guys. Good things come to those who wait.
symlinkk 5 days ago 0 replies      
Hopefully we'll see it on more platforms now!
jug 5 days ago 0 replies      
Wow, Swift.org is getting hammered right now.
be5invis 4 days ago 1 reply      
So let's guess, will Microsoft create a Windows-supporting fork, just like Redis?
truncate 4 days ago 0 replies      
Is it just me or is anyone else getting 404 for binary download (Ubuntu).
altonzheng 4 days ago 0 replies      
Wow, seems like Apple is following the steps of Microsoft now!
merb 4 days ago 1 reply      
What means "swift is memory safe"? does it use a GC?
ssutch3 5 days ago 0 replies      
Metal is just a graphics API (OpenGL) and not specific to Swift at all.
jeremy_wiebe 4 days ago 0 replies      
Brutal to see all the comment spam on the pull requests.
mnml_ 5 days ago 0 replies      
404 On the github repo
avitzurel 4 days ago 0 replies      
Not loading for me. Anyone experiencing the same issue?
mxx 4 days ago 1 reply      
Is it worth learning Swift? (eg. on Linux)
mikado 4 days ago 0 replies      
Copyright 2015 Apple Inc. All rights reserved.Swift and the Swift logo are trademarks of Apple Inc.
singularity2001 5 days ago 2 replies      
@OP: Please change title to "Swift will be Open Source soon" until the git repositories become actually available.
dbrannan 4 days ago 1 reply      
Can we get Adobe to open source the flash player plugin as well? Can anyone think of a reason Adobe continues to refuse?
anjanb 4 days ago 1 reply      
anyone knows about a port to windows x64 environment ?
eccstartup 4 days ago 0 replies      
mozil 4 days ago 0 replies      
cannot download snapshot now
Twisell 4 days ago 3 replies      
I see this as an hilarious welcome joke from the community : https://github.com/apple/swift/pull/17

Its developer's way to say FIRST

alia20 4 days ago 0 replies      
999999999999999 wl
agp2572 4 days ago 0 replies      
Now all we need is a transpiler that converts Swift to Javascript.
artursapek 5 days ago 2 replies      
Ouch, I guess this leaked? Who is the OP?
tornilloo 4 days ago 0 replies      
Doesn't work in x86, ubuntu 15.10,bash: /home/user/Descargas/swift-2.2-SNAPSHOT-2015-12-01-b-ubuntu15.10/usr/bin/swift: no puede ejecutar el archivo binario: Formato de ejecutable incorrecto

Pentium(R) Dual-Core CPU T4500 @ 2.30GHz 2

envy2 4 days ago 2 replies      
Interesting that this domain is registered at GoDaddy via DomainsByProxy, and hosted on a SoftLayer IP block.

WebKit.org, for instance, is registered with CSC Corporate Domains the same as apple.com, and is hosted on an Apple-owned IP block.

Perhaps a (further) indication this isn't ready for prime time yet?

jorgecastillo 5 days ago 2 replies      
At first I was like 'AWESOME', than I was like 'oh fuck, not ready yet'. I am not upvoting this, until there is a GitHub repository that I can clone!
Entering Public Beta letsencrypt.org
1243 points by sinak  4 days ago   212 comments top 38
kubaw 4 days ago 4 replies      
You may also want to try alternative client from https://github.com/kuba/simp_le. It can be easily dropped into crontab and renew certificates when necessary.

Disclaimer: I'm the author of simp_le and developer of the official client :)

diafygi 4 days ago 9 replies      
FYI, if you don't want to install anything to try it out, you can use https://gethttpsforfree.com which is a browser-based ACME client. It doesn't ask for private keys, so you don't need to trust it.
pfg 4 days ago 1 reply      
Happy to see this project hit public beta! I've deployed Let's Encrypt on a couple of side projects during the last month or so, and my experience has been mostly positive.

The official client still needs some work, especially in terms of auto-configuration on apache, nginx and others, but it's getting there. Some say it's become a bit bloated, which is true to a certain degree, but probably necessary to achieve the goals they have set for it.

Luckily, Let's Encrypt is based on an open specification (ACME) and it's really easy to implement a custom client. There are already more than 10 client implementations out there[1], all created with different goals in mind - anything from a Ruby gem to a simple scripts to get your own CSR signed. If you're not running your typical LAMP or LEMP stack, and don't want to run the official client which is more of a certificate manager requiring root access, that's definitely something to look into.

Note that if Windows XP support is relevant for your use-case, you might want to hold off. There's currently a problem with how XP deals with name constraints, which means any application using Windows XP's SSL API (I believe it's called schannel?) won't work - for example Internet Explorer and Chrome. This might get fixed in the future[2]. Hopefully, that's not relevant to you. :)

[1]: https://community.letsencrypt.org/t/list-of-client-implement...[2]: https://github.com/letsencrypt/letsencrypt/issues/1660

mholt 4 days ago 1 reply      
Here's a Go client that has no dependencies and runs everywhere: https://github.com/xenolf/lego
mei0Iesh 4 days ago 1 reply      
They keep trying to push the idea that letsencrypt should be ran as root. If you disagree with that, I ran it as a normal user using:

 letsencrypt -t --work-dir /tmp --logs-dir /tmp \ certonly --webroot /www/public -d example.com
Except on my system the letsencrypt command did not work. It failed with an "Operation not permitted". So I edited the webroot.py file, and commented out line 108 that said:

 # Remove execution bit (not needed for this file) os.chmod(path, filemode & ~stat.S_IEXEC)
It ran fine without root, sudo, or su.

Then I added this to nginx.conf:

 listen 443 ssl http2; ssl_certificate /usr/local/etc/letsencrypt/live/example.com/fullchain.pem ssl_certificate_key /usr/local/etc/letsencrypt/live/example.com/privkey.pem
It gets an A+ on ssllabs.com, and it works fine in the browser. When I click the lock it says "Let's Encrypt".

hlandau 4 days ago 2 replies      
I'm the nth author of an ACME (Let's Encrypt) client. It's a single-binary Go client which you can build and upload to your server. It's designed to work like "make"; you tell it what hostnames you want certificates for, and it tries to satisfy those requirements.It can install a cronjob automatically for autorenewal, and the authorization process doesn't require downtime.


davexunit 4 days ago 3 replies      
The official lets-encrypt client has an extremely large dependency graph, and using the client requires server downtime since it takes over port 80. Can either of these things be improved?
barosl 4 days ago 0 replies      
For those concerned with the official client requiring `sudo`: there are already many alternative clients that are compatible with the Let's Encrypt server, mine included.[1]

I made my own client because I wanted to know what's exactly going on during the certificate issue process. I tried to make the code as simple as possible, so take a look if you have time![2] It's a simple single file script.

[1] https://github.com/barosl/letsencrypt-simple

[2] https://github.com/barosl/letsencrypt-simple/blob/master/let...

binwiederhier 4 days ago 1 reply      
In case anyone is looking for an actual cronjob example. This works wonderfully:

 #!/bin/bash cd /srv/cert/domain.xyz simp_le -d domain.xyz:/srv/www/domain.xyz/html \ -f key.pem -f cert.pem -f fullchain.pem \ && service apache2 reload
And in the crontab:

 43 1 * * * /srv/bin/cert-renew || true
EDIT: This is using the simp_le client (https://github.com/kuba/simp_le), not the official client. But this one is wayy easier to use.

EDIT 2: Guide here: https://blog.philippheckel.com/2015/12/04/lets-encrypt-5-min...

sinak 4 days ago 1 reply      
EFF's post on the beta, including details on the roadmap: https://www.eff.org/deeplinks/2015/12/lets-encrypt-enters-pu...
denisu 4 days ago 1 reply      
I have seen many howtos recommending to add a monthly cronjob for the certificate renewal on the first day of the month at 12am (0 0 1 * * or @monthly). It is probably better to renew the certificate on a random day/time (30 4 5 * *) to prevent excessive load on their servers.
Savagedlight 4 days ago 0 replies      
If you're using FreeBSD and NGINX you may like the guide I wrote the other day. :) http://savagedlight.me/2015/11/24/lets-encrypt-on-a-freebsd-...

PS: I also made a cron-callable script which checks the expirity time of the cert before telling letsencrypt to renew. It checks if the cert was renewed afterwards, and echos to stderr if renewal didn't take.

mei0Iesh 4 days ago 0 replies      
Now that it's public, and I verified it works...


SwellJoe 4 days ago 1 reply      
This is among the most exciting things going on in the web world, for me. It's a pretty dramatic change that now every website can be encrypted, by default, and in a secure(ish) fashion (it doesn't really do much for proving identity, but SSL has been broken for that for years anyway).

I suspect integrating this has been the most requested feature for Virtualmin for the past several months (and we're about to roll it out, probably next week). For whatever reason, SSL is just always intimidating for people...even when it's been almost entirely automated, the back and forth between the CA and the server and dealing with private keys is a deal-breaker for a lot of non-technical users, so many of our users who are new to web server management have problems with SSL. It follows close behind DNS in terms of how much confusion it causes.

Anyway, I love that Mozilla and others took the initiative to pull this together, and used their not insignificant clout to push it to completion.

grizzles 4 days ago 0 replies      
Java: I made a cron friendly script to convert the letsencrypt keys to JKS format. https://github.com/ericbets/letsconvert
sleepychu 4 days ago 2 replies      
Any word on *.mydomain.tld certs from letsencrypt? That's the only thing stopping me from installing it today.
nodesocket 4 days ago 1 reply      
Anyway to get a wildcard SSL certificate from Let's Encrypt? Mine is coming up for renewal soon.
SCHiM 4 days ago 3 replies      
How does lets encrypt handle possible phising domains?

Even if there's zero mitigation I think the benefits will outweigh the downsides, but I wonder if there's anything that stops a criminal from registering a domain that is very similar to, say, that of a bank?

I know from experience (ethical hack) that the traditional authorities won't easily let you register 'suspicious' names like: <bank>-<name>.com where the original domain is <bankname>.com. Or something like that.

arca_vorago 4 days ago 0 replies      
What I would really like is wildcard certs for internal only use. For now, as I understand it, the only way to do so would be to temporarily port forward the internal server so it can reach out and close it later... Certs are not just for the internet websites, they are important for Intranets too.
esher 4 days ago 1 reply      
everyone interested in conspiracy, please read the comments over here: https://www.schneier.com/blog/archives/2014/11/a_new_free_ca... when bruce schneier wrote about let's encrypt.
MarkMc 2 days ago 1 reply      
I know this late, but FYI: it seems that certificates issued by Lets Encrypt are not as widely accepted as other commercial providers.

For example, my trial and error I found that the webhook api for both Mandrill and SendGrid did not recognise the Let's Enrypt certificate (although Google Chrome did recognise it). When I switched to a certificate issued by Name Cheap both Mandrill and SendGrid worked.

r1ch 4 days ago 1 reply      
Problems with a reverse proxy?

"There were too many requests of a given type :: Error creating new registration :: Too many registrations from this IP"

First time trying to sign up and only for a single domain.

scoot 4 days ago 1 reply      
Dumb question time: Why would idenTrust, part of whose business is selling SSL certificates, cross-sign for Lets Encrypt, whose business is giving them away for free?
chmike 4 days ago 1 reply      
Can we use the certificate for dovecot and postfix as well ?Would it be safe ? From the documentation it applies only to web servers.
tokenizerrr 4 days ago 1 reply      
Does anyone know if their server supports DNS validation yet?
stevebmark 4 days ago 1 reply      
PSA: don't use ReadTheDocs for your documentation. Turns good projects sour with a nasty UI, poor features, and horrible SEO.
gradi3nt 4 days ago 1 reply      
Ignorant question: If they are making getting a certificate easy for everyone, what is to stop "bad guys" from getting certificates for their sketchy sites? I usually look to the green "https" in my uri bar for reassurance when I'm on an unusual site.
xrstf 4 days ago 0 replies      
For those already using Let's Encrypt since the closed beta: Do not forget to remove the `agree-dev-preview` flags, as newer client version do seem to throw up if it's still set. I had `agree-dev-preview = True` in a config file and got an error about True being an invalid value.
jstalin 4 days ago 1 reply      
Hoping for automation for Nginx...
awqrre 4 days ago 0 replies      
Can you use this on a shared host and avoid the certificate installation fee?
slavik81 4 days ago 2 replies      
I'm having trouble finding where it specifies what permissions I need to use Let's Encrypt. Can I get a certificate for my subdomain even if I don't control the full domain?
AndyKelley 4 days ago 0 replies      
Does it work without port 80? Many home ISPs block port 80 which would prevent homes from being able to use the service.
rynop 3 days ago 0 replies      
From what I can tell, this does not support generating an SSL cert for use with AWS ELB correct?
FPSDavid 4 days ago 2 replies      
Can't wait to start using this on nginx.
nulltype 4 days ago 1 reply      
Does renewing a certificate require completing a challenge, or is that only for the initial certificate?
SunDwarf 4 days ago 1 reply      
Works flawlessly on my site. SSLLabs recognises the cert. Super easy to setup.
wereHamster 4 days ago 0 replies      
How do I use it with Google Cloud HTTP Load Balancer?
pjbrunet 4 days ago 8 replies      
"We want to see HTTPS become the default."

Sounds fine for shopping, online banking, user authorizations. But for every website? If I'm a blogger/publisher or have a brochure type of website, I don't see point of the extra overhead.

Update: Thanks to those who answered my question. You pointed out some things I hadn't considered. Blocking the injection of invisible trackers and javascripts and ads, if that's what this is about for websites without user logins, then it would help to explicitly spell that out in marketing communications to promote adoption of this technology. The free speech angle argument is not as compelling to me though, but that's just my opinion.

Kazakhstan to MitM all HTTPS traffic starting Jan 1 telecom.kz
803 points by out_of_protocol  5 days ago   358 comments top 67
kazakh 5 days ago 6 replies      
Kazakh here. Fuck, what do we do? Any suggestions other than trying to raise awareness?

To give some context, the reason why they are getting away with such brute methods is that the most people wouldn't understand the full implication. I would be surprised if this would prove difficult to enforce - the first thing an ordinary person would do when, say, Facebook wouldn't load is to call up the Kazakhtelecom's support and the support guy would tell them to "press that button that says 'I trust this certificate'" and they would comply. There also hasn't been an uproar re government snooping into private citizens' communication, the kind that US had with Snowden etc., so a lot of people are likely to accept the "for your own security" talk at face value without much skepticism. It's also unlikely that even heightened awareness will inspire much backlash, as there is no real track record of grassroots organizing, even when the government tightens the screws. To its credit, the government has been quite skillful at balancing at just below the limit of pissing people off enough to make them go to the streets for the last twenty years (soaring oil prices in the last decade helped as well).

kaizendad 5 days ago 4 replies      
I really appreciate how they're doing this. The Chinese built up an amazing infrastructure for the Great Firewall; the Kazakhs just say "install our cert!" The Chinese spend billions and have to stay ahead of all of their citizens' clever new ideas at all times; the Kazakhs spend a few hundred and just need to point guns at their citizens until they install a cert.

Sure, it's going to be difficult to enforce, but it should also be quite cheap.

akie 5 days ago 1 reply      
Love the Orwellian Newspeak: a "National Security Certificate" to protect people accessing "foreign resources"... If you don't know anything about the subject it really sounds like they're doing you a favor.
davidu 5 days ago 8 replies      
Google, Facebook, Yahoo, Microsoft, Salesforce, Box, Dropbox, Twitter, etc. could have a very strong influence on changing this if they banded together to respond to this in some way.

The government might be doing what they think is right, but public backlash can change policy almost overnight. We saw this in the US recently with SOPA/PIPA. The "Internet" response was unprecedented.

The people of Kazakhstan can achieve the same outcome.

henryaj 5 days ago 4 replies      
"telecom.kz wants to use your location."


Quiark 5 days ago 2 replies      
Wow, I feel really sorry for all Kzakhstan citizens. Also, this is a great example of 'rubber-hose cryptoanalysis' - who cares about 4096 RSA or whatnot if the government can just beat you until you oblige...
jedberg 5 days ago 3 replies      
And everyone made fun of Netflix for implementing a secure protocol on top of http. Suddenly that seems really useful for people in Kazakhstan.



RyanZAG 5 days ago 3 replies      
Woah, it can't be stressed how bad this is. If this succeeds, other countries will definitely follow! If it can be shown to work, it will be demanded that this be implemented by pretty much everyone for difficult to deny political reasons (terrorists, children, crime, etc)

This feels like the first bullet in a new war that will occur in every parliament world wide.

exelius 5 days ago 1 reply      
While there are probably 100 different ways to avoid this and retain secure traffic, I would venture to guess that the average Internet savvy-ness of Kazakhstan is pretty low, so using any of them would single you out for additional government attention (whether you're actually doing anything illegal or not).

That said, there's a remarkable tendency in countries as corrupt as Kazakhstan for a "shadow" telecom network to pop up. Just run in some fiber from a neighboring country on the down-low and distribute locally via microwave dish. Yeah, it's not exactly difficult to locate a powerful dish, but it's also not glaringly obvious so you can usually pay someone to look the other way. After all, the government officials want to look into everyone's communication, but if their own communication was ever intercepted, they would be the target of blackmail! They want to use the information they gather to blackmail citizens like the Stasi, not the other way around.

Of course, the flip side of that are the mobile phone networks operated by the Mexican drug cartels and ISIS. But the only surefire way to avoid government surveillance of this sort is to bypass government regulated telecoms entirely.

zokier 5 days ago 2 replies      
Makes me wonder how long such policy would last if Google, Facebook, and Microsoft would ignore traffic from Kazakhtelecom MITM server (or just drop the whole Kazakhtelecom IP address space). Of course I'm not saying that they should do that.
jakobdabo 5 days ago 3 replies      
Google and Mozilla should blacklist the certificate once it's made public.
chatmasta 5 days ago 3 replies      
Why is Kazakhstan's cert any different than the hundreds of "trusted" root certificates that came preinstalled on my mac?

Looking at my mac's cert keychain, there are 185 trusted root certs. I don't know what any of them are or who has the private key to them.

My ISP could MITM my traffic whenever it wants to, if it has the private key of one of the hundreds of trusted root certs on my device.

DanielStraight 5 days ago 2 replies      
If we could rebuild the internet from scratch knowing that someone would try to do this, what measures could be put in place to make it impossible to MITM traffic (in other words, make it so the only option is to install monitoring software directly on the user's machine)? Is this something which even can be defeated with current cryptographic theory?
mhandley 5 days ago 0 replies      
Idiocy such as this is a strong argument for the use of PAKE rather than CA-based authentication. No need to trust anyone other than the site you're trying to connect to: https://en.wikipedia.org/wiki/Password-authenticated_key_agr...

TLDR: Basically, you prove to the website/mail server/sshd that you know your password, while the site simultaneously proves to you that they also know your password (and hence are actually the site you're trying to connect to), all without actually sending the password in either direction. The password is then used to bootstrap symmetric encryption keys.

danpalmer 5 days ago 4 replies      
This is what HTTP Public Key Pinning (HPKP) protects against.

It allows a server to specify the only set of certificates that a browser should accept. Meaning that MITM'ing is impossible, without a valid cert in the chain of one of the advertised trusted certificates from the server.

Chrome, Firefox, Opera, Chrome for Android, and the Android stock browser all support it.

I'm not sure how they intend to circumvent this problem, apart from perhaps just instructing users to not use those browsers? That's quite difficult to put into practice.

LoLFactor 5 days ago 0 replies      
For those of you looking for a mirror (copy) of the page before it was taken down, here it is:


icco 5 days ago 0 replies      
TIL: "Kazakhstan is currently our 76th largest goods trading partner with $2.5 billion in total (two way) goods trade during 2013. Goods exports totaled $1.1 billion; Goods imports totaled $1.4 billion. The U.S. goods trade deficit with Kazakhstan was $295 million in 2013. - https://ustr.gov/countries-regions/south-central-asia/kazakh...
airza 5 days ago 2 replies      
So like, what's the plan for people visiting Kazakhstan here? Install some rando's SSL certificate in your trust store or just not be allowed to access the internet?
binarnosp 5 days ago 3 replies      
So, the next step is encrypting the content before sending it through TLS...TLS over TLS
israrkhan 5 days ago 2 replies      
wait till private keys for the cert are leaked by some disgruntled telecom company employee.. Puts the whole country internet at risk.
hannob 5 days ago 1 reply      
This sounds pretty bad and we can just hope that this doesn't become the new norm.

What makes me kinda angry is however where this originates from: There are countless so-called "IT security" products that had this idea of MitM-ing all traffic before. Basically it's just the same idea on a bigger level.

sathackr 5 days ago 1 reply      
Link is 404'd

Here is the text of what was there.


Press centerCompany NewsInternet newsTV NewsPublishingVideo ArchivePhoto archivesOperatorsMain page Press center Company News Kazakhtelecom JSC notifies on introduction of National security certificate from 1 January 2016Kazakhtelecom JSC notifies on introduction of National security certificate from 1 January 2016From 1 January 2016 pursuant to the Law of the Republic of Kazakhstan On communication Committee on Communication, Informatization and Information, Ministry for investments and development of the Republic of Kazakhstan introduces the national security certificate for Internet users.

According to the Law telecom operators are obliged to perform traffic pass with using protocols, that support coding using security certificate, except traffic, coded by means of cryptographic information protection on the territory of the Republic of Kazakhstan.

The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources.

By words of Nurlan Meirmanov, Managing director on innovations of Kazakhtelecom JSC, Internet users shall install national security certificate, which will be available through Kazakhtelecom JSC internet resources. User shall enter the site www.telecom.kz and install this certificate following step by step installation instructions- underlined N.Meirmanov.

Kazakhtelecom JSC pays special attention that installation of security certificate can be performed from each device of a subscriber, from which Internet access will be performed (mobile telephones and tabs on base of iOS/Android, PC and notebooks on base of Windows/MacOS).

Detailed instructions for installation of security certificate will be placed in December 2015 on site www.telecom.kz.

PR department Kazakhtelecom JSC


Academy of Public Administration under the President of the Republic of Kazakhstan

Official site of the President of the Republic of Kazakhstan

- Write to usFAQSite mapReport an errorCareer with UsProcurementReference bookHelp 2010-2015,

ocschwar 5 days ago 3 replies      
Wondering about a turtles-all-the-way solution:

A web-socket based protocol that opens up a new SSL session with non-MITM'd certificates.

So you'd open up the snoop-me HTTPS/1.1 connection, do some GETs, then say "GET /busy, yo", and start what looks like a video-chat conversation that is in fact a regular SSL connection with uncompromised certs.

(some protocol) over SSL over Web-Socket over bad-SSL over TCP/IP

wtracy 5 days ago 0 replies      
I once looked into getting a .kz domain. (I wanted to host comics on a site named "comi.kz".) It turns out that one of the requirements for getting a .kz is that the website be physically hosted inside Kazakhstan. (And yes, Kazakhstani hosting providers that do business with foreigners are expensive.)

Right now, I am very glad that I did not go down this route.

egeozcan 5 days ago 6 replies      
> The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources.

How is this protecting users? They are outright lying here, if I understand correctly. Also why are they asking for my location?


rakslice_ 5 days ago 1 reply      
This is lame news.But what I'm curious about is: What are they going to do (if anything) to validate the upstream certificates?

- What will their upstream root certificate policy be?

- If they MITM any old upstream certificate, how will they mitigate the huge target they are painting on Kazakh Internet users?

cgcardona 5 days ago 0 replies      
FWIW there are 9.49 million Internet users in Kazakhstan according to wolframalpha.com


RangerScience 5 days ago 1 reply      
This is extremely relevant to my interests but I don't actually understand what's happening here. Part of that is the awkward translation. Can I get a more detailed description and/or some links to help me understand?Thanks!
nashashmi 5 days ago 1 reply      
I wish somebody could tell me what this means half technically. My mind is wavering between this is a good thing because everyone's connection is becoming secure to not a good thing for reasons unknown.
mailslot 5 days ago 1 reply      
Why can't Internet companies simply block the entire backward country? I can't imagine Borat's motherland traffic monitizes well anyway. You want to MITM? Fine, build your own Kazakh Google.
DonaldEFoss 4 days ago 0 replies      
While I applaud the privacy advocates, we knew this was coming when HTTP/2 (RFC 4750-4751) because an official standard in May 2015. The only way a country with limited bandwidth can operate a transparent proxy is to stick a new certificate in the root chain so that it can decode, cache and re-encode the traffic.

I don't like it anymore than anyone else, but I see a non-malicious purpose here.

gf1 5 days ago 1 reply      
Could this be used by the Kazakh government to sign malware/spying packages and install them on their citizens' machines? Sounds like a super easy way to open that backdoor.

Or is this a different type of cert? I'm thinking along the lines of what Dell and Lenovo were yelled at for (although those were easy to rip off, but the government could possibly serve as the malicious actor here).

jumasheff 5 days ago 0 replies      
Kyrgyz here.An evil lesson is soon learnt. It's highly possible that our regulators will try to push similar bill.
gesman 5 days ago 1 reply      
Google should come up with cheap satellite internet. This is the only way to bypass unruly governments.

But then you're on a mercy of Google Republic.

anovikov 5 days ago 1 reply      
Does it mean that using SSL the normal way will become impossible? I can't imagine this. How this can be enforced?
JumpCrisscross 5 days ago 0 replies      
To what degree has the U.S. government, through the NSA et al, provided moral cover for this sort of thing?
strictfp 5 days ago 0 replies      
And this, dear fellows, shows how effective it is to fight politics with technical solutions.
coldcode 5 days ago 1 reply      
If all of their https traffic is compromised, would we not be able to break all of their financial traffic remotely?
xg15 5 days ago 2 replies      
Correct me if I'm wrong, but doesn't android display a rather ennerving "someone might be spying on you" warning when custom root certs are installed? I'm looking forward to the reactions when every (android-using) citizen of the country student gets that warning.
rdtsc 5 days ago 2 replies      
> secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources.

I guess "coded" here means VPN as well...

Wonder how other countries' embassies will be connecting if they block all the encrypted connections? Everything through a satellite connection presumably.

electic 5 days ago 1 reply      
My first thought, any tech company to setup offices in this country are probably out the window. However, more importantly, they just made it really easy for other governments to spy on them. In their zeal to protect national security, they have done just the opposite.
adm_hn 5 days ago 1 reply      
It seems they removed the page
flurdy 5 days ago 0 replies      
"from which Internet access will be performed (mobile telephones and tabs on base of iOS/Android, PC and notebooks on base of Windows/MacOS)"

So use Linux and you will be fine?

dbalan 5 days ago 2 replies      
Slightly OT - if the bad guy can't fiddle with the trust store of your computer, whats his another methods of analysing a users traffic? Is https breakable by other means?
dendory 5 days ago 0 replies      
I wonder if non-TLS based VPNs could be used around that? And if those are blocked, how hard would it be to build a SSL over HTTP proxy outside the country?
mtgx 5 days ago 1 reply      
Is this different than the DoD having a root certificate in iOS (and I think Windows, too)? Couldn't the DoD also MITM the traffic any time they wish?
jstalin 5 days ago 0 replies      
So how about hacking and leaking their certificate and then making all Kazak government traffic vulnerable to public posting all over the internet?
jjuhl 5 days ago 3 replies      
That's just wrong and a really unpleasant slippery slope.I hope this causes a huge backlash from users and the internet at large.
thewarrior 5 days ago 1 reply      
My prediction : Indian government takes up this idea in the next 12 months. If this works this idea will spread.
Sanzhar 5 days ago 0 replies      
Did they just delete those news? Can't find the link on the telecom.kz website any more?
mdumic 5 days ago 0 replies      
They lack resources to crack it or otherwise do it in secrecy so they're demanding cooperation. Slick.
rikkus 5 days ago 0 replies      
Maybe this will be what the UK government do as a 'relaxed' version of 'ban all crypto'.
sbaha88 5 days ago 0 replies      
Would it affect vpn services as well? Sad to see more outrage here than in Kazakhstan
Create 5 days ago 0 replies      
"SSL Added and Removed Here"


fishanz 5 days ago 0 replies      
I think this would break, for example, mobile apps which use certificate pinning.
samat 5 days ago 1 reply      
Any proof for that?

Anyone has a copy of original article?

Link redirects to the main page of the website.

kukabynd 4 days ago 0 replies      
Kazakh here as well.

Dont bother. Nothing will happen. Its just talk as always.

voltagex_ 5 days ago 0 replies      
I wonder if they'll be checking the validity of the upstream cert?
aaronkrolik 5 days ago 1 reply      
How would this affect access to bitcoin/blockchains in Kazakhstan?
gideon_b 5 days ago 0 replies      
Aww but there's a kitten. This must be innocent.
caf 5 days ago 0 replies      
Time for httpss:// (HTTP over TLS over TLS)!
sneak 5 days ago 0 replies      
All other countries have inferior surveillance.
fapjacks 5 days ago 0 replies      
This is such a bad idea!
multinglets 5 days ago 0 replies      
At least they're fucking telling people they're doing it.
cmdrfred 5 days ago 0 replies      
When I watched Borat I felt a little bad for the Kazakhstan government getting singled out like that for seemingly no reason. Now it feels incredibly satisfying.
bmahax 5 days ago 2 replies      
I don't agree with all the comments here.A sovereign state decided to ensure all outgoing traffic is protected by a secure signature that is not possessed by foreign intelligence agencies or hackers (well, that's the idea).

It is a very cheap and effective way to achieve this.

Spying on the population is not prevented by GeoTrust and Cie's loosy certificates, a lot of literature and real life examples already show that. This is a tragedy of the commons, until everybody has access to REAL security, then no country has interest in having foreign powers spying them while not even being to do what everybody else does.

In France, Germany, Italy, Japan, Korea, Australia, etc, all of your data is already analyzed and deciphered, they freaking work together to make it less obvious than Kazakhstan. Don't make any mistake and don't call for overthrowing the regime there, it makes no sense.

From a citizen PoV, they became almost as watched over as we are for WWW traffic, but their lives are still not as much tracked as ours since they do not have the means of our agencies. They are still better off than us.

Microsoft Edge's JavaScript engine to go open-source windows.com
842 points by clarle  3 days ago   266 comments top 25
roddux 3 days ago 14 replies      
Wait, Edge does better on ES6 coverage than both Chrome and Firefox? Microsoft have seriously stepped up their game, especially seeing as it's now neck and neck for performance with Chrome: http://venturebeat.com/2015/09/10/browser-benchmark-battle-s...
Sir_Cmpwn 3 days ago 3 replies      
Wow, I'll admit that I haven't been looking at Edge simply because of the IE stigma, but this blog post impressed me. 90% ES6 support? More so than Babel? Awesome. And it's getting open sourced! I hope to see it ported to the Unixes. Perhaps Servo+Chakra could be a thing?
vonklaus 2 days ago 2 replies      
I find myself hoping Microsoft makes a comeback and they are really doing a lot to win developers which I think is the right move. Obviously, they are a huge platform and developers inherently will be using it but they have taken a lot of great steps like open sourcing this engine as well as other projects.

The Code editor they released is built on Atom Electron and seems more performant than Atom in the few experiences I have had switching between them.

If they can continue to gain trust in the community and improve their UI they could become great again. You can tell they have thought about how to do this. A few years ago now I remember the guys from the IE team did an AMA about the new explorer IIRC it was 10. They talked about cross browser compatibility and wanted developer feedback.

I am not sure if they are actually an "underdog" but I find myself feeling like that, and hoping they can get it together.

adrianlmm 3 days ago 3 replies      
I'd like to see Node.js using Chkara by default, V8 developers have showed that they don't care much about Node.js, they are more interested in Chrome, and MS have showed more interest in Node.js than Google and I'm sure it will be better for all, fingers crossed.
oblio 3 days ago 9 replies      
I have a somewhat off topic question: is there anything in the design of Javascript that mandates single-threadedness? Could any Javascript engine implement threads?

I'm asking because I'm wondering if Node.js's evented approach is the only way to do things.

datashovel 2 days ago 0 replies      
Microsoft is slowly but surely winning me as a fan. Keep doing things that matter, show that you're committed to the open source community, and continue to help push the web forward and I think nothing but good things will come from this.
jfoster 3 days ago 2 replies      
No mention of license. Is it safe to assume it'll be Apache or MIT?
miralabs 3 days ago 1 reply      
I wonder if in the future node will enable swappable js engineedit: ok just found this https://news.ycombinator.com/item?id=9534138
sdegutis 3 days ago 3 replies      
Wow. They're really serious about changing their philosophy aren't they. Using Github for their stuff, making and open sourcing Visual Studio Code, other stuff I can't remember, and now this.
1971genocide 3 days ago 8 replies      
As a mere mortal - How hard would it be for a day programmer to built something cool like an JavaScript engine ?

I sometimes have crazy thoughts about the world ending.

How hard would it be to built your own javascript engine from scratch ?

gtirloni 3 days ago 2 replies      
Edge is certainly much faster than Chrome/Firefox for JS processing that I wish I could use it on Linux. Looks like that might be happening. Really great news.

I didn't know Node.js could use anything but v8. This is also very nice.

yuhong 2 days ago 0 replies      
I was wishing that MS Open Tech could make the other JS engines Windows x64 ABI compliant including SEH for a while now.
japhyr 3 days ago 3 replies      
We have a bunch of laptops at school running Windows 10 with Edge. Students can't copy and paste into Google Docs while using Edge.

Was this a deliberate choice by Microsoft to steer people away from Google products, or is it something more benign than that?

d0m 2 days ago 4 replies      
Out of curiosity, why rebuilding a whole new engine rather than using/improving V8?
cdnsteve 2 days ago 1 reply      
Well I guess we can all start using ES6, no need to compile to ES5 anymore.
zobzu 2 days ago 0 replies      
There's no such thing as 'firefox alpha', its 'firefox nightly'

Kinda odd to see when they get the rest right and they're engineers. feels like they dont know firefox o.O

mschuster91 3 days ago 1 reply      
What in blazes?! Okay MS, that's an impressive step.

I'm waiting for the first ports to Linux or, hell, a native port of IE... given the trend, it's not unreasonable that MS will open source a load of stuff.

rakstrooper 2 days ago 0 replies      
Here's hoping an android port Will be made by microsoft
caleblloyd 2 days ago 0 replies      
Fantastic news! Now all we need is for Edge to support Server Sent Events (eventsource)
keklord 2 days ago 0 replies      
Yay I cant wait to test this out
shmerl 2 days ago 0 replies      
How about open sourcing the whole browser?
dang 2 days ago 1 reply      
We detached this subthread from https://news.ycombinator.com/item?id=10682076 and marked it off-topic.
dang 2 days ago 1 reply      
We detached this subthread from https://news.ycombinator.com/item?id=10682557 and marked it off-topic.
xxxxc308 2 days ago 0 replies      
idibidiart 3 days ago 0 replies      
Microsoft. Former Evil Empire. Current open source champion. What is not to like? Leadership is everything.
A letter to our daughter facebook.com
787 points by arasmussen  6 days ago   518 comments top 84
prezjordan 6 days ago 17 replies      
> We will give 99% of our Facebook shares -- currently about $45 billion -- during our lives to advance this mission. We know this is a small contribution compared to all the resources and talents of those already working on these issues. But we want to do what we can, working alongside many others.

Ninety. Nine. Percent.

robert_tweed 6 days ago 5 replies      
Maybe I'm being too cynical, but this seems about as philanthropic as Ron Hubbard starting a religion.

Firstly, the donation is stock not cash, so the value of this foundation will be directly linked to the value of Facebook shares.

Secondly, it has been stated that one of the things this foundation will do is "participate in policy debates". If the headline was "Mark Zuckerberg to put $45 billion is stock behind lobbying effort to establish Internet.org as a monopoly in developing countries", that wouldn't sound quite so positive, would it?

ryandrake 6 days ago 13 replies      
Something's always bugged me about relying on philanthropy as a source of funding the public good, as opposed to the public funding the public good through taxation and the democratic process: In the former case, the public doesn't really have much of a say about where the help goes. We must rely on the judgment (and personal values) of a few rich people and hope they pick charities that maximize the benefit.

Would the outcome be better or worse if we had, say, a 99% tax bracket at >$N million, and let the public decide the best way to deploy that funding via the ballot box? Would that process better align with the values of a democratic society? Or would we just get more corporate welfare, bombers and aircraft carriers?

I'm not ragging on philanthropy--it's awesome that some of these billionaires understand the meaning of "enough" and choose to give away their fortunes to worthy causes. But is it best for society to leave it to a few lucky 'elite' to judge what is and isn't a worthy cause?

colmvp 6 days ago 2 replies      
I feel only on HN and Reddit can people find reason to criticize a guy who is giving away billions of dollars for humanity. Talk about not seeing the forest for the trees.
dhcar 6 days ago 3 replies      
This seems more like PR than a genuine letter to a child. Which is fine, but I wish they'd treat it as such.

They talk about facebook, donations, improving the world, their beliefs, etc. but very little on how to be a better person or how to enjoy life. Maybe I'm projecting, but what would you want to find in your pillow after moving in for your first day of college?

I hope they wrote their daughter a real letter. One directed to her and not something that will be tweeted by hundreds of news organizations.

cpursley 6 days ago 8 replies      
Why are the techno-barons so focused on human health? Not that there's anything wrong with these efforts, but human disease is much less of a threat to our species and planet than an ever-increasing human population. What I'm saying is that humans have little difficulty reproducing; it's a solved problem.

What's not a solved problem is our disappearing fisheries[1], rhinos going extinct all over the place[2], farmland desertification[3], tropical deforestation[4], ocean acidification[5]... From my back of the envelope math, it seems that longer lives and a larger population will exacerbate our environmental and resource issues.

I'd like to see billionaires purchase large tracks of land simply for preservation. Cleaning up industrial waste from rivers. Foot the salaries of anti-poaching efforts. Get clean fusion energy production up and running. That sort of thing. Perhaps we should get our planet's shit together before tackling immortality?

[1] http://www.washingtonpost.com/posteverything/wp/2014/06/03/t...

[2] http://www.cnn.com/2015/04/16/africa/kenya-northern-white-rh...

[3] http://www.bbc.com/news/world-africa-34790661

[4] http://www.theguardian.com/commentisfree/2015/oct/30/indones...

[5] http://fm.kuac.org/post/increasing-ocean-acidity-threatens-m...

chegra 6 days ago 2 replies      
Sometimes, I think people on HN probably think they get points for being the most cynical critic.

Can't we just say, "Dude we are happy for you, and thanks for the money."

And what happened to the rule about not saying stuff you wouldn't say to a person's face. Would you be calling Mark a narcissist to his face? Keep it civil people.

hellofunk 6 days ago 1 reply      
I'm signed up for CNN's "Breaking News" emails that are sent out whenever some earth-shattering crisis occurs or particularly important news that affects everyone. I received one of these email alerts upon the arrival of their daughter. This gave me a great sigh; good news for them, but how did it become worthy of worldwide immediate news notification?
djhn 6 days ago 1 reply      
Zuckerberg isn't planning on retiring.

He will rival Bill Gates in the magnitude of philanthropic contributions.

And in other news Facebook Notes is challenging Medium as the default one-column publishing tool.

Note as well, that of all the immaterial goods that have the potential to create immense value to people and humanity, education and health are the ones strongly highlighted. Global equality is there, but to a critic this too will be seen as another factor in building and supporting an ever-growing, and long-living, consumerist middle class.

There is very little said about freedom, democracy, privacy, justice or self-determination. Even if this reading is unfair, cynical or simply too demanding of what this text and announcement is. Not to mention detracting from what is otherwise a highly admirable act.

abalone 6 days ago 1 reply      
Couple problems with this otherwise well-intentioned effort:

1. It's a drop in the bucket compared to what governments spend on a regular basis trying to solve these problems. (Bill Gates has said as much.)

2. Private charity by the billionaire class is not a scalable solution. Historically most social advancement has happened through popular organization and government programs, not charity.

Silicon Valley itself is a product of government spending. The Internet and thus Facebook wouldn't exist without billions of taxpayer investment in early stage high risk research and procurement via DARPA and other government agencies. That continues today (just a couple examples: Siri and autonomous vehicles).

If we are serious about accomplishing social change and "long term investments over 25, 50 or even 100 years," the answers lie in greater government investment in these areas. Just like Silicon Valley. And that means all Silicon Valley companies should be paying back to the government just as they would an early stage investor. Not as a "noble choice" but as an obligation. (Currently they get the core tech pretty much for free.) That would drum up an order of magnitude more funding for much-needed social projects.

I'd like to hear more Silicon Valley CEOs talk about that.

rrggrr 6 days ago 2 replies      
I'm not trolling, as much as it will seem the opposite, but I feel compelled to wonder about postnatal mania (mild postpartum psychosis) as I read the letter. I wonder how different (or private) the letter may have been had it come four months from now. I wonder how many really significant acts of charity and kindness by the super wealthy and influential occur in the days following childbirth. Just wondering aloud here.
nbardy 6 days ago 0 replies      
Reading this is impossible to not to think of Bill Gates. Someone who realized the impact his money can have. Many people in this industry have been influenced by the actions of Gates, especially in the tech community. As a 20 something the money I make certainty pales in comparison to that of Gates or Zuckerberg, but even at a low rate for the tech industry it is much above that of my friends, many of who have worked much harder to get to where they are. It is difficult to be in a position to give help and refuse. Perhaps the effect Gates can have on the minds of the wealthy will be even greater than the already vast contributions he has produced.
masterponomo 6 days ago 0 replies      
Just wow. I asked my parents how my birth changed their lives. They said they had to invest in some good ear plugs (for themselves) as a sleep aid, and that they lost a sock drawer until I graduated to the futon. While I did not spark the solving of the world's problems, at least I did have some small impact.
webwanderings 6 days ago 1 reply      
Never much cared for Zuckerberg but this changes my perspective.

Off-topic: can Facebook please go ahead and literally kill the blogging industry by giving the ability for everyone to use these updated Notes section? As is, the majority of the referrer on the Internet is Facebook. They might as well get the blogs out of the way.

uptown 6 days ago 0 replies      
"As you begin the next generation of the Chan Zuckerberg family, we also begin the Chan Zuckerberg Initiative to join people across the world to advance human potential and promote equality for all children in the next generation. Our initial areas of focus will be personalized learning, curing disease, connecting people and building strong communities.

We will give 99% of our Facebook shares -- currently about $45 billion -- during our lives to advance this mission. We know this is a small contribution compared to all the resources and talents of those already working on these issues. But we want to do what we can, working alongside many others."

roymurdock 6 days ago 1 reply      
Mark has set some ambitious goals regarding poverty, disease, nutrition, and equality, and connectivity. I hope for all of our sake that he is successful in realigning many of the perverse short-term incentives through his and his Priscilla's generous contributions and efforts.

I wish he had spoken more about luck and balance. This is something that Bill & Melinda Gates, as well as Warren Buffet do very well. Understanding luck and balance is the key to empathy, which is also a phrase that is missing from this letter.

I also wish he had not marketed this press release as a letter to his daughter. Perhaps he has another, private letter that is actually more relevant and personal, but if I were Max, I probably wouldn't be thrilled to read this 20 years down the road.

But I'm sure he had a reason to release this letter as he did, and that he thought for a long, hard time before penning these words. Best of luck to the new father, mother, and daughter.

seanhandley 6 days ago 0 replies      
I find it disgusting that he's just had his first child and is already piggybacking a PR exercise off it.

In spite of the enormity of the announcement, to tie it up as "A letter to our daughter" is deeply crass and makes me feel queasy.

YorkianTones 6 days ago 0 replies      
Applause to the Zuck for the public commitment to invest 99% of his fortune in charitable causes.

Providing cheap, reliable internet to underserved areas of the planet seems like an achievable goal. Much of the technology is present, and so this goal can be attacked now given available funding. The technology should improve further and become cheaper in the near horizon. Go for it Zuck. Make a dent.

"Curing disease", however, or "learning and experiencing 100x more than we do today" - these trite and nebulous platitudes seem line lines stolen from HBO's Silicon Valley script. "Eradicating polio" is a concrete, well-scoped, measurable, and realistic goal (regardless of whether its is the best apportioning of resources). "Curing disease" is not. Does someone who's married to a doctor really believe that all disease is eradicable in the next 100 years? Must we resort to impossible moonshots and unqualified invocations like "Make the world a better place!"? Something like "colonize space!" is not a helpful goal; "build a habitation on Mars which produces enough food, water, and O2 to sustain 5 people for a year" begins to be.

This pedestrian rallying cry is a chaotic amalgam of cliches. I hope Zuckerberg puts more thought, organization, and direction into how he will invest his billions for the betterment of posterity.

zeofig 6 days ago 1 reply      
It astounds me that people are taken in by this. There are so many ways that Zuckerberg can manipulate this to his self-worshiping benefit that I can't even guess which ones he'll pick. Consider the type of charity Zuckerberg has previously favoured: totally monopolistic internet infrastructure in India. Sure, people get internet, but it'll Zuckernet from now until forever. Philanthropy is a broken system, because powerful philanthropists never really give away their money: they retain control of whatever the charity is used to build. When you have everything and it's not enough, that kind of control is worth a lot of dollars to you.
littletimmy 6 days ago 5 replies      
This leaves a bad taste in my mouth, for some reason. Must one's private life be this public? I get that Zuckerberg doesn't agree with privacy, but surely putting his daughter in the public limelight as soon as she is born is an imposition on her privacy.

Maybe I'm just getting old.

mei0Iesh 6 days ago 0 replies      
Some thoughts:

* Addressing a public press release to your private child's name

* Naming the initiative with your family's name

* Calling for "change now" as if the world isn't already working very hard every day towards progress

* Looks like a move out of a strategic playbook some advisers gave for "how to be President someday"

* Looks like they're marketing themselves as the royal family, like Facebook is the new kingdom

* Looks like that smug thing that's hip today where people compete to be most charitable

* Reminds me of the Melinda and Bill Gates thing, and the Google medical research thing

Part of this is the perspective of engineers who believe everything is solvable if you just build something to do it. If it isn't built yet, it must be because we're not working hard and fast enough. That if someone has billions of dollars, and are just willing to fund an initiative, they can take credit for curing all disease.

Part of it is the fear that's faced by people who felt invincible when they become old, or have a newborn infant. When you can purchase anything, the new difficulties are things like bacteria, viruses, and entropy. When you are a god in the eyes of the society and economy, yet a worm in the eyes of biology and ecology, there's no longer a clear path towards how to solve your daily concerns. If you're poor and need food, there's simple steps you can follow to acquire what you need. But when you're wealthy, what do you do to get well from illness, to escape the pains of aging?

These people, and much of the digital society today, need perspective and psychological understanding beyond what they have. But you won't see an initiative for that.

dpc_pw 6 days ago 2 replies      
Aren't this "foundations" essentially just tax loopholes for the rich?


read point 4.

jordigg 6 days ago 0 replies      
Hope many more will follow, my sincere admiration.

Here the SEC filling:http://www.sec.gov/Archives/edgar/data/1326801/0001326801150...

rrego 6 days ago 5 replies      
First time I've heard of Facebook Notes, which apparently aren't new at all. The notes that I do see aren't styled the same way as Zuckerberg's letter.
seanlinehan 6 days ago 0 replies      
> Can we truly empower everyone -- women, children, underrepresented minorities, immigrants and the unconnected?

Part of me thinks that Zuck means people without family or otherwise ties to wealth and influence. But another part of me thinks that he means those that aren't connected to the internet. If it's the latter, this is quite the bold statement. The implication would be that people without access to the internet are structurally disadvantaged. Which in a lot of ways are true. The internet enables anybody to acquire knowledge, skills, and relationships with an ease that is otherwise impossible. Thankfully, this bucket has a fairly clear solution path.

andr3w321 6 days ago 1 reply      
I'm all for rich people giving their mass fortunes to charity but they sure do seem to take a long time to do it. Bill Gates is STILL the richest person on the planet in 2015 and his wealth GREW $3.2 billion last year. Can we save the praise for giving away $44 billion until he actually gives it away?

Source: http://www.forbes.com/sites/kerryadolan/2015/03/02/inside-th...

awl130 6 days ago 0 replies      
from an evolutionary psychology standpoint, we are all driven to constantly increase our social value (and indirectly that of our offspring). once you hit a certain level of wealth, it is rational for you to shift your attention from making more money. your social value is only increased by wealth up to a certain amount, after which the marginal returns in social capital approach zero for every additional dollar earned. to put it simply, how much more social value do you have with $1 billion versus $2 billion? The world is indifferent. At that point, you are simply a rich person.

once you reach such an inflection point of wealth, you must find an alternative means of increasing your social capital. there are two common ways: one is to demonstrate your evolutionary fitness in a field completely unrelated to how you amassed your wealth: many rich get into movie production, novel writing or other creative endeavor. These usually fail.

another alternative, the safer alternative, is to expend your remaining time and resources advancing social causes (running for an elected office certainly falls under this category). this is the simplest way for an adult, untrained in anything other than their primary business, to increase their social capital.

it's not a coincidence that zuck is still willing $450mm to his offspring--more than enough to hit that inflection point. he knows that any additional dollar beyond that inflection point provides marginal social value to his offspring.

nemo44x 6 days ago 0 replies      
New money mistake. You don't change the world by putting your money into non-profits but rather cultivating a dynasty that has tentacles in business, government and thus policy.

You consolidate this kind of wealth into the proper channels to influence public opinion and thus a much greater sum (measured in trillions) over a greater time to get the real change you believe in.

It's a good gesture but a losing strategy. But it's his money to do as he pleases so, cheers Zuck.

cup 6 days ago 3 replies      
"Medicine has only been a real science for less than 100 years, and we've already seen complete cures for some diseases and good progress for others."

Thats a bit unfair. Scientists have been painfully working to advance the field of medicine for centuries.

6stringmerc 6 days ago 26 replies      
Okay, maybe it's just me, but after reading the introduction and getting through the list of extremely difficult "Can we..." challenges followed by the "We must..." directives, the first quote that popped into my head was a variation of a poor man is crazy, but a rich man is just eccentric.

I get the desire to solve the world's ills, of society's shortcomings, of essentially fixing the thousands of years of evolutionary programming to craft a utopia. What sane person would sit down and say "You know, when I die, I want to leave the world a chaotic fireball of pain and suffering" in all seriousness? Maybe I'm significantly jaded, but I hope I'm not the only one who finds such a letter a little bit narcissitic, brought to you by the originator of one of the most narcissitic platforms of the modern era, and hosted on that very platform, naturally.

>Our generation grew up in classrooms where we all learned the same things at the same pace regardless of our interests or needs.

This isn't true at all. "Our" generation grew up with having to work to acquire knowledge. To spend time in the library. To sit down and read. To think. It took time, effort, opportunity, and personal investment - so much of which is no longer a priority now.

>The internet is so important that for every 10 people who gain internet access, about one person is lifted out of poverty and about one new job is created.

Citation needed. Like, really.

derefr 6 days ago 0 replies      
As far as I can tell, this is a speech directed at other billionaires, attempting to 1. put them in an idealistic frame of mind and then 2. making the suggestion that the natural outlet for that idealism is philanthropy, while 3. Putting his own money where his mouth is for some peer-pressure.

If that works, then this will singlehandedly be the highest-ROI "evangelism" anyone has ever done. Unlikely, though.

lagudragu 6 days ago 0 replies      
Not to be cynical, but isn't this also just a method to ensure your company will remain for a longer duration? As a decline in facebook stock will indirectly hurt the philanthropic projects which are linked to it through his foundation. I would take his "pledge" more serious if he would invest actual capital (money, resources, ...) in such projects.
subdane 6 days ago 0 replies      
No pressure or anything. Love, Mom and Dad.
tmsh 6 days ago 0 replies      
"He has informed us that he plans to sell or gift no more than $1 billion of Facebook stock each year for the next three years and that he intends to retain his majority voting position in our stock for the foreseeable future."


What an amazing donation! But not for the foreseeable future. I don't care how multiplicative his voting shares are. If there is no plans to sell them in the foreseeable future, this is a pledge spread out across a generation, decades, while real problems are affecting us every year. Every year where he just capped himself at 1 billion dollars in donations.

Why are you applauding this?

harryf 6 days ago 0 replies      
> right now, we don't always collectively direct our resources at the biggest opportunities and problems your generation will face.

One of the biggest problems facing kids in the west is digital addiction. Society as a whole is still collectively in denial here as adults gain from it, from parents who get some peace while the kids play with the iPad to game developers pushing out endless FarmVille clones attempting to get kids hooked enough to convince their parents to approve some in-app payments.

The problem is already there - just need to look at the amount of Ritalin being subscribed - http://www.theguardian.com/society/2012/may/06/ritalin-adhd-...

gabea 6 days ago 0 replies      
It is unfortunate that we cannot accept the kindness and generosity from those who have been blessed with wealth and whom wishes to share it with others. Rather we ridicule them and surmise that they have some hidden agenda behind their desire to share.
7cupsoftea 6 days ago 0 replies      
This is very admirable. Hats off to Mark Zuckerberg. Very well done!
queryly 6 days ago 0 replies      
This is amazing. Money doesn't make us live longer, but does $45 billion help bring the future sooner? I bet it does. It will widen our horizons on what's possible. Everyone on earth will benefit from it.
bikamonki 6 days ago 0 replies      
Dear Max, you are filthy rich. I accidentally created a very successful social network. People mostly use it to post cat pics, drowned babies, whine about everything and the best possible selfies they can take, or you know, post stuff that is addictive to humans. We then sell ads and well, make tons of cash. I say accidentally created because there where already social nets out there but mine was just out at the right time and had the right funding and coaching we needed. Well, honestly, I also had to screw a couple of guys to get here. Anyway, Maxy, all this is ancient and boring stuff. The deal is that since I have tons of cash and success people think I am smart, I think am smart too, so I ought to know a thing or two about how to solve real world problems. I mean it can't be that hard: it is just a matter of developing tech. Billy is throwing 2B to energy research, I can do just the same, see daddy will be a hero too! Anyway dear, this posting personal stuff on Facebook fever just got me and I love you and it is so cool Shakira just likes this post. Also, the post generated a billion views, we sold them ads at premium: your first day on Earth Maxy and you are one million dollars richer! Ok, thats it. Love. Dad.
aswanson 6 days ago 1 reply      
I have had some problems with the way his company operates sometimes but I can't find a single thing he said I don't emphatically agree with here. Hat tip, Mark Z.
cJ0th 5 days ago 0 replies      
Alternative proposal: Use that money to turn Facebook into a self-sustaining non profit that solely cares about maximizing its users experience and stop breaching privacy so that data can be sold.

Perhaps that's not as fancy as investments in health, education or the environment but at least it seems very doable and could solve one problem (excellent means for human communication) for good.

canes2001 6 days ago 0 replies      
Many wealthy citizens have only used their wealth to enrich themselves and their families. It is nice to see someone that is focused on making the world a better place.
uhtred 6 days ago 0 replies      
I'm so glad I'm not on Facebook.
altonzheng 6 days ago 0 replies      
Okay yeah there might be a lot of flaws or criticisms about this, but at the end of the day, this is a net win for society. Go Mark and Priscilla!
Mark1999 6 days ago 0 replies      
Thanx Mark. Now that your CIA financed endeavour became a money making machine, you find it is about time to contribute some sort of "philanthropy" to the world. It is no wonder the millions of serfs don't waste any time to congratulate you on this great action of yours. Please, a word from the world to American based institutions: Please, stop saving the world. Really, look at what your government is doing to Syria, etc supporting terrorists through CIA controlled channels. And for God's sake! Read the reports from World Bank before posting this "i will save the world" letter: Poverty and inequality have risen during the last years, not decreased!
zobzu 6 days ago 1 reply      
When I read this stuff (as in the letter) I just think one thing:

You guys are so full of yourselves.

fantasticsid 6 days ago 0 replies      
Reading some of the comments make me sad. This has happened so often lately..
pgodzin 6 days ago 0 replies      
Interesting how internet connectivity is mentioned without a reference to internet.org after that got a lot of net-neutrality heat. Regardless, great to see so much money being invested in so many great causes.
ausjke 6 days ago 2 replies      
A great read indeed, plus a nice picture.I'm going to print out this and read along with my next generation.

I'm thinking about starting to use facebook again, left it a few years ago.

throwaway999888 6 days ago 0 replies      
> Today your mother and I are committing to spend our lives doing our small part to help solve these challenges. I will continue to serve as Facebook's CEO for many, many years to come, but these issues are too important to wait until you or we are older to begin this work. By starting at a young age, we hope to see compounding benefits throughout our lives.

In other words, I'm getting in on this philanthropy thing at a much younger age than Bill Gates.

FussyZeus 6 days ago 0 replies      
When things like this pop up, as well intention-ed as they may be, I just think to myself, if this were just a regular guy and not famous, would anyone give a shit?
keane 6 days ago 1 reply      
Disappointed once again in the immediate cynicism here but by now I should know not to be surprised by it in any community where nothing is sacred.
fijal 6 days ago 0 replies      
I think a bad sentiment here is mostly generated not about what Mark says on his post, but what he does otherwise. We've seen a fair share of controversy regarding facebook, privacy practices etc, we've seen a fair share of controversy regarding internet.org.

I for one find it all skeptical - I don't see how his ideas would align with facebook goals as a company

poub 6 days ago 0 replies      
I would have loved having parents writing such beautiful letter to me for my birth.Its an extraordinary beautiful welcoming.
sakopov 6 days ago 0 replies      
Oh lovely. This is the same man who called his users dumb fucks in the infancy of his company. Now he's worried about future generations and pushes his corporate agenda innocently using his newborn. Facebook is like a goddamn cult that acts like God's gift to humanity.
jordigh 6 days ago 0 replies      
> Your generation will set goals for what you want to become -- like an engineer, health worker, writer or community leader.

Realistically, we can't all avoid being garbage collectors or street sweepers, can we? Or will automation really replace all unsavoury jobs with high-paying professions?

NN88 6 days ago 0 replies      
this melodramatic bs
kafkaesq 6 days ago 0 replies      
Can we truly empower everyone -- women, children, underrepresented minorities, immigrants and the unconnected?

Yes you can, Mark: Stop requiring people to use real names. And stop caving in requests from authoritarian governments that want to do their dirty work for them.

DyslexicAtheist 6 days ago 0 replies      
I'm so excited about the trickle-down economics that I can hardly curb my enthusiasm
astaroth360 6 days ago 0 replies      
Well, I'll say that I appreciate the effort on Zuck's part, but somehow I still can't make myself like the guy :\

Oh well, I guess I don't have to like him to appreciate that kind of cash going into worthy causes.

zurn 6 days ago 0 replies      
Wow, addressing climate change and unsustainable resource consumption are absent from the list and "protecting the environment" is once mentioned in passing.
tmsh 6 days ago 0 replies      
I think this letter and http://givingpledge.org/ are good.

But we all give away wealth when we die. To someone or another.

The pledge is not necessarily one of generosity other than looking past one's family. Which is something, but less impressive along the generosity dimension than giving away more earlier (while that money has a very real opportunity cost to you).

That said, if I had billions of dollars, I'd be investing in my own research and not giving it away. But that's just me.

seansmccullough 6 days ago 0 replies      
His daughter is clearly not the intended audience of this post. In fact, the fact he is having a kid has nothing to do with this post.
SCAQTony 6 days ago 0 replies      
He just put his baby into the public eye; now it's paparazzi bait like some Prince's kid in England
breakyerself 6 days ago 0 replies      
Well I hope he learned something from the boondoggle his grant to Newark schools turned out to be.
jordache 5 days ago 0 replies      
so you equate to internet monolopy as impactful as curing diseases?? So the dude is doing something else you find objectionable, but it doesn't come close to good stuff he is trying to accomplish.
ForFreedom 6 days ago 0 replies      
Kayne and Kim named their son, NorthMark and Priscilla named his daughter MAX.
dimdimdim 6 days ago 0 replies      
As I said in previous post --- if I were writing a letter to my son, it would be a private affair and not posting it worldwide on FB.

Also, there is a huge difference between pledging to donate during our lifetime and "donating". Anyone can make that pledge and then decide a comfortable schedule.

salgernon 6 days ago 0 replies      
In the end, the only thing anyone has to give is their time.

How many billions of hours are spent daily on Facebook? His fortune is won on the backs of those poor fools.

It ain't gonna happen, but shutting down Facebook now would be a greater philanthropic act. (Yea and obviously OtherFacebook would come online.)

msoad 6 days ago 1 reply      
This is really cool. I kind of missed notes in Facebook. How do you create one?
o0-0o 6 days ago 0 replies      
This would have been a lot more genuine if he had just wrote the letter - tucked it away - and then let his actions do the talking.

When a choice is between doing the right thing loudly, and doing the right thing quietly, the amount of noise you make is the inverse of the size of your dick.


charlie_vill 6 days ago 0 replies      
Thank you Mark.
melted 6 days ago 0 replies      
I like Zuck. He seems to have picked the right role model to follow (Bill Gates). I just hope he cashes out before a credible competitor takes over.
saccrant 6 days ago 1 reply      
Time to short Facebook stock.

Given stock is the best way to motivate executives, when the guy on top is giving all of it away you know where the stock price is going.

frame_perfect 6 days ago 0 replies      
Actions speak louder than words.
anon4this1 6 days ago 1 reply      
I'm dismayed by the lack of focus on the environment here. Humans as a species are doing just fine. Health gains just marginally improve that. We need to focus on finding balance with nature that doesn't involve mass extinctions and subjugation.
orionblastar 6 days ago 0 replies      
It is a lot of promises that are hard to keep.

They think they can just throw money at a problem and it will eventually go away given enough time.

They think people in communities will give up their bigotry against certain groups without a fight. They think everyone in the future will adopt the same worldview that they have. They think that they can solve poverty by giving everyone an Internet connection on the planet and most people who are poor are illiterate and can't read and write.

Like I said a lot of promises.

Some problems can't be solved with money, it takes innovation, it takes a new way of thinking, it takes doing things in a way nobody thought of yet.

Students who are poor and have family problems have emotional and psychological problems that hinder their learning. No matter how much money you spend on their school, as Gates has learned, their test scores don't go up. https://www.washingtonpost.com/news/answer-sheet/wp/2014/06/...

This effort by the Gates Foundation proves that building better schools does not give the students a better education.

You see they made the mistake of throwing money at a problem in order to solve it. Five years later and a disappointment in what they had created.

Parents of the students get by with low paying jobs, because there is a wealth inequality in our nation. It leads to poverty, family issues, emotional and psychological problems none of which building new schools could address. All of which factor into having a hard time learning and getting better test scores.

Why is there a wealth inequality and people have to settle for low paying jobs?

Technology has automated most of the good paying jobs so they can be done with computers for free. Microsoft and Facebook for example earn money from technology that does work for others for free and earns money. Websites can operate 24/7 and replace people who take phone calls or work at a desk to fill out forms.

Also we used to have factory jobs until we shipped those jobs to China because the labor cost less over there.

Getting a good education is only possible if you have a good enough credit rating to get a student loan, if your family is poor and struggles and misses paying bills, you will have a bad credit rating and not be able to get a student loan for college. Not getting good enough grades will lead to a lack of scholarships and other things.

People who can't get a college education face a life of hardship working low paying jobs just to get by. Not everyone can become a computer programmer after being a dropout, and then join a startup. Some have to work retail jobs in the service industry and 2 or 3 of those jobs. Not having time to raise their children properly. Not able to help with homework because they work overtime to get enough money to pay the bills.

These factors have not been addressed in the future plans for fixing our education system.

Sure you can learn a lot on the Internet and even use it to earn money, but most people just use it for entertainment value and communication. So there are distractions to learning on the Internet. But what happens when the freelance market suddenly gets 3 billion more lower wage contractors in it all competing for the limited amount of contracts?

I wish I knew how to solve these problems, but I learned from experience that you can't just throw money at them and solve them.

You need the government to help out with some sort of basic income program to lift people out of poverty as good paying jobs are scarce because of automation or AI advances. I expect that to get worse in the future.

You need better mental health clinics to address the emotional and psychological problems associated with poverty for the students to be able to learn better. You need to find money for tutors to help them with homework when their parents cannot. You need to teach poor students stress management and test anxiety management so that they can o better in tests and learn better study habits and score higher.

I've found at least with my son, that the Internet is a distraction for him. Time he could have spent studying for tests, he instead watches Youtube videos and plays video games. I've tried to help him as best as I can, but now he is failing chemistry as a junior in high school but passing his other classes because they are not as hard.

We are one of those poor families because I ended up on disability in 2003 and don't earn as much as I used to as a programmer. There is only so much I can help my son, he makes decisions for himself, but I cannot force him to study more or do better on his tests. I feel as if I didn't go on disability we'd be better off and I'd be able to hire a chemistry tutor for him to get his grades up. I forgot as I took chemistry in 1985, and it was so long ago. It is harder to raise a child than you think, esp if you are on a limited income. The school he goes to is a good one with good teachers and modern equipment and they use iPads for ebooks and learning, but it is not enough and still students struggle with their classes.

No matter what you do there will still be problems as no system is perfect, and students will still get low mtest grades no matter how good a personalized system you develop. The Dewey System was developed for personalized learning and it failed. https://en.wikipedia.org/wiki/John_Dewey

Most of what they are trying to do has already been tried and failed. It is like trying to go against human nature and change the way human beings behave so they can learn better. But human beings cannot be reprogrammed like robots, and almost all of these theories go with the case that human beings can be reprogrammed like robots to create a better community for better learning.

It is like trying to solve a social problem using technology thinking, you need to think in terms of society and the way people work, which is not the same way technology works. You need to lead social reforms in communities in a way that makes sense to everybody and not just people on a certain political spectrum that leaves out all others. You will face a resistance to change, as many won't want to change. People will come up with conspiracy theories over the changes, etc.

It is a good start to build a different system of education and try to make new communities for education for everyone, but money alone won't solve it, you need the cooperation of everyone in the community to change the way their human nature works and give up on the old ways of doing things. Some won't want to give up on the old ways.

supergirl 6 days ago 0 replies      
Every rich guy thinks he knows what's good for the world. And why announce this together with the birth? Should the world celebrate this miraculous event that also led to our salvation?
jpeg_hero 6 days ago 0 replies      
Patrick Bateman -- World problems speech


hvis 6 days ago 2 replies      

"Please log in to continue."

Seriously? One might think they would prioritize raising awareness over increasing Facebook userbase.

wityak 6 days ago 1 reply      
Expensive shot at Bezos and his distate of charity. Well played, Zuck.
gesman 6 days ago 0 replies      
Adorable baby girl, welcome to the world.

PS: stress and toxicity quite often are the real causes whereby the few diseases Mark mentioned is a consequence.

bababouy33 6 days ago 0 replies      
Wow, that's a lot of pro-facebook comments for a "Hacker news" site. Shouldn't you people be browsing reddit or better yet, facebook?
How to be like Steve Ballmer medium.com
757 points by drb311  4 days ago   188 comments top 33
bigdipper 4 days ago 4 replies      
Let me add some color to the speculation here, I worked under Ballmer for sometime leading a product.

Ballmer was a math genius, he was also a spreadsheet whiz and knew as much as a CFO did at anytime. His memory was that of a thousand elephants, and could recite forecasts, actuals and numbers for multiple years in one go.

Microsoft played in the enterprise space, and Ballmer was a marketing genius when it came to enterprise positioning. I credit him with driving the attach revenue concept within the enterprise. Companies that bought Windows, bought office, bought Exchange server, bough maintenance and more.

Even more, he was a relationship marketing genius. He had a photographic memory and remembered names of people he would meet once and recall entire conversations after months/years. And this was globally, he took the company global in a very aggressive way.

He rewarded people, both Bill and Steve weren't stingy about doling out stock - unlike Jobs. This kept a strong talent pool of A players at Microsoft.

He had a strong penchant for the enterprise and where he started faltering was when the Internet started maturing and consumer experiences started converging with the enterprise.

Nevertheless, this man took Microsoft from $15B to $70B in revenue and you can't belittle that.

loeber 4 days ago 5 replies      
Something rarely mentioned: Ballmer could've been a first-rate mathematician. He graduated magna cum laude with an AB in math, and beat Bill Gates on the Putnam exam, finishing well within the top 100 contestants that year.
brudgers 4 days ago 1 reply      
Ballmer was the "business guy" at the startup that created the greatest ever amount of money for its founders and employees by holding off an IPO and raising a minimal amount of outside investment. The amount of equity he and Gates retained allowed Microsoft to take a long term rather than a quarter by quarter Wall Street driven approach for about twenty years following the IPO.

If Microsoft is currently undergoing a renaissance, it may be because Ballmer got the supertanker turned onto the right heading. Unlike the much beloved Sun, Microsoft is still around and its works are trending toward the right side of history while Sun's legacy is increasingly sliding into the pale of Oracle.

MichaelGlass 4 days ago 1 reply      
"Heres somebody wholl wear their mediocrity with such energy, with such boundless enthusiasm and unbridled passion, that nobody else even tries to compete.Youre not Steve Jobs. Youre mediocre, like me. Youre reading shabby online articles about how to be like somebody else. Do you think Steve Jobs did that?"

A+ Be all the Balmer u can be. Balmer forever and ever.

SonicSoul 4 days ago 2 replies      
fun read but i'm not convinced about the advice. I'm sure Balmer is a smart guy and lucked out by joining MS as #30 (is it really so unlucky to be #30 at MS?). He was also outspoken, loud, and perhaps had some leadership qualities lacked by other nerds at that moment. And now it's easy to pick him apart and "be more like Balmer" but I doubt mirroring his annoying personality will get you far.

Next time you give a presentation, repeat the same key word or phrase at least 5 times. Preferably 10.

i think Balmer succeeded despite this behavior, not because of it.

When you sense a gap thats closing push yourself in with full energy. Love the party, get into it, then make it your own

the "make it your own" is almost like saying "tell a funny touching story that everyone will love".

Imagine you areor bethe tallest person in the room. (Create situations where youre standing and theyre sitting?)

this reminds me of the NLP craze back in the day, i.e. micro behaviors that are subconsciously making you more attractive / easy to relate to / superior etc. Dubious at best.

* not to dismiss micro behaviors completely. There are numerous TED talks about body language that present convincing evidence that it works. I think they are especially applicable if you're the kind of person that tries to occupy least space and remain un-seen in meetings. For an average person I just think this is a minor tweak, not the big change standing between you and tres commas club.

allenbrunson 4 days ago 2 replies      
i was prepared to snark. i don't like steve ballmer, i don't want to be like him. i don't like what he stands for. i can't think of one positive thing about the guy, other than perhaps his loyalty. but this article has a bunch of interesting insights nonetheless, delivered in a funny way.
volandovengo 4 days ago 4 replies      
Despite his public perception, he's incredibly intelligent. He has an IQ of 150.

His strategy of being a fast follower worked great for Microsoft when it had crappy competitors - it was ill equipped to deal with good ones like Apple and Google.

someear 4 days ago 0 replies      
Dude has passion. Worked at Microsoft for a few years, and even though I didn't agree with many of his decisions...he does what he loves, and loves it so much, that it passes on to others as well. We need more of that everywhere, in every aspect of life, not just business.
hoodoof 4 days ago 3 replies      
Ballmer was there since the earliest days of Microsoft. Only a fool would somehow think he just came along for the ride.

Gates chose to give him a large slice of equity because he saw that he wanted something that Ballmer had and as far as I can tell that worked out extremely well.

I won't argue that Steve Ballmer was the technical creative genius that Microsoft needed but to suggest that in some way he stumbled in and rode the gravy train, well I don't buy that.

The new generation probably have little concept of how absolutely and totally Microsoft dominated the computer industry, in a way that no company does now (nope, not even Apple dominates today anything like the way Microsoft dominated in the 80's and 90's). It was Microsoft's world in a very real way. There were two men behind that complete domination - Steve Ballmer and Bill Gates. The cynical (and there are many) might say "well it's Ballmer that lost that domination", but I wonder if such ongoing utter domination was even possible in the greatly expanded industry post WWW, regardless of who the leader was.

Steve Ballmer is more than worthy of admiration, if you were smart you'd try to learn from him rather than portraying him as a buffoon sidekick to Bill Gates. To evaluate him in this way just displays ignorance.

I think Gates brought on Ballmer as the business partner he needed, not the business partner he started with (Paul Allen). I'm not knocking Paul Allen but Bill Gates felt he needed Ballmer as his partner and as far as I could tell Ballmer and Gates were a powerful team, not Dean Martin and Jerry Lewis.

And when compared with Steve Jobs, it's worth remembering that Steve Ballmer and Bill Gates comprehensively beat, pounded and dominated Steve Jobs' Apple until "Steve's return". Apple was on the brink of going out of business when Steve returned and stayed in business because Gates and Ballmer provided Apple with $150M to stay in business - a wise move at the time because Microsoft was in trouble with the justice department and needed to ensure that there were companies still in existence that could even vaguely be argued to be valid competitors to Microsoft.

Many, many entrepreneurs tried and failed to get the better of Gates and Ballmer until eventually a perception formed that you were an idiot if you tried to compete with them. VC's wouldn't invest in anything that was even seen as potentially an area that Microsoft might be interested in being involved with. Ballmer is one of the most formidable and, in his time, feared businessmen ever.

Ballmer is one of the greatest business people of all time even if he doesn't have the romantic and charismatic story of Jobs or Gates.

Respect is due.

NickHaflinger 4 days ago 1 reply      
'SteveB went on the road to see the top weeklies, industry analysts and business press this week to give our systems strategy. The meetings included demos of Windows 3.1 (pen and multimedia included), Windows NT, OS/2 2.0 including a performance comparison to Windows and a bad app that corrupted other applications and crashed the system. It was a very valuable trip and needs to be repeated by other MS executives throughout the next month so we hit all the publications and analysts.'

'The demos of OS/2 were excellent. Crashing the system had the intended effect to FUD OS/2 2.0. People paid attention to this demo and were often surprised to our favor. Steve positioned it as -- OS/2 is not "bad" but that from a performance and "robustness" standpoint, it is NOT better than Windows'.


"I have written a PM app that hangs the system (sometimes quite graphically)."


exelius 4 days ago 6 replies      
So Ballmer is the ultimate PHB?

This is a great way to build a career, but if you look at his track record at Microsoft, I'm not sure Ballmer is the guy we want to be emulating. He was hard-headed, amazingly risk-averse when it came to Microsoft's core platforms, and was not a great manager (he was unable to control a lot of the culture problems that plagued Microsoft in the early 2000s).

It's fine to make bold moves that fail, but Ballmer's failed moves weren't really all that bold. They were big, but not incredibly bold, and were often doubling down on a failing business inside Microsoft.

rthomas6 4 days ago 1 reply      
You know, in the same vein... Salieri was a pretty decent composer. He got some fame and recognition. Maybe it's not so bad to be a Salieri and not Mozart, because he's still a hell of a lot better than most.
pcunite 4 days ago 0 replies      
The photo of Gates and Ballmer is from this article, online here:


kareemm 4 days ago 0 replies      
The one thing Ballmer did right was double down when he saw a huge, once in a lifetime opportunity.

Warren Buffet and Charlie Munger say that without their top 20 performing stocks, they'd be also-rans. Which really goes to show that when you find a great opportunity in life, you should go at it as hard as you can.

CurtMonash 4 days ago 0 replies      
IIRC, Ballmer at one point went double or nothing, margining his stock to double his position. That explains half of his stake right there.

That's when he was worth $100 or $200 million, not long after the IPO.

Jim Treybig of Tandem Computers did something similar when he lost half his stock in a divorce.

m52go 4 days ago 0 replies      
> Go to the mirror and practice these faces.

Great piece. This article is worth a click for that lead image alone. I really wonder what the context was for such an expression.

srameshc 4 days ago 0 replies      
I would have passed this article anywhere else if not for Hacker News. This is a great insight and great way to work on your personality.
rogerbinns 4 days ago 0 replies      
It all comes down to sales being easier to measure than other parts like development. Something like "doubling revenue" can be reasonably objectively measured. Trying to do the same thing for a developer is way too hard: double X? halve X? where X is lines of code, bugs, hours of attendance, appraisal scores, or other measurements don't remotely cut it, and are easy to game. (Revenue can also be gamed to some degree, but people/companies parting with cash is a higher hurdle.)

That let him make a measurable deal with Gates & Allen. A new developer as employee #30 doesn't have anything comparable.

talles 4 days ago 2 replies      
I thought the article was serious until I reached the "Steve Ballmer mission pack". Author can't be serious.
l33tbro 4 days ago 0 replies      
The Charlie Rose interview is a pretty decent insight into the man. Certainly shuts up the armchair quaterbacks here with 20:20 hindsight calling him an idiot for certain career moves.


keepitsurreal 4 days ago 0 replies      

Am I doing this right?

CurtMonash 4 days ago 0 replies      
Anyhow -- Steve had all the personality at the Windows 1.0 launch. Well, Steve and John Dvorak. Mike Maples and Jon Shirley, however, seemed like bigger deals in the company than Steve a while each.

Steve is basically a great salesman. He's both a huge extrovert and a great listener. He's delusional enough to completely believe, yet well smarter than other similarly delusional people. I presume he has all the sales process mechanics mastered too, but I don't actually know that for a fact.

rajacombinator 4 days ago 0 replies      
This just shows that terminal net worth is not that important.
ape4 4 days ago 2 replies      
from wikipedia: In 2007, Ballmer said "There's no chance that the iPhone is going to get any significant market share. No chance."[55]
umaguma 4 days ago 0 replies      
Did Ballmer ever do any programming?

If not, why?

Did he just have no curiosity or interest?

Sounds like he had far more capacity for maths than Jobs.

kozukumi 4 days ago 0 replies      
My personal opinion of Ballmer is that he was/is brilliant but he failed to prioritise in the right areas during the mid 2000s. He did well with investing in Azure and cloud tech but he was an idiot for letting Sinofsky run Windows into the ground with Windows 8.
0mbre 4 days ago 0 replies      
So introvert vs extrovert?
x0 4 days ago 0 replies      
You forgot "do a line of coke before giving a presentation"
visakanv 4 days ago 1 reply      
> i was prepared to snark

I don't know why but this just got me laughing so hard. I'm thinking about one of those infomercials. "They laughed at me when I sat at the piano... but when I started to play!"

It's like the Hacker News slogan or manifesto or something. HACKER NEWS: WE'RE PREPARED TO SNARK.

cookiecaper 4 days ago 0 replies      
Awesome article.
rbanffy 4 days ago 0 replies      
jheriko 4 days ago 6 replies      
its a shame this is a joke.

you really could learn better from ballmer than from jobs imo.

i'd much rather be successful for the like ballmer than jobs. cult following is creepy, and recieving kudos even when you do nothing makes it easy to lose perspective.

jobs was great at what he did, but massively overrated thanks to the excellent work of the apple marketting guys. those guys are absolutely amazing at what they do. its a shame they don't get more credit.

Leaked Documents Reveal Police Department Planted Drugs for Years, DA Complicit henrycountyreport.com
577 points by coloneltcb  6 days ago   251 comments top 35
hackuser 6 days ago 21 replies      
It seems like there is a smoking gun in this case (though I didn't review the evidence thoroughly). Widespread availability of video recording and distribution has provided many more smoking guns. Certainly, there are many more incidents where no smoking gun evidence is available.

For a long time, black Americans have been claiming that such things happen and were widely ignored or disbelieved. It was and is a grave error - I can't imagine how many victims there are. This raises critical questions:

1) Why did our society make this error?

2) How do we prevent making the same mistake in the future, regarding other issues?

3) About what issues are we making the same mistake right now?

Also: What do we do about the legions of victims? Ignoring them yet again would be a crime.

datashovel 6 days ago 3 replies      
Keep the leaks coming world!

The joke is that anyone who is truly qualified to run for office doesn't want the job.

I hope that the more leaks like this that come out, more qualified people will realize they can't just stand by idly thinking the system will just fix itself.

I imagine Snowden leaks alone have gotten far more "qualified" people engaged in civic activities than we'll ever truly comprehend, and have taken a bit of the "fear of rebellion" out of those who might not have spoken up in the past.

cjslep 6 days ago 2 replies      
Is it bad that this honestly doesn't surprise me? In 2005 my 15 year old self was passing through Northern Georgia to see grandparents, and we hit traffic at the only town stoplight because a Grand Wizard and lots of KKK members were rallying in the streets celebrating running the last minority out of the county. As a white middle class guy, that was quite the contemporarty class on race relations.

Racism is alive and well in the South, and it is slow to change because the communities are small and not super interested in the internet justice movements.

banku_brougham 6 days ago 2 replies      
If this story is not picked up in the larger media I will be disgusted, but I'm happy to see this come to light. Trust is a huge part of the police/citizen relationship, and it's in a bad state.
dragonwriter 6 days ago 0 replies      
Note that as well as the DA being complicit, the involved supervising officers are the current department chief and the state Director of Homeland Security.
NN88 6 days ago 0 replies      
This is explosive. The white supremacist implications here are undeniable. Director of AL homeland security? Good god

This is LITERALLY as bad as it looks.

The evidence is astounding.

aagha 6 days ago 0 replies      
A ton of the comments below are about how cops are abusing their power. The other group that seems beyond the reach of justice are district attorneys.

The system is setup so that DA's watch out for cops' backs and the cops for the DA's. Cops would be less likely to engage in bad behavior if they knew that DA's were less willing to support it.

Oh, and then there's the private prison system...

dre85 6 days ago 0 replies      
I just read the title and it immediately reminded me of Dave Chapelle..."just sprinkle some crack on them and leave".
pipermerriam 6 days ago 1 reply      
This is an honest question.

Realistically, how do we dismantle the police state. It seems like the NSA, FBI, and some not insignificant percentage of the police forces have gone entirely rogue or lost track of their mission entirely.

It feels hopeless. So much outrage but so little actual ever changes. Does anyone have any ideas because I'd love to hear them.

markman 4 days ago 0 replies      
I'm reading these comments somewhat in disbelief. Put the torches down people. You know it took me the better part of 40 years to realize that if one is the greatest guy in the world 95% of the time and a complete asshole 5% of the time guess what that makes you? A complete asshole. Especially ally to the people that only see you during that 5%.

Well the same holds true for the police. These travesty could and probably is only perpetrated by a tiny percentage of officers yet Now with the release of this story(has anyone -confirmed it's legitimacy?) at least those commenting have already confirmed judged and condemned the bulk of every police department in the nation as shoot to kill monstrous overlords. I'm sorry but that's just not the case.

cygnus_a 6 days ago 2 replies      
Another reason to decriminalize drugs in favor of self-help programs.
tptacek 4 days ago 0 replies      
The SPLC has retracted their links to this story amidst doubts about its veracity.


gravypod 6 days ago 0 replies      
I hope that there will be an investigation into who has been effected by this.

I look forward to seeing the details from the future court dates that result from these findings.

Zigurd 6 days ago 0 replies      
At some point the limits of immunity have to be tested. Can a DA operate with such malintent and get away with it? The cops? At what point can they be stripped of immunity and pursued by their former employer for creating a huge liability?
agf 6 days ago 0 replies      
Dan Quan, a co-worker of mine, spoke about his experience as a police officer, and the mentality he saw from other officers, in his talk at Rocky Mountain Ruby, "Policing and Pairing: An Unlikely Preparation" (https://www.youtube.com/watch?v=NgGaO92oIGg). While not the main subject of the talk, it's an interesting first-person perspective.
williamle8300 6 days ago 0 replies      
The website was down. Here's the wayback link:


DanielBMarkham 6 days ago 0 replies      
Try googling "Alabama Justice Project", which is the group responsible for this release.

I got three news items, 2 from today. One empty blog set up months ago. Poking around some more, I get Jon Carroll, the author of "The Henry County Report", breaking the story from the Alabama Justice Project, which he is also involved in. I see the Southern Poverty Law Center mentioned in a couple of the dozens of copy-links from this story, but nothing on their site.

I'm not saying this report is fake, or even trying to discredit Carroll. But you gotta admit this is a really weird way to break a story of such huge magnitude. Sure would be nice to have some other outlet check the facts on this. There are a lot of people implicated in this article, and the author uses phrases such as "slam shut case" which leads me to think he has an agenda. Combine that with the weird provenance? I get uneasy. We got one lone wolf and 47-thousand mainstream news outlets copying what he's putting out.

News ain't what it used to be.

anvil_jones 6 days ago 1 reply      
What is the Alabama Justice Project. 99% reliability on a POLYGRAPH test?

I wish I could read more of the article since it seems to be down and google webcache isn't the best. How come none of these cases have been covered by any other organization? Wouldn't a pending lawsuit against the police organization be news?

Surely there is corruption/racism in the police department. But is this article valid?

cheez 6 days ago 2 replies      
Thank god for whistle blowers.
cryoshon 6 days ago 0 replies      
Systemic severe racism over the course of 20 years? A cover up by the police? Par for the course in the USA, and it's disgusting. The justice system in this town has been an injustice system for as long as some of the people who live there can remember.

There may be riots because of this. They will be justified.

lectrick 6 days ago 0 replies      
Someone whose very job demands a high standard of integrity, acting in this fashion... This is what a horrible human is.

Michael Magrino, cited in that article many times, seems to be the person behind http://mandmprivateeye.com/ so perhaps he's already moved on from straight-up police work to private investigations.

Kinnard 6 days ago 0 replies      
I hope everyone who has heard the cry of a victim claiming to have been framed and ignored it reflects on having done so.
xexers 6 days ago 0 replies      
Is there a better source for this story?
NN88 6 days ago 0 replies      
Heres all the documents:


rdlecler1 6 days ago 0 replies      
This is terrible and it undermines The entire justice system. This is treason against the constitution.
inthewoods 6 days ago 1 reply      
I can't see the article when I click through - anybody got a mirror?
icewater0 6 days ago 0 replies      
Hmm. I cannot reach the site.
idibidiart 6 days ago 0 replies      
Bring the motherblowers down!
fencepost 6 days ago 0 replies      
(reposting a comment I put elsewhere with direct links to exhibit documents)

The Internet Wayback Machine has it from today

Archive.org has https://web.archive.org/web/20151202021559/http://henrycount... , this is just one of the versions they picked up today.

The article links to a variety of scanned documents hosted elsewhere, which look like excerpts from a full document dump. Exhibits 8 & 9 do not appear to be linked from the Henry County Report page.











(edit: note that the documents numbered 144484-144489 are unrelated, mostly Italian?)

policestate101 6 days ago 3 replies      
America is a police state, ruled by a corrupt elite Willing to break laws, rewrite them if possible, create secret ones when needed, they will torture, murder, commit war crimes, this the country Americans reside in, only they do not want to except this increasingly glaring truth.

What happens instead is people who speak out are ignored, derided, and silenced.

krapp 6 days ago 0 replies      
Huh. I see someone posted an article about police corruption to Hacker News...

- declaration that the US is a police state? Check.

- assertion that all police are criminals? Check.

- call for the repeal of all drug laws? Check.

- argument about whether or not black people are genetically predisposed to violence and criminality? check.

Now all this thread needs is a tangential discussion about the Second Amendment and I'll have bingo.

dang 6 days ago 8 replies      
We detached this subthread from https://news.ycombinator.com/item?id=10660295 and marked it off-topic.

You reveal your lack of good faith with the slur, "the criminality of the black community". If you were genuinely interested in factual exploration, that's where you'd be least likely to go.

mintplant 6 days ago 1 reply      
> Once the examiner has an adequate series of charts to evaluate, he will begin the scoring process. This is done most often using a numerical scoring method which evaluates the subject's physiological responses to the Relevant and Control questions. The computer polygraph may also use an algorithm developed by the Johns Hopkins University Applied Physics Laboratory or other researchers to score the examination. The examiner can use this algorithm to independently score the examination or for quality control purposes to verify his own determination.


If you look closely, you'll notice that that's a copyright notice for a piece of software evaluating the results. The test isn't necessarily being run by JHU APL, but the software was developed there.

See also: http://www.jhuapl.edu/ott/technologies/technology/articles/P...

dzhiurgis 6 days ago 1 reply      
After the collapse of Soviet Union, in my country there was explosion of mafia. Police were incapable and this is exactly how police dealt with them. Draconian drug laws meant that cops could easily put gangsters to jail for a long time.

Basically if thugs play dirty, cops are playing dirty as well.

Signal Desktop whispersystems.org
553 points by marksamman  5 days ago   278 comments top 36
darklajid 5 days ago 10 replies      
I'm feeling dirty, because I don't like to be that negative, especially if we're talking open-source software. And I feel that I kinda hold this project to higher standards: If I compare this to WhatsApp/Telegram/Threema/Whatever, I inheritently, somewhat subconciously expect more from Signal.

And I'm disappointed. I tend to repeat the 'central server' and 'a phone number is not an address and not public information, it certainly is no identity' criticism.

When I read the headline/title, I thought 'Now maybe that would be enough to be ~good enough~ to ditch Telegram' in spite of these problems (which Telegram has as well, ofc). But really. A Chrome app. And works only (yeah, I think I said it before: Phone numbers suck) as a secondary client. And only if the first client is Android?

I seriously don't get it. And it certainly is not for me: I don't like that browser (I do have it installed for testing and to follow it at times, but there's no 'app' I'd run in Chrome). I don't want to tie something to my phone and I don't think that it should matter what platform my handset runs on - SailfishOS looks nice, FxOS progresses slow but ticks a good number of boxes for me.

Full circle to the first line: I don't _like_ to be negative and the headline gave me hope for a couple seconds. Unfortunately this release just deepened my belief that Signal wasn't meant to be for me.

hackuser 5 days ago 3 replies      
> Signal Desktop is a Chrome app

That surprises me. I don't trust Chrome for confidentiality; I assume it collects data for Google and I don't know that it protects my data from others.

If Chrome isn't trustworthy for confidentiality, it would seem to fatally cripple the security of Signal Desktop. However, I believe the people at Whisper Systems would see that obvious flaw so I suspect that I'm misunderstanding something - what is it?

rmchugh 5 days ago 1 reply      
Loving moxie's namedropping of oldschool revolutionaries:

Maria (Masha) Alexandrovna Kolenkina was a Russian socialist revolutionary from a merchant family in Temzhuk, a small town on the Sea of Azov. (1850-1926)Vera Ivanovna Zasulich was a Russian Menshevik writer and revolutionary. (1849-1919)Nestor Ivanovych Makhno or Bat'ko Makhno was a Ukrainian anarcho-communist revolutionary and the commander of an independent anarchist army in Ukraine during the Russian Civil War of 19171922. (1888-1934)(all above from Wikipedia)

sigmar 5 days ago 4 replies      
I don't understand why it prompts me to invite other people after putting me in line. Why would I email/tweet my friends to join this service if it isn't even ready for me? Seems rude to bother a friend with joining an internet line just so that I can get a better position in the line.

I love signal on android and have been looking forward to this, kind of rubs me the wrong way when I'm put in "line"

leonhandreke 5 days ago 2 replies      
Why incentivize spamming my friends with links before I've even seen the app, only to refer them to a waiting line? Sure, launch day momentum and all that, but I wish that as an entity that wants to be "the good guys", they can find a way to gain a broader audience for their app based on the app itself, not the buzz around it.

On a sidenote, does anyone know who funds their full-timers? https://whispersystems.org/workworkwork/ says they're not VC funded. But then who pays them?

phantom_oracle 5 days ago 4 replies      
I have a question about this...

Say a team of volunteers were willing to spend time to make something like a QT- or GTK-based native desktop application instead.

How much more difficult would this be compared to what they did/used now? (the chrome-app) ?

Also, will it take significantly longer to build such a native app?

Anybody with experience building native apps, please share.

aw3c2 5 days ago 2 replies      
This is a Chrome app. I miss the days of native apps. :(
gue5t 5 days ago 7 replies      
Why are all these encrypted chat programs (Signal, Telegram, &c.) still centralized and not TOR-style onion-routed?
chadk 5 days ago 1 reply      
All good with the Android, but disappointed this is Chrome. You would think they would have a FF plugin by now!
codemac 5 days ago 2 replies      
The join the beta button isn't working? I click and nothing happens.

I looked at the page source, but then I realized I don't know how the fuck javascript works.

finnn 5 days ago 2 replies      
>Don't leave your friends behind, invite them to signup with this unique link. The more friends that join, the further you will advance in line for the beta.

That's annoying.

hedgehog 5 days ago 5 replies      
Note: Android only.Edit: In the sense that it only works with the Android version of the app.
klapinat0r 5 days ago 0 replies      
This is slightly off-topic, but I hope moxie (or an employee of WhisperSystems - nothing official needed) wouldn't mind chiming in:

Since I loved the fact that I can run my own TextSecure server, I'm wondering why Signal does not run a similar model?

I'm curious which considerations went into this decision.

welly 5 days ago 0 replies      
Sadly, as much as I'd like to use Telegram or Signal rather than the usual suspects (sms, whatsapp, facebook messenger), it would require someone on the other end to receive my messages.

The likelihood of convincing my friends/family to use a messaging app that isn't any of the usual suspects is low to none. And none of my bleating about privacy issues will convince them otherwise ("I've got nothing to hide, doesn't bother me").

tdkl 5 days ago 0 replies      
Since when are browser apps "desktop" apps ?
NfnK2ECvNE 5 days ago 0 replies      
I agree with some of the folks here. I have the utmost respect for Signal and Marlinspike but this seems like a weird direction for this to go in. A Chrome app? Tying it to the Chrome App Store? Requiring a Google email for the beta group? Just seems out of place for Signal.
AdmiralAsshat 5 days ago 0 replies      
Any plans to make a Firefox add-on?
mrmondo 5 days ago 1 reply      
Requiring a google email address and chrome for a secure messaging system? Very strange move.
riquito 5 days ago 0 replies      
How much money do you need to develop and maintain a Firefox version? Can I donate? I don't want to help to enforce this idea that Chrom* is the only browser that can run certain things, is against my believes.
fiatjaf 5 days ago 0 replies      
Why is there a queue for entering beta when it is possible to get the source and install on Chrome right away?
fiatjaf 5 days ago 1 reply      
Why do I need a phone number?
thursdaydecide3 5 days ago 1 reply      
This is slightly off topic but am I the only one surprised at the litany of permissions they require for the android app? Some make sense (like SMS or camera) but device & app history/location/identity/device ID & call info/contacts/calendar/microphone/phone seems like a smash and grab. I saw moxie speak at a conference once and he specifically called out the device id/call information permission as evidence that google doesn't care about your privacy, so why is his privacy-enabling app requiring it?? I thought these were supposed to be the good guys (and girls)? The good guys (and girls) don't do 'collect it all.'
kristofferR 5 days ago 2 replies      
Why make it a Chrome app instead of a node-webkit app?
Spakman 5 days ago 0 replies      
I love Signal and advocate it wherever possible. After following along on the GitHub tickets for this project, I'm happy to say thank you and congratulations on the beta release folks!

I'm probably about to ask this on the mailing list soon anyway, but in case there is any hidden knowledge here:

1. There was talk of server federation long ago. Is this still part of the long term plan?

2. There was talk of not using a phone number as a required identifier. Is this still part of the long term plan?

dates 5 days ago 0 replies      
I got excited about signal after watching this video, which explains pretty well the challenges of encrypted communication and how Signal addresses them (it might be basic stuff for people super familiar with the topic though):https://www.youtube.com/watch?v=tOMiAeRwpPA
degenerate 5 days ago 0 replies      
If I wanted someting that looked like skype, I would just use skype. These bubbly colorful interfaces make me sad on the inside :(
AndyMcConachie 5 days ago 1 reply      
Why should I use this instead of Jabber/XMPP over TLS? Can someone sell me on this that knows how both work?


thecoffman 5 days ago 1 reply      
Shame that its Android only. Was really looking forward to giving this a try!
knocknock 5 days ago 1 reply      
I'm assuming this works similarly to WhatsApp Web (https://web.whatsapp.com/)
Sephr 5 days ago 1 reply      
Call it what it really is: "Signal Phone Remote". This is not Signal Desktop if you need a non-desktop to use it.
wepple 5 days ago 0 replies      
This isn't working for me - the code that is supposed to show up for me to scan doesn't work, I just see:


wepple 5 days ago 1 reply      
This isn't working for me, the code I'm supposed to scan won't show up, just


(I installed from github)

mtgx 5 days ago 0 replies      
I assume it doesn't have video support yet. Any chance it will within a year?
morsch 5 days ago 0 replies      
I've been looking forward to this! Thanks for all the hard work.
joshtgreenwood 5 days ago 0 replies      
The header photo looks like a Windows screen photoshopped into OSX.
jmnicolas 5 days ago 1 reply      
> Signal Desktop is a Chrome app which links with your [Android] phone,[...]

Unless your "adversary" is not the NSA, I wonder what's the point of encrypting your communications when those coms are taking place on technologies (iOS, Android, Chrome) from companies that are members of the Prism program.

Dropbox closing Carousel and Mailbox dropbox.com
617 points by cedricr  23 hours ago   405 comments top 82
schneidmaster 22 hours ago 13 replies      
Ugh. Yet another intriguing email startup being acquihired and killed off by a more-established tech company (see also: Sparrow). It's 2015 and I still bounce around email clients every couple months because all of the major options have substantial flaws.
tvararu 21 hours ago 3 replies      
I felt this coming given my experience using the Mailbox desktop app since it launched:

- Good experience, fairly regular releases, stability increasing with each one.

- Stagnation in releases, but app is in a fairly good working state.

- Out of the blue, big update comes in, application changes completely. For the worse, as it loses a bunch of features and is sporting a far less polished look and finish. I believe the new version is now an OS X native application as opposed to a webview.

- Frantic releases over the following weeks, killing some bugs but introducing more.

- Stagnation in releases, in its fairly broken state.

- This announcement.

From the outside, it looks like a case of an engineering team that decided it would rewrite the application from scratch in the native stack. Widely regarded as a bad idea. [1]

After numerous months spent burning money in refactoring and rebuilding features that already existed and worked, management pressure builds up, and they decide to release their "good enough" native version. After torturous weeks of back to back frantic releases to fix all of the complaints coming in, some factor or another (developer churn possibly) caused them to cease development and decide to sack the project altogether.

This is of course just speculation, a narrative I made up. That's how it looks like from the outside to me, but I'd like to hear from the developers inside, since I know they must be reading this thread.

I loved this application and I'm saddened to have to move away from it.

[1] http://c2.com/cgi/wiki?RewriteCodeFromScratch

calgoo 22 hours ago 3 replies      
I wish they could open source Mailbox at least... That way it might survive.

[1] "Will Mailbox be open-sourced?

Unfortunately not. We gave a lot of thought to open-sourcing the underlying system, but this is ultimately not something we will support."

[1] https://www.mailboxapp.com/faq/

avitzurel 22 hours ago 2 replies      
This is very sad news and I don't really get the decision.

The thing with Mailbox is that it was truly a great product before it switched hands to Dropbox. Once they bought it, that was the end of good functions and the product only went downhill from there.

There's a lot of potential with email clients that will help you work better, Mailbox was definitely one of those products that helped. With good clients for Mac and PC along with smartphones it would also be profitable IMHO.

The only thing I can think of is that Dropbox is headed for major firing rounds and they want to save up on resources.

I have switched to Airmail on my Mac and I am much happier now.

Lazare 18 hours ago 4 replies      
Crap. I absolutely adored Mailbox; it did everything I wanted, but especially:

1) The ability to snooze emails

2) A really nice UI on both OS X and Android letting me quickly swipe emails to archive or snooze them.

3) A unified inbox that showed multiple email accounts as a single inbox.

Does anyone have any suggestions for a mail client that meets these requirements? I'm quite happy to pay.

Edit: Google Inbox doesn't have a unified inbox, which drives me nuts, and nothing else I know of has message snoozing. ANY suggestions welcomed.

pkamb 22 hours ago 2 replies      
I thought Carousel looked really cool, eagerly installed it on release.

Then I discovered that when Carousel is installed, the Dropbox app stops automatically uploading photos from your phone. You have to now open Carousel to do so. Broke my existing upload process, and due to iOS permissions for the new app or not launching it frequently or something the new Carousel upload process wasn't reliable.

Discovered this by noticing that weeks of pictures weren't backed up to Dropbox. Glad I didn't lose my phone.

Ended up just deleting the Carousel app rather than figuring it out. The Dropbox app started syncing reliably again.

chrisau 13 hours ago 3 replies      

Getting sick of big companies buying great small products, and shutting them down after "trying" to make them work out.

Still hadn't had time to get over MS killing Sunrise, and now this.

aashaykumar92 22 hours ago 2 replies      
Sad, Drew had said it's not going anywhere when the acquisition was announced.


chollida1 21 hours ago 1 reply      
Is this Dropbox cleaning up their balance sheet in an attempt to IPO?

There's a pretty loud rumor floating around, heck it was reported on CNBC today, that Dropbox can't come close to IPOing anywhere near its $10 Billion dollar valuation. Though Fidelity did mark them up slightly at the end of November!

And for better or worse, they are going to be closely compared to Box, which has been a pretty big disaster since IPOing. For the record, BOX is valued at 1.65 Billion currently. And it has an awful lot of short interest current( a measure of the ratio of shares sold short vs the total outstanding shares).

noinput 15 hours ago 0 replies      
@teej nailed it:

> teej: "... They signed the keys away to Drew Houston and the management team at Dropbox. Mailbox dies the moment Drew decides to kill it."

> dhouston: it's not going anywhere :)


mkhalil 22 hours ago 2 replies      
This is the reason why I stick to the native mail on iOS or Gmail app for the emails i need instantly without fetch. Yeah they may have their cons, but I don't have to worry about Apple dropping Mail app.

Mail should be simple, I think the best apps are the lightweight ones that don't require too much work to keep alive, and definitely don't require a backend server process.

Also, Mailbox had access to all your mail, and when Dropbox bought it while having MrsMiss.Rice on the board of directors, well...that just felt yucky.

My simple solution to keeping my mail under control:

ONE filter on the Gmail side of things, called "Good Spam". Any reoccurring email I like, but don't want to keep manually archiving everyday, SKIPS inbox and goes into that folder. The filter is literally a huge list of email addresses from senders. (ex snippet "....events@eventful.com mail@e.groupon.com radioshack@em.radioshack.com Hewlett-Packard@us.newsgram.hp.com....")

Anytime I get an email I don't consider "Good Spam" I unsubscribe from.

Then on my phone, I just get important or new mail.

BONUS from using filter instead of unsubscribing:When you are in that store and you need that BANANA REPUBLIC coupon at the register, you still have access to it. Open email app, search for it, and use it. And you don't need to keep looking at their emails everyday just to archive it. Or in case of Mailbox, swiping right....thumbs get tired too.

ucaetano 22 hours ago 1 reply      
Is this a sign the Dropbox's diversification strategy into a full collaboration product failed?

In other words, Dropbox can't move away from being a feature?

colmvp 22 hours ago 4 replies      
Mailbox and Sunrise, two productivity apps that I liked, got acquired (Dropbox 2013, Microsoft 2015), and discontinued in 2015.
rifung 22 hours ago 3 replies      
Can anyone explain to me, someone who's more than happy with GMail, what these apps offer that aren't being offered by Google/Microsoft?

It seems like Mailbox had a loyal following but I guess my email use is just not sophisticated enough to understand.

coldtea 20 hours ago 1 reply      
The message from this: outside of backup, Dropbox can't/won't sustain a small scale but profitable business for the long term (e.g. Basecamp style).

So don't even consider adopting and trusting their new "Paper" collaboration offering.

fooly_wk 19 hours ago 2 replies      
For those disppointed with Mailbox's abandonment, I'd love to hear your feedback on Polymail (https://polymail.io). We're in private Alpha right now, but we have many similar features to Mailbox like Read Later + some better ones like Email Tracking & Send Later. Feel free to DM me on Twitter (https://twitter.com/foolywk) if you'd like to be added to our next Alpha release!
rangibaby 22 hours ago 2 replies      
That's abrupt. It wasn't that long ago I was bribed into downloading Mailbox by some notification in the Dropbox app.

Bummer too, because I really like it. They're not even going to leave it and let it slowly decay until time takes it's toll and nature wins like with Sparrow.

"As you evaluate alternatives, you might consider the stock apps like iOS Mail (Apple) and Gmail (Android)"

I guess they didn't have much time to research other mail clients.

27182818284 22 hours ago 1 reply      
I've been a Dropbox user for--I don't know how long. A long time. I would say since...maybe 2009?

I do not know what those products are for sure. By their names I'm guessing something with photos and something with email. I feel like an old evangelist like myself would have known more about those products. Thus, I wonder if this was a marketing failure as much as a product-market-fit failure.

sgarrity 22 hours ago 0 replies      
I haven't used Mailbox, but I'm glad to see Carousel being rolled back into the main Dropbox app. It's already good for photos, and didn't warrant a separate app.
vessenes 22 hours ago 4 replies      
Ooh, this is very sad. I rely heavily on Mailbox and its follow-up functionality. Any advice for ios-capable replacements out there?

EDIT: The FAQ recommends Google Inbox, Apple Mail and Outlook. I just looked at Inbox again after quite a while away, and it seems like it may be feature-complete with Mailbox.

Animats 17 hours ago 0 replies      
"In 2013, we acquired Mailbox ... In 2014, we launched Carousel ... Mailbox will be shut down on February 26th, 2016, and Carousel will be shut down on March 31st, 2016."

Someone should track the lifespan of cloud products. It's not long; the median is probably less than five years. Dependence on a cloud product is risky. They can go away so fast.

sherifmansour 9 hours ago 0 replies      
I've always been puzzled at the two acquisitions. I know it's easier to say this in hindsight but there are a few reflections many had upon hearing the initial acquisition of those tools:

* So you've acquired a Gmail client - why? Surely whatever good comes out of that Google would just re-create into Gmail. Sure enough: Inbox. I'm not even sure how this would have fitted into the Dropbox strategy? I doubt they would have wanted to be acquired by Gooogle. I doubt they would have wanted to compete in the email space... If it was just to get attachments from email surely there are many other ways to solve this problem.

* Second thought: Dropbox has acquired a photo sharing and organization app. Surely they don't think they will win over Facebook, iPhoto, Flickr... What for? Store the photos? Even if it's an awesome product, don't they just risk Apple Photos getting better? Or wait... Here comes Google Photos.

Inbox. Google Photos. iPhotos. Facebook Moments. It feels like both Mailbox and Carosel were just ticking timebombs.

nathan_f77 22 hours ago 3 replies      
I only recently switched to Mailbox because I got tired of an annoying UI bug in Sparrow that was never going to be fixed.

I was just starting to get used to Mailbox. What mail app should I be using now?

orky56 19 hours ago 0 replies      
This Gmail strategy helped me transition from Mailbox: http://lifehacker.com/this-gtd-workflow-is-how-i-finally-got...

Essentially use Multiple Inboxes as well as some filters/labels to create the basic GTD categories. I've modified it to use Labels since I find the various stars inefficient. I have inboxes for "Work On" (label:Priority), "Someday" (label:Someday), "Waiting" (label:*Waiting), and "Reference" (is:starred). This combined with services offered from Boomerang (http://www.boomeranggmail.com/) get pretty close to what I was trying to accomplish with Mailbox. It's not as elegant but I don't have to worry about using a proprietary email client that might not be around.

emitstop 22 hours ago 0 replies      
Not surprised at all, there hasn't been any updates or improvements in awhile, especially for the desktop app, it's nearly unuseable with its current bugs. Seemed like Dropbox never put enough resources into it for it to really get off the ground.

I've switched to airmail for the time being, but I'm definitely going to miss snoozing emails to specific dates.

imron 15 hours ago 1 reply      
> The Carousel and Mailbox teams have built products that are loved by many people

And now those people will hate Dropbox.

ptio 20 hours ago 0 replies      
Oh man this is sad news. I'm currently using Mailbox as my default mail app on Android. I'll pay for it is there was an option.
TheBiv 22 hours ago 1 reply      
ktamura 16 hours ago 0 replies      
When Carousel came out, I thought it was a great opportunity for Dropbox to go up the stack and blogged about it: http://kiyototamura.tumblr.com/post/82662241570/dropboxs-car...

Ultimately, I am beginning to think that Dropbox simply does not have the product DNA =/

scotchio 22 hours ago 2 replies      
Cool products coming and going doesn't really even surprise me anymore. I've become a little jaded to the whole come and go of all the different tools and apps.

Anyway, if you guys haven't checked out Boxer [1] for email, it's the best. I went a little obsessive, tested every email client on iOS, and this one was without a doubt is my favorite:

* Push notifications

* Doesn't hijack labels with archive/to-do/completed nonsense

* Universal inbox

* Nice labeling/archiving/customizing via swiping

* Beautiful interface

I love it and highly recommend

[1] http://www.getboxer.com/

robocaptain 20 hours ago 0 replies      
Ug. Carousel solved so many problems for me. Is it just that people don't like having multiple apps? Is the barrier to entry too high? I thought carousel struck a nice balance in not really forcing anyone to use the app, if they were simply on the receiving end.

I hope Dropbox keeps their word on incorporating the carousel functionality into the main app. I don't particularly care what they want to call it.

wpietri 21 hours ago 0 replies      
For fans of the genre, I strongly recommend Our Incredible Journey:


marknutter 20 hours ago 0 replies      
Why, oh why can't companies just focus on their core competency? Does Dropbox really consider the sync-and-share problem solved?
joshcrowder 22 hours ago 0 replies      
Frustrating as its still my favourite mail app. Although development has definitely slowed down (for desktop at least) over the past 6 months.
cognivore 18 hours ago 0 replies      
Awesome. Hey, start-up type peoples. Good luck getting me to use any of your nifty new software. Cause every time I do, and invest my time, data, and learning in you, you sell out then disappear.

There's fool me twice thing in here, but I'm not that inspired to be clever with it.

shinratdr 10 hours ago 0 replies      
Makes you wonder why they even bought them in the first place. There was no possible integration there, the only move was expansion into other markets.

So buy them, wait two years, then kill them off? Great use of funds there Dropbox, I guess you put the stellar bunch in charge of the development roadmap in charge of acquisitions too.

argonaut 22 hours ago 1 reply      
FWIW, a friend told me Mailbox was dead (the team had been moved off the product) back in June, so this was internally known for months.
tedmiston 21 hours ago 0 replies      
> Weve come to believe that the best way for us to improve peoples productivity going forward is to streamline the workflows that generate so much email in the first place.

AKA Paper --> https://paper.dropbox.com

I don't know if I understand what Dropbox is anymore. It's gone from: syncing file storage --> a decentralized app ecosystem that in some ways competes with PaaS (effectively an OS [1]) --> document and media collaboration tools.

They might be one of the only companies whose products compete with Apple, Google, Microsoft, Amazon...

Just to clarify, I think they've done all of these things well.

1: http://scripting.com/liveblog/users/davewiner/2015/12/07/059...

orrinward 22 hours ago 1 reply      
I'm now getting nervous about Hackpad. Been using it for years and love it to bits. Another Dropbox acquihire...
grandalf 18 hours ago 1 reply      
I've been using carousel and have switched a lot of family members to it. I was using Snapjoy before (which Dropbox acquired and killed), and had done the same thing.

I find the announcement about Carousel extremely disappointing. I'm definitely going to think twice about using Dropbox for anything other than simple file storage in the future.

Pictures are peoples' lives, their families, and their memories. This is a big part of file storage and I thought Carousel was a superb product on desktop and mobile.

Sorry to vent but I haven't been this disappointed about a product being killed (for no apparent reason) in a long time.

xrjn 22 hours ago 3 replies      
What are the chances that these go down the path of HackPad and be turned into open source projects? I think it's a win-win situation if companies, such as Google and now Dropbox: let go of the responsibility of maintaining it and allow the project to live on in the hands of the community.
cat-dev-null 9 hours ago 0 replies      
An open-source Mailbox clone could be popular, and a way for mobile (iOS/Android/etc.) developers to show their chops.

The self-starter types of people tend to route around obstructions and unpopular decisions by doing it themselves, better.

SneakerXZ 21 hours ago 2 replies      
It is no surprise, when one-product companies do other products they don't last for long.

Only reason why I still use Dropbox is their client for Mac and and simple web interface and some other small features. I don't understand why nobody else is able to do it...

dvcrn 14 hours ago 0 replies      
That is very sad. Carousel was a essential part of my photo editing and backup workflow. Maybe need to investigate switching back to drive. The problem with them was though that photos backed up with "Google Photos" didn't appear inside drive and vice-versa. Did they fix that by now?

Mailbox never worked fine for me and had bugs in every corner.

nikolay 22 hours ago 2 replies      
So stupid, really! Carousel is the only Dropbox product I use and it works really great!
smnrchrds 22 hours ago 1 reply      
Another one bites the dust...

I still remember the discussion when the acquisition was announced:


I hope it was really not going anywhere.

tomc1985 22 hours ago 1 reply      
It used to be when the company went out of business, their software still worked...
reverend_gonzo 22 hours ago 2 replies      
That is unfortunate. Mailbox was, and still is, (barring a few bugs) one of the better, Zero-inbox mail apps for IOS.

Spark by Readdle has taken up slack there, and they look like they're building it in a way that will actually be monetizable.

erikb 15 hours ago 0 replies      
It always feels awkward when reading such a note, seeing that it gets a lot of upvotes and never heard about any of these products before. What was mailbox? Like many other people I'm pretty unhappy with the mailbox choices I have nowadays. In fact, I have to use four(!) mailbox programs to handle everything I need. Pain in the trashcan, I tell ya.
tammer 21 hours ago 0 replies      
Perhaps I'm wearing rose-colored glasses as a non-gmailer, but I think in the end everyone is served better by more difficult types of innovation. I look forward to seeing what Paper turns out to be.
DomBlack 22 hours ago 2 replies      
I've been looking to move to FastMail for a while, but Mailbox was holding me back (the whole zero-inbox with the remind me this weekend stuff).

Does anybody know of a good zero-inbox client for FastMail?

jfernandez 20 hours ago 0 replies      
This is a huge blow, this was the mail app I used exclusively on the phone. What's the best alternative? Inbox? It seemed a bit complex when I first tried it out.
orliesaurus 22 hours ago 3 replies      
Wow - feels bad for those folks that got acqui-hired and now see their product being "laid off"

RIP Mailbox, you were cool to play with for a few hours that one stormy day I decided to install you

ColinWright 22 hours ago 0 replies      
Significant amount of discussion here:


univalent 21 hours ago 0 replies      
This stinks. I was just getting used to Mailbox. Why buy these smaller companies unless you have a long term plan on how its going to be NPV +ve?
ents 22 hours ago 0 replies      
Such a shame. Only snoozing system that works for iOS and Mac without injecting additional emails into the thread to return them to the inbox. Ugh.
hcurtiss 21 hours ago 0 replies      
I don't know much about Mailbox, but I was an enthusiastic Carousel user . . . until Google released Photos. With Google Drive integration (both up and down), way better search, easy sharing (without requiring a recipient Google account), and photo editing, I dropped Carousel like a rock. I suspect I wasn't the only one.
jonknee 22 hours ago 0 replies      
I would have guessed Mailbox could have been sold instead of shuttered. Maybe MAU has slid lately, but I thought they had a lot of happy users.

On the other hand, it's amusing to note the Valley inflation that has happened since Mailbox was acquired in early 2013. It was for ~$100M which seems like chump change in the Age of The Unicorn that we now find ourselves in.

rdancer 20 hours ago 0 replies      
The single best software product since GMail, and they've shuttered it. It's a sad day for our industry.
goeric 21 hours ago 0 replies      
Despite all the bugs and the short-falls of the Mac app update, it had the best snooze feature that I've come to live by in my email workflow. It looks like Polymail is an evolved Mailbox (with a eerily similar design/features) and Nylas N1 has a lot of potential as well.
danieltoshea 12 hours ago 0 replies      
It is too bad they decided not to open source Mailbox. I would have liked to run my own mailbox service perhaps as a docker container.
dordoka 22 hours ago 0 replies      
They have opened a community thread in their forums. [0]

[0] https://www.dropboxforum.com/hc/en-us/community/posts/203840...

skhatri11 22 hours ago 1 reply      
I loved Mailbox. Really disappointing. What do folks suggest we use as our replacement email app? Problem with Apple's stock Mail app is that Google doesn't allow push email. Yes, those few seconds before I receive an email are very precious to me :)
dclowd9901 22 hours ago 1 reply      
Stepping off the pity train, what out there is a good replacement for Mailbox?
lechevalierd3on 18 hours ago 0 replies      
Part of me is really mad, the iOS app works well and does the work.Part of me is liberated, the OSX app is buggy as hell and drives me nuts every day.

Apple MailI now?

flyrain 22 hours ago 0 replies      
That's really bad news for me. I've used Mailbox everyday for a long time, before it joined Dropbox. I am really happy with it, and never tried to switch to another mail client.
Polarity 22 hours ago 0 replies      
Don't use anything that's not open source. Period.
squegles 20 hours ago 0 replies      
This is really disappointing. I have been an avid Mailbox user since beta. Does anyone have any other mail client recommendations for iOS?
finalight 12 hours ago 0 replies      
erm, what? I don't even there's mailbox and carousel

i've been just using the basic feature of dropbox, which is just upload/download/sync files

did they put in effort to advertise it?

pilif 20 hours ago 0 replies      
At least in case of mailbox, I would say they were sherlocked by Google Inbox: nearly as good an UI but without the need to share access to email with a third party.

I really never liked that aspect of mailbox and I thus never used it with my primary mailbox, which meant that I practically haven't used it at all.

The moment Inbox came out for google apps, I started using it to the point where it is now my primary means for accessing my mail.

tuananh 14 hours ago 0 replies      
Monetization around email is just hard. Except for one like Google.
thejerz 21 hours ago 0 replies      
Can someone in the HN community please just remake Sparrow? I'll give you my money right now.
free2rhyme214 20 hours ago 0 replies      
I'd love to see what else Dropbox is working on besides Paper and enterprise features.
benburton 21 hours ago 0 replies      
Good to hear it's finally official. The Mac desktop app has been unusable for the past 6 months.
jtwebman 14 hours ago 0 replies      
At least they could do was open source it!
refriedbeans3 21 hours ago 0 replies      
Would be great if they Dropbox opensourced Mailbox's codebase. I don't want to have to go back to apple mail...
dutchbrit 21 hours ago 1 reply      
Time to make an open-source replacement?
Killah911 22 hours ago 0 replies      
That sucks, I really like Mailbox. I guess outlook it is on iOS.
akulbe 20 hours ago 0 replies      
This makes me worry that Dropbox is next.

btsync just became a lot more appealing to me.

Killah911 22 hours ago 0 replies      
Mailbox helped me get control of an otherwise unmanageable email problem. Brad Feld recently recommended outlook. Which is funny because an old version of outlook was the thing that created my email monster & subsequent search for a better email client.
plehoux 21 hours ago 0 replies      
"But as we deepened our focus on collaboration, we realized theres only so much an email app can do to fundamentally fix email."

We beg to differ. We built a new email client around the very idea that it could fix team collaboration: https://missiveapp.com

The thing is with Sparrow, Mailbox and countless others before, it is getting really hard for a team like us to convince people to invest their time into our new product. People are increasingly worried that we will just fold/sell in the coming months and that their time will be lost.

Establishing credibility in the email space is hard and takes time, there is no shortcut, announcements like this one doesn't help us.

The Best Books I Read in 2015 gatesnotes.com
566 points by uptown  20 hours ago   135 comments top 25
tlrobinson 19 hours ago 4 replies      
Cheatsheet, without the affiliate links (another commenter posted these with affiliate links then deleted it after being called out):

The Road to Character, David Brooks - http://www.amazon.com/gp/product/081299325X

Thing Explainer, Randall Munroe - http://www.amazon.com/gp/product/0544668251

Being Nixon: A Man Divided, Evan Thomas - http://www.amazon.com/gp/product/0812995368

Sustainable Materials With Both Eyes Open, Julian Allwood - http://www.amazon.com/gp/product/190686005X

Eradication: Ridding the World of Diseases Forever?, Nancy Leys Stepan - http://www.amazon.com/gp/product/0801450586

Mindset: The New Psychology of Success, Carol Dweck - http://www.amazon.com/gp/product/0345472322

Honorable Mention:

The Vital Question: Energy, Evolution, and the Origins of Complex Life, Nick Lane - http://www.amazon.com/gp/product/0393088812

vonnik 19 hours ago 11 replies      
Anyone who refers to David Brooks as "the insightful New York Times columnist" has lost me as a reader. I can't remember the last time he had an original, or even accurate, thought.


Here are two good books:

* The Korean War: A History - Little known fact: The US took the wrong side in the Korean War by putting the former officers of the Japanese imperial army in power in Seoul. It committed countless atrocities to achieve its stalemate, including fire-bombing half the country (Germany redux) and using napalm on whole villages, a foreshadowing of Vietnam.

* Old School - A novel by Tobias Wolff. If you're tired of tired prose, try Wolff. He cares about sentences.

Negitivefrags 19 hours ago 8 replies      
I'm always sad that lists like this from tech people never contain any fiction.

I have often seen the sentiment that everything you read should have some kind of educational value or it's just a waste of time.

Does Bill Gates not read fiction? Perhaps he understands that he would be looked down on if he were to include some in his list.

rcavezza 19 hours ago 1 reply      
Gates has also reviewed all of these books in more detail on gatesnotes.com. Here's the link to the Thing Explainer review (which I ordered today) - http://www.gatesnotes.com/Books/Thing-Explainer

Others Below:

Eradiation: http://www.gatesnotes.com/Books/Eradication

Mindset: http://www.gatesnotes.com/Books/Mindset-The-New-Psychology-o...

The Road To Character: http://www.gatesnotes.com/Books/The-Road-to-Character

Being Nixon: http://www.gatesnotes.com/Books/Being-Nixon

Sustainable Materials: http://www.gatesnotes.com/Books/Sustainable-Materials-With-B...

DenisM 19 hours ago 3 replies      
Did anyone read the books he recommended last year? Were they worthwhile?
Artoemius 13 hours ago 1 reply      
For me, Harry Potter and the Methods of Rationality is hands down the best book of 2015:http://hpmor.com/
farresito 19 hours ago 0 replies      
If anyone is interested in the book Sustainable Materials, it's free:http://www.withbotheyesopen.com/read.php
oafitupa 18 hours ago 3 replies      
"Waking up: A guide to spirituality without religion" by neuroscientist and philosopher Sam Harris. Don't be so quick to dismiss it please, give it a try. It's not mysticism.
legohead 18 hours ago 2 replies      
If you like fantasy, there are three series you need to read:

The Blade Itself (3 books)

The Kingkiller Chronicle (waiting on third and final book)

The Stormlight Archive (waiting on third and final book)

kjhughes 19 hours ago 0 replies      
I have nothing against affiliate links, but you should try to add value rather than just copy Gates' list, and you really should declare their use explicitly rather than implicitly via a link shortener.

[Update: Rather than delete your post, you could have added your impressions of the books (or recommended better ones) and merely mentioned the use of affiliate links.]

guscost 15 hours ago 1 reply      
Thing Explainer is fantastic. Some of the best presentations of complicated ideas I've ever seen. It's a spinoff from this classic: https://xkcd.com/1133/

Also check out a similar piece on general relativity: http://www.newyorker.com/tech/elements/the-space-doctors-big...

reitanqild 7 hours ago 0 replies      
Anyone here like me who is happy to have read one (or very few) fiction books[0] during 2015?

[0]: Books you read primarily for someone kids not included ;-)

mathgenius 16 hours ago 0 replies      
I've read two of Nick Lane's books: he is a fantastic writer, and writes about hard-core biology that will set your brain on fire.
carlosgg 16 hours ago 0 replies      
Re: "The Road To Character", an interview of the author on On Point in April:


graffitici 15 hours ago 1 reply      
I wonder how much that video must have cost him! It's such a great production. I really like the way the table and the props match the theme of the relevant book. I'm guessing $10K for the one minute video?
Isamu 19 hours ago 0 replies      
I second the review of Mindset by Carol Dweck. This book is a result of her work studying these issues as a psychologist. Re-posting my summary:

Two mindsets:

Fixed mindset - talents, abilities and intelligence are fixed, endowed

Growth mindset - talents, abilities and intelligence are learned and can be developed

These mindsets are learned, and have fundamentally different reactions to challenges.The two-mindsets model is a simplification for the purposes of explanation.


The growth mindset embraces failure as a necessary part of learning. In fact failure is a indicator of an area for potential growth, if the opportunity is taken to overcome that failure. The fixed mindset avoids and fears failure; it is taken as evidence of a hard limit of your endowed talent.


The growth mindset sees effort as necessary to mastery. Almost any level of mastery may be attainable with the right regimen of practice. Obstacles are a normal part of mastery and must be overcome as a matter of course in order to grow. Criticism is not taken personally, but used to indicate areas for improvement and growth.

The fixed mindset sees effort as producing only small effects compared to their fixed ability. May be more prone to give up in the face of obstacles since it is thought that there is no new mastery to be gained. Criticism is more likely to be taken personally, as the individual identifies with the perceived limits of their ability and thinks that improvement is impossible beyond a certain point.

Perceiving others

The growth mindset is not threatened by others abilities. Others examples may serve to inspire. The fixed mindset is more likely to be jealous of others abilities since they are perceived to be highly desirable gifts and the result of luck and circumstance.

Teaching Children

Praise children by emphasizing their work and persistence. Do not use labels like smart or gifted that would reinforce a mindset of fixed abilities.


Growth oriented mindset is more likely to be understanding and ready to learn from experience. Fixed mindset sees problems as a result of unchangeable personal attributes and are pessimistic about change. More likely to have unrealistic expectations, like not having to work at a relationship that is meant to be.


Muhammad Ali, Michael Jordan, Babe Ruth and Wilma Rudolph are given as examples of overcoming early setbacks with a growth mindset.

Last chapter is a workshop of situations and questions to help you develop a growth mindset.

dorfsmay 18 hours ago 0 replies      
Is "The Mindset" a new edition? If so, is it worth reading if you are familiar with the original one?

For people who haven't read it BTW, I highly recommend it, especially if you are a parent.

pdeuchler 18 hours ago 0 replies      
"Blood Meridian" by Cormac McCarthy

"Flash Boys: Not So Fast: An Insider's Perspective on High-Frequency Trading" by Peter Kovac

"Snow Crash" by Neal Stephenson

rdl 18 hours ago 3 replies      
Is The Three-Body Problem worth reading?
programminggeek 14 hours ago 0 replies      
If you like books on making things, you might like my book: http://brianknapp.me/creative-pursuit/ It's $0.99 on Amazon, but if you want a free copy, just email me hi@brianknapp.me and I'll send you one.
deu30v09 20 hours ago 0 replies      
These are list of must read books next year- How i wish i was aware of this books before now, i would have digest all by now. Not late , will still read them
mei0Iesh 17 hours ago 1 reply      
I can't read any of that because I'm distracted by the mental image of Bill telling someone the best books he read, with some conversation, and that person asking some questions while writing notes, then spending hours in front of his laptop, emailing a draft to someone else, who asks Bill a few more questions then returns a draft to someone else who finalizes it and publishes on "GatesNotes" written as if he sat down on his blogging backend and typed it out in a textfield.

I have no idea the process behind this website, but it seems unlikely enough that he'd sit down and write it himself that I can't take it seriously. From what little I read, it doesn't sound like something produced directly from him without first passing through others, at least for formatting and correction.

ThrowayAccount 17 hours ago 2 replies      
I was once berated for posting a blog article on how to build a multitude of data structures, in 3 different programming languages. The reason for this was because "This is hacker news, and this article is first year computing science stuff." - Yet Bill gates reads a book about Richard Nixon, and suddenly it is the top item on here, even though it is in no way related to anything technical. I'm out, this place is most definitely a circle jerk at this point.
The 99% (of startups) justinkan.com
530 points by thatha7777  5 days ago   167 comments top 23
downandout 5 days ago 6 replies      
This gives an interesting glimpse into the prognostication abilities of supposedly brilliant VC's. It also shows the the near-impossibility of cashing in private company shares, at least through VC's. In addition to this story, the Sony hack revealed that Evan Spiegel of Snapchat wanted to cash in about $40 million worth of shares just after he spurned Facebook's $3 billion offer. He was also roundly rejected. Had someone bought those shares, they would have been worth around $200 million today.

So anyone thinking that they're going to get much liquidity as a private company founder should think again. If the Snapchat and Twitch guys were rejected, the odds are not good that you will be the exception.

noname123 5 days ago 3 replies      
Would love to see a series of good curves:

(1) of all startup's started by people who working in the industry, quit FT jobs to do startup or put in serious moonlighting hours in startup; total earnings - opportunity cost, annualized:

(total income from startup - opportunity cost of hours worked on startup) / years spent

Maybe this data-set should be split further into bins of founders whose last title prior to startup were only individual contributors, or were executives, their age and pedigree etc.

Would love to see the distribution + standard deviation say, for computer programmer who quits the job to do a startup would gain or lose in earnings per year.

(2) of funded all startup; the alpha of investment: total return on investment - (S&P500 Index return in duration of funding to IPO/exit) / (S&P Index Return)

Maybe this data-set should be split further into bins of people involved: founders, first 10 percentile employees by join date, second 50 percentile employees and so forth...

Would love to see the distribution of return on investing in startup's as an investor vs. investing in S&P500.

srameshc 5 days ago 3 replies      
Why the hell is this so negative ? He is very clear "This is for all the founders who know they have built something that people want, but the rest of the world hasnt recognized it yet." It must be tough as a founder to prove yourself and others that there is an certain value to his/her business. Isn't a good exit is what an investor's or founder's option ?
hakcermani 5 days ago 0 replies      
Watching people play video games is a niche is now Im in charge of our consumer, marketplace and esports investing. Fuck them. Build your business. Thank You Justin, just what I needed today !
joefkelley 5 days ago 1 reply      
I kind of don't understand this post.

Surely Twitch is an example of the 1%, not the 99%?

Not that I disagree with the end sentiment - I'm currently at a startup that was acquired as part of the 99%, but I don't think this is the most effective person to be saying this.

perryh2 5 days ago 2 replies      
For those that don't know, Justin's new app The Drop is pretty cool. It's like reddit for EDM. https://thedrop.club
jacquesm 5 days ago 0 replies      
That's the most clear use of 'fuck you money' that I've ever seen.
rajacombinator 5 days ago 0 replies      
Nice. Sadly it's super rare to see anyone who's made it deviate from the script and share authentically like this.

I suspect this is more a case of "VCs colluding against founders" than "VCs being too dumb." When you have a legit $100 mil valuation, SOMEONE will buy those shares, unless you're blocked from selling.

lepunk 5 days ago 1 reply      
"...but there are hundreds if not thousands more startups that will make their founders and investors rich."

I think the correct word here would be "richer". For VCs 5x return on an investment while desirable, it's not the ideal outcome.

Consider a VC invests in 100 companies during X years, $1 million each. Ballparking here but 80 of these will be a total failure. 19 of them will make 5x return. That is -$100 million spent and $95 million gained. So if the last one is "only" a 5x return the VC gets their money back (-inflation, time spent, etc). Thats why they are looking mostly for Ubers and AirBnbs imho

xiaoma 5 days ago 0 replies      
The interesting question to me is if Twitch would have done as well if he hadn't gotten rejected 9 months earlier. Unfortunately we can't spin up another universe, alter that one variable and run a test.
Animats 5 days ago 4 replies      
It's depressing that Amazon paid four times as much for this business as Bezos did for the Washington Post.
arikrak 5 days ago 0 replies      
90-99% of startups fail[1], which should be mentioned in a post with that title.

[1] See e.g. https://s3.amazonaws.com/startupcompass-public/StartupGenome...

angryasian 5 days ago 0 replies      
I'm unaware of the timeline but I'm curious was he trying to sell shares in JTV or did twitch eventually spin off to a separate corporate entity from JTV. It makes a huge difference because JTV was a huge liability nightmare.
free2rhyme214 5 days ago 0 replies      
I love Justin Kan's writing. If you read this Justin keep writing more man!
feverishaaron 5 days ago 1 reply      
These investors aren't paying enough attention to their children / their colleague's children.

I would think that this guy's fame would have made this market opportunity super-obvious.


With his own personalized collection of Minecraft toys and all:


netcan 5 days ago 0 replies      
Questions for YC (I think):

(1) Is this a good thing? IE should founders, employees, VCs or other shareholders be able to cash in shares? (2) Is this fixable in some way?

known 4 days ago 0 replies      
"No one can make you feel inferior without your consent." --Roosevelt
ryporter 5 days ago 2 replies      
At the time he attempted to sell his shares, Twitch had raised $42 million, and had been valued at around $100 million several months earlier [1]. He is complaining about the gall of VCs not to buy his shares at a price that would imply a valuation of less than $194 million (and presumably not that far below). I do not believe that this is a good attitude for entrepreneurs to internalize.

[1] https://www.pehub.com/2014/08/amazon-pays-970-mln-for-twitch...

CPLX 5 days ago 2 replies      
What the hell is he talking about?

Is the summary of that article something like "this one VC didn't buy shares from me but then I got rich so fuck the haters 99% of you are going to be rich too" or something?

The article is like a word salad.

voynich61 5 days ago 2 replies      
"I was successful even though there was a long time that I thought I wouldn't be all that successful, and I've gotten to where I am because I believed in myself."

I paraphrase, but Poe's Law is in full effect here.

antoniuschan99 5 days ago 0 replies      
Tl Dr:

About Twitch.tv - Watching people play video games is a niche is now Im in charge of our consumer, marketplace and esports investing.

Fuck them. Build your business.

Makes sense :)

api 5 days ago 1 reply      
"I tried to sell some of my startup shares for below what the market turned out to be willing to pay for them, but people said no because it wasn't trendy and it sort of hurt my feelings, but then I got rich so haha!"

I feel really sorry for you bro. If you want some consolation you're free to PM me and we can totally hang out and you can buy me a house.

zillionize 5 days ago 1 reply      
"There is a tremendous amount of excitement about the top 1% of startups, but there are hundreds if not thousands more startups that will make their founders and investors rich."

I cannot agree more with Justin and we have had several investment cases like that.

PHP 7 Released github.com
448 points by legierski  6 days ago   304 comments top 42
trm42 6 days ago 11 replies      
PHP 7 makes life a lot better for PHP devs in many ways but one awesome thing is it obsoletes bunch of out-of-date tutorials by finally removing the old Mysql extension \o/


I actually met a young aspiring web developer who still learned DB-access with mysql_* functions. I urged him to switch to a sane framework like Laravel. Oh boy he was happy in a month and learned bunch of best practices quickly.

Flimm 6 days ago 0 replies      
ausjke 6 days ago 0 replies      
Been learning php on and off for a while, happy to see this release is out. Most likely I will use PHP for my future projects instead of the alternatives.

Languages are learning from each other these days, the new PHP definitely benefited from this trend and is actively evolving itself, which is the major reason I'm to stick with it.

Some PHP developers recommended nodejs over PHP for the future to me, after a few experience I feel PHP may be better for long-term maintenance. Renovation is good, it's just that javascript may have too much of it for me to chew on nowadays.

Wish there will be a light-weight version of PHP, something like micropython or Lua, so I can use it on low-end systems when needed. PHP is still very demanding on resources comparing to other languages, even nodejs can be used on IoT devices with restricted mem/cpu power.

egeozcan 6 days ago 4 replies      
Why do they keep adding global functions like "intdiv"? For example in JS, it being another language with a similar compatibility burden, they are moving most of the global functions (like parseInt) to "namespaces" (like Number.parseInt) while keeping global references there. When I open the docs (for example, the array functions page[1]), I get frightened by the global functions which do not seem to share a naming convention on first glance.

disclaimer: I haven't written anything significant with PHP since too many years.

[1]: http://php.net/manual/en/ref.array.php

RohithMeethal 6 days ago 2 replies      
I wish every PHP developer would reread the docs and start using new features available instead of just continuing with what they know already just because it works. And of course if there was any way to remove all those old tutorials out there.
longwave 6 days ago 2 replies      
The performance improvements in this release will hopefully encourage people to upgrade, even if the new features don't. Common PHP applications run 70%-100% faster on PHP 7 than they did on PHP 5.6, comparable with or better than HHVM.
lsaferite 6 days ago 4 replies      
I was so excited when I saw this post. Then I realized it's another 'too early' post claiming the tag == release. It's not released until it happens on the PHP site. This is just a tag in the repo. Sure, it likely won't change now, but it could.
DigitalSea 6 days ago 2 replies      
Probably one of the biggest releases since 5 in my opinion. Scalar and return type declarations being added in are a couple of massive additions. For a language that used to cop a lot of flak, PHP sure has grown to become a mature and quite decent language.
allan_s 6 days ago 0 replies      
The scalar and return types are really a great improvement IMHO, I can't wait for Doctrine to fully support it for code generation.

But one thing which is missing is the nullable types, as currently it's either you always return a string and you can use scalar typing, or you sometimes return null and you can't use it (which I'm okay with)


With this, it will permit to have even better static analysis "a la" HHVM/hack (i.e detecting that you haven't check for is_null in your code

datashovel 6 days ago 1 reply      
The one thing I'd love to see is a native concurrency story with PHP. I'd put my vote in specifically to have Communicating Sequential Processes. I think that feature alone would take the language to another level. I know they've got stream_select, et al. and I've really enjoyed pecl event, reactphp, and of course there's HackLang's Async / Await if you want to convert, but having some modern / native constructs would be nice to have. Does anyone know if that's on the horizon?
cdnsteve 6 days ago 1 reply      
I'm actually excited for this release!

- Type declarations (this is a HUGE move forwards).

- Grouped use statements, not sure if I like how that looks

- ?? will shorten statements

- Anonymous classes seem a bit odd looking to me

- Unserialize filter is a nice security bump

Anxious to try it out and see the speed improvements I've been hearing about too.

defenestration 6 days ago 2 replies      
Congratulations to the PHP community with this milestone!

I wonder if people who switched to HHVM, will start using PHP again. HHVM has offered much faster performance than previous versions of PHP. The speed of PHP 7 is at par with HHVM.

motiejus 6 days ago 3 replies      
OK, great! Clicking the main page[1], see the top of README:

"build error".

Wait, what? You just released it, it should definitely work! Clicking that icon[2], checking the failed build[3]:

ERROR: no certificate subject alternative name matches

requested host name `pear.php.net'.

To connect to pear.php.net insecurely, use `--no-check-certificate'.

Really? See what's in http://pear.php.net/

> The server running pear.php.net had a fatal hard disk failure and gets replaced by a new machine this week. Until the new machine is setup, this page is up to let you continue installing PEAR packages via the PEAR installer.

In 2015? Cool.

Connecting to the https website ...

% openssl s_client -connect pear.php.net:443...Certificate chain 0 s:/CN=mail.cweiske.de

So you're using CN=mail.cweiske.de for pear.php.net. I don't even know what to say.. Well, happy hacking!

[1]: https://github.com/php/php-src[2]: https://travis-ci.org/php/php-src[3]: https://travis-ci.org/php/php-src/jobs/94372493

sarciszewski 6 days ago 0 replies      
The feature I'm most excited about is the availability of a simple, sane, and correct CSPRNG:

 string random_bytes(int $numBytes); int random_int(int $min, int $max);
If you want to use this interface in a project that needs to be compatible with PHP 5, there's always https://github.com/paragonie/random_compat

captn3m0 6 days ago 0 replies      
Have been waiting for this anxiously. I've been running a few test builds on it occasionally, but its nice to have the guarantee to shift prod systems to it.

New Features list is at https://secure.php.net/manual/en/migration70.new-features.ph...

My favorite is scalar typehinting by far.

almsgiver 6 days ago 1 reply      
A tag is not a release, it should be officially released tomorrow.
cdnsteve 6 days ago 3 replies      
jafingi 6 days ago 0 replies      
It's really a great release! Great work by all the contributors.
mei0Iesh 6 days ago 0 replies      
Yay, null coalesce operator! That shortens a lot of common redundancy. When will there be a FreeBSD port?
samuell 6 days ago 0 replies      
To me, PHP is still interesting, because of the ProcessWire CMS/CMF [1], which is basically the next best thing afte sliced bread (A generic hierarchical content structure, with a jquery-inspired PHP template API, giving FULL flexibility to customize your design and presentation to anything you like ... even REST apis are just a few lines of code in a template. Add to that dozens of dozens of extremely nicec features built in, such as automatic thumbnail resize through API methods such as <img src="{$image->size(90,90)->url}"> ... and you have something immensely powerful).

[1] http://processwire.com

drakonka 6 days ago 0 replies      
Congratulations and thank you to everybody who has contributed. I've been running PHP 7 for my hobby project for the last couple of months. The update was refreshingly painless and I've had zero compatibility troubles so far.
ck2 5 days ago 0 replies      
PHP 7 literally cuts the load in half for PHP code which means hundreds of thousands of servers can either now save power or serve nearly twice the number of connections.


almost as fast as hhvm but much easier to adapt

jwdunne 5 days ago 0 replies      
I've been anticipating this for a while. Some great additions, especially scalar type hinting and type hinting on return types. The ability to enable stricter typing via a directive is also great. It's a shame internals voted down short-hand syntax for anonymous functions, including implicit closure over outer scope variables - a function with closures in PHP can get ugly very fast. Using higher-order functions becomes far more unwieldy.
mrmondo 6 days ago 4 replies      
As a person with more of an ops background can someone explain to me why / when PHP might be a viable language? My experience with hosting PHP apps has historicity been one of fending off security issues and I think that often in the past PHP was often a language for designers that didn't have experienced programming skills, it feels like designers have now shifted to using Node for this?
oblio 6 days ago 0 replies      
Can anyone closer to the subject provide some info about this: https://www.reddit.com/r/programming/comments/3v4l98/php_7_r...?

That comment looks a bit scary if it's true :(

timmy_ 5 days ago 1 reply      
I use PHP for my freelance work mainly because I have no option on hosting. I never got the appeal for PHP (besides being cheap to host). All my personal projects are either done in Python or Node + (Angular, react & now Vue)

Python: PURE elegance

Node: io breeze

PHP: ?

Q: is the "module" system still achieved by dumping file content or is there a linking system?

awalGarg 5 days ago 0 replies      
Great release! I think the BC breaks are all justified :)

And all the shared hosts around still stuck at 5.3 or so, this is your time to move forward. At least start offering a PHP7 version, if not a straightway upgrade.

Huge thanks to the internals for their hard work.

GigabyteCoin 5 days ago 1 reply      
Are they skipping 6.X releases or something?

The latest release according to php.net [0] is 5.6.15 which come out October 29th of 2015.

[0] https://secure.php.net/releases/

jimaek 6 days ago 1 reply      
Cant wait for php-memcache and a few other extensions to support PHP7 to move our projects
adrianmacneil 6 days ago 1 reply      
Given how dependent php is on hosts to upgrade, and how slow php hosts traditionally move, it would seem that php would benefit from a 7-to-5 transpiler, similar to Babel for JS. Does anything like this exist already?
sarciszewski 6 days ago 0 replies      
By the way, PHP 7 has been tagged but not yet released.
dutchbrit 6 days ago 0 replies      
Cool stuff, PHP 7 looks very promising, especially when it comes to speed. In some cases even faster than HHVM.
jpmw 5 days ago 2 replies      
I left the PHP community years ago, but...but...where is PHP 6? What was the reason to skip it?
josu 5 days ago 1 reply      
What effect will this have on Wordrpess?
darkhorn 5 days ago 0 replies      
It has not been released yet.
gustavofulton 5 days ago 0 replies      
Is it the final release now?
jjuhl 5 days ago 3 replies      
Why, ohh why, won't this freak of nature (language) just die :-(
velmu 6 days ago 0 replies      
razvan_moldovan 6 days ago 0 replies      
yeeeeh :D great work
debacle 6 days ago 0 replies      
A very lost opportunity to create a new stdlib and eventually phase out the old, shitty, procedural one.
circa 6 days ago 0 replies      
I haven't worked with PHP in quite some time now but I am happy to see its still kicking. Although it does bring back some haunting memories from versions 3 and 4.
Open source software for developing world hospitals hospitalrun.io
456 points by daleharvey  4 days ago   112 comments top 31
baldfat 4 days ago 7 replies      
Sorry another story about my journey with my son while he battled cancer.

Closed Proprietary image formats and systems HURTS patients. We used the local hospital for Chemo and everything else at the Children's Hospital 1.5 hours away for his legs and lungs. I would always have to wait 20-30 minutes to get a DVD of the studies (PET, CT Scan or MRI even ultrasound, but those are worthless) and then bring them to the doctor. The doctor would be forced to use whatever the portable image viewing program that came on the DVD and then they had to be sent to the IT Department to be imported into their system.

We would be there to remove some horrible tumor but before half his surgeries (I can't count how many surgeries he had) we would have to go in the day before (3 hour round trip) to get the expensive scan done again. One time I had a scan at 11 PM - Midnight and then drive home around 2 AM and be back at the hospital at 7 AM check in for a 10 hour surgery. ALL BECAUSE THE FORMATS ARE CLOSED and SYSTEMS could not connect so that my son's records were all the same every where. I carried 20 DVDs with me all the time just in case.

In case you are wondering my son unfortunately passed away after almost 5 years of fighting. If you are ever interested in giving to a cancer society please consider stbaldricks.org. Most charities give 0% or 2% to pediatric research and that is why we went over 20 years without a new chemo for children till last year, which St Baldrick's funded the research for this amazing new drug to fight a different type of cancer my son did not have.

radoslawc 4 days ago 3 replies      
That reminded me about story my friend told me some time ago. He's IT specialist in hospital, they were having some problems with x-ray machine with server based on windows XP and thin clients as viewing stations. Eventually it was replaced with debian based workstations and haven't look back ever since. After this he told me about interesting case with it, there was patient complaining about middle foot pains, on previous setup x-ray photos showed nothing, after switching to debian workstations they were using aeskulap dicom viever (http://aeskulap.nongnu.org/index.html) which had more adjustments for viewing those files, like hue, saturation, color and so on, so after opening those photos with aeskulap and fiddling a bit with parameters it clearly showed that patient has broken bone in foot but in unweighted position it was almost invisible line on black and white default viewer.
melbourne_mat 3 days ago 2 replies      
I've been volunteering in hospitals in a developing country for a while now and the information systems they use here are really bad.

With an eye on replacing said information systems, I've had a look at the open source medical records / hospital management systems available. When I looked at the details these systems are often not great replacements. So you're replacing aging, poorly written information systems with aging / non user friendly / difficult to customise information systems.

I would like to suggest some things for you guys:

1. Instead of creating one large hospital management system from scratch, how about smaller systems that can be linked together? eg. patient records system / laboratory system / pharmacy dispensing system / billing system / etc. The systems I mention here have fairly minimal dependencies between each other. This gives you the time to create a best of breed system before moving onto other stuff. It also allows hospitals to be able to use your stuff without ripping out everything they already have!

2. Think about how a hospital would customise your system. New fields, forms, reports, workflows, logic, etc. And how these customisations would survive an upgrade of the core system.

Anyway, I hope you have success with the project and I wish you luck. I'll definitely be keeping an eye on it!

UserRights 4 days ago 2 replies      

Please avoid too much diversification by reinventing wheels, instead please contribute to one of these projects.

Mobile first is a basic requirement in developing countries.

watty 4 days ago 5 replies      
Looks great. Why such emphasis on "Ember"? Does the target audience really care what front-end framework is used?
Maarten88 4 days ago 2 replies      
This is a great initiative, I logged in the beta and tried a few things, which mostly worked, although somewhat slow. Probably a lot of hospital administrators active now :-)

What surprised me most is that the UI does not seem to be mobile responsive, and does not work well on smartphones. I would have guessed that in developing countries mobile use would be hugely important?

diptanu 4 days ago 0 replies      
How does this compare to OpenMRS? Hospitals because they have to obey a lot of goverment regulations needs to customize a lot of things, records and reporting so we did a lot of work around the plugin architecture in OpenMRS, does this have similar extension mechanisms too?
paulojreis 4 days ago 1 reply      
I'd be very, very happy to contribute to this.

It seems you have a nice focus in usability - efficacy, efficiency and satisfaction. For me, it seems vital to make IT useful and not a burden, reducing clinicians wasted time on non-clinical duties and their general distaste with the software they have to use. I'm a UX PhD, I have experience working with very particular groups of users, and I would be very motivated in working for better healthcare.

DadFoundMy 4 days ago 1 reply      
At quick glance this seems to be fantastic! Software like this is what brings out the great nature of open source. This project reminds me of the eye tracking system that gained popularity a few weeks ago.

EDIT: Here's a link to the referred to project https://github.com/OptiKey/OptiKey/wiki

guatebus 4 days ago 2 replies      
While I don't agree with many of the specifics of the HL7 spec[1], I guess the community behind this project should decide if this system will conform or not.

[1] http://www.hl7.org/implement/standards/

dubcanada 4 days ago 1 reply      
I can't seem to login, I enter the doctor username and password press submit and it refreshes the page and nothing shows.
mathnode 4 days ago 1 reply      
Imagine if this got better than systems that are on offer when this requirement goes out to tender for the NHS institutes in the UK?

So long as it doesn't do over night batching, it's already decades ahead. I wish I was joking.

mtgx 4 days ago 0 replies      
siculars 3 days ago 0 replies      
I worked in this space for a very long time. Here are my thoughts on health data integration [0]. In a nutshell:

"At it's core the government need only do one thing to encourage innovation in the interoperability space and it is this:

The government, by means of regulation and incentive, ensure that any vendor of data systems that create or store data make adequate interoperability features and documentation available for said system.

I call this the Core Mandate. The core mandate must be unequivocal with no loopholes. What do I mean by "interoperability features"? Simply:

- If a system creates data, the ability to read that data is fully described in documentation.

- If a system stores data, the vendor will provide an API and/or SDK, with accompanying documentation, such that authenticated requests may create, read, update or delete that data programmatically as appropriate.

A system is defined as any software application or hardware device."

[0] http://siculars.posthaven.com/health-data-integration-regula...

burrox 3 days ago 0 replies      
Ohh wow this looks very nice. Unfortunately I can't login for some reason.

So I am actually finishing the development of a similar system for a group of anesthesiologists that needed a custom app to keep track of their patients and their pain medication.

Had I known of this project before I would have actually considered contributing/forking it to handle their use cases. See this hits pretty close home since I'm Colombian and hospitals here have terribly outdated systems.

I love the idea of the app working offline and syncing when internet is available since mobile networks here aren't verye reliable. One problem is,as others have mentioned, having it work on mobile is very important. I don't think it really is because of lack of PCs and desktops it's just that doctors are always running all over the place and it's more convienent for them to log the information on a smartphone/tablet.

Anyways my next project is also on the medical field and will have a wider scope so I'll keep an eye on this project for when the time comes, I'd love to contribute eventually.

reubano 4 days ago 2 replies      
Nice project... here are my observations thus far

 - login screen takes several seconds to load - not usable on screens/mobile devices - seems like every click makes multiple server requests (and loads for up to several seconds)
Also, would like to hear your thoughts on building a new system vs building on top of the many available open source medical systems.

daleharvey 4 days ago 0 replies      
Quite proud to see PouchDB being used for things like this, it looks like pretty much a perfect use case.
sidcool 4 days ago 0 replies      
Great effort. A similar open source campaign is being run under OpenMRS, called Bahmni (http://www.bahmni.org/)
solankv1 2 days ago 0 replies      
First off, I would like to say this is exactly the kind of thing that has the potential to have a monumental impact on global healthcare, not just in the developing world. We could definitely do with this type of initiative in the UK.

The reality is that some of the biggest vendors (US and UK based) actually ship some of the worst software and charge hundreds of millions of pounds for it. Ultimately, its the patients that pay the price. It's a complete myth that bigger vendors build safer systems.

I agree with a previous poster in that given more visibility, I'm sure there are thousands of developers that would love to contribute to this type of project (myself included).

It's also pretty clear that mobile will be a key requirement for this type of solution. Not just a responsive website but full native implementations. I realise that this can be expensive, but if it's open source, I'm sure there are developers that would love to get involved. Maybe you would consider an API? This might encourage an ecosystem of client solutions to flourish.

Finally, do you think there is a role for a patient login here? There is a world-wide movement to encourage patients to play a more active role in managing their healthcare and giving patients mobile access to their health records is a great first step towards this.

mathiasrw 4 days ago 0 replies      
I like the "Why HospitalRun?" at the bottom of the link...


privong 3 days ago 0 replies      
I'm not in this area, so I don't know much about it, but can anyone compare this with GNUHealth[0]? At first glance, they seem to be trying to do many of the same things.

[0] http://health.gnu.org/

andrewclunn 4 days ago 0 replies      
This can only be done in developing markets because the health privacy regulations and mandatory screening laws cripple the ability of the Western medical industry to adopt open source solutions.
nickysielicki 3 days ago 0 replies      
Anyone else remember this CVE? Open (eg: passwordless) telnet on a blood infuser.


martijn_himself 4 days ago 1 reply      
This is great. I recently had to create a prototype application for a charity with offices in a developing country and this would have been a perfect fit. I don't have access to GitHub at the moment but I wonder how far along their implementation of the 'off-line first' sync mechanism is, this is a non-trivial thing to implement.

I had a quick look at the demo and it looks like the development is in the early stages- a bit of (hopefully constructive) feedback: I think they (you?) may be trying to attempt to do (and cover) too many clinical disciplines at the same time- maybe implement individual modules (like patient registration) and test them in all (old!) browsers in more detail before moving on to the next. Also think long and hard about how you implement your data model (clinical indicators e.g. blood pressure often have a context and are temporal values, how do you model these?). This is a great effort and has lots of potential.

EDIT: also, the name seems to suggest to me like there is a run on hospitals- but that may be a personal thing.

pjmlp 4 days ago 2 replies      
While this is a good idea, how are the health compliance requirements enforced?
daveguy 3 days ago 1 reply      
A somewhat related commentary article on why electronic health records (EHR) are difficult to work with: they are focused on billing not patient care. Doctors would prefer a care-oriented system. This could be a great inroad for open source.
mavhc 4 days ago 1 reply      
Looks like it's way more open source than the two "open source" school MIS systems I looked at, one had no code available, the other an old version dumped on github, but not linked from their main page until you signed up.
srameshc 4 days ago 0 replies      
This is a great initiative and I hope entire world adopts to such open standards for patient record management which can be freely transferable to other hospitals/doctors when needed or when approved by patients.
Coxa 4 days ago 0 replies      
Just after a first glance this looks really interesting! Brilliant idea.
aayala 4 days ago 0 replies      
Anybody remember Care2x ?
hienchu 4 days ago 2 replies      
Why is it so similar to codio.com homepage?
After a ten-year hiatus, NetHack 3.6 nethack.org
405 points by Alex3917  14 hours ago   105 comments top 22
pmoriarty 13 hours ago 8 replies      
Fans of nethack and other roguelikes should try Dungeon Crawl Stone Soup (DCSS).[1]

You can play or watch games in progress by:

 ssh joshua@crawl.akrasiac.org
Use the password "joshua".

It's also available as a standalone program you can run on your own machine.

DCSS has some made some great innovations, such as fantastic use of color and auto-explore, tons of really unique gods and races, it's scriptable(!) in Lua, the list goes on and on...

[1] - http://crawl.develz.org/

sohkamyung 12 hours ago 2 replies      
I like this change, adding Terry Pratchett quotes:

"At the time of his passing this year, the DevTeam decided that it would be a fitting tribute to take a number of our favourite quotes from the various Discworld novels and incorporate them into the game. Being the way we are, we did a little more than that. There are now a huge number of quotes from many of the Discworld novels in the tribute file, but this doesn't mean that we wouldn't accept new submissions from other Pratchett fans."

reidrac 8 hours ago 2 replies      
I'm happy NH is still being developed with new releases, but for me... the rogue-like event of 2015 is ADOM hitting steam:


I know this post is about NH, but some might find this interesting anyway.

itburnswheniit 12 hours ago 2 replies      
Play once for fun, the next 1000+ times for revenge.
hellbanner 2 hours ago 0 replies      
jl6 7 hours ago 0 replies      
Is there a source of md5sums for the release tarballs that is independent of Sourceforge?
andrewstuart 13 hours ago 1 reply      
I nearly got fired cause I played so much nethack at work in the early 1990's.
copperx 11 hours ago 10 replies      
Hi. I'd love to try NetHack but the game seems incredibly complex. Is this true? does it have a huge learning curve?
balakk 10 hours ago 0 replies      
My first ascension, 12 years ago.


What a beautiful game.

losvedir 5 hours ago 5 replies      
Are there any good versions of NetHack (or similar) for Android? I've never played and it sounds like I'm missing out, but the only time I really feel like I could put in some hours would be on the bus or train or something.
paraiuspau 8 hours ago 0 replies      
Oh man, i felt it in my water, i checked the site every day for 2 or more weeks, didn't this morning, came on to hn, and lo-and-behold...
Turbo_hedgehog 12 hours ago 1 reply      
Curious that they are still on sourceforge.
roghummal 11 hours ago 2 replies      
You can play* or watch games in progress by:

$ ssh nethack@alt.org

It's also available as a standalone program you can run on your own machine.[1]

You can follow milestones, defeats, and victories at #nethack@freenode. See NAO[2] for more information!

* NAO currently runs NetHack 3.4.3.

[1] - http://www.nethack.org

[2] - https://alt.org/nethack/

kyberias 9 hours ago 1 reply      
The git instructions [1] result in git asking for a password (on Windows).

[1] http://www.nethack.org/common/git.html

Isamu 11 hours ago 1 reply      
I think I last played this on my AT&T Unix PC 7300.


SwellJoe 13 hours ago 0 replies      
Well, I sure hope they didn't rush things. Great games take time.
josephcooney 11 hours ago 0 replies      
I got terrible wrist pain as a 10-year-old playing nethack on an Amstrad 1640 8086.

But totally worth it.

Ascii art never looked so 'cosmic'

roghummal 12 hours ago 0 replies      
menucolors! pickup thrown! sortloot! use_darkgray! And many more!

Merry Christmas everyone! Awesome :)

--rog hum mal

riffraff 8 hours ago 0 replies      
this is great, but I wish there was a QT Tile version, as much as I know the term version is The True UI, I still prefer graphics.
FD3SA 8 hours ago 0 replies      
Lineage the Bloodpledge, a hugely successful korean MMO was heavily based on NetHack [1]. It is still one of the most widely played games in the world (mainly in South Korea).

The article below does an excellent overview of its history and inspiration from NetHack.

1. http://www.engadget.com/2011/06/07/the-game-archaeologist-tr...

rahat420 11 hours ago 0 replies      
please upload the 8 ball pool game hacks
ilaksh 1 hour ago 0 replies      
How to build on Ubuntu.. for God's sake, why isn't there a script or a configure? I am trying to figure out the sys/Install instructions, getting nowhere.

Why didn't they just make it public on github, and use their issue tracker?

EDIT: actually the sys/Install/NewInstall.unx instructions worked for me, at least it is starting to make.

Machine learning works spectacularly well, but mathematicians arent sure why quantamagazine.org
396 points by retupmoc01  4 days ago   130 comments top 24
j2kun 4 days ago 3 replies      
I can chime in for the theoretical computer scientists. Deep learning (in its simplest form) corresponds to the class of circuits whose gates are linear threshold functions. Our primary goal with such functions is not to show what problems can be solved by small circuits using linear threshold gates, but what problems cannot be solved with such circuits.

Until last week [1], it was an open problem whether every function with n inputs that is computable in nondeterministic time 2^O(n) could also be computed with a two-layer circuit using only O(n) gates (that is, a deep net with just one hidden layer with a linear number of gates). This is an embarrassing state of knowledge.

Now we know the following slightly less embarrassing thing: there is an explicit function, computable in linear time, that needs at least n^3/2 gates in a two-layer deep net (modulo some log(n) factors), and another function that needs n^3/2 gates in a three-layer deep net (with the additional restriction that the output gate is a majority vote of the previous layer).

This is still a long way away from truly understanding the representational power of deep nets, but it's the first general progress that has been made since the early 90's.

[1]: http://eccc.hpi-web.de/report/2015/188/

rdlecler1 4 days ago 4 replies      
One problem with understanding ANNs is that the weight matrix carries a lot of spurious interactions. Running perturbation analysis you can see that many of the interactions do not contribute to the information processing of the circuit. This is the same for Gene Regulatory Networks. I wrote a paper published in Nature's "Systems Biology" entitled Survival of the Sparsest Gene Networks are Parsimonious. It's been cited ~130 times. There I represent an algorithm to evolve the connectivity of the network. What you find if that a network will tend to remove spurious interactions if the system is allowed to evolve. Because there will be very few network topologies that are both sparsely connected and functionally equivalent (think of how many ways you could create a minimally complex 8-bit added) there is likely only a small handful of non-isomorphic network topologies for any given function. With these sparse networks we should get a better grasp on the functional circuits that drive them. When the networks appear fully connected, at least in each layer, that circuitt does not reveal itself.
vonklaus 3 days ago 2 replies      
There was a great article called The Space Doctor's Big Idea, published in the New Yorker a few months back. It explained Einstein's theories in the top 1000s English words used in America.

While sone might wave their hands and call this an eli5, it was quite well done and between that and some xkcd comics I was able to learn enough to ubderstand how orbit works and a few other awesome facts.

I am interested in finding something similar for machine learning. I am not embarassed to admit that, Super-Linear Gate and Super-Quadratic Wire Lower Bounds for Depth-Two and Depth-Three Threshold Circuits, is just way too complex for my casual interest but would like to know more about how AI/ML works conceptually. Clearly the discipline underpins a bunch of services I use regularly and as computing and techniques improve it will start playing a more conspiscious role.


dave_sullivan 3 days ago 5 replies      
In addition to "We need a cluster for deep learning", the second most popular mostly untrue thing I hear is "We have no idea how neural networks learn".

However, there are many papers that explore various ways to make a network learn, and they keep improving on performance, suggesting they're on to something. There are also many papers that discuss possible theoretical implications of experimental results.

But what does Knowing Why The Network Works mean exactly? "It works because universal approximation and gradient descent", but that's not a very satisfactory answer. "It works because it starts at a general solution and, over the course of many iterations, takes many small steps in an ever changing direction defined by a gradient approximation generated by looking at the difference between an average error and a target output (which should trend towards 0)".

What would a satisfactory "why" even look like exactly? As in, what form might it take compared to some other scientific discipline where we do know what's going on?

Personally, I think the whole thing is a red herring -- people in the field have some idea of how neural nets work, and there are many disciplines considered by many to be mature sciences that are far from settled on a grand theoretical scale.

That said, the theory I'm most interested in is recent attempts to connect a memory module to neural networks so they can "learn" to store important/complex/distributed information that can be recalled with high accuracy later. That will make it easier to do things like ask a neural network to remember your name, or where you left your keys, or whatever.

wsxcde 3 days ago 3 replies      
To take the discussion on a slight tangent, how uncommon is this phenomenon? An applied tool works really well but nobody knows why. I can give another example from the domain of formal verification: SAT solvers which are at the core of most modern verification/synthesis tools.

You can download open source SAT solvers today that work spectacularly well on "real" SAT instances with millions and millions of variables and clauses. Yes, SAT is the quintessential NP-complete problem and in fact it is pretty easy to come up with a SAT instance with only a few tens of variables/clauses that would kill these solvers. But somehow these "hard" instances almost never occur in practical problems generated in hardware/software verification/synthesis as well as ton of other applications (planning, constraint programming etc.)

So this must there is some characteristic of the problems that we generate in practice that makes them "easy" but we don't have a good understanding of what this characteristic is. All we know, for now, is that we've somehow stumbled upon a near-perfect set of heuristics that work amazingly well on the SAT instances we encounter in practice.

cdavid 4 days ago 1 reply      
Note that the writer is the famed Ingrid Daubechies, who was one of the main driver behind wavelets and early works on sparse representations.
algomanic 4 days ago 1 reply      
The fact that the class of NN functions is universal is almost vacuous: the basic idea is that if you allow a "neuron" for every point in your input space then you can mimic any function you like (i.e. each neuron handles a single input). Obviously such representations become arbitrarily large.

Which almost immediately suggests a solution to why NN learning works: the processes that produce the types of datasets humans are interested in are produced by (effectively) polysized networks and you can probably say things like the probability of recovering a polysize function from polysize samples is high.

abrichr 4 days ago 3 replies      
> In practice, neural networks use only two or three layers...

The famous AlexNet [1] that blew away the ImageNet competition in 2012 contained 8 layers; more recent networks have even more.

[1] http://www.cs.toronto.edu/~fritz/absps/imagenet.pdf

amelius 3 days ago 1 reply      
This is the reason I am not so much interested in this field. It is too much "let's try this and see what happens" rather than really engineering a solution.

I guess more people feel that way, and I guess that is a good thing, otherwise everybody would now be working on AI, since it is such a promising field.

jacquesm 4 days ago 0 replies      
I love her definition of big data.

Another bit that stood out for me:

> Youre awarded an extremely generous grant that allows you to give 200,000 people a 500-question personality test, with answers that vary on a scale from one to 10.

Dating sites like OkCupid should have such data.

princeb 4 days ago 2 replies      
there are a number of features in machine learning that seem to have counterparts in statistics - stuff like m-like estimators as kernels (I think - correct me if wrong), information criteria for feature selection, that have existed a long time ago.

maybe it's the combination of sheer computing power and availability of data that allows better models. maybe we've never looked at algorithmically generated models because we also want a narrative (commonsensical explanation) to the model, not just a matter of algorithmically finding correlations between jelly beans and acne, say.

part of me thinks, ok the machines found something. now can we actually use that to understand the world, rather than build more recommendation algorithms? (haha). I'm not sure what an advisor will say about a doc student who says, let's just throw reams of data at a machine until we find a meaningful correlation, and then let's reason from the correlations (my guess is 'no', that's not really the scientific method is it).

I'm hopeful, and I don't think the answer to the question will come from academia.

tacos 4 days ago 1 reply      
As for "spectacularly well" -- well, the person behind the curtain wiggling the levers retains a lot of influence. Garbage in, garbage out, remember?

I'm reminded of the time Google Translate autodetected "Gesundheit" as Spanish. And Gmail kindly offering to translate "hahaha" from Portuguese, putting an ad for coconuts next to it.

Data science is improving, but you might be surprised how slowly. Especially in the consumer space, because the metrics on effectiveness are so warped.

Voice recognition of numbers only, over a phone connection, can be below 40% accuracy! Much of the perceived success of these systems comes not from the core machine algorithm, but from clever human tweaks around it. Also end-users who are happy with what they get, not quite realizing how goofy it all is if they were to get a glimpse of the raw data.

shas3 3 days ago 0 replies      
I think another interesting analogy (in terms of field-development trajectory) to deep learning is the whole idea of l1-regularized regression or LASSO or sparsity priors or sparse signal processing ([1] goes by many names depending on which field you work in). The whole idea is that by penalizing 'dense' solutions to a regression problem, you can 'promote' 'sparse' solutions like the ones that occur in many many applications. This had been used by various communities with some theoretical justification for years, at least since the 1970s. However, the real theoretical breakthroughs framing this problem in something close to the rigor and usefulness of Shannon's sampling theorem, came in 2004 from two papers independently: David Donoho; and Emmanuel Candes, Justin Romberg, Terence Tao. Theoretical CS community also got close to the answer in their work in the late 1990s and early 2000s in many papers on random projections and sketching. There are many connections between deep learning and ideas in the broad area of sparse regression. But one epistemological point of intersection is how theoretical results pertain to asymptotically large cases, but in applications work very well even with much smaller systems.

[1] https://en.wikipedia.org/wiki/Compressed_sensing

the_duck 3 days ago 3 replies      
>In the last 15 years or so, researchers have created a number of tools to probe the geometry of these hidden structures. For example, you might build a model of the surface by first zooming in at many different points. At each point, you would place a drop of virtual ink on the surface and watch how it spread out.

It sounds to me like this 'ink drop' is a metaphor to explain some state-of-the-art dimensionality reduction technique. Does anyone know the common name of this technique?

joakleaf 4 days ago 2 replies      
Neural networks is advanced curve fitting -- That's why.

It isn't really all that magical or mysterious.

powera 3 days ago 1 reply      
My super-hand-waving explanation of why machine learning works:

MNIST is a handwritten digit database. Each 784-pixel image (28x28) corresponds to a digit from 0 to 9. As a pure mathematical construction, there are at most 2^784 inputs possible, and a small number of possible outputs.

So if you have 784 completely different ways of analyzing the image, and you combine them in the right ways, you will get roughly an approximation of an answer. This is a tautology if the 784 ways are "the value of each pixel" and the combinations are "magic", but if you have more "intelligent" combinations you should have combinations that are less magic. And in this case, since humans can generally determine the digit value from a 7-light display, it seems reasonable that there exists some way to have "intelligent" combinations such that they combine to form a neural network that solves the problem of digit identification.

And that (still hand-wavy) explanation can also plausibly describe how a human would describe identifying a number. If I ask you "why is this a 1 and not a 3", you might say "because it's straight" or "because it's narrow" or "because it doesn't have a point in the middle" or any number of other descriptions of the object. So you can envision a 2-layer network where the middle layer calculates this (and due to the structure of images, in practice it might better be a 3 or 4-layer network. but the important point is that the search algorithms don't rely on it or you knowing what these middle layers are ahead of time)

Which only leaves the question of how "neural network learning" is supposed to find this. And there are a few heuristics which combine to (in practice) be a very effective search. We have back-propagation (which is much easier with automatic differentiation), so we can adjust the entirety of the network based on the output. (and it's an axiom that if you have a lot of things, they will be similar in the ways they are the same, and different [hopefully in some regular way] in the ways they are not the same). We have drop-off, where we attempt to prune connections that are irrelevant. We can add new connections to see if they are relevant. We can do any number of hill-climbing algorithms on the output of the fitness function. And, as a valid search algorithm, it tends to converge to a valid result.

Obviously none of this is at all rigorous, but if you know the math here enough I don't think you're asking the questions in this article.

zepolen 4 days ago 1 reply      
Thought about how cool it would be to use machine learning to generate machine learning algorithms and how that could be the basis of artificial "life".

Maybe start with a minimal implementation 'bootstrap protozoa' that can evolve to highly complicated forms.

Then realised that since Machine Learning processes takes a long time that would take forever making auto evolving computer life forms a long way away.

Although if it were possible, in the same way we became sentient based on very simple inputs, that could also mean computers, with a sufficiently complex process, could too...

tianlins 3 days ago 0 replies      
it seems like a general phenomenon that our scientific understanding decreasing with the complexity of the system. in classic physics, we could have very clean equations capturing the dynamics of a system. this is not true any more in chemistry/biology/social science. modern deep learning pipeline, compared to its shallow counterparts, gains more complexity, so it's not surprising at all to me that we are not able to understand it well at the moment.
jheriko 3 days ago 0 replies      
maybe i am missing something here... i really don't know.

it might not be rigourous, but for standard, deep neural networks its intuitively obvious enough that you can reinvent the idea from scratch in your bedroom in a time before the internet just by getting a vague description of the idea and thinking about how it /could/ work.

proving convergence may be difficult, but its not particularly challenging to see why it happens imo. :/

a lot of the things the article points at are utterly irrelevant to the subject. e.g. sigmoid functions, depth of networks.

i think there are some bold baseless claims here - for instance linearly interpolating data points is pretty simple as a way to approximate a function, and its not hard to see how neurons can provide this with linear activation functions and some very naive back propagation. (e.g. evenly dividing error and correcting weights towards the correct result)

if this didn't converge /that/ would be surprising.

cschmidt 4 days ago 2 replies      
Can anyone give me a pointer on what techniques the author is talking about for unsupervised learning at the end of the article?
deepnet 3 days ago 0 replies      
Deep Neural Networks learn layers of linear functions - represented by adjustable 'learning' weighted connections.

Each layer of neuron activations is a new representation of the data - produced by the weighted connections.

Function compositions of linear functions are still only a linear function.

Each neuron in a layer sums it's weighted inputs this summation is a non-linearity that allows layers to be composed - function composition.

This is famously expressed in Minsky and Papert's 1968 'Perceptron': a single layer of network weights is incapable of learning XOR.

One analysis is that Neural nets transform the shape of the data until a single line on a twisty high dimensional manifold produces the desired distinction. http://colah.github.io/posts/2014-03-NN-Manifolds-Topology/

A single layer network is a universal approximator and a net can be trained or distilled from another net - but deep nets are overwhelmingly better at the initial learning and discovery.

Neural nets have been related to Kadanof's spin glasses, suggesting learning is alike to phase transitions or sand pile collapse where small local changes can produce profound global changes.https://charlesmartin14.wordpress.com/2015/04/01/why-deep-le...

Generally when training nets the learning initially learns a lot very quickly, most of the error vanishes at the start.

Word2Vec demonstrates that nets learn very powerful representations, that word2vec vector algebra is semantic points to unexpectedly powerful representations.

Similar semantic vector math can be performed on images and the same vectors can translate modalities, e.g. text to images.https://github.com/Newmu/dcgan_code#arithmetic-on-faces

Natural Evolution produces efficient solutions.

I propose the successes of deep learning so far are partially explicable because they are working within human culture and perception, relearning our very efficient solutions - akin to distilling a deepnet into a shallow one.

This hypothesis will be tested if embodied deep neural nets using re-inforcement learning discover their own efficient solutions to performing tasks in the real world - robotics.

IMHO Peter Abeel's deep net, learning to robustly output robot motor torques directly from camera pixels will show if embodied deep nets can do discovery rather than relearning what we know. http://www.cs.berkeley.edu/~pabbeel/research_rll.html

sonabinu 4 days ago 1 reply      
It would be interesting to see what the purists arrive at
calewis 3 days ago 0 replies      
Skynet is coming.
darkhorn 3 days ago 0 replies      
As far as I know no mathematician was able to graduate from statistics department as second major or (second) minor (whatever you call it in English). I mean in my university. I hope you get the idea; it looks like statistics is hard for mathematicians, at least for most of them. Thus, I don't understand why they talk about this statistics topic with mathematicians but not statisticians. Yeah, may be should ask to a statistician! Duh!
Three Stories justinkan.com
388 points by tzier  6 days ago   47 comments top 11
dcx 6 days ago 2 replies      
"Gen George C. Marshall received a report from a general on his staff that some of Marshalls officers had morale problems. General Marshall said, 'Officers dont have morale problems. Officers cure morale problems in others. No one is looking after my morale.'"


pkfrank 6 days ago 3 replies      
The pizza delivery messenger service is clever and hilarious.
jacquesm 6 days ago 2 replies      
I can relate to all of these because I've lived through all of these, fortunately not as much in the public eye as Justin and his team (the web was much smaller back then) but this brought back a whole bunch of memories.

Thanks Justin (assuming you read HN) for writing these up.

navitronic 6 days ago 2 replies      
A modern alternative to the pizza delivery message would be to use uber to book a car near the location and upon the allocation of the driver, contact them and ask them to deliver the message.

and then drive around the block a few times for their trouble.

cassieramen 6 days ago 4 replies      
It's always interesting to think about the key moments in a start-up's life. Those ride or die moments that lead to great success or losing the Jonas Brother. I wonder how many a startup gets? How many are created by action or by luck? Do all startups have a couple of key moments they can look at as lynch pins to their success?
AznHisoka 6 days ago 3 replies      
Would there still be any objection to making money from a porn site if it gave them 40% of their revenue?
pbreit 5 days ago 0 replies      
"we had an unlimited vacation policy, which translated into passively discouraging people from taking vacation"

I've never heard this described so succinctly and perfectly!

hamburglar 6 days ago 0 replies      
Such a great summary of "unlimited vacation":

> Because we were young and terrible managers, we had an unlimited vacation policy, which translated into passively discouraging people from taking vacation.

noahlt 6 days ago 1 reply      
I've always wondered this about the pizza-delivery story: how did they know the address where Kyle was staying?
sagargv 6 days ago 0 replies      
Where was twitch.tv hosted before the acquisition? Bandwidth on AWS would've costed a bomb.
bambax 6 days ago 0 replies      
Great stories and great writing; thanks for sharing.
Court: Breaking Your Employer's Computer Policy Isn't a Crime eff.org
293 points by kjstevo  3 days ago   113 comments top 16
dkbrk 3 days ago 1 reply      
> A court should not uphold a highly problematic interpretation of a statute merely because the Government promises to use it responsibly.

This. Whether a law is just needs to be considered in light of its worst-case abuse potential, not just on the basis of how it is currently being applied. It is a great advantage of the common law system that over-broad, ill-specified or otherwise broken laws can be remedied through precedent, however the responsibility still lies with the government to make laws that are well-considered, based on sound principles and not overly broad.

Illniyar 3 days ago 3 replies      
"Valle was also charged with violating the CFAA for accessing a police database to look up information about people without a valid law enforcement purpose, in violation of NYPD policy."

I find it odd that the prosecutors decided to go with a computer fraud charge for this crime, aren't there any laws that would prohibit this action regardless of method used? If he chose to lookup paper files on unrelated people, would he be immune to prosecution?

ubercow 3 days ago 0 replies      
> The court also ruled that the government cannot hold people criminally liable on the basis of purely fantastical statements they make onlinei.e., thoughtcrime.

I think this is the bigger news here.

SeanDav 2 days ago 1 reply      
I almost think the entire EFF should receive the civilian equivalent of the Congressional Medal of Honor. Amazing work and gratz to all those involved!
golergka 3 days ago 3 replies      
For the people who skipped the article and assumed that the case was about some stupid office policy:

> Valle was also charged with violating the CFAA for accessing a police database to look up information about people without a valid law enforcement purpose, in violation of NYPD policy.

This is not a typical "employer policy". This a policy about access to sensitive private data that is only available to the government. Wouldn't you want improper access to such data punished?

pilif 3 days ago 5 replies      
In general, that's probably the right decision. But I also think that using police records for personal purposes is different from browsing Facebook at work.

One only damages the employer slightly, the other has huge potential issues against society at large. The CFAA is not the correct solution for this issue, but none the less, I think such behavior should be a criminal matter.

ss64 3 days ago 1 reply      
r0m4n0 2 days ago 0 replies      
I'm not a lawyer by any means but in CA I'm completely aware of an employer clause in subsection H of 502c that obviously excludes these acts performed within the scope of employment, as long as there wasn't real damage as an outcome. I don't have a copy of the CFAA but I'm assuming it does as well. Interesting that there was dissent to begin with...


sixtypoundhound 2 days ago 0 replies      
This is awesome piece of work - massive kudos to the EFF!

In true authoritarian tradition, the establishment took an unsympathetic example (on the surface, this defendant is a hard one to explain to the common person) and used it to push through some scary interpretations into case law that would affect a much broader (and more mainstream) group.

aluhut 3 days ago 3 replies      
Mh I'm getting a 403 from Germany for the whole domain. downforeveryoneorjustme says it's up. Could someone paste the content for me?
mcherm 2 days ago 1 reply      
The topic is interesting, but I would rather read an intelligent synopsis with comments on the implications than try to read the court opinion on my own without any input from those properly trained in the law.

(Linking to the actual decision IN ADDITION to some expert analysis would be a great idea.)

sowbug 3 days ago 0 replies      
How might this court have handled the Aaron Swartz case? I don't know the facts of either case well enough to tell whether they're comparable.
x1798DE 2 days ago 0 replies      
I've seen other places in this thread indicating that charging this guy under the CFAA was an inappropriate choice (i.e. not just the only choice if they want to pursue criminal charges); does anyone know if there have been similar cases of abuse of law enforcement data where the accused was charged under a different statute?
workitout 2 days ago 0 replies      
The efforts of the EFF are to be lauded in this case.
nicolai123 3 days ago 0 replies      
Great news !
Dwarf Fortress 0.42.01 released bay12games.com
330 points by robinhoodexe  6 days ago   165 comments top 19
epaga 6 days ago 11 replies      
For anyone who is thinking about giving it a spin for the first time, do yourself a favor and don't get this .01 version. Either wait for a few patches or download the far more stable and mature 0.40.24 (http://www.bay12games.com/dwarves/older_versions.html)

Dwarf Fortress is basically a perpetual beta with lots of major bugs as it is, but especially brand new major versions like this one usually have multiple game-breaking bugs, including crashes, corrupted saves, etc. It would be a shame if people willing to give it a try would give it up due to the poor quality of the initial release of a new major version.

Dwarf Fortress is a truly unique game and really worth putting in the effort to learn simply due to the stories it generates as you play.

Here's an example of a story that happened to me. https://www.reddit.com/r/dwarffortress/comments/1mb0cw/the_s... Note this story is in no way embellished by me. Everything described there was actually simulated within the game.

ndarilek 5 days ago 4 replies      
Does anyone know enough about how this game works internally to know if alternative interfaces and presentations are possible?

I'm blind, and have wanted to play this game ever since I heard of it years ago. I used to play console-based roguelikes, and while they were a bit slow to interact with, RLs were a refreshing tactical change from text-based IF.

Reading lots of DF stories would suggest that there's some sort of internal eventbus-style system by which the characters themselves interpret their surroundings, and if you could hook into that, you could describe the world textually to some extent. You might even add audio cues for certain events to increase the non-visual fidelity of the UI.

I see in some of the below comments that there's a text-based mode. Might give that a try to see if it's playable on the same scale as Nethack/Angband were for me.

hodwik 6 days ago 8 replies      
This is why text-based games are king. One dot release and we're seeing a mountain of new features.

I've always dreamed of getting together a big budget to make a text adventure (e.g. Zork) of incredible scope, both in depth and "interactibility" -- a complex object typologies system, bring in learning chat bots for NPCs, and a system where users can add new objects, rooms and descriptions while they play, a complete object relational system (so it can tell "on", from "next to", from "above"), a very complete state system and so on.

Perhaps an "adjectives system", so it knows a huge amount of adjectives relating to any one object, and can generate simple novel sentences about that object on repeat views.

I think that at some point someone will be crazy enough to do it, and it's going to be most excellent.

snake_plissken 5 days ago 0 replies      
Dwarf Fortress is a truly special endeavor. The gameplay is unique and engrossing. And completely maddening, in a the best way. The quirky bitmap graphics are mesmerizing. Each time you start a new game, it's a new world with new areas to explore and new chances to make your kingdom last longer than the last one. But the music! Amazing! Honestly the music is my favorite part.

In a lot of ways DF is similar to the early days Minecraft. It was just "special". You can get lost in it for hours on end.

Girlfriend - "You want to go out tonight?"Me - "Nah I'm good. I am just going to play Dwarf Fortress for 10 hours..."Girlfriend - "Well I am going to go to Dim Sum Garden!"Me "Iiee decisions, decisions!"

KirinDave 5 days ago 2 replies      
If you'd like to learn to play the game, it's not easy. I've created a multipart video tutorial to help you sort of find your feet, learn a few of the keybinds, and get a checklist of things you need. It also talks about how to get better graphics and an isometric view.


Enjoy all the fun. Dwarf Fortress is one of the only single player games that has held my attention consistently over the years. I suspect you might find it engaging as well.

dpeck 6 days ago 3 replies      
I admire the forever project, and the dedication of the brothers. I've played the game way too much in the past, but I grew increasingly frustrated with the single threaded model combined with their disinterest in fixing it.

Building an expansive fortress and number of dwarfs is a lot of fun (honestly, probably the most fun I've had with a game since Dungeon Keeper and Settlers way back) but then FPS starts dropping and you find yourself doing dumb things to counteract that. The fun bits fade away and it gets tedious.

To me, DF is best looked at and enjoyed as an amazing art project and an inspiration for other game devs.

aresant 6 days ago 1 reply      
>First time playing dorf

>Make a nice, tidy fort, everything is going great

>Out of booze and its winter

>Oh well, the farms still working>suddenly

>Urist McFarmer has gone berserk!>and, soon after

>New migrants have arrived.

>there are like 3 children with them

>they are on the entrance, where theres a gigantic moat and a bridge

>Urist McFarmer is on the other side

>he pulls the lever to the bridge

>all of the children are on the bridge

>they fall down

>they are all still alive, they fell like 12 z-levels though

>the moat is almost completely red

>theyre crawling around, everything is broken oh god

>Urist McFarmer is finally put down by one of the miners

>children arent even starving or dehydrating, theyre just crawling there

>have to lock up the non-important people in a room so that they dont diminish the food reserves

>the nobles are sad now, the miasma is getting to them

>dump the corpses in the moat, including urist mcfarmer

>the children are puking and still crawling, not even starving or dehydrating, just endless agony

>the migrants are still on the other side, they die too

>the only people left alive are a few miners and a farmer

>and the children

>they never die

via http://dfstories.com/

aymeric 6 days ago 7 replies      
It is unfortunate that a game as famous as Dwarf Fortress only makes so little in money: http://www.bay12forums.com/smf/index.php?topic=152358.0
vessenes 5 days ago 0 replies      
The only thing that is frustrating for me about DF (well ex-game frustration, not in-game) is that getting visualizations and interface changes in is gated by Toady. I dearly wish that this part could be taken over by the open source community; it would let him keep writing the simulator, and we would get some amazing VR-friendly worlds on top of the simulator.

I know that he doesn't want to support an open developer community because he, you know, wants to write his simulator and make it even more incredibly awesome than it is, but if only there were a way to get that code unlinked and into an API, it would make millions of people very happy.

AndyKelley 5 days ago 1 reply      
I tried to play this game, and I think that the interface is a complete bottleneck. Once you have more than 12 dwarves, which you are completely intended to do, it's tedious and difficult to access them, organize them, and generally, the interface to the simulator you have is like drinking through a straw. I think the fun would be massively improved with making it easier to interact with the simulator.
ctdonath 6 days ago 1 reply      
Summary of the maddening complexity of Dwarf Fortress: http://dwarffortresswiki.org/images/4/40/FunComic.png
lips 5 days ago 1 reply      
Home of the best bug tracker ticket titles evar:

"Lye in wood barrels can't be used for making soap"

"Dwarves upset from not seeing family not in fort"

"Zombies start conversation with necromancer adventurer who tries to sleep in their house"

awakeasleep 5 days ago 3 replies      
People who really 'got into' DF- What age were you when it clicked?
sageabilly 5 days ago 0 replies      
Anyone else compare every other game they play to Dwarf Fortress? The only game I've ever played that even comes close (IMHO) is The Long Dark, and that's only because I know the studio pours their heart and soul into the game.

So glad this is still going. I hope development never stops!

codewithcheese 6 days ago 2 replies      
I've seen some mods that make Minecraft beautiful, I wonder if the same can be done for DF?
jmnicolas 5 days ago 0 replies      
There has been a lot of articles about emacs on HN recently, so now I wonder why Dwarf Fortress is not an emacs mode ;-)
dccoolgai 5 days ago 0 replies      
Word to those who want to begin their DF journey: counter to what you might expect for a text-based game, DF can chew a lot of CPU cycles. I always pick small world size and very short world history at worldgen, bc the larger/longer worlds have a lot more stuff for the game to keep track of and can slow it down, IME.

Strike the earth!

listic 5 days ago 2 replies      
What language is Dwarf Fortress written in?

It is closed source, isn't it? I assume it is, like ADOM, to keep the secrets. Though there is an obvious solution: you could separate the game data from the engine, and open-source the engine, for public benefit and participation.

nodivbyzero 5 days ago 0 replies      
Is Dwarf Fortress open source?
Trojan found in Filezilla downloaded from SourceForge filezilla-project.org
331 points by yitchelle  5 days ago   208 comments top 30
scrollaway 5 days ago 10 replies      
Something came up last time Sourceforge was discussed here, namely "why are projects still using it?"...

I'm the project lead for LXQt (http://lxqt.org). We inherited some infrastructure legacy from LXDE, which was hosted on sourceforge. Today, we have moved most of the legacy to Github but we're still using Sourceforge's mailing list system.

We're moving to a self-hosted mailman3 instance but it's been excruciatingly painful. Email is not fun to deal with.

So I'm pitching this to bored devs and entrepreneurs: Help us, and many other projects, by creating a "Github for mailing lists" with a web client featuring a clean high quality UI, easily browsable/linkable archives, etc. Make it open source, make it self-hostable, stuff in enterprise support. Make it quick and easy to create new lists.

This model can work. It's not unheard of either (cf. Discourse), but it just hasn't been executed properly yet, or is forum-only and does not support email properly. Right now, the UX of mailing list software is like IRC's. Very raw. If it were made more seamless, more approachable, overall easier, it would have a similar effect as Slack has had on unthreaded-async-topical-conversation.

PS: You should change your adblocker to uBlock Origin. It blocks Sourceforge as a malware risk.

DanBC 5 days ago 2 replies      
> If someone really wanted to download FileZilla and skip the malware do just that.

> Then after installation is complete install Malware bytes and Avira. Scan with both and restart the computer.

> Then run with ADWcleaner and and remove the infections and restart. should be good from there and enjoy FileZilla.

Do people really think this works? I mean, there's no-one on HN who thinks this works, right?

agildehaus 5 days ago 5 replies      
SourceForge and Filezilla are both on their way out, hence their owners desire to monetize their remaining users while they still can.

WinSCP is a decent alternative. As is Swish:


vermilingua 5 days ago 4 replies      
As far as the password storage goes, you are not up-to-date. They are stored base64-encoded now.

Yes, much better.

morganvachon 5 days ago 0 replies      
I stopped using Filezilla on Windows a while back, due to this and other issues (passwords stored in plaintext, etc.) and switched to PSFTP and PSCP, which are MIT licensed and offered directly from the developer's page[1]. However, reading this article reminded me that Filezilla was actually still installed on that box, just not in use, so I decided to uninstall it while it was on my mind. Immediately after uninstalling it, it tried to force a shutdown on my computer. The only reason I was able to stop it was because I had a process running in the background that wouldn't terminate and I was given the choice by Windows to force shutdown or cancel.

Now, I've only ever installed it from ninite.com[2], so I know it didn't initially have the Sourceforge trojan/adware junk. However, I've since allowed it to download its own updates instead of doing it manually through the Ninite downloader. I've never, ever seen a program I've uninstalled via the Windows Control Panel with the ability to force a shutdown or restart without first notifying me or giving me the option to postpone. I'm starting to think there's something nefarious in Filezilla itself, perhaps in one of those "direct from the developer" updates, not just the Sourceforge wrapper.

Another interesting thing is that the built in Filezilla updater will first uninstall the app before reinstalling the updated version, and it never tried to restart or shutdown the computer during those updates, only during uninstallation from the Control Panel.

[1] http://www.chiark.greenend.org.uk/~sgtatham/putty/download.h...

[2] Ninite strips out any malware or other crap from the installer and only installs the pure program with default settings, in the background, and sources the app directly from the developer's site when possible. It's my go-to tool for essential Windows utilities.

discreditable 5 days ago 0 replies      
The linked thread is from 2015-04-20. SourceForge has been bundling adware with Filezilla since then and continues to do so. Here's a VirusTotal analysis of the current installer: https://www.virustotal.com/en/file/16e0ecda06ed98f835e449e1e...

If you want clean software you must not install directly from Sourceforge.

jug 5 days ago 1 reply      
AFAIK this practice (and not on the FileZilla project alone) is why uBlock Origin is blocking SourceForge.
gargalatas 5 days ago 3 replies      
Unfortunately Filezilla has this trojan for some years now! The trojan send all your identities to a server. This is tested 100%. We had many passwords stolen this way and we are 100% sure that it's filezilla.

Just take this test: Try to download the Filezilla and when the download page shows click on the Direct Link. Then compare the two executables, one that downloaded automatically and the one that it downloaded via the direct link.You will see that the direct download is clean but the other has the SF icon and it has a virus!

CM30 4 days ago 0 replies      
So SourceForge has gone from terrible to (somehow) even worse than that.

It makes me wonder; why don't we have a good site for Windows programs yet?

Ideally, it'd be run by volunteers (not a company with a profit motive), would manually moderate the programs posted them (and remove any adware/spyware/bundled programs by force if necessary) and tell every malware ridden sleazy ad network to sod off.

It exists in more niche subject areas. If I look for game making resources, a lot of those sites actually do proper moderation and try and make sure viruses aren't present in uploads. Places like MFGG are pretty good about this. So why don't we have that for software in general?

I mean, there's GitHub and package managers, but it's disappointing how this market has no honest people in it.

chris_wot 5 days ago 1 reply      
This has been known about for some time. The Filezilla guys know about it.


Jonnerz 5 days ago 1 reply      
It's done intentionally to make the owners a bit of money. They have direct download links on their website (click show all on download page), avoid the green Sourceforge link.
jmnicolas 5 days ago 5 replies      
No way I'm supporting this kind of behavior. Can you suggest an alternative to FileZilla ?
elipsey 4 days ago 1 reply      
The Filezilla forum admin in that thread obstinately blames users for "accidentally" accepting a bundeled "offer", when users are clearly warning project admins that the installer is infected with malware.

Does sourceforge share revenue from bundeled installs with projects?

nissehulth 5 days ago 0 replies      
Older thread about Sourceforge: https://news.ycombinator.com/item?id=9623142

Just don't use them.

halfdan 5 days ago 1 reply      
Absolute money quote: "As far as the password storage goes, you are not up-to-date. They are stored base64-encoded now."
jedicoffee 5 days ago 0 replies      
"While the SourceForge Installer may present third-party offers,"

Don't worry, it's just an "offer". They're totally not distributing malware via their installer.

cpach 5 days ago 0 replies      
About two hours ago I pondered installing the Diffuse merge tool[0] on a Windows box. Then I noticed that it was hosted on Sourceforge and thought "nah, not really worth the risk". Now that I see this post I feel even more content that I avoided Sourceforge.

[0] hxxp://diffuse.sourceforge.net/

Karunamon 5 days ago 1 reply      
What really gets me is the glib attitude of the FileZilla maintainers to this news. Whether trojan or adware, the "just uncheck the boxes" mindset is rather insulting.

Move your stuff off Sourceforge! What the hell is wrong with your people?

robgibbons 4 days ago 0 replies      
It's funny, I literally just messaged the maintainer of the Minibian project, politely asking that he move the Minibian project away from Sourceforge, when I saw this post on HN. It's too bad to see Sourceforge ending up like this, after it was so useful years back.
jdeisenberg 4 days ago 0 replies      
Slightly O/T, but has anyone experienced similar problems with downloads from PortableApps.com? They use SourceForge as well, and I am now hesitant to recommend PortableApps to friends and co-workers.
rietta 4 days ago 0 replies      
It would seem that more projects would benefit from running their own free software on their own virtual server infrastructure. A decade ago, there was GNU Mailman and it's still around - http://www.list.org.

Yes, this means that a self-contained project needs the funds for basic hosting and also someone with system admin experience. But that should not be unreachable for major projects.

jron 4 days ago 1 reply      
Tim Kosse has really tarnished the reputation of FileZilla by ignoring the SourceForge malware problem.

Chrome and Firefox should add SourceForge to their malicious site list.

acd 5 days ago 2 replies      
There is a safer way install FileZilla through ninite installer or chocolately


Chocolatey nuget is similar to Linux package managers but for Windows programs

https://chocolatey.orgchoco install filezilla

aw3c2 5 days ago 0 replies      
> 2015-04-20
jokoon 5 days ago 2 replies      
Clicking on the download link ws blocked by ublock origin. Weird.
FussyZeus 5 days ago 0 replies      
Refuse to download anything from SourceForge anymore. Sad too, used to be the best out there back in the day.
nthcolumn 5 days ago 0 replies      
People are still using SourceForge? :O
kyriakos 5 days ago 0 replies      
you can get a clean version from fosshub
rbanffy 4 days ago 1 reply      
Are we still using FTP?
rogeryu 5 days ago 1 reply      
That article is from April. Good to know about it, but is this news?
Labella.js placing labels on a timeline without overlap twitter.github.io
371 points by callumlocke  5 days ago   77 comments top 22
jbranchaud 5 days ago 2 replies      
It'd be cool if the creator used some filler text on the labels generated on the home page so that we could see what it looks like that way.
iheartmemcache 5 days ago 2 replies      
Man, I've been searching for a way to do this (generate declaratively images for flow-charts, graphs, etc) which are aesthetically pleasing enough to embed into case studies and white-papers for ages. DIA is functionally sufficient but aesthetically awful when you end up embedding it into a nicely styled InDesign, LaTeX, or Quark publication. I'm going to be pairing this with PhantomJS and making a command-line front-end -> svg over the weekend.
scrollaway 5 days ago 5 replies      
Boy does that freak out with 200+ labels. :)

Looks fun, though.

shseham 5 days ago 3 replies      
How complex would it be to do it without taking in the min/max width parameters? It soon becomes insanely complex when you want draw a graph with nodes of variable width and height. Say for example if you wanted to add text inside the boxes and you want the box width to be determined based on the text. I have previously tried to adapt the default tree layout algorithm (ReingoldTilford?!) in D3 and failed miserably. http://bl.ocks.org/mbostock/4339184
samuell 5 days ago 0 replies      
Thought I read "lalibela" first :) (Those famous buildings carved out of rocks, a loooong time ago, in Ethiopia https://en.wikipedia.org/wiki/Lalibela)
plaid_dev 4 days ago 1 reply      
Can someone briefly explain, at a high level, the positioning algorithm that one would use to solve a problem like this?

ReingoldTilford was referenced below but doesn't seem applied in this case.

I've attempted to look through the code here but comments are limited and it is pretty imperative.

vlad 4 days ago 0 replies      
Someone sent me a direct link and I had no idea what "Labels should be beautiful" meant.

The slogan should be changed to "Labels on a timeline without overlap", just like the hacker news thread title. :)

macca321 5 days ago 0 replies      
I would like something like this for things placed anywhere on a screen. The use case is hitting the alt key and displaying labels with the keyboard shortcuts for buttons.
mstade 5 days ago 0 replies      
This looks really good. I wonder, how well would it work with a network rather than just a single line? I'm thinking about something like a git network graph.
haldean 4 days ago 0 replies      
I wrote a simple thing to do a similar operation for photos that are in-line with text on my website; I wrote a little bit about it at http://haldean.org/hooke if people are interested!
Ciantic 5 days ago 2 replies      
How come the labels are sideways in left/right position? It feels like it defeats the purpose.
maneesh 5 days ago 1 reply      
How do you add text to these labels?
chdir 5 days ago 1 reply      
Wouldn't it look more readable if the connectors are straight lines with 90 degree bends instead of curves (like a neatly laid out circuit or wire diagram or tube network).

The current version is artsy. Thanks for sharing this though. Looks very cool.

gotchange 5 days ago 0 replies      
Any specific use case for this plugin?

What about the restrictions on the height imposed on the labels?

dvdplm 5 days ago 1 reply      
Is this restricted to a straight line or can it be used to label any svg (?) path?
xomateix 5 days ago 1 reply      
The simple example link from the github page (http://twitter.github.io/labella.js/easy.html) is a 404.
estefan 5 days ago 1 reply      
Sounds like a disease.
thejerz 5 days ago 1 reply      
Is there a way to lay out the nodes vertically instead of horizontally?
dvh 5 days ago 2 replies      
Labela.js - placing labels on a timeline without overlap
idibidiart 5 days ago 1 reply      
WHOOPS! Set Labels to 200 instead of 20 and click Generate Labels. The diagram is not only incomprehensible, it actually wobbles, flickers and shakes as you scroll.

You need something better than a linear progression of ticks if you want to track and label lot of events that have happened.

idibidiart 5 days ago 2 replies      
"Shakes, wobbles and flickers" when user is scrolling while algo is running with 200 points, which isn't a huge number of points if you consider other means of showing time series data. Positioning algo is dumb if it doesn't take UX into account when number of points is relatively large. It should pause while the user is scrolling.

Also, it is a futile to suggest that automatically placing labels is scalable for any number of labels beyond 40 or so. The resulting diagram beyond 40 or so points is incomprehensible. I tried 200, but 50 or 70 would also most likely result in messy diagram.

The Fall and Rise of SVG siliconpublishing.com
322 points by maxdunn1  3 days ago   92 comments top 19
davidjgraph 3 days ago 8 replies      
"Rather than embracing SVG as an alternative, Microsoft pursued a blatant copy of Flash in their too-late-to-the-table Silverlight effort."

The author seems to have missed, apart from an initial mention, VML out completely. VML was Microsoft's SVG alternative in IE 5 through 8, not Sliverlight. Sliverlight was a Flash alternative.

VML, although badly documented, can/could do much of what SVG can do, in a few cases it does it better. It was also pretty complete with IE 6 in 2001. SVG had the first very basic version in Firefox 1.5 at the end of 2005, and needed Firefox 3.0 in 2008 before you could say it was reasonably complete. MS thought they had a head-start and could win the vector battle.

The key thing, as well, with VML is that it was built into IE natively. Getting Adobe SVG or Sliverlight added onto IE into large corporate environments was near on impossible. We, fortunately, decided we didn't trust Adobe prior to them killing the IE SVG plugin and were running fully on VML at that point.

The last 10 years of my working life have been based around SVG and VML, my co-founder and I would tell you a similar story. Especially, regarding word-wrap in SVG, it's our top pain point as well. It forced us to use HTML as foreign objects in SVG to get word wrap. Of course, IE never supported FOs, Edge has only just added it.

leeoniya 3 days ago 1 reply      
An article about rise of SVG with numerous images of SVG drawings, and not a single one of them is an actual SVG :)
NelsonMinar 3 days ago 0 replies      
I think a lot of credit for SVG's resurrection goes to Mike Bostock for making it the core of his visualization technology. Obviously D3 is the big SVG thing now, but his 2009 work on Protovis also relied on SVG, as did Polymaps in 2010.

I argued with Mike back then that SVG was a bad choice because it didn't work in MSIE and it was sort of a forgotten technology everywhere else. Fortunately he didn't pay any attention to me. SVG is particularly handy because it lets Javascript create and alter graphics using a DOM representation. That's something you really can't do in Canvas or WebGL without reinventing parts of what DOM does.

pdkl95 3 days ago 2 replies      
I suggest that SVG missed it's true calling - as a modern vector animation platform. D3 is a good example of that kind of use, but I think it had a lot more potential. The ability to debug your graphics as elements can be very useful, and you get a lot of functionality built-in (e.g. DOM events).

As an example, see this unfinished asteroids SVG I wrote in '09 (before <canvas> was generally available):


(seriously, it's not actually a finished game - damage is disabled, there's no levels/etc, but you can move with the arrows, shoot with space, (useless) shield on x)

The problem was the (slow) reflow every time you changed the DOM. I tried a few ideas to batch changes or pre-allocating elements, but browsers just couldn't run it consistently smooth enough at the time. It's somewhat better now - maybe I should actually finish it...

Cymen 3 days ago 2 replies      
For SVG to truly rise, it needs better font/text support. It should be easy to programmatically determine the width of a string of text in a given font. Unfortunately, it is not. You can go look how libraries like D3.js do it. But ultimately, pixel-perfect text with SVG is difficult/impossible. I'd really like to know if I'm wrong about that.

On the positive side, ReactJS plays great with SVG. I'm working on some basic line charts that I want ReactJS-managed so I can render them server-side too. My line chart isn't done but I tried the server-side rendering and it's working great.

erikpukinskis 3 days ago 1 reply      
The only thing holding back SVG is laptops. Most phones have enough pixel density that SVGs look great and are the right choice for most non-text, non-photo assets. But pixel density is low enough on most laptops that they look fuzzy. Low-end tablets have the same issue but no one really cares about hi-if experiences on those devices.

I think it often comes down to what's the easiest asset workflow that gets us a good result. From that perspective, 1x raster + 2x raster is less work than 1x raster + SVG

ingenter 3 days ago 1 reply      
I see a big security problem with SVG: browsers allow executing scripts in SVG files in site security context, so you have to check for a lot of script execution vectors in SVG before you allow uploading user files.



donbronson 3 days ago 6 replies      
Where is native support for iOS and Android? Why do we bother generating the same assets for different screen densities? Am I the only one who wants SVGs on mobile?
lechevalierd3on 3 days ago 2 replies      
No mention of retina screens?In my experience it has pushed to use font and svg on the web.
jzcoder 3 days ago 0 replies      
Corel had a serious SVG effort during this early period around 2002-2004. They created a SVG Viewer and tooling around an initiative known as Smart Graphics.

Here's a Press Release about it:http://www.corel.com/uk/pdfs/press/79.pdf

jarek-foksa 3 days ago 0 replies      
I'm currently working on an SVG authoring tool written in JavaScript. You can check the project on https://chrome.google.com/webstore/detail/boxy-svg/gaoogdonm...
idibidiart 3 days ago 1 reply      
1. ForeignObject support still sucks.

2. WebGL and even Canvas are significantly more performant. I realize that's comparing apples and oranges... Still, if I had a choice for any data visualization project today I'd use WebGL rendering, or ThreeJS etc.

Spoom 3 days ago 1 reply      
We use SVG all over the place, but then we have the great privilege of being able to tell our clients to only use modern browsers. It's pretty nice to be able to specify one graphic for use at all pixel densities that never gets blurry.
dnautics 3 days ago 0 replies      
One of the early successes of svg, iirc, was its adoption by Linux window managing software.
LarryMade2 3 days ago 0 replies      
I think another factor in the rise of SVG was it being used in illustration programs most notably Inkscape and its predecessor Sodipodi.
colbydehart 3 days ago 0 replies      
Should this be called the rise and fall and rise of SVG?
coldtea 3 days ago 0 replies      
I have worked with SVG extensively, mostly through Raphael but also with Snap and D3.

It might not be a perfect standard, but it's a glorious feature set the web needs.

mxfh 3 days ago 1 reply      
Or also read W3C's version of the SVG Origin Story:


criddell 3 days ago 1 reply      
Google renders their homepage with SVG now, don't they?

Right click on google.com and do a view source.

France looking at banning Tor, blocking public Wi-Fi arstechnica.co.uk
380 points by HugoDaniel  1 day ago   258 comments top 33
gotchange 1 day ago 5 replies      
The French regime again showing its ugly authoritarian and statist face with these draconian bills. It wasn't enough for them to put environmentalists under house arrest and subject innocent people to humiliating mandatory reporting to different police stations 3 times a day or obligatory curfew for certain people or neighborhoods without any judicial oversight. [0]

I knew it from the beginning that they would abuse the State of Emergency decree and turn the lives of people esp minorities into a living hell.

[0]: https://wiki.laquadrature.net/%C3%89tat_urgence/Recensement# FR))

Rexxar 1 day ago 3 replies      
France doesn't consider anything. If you speak French, just read the original article on lemonde. It's just a wish list from people working in police and gendarmerie.

 Etabli mardi 1er dcembre par la direction des liberts publiques et des affaires juridiques (DLPAJ), il recense toutes les mesures de police administrative que les policiers et les gendarmes souhaiteraient voir passer dans le cadre des deux projets de loi en cours dlaboration, lun sur ltat durgence et lautre sur la lutte antiterroriste.
Even if it was an official proposition from government, there were no guarantee this will go through the legislative process. Parliamentary members do not follow systematically the government and even when they do, many laws are partially or completely blocked by "conseil constitutionnel".

reacweb 1 day ago 2 replies      
I think we should really investigate the writers of these two new pieces of legislation. These people are a bigger threat for all our values than all the terrorists of the world. The only good answer to terrorism is to not surrender freedom.
zeveb 1 day ago 0 replies      
We see the same impulse in the U.S. and across the world: whenever something bad happens, people call out for something to be done, regardless of whether that something would have helped, or if its negative effects outweigh its positive effects.

We see it with encryption. Yes, encryption can be and is used by bad people for evil ends, but it is also used by good people for good ends; encryption is simply the means. It's a human right to speak privately. Law enforcement can still investigate, can still use different powers to eavesdrop and compel parties to speech to reveal that speech; but it has no right to be party to private speech. Yes, bad things will not be detected as a result, but it's worth it.

We see it with arms control. Yes, weapons can be and are used by bad people to kill innocents; but they are also used by good people to defend themselves, whether from crime or tyranny. It is a human right to be armed. Law enforcement and the military can still use their superior numbers and training to overwhelm a foe, but they have no right to claim a monopoly on arms. Yes, innocents will die, but innocents will also live.

We see it with the war on some drugs. Yes, some people will take certain drugs and commit crimes; but other people will take those same drugs and enjoy a pleasant mental state. Law enforcement can still arrest criminals, but it has no right to arrest folks who haven't harmed anyone. It's a human right to alter one's mental state. The tradeoff is worth it.

The thing is, you have to take this attitude toward all things: religion; drugs; weapons; encryption; speech in general. Once you start to carve out exceptions and exclusions to liberty, you'll end up losing ever-more liberty. It happens faster than one might imagine.

rwmj 1 day ago 11 replies      
All this because 130 people were killed. What would they do to prevent the 4600 people killed in road accidents in France last year? Or the 49000 people killed by alcohol [in 2009]?
azurelogic 1 day ago 1 reply      
What is more ridiculous is that shared public wifi would become critical in the event of a major terror attack (on scale with 9/11). We have already seen the use of social media to allow families and friends to connect after a disaster occurs. Given the fragility of mobile data networks under heavy load, public wifi could become the only option for mass communications. The French government will only be handicapping its people when they need help most.
jacquesm 1 day ago 1 reply      
That's logical since the known attackers did not use public Wi-Fi nor Tor as far as we know today but all kinds of plain text channels. /s
khgvljhkb 1 day ago 1 reply      
I have 0 faith in governments both for understanding and acting properly in the information age. They have time and again acted bad, and seem to not even understand the medium with they try to regulate.

In the information age, power does not lie with the one who has the guns. I hope everyone reading this takes some time to research how to encrypt your communication & how to use bitcoin.

I also hope we will see more user-friendly ways to communicate securely (BitMessage is an awesome solution for this)

akerro 1 day ago 1 reply      

Top Intel Lawyer Says Terror Attack Would Help Push for Anti-Encryption Legislation


tdkl 1 day ago 2 replies      
And they were mocking the reactionary Patriot Act.

Learning from the past is hard. Or in this case, simply neglected for convenience. Cui bono?

aikah 23 hours ago 1 reply      
Yes, our government is going full r-tard. I fail to see the difference right now, between the "left" and the far right to which the left loves pointing fingers at. With the state of emergency, the left is behaving exactly like fascists.

Now imagine the left voting all these anti-freedom laws, suspending (some) human rights (as it is the case now), and in 2 years, the far right coming into power and using the laws the left voted for their own benefits.

jsjohnst 23 hours ago 0 replies      
> The French prime minister suggested that they may soon make it illegal to merely visit a terrorism-related website, too.

So getting rickrolled could land you in jail? Yeah, that'll go over really effectively.

OJFord 1 day ago 0 replies      

 > a ban on free and shared Wi-Fi connections during a > state of emergency
Restricting communication and access to news bulletins sounds like a terrible thing to do in a state of emergency!

noja 1 day ago 0 replies      
Yes, because the attackers didn't use plain old sms, oh no they didn't!
r-w 1 day ago 2 replies      
The U.K. is already far beyond illiberal, but I cant see Germany going this way. Theyve long been on the right side of the Internet, and I doubt theyll have any need to do otherwise anytime soon.
akerro 1 day ago 0 replies      
Another country is looking at banning Tor. Another country will be defeated by Tor. Let's watch them fail.
ionised 5 hours ago 0 replies      
And people thought using terrorist attacks as a way to push a totalitarian agenda and perpetual police-state was just tin-foil hattery.
alephnil 23 hours ago 1 reply      
It is not the first time France has done things like this. In the 90s, France outlawed encryption completely, with prison sentence for breaking the ban. As tools like ssh became common, this became less and less practical. For example the supercomputer center at my university had to develop a one time password scheme for the French users (printed out and sent to them by mail), since ssh was strictly forbidden there.
id122015 20 hours ago 0 replies      
I've read that the radical Muslim attacks were sponsored by Russia. In the absence of the Big Picture it's hard to understand Political Science and who are the main Actors on the spheres of influence.

All that Russia wanted was to divide their enemy.New propaganda but the trick is old.


Mikeb85 18 hours ago 0 replies      
BTW, this is the real news from France today: http://www.lefigaro.fr/elections/resultats/
akerro 1 day ago 1 reply      
Windows 10 lets you share your WiFi password with your Facebook friends. That's technically a shared WiFi isn't it?
moron4hire 1 day ago 0 replies      

""Terrorism" comes from the French word terrorisme, and originally referred specifically to state terrorism as practiced by the French government during the 17931794 Reign of terror."

acd 1 day ago 2 replies      
West will not win against crazy groups by reimplementing the great firewall of China.

If the state wants to control our lifes, they should havereal time access to credit card and phone data.

One main issue is religions and that it turns people against each otherdue to different beliefs.

wiz21c 1 day ago 2 replies      
Could anyone cite the part of the article referring specifically to the TOR network (article behin pay wall).

(Note : I say "cite", which is not a copyright viloation)

ipozgaj 23 hours ago 1 reply      
Even if they pass the law to ban Tor, you could still use it through an SSH tunnel, which is effectively undetectable.
rasz_pl 1 day ago 0 replies      
>block Wi-Fi hotspots during a state of emergency

but Oceania has always been at war with Eastasia!

dheera 1 day ago 0 replies      
Accidentally read it as "The first proposal, according to Le Merde, would forbid free and shared Wi-Fi during a state of emergency."
dschiptsov 1 day ago 0 replies      
As if public Wi-Fi has been somehow related to the attack or its causes.
dangerpowpow 1 day ago 0 replies      
do they think this will stop terrorists?
contingencies 20 hours ago 0 replies      
My family and I had planned to move to France in the next few years, partly in order to educate our daughter in French. Given the state's behaviour, we will be reconsidering that move. Where are the liberte, egalite and fraternite in these proposals? We can observe the exact opposite of all of these ideals: France has become a total hypocrisy.
cobaltblue 21 hours ago 3 replies      
Europe is doing all it can to produce a new Hitler. The anti-Muslim rhetoric can be insane at times, but it's no lie that the imports are from a very different culture and are unlikely to assimilate to a more western one, especially when they outbreed their western counterparts.

What concerns me is that all this money and rage will be spent in reaction to these tragic events that kill either less than 100, around 100, or around 3000 people tops. Earthquakes, tsunamis, hurricanes, and disease routinely kill far more and yet suggesting we devote effort to solve the engineering challenges of controlling our planet gets tossed aside as just as crazy as the suggestion that it's possible to control immigration with a wall.

dang 20 hours ago 5 replies      
> Once again the French show the world what they are best in

First, you can't post comments to HN slurring an entire people. Users who upvoted this should be ashamed of themselves.

Second, please stop posting inflammatory political comments to HN. That's not what this site is for.

wsc981 1 day ago 3 replies      
Socialist regimes have been te most suppressive in peoples history. Think about Pol Pot, Stalin, Lenin, Hitler, etc

Socialism kills [0]. Or a more eloquent and less extreme read would be "The Road to Serfdom" by F. A. Hayek


[0]: http://jim.com/killingfields.html

HTTP/2 is here. Goodbye SPDY? Not quite yet cloudflare.com
266 points by akerl_  5 days ago   69 comments top 14
xpose2000 5 days ago 6 replies      
In terms of optimal performance for end users... I should now be hosting all files on my own server w/ Cloudflare rather rather something like Google's CDN? For example, jQuery. Reason being, is that those files will all load in parallel on my own domain, whereas for another domain like Google, it'd have to renegotiate an SSL connection and wait a bit longer?

Is this correct? Or is there more to it than that?

Cshelton 5 days ago 2 replies      
I really wish Microsoft gave HTTP/2 support to IE 11 on windows 8/8.1.Any insight as to why they decided not to support it on IE 11 for windows < 8.1 would be appreciated.

Many of our users are stuck with windows 8/8.1, or even 7 for many more years unfortunately. Some of them won't even have another browser as an option(enterprise...).

NoGravitas 5 days ago 1 reply      
I'm quite surprised that there are a lot of browsers in the wild that support SPDY, but not HTTP/2, given auto-updating. But that's what their numbers show. Maybe mobile skews this?
therealmarv 5 days ago 3 replies      
Hmm, does anyone know how to support SPDY and HTTP/2 on a nginx>=1.9.5 and which has only module "ngx_http_v2_module" build inside? What is the configuration for nginx to support SPDY and HTTP/2 ?
ropiku 5 days ago 1 reply      
Does anyone know if they support HTTP/2 on the backend side too ? They didn't with SPDY and I think it would help to multiplex connections all the way.
tgb 5 days ago 2 replies      
Those page load improvement numbers seem ridiculously good (factor of almost 2 versus HTTP 1.1). Are they really expecting that to hold up in real world cases?
mei0Iesh 5 days ago 1 reply      
I'm using HTTP/2. Here's some quick stats:

 # tail -n100000 access.log | grep 'jquery.js' | grep 'HTTP/1' | wc 3,095 # tail -n100000 access.log | grep 'jquery.js' | grep 'HTTP/2' | wc 6,074

adamowen 4 days ago 0 replies      
For comparison, I enabled HTTP/2 via CloudFlare on a dev site. Results: http://blog.adamowen.co.uk/deploying-http2-using-cloudflare-...
joeblau 4 days ago 1 reply      
Just tested my side project https://www.gitignore.io and it now has sub second loading time. Unfortunately, adding Google analytics doubles the loading time to about 1.8 seconds.
xyproto 4 days ago 0 replies      
Here's a small utility for checking if a web server offers HTTP/2:https://github.com/xyproto/http2check
danielsamuels 4 days ago 1 reply      
Is it possible to use HTTP/2 without SSL yet? I tried it a few weeks ago and my browser was just downloading a 4KB file with some random bytes in it, I assume this was the server response but it wasn't clear.
tracker1 4 days ago 2 replies      
Am I correct in assuming this means that cloudflare reads html to determine other files that need to be sent (css, js, images)?
raullen 4 days ago 0 replies      
Google's HTTP loadbanlancer and CDN have supported H2 for a long while.
ape4 4 days ago 0 replies      
Both? Yuck.
Google, Microsoft, Comcast Say Verizons New Cellular Tech Could Wreck Wi-Fi bloomberg.com
320 points by walterbell  22 hours ago   170 comments top 26
rupellohn 22 hours ago 3 replies      
Here is the actual study - it is an interesting read:http://apps.fcc.gov/ecfs/document/view?id=60001078145

In a nutshell; the LTE transmission cycles on and off on a regular cadence without sensing if the channel is clear. This tramples over the 802.11 frames and results in higher utilization of the medium than that which is claimed by Qualcomm

mikecb 21 hours ago 3 replies      
That comcast is part of this coalition is hilarious. My apartment building is flooded by xfinitywifi beacons, in addition to each subscribers private SSIDs. Why they insist on turning on this functionality even in urban environments boggles the mind.
benlower 18 hours ago 1 reply      
Verizon has paid many billions of dollars to license spectrum over the years. It is in their business interest to charge customers $10 per GB of data while offloading the traffic onto free spectrum. Qualcomm wants to sell millions of new chips that will be required to power this new scenario.

It would be extremely unwise to let them push LTE-U thru without lots of independent testing and analysis. Even then there is a case to be made for keeping some spectrum 'open' and unlicensed lest we see it all end up owned by a handful of corporations.

acd 21 hours ago 1 reply      
Celluar companies has payed to the state to have monopolyon certain air frequencies for a number of years which brings in good profits. Now these celluar companies want to sell paid services on the non licensed bands which will make free services like Wifi slower.

Here is an analogy, its like a company wanting to sell paid access to a public beach.

hardwaresofton 22 hours ago 4 replies      
Sitting at about 0 worries. The second Verizon (or any other company's) new wireless tech started to mess with WiFi in practice (as in, at the consumer level), and was clearly attributable, they would instantly be hit with a giant tidal wave of bad PR.

Wifi works. People will not be very happy if you single-handedly break all their wifi-enabled things.

pmontra 20 hours ago 2 replies      
If LTE-U degrades WiFi won't it work in the other way too, WiFi degrading LTE-U? If this is the case it's going to be difficult to use LTE-U inside or close to homes, which are probably the most crowded areas and so the use case of LTE-U. It could be a difficult product to sell.
jostmey 20 hours ago 1 reply      
So if Wi-Fi performance is hampered then we might have to rely more on cellular data.
feld 20 hours ago 0 replies      
Why does Verizon want LTE-U so badly? They were against wifi calling until recently! I thought their network was perfect :)

The only thing I can think of is that they don't have enough high-frequency spectrum (1700/1800/2ghz+) which means lower theoretical data speeds.

tyc2021 16 hours ago 1 reply      
I have been following this technology since FCC first call for response. Here is the other side of the story: http://apps.fcc.gov/ecfs/document/view?id=60001104452

EDIT:For all I know, the result used by Google is mostly simulation based (NOT TRUE).

Qualcomm did their due diligence on simulations AND lab trials to show different results. IMHO, Qualcomm clearly has a better arguments.

Note that the link provided in the top comment by rupellohn is old. The latest one, referred in the news link, is probably (there are multiple filings) this one: http://apps.fcc.gov/ecfs/document/view?id=60001331188

Full list of recent filing here:http://apps.fcc.gov/ecfs/proceeding/view;ECFSSESSION=Xp4PVvB...

TL;DR:1. LTE-U has been proven to be a better neighbor to a WF AP than another WiFi AP. In other words, two WiFi APs in the same room perform worse than One WiFi AP and One LTE-U station.

2. Fairness: 2 WiFi APs should each share each have 5% airtime according to the standard, right? Wrong. Lab trials show one AP could take up to 80% +. Refer to http://apps.fcc.gov/ecfs/document/view?id=60001104452 "Wi-Fi/LTE-U Airtime Fairness". LTE-U always gives 50% Air time to its WiFi neighbor.

3. It is more of a political argument than a technological argument now. Note that at this point LTE-U spec does not violate the regulation on unlicensed spectrum.

DISCLAIMER: I don't work for Qualcomm. But it is easy to see who has a better argument.

goodmachine 19 hours ago 0 replies      
Speculating gently that this 'new' tech is intended to enable the signalling layer for LTE Direct (was FlashLinq) a quasi-P2P system, designed primarily for retailers to push stuff at you, rather than create 'classic' P2P filesharing networks. Perhaps someone more knowledgeable than me on this topic can join the dots...



ape4 20 hours ago 1 reply      
Why do we have to keep saving the internet!
stevefeinstein 20 hours ago 1 reply      
What does LTE-U do that you can't already do with wifi, and WiFi calling? Seems like a solution looking for a problem. Or an evil conspiracy to cripple the open, free, firmly established standard.
zw123456 21 hours ago 0 replies      
Here is the link to the Qualcomm docs (LTE forum). http://www.lteuforum.org/documents.htmlThe interesting one I think is the SDL coexistence one. The good news is it is restricted to the 5Ghz band which is the lesser used. It does interoperate with the DCF backoff so in theory would be no worse than any other AP, but it is understandable why it would make people nervous.
neuromancer2701 18 hours ago 1 reply      
Take the 600Mhz band that is going to be up for auction and make it unlicensed explicitly for LTE.
thecosas 17 hours ago 0 replies      
Wow, Qualcomm is getting desperate to have the next thing everyone will rely on.
mirimir 21 hours ago 3 replies      
If your WiFi were getting stomped by LTE-U, would it help to get a high-power AP from Ubiquiti etc? If so, maybe prices of such APs would drop as volume increased. Also, maybe WiFi AP software could be tweaked to compete better with LTE-U.
MikeNomad 21 hours ago 0 replies      
Buy Spectrum. They ain't making any more of the stuff. -- Buck Rogers
guelo 21 hours ago 1 reply      
I don't understand how LTE-U is useful for long-range when the unlicensed spectrums have strict TX power limits.
sg85 21 hours ago 0 replies      
This article explains a few points that explains how LTE-U can co-exist apparentely counteracting the research conclusions: http://hightechforum.org/can-lte-unlicensed-steamroll-wi-fi/
happycube 21 hours ago 2 replies      
One would think Verizon had enough spectrum already. Sprint, sure, but Verizon?
a-dub 19 hours ago 1 reply      
I think unlicensed spectrum should be reserved for use by the public.
dheera 20 hours ago 1 reply      
Considering 5 GHz doesn't really travel well through walls, is this a serious concern? 5 GHz Wi-Fi typically requires an access point in every room. Conversely, I imagine their cellular tech would really only improve the outdoor cellular experience.
ck2 21 hours ago 2 replies      
Do not trust Verizon in the slightest.

They already violate their open/unlocked agreement for LTE and prevent other LTE devices from coming on their network and prevent theirs from going on other networks.

They are going to do whatever they can get away with.

sliverstorm 21 hours ago 1 reply      
This tastes a little like "pull the ladder up behind you". WiFi operates on unlicensed spectrum, and Google et al greatly benefit from it. Now someone else wants to use the spectrum, and they shouldn't be allowed to? It's just funny to me.
dangerpowpow 22 hours ago 4 replies      
why is spectrum so expensive? only Goliath size corps can afford it.
wscott 21 hours ago 3 replies      
Oh no, the unregulated spectrum is unregulated.

Not sure which side I am on. I don't like Verizon, but I don't really support heavy regulation.

Jury Duty medium.com
377 points by eropple  4 days ago   214 comments top 21
YorkianTones 4 days ago 6 replies      
"Edith looks up from a game of solitaire and casually mentions that she actually thinks the murder was committed by the accomplice, who was never found and is not on trial. But since the defendants lawyer did such a poor job exonerating him, she concludes, shes going to deliver a guilty verdict. My jaw drops. No one questions her obviously flawed reasoning, because shes on their side."

This, for me, was the most terrifying bit in the article. To convict a man of murder, and to send him to life in prison or perhaps to his own death, when you think he's innocent? It shocks me what people are capable of sometimes. But this article doesn't shock me, because I know what people are capable of. Kudos to the author for sticking to his moral compass in the face of adversity.

ketralnis 4 days ago 5 replies      
I sat on a civil jury trial between a boilermaker in the Navy that had been exposed to asbestos and developed mesothelioma, and a company that made asbestos insulation.

Neither side could actually put the man and the company or its insulation in the same room at any point in the past. Lots and lots of companies made this type of insulation. (In an "accidental" outbust from one of the attorneys that we were instructed to ignore, we learned that he was in fact suing most of them.) The Navy kept meticulous records about where he had worked, and both the Navy and the company did the same about work orders and where the insulation had been installed. The best evidence the man had was "I saw their truck in the parking lot once".

This type of civil trial only required a 9/12 majority and the other jurors really only saw this as a chance to stick it to the company. "Of course this man should be repaid for the damage done to him!" Any sort of nuance like, "okay sure but should this company be the one to pay it?" was totally lost. He's hurt, so somebody should pay up. That was it. That was their justice. The jury instructions like the actual claims to damages were totally ignored.

I sure hope I never have a jury deciding my fate.

rayiner 4 days ago 4 replies      
> In the end, only two men of color make it to the jury, and I am one of them. The other is Latino. There are two Latina women, one African-American woman, and one Asian woman. The remaining six jurors are white.

Thats basically the racial composition of the U.S. Indeed, people of color are over-represented in that jury.

piker 4 days ago 0 replies      
This article is an interesting narrative depicting the exact sort of nuance that the term "reasonable doubt" is intended to elicit once criminal prosecution reaches jury deliberation. As others have noted, this seems a somewhat comfortable result, albeit at a human cost. Justice delayed/served.

The author touches on it, but another interesting aspect of the criminal justice system is the funding, politics and police practices that motivate the prosecution of minor crimes that never see a court room. Many unnamed players in this story had vested financial and political interests in particular outcomes. In this case, the stakes were large enough that the jurors lost sleep and distressed over the details. One wonders if softening the charges to lesser charges would have weakened his resolve.

It's poetic that at trial, the defendant, the witnesses, the prosecutor, the defense attorney, the judge and the jury cannot lie. Police, however, are trained to do so during investigations as a best practice in pursuit of justice. That fact probably contributed to the author's initial distrust in the system, sewing the seeds of this mistrial.

wtbob 4 days ago 3 replies      
I've served on two juries, one for murder and one for a far lesser offense. In one the defendant was a fairly wealthy young man; in the other a poor woman. One defendant was guilty; the other not.

My experience in both those trials was nothing like the author's here. Indeed, I wonder how much of his experience was due to his own concern about things like race and politics instead of, y'know, guilt and innocence. Perhaps had he not been looking down on his colleagues and arguing from emotion, but rather from facts, he could have convinced them to find not guilty.

In both cases, we started with a preliminary vote. In both cases, we argued cordially, with a deep and abiding interest in justice and what the right thing would be. We took turns arguing against our own positions, in order to try to better discover the truth of the matter. We were scrupulous in our decisions, and I feel confident we chose correctly both times.

Both experiences were profoundly inspiring. I'd do it again in a heartbeat.

As an aside, I won't claim that the author is lying, because this may vary from state to state, but after both of my cases the judge and both sides of lawyers came in and spoke with us, asking questions about the case and our decisions; there was no notion of post-decision jury confidentiality the author alludes to.

Also, we were intructed in both cases to use our life experiences, not ignore them as the author indicates. Again, this may vary from state to state. Suffice it to say that the system the author depicts is not the one I experienced twice.

amateur_soclgst 4 days ago 4 replies      
Wait so this article is basically him saying that the system worked?

That's the impression that I got. Even disregarding his early learnings towards high-school level leftist protest and mistrust of the government, doesn't his careful consideration of the case show the reasons why we use a jury system? Even if the 'mob' e.g. the other jurors decide that a person is guilty, one or two reasonable arguments can decide otherwise.

It seems to me that everything worked out as it should. I wouldn't feel bad if I was the author. (oh and he'll be back in court, serving a case in most states only gives you a 3-5 year reprieve from jury duty)

thwyperson 4 days ago 5 replies      
Not quite jury duty but this story did strike a chord.

I'm someone who strongly believes, in theory anyway, in the presumption of innocence and that everyone is entitled to a strong defense. A prosecutor should have to earn a conviction. However I also feel strongly that perpetrators of some crimes, upon conviction, should face harsh punishments.

Earlier this week, we got a message from a defense attorney inquiring about our services to assist with a criminal case. There were no other details left, so we googled the attorney and found that this attorney is involved in a very high-profile criminal case defending someone accused of an extremely heinous crime. It's a Law and Order-type crime, and it happens to be in one of the category crimes that I find to be particularly egregious.

I'm torn. The part of me that believes in the right to a strong defense wants to assist, not necessarily because I support the defendant, but because the prosecutor shouldn't be a rubber stamp. The other part is wondering what happens if I help defendant get off and he hurts someone else.

We left a message with the attorney asking for more detail and haven't heard back. It may be that the attorney found someone else, decided our field won't help, or maybe just can't afford us. But if we do hear back, if we are able to assist, and if the attorney does want to retain us, I don't know how we'll respond.

I hope I have the courage to say yes. But I don't know that I do.

(throwaway account to mask my normal HN identity).

noonespecial 4 days ago 0 replies      
"It is better that ten guilty persons escape than that one innocent suffer."

It takes a lot more courage to let a possibly guilty person go free than to convict a possibly innocent one.

Always show up for jury duty if you can.

RyanZAG 4 days ago 5 replies      
As a non American, the USA justice system honestly sounds like the worst possible system for justice imaginable. I don't think I could design a worse system if I tried. Do you all just keep the system because it keeps so many people employed following the pointless bureaucracy of it all?

The people making the decisions have no training in law at all, yet they have to decide if the law was broken. They get a brief spoken explanation of the law, but only after they have been given the testimony. Why would you not have someone trained in the law decide if the law was broken? Why would you not allow the jury to interrogate the witnesses when they must bear the responsibility of the decision? The idea seems to be that random people off the street will somehow be more willing to consider all angles and if they disagree, you get another random sampling and try again. Try enough times and eventually you'll get a bunch of people who are annoyed enough by being forced into jury duty to just agree so they can go home. Real justice right there.

You might say that the jury system allows for a justice even if the judge is compromised. But obviously it doesn't - the judge controls what information can be fed to the jury and the jury must make the decision based off that evidence. If the judge is biased, the jury will be forced into a particular decision anyway. Why not just have the judge do their job and have an appeals system and punishments on the judge for bad decisions? And yes, that system works fine. See the current Oscar Pistorius trial for a working system (imo).

shiro 4 days ago 1 reply      
"I imagine what an inverse 12 Angry Men would be like, starting with 11 jurors ready to acquit and Henry Fonda as the only one willing to convict. "

There's a Japanese film, 12 Tender Japaneses, which is exactly that---at the beginning everybody casually votes to acquit except one who insists more discussion. It's of course an homage to Reginald Rose, but it also depicts very well how typical Japanese people behave when they face to make a decision. (And there's a twist in plot so it's not just a reverse of 12 Angry Men, anyway).

jvvw 4 days ago 1 reply      
I did jury service a couple of years ago in the UK - obviously a different system to the US. I came away feeling although in many ways a jury is a terrible way of deciding verdicts, that it is probably better than any of way of making a decision - in the same way that democracy can be considered the worst form of government apart from all the others that have been tried. Our jury did feel like a good cross-section of people (even if many of them had flawed ideas of logic) and that the value of the jury lay in the collective decision-making not in a simple aggregation of the individual decisions.
fengwick3 4 days ago 2 replies      
Despite the other negative comments, I actually find this a vicarious account of the judicial system - a poignant reminder that behind any democratic system lies humans.
jerf 4 days ago 1 reply      
A general comment on a lot of the comments here: You can make anything look good by only considering the positives, you can make anything look bad by only considering the negatives. Rather a lot of the latter going on here. To come to a proper decision about what is better, you need to consider both the negatives and the positives of multiple alternatives.

Before rushing to condemn jury trials, I'd also recommend considering that it is a deliberate creation, and that you ought to consider the forces involved in that creation and where it came from before rushing to condemn it. For instance, many are suggesting we can just leave it to one judge, but if you are, for instance, concerned about systemic racism, why would you leave the entire decision to one possibly-racist judge? Wouldn't you be better off in a process which makes it so that the prosecution has to collect 12 racists onto the jury, procedurally battling the defense all the while, instead?

Part of the reason that the jury system exists is precisely that the mental model of a judge as a disinterested, literally inhuman arbiter of absolute truth was concretely, repeatedly disproved by history. The reason we have a "justice system" at all is precisely that we don't have access to perfect humans. If we did, there would be no problem to solve with "judges" or "juries" or anything else in the first place; we'd just consult the perfect humans! If your "better than a jury" model upon closer examination implicitly contains perfect humans in it, throw it out; your model is already worse than what we have, because at least what we have has the virtue of existing, and yours can't even reach that bar.

Look... at the risk of being a bit harsh... condeming jury trials, then offering as an alternative a system that implicitly contains "perfect humans" in it is frankly being every bit as irrational, unrealistic, and disconnected from reality as the humans that just disappointed you in the jury trial description you just read.

If that sucks... yeah, it sucks! But unfortunately, "it sucks" is not actually a logical argument that "it" can't exist, nor is it any form of evidence that there is anything better than "it". If you're going to produce evidence of a better system, it's going to be a great deal harder than merely saying "this system sucks", unfortunately.

MaysonL 4 days ago 0 replies      
And of course, even though this jury didn't convict the defendant, seemingly correctly (at least from the author's perspective), it's entirely possible for the prosecutor to move for a retrial, and this time keep all the black men off the jury, and get a conviction. Or if the defendant isn't out on bail, or maybe even if he is, to convince him to take a plea bargain to second degree murder, or manslaughter.
cgm616 4 days ago 2 replies      
It's interesting to look at if this article is fiction or non-fiction. It is certainly amazing writing with a strong message, but seems to be so strange to be non-fiction.

Then again, I knew about some of this from the excellent Illustrated Guide to Criminal Justice, so I wasn't totally surprised.

In the end, does it even matter if it happened?

masterponomo 4 days ago 0 replies      
When I sat on a jury in 1989, the main goal of most of the jury was to get the decision over with in time to pick up their kids from school. We quickly found for the plaintiff against the main defendant. There were a slew of co-defendants, who aside from the reading of the charges had not been mentioned at all during the trial. No evidence, no description of their supposed involvement, nada. The foreman started to copy our verdict onto the forms for them as well. I objected, pointing out that we had only discussed the one defendant and needed to consider the others separately. Much protesting and eye-rolling ensued, but the urge to leave won out and the jury agreed to find all of the co-defendants not guilty. I was pleased with the outcome but appalled by the process. I would hate to be judged so carelessly by my peers. Yes, having 12 jurors does increase the odds of having someone put on the brakes and insist on proper procedure, but it is by no means guaranteed.
facepalm 4 days ago 2 replies      
Non-American, don't know how the system works - how come they can eliminate people from the jury pool? I would have expected the jury selection to be completely random? There is no way the system can be fair if they get to select the jury.
pc86 4 days ago 0 replies      
It is an absolute failure of voir dire that this person made it onto the jury. A few select quotes:

> The judge has already instructed us directly that we are not to do any research on the law while sitting on this jury. This is the first of several times I will violate those instructions.

> a jury...is not quite about justice but instead about the direction of the tide.

> I do believe in jury nullification. And I think the American carceral state is so corrupt that Im starting to doubt if I could bring myself to render a guilty verdict under any circumstances.

To clarify the above, any mention of jury nullification is a sure-fire way to get removed. And if you're not 100% sure you could render a guilty verdict "under any circumstances," you have absolutely no business sitting on a jury.

> I keep thinking of Walter Scott, whose uniformed murderer is seen on camera shooting him while he runs away, and who plants a weapon on his freshly killed corpse.

Blatantly false.

> I dont necessarily have a problem with ignoring the judges edict

> Outside of court, I tell everyone I cant talk about the case. Then I usually talk about the case a little.

> because [a coerced confession] was not presented by the defense, its merely a conspiracy theory and we cant consider it. Secretly, Im considering it too.

> Henry and I splinter off from the others. Jurors arent supposed to talk about the case outside of deliberations. We talk about the case.

> Again I violate the judges instructions

> An accusation from another juror: You lied during voir dire!

peteretep 4 days ago 1 reply      

 > as concerned as he was by the possibility of a false > conviction without also being concerned by the > possibility of a false acquittal.
Isn't that a natural consequence of innocent until proven guilty?

powera 4 days ago 6 replies      
This guy seems like a terrible, terrible juror. Bragging about violating the rules, annoyed because the judge is called "your honor", implying that a jury with 6/12 people white is somehow a sign of massive racial bias?

What is supposed to be redeeming about this article? I'm not reading it all unless there's something somebody says is worth reading.

EDIT: It gets more readable in the jury section, but I still don't get what if anything this guy is trying to say, other than simply "it's like The Breakfast Club".

powertower 4 days ago 1 reply      
A couple of things stand out for me here -

> Perhaps this was the time to mention that having witnessed the murders of Eric Garner and Walter Scott on video made personal experience unnecessary.

Eric Garner said "I can't breathe" 11 times.

Any person that has experienced a chokehold, knows that if you can't breath, you can't move air in and out of your lungs and throat, you can't say anything, not even "I can't breathe" 1 time. Certainly not 11 times - unless it was a purely stationary-type hold.

Also, chokeholds which result in death leave physical damage, that was not present in the autopsy (no damage to the windpipe or neckbones).

Eric Garner was not "murdered", he died in the ambulance from the situation exacerbating his health complications.

Anyone who thinks he was literally "murdered" is racially motivated to see it as such, not based on facts nor common-sense, the later which the author brings up multiple times.

Second, as this is written anonymously and rolls a "white-jury" racial narrative from the start to the end, you have to consider that 9 out of the last 10 racial incidences (of the national news proportion) ended up being hoaxes done to validate someones need for there to be racism where there was none. At some point you get tired of the lies. And there is absolutely nothing in this story that allows the reader to verify it.

Survey of popular Node.js packages reveals credential leaks github.com
354 points by fapjacks  1 day ago   74 comments top 17
seldo 1 day ago 0 replies      
Many thanks to ChALkeR for responsibly disclosing this to npm and giving us time to notify people and clean up as much as possible. We were very busy, and ChALkeR was incredibly patient with us :-)

In response to this disclosure, we have set up a continuously-running scanner for credential leakages of various kinds. It's not foolproof, but it's made things a lot better. We'll be writing a proper blog post about this at some point, but we've been really busy!

cortesi 1 day ago 2 replies      
I published a tiny script that makes mass grabbing of files from Github easy (https://github.com/cortesi/ghrabber), and wrote about some of the interesting things one could find with it. For example, there are hundreds of complete browser profiles on Github, including cookies, browsing history, etc:


I've also written about some less security critical things, like shell history (http://corte.si/posts/hacks/github-shhistory) custom aspell dictionaries (http://corte.si/posts/hacks/github-spellingdicts), and seeing if one could come up with ideas for command-line tools by looking at common pipe chains from shell histories (http://corte.si/posts/hacks/github-pipechains).

I've held back on some of the more damaging leaks that are easy to exploit en-masse with a tool like this (some are discussed in the linked post, but there are many more), because there's just no way to counteract this effectively without co-operation from Github. I've reported this to Github with concrete suggestions for improving things, but have never received a response.

tjholowaychuk 1 day ago 1 reply      
I'm sure I've done this in the past haha, the npm workflow isn't great at times in this regard. If you have something (to test etc) that is not checked into Git, but still in the directory, it can still make its way into a publish. That's definitely what I'd advise people to be most careful of, use npm-link and use credentials elsewhere etc.

Koa I'm curious of, I've seen almost every pull-request go in there, anyway nice post.

gedrap 1 day ago 4 replies      
One of the things that worries me about nodejs is the huge chain of dependencies. I'm not an expert on these things so it would be amazing if someone could correct me if I'm wrong.

It's enough for one of the packages down the line to break compatibility and don't change the version correctly (i.e. bump up major version number bit), or have a slightly too loose version requirements and everything breaks down the line. Ok, if something gets broken it's relatively easy to notice given the test coverage is good enough.

However, it's much much harder when it comes to security breaches (like the one described in the linked article), you might not notice it for a long long time.

Anecdotal data but I tried to teach the interns to use yeoman when they were working on a small angularjs project and it just didn't work, because some dependency somewhere was broken. Happened to me as well and the solution was to try to update it a few days later (should have opened an issue, I know).

I'm using npm shrinkwrap to avoid surprises but still.. It just doesn't feel right. I shouldn't be risking to break the project just by updating the dependencies, unless I've decided to update one of the dependencies to a new major version.

mofle 1 day ago 1 reply      
There's an easy way to prevent credential leakage when publishing to npm => Explicitly list the files to include in the package through the `files` property in package.json.

Docs: https://docs.npmjs.com/files/package.json#files

Example: https://github.com/sindresorhus/got/blob/2f5d5ba94d625802880...

OSButler 1 day ago 1 reply      
"Please, don't re-use the same password to fool the robot while restoring your password this will result in your account being vulnerable. Yes, several people have done that."

Wow, this is the scariest part. You already have your details leaked, get notified about it and still decide that resetting the token/login to the original value would be the best thing to do.

0x0 1 day ago 4 replies      
Github and bitbucket etc really should offer an opt-out scan-on-push service that looks for the most common mistakes and reject the push with an URL explaining what's going on in the server echo.
TazeTSchnitzel 1 day ago 1 reply      
What worries me is that this is possible at all. npm stores npmjs.org credentials in a repository-local dotfile, and this is how packages are submitted?!

PHP's package repository, Packagist, doesn't have this problem because it's in the browser. You never enter or store any credentials on the command-line, you click a button on the Packagist site and it tracks your already-published GitHub repository.

bahmutov 1 day ago 0 replies      
While the author is down on automatic file name scans, I see nothing wrong in using tools to catch easy mistakes. How many people do regular code / package reviews? Did not think so.I recommend: - https://github.com/jandre/safe-commit-hook- my fork of the above for NPM js workflow https://github.com/bahmutov/ban-sensitive-files- NPM checklist that includes sensitive file reviews https://github.com/bahmutov/npm-module-checklist

Finally, if GitHub can automate some of the simple checks, so can we, for different tools and environments of course.

mrmondo 1 day ago 1 reply      
A reminder that while you shouldn't rely on them, tools like https://github.com/jandre/safe-commit-hook can help protect you from mistakenly committing secrets to git repositories.
zachlatta 1 day ago 0 replies      
Has anyone looked into leaked credentials in images on the Docker Hub? I can't count how many times I've forgotten to add .env to my .dockerignore file before building.
callumlocke 23 hours ago 0 replies      
It would be nice if there was an interactive publish option, something like `npm publish --confirm`, which would print a list of the files to be uploaded and wait for you to type "y" to confirm.
givehimagun 1 day ago 1 reply      
Title is a bit misleading. Actual content title is 'Do not underestimate credentials leaks.'

The article states that many popular Node.js packages have had leaks (in the past). Also, this article was not the source of many of these leaks (example: bower's github oauth token was expired by github itself when it was posted to the website).

dblooman 1 day ago 3 replies      
Are there any tools that can scan all the users of an org for such credential leaks?
fapjacks 1 day ago 1 reply      
I actually found out about this because the guy that created this project contacted me with respect to a package I had uploaded that contained my .npmrc. I was totally blown away, as I'd just followed instructions for creating an npm package I found online. When he contacted me -- prior to publishing this work, which leaves me in awe of his coolness -- panic ran through my veins, because I'm usually paranoid about this kind of thing. Through talking with him, I discovered that I'd published my .npmrc inadvertently, and I got pretty mad at npm that it was even possible. When the npm people contacted me (I'm assuming they had acted on ChALkeR's contacting them), they were very receptive to the obvious feedback of checking for this kind of thing when publishing.
frik 1 day ago 1 reply      
Have other languages with package managers a similar problem? (Ruby, Lua, Go, Python, PHP, etc
z3t4 1 day ago 0 replies      
I wonder how many does code review on node packages, have an apparmor profile on node etc?
Google Deceptively Tracks Students Internet Browsing, EFF Says in FTC Complaint eff.org
213 points by pavornyoh  6 days ago   98 comments top 12
arebop 6 days ago 3 replies      
According to the FAQ, "Its also possible that Google does not use student data for any of these purposesbut unfortunately, Google has refused to articulate the reasons" so it seems like the EFF's position on Internet-hosted applications is that the specific uses of each kind of data should be described in a privacy policy.

I think it's a tenable but extreme position, because basically they are objecting to Google reserving the right to develop new features in an empirical/data-driven way.

I think most people don't think of e.g., their privacy w/r/t tax data being compromised when their tax prep software company mines it to make data entry simpler, or to make it easier to understand the consequences of various filing choices by visualization, etc. Similarly, I don't think Google is invading my privacy when it takes my search queries and uses not only to produce SERPs for me but also to notice that when people type cyombinator it is likely a typo for ycombinator.

chestnut-tree 6 days ago 2 replies      
It's depressing how perfectly normal and natural the idea of tracking users has become.

I know this isn't a popular opinion on Hacker News, but why should there be any tracking whatsoever when using an OS? Are people saying that they're perfectly fine for their Windows/Mac/Linux distribution to track everything they do? The apps they use? The sites they visit? Because that's basically what ChromeOS does. It even tracks the documents you print to your desktop printer (routed through Google's cloud print service).

You aren't even anonymous when you use ChromeOS - you must be signed into your Google account. Just as a reminder, your Google account = your name, your date of birth, your location and optional phone number. In other words, some of your most personal and private information all tied to the activity you conduct on ChromeOS.

Google states that it does not read the content of your emails in GMail (emails are scanned by computer), but you could argue that your browsing habits are just as private and personal. No such assurances on how they handle this data. Does Google disassociate the identity of the user from their activity? If not, then who sees this data at Google? How long is this data kept for? These are important questions, but you won't find answers in Google's privacy policy. (And you're unlikely to find many in the tech community asking Google about them either.)

I would never recommend an OS that tracked the activity of students so relentlessly, especially when many students are too young to understand the horrendous privacy implications of using ChromeOS. Other companies like Microsoft are rightfully criticised for their tracking in Windows 10, yet Google gets a completely free ride. It's just baffling.

newman314 6 days ago 3 replies      
While I think it's great (but insufficient) that students and kids have greater privacy protection than adults, it begs the question why all of us shouldn't enjoy the same level of protection.

Just because one becomes an adult does not mean that an adult is less deserving of the same level of protection.

thomaskcr 6 days ago 1 reply      
Is the EFF's problem that this information is stored on Google servers?

Syncing settings to an account seems like one of the prime selling points for a school using chromebooks. A child loses their chromebook, or gets issued a different one the next September all their favorites, apps, etc are there ready to go when they sign in.


blfr 6 days ago 2 replies      
Chrome's sync data is supposed to be encrypted at least with your Google account password. They could be doing all that (mining, tracking) but there is a clear, legitimate purpose to this feature: providing the same environment across computers.
gmisra 6 days ago 2 replies      
People seem to be conflating "tracking user behavior" with "tracking user behavior without consent or transparency". Yes, there are plenty of people opposed to the former, but that is a moot point with respect to Google.

The latter, however, is symptomatic of a much bigger issue: there is a pervasive belief amongst many of the silicon elite that users simply aren't capable of making effective decisions regarding tracking, and therefore it is best if they are not allowed to make those decisions. I have heard this directly from many people, and each time it leaves me surprised.

If Google were to provide real transparency into the information they track about me, that would be fantastic. I likely wouldn't even look at it, but I would know that organizations like the EFF and ACLU would serve as ombudspeople for the public. Furthermore, whichever of the big internet players does this first will likely generate a tremendous amount of brand loyalty and free marketing.

I suspect current behavior won't change without legal intervention, which will potentially be adversarial, which is a shame since there are people at these companies who are much more qualified than lawmakers to anticipate and plan for the future.

It's amazing that a company (and industry) that self-identifies so strongly with taking novel approaches to solving hard problems can get mired in such status quo bias.

MattHeard 6 days ago 0 replies      
" Googles Sync feature for the Chrome browser is enabled by default"" since some schools require students to use Chromebooks, many parents are unable to prevent Googles data collection."

Doesn't "enabled by default" mean that parents should be able to disable the sync feature?

That being said, I would assume that any tracking features would be separated from syncing features on a machine built for a student. Google appears to be attempting to correct that, after EFF's prompt: "Google told EFF that it will soon disable a setting on school Chromebooks that allows Chrome Sync data, such as browsing history, to be shared with other Google services."

Navarr 6 days ago 0 replies      
> EFFs filing with the FTC also reveals that the administrative settings Google provides to schools allow student personal information to be shared with third-party websites in violation of the Student Privacy Pledge.

What? Is the EFF complaining here that Google gives schools the ability to share their student's data with third parties and that is wrong (by Google)?

free2rhyme214 6 days ago 1 reply      
"If Google wants to use students data to improve Google products, then it needs to get express consent from parents.

This is true.

pjc50 6 days ago 0 replies      
An example of student privacy invasion using good old fashioned paper surveys and leading questions: http://www.thecanary.co/2015/12/01/children-branded-potentia...

Note that "The surveys were supposed to be anonymous, and when concerns were raised about pupils being identified, assurances were made they would be destroyed." turned into the survey results being handed to the thought police.

(There are various programs trying to combat "islamic extremism" in schools in the UK, all of which seem to be proceeding in clunky bureaucratic ham-fisted ways.)

dang 6 days ago 2 replies      
We detached this subthread from https://news.ycombinator.com/item?id=10659147 and marked it off-topic.
marincounty 6 days ago 2 replies      
Off topic comming up. I feel the one thing that will really get Google in trouble is this hypothetical senerio--right out of a bond movie:

Google has the ability to look at all our internet history. They have the ability to read our emails. That can match up ip addresses with street address. They can most likely figure out what most people do for a living. (yes, some of this spying in illegial, unless advertising purposes?)

Could you imagine looking at the Internet history, and emails of the Titans of business around the world? Looking at the information that stock/investment types pass around.

Looking at all this information, collating it, data mining it, etc., and then buying and selling stocks/bonds/etc.?

Yea, I know it's illegial. It just seems like it would be tempting? I know the SEC is probally, or I hope they are, watching out for this kind of hypothetical behavior, and no--I don't think the founders of Google would ever even think about doing someting like this. If I worked there, and had access to sensitive files on those servers; It just seems like it would be hard to not look at that information, and make a few bets? Yea, I know they have great internal security, and have strict policies, but there's always a guy who would be willing to break the rules? I don't think I could not look at that information, and try to predict the future? (In reality I would never do anything like I proposed, but it sure would be tempting?)

Introducing the IBM Swift Sandbox ibm.com
243 points by julianozen  4 days ago   58 comments top 12
hmottestad 3 days ago 5 replies      
It's on Bluemix!!!

Here is my experience with Bluemix:

1. We needed to get bills to send to our accounting department. There is no way to get this out of Bluemix. We needed to contact 5 different people and send 2 different support tickets.

2. At one point we couldn't log into our accounts, the authentication server was down.

3. The docker container doesn't always get internet. Also it sure as hell is guaranteed to not have internet if you restart it.

4. If you use their SAAS databases, then some of them you can connect to from the outside world, but some you can't. And there is no way of knowing which.

5. Just because IBM makes a product available doesn't mean it works. We used NodeRED together with the IBM developed database connectors for DashDB. That connector will timeout after ~24 hours and then not throw any errors when you keep writing to it. Took 3 days to figure this out and fix it.

6. Their deploy system is nice, pity it brings down your service for 5-10 minutes even for deploys that are literally 100 lines of java code.

7. It's painfully slow to push images to their docker hub. Took 3 hours to upload an image with ubuntu and java. And our uplink is 50mbit.

amasad 3 days ago 4 replies      
I'm also planning on adding support for Swift to https://repl.it once I figure out how to implement a proper REPL with it.
melling 3 days ago 0 replies      
Swift is gaining momentum fast. It has a big advantage because it's arguably the best way to write iOS apps. It'll replace Objective C as a top 5 used language.

In fact, a quick check of Tiobe shows Objective C heading down fast with Swift about to pass it on its way up:


Apocryphon 3 days ago 0 replies      
Looks like we're finally seeing the fruits of the Apple-IBM global partnership.
king_magic 3 days ago 1 reply      
This is really cool to see. Really hoping to see something similar appear for Swift on Azure or AWS. Also really hoping to see Swift web frameworks begin to appear, now that Swift is open-sourced & running on Linux.
msoad 3 days ago 1 reply      
How funny the server is down. This shows IBM cloud quality somehow.


fauigerzigerk 3 days ago 4 replies      
This seems to be down. I'm getting 500 errors or a blank/blue page. I hope this wasn't supposed to be a demonstration of IBMs scalability prowess.
sosedoff 3 days ago 2 replies      
If you're looking for something similar for other programming languages too, check out https://bit.run/. It supports Ruby, JS, Go, Python, Rust, PHP and many more.
Shivetya 3 days ago 6 replies      
I am looking for a new language to learn, preferably more PC style platform focused, would this be a good language to learn?
schnevets 3 days ago 2 replies      
I wonder if this was announced as a reaction to Swift going open source. I could see some IBM team working on this system as a POC, and suddenly being given an urgent deadline to coincide with the license change.

Gain from the momentum and maybe turn a pet project into something bigger. I guess that's the benefit of having tens of thousands of developers...

asadlionpk 3 days ago 1 reply      
We also added support for swift in https://codepad.remoteinterview.io/

Collaboration enabled REPL is there too (enter 'swift' in the shell).

jacques_chester 3 days ago 0 replies      
There was a half-joke on Wednesday that we should do a Swift buildpack for Cloud Foundry.
Show HN: Acme-tiny, a tiny 200-line Let's Encrypt client github.com
279 points by diafygi  4 days ago   52 comments top 16
macns 3 days ago 1 reply      
I'd love to see this paired with your https://gethttpsforfree.com/ which was very easy and pleasant to use (loved the: This website is static, so it can be saved and loaded locally. Just right-click and "Save Page As.."! at the bottom of the page).

I guess this tool is what's needed next to get the auto-renewal crontab

diafygi 4 days ago 2 replies      
Fun fact. There's really nothing stopping you from using a PGP/smartcard/HSM keypairs for the ACME account key. Would love to see someone adapt this or another client to use a yubikey or other hardware key.
wiml 3 days ago 1 reply      
Also along these lines is https://github.com/kuba/simp_le , which is quite a lot larger than acme-tiny, but still much closer to something I'd want to stick in a crontab.
andmarios 3 days ago 1 reply      
I think this is a nice option. I gave it a try and read the source code. :)I opted for acmetool[1] though, which albeit much larger (and thus much more difficult to verify), is easier to use [2].

The more impressive option I've seen is caddy server [3] which sets up everything automatically. You start the server and it automatically requests certificates, serves your content (static, fcgi, proxy etc) through TLS and redirects plain traffic to SSL. You don't even need to know what let's encrypt or ssl is. It has a bug though, every time you start the server it requests a new certificate, so after a few restarts you will get your domain temporarily banned from let's encrypt.

[1] https://github.com/hlandau/acme.t or `go get github.com/hlandau/acme/cmd/acmetool`

[2] acmetool quickstart && acmetool want example.com www.example.com

[3] https://github.com/mholt/caddy

kingkilr 3 days ago 1 reply      
Please be careful using urllib2, unless you are on Python 2.7.10+ or 3.5+ it does not do HTTPS certificate validation.
a2tech 4 days ago 2 replies      
I set this up yesterday and it worked great.

I went from a blank slate on lets encrypt, to deployed SSL cert in less than an hour. Most of the time was spent discovering that 1) acme-tiny requires Python 2.7 or above to be installed and 2) you need to create the .well-known/acme-challenge/ directory structure manually.

After that it was all smooth sailing.

jo909 3 days ago 2 replies      
After trying a few other Clients, which all were too complicated to get to work on my ancient Debian, i sucessfully used this one. I only needed to patch some sting formatting (replace {} with {0}, {1} etc). And install argparse from pip.
lemming 3 days ago 0 replies      
Thanks for this, diafygi. I set this up this afternoon with Ansible, and it's working really well. Very nice indeed.
treeform 3 days ago 0 replies      
I have just used this script and it worked great. I used the lets encrypt normal client and it felt very bloated for me: virtual env, docker, tons of dependences. I hope lets encrypt folks put their client on a diet.
ilaksh 3 days ago 2 replies      
How do we know that Let's Encrypt isn't an NSA/CIA program? Like a way to make it easier for agencies to MITM or something?
dochtman 3 days ago 1 reply      
This is awesome! I have had a Let's Encrypt private beta email sitting in my email for a while, but didn't want to install the client because it has so many dependencies.

Are you sure it does all the proper SSL verification, that is, what versions of Python is it safe to use this with given the likes of PEP 476?

anebg 3 days ago 0 replies      
Just stopping by to say thanks. I used this yesterday and it worked great -- simplicity wins.
jc4p 3 days ago 1 reply      
I miss you Daniel <3
teamhappy 3 days ago 0 replies      
Looks great! Thank you.
Schwarzenegger: I dont give a damn if we agree about climate change facebook.com
361 points by herbertlui  21 hours ago   209 comments top 25
merpnderp 19 hours ago 3 replies      
I like that he makes it more about the economics of saving lives, which should be the primary argument.

But that is a tricky problem since we have 4 million a year dying from indoor cooking smoke, and millions more from other various aspects of extreme poverty. Most of which would be a greater ameliorated by cheap coal plants. Cheap coals plants are horrible polluters, but they are cheap, aren't as bad as indoor pollution, and allow countries to pull themselves out of abject poverty, thus saving lives immediately by fertilizing crops, making cheap concrete, powering factories, all the things a richer society needs.

nmridul 19 hours ago 12 replies      
The global warming brigade hijacked the pollution issue.

There always will be a debate on global warming. So keeping global warming as the prime focus of fossil fuel usage kept people divided.

If pollution was the prime focus from day one, then more push would have been given to renewable.

Maybe, Arnold is able to bring more people to think in this direction.

steven2012 18 hours ago 9 replies      
I absolutely don't believe that human-created CO2 emissions cause global warming. However, I consider myself a staunch environmentalist.

I believe we should be doing whatever we can to control pollution. It sickens me that factories pump out pollution, that we can barely eat fish anymore because of all the garbage and poisons we pump into our oceans. I think we need very strict controls on every form of pollution as well as garbage and creating plastic waste (including microplastic particles in our oceans), although I do believe CO2 pollution is on the bottom of the scale in terms of importance. I believe that fines for factories that pollute the environment should be material, ie. very heavy relative to yearly revenues. Personally, I do my best to ensure that I create as little waste as possible, and that I do my part in terms of recycling, composting, etc.

So I consider myself an environmentalist, I just don't believe that global warming is caused by human activity, and CO2 pollution is the least critical of the pollutions.

rybosome 18 hours ago 6 replies      
When speaking with people who do not agree with me on the correctness or urgency of global warming, this is the argument I traditionally make: let's examine the worst-case scenarios. Regardless of whether or not you agree with the science, taking it seriously is a logical choice.

The plausible worst-case scenario of charging ahead with measures to combat climate change isn't actually that bad, not to mention the ancillary benefits outlined by Schwarzenegger. Aggressively stimulating the renewables economy would be a death knell for the fossil-fuel industry, which could harm the overall economy (though renewables would also contribute positively). It would be disruptive to sections of the country that are dependent upon the fossil-fuel industry (coal country in Kentucky, for instance), which would be very hard on the people living there. This is certainly bad and should not be done lightly, but it's hardly apocalyptic.

The plausible worst-case scenario of failing to address climate change is _really_ bad, ranging from property destruction all the way to civilizational collapse or even potentially human extinction[1]. In a world with nuclear weapons, large-scale destabilization resulting from famine, drought and loss of land to flooding is a very dangerous thing. The Earth is the only home we have, why even flirt with the possibility of disrupting our currently livable climate?

...and that argument doesn't even take the scientific consensus on the existence of human-cased global warming into account.

[1]: https://en.wikipedia.org/wiki/Anoxic_event#Atmospheric_effec...

ejcx 16 hours ago 0 replies      
Lots of very partisan folks here. My mother is an avid believer that climate change is a hoax and we don't need to take care of the planet. She says 'Mother earth knows how to take care of herself', but she deeply respects Arnold as a businessman, politician, and self-made man.

This is the type of thing that can reach her and change people in her boat's way of thinking. Way to go Arnold.

Claudus 18 hours ago 1 reply      
1. "WHO estimates indoor air pollution was linked to 4.3 million deaths in 2012 in households cooking over coal, wood and biomass stoves."

If the majority of the "7 million" die from indoor cooking, It seems like it would be better to focus our resources on developing infrastructure in SE Asia so that every household has electricity and modern cooking appliances.

thieving_magpie 19 hours ago 5 replies      
Regarding the third question, it's a nice analogy there but is he suggesting that electric power is predominantly clean?

Across the US, 37.4% of our electric power comes from coal. I don't want to detract from the overall message because it is clear and accurate but I think it's important to think about how electric power is currently generated.

Coal statistic pulled from: http://www.epa.gov/sites/production/files/2015-10/documents/...

morsch 17 hours ago 0 replies      
If it takes Arnold Schwarzenegger and a frankly preposterous "sealed room" analogy in order to convince people to slow down on emissions, and recasting the emissions issue as a pollution issue -- as if there was a difference -- in order for them to safe face, so be it.

Of course those electric cars still virtually emit CO2^Wpollution when you refuel them using coal-generated power, so I guess we can go back to going back and forth about the pros and cons of nuclear energy now.

joshuaheard 17 hours ago 1 reply      
"California has some of the most revolutionary environmental laws in the United States, we get 40% of our power from renewables, and we are 40% more energy efficient than the rest of the country."

California also has the second highest energy costs in the continental United States.


msvan 16 hours ago 0 replies      
I wonder why, in the debate about fossil fuels, we never bring up the point that oil has been the cause of a lot of issues in the Middle East. Many guns and bombs have gone off in order to get to the Middle Eastern oil, and much of the funding behind ISIS comes from oil money in Saudi Arabia. Oil has had a pretty steep moral price tag.
benten10 18 hours ago 0 replies      
Ohh man, does Hackernews bring out all the tinfoiled gentlemen from nuclear apocalypse bunkers once in a while !

See: comments here.

tootie 18 hours ago 1 reply      
That's not enough? Most major cities are coastal. We'd lose Hong Kong, New York, most of Holland. We'd also see more extreme weather in the form of powerful hurricanes and droughts. Water and food supplies start to disappear which will inevitably lead to conflict and war over resources. Then you've got the medium-term horizon of about 1000 years when the ocean can no longer sustain phytoplankton and oxygen levels drop to the point that most air-breathing animals will die off.
pippy 17 hours ago 0 replies      
I really enjoy when people take a fresh perspective on things. Climate change has been cited by Pew Research Center as the top greatest threat, and putting a different spin on things will always be nice to try and convince people.

The top reason to reduce carbon emissions is not to reduce global toxicity and prevent climate change. Saving the planet is a bonus. Energy independence creates a stable geo political environment, almost all wars have a root cause of fighting over resources. There's little point in saving the planet if we're going to kill ourselves by the time comes when need to save it.

InclinedPlane 17 hours ago 1 reply      
I believe that man-made CO2 emissions likely have a significant impact on the climate, and we should do something about it, but even so the issue is a very complex one and its politicization hasn't helped. Here's why it's not so easy:

1. The data is crap. What you need is average temperatures and other data (humidity, pressure, cloud cover, albedo, etc.) over the entire Earth down to a fairly small scale. What we have is a mismash of horribly calibrated weather station data near cities combined with limited satellite data and various proxies, all of which has to be massaged a great deal to make it usable. Sea level data has the same sort of problems, nearly impossible to properly calibrate to sufficient precision. The fact that people have poured tons of effort into collecting and attempting to calibrate data doesn't mean the data is actually very good.

2. The models are also crap. A century ago Svante Arrhenius came up with the greenhouse effect theory and did some back of the envelope calculations on its magnitude, coming up with a figure of climate sensitivity of about 2 deg. C per CO2 doubling. Today all of our vaunted climate modelling hasn't managed to come up with a more accurate figure than that. Current estimates are still "maybe 2 deg. C per doubling, with some enormous error bars". Modern models have several problems. The conceit is that climate models are de novo elaborations from first principles and are as rock solid as our understanding of the laws of physics. In practice all climate models contain multiple "empirically determined" fudge factors. They fit the data, they don't predict it. And that's assuming we even had enough good data to really run good prediction checks, which is dubious at best.

3. The climatology scientific community is very problematic. There is little indication of sufficient rigor, and criticizing results is an easy way to get effectively excommunicated from the community. Take, for example, the famed "hockey stick" paper, which has now been thoroughly discredited, but all of the discrediting happened effectively "behind the scenes" and quietly. Science works best when it's open and boisterous. It's surprising that climatology isn't in even worse state given how insular and political it is.

4. Even if we assumed that man-made carbon emissions were going to cause a huge degree of global warming there is still a huge gap between that fact and figuring out what to do about it, which many folks simply skip over. The actual damage (to the biosphere and to human activities) is just as difficult to determine as the climate is to predict. The right course of action to take depends a great deal on lots of different factors: sociological, technological, and economic. Especially since a lot of the CO2 production of the 21st century will come from economies that are climbing out of poverty and into affluence. It may well be the smartest choice to simply continue polluting until the world is richer and more technologically advanced and then consider mitigation strategies.

4a. CO2 emissions may not be, and likely is not, the most important pollution issue everywhere in the world currently. But it gets the most attention and sometimes that makes it more difficult to get traction on other issues.

Meanwhile, there really are serious "climate change denialists" and some of the folks on that side are absolutely terrible. Canadian PM Harper banned government scientists from talking to the press, for example. But the answer to science being perverted for political reasons isn't to simply pervert it in the opposite direction to compensate.

It's just a complete shit-show across the board and I'm not happy with how any of it is being handled at either the level of scientific inquiry or public policy.

calinet6 16 hours ago 0 replies      
Kind of proud that this man signed my diploma.
gsibble 18 hours ago 1 reply      
Where does the 7 million figure come from?
ChrisArgyle 19 hours ago 1 reply      
tl;drEven climate change deniers must face that fossil fuels are polluting our air and water and are eventually going to run out. Investing in clean energy is just pragmatic and doesn't make you a tax-and-spend liberal.
vvanders 19 hours ago 0 replies      
I was kinda hoping there would be a second message down the left side:


chejazi 19 hours ago 2 replies      
Unrelated: Facebook notes look good. I wonder if it's a direct competitor to to Medium / Svbtle.
xlm1717 19 hours ago 0 replies      
Energy in general doesn't look like a good investment in the near future.
j-l- 19 hours ago 0 replies      
I really wonder. So much money and freedom was spent and 7 millions of people are still dying?Smart choice would be Termination, not Terminator.
saosebastiao 19 hours ago 3 replies      
Door 2 is also likely fatal. Most electric motors produce ozone :
kafkaesq 17 hours ago 1 reply      
There are two doors. Behind Door Number One is a completely sealed room, with a regular, gasoline-fueled car. Behind Door Number Two is an identical, completely sealed room, with an electric car. Both engines are running full blast.

I want you to pick a door to open, and enter the room and shut the door behind you. You have to stay in the room you choose for one hour. You cannot turn off the engine. You do not get a gas mask.

I'm guessing you chose the Door Number Two, with the electric car, right? Door number one is a fatal choice - who would ever want to breathe those fumes?

This is the choice the world is making right now.

The choices aren't that simple, Arnold, and the analogy you're making isn't valid, either. Does he not understand that that "clean" electric car requires an energy grid to run on? And that this grid is very far from "clean", and will be for quite some time? And that the process of creating (and decomissioning) electric cars is very far from environmentally harmless, also?

I'm not saying that there's no positive trade-off in favor of electric cars; most likely there is. But fear-driven arguments (even if pointed in the "right" direction) don't help much, and have a similar effect on the brain as carbon monoxide, over time.

buckbova 19 hours ago 4 replies      
If I believe your number:

> First - do you believe it is acceptable that 7 million people die every year from pollution?

Answer this, how many of that 7 million year over year die from carbon dioxide?

This is the major issue with deniers. Carbon dioxide != pollution.


I don't know anyone not in favor of clean energy. I know plenty who warn of government overreaching using climate change scare tactics.

You want to take a stance on pollution, then do that. Don't rant about climate change deniers.

       cached 8 December 2015 16:11:02 GMT