Alex Stamos is a good person who has been doing vulnerability research since the 1990s. He's built a reputation for understanding and defending vulnerability researchers. He hasn't been at Facebook long.
To that, add the fact that there's just no way that this is the first person to have reported an RCE to Facebook's bug bounty. Ask anyone who does this work professionally: every network has old crufty bug-ridden stuff laying around (that's why we freak out so much about stuff like the Rails XML/YAML bug, Heartbleed, and Shellshock!), and every large codebase has horrible flaws in it. When you run a bug bounty, people spot stuff like this.
So I'm left wondering what the other side of this story is.
Some of the facts that this person wrote up are suggestive of why Facebook's team may have been alarmed.
It seems like what could have happened here is:
1. This person finds RCE in a stale admin console (that is a legit and serious finding!). Being a professional pentester, their instinct is that having owned up a machine behind a firewall, there's probably a bonanza of stuff they now have access to. But the machine itself sure looks like an old deployment artifact, not a valuable asset Fb wants to protect.
2. Anticipating that Fb will pay hundreds and not thousands of dollars for a bug they will fix by simply nuking a machine they didn't know was exposed to begin with, the tester pivots from RCE to dumping files from the machine to see where they can go. Sure enough: it's a bonanza.
3. They report the RCE. Fb confirms receipt but doesn't respond right away.
4. A day later, they report a second "finding" that is the product of using the RCE they already reported to explore the system.
5. Fb nukes the server, confirms the RCE, pays out $2500 for it, declines to pay for the second finding, and asks the tester not to use RCEs to explore their systems.
6. More than a month after Facebook has nuked the server they found the RCE in, they report another finding based on AWS keys they took from the server.
So Facebook has a bug bounty participant who has gained access to AWS keys by pivoting from a Rails RCE on a server, and who apparently has retained those keys and is using them to explore Instagram's AWS environment.
So, some thoughts:
A. It sucks that Facebook had a machine deployed that had AWS credentials on it that led to the keys to the Instagram kingdom. Nobody is going to argue that, though again: every network sucks in similar ways. Sorry.
B. If I was in Alex's shoes I would flip the fuck out about some bug bounty participant walking around with a laptop that had access to lord knows how many different AWS resources inside of Instagram. Alex is a smart guy with an absurdly smart team and I assume the AWS resources have been rekeyed by now, but still, how sure were they of that on December 1?
C. Don't ever do anything like what this person did when you test machines you don't own. You could get fired for doing that working at a pentest firm even when you're being paid by a client to look for vulnerabilities! If you have to ask whether you're allowed to pivot, don't do it until the target says it's OK. Pivoting like this is a bright line between security testing and hacking.
This seems like a genuinely shitty situation for everyone involved. It's a reason why I would be extremely hesitant to ever stand up a bug bounty program at a company I worked for, and a reason why I'm impressed by big companies that have the guts to run bounty programs at all.
(and, to be clear, a friend, though a pretty distant one; I am biased here.)
1. Facebook is not going ballistic because this is a RCE report. They have received high and critical severity reports many times before and acted peaceably, up to and including a prior RCE reported in 2013 by Reginaldo Silva (who now works there!).
2. The researcher used the vulnerability to dump data. This is well known to be a huge no-no in the security industry. I see a lot of rage here from software engineers - look at the responses from actual security folks in this thread, and ask your infosec friends. Most, perhaps even all, will tell you that you never pivot or continue an exploit past proof of its existence. You absolutely do not dump data.
3. When you dump data, you become a flight risk. It means that you have sensitive information in your possession and they have no idea what you'll do with it. The Facebook Whitehat TOS explicitly forbid getting sensitive data that is not your own using an exploit. There is a precedent in the security industry for employers becoming involved for egregious "malpractice" with regards to an individual reporting a bug. A personal friend and business partner of mine left his job after publicly reporting a huge breach back in 2012 (I agree with his decision there), and Charlie Miller was fired by Accuvant after the App Store fiasco. Consider that Facebook is not the first company to do this, and that while it is a painful decision, it is not an insane decision. You might not agree with it, but there is a precedent of this happening.
I'm not taking sides here. I don't know that I would have done the same as Alex Stamos here, but it's a tough call. I do believe the researcher here is being disingenuous about the story considering that a data dump is not an innocuous thing to do.
I'm balancing out the details here because I know it will be easy to see "Facebook calls researcher's employer and screws him for reporting a huge security bug" and get pitchforks. Facebook might be in the wrong here, but consider that the story is much more nuanced than that and that Facebook has an otherwise excellent bug bounty history.
Edited for visibility: 'tptacek mentioned downthread that Alex Stamos issued a response, highlighting this particular quote:
At this point, it was reasonable to believe that Wes was operating on behalf of Synack. His account on our portal mentions Synack as his affiliation, he has interacted with us using a synack.com email address, and he has written blog posts that are used by Synack for marketing purposes.
Viewed in this light (and I don't believe Stamos would willfully fabricate a story like this), it is very reasonable to escalate to an employer if they seem to be affiliated with a security researcher's report.
Researcher: "I found a way to unlock your door" Facebook: "Thanks, here's $2500. We've now fixed the problem." Researcher: "Oh, BTW when I unlocked your door I rifled through your stuff and found your passport, your banking details, and a lot of personal information. I've kept copies of these. I also found the keys to your car and looked inside, where I found a box in the trunk. That box contained sensitive documents including an employee badge / proximity card. I used this card to gain access to your workplace. In doing this, I also managed to get into the janitor's closet which had a set of keys. I used these keys to get access to the complete building and took a look at all the HR files and rifled through a bunch of corporate contracts." Facebook: <gobsmacked> Researcher: "Can I have my million bucks now?"
He claims to have downloaded the content listed below. And he is surprised that Facebook responds coldly? Note the string "private keys" in this list... Doesn't the author know how long it will take them to recover from this breech? How much it will cost them?
On the other hand, it does sort of re-enforce the idea that he should be paid handsomely, doesn't it? :)
* Static content for Instagram.com websites. Write access was not tested, but seemed likely. * Source code for fairly recent versions of the Instagram server backend, covering all API endpoints, some image processing libraries, etc. * SSL certificates and private keys, including both instagram.com and *.instagram.com * Secret keys used to sign authentication cookies for Instagram * OAuth and other Instagram API keys * Email server credentials * iOS and Android app signing keys * iOS Push Notifications keys * Twitter API keys * Facebook API keys * Flickr API keys * Tumblr API keys * Foursquare API keys * Recaptcha key-pair
Alex's timeline seems like it matches what I wrote earlier:
This is the fastest and easiest way for Facebook to stop good submissions to their bug bounty program.
We'll probably never see a post mortem on this but it'd be interesting to hear how this got moved to production...: was the Sensu admin panel a nice scaffold for internal use and by the time they decided to make it remote, everyone just assumed the secret key had been changed at some point?
I imagine the initial report by his friend that the server was accessibly would not be a very high paying bounty compared to one accessing the server. But how deep is too deep?
October 24th: Server no longer reachable. Tested keys and they still worked, assumed to have went on a download spree.
Seems like this is the biggest issue with how Facebook handled this case. No one looked to see what Wes accessed when he logged in with the weak credentials? No one realized he could have accessed the AWS key?
To treat what Wes found as a minor bug and then fuck up like that is sort of hilarious.
Facebook really needs to go the way of myspace if they keep this sort of behavior up.
How can a CSO at Facebook legitimately tell a CEO of another organization that a vulnerability of "little value" was found when the researchers has your signing certs? Does he lack relevant info or is he just incompetent?
This is tantamount to mafia tactics. Hint, hint, we're facebook so get your people in line or else.
This was his mistake. This is a huge no-no. You never dump data unless you have permission. It's against the terms of most bounty programs.
I'm always curious about what sort of internal pressures would lead people to take a well-reported bug that the author did not take malicious action on and blow it up to the point that the CSO is getting involved.
This is why many security professionals become disillusioned with bounty programs. This story is not uncommon at all.
Bounty programs, while presenting a tempting incentive to practice one's skills are a very poor income strategy.
You are essentially working, unpaid, for organizations who are just as likely to ignore you (or report you to law enforcement) as they are to pay you for your findings.
No wonder so many young talented security pros are easily tempted to trade their findings for the safety of a crypto transaction with an anonymous buyer than they are to submit them through official channels.
Look at his timeline again.
He tested the AWS creds in October.
They shut the server off on October 24.
He reported the AWS creds in December.
Did he tell them about the AWS creds before then? His mails don't say that he did.
If he didn't, why didn't he?
Something like this makes you suspect a deliberate backdoor. Can the person who put this into Ruby/Rails be identified?
 http://robertheaton.com/2013/07/22/how-to-hack-a-rails-app-u... https://news.ycombinator.com/item?id=6110386
Your actions are detrimental to your relations to such good mannered external security researchers who are helping you keeping you infrastructure safe from the bad guys. You should have been a little more sensitive and a lot more generous that you have been.
On one hand, this signals to anyone else who might want to disclose security issues that Facebook bounties don't pay out anywhere proportionally near the full potential damage impact of the issue.
On the other hand, if they pay out a lot more now, they're signalling that if you find a vulnerability, you need to dig deeper in order to have insurance in case Facebook gets stingy.
Probably the best outcome would have been to pay out a more proportional bounty, even though Wes' exploration was beyond what's generally acceptable, so that Facebook's bounty program reputation is preserved.
That or press criminal charges to discourage any other researchers from going over the line.
That to me is entirely unacceptable, if you want to threaten someone then have your legal team send them a cease and desist. Don't go after their livelihood.
However, the biggest issue I see here is that the author (in their own timeline at the bottom of this post) says that they discovered the AWS keys on October 24, yet they did not report this to Facebook until December 1 (in the meantime, they were having various discussions with Facebook about whether their other submissions were valid). That is seriously concerning behavior, if you find come across some live AWS keys this should be reported immediately, you should absolutely not just sit on them for over a month as if they are some sort of bargaining chip.
Why get mad about a "low level bug"... I mean, if you can dump private user pics from a photo sharing app, how is this low level? really?
It's also pretty clear that the researcher shouldn't have dumped data although most likely he reserved this hidden card for later since he was expecting the lowball... but there are smarter ways to reply to lowballing.
IMO poorly managed on both parts.
Between stories like this demonstrating companies' apparent lack of understanding of whitehat infosec, and Weev's incarceration demonstrating the American legal system's apparent lack of understanding of whitehat infosec, it's hard to believe people still participate in such endeavors.
If indeed only credentials and technical information were obtained, all aimed at finding more security issues, Facebook should be thankful for finding all the vulnerabilities across all their security layers.
edit: if it's indeed true, but I have my doubts that's the case. Hard to say either way.
We should have "pastebin hat" list and Facebook should definitely be on it.
The problem with humans is that they will rather go extinct over such things than behave properly. You could try to teach us by painful example but death will probably come first.
What he did is impressive. But the results are not that outlandish for a talented person.
1) Hook up a computer to the CAN-Bus network of the car  and attach a bunch of sensor peripherals.
2) Drive around for some time and record everything to disk.
3) Implement some of the recent ideas from deep reinforcement learing [2,3]. For training, feed the system with the oberservations from test drives and reward actions that mimick the reactions of actual drivers.
In 2k lines of code he probably does not have a car model that can be used for path planning  (with tire slippage, etc.). So his system will make errors in emergency situations. Especially since the neural net has never experienced most emergencies and could not learn the appropriate reactions.
And guess what, emergency situations are the hard part. Driving on a freeway with visible lane markings is easy. German research projects autonomously drove on the Autobahn since the 80s . Neural networks were used for the task since about the same time .
The biggest thing here IMO is this is self-funded. Any startup trying to do what he is doing in this environment would have raised $50 Million, hired 100's of engineers from top notch schools, become accepted in YC, and have Marc Andreessen, Paul Graham, Sam Altman and all singing their praises.
Kudos to him for being self-funded.
Yep, he's still in his twenties.
Self-driving cars (in some form or the other, under some loose definition of "self" and "driving") have been around since the 20s. But it still remains a vexing problem.
It is quite easy to program a car to stay between 2 cars and follow the car in front. It is quite another to have the same car drive on (a) a road without lane markings; (b) in adverse weather conditions (snow, anybody? Hotz should take the car to Tahoe); (c) in traffic anomalies (ambulance/cop approaching from behind; accident/debris in front; etc. etc.); and so on.
No offense to GeoHot, but I'd love to see his system work in rush-hour 101 traffic; or cross the Bay Bridge, where (coming to SF) the lanes merge arbitrarily.
The key challenges are not only to drive when there's traffic; but to also drive when there's NO traffic, because lane markings, etc. are practically nonexistent in many places.
Having said all that, I still admire his enthusiasm and drive(no pun intended). Tinker on!
The testing of a hacked-together system on the public road is not. He probably won't kill anyone, but if he were to I suspect he'd get the book thrown at him in the way that everyday death-by-DUI drivers don't.
Actually I'll go futher with this criticism: we've just seen drones being FAA regulated because users were unable to refrain from doing dangerous or nuisance things with them, such as flying near airports. DIY self-driving car research is similarly likely to damage the concept if it goes wrong.
His name was JB Straubel, and nowadays he's Tesla's CTO.
Best of luck to Hotz!
Geohotz makes a decent point. The way the industrial revolution reduced manual labour, and made thinkers and tinkerers much more valuable, the advent of AI (true AI, mind you, not the tiny stuff that we currently assume) might actually make us obsolete. It is a peaceful and yet terrifying thought.
>Dude, he says, the first time it worked was this morning.
I can't tell if this is a joke or unbridled hubris. Either way, self driving cars seem like a new hacker space.
> I appreciate the offer, Hotz replied, but like Ive said, Im not looking for a job. Ill ping you when I crush Mobileye.
> Musk simply answered, OK.
I have to agree with Elon here, Hotz is such a good fit there. But Hotz knows best, if he thinks he can take down Mobileye then he did the right decision, sucks that Tesla wouldn't back it. I'm sure other car companies would buy Hotz's software
Also pretty cool he's working in his garage :P.
What to communicate? I'm not sure, to be honest. Road conditions or notifications of the position of obstacles is one obvious thing. Advertising the current version of the software and pushing signed OS upgrade binaries is another. Voice/Video chat with other vehicles in range would be cool, as is media syncing and discovery.
Building in some kind of Bitcoin based payment protocol would be fun too. You could load your cars Bitcoin wallet with some funds and tip cars around you all over the LiFi.
I'm not saying you need to build all that stuff, just put in a good hackable messaging protocol into the system before wide release :-)
Great work man. Good to see people with a good hacker ethos accomplish really cool things.
He seems like a good person to get into business with. He's so non-judgmental. Reminds me of myself and all the stupid things I said to VCs in my 20s.
I'm not sure those two are equally horrible though - fixing complex bugs requires using lot of skills and the high you get when you finally nail it is nothing to miss.
Getting people to click on ads though - that's genuinely depressing.
Usually before you are allowed to use something like this on a public road your stuff has to be tested and approved by the state. At least this is how it is in Europe, does this not matter in the states?
>Sitting cross-legged on a dirty, formerly cream-colored couch in his garage, Hotz philosophizes about AI and the advancement of humanity. Slavery did not end because everyone became moral, he says. The reason slavery ended is because we had an industrial revolution that made mans muscles obsolete. For the last 150 years, the economy has been based on mans mind. Capitalism, it turns out, works better when people are chasing a carrot rather than being hit with a stick. Were on the brink of another industrial revolution now. The entire Internet at the moment has about 10 brains worth of computing power, but that wont always be the case.
George Hotz working his magic on the computer is the most fucking legit thing I have seen in my life.
Like the article said it sure beats writing code to make people click ads or fixing some obscure deadbeat bug in some useless software which nobody uses.
He thinks machines will take care of much of the work tied to producing food and other necessities. Humans will then be free to plug into their computers and get lost in virtual reality.
This has echoes of J.R.R. Tolkien:
Anyway all this stuff is mainly concerned with Fall, Mortality, and the Machine. By the last I intend all use of external plans or devices (apparatus) instead of development of the inherent inner powers or talents -- or even the use of these talents with the corrupted motive of dominating: bulldozing the real world, or coercing other wills. The Machine is our more obvious modern form though more closely related to Magic than is usually recognised. . . . The Enemy in successive forms is always 'naturally' concerned with sheer Domination, and so the Lord of magic and machines.
That stunt is also what lead to a coordinated attack against PSN that took the service down for more than a month.
If we could move the liability to the car itself, then maybe we could just add the car to its own insurance policy, you know, as if it were a dependent, like a teenage driver.
I'd not be surprised to see some interest and support from nvidia on this (if not, then they should REALLY look into it).
Except the law when it comes to exceptions for being in control of your vehicle at all times. Somebody take this guys license before he kills someone due to a divide-by-zero. Testing this in an abandoned parking lot would be ok with me (probably still against the law but fine). In traffic is a definite no.
Really? I did not expected this from him. Why don't he put his sensors\cameras\kit on few other hundred\thousand cars and pay them some money or get some early adopters.
Why am I seeing Ubuntu on Screens of developers, experts, et cetera in Cover Stories such as these, most of the time with the 100% plain Ubuntu Desktop with all the craziness that comes with it?It feels like this is the case 90% of the time. Two more (recent) examples I can remember:
1) Fyodor (Guy behind nmap) running plain Ubuntu on a Notebook while giving a speech at a conference
2) Developers at Honda (Video was an Asimo promotional video) running plain Ubuntu
Since in my personal opinion Ubuntu is not the technically superior choice in these cases (though that can be debated), it can not simply be explained with it being backed by a company, there being support you can buy for the system if you need it.
What motivates technically extremely skilled people to use "Plain Ubuntu" instead of one of the many alternatives?
I really don't understand, please enlighten me!
(I actually think it's worth "spending" some Karma on this if I for once get a satisfying answer)
I imagine there will still have to be some hard rules in case the AI encounters edge cases.
They had the solution available to them from day one. Since they can clearly identify third-party bulbs, they could have simply presented a warning along the lines of "We've detected you're using bulbs that are not certified by Philips. For best results, we recommend using only certified bulbs (link to purchase here) and cannot guarantee a quality experience with the bulbs you've purchased. Click "OK" to continue."
I'm sure that third-party products were causing problems, however, wholesale blocking of them via software update is a terrible solution. They, literally, turned out the lights on their customers. Meanwhile, I'd be willing to bet support costs immediately spiked -- people call support when things don't work and they just pushed out a solution that increased rather than decreased that.
Unfortunately, I think they've bruised their reputation quite a bit with this move. It's now delayed my purchase of such a product until I am convinced that they have a solid third-party certification program in place (with very low licensing fees) or (even better) a guarantee with the product that they won't try this again when the market is more mature and they have the option of ignoring complaining customers.
Their competitors could see a rise in sales by taking advantage of this blunder and committing to open protocols. I haven't looked at the landscape in this category, yet, and had just assumed I'd be buying the Philips Hue eventually, but they've motivated me to do more research.
At least in the future they'll be able to stick to "if it's not certified by us..." for customer support, which was likely the original impetus (along with a desire to cut off cheap alternatives to their devices).
I'm not mad at this at all.
With this as the background, it's surprising to see a large crowd defending the equivalent of Ford-branded gasoline.
They have proven they can't be trusted with this sort of power, and that is a one way trip. You don't come back from that, you don't get back off my list.
Do they really believe it is a small number of customers that use non-Philips light bulbs? I mean, good for them in reversing the decision, but the damage is already done (check out Amazon reviews for one) and it should have been easily foreseen.
Hat down to whoever made this happen over there! The world is better when things are open.
3/5 stars: http://www.amazon.com/Philips-455303-White-Starter-Generatio...
4/5 stars (previously 4.5/5): http://www.amazon.com/Philips-456210-Ambiance-Starter-Genera...
In order to do it properly, there should be standards that major providers agree upon making integration much easier and predictable. That takes plenty of time.
Then you probably need some walled garden to control the experience. Approved apps, approved 3rd party providers, etc. If some crappy app is released, regular users won't blame the developer but the platform, as it was discussed in great details in other threads. We need to get out of the HN bubble. Seriously. We forget that a computer is a device to watch porn and browse facebook and that's about it for A LOT of people. Chances are, it will cause a wave of anger in communities such as this one (where there's a strong sentiment for open systems).
This work has to be done be a number of large providers (read: long processes) and followed by startups popping up and disappearing now and then. This stuff always takes time.
They got many people very pissed off and probably never buying or building products with their chips again.
Who writes these things, and why do their supervisors allow them to keep working there?!?
It's like connecting to your office chat with an IRC client because you figured out that's what they are using under the hood. Why would you scream bloody murder when one day your IRC client stops being compatible with it? They never advertised this to begin with!
You can't exactly demand functionality that you were never sold.
This LiveScience article is an easily read summary that also mentions a critique of the approach.
Given the unfortunate history of falsified Korean scientific research, it would be prudent to withhold judgment until these results have been reproduced in other labs around the world.
Looks interesting research but I'm sure this stuff probably can't be that good for you!
Of course this is only small part of the paper and I have no training to appreciate it more.
If Alzheimer was simply a deficiency of nutrients, I wouldn't think this way, but if it really is a protein that "can be cleared", why did it get there in the first place?
The test for alzheimers for the first study (previously reported but summarized again) was to quantify how much the mice deviates from solving a maze that they have been trained to solve.
In the first they injected amyloid beta aggregates into mouse brains and found that EPPS administered orally at 30 mg/kg and 100 mg/kg restores the ability of the mice to efficiently solve the maze.
Next they tested toxicity quantified the amount of EPPS that passes the brain/blood barrier. For toxicity they found no signs of toxicity at 2000 mg / kg (20x dosage). For blood/brain barrier, as you go up in blood concentration you should go up in brain concentration if there is a good penetration from blood to brain. If the barrier is high then you immediately get high blood and low brain concentrations. The point where there is no longer a significant increase in brain concentration when increasing blood concentration is used to determine effective dosage concentrations. They found that at 100 mg/kg they were starting to see increased blood/brain ratios so they targeted 10-100 mg/kg for the next study.
MAIN STUDY (which included identifying the dosage level) used mice that were engineered to "get Alzheimer's" starting around 5 months of age because they produce a human gene (transgenic) that is a precursor to form the AB plaques. This transgenic model is established and the mice showed the expected amyloid beta plaques and had difficulty solving the maze at 10.5 months as expected.
Starting at 10.5 months they gave oral doses of EPPS at 10 mg/kg and 30 mg/kg and monitored maze solving along with several additional tests: likelihood to freeze when presented with negative input (fear conditioning) and ability to find hidden platforms when swimming (water maze). Both tests improved significantly to the wild-type (no Alzheimer's) level when taking EPPS. They also did dose dependency at .1 1 and 10 mg/kg. There was a steady improvement at higher doses.
They also took slices of the mouse brain and tested whether or not the neurons responded differently to electrical stimulation. They found no difference in wild-type (WT, non-genetically altered) or transgenic (TG, altered) response to electrical stimulation with and without EPPS. This hints at no difference in neural activity with or without EPPS. They also gave EPPS to WT for the behavioral tests and did not see a difference (although that was not shown in the behavioral test figures).
They also took slices of the brain and stained them with a fluorescent dye to show the Alzheimer's associated plaques. There is a significant quantifiable reduction in plaques in the treated mice.
They used several other techniques to confirm that they were actually AB plaques and they disaggregated by a specific site of activity. I won't go into those specifics, but to say that this was a VERY well designed and executed study across multiple lines of inquiry and all of the lines of inquiry point to the same conclusion:
EPPS rescues hippocampus-dependent cognitivedeficits in APP/PS1 mice by disaggregation ofamyloid-b oligomers and plaques
And that's why it's a Nature article.
It is interesting the way in which various groups leap upon some research reports but not others. The challenge is always having the context for the broader state of research to understand whether it is meaningful or new or not.
The present mainstream view of Alzheimer's is that amyloid (and tau) clearance is the way to go. Immunotherapies are the most developed tool, but that is so far proving to be hard - it is too early to say whether failures in clinical trials are because it is hard or because amyloid clearance isn't as useful as thought in this condition. Which could be for any number of reasons including that amyloid-related biochemistry is the problem, but clearing a particular variant or stage of its aggregation doesn't touch that problem area.
Amyloid levels in the brain are in fact highly dynamic on a very short timescale. That Alzheimer's develops slowly supports the view that the condition is a slow degeneration of natural clearance mechanisms, such as the filtration performed by the choroid plexus, or the more recently investigated peristaltic passage of fluid out of the brain by other channels. E.g.:
On that latter point, the Methuselah Foundation just a few days ago seed funded a startup company that will investigate whether reversing the degeneration of peristaltic fluid passage with aging will improve clearance and thus stop the progression of Alzheimer's. It's based on as yet unpublished work by Doug Ethell at GCBS Western who presented at Rejuvenation Biotechnology 2015 ( http://www.sens.org/files/conferences/rb2015/RB2015-Program.... ), and has the merit that it should be a fast failure if the theory is wrong, unlike many of the other efforts in Alzheimer's research.
I'm think more in terms of computer simulation?
From "top 3% of coders" to "your product will get 1st spot if you scratch our back with a small slice of the pie or counter-promote our product with yours" to "we will only invest in you if you get referred through an acquittance of ours", the game surely does feel more rigged each day.
The upper echelons of tech sure does share more similarities with high-finance then they would like to admit...
This is an odd racket, to say the least.
Re/code wrote a relevant article a few months back (http://recode.net/2015/06/18/product-hunt-the-startup-kingma...) about Product Hunt elitism, which I was interviewed for and the response from the PH team to the article was essentially "haters gonna hate." It's disappointing that nothing has changed since then, and arguably, things have gotten worse.
Product Hunt is a new, closed, exclusive startup community run by a for-profit company that will eventually have to start selling you something.
Not sure why people complain about PH so much... just don't use it. There already is a perfectly good community of startup people out there that has much more incentive to stay "pure" than a for-profit one. Sure, HN isn't perfect, but fundamentally it is always going to be better than any for-profit communities.
(And also this obligatory comment: If you want to build a successful company, stop wasting your time browsing startup communities and spend your time talking with users and building your product)
I'm almost never harsh to a fellow founder but I thank God Ryan Hoover doesn't weild much influence. Wrong hands to expect equity or fairness.
I'm following up with you about your post on PH.
There is insane bias towards outsiders of the club. Here is my case in point.
I submitted my startup https://callbase.co up to FIVE times and it was never approved. However aircall.io a competitor has made the front page TWICE in that period.
Of course having a handle @OoTheNigerian does not help :D
As at the time my second submission was being rejected, Mattermark's Newsletter was making the front-page as a product (1 of 5 http://www.producthunt.com/tech/mattermark-4#!/s/posts/matte...). Yup, ridiculous. (i have absolutely nothing against the great work Danielle is doing).
This is one of several.
I sent Ryan (copied) a stongly worded email after several ignored ones and he "offered" to allow mine through on a weekend. Lol.
This is just a case in point how hard outsiders (I live in Lagos, Nigeria) find it in the quest for success. Silicon Valley is a meritocracy but you have to be seen first to be considered. No?
Of course, it is his platform and can do whatever he wants with it. However, it should be clear to him what he is doing. Perpetuating the cycle of the powerful being more powerful.
It would be nice to see the demographic representation of his all powerful voting clique.
After reading this Ryan may (or not after seeing this) now go posting about us when we may be asleep or not ready.
Great write up BTW!
Go back a few years and everyone used to talk about their struggles getting featured on TechCrunch; I didn't believe it was make-or-break back then either.
Do people take PH seriously?
Ryan Hoover has not only outsourced VC product discovery, he has outsourced its class system too. It's incredibly disheartening to be outside the loop, trying to get your product noticed, and submitting it to what you think is a free system only to have other products by well-connected insiders block it out.
When I saw Hoover and Jason Calacanis congratulating each other on Twitter I knew immediately what was going on. Despite multiple emails, Hoover wouldn't even give me access so I could comment on competing products. I'm glad this is coming back to bite him and his investors too -- they went along with it.
I don't expect anything to change because sites are a reflection of the personality of the people who run them and Hoover has already shown he is completely corrupt. Meet the new boss, same as the old boss.
An independent contender in the war for eyeballs/voice in the hacking/tech/entrepreneurship community -- how exciting! I would imagine while their motivations might be similar to what YC wants with HN (distribution, influence), they could possibly open up and serve new members in the ecosystem that aren't, can't, or don't want to be a part of the HN/YC pipeline.
Building a working group of heterogenous independent sources to serve new and exciting topics is important to breaking out of the echo chamber we so often create for ourselves within tech. I was hoping Product Hunt could bootstrap the entire venture, stay clean, and true to the spirit of a meritocracy.
Then they went through YC, and now I see the same "influencers" there as I do here, with the same system in place to promote their own vested interests. It just makes me slightly sad that the pressures of succeeding create collusion among players in this market, thereby perhaps obscuring the potential for new/interesting/different emergent technologies/startups to thrive.
Among my peers, over time PH has become less of a community set out to serve the good of the people, and instead has become more of a pipeline for quick sales or testing new ideas, leaving a feeling of what can only be described previously as the "Tech Crunch of Initiation".
Product Hunt has essentially supplanted Tech Crunch in the YC/TC relationship of yesteryear, albeit to an even more perilous extent. Products are no longer vetted by working professional journalists, whose obligation should be to the consumer and not the producer, but rather by the very product's investors, advisors, and "insiders".
We therefore must ask what is the value-add here? Is it truly a wonder that it proves marginal, and perhaps even detrimental, to the long term success of the startup community as a whole?
He seems like a super well-intentioned person, so I'm surprised to read all of the commentary here on HN. Am I being duped by some Product Hunt scam that I'm completely oblivious to?
Someone submitted my site to PH a couple months ago, it got up-voted 20+ times in that "upcoming" area but never was moved to the front page. I believe it ended that first day with more up-votes than some of the products that were featured.
I reached out to the PH guys on twitter and they told me to get more people to vote for it or something to that effect. I noticed a few of products jumping straight to the front page without the upcoming purgatory.
I have read a number of comments writing these issues off to the fact that PH is a "for profit" company. I think that is a bit too jaded an opinion to have no expectations for this to ever be different. My understanding is that Reddit does not suffer these same issues. I think a for-profit venture could actually benefit greatly by being transparent. I think it would take founders that are looking further down the road than the PH guys appear to be and not getting caught up in the immediate gratification of glad-handing and being part of an 'inner elite.'
Full disclosure, I still look at PH pretty regularly. :-p
Mostly what they're selecting for is "is this of interest to our audience" - of which said audience is currently mostly free tech / designery / social type things (even as they start to add more categories).
While it's nice to be featured, it's quite unlikely to bring you a large amount of traffic and/or signups. A submission to a decent sized sub-reddit will likely drive 2x the traffic that ProductHunt will, a submission to BetaList more signups and a front page HN post 10x.
If there's a reason to get featured it's to try and get some feedback from the community (if they're your audience) as they tend to be quite helpful.
It appears in this instance my general cynicism of all-things-Marketed is confirmed.
But what would an alternative world look like? Is the industry trapped in some product placement local minimum?
What if we could trust online reviews by default? Would the same industry make more money or less, or would it just go to different people?
Often, defenders of invasive advertising say "it informs people of products which are relevant to their interests". Shouldn't then advertisers promote integrity in their other Marketing venues as well?
It's like a boy's club where they pass around the neighborhood bike for everyone to ride, only to find another one after they're all done riding it.
Even more so, I've seen more "here's a landing page, we haven't even a git repo yet, just trying to validate the idea, so give us your email" shit on PH than I would on Reddit.
Really what should tip people off even more is the inability to comment. If the viewers of the site cant actually interact, since commenting is only allowed for approved" users, they should realize that the whole thing is just a scam.
See any ads on Product Hunt? See any monetization strategies? Oh wait, the whole website is an ad, and only those in the know or those who pay will get featured.
I don't get why people think PH owes them in any way. Yes, it's all about curation. But yes, anyone could post there, provided they have a good product and they socialize a bit.
And this is what this is about. To me, PH is a social network for founders. They show off their project, discuss it and get feedback.
To all the people blaming how it's not egalitarian: would you create a twitter account, avoid engaging with anyone, then complain nobody is following you?
The same applies than in any social network: if you want people to get interested in what you're doing, start with being interested in what they're doing, and chat, a lot.
Has anyone seen any value come from PH?
0 - https://news.ycombinator.com/item?id=7980403
1 - https://news.ycombinator.com/item?id=8047647
Finance and the stock market is rigged the same way. A select few (the rich) get inside info, reporters and analyst write and give positive/negative spin on companies and profit, traders screw their customers, it is everywhere. Different market, same behavior.
Looking through old threads I found this cracker of a post in reply to Ryan about their "anti voter ring policy" - which his tweet seems to counteract. https://news.ycombinator.com/item?id=9932641
Or maybe this is a case where now that I know the name I'll see it everywhere. Funny how that works sometimes...
This can't be entirely true. I see featured posts on PH that are nothing more than "Version 2" of some previously featured "products". But the links go to the same place.
PS: Apparently you have to email email@example.com
Oops having read the article - wow - Payola Hunt! https://en.wikipedia.org/wiki/Payola
Are some of these folks so powerful that if you tweeted at them that they're backing a corrupt bro-club you'd lose any chance of funding?
0 - https://www.producthunt.com/about
This can be useful for future projects (such as finding funding), to increase their standing in the SV community, and to establish themselves as marquee valley power brokers.
In this sense, it doesn't make much sense to add more transparency and voting control to ordinary users.
This is pure speculation and assumes the worst. So take this with a grain of salt.
Fed can continue to push on the supply side of money at the bank/institutional level all it wants. We need the Federal government to stimulate aggregate demand at the consumer level. How? Investing tax dollars in a smarter manner. Not raising the interest paid out on short term bonds so that institutions are incentivized to keep even more money in bonds rather than putting them to work in the economy.
Monetary policy needs to work hand in hand w/ fiscal policy. I feel bad for the Fed...its decisions are largely restricted and inconsequential when gov spending is broken, yet it receives all the attention and the blame.
As CNBC reported , "a change in the federal funds rate will have no impact on the interest rates on existing fixed-rate mortgage and other fixed-rate consumer loans, a Wells Fargo representative told CNBC. Existing home equity lines of credit, credit cards and other consumer loans with variable interest rates tied to the prime rate will be impacted if the prime rate rises, the person said."
The good news: the rates on mortgages, auto loans or college tuition aren't expected to jump anytime soon, according to AP, although in time those will rise as well unless the long-end of the curve flattens even more than the 25 bps increase on the short end.
What about the other end of the question: the interest banks pay on deposits? Well, no rush there:
"We won't automatically change deposit rates because they aren't tied directly to the prime," a JPMorgan Chase spokesperson told CNBC. "We'll continue to monitor the market to make sure we stay competitive."
Bottom line: for those who carry a balance on their credit cards, their interest payment is about to increase. Meanwhile, those who have savings at US banks, please don't hold your breath to see any increase on the meager interest said deposits earn: after all banks are still flooded with about $2.5 trillion in excess reserves, which means that the last thing banks care about is being competitive when attracting deposits.
I'm surprised this story has gotten so many votes so fast. This rate hike was widely predicted, as intentionally as the fed could by law so that they don't impact the markets too much.
Alot of people think this is the first of a few small rate hikes we'll see in the next 12 months.
IMHO, this is good news for the US economy,
- it will help give the the fed some wiggle room/ammunition to soften the fall when the next recession hits
- a slowly raising rate could stimulate the economy by convincing companies to spend now on large projects rather than wait, ditto for housing/consumers
Having said all that, keep in mind the rate hike is only 0.25% upping the overnight rate to 0.3% so this is likely to have an almost negligible impact on the every day consumer.
Suppose if Fed plan to gradually raise interest rates to 2.0% to 2016 year's end; and with that corporate investment bonds, municipal bonds yield also rising to match and go beyond that baseline.
Then, how attractive would VC funds be for mutual and pension funds in relation to other investment alternatives: a) bonds, b) publicly-traded companies following general market trends, c) REITs, d) commodities and precious metals?
For comparison, major Internet IPO's since inception:
ETF Tracking since ETF inception:
SOCL (ETF for Global X Social Media) (-38.8%) vs. SPY (+62.93%) vs.TLT (+1.85%);
FDN (ETF for DJIA Internet Fund, but distorted to contain established Internet companies; GOOG) (+267%) vs. SPY(+65.62%) vs. TLT (+44.18%)
Winter is indeed coming for those that don't have a business model, and that's a good thing.
To word it differently, did the Fed blink or are the underlying indicators where they want it to be?
 Given the cyclic nature of recessions, we seem to have artificially delayed it a bit.
But if you want to feel pessimistic about the hike, here's the corresponding Zerohedge 'article': http://www.zerohedge.com/news/2015-12-16/fed-hikes-rates-unl...
My reasoning for this is that given that banks were borrowing at near zero, could they have had no real reason to put all the borrowed money to work since it wasn't costing them anything to hold it in reserve for later when the rates did increase? Now that the rates are increasing would they not have to use the money a bit to ensure they stay ahead of the interest rates. I was also thinking that there is a threshold at which banks wouldn't have any more money that is just sitting there and having to borrow at higher rates reduces their demand for new funds from the fed thus undoing this initial effect to the hike.
Hopefully this isn't completely naive. Please let me know if I'm misunderstanding how the fed and banks relationship works.
In the latter case, I think that will cause inflation to pick up unless we can export it all out the trade deficit.
You get the picture by now where's the Fed's loyalty lies in this reverse Robin Hood wealth redistribution scheme. Isn't capitalism wonderful?
The reason I think this book is nicely packaged bullshit is because it presents exceptions as rules and then tries to build a theory out of it.
I wish it were as easy as Dr. Dweck describes it, but there are gotchas.
I can agree with the distinction of 'fixed' versus 'growth' mindsets (although... .. how do you measure that?), but that success is guaranteed if you believe and try... Not necessarily. Ask 9 startup founders out of 10.
Not achieving "success" (failing) is rarely free: it leaves emotional and physical scars.. Repeat it a couple of times and you're either dead or on your way there.
No, success is not guaranteed even if you try many many times times, even if you train a lot and believe a lot.
In fact, the rule is this: No matter how hard you try, you might still lose. Sorry about that.
And the reason for this is not mindset - the reason is your definition of success. If you try to win at the wrong game, you will probably lose at it. So pick your game wisely.
Of course, a fixed mindset will only land you some semi-boring job, a family, a couple of kids and a lot of mainstream entertainment.. I guess that's the definition of "failure" these days... But is it ?
By the way, if you want useful advice about how to be successful in life, Bill Gates is a very bad choice. It might be counterintuitive at first, but think about it ... As a bird, is it smart to fly around with your mouth wide open in order to catch food... because that's what the whale does ?
I know this for a fact because as I become more sceptical/pessimistic over time, my achievements increase. If I was a blind optimist, I would probably fail as soon as reality reared its ugly head.
If someone is really lucky throughout their lives, they will have an optimistic view about the world and the people around them.
Unfortunate people might find a statement like this offensive because they know for a fact (based on their own experiences) that this isn't true - It's almost like saying "It's your fault for being poor; it's all in your head!".
"Bill Gates: No. I think after the first three or four years, it's pretty cast in concrete whether you're a good programmer or not. After a few more years, you may know more about managing large projects and personalities, but after three or four years, it's clear what you're going to be. There's no one at Microsoft who was just kind of mediocre for a couple of years, and then just out of the blue started optimizing everything in sight. I can talk to somebody about a program that he's written and know right away whether he's really a good programmer."
So Does Bill still believe this or is he a hypocrite in hiding ?
Point being I can say to you "adopt a growth mindset", you do it, but it doesn't work and life throws you 'a curve ball' again and again. Doesn't mean my hypothesis was wrong, and doesn't mean you didn't follow through properly. We can both be right in this case.
All it means is, we should act as if our actions/thoughts count, but accept it as a fundamental property of the universe that they may not 'bear fruit'.
All we can do is embrace the chaos^
^ as in chaotic systems
In the Bloody Obvious Position, someone can believe success is 90% innate ability and 10% effort. They might also be an Olympian who realizes that at her level, pretty much everyone is at a innate ability ceiling, and a 10% difference is the difference between a gold medal and a last-place finish. So she practices very hard and does just as well as anyone else.
According to the Controversial Position, this athlete will still do worse than someone who believes success is 80% ability and 20% effort, who will in turn do worse than someone who believes success is 70% ability and 30% effort, all the way down to the person who believes success is 0% ability and 100% effort, who will do best of all and take the gold medal.
It might seem pedantic, but I worry that propagating this loose interpretation will lead to many people believing their positive "growth" attitude, and not years of concentrated practice, is enough to grow.
When you look at things like Japanese martial arts, it's all about learning from someone more experienced and lots of hard work. The limiting factor is your endurance, and the general sentiment is that "if someone learned before me, I can too".
I highly recommend a summary, unless you think you'll benefit from reading twenty examples of the same concept. It's one of the few books that I started but didn't finish this year.
Couldn't agree more with this specific example. But you shouldn't ignore reality either. A man with no legs is not going to win the 100 meters at the Olympics. Understanding where your potential lies is important for deciding where to invest your effort. That doesn't mean he can't improve at all though.
Especially in things like math, there is a popular belief that you need some kind of 'math gene' to be decent at it. There is little evidence that there are math specific genes beyond general learning ability.
[Same genes 'drive maths and reading ability'] http://www.bbc.com/news/health-28211676
Sadly, in a lot of cases this will lead to a self-fulfilling prophecy where you will stop trying to improve your math skills because you weren't "made for it".
But that's really more a problem of a false belief that these things are set from birth. A blind belief in 'I can do anything i want despite the situation or environment i am in!' isn't going to help anyone. I would advise the runner with no legs to invest his precious time and resources in something other than trying to win the 100 meters at the Olympics.
Expecting a person with severe learning disabilities that they can go work at a top HFT shop or a paraplegic that they'll be able to beat the world record for a 100 meter dash is the kind of goalpost that is being set for many children that are born disadvantaged. Bill Gates may have been studying what keeps the world's poor the way they are for a long time but there are a lot more factors that keep people down than just simply motivation.
Part of why I haven't started a company yet is out of fear of kind of literally destroying my life and others around me. The sheer amount of work that you put into a company is one thing, and not having the closest people you know be supportive of the work you do puts you into a position where you must either be so secure that failure is not a problem or that you must succeed on a first try.
Reid Hoffman's tips on when you DON'T want to start a company come to mind. Some of those criteria include "if you cannot get another job" or "you will put yourself in harm's way by doing so" (paraphrased, can't find the slides he had). So for the poor, despite having not much to lose in theory, they do have everything to lose in that their lives are all they can give up in the absence of capital or remarkable domain knowledge / skill advantages. Risk tolerance for the poor is actually very low thusly.
Maybe schooling is stuck in a local maximum, because we don't do things like this, because its not socially acceptable to 'experiment with our childrens education' ?
I'm perfectly aware that some people start with huge disadvantages in life, but whatever your starting point, you can end up much higher. Never let anyone tell you otherwise.
Above is another line, like the one in the title. On one hand, it's obvious because if you focus your attention, for example, on building a computer, of course your energy goes in that direction. On the other hand, if you don't realize your attention (ie, thoughts) is on certain matters, you may be expending energy on that unknowingly. Of course, if you're a generalist and your attention goes everywhere, your energy is following suit.
Or rather, I think... "What we hear affects us, and we hear ourselves.".
This is an extension of the "surround yourself with positive people" thing, in that I believe it's important to be positive, kind, generous, as the language and tone that we use to express we hear constantly and those words, that tone, shapes our thoughts, mood, aspirations.
It's important to be mindful and to be the person you want to be. By doing so, we frequently are that person.
Being able to help out your neighbor isn't connected to success in our society. I think a lot of posters in this thread don't realize the destinction between potential and success.
Will this guarantee success and a happy life? Of course not. But it will greatly increase your chances.
Just imagine you are a teamlead and one guy in your team tells you "hey, I have found 2 new ways how not to impelent Feature X. May I work on feature Y and use the knowledge I gained fucking up feature X?"
Or you have a project team and the profect manager tells you "Hey, I found one new way how not to manage a project, how not to deliver on time and how not to motivate people. May I manage your next project and maybe waste an other million dollars?"
In my experience situations like these end badly...
Fortunately, yesterday night I was listening it.
Maybe my study will be of note: If you believe headlines, you should read more.
It's a good summary of an essence :)
It seems blindingly obvious to me that ability in most fields is a function of both genes and effort. Genes shape how fast you improve with effort, and where you plateau. Genes shape the curve of the achievement-to-effort graph. Effort determines where you are on that curve. Effort determines how much of your potential you actualize. This dynamic is true in basketball, math, golf, painting, speech-making, guitar playing and virtually every other complicated human endeavor.
Some people need to be told, "You have are naturally gifted in this field, stop being so hard on people who are not as good as you, they are doing the best they can."
Some people need to be told, "You are naturally gifted in this area. You have a responsibility to work extra hard in order to maximize your gifts. If you work your butt off, you have the potential to be truly special."
Some people need to be told, "This stuff might not come as naturally to you. You're going to have to work extra hard to keep up."
Some people need to be told, "Look you have been practicing harder than anyone, and honestly, I just don't think you have the raw talent to be a professional in this field. You can do it for fun, but be realistic about your career choices."
Some people need to be told, "Look you can't say you are bad at painting/writing/music/math/etc. You haven't even tried to learn it. This stuff is not natural for most people, there are books and youtube videos that can show you how to do it. You need to build step-by-step. Practice one technique until it is in mental memory and then add more complexity. Unless you're mozart, you don't just start from day one being able to produce great stuff."
It seems that as a culture, there are mistakes in messaging going both ways. For example, the premise of the "No Child Left Behind" education law was silly. There is in fact a bell curve with regards to natural academic aptitude. For instance, if you are in the bottom ~20% of that curve, it is nearly impossible to learn algebra. ( for some articles from a real teacher who is trying to teach algebra in the field, read: https://educationrealist.wordpress.com/2012/08/19/algebra-an... and https://educationrealist.wordpress.com/2013/10/31/noahpinion... ). Someone in the middle of the bell curve can learn algebra, but if they try to go into a career that involves advanced quantitative or logical skills, they will be competing against those who both have a natural aptitude and an economic incentive to try hard. The person with normal aptitude will likely lose that competition. So it might not be good advice to tell that person to double-down on math, even if they could make themselves better.
On the other hand, I hear a lot of smart friends say stuff like, "I'm just bad at math" or "I'm just bad at painting." In many cases, they never had good teaching, or they never tackled the problem aggressively. They never tried to learn incrementally, by building muscle memory on a simple technique and then adding more complications. They started with the hard stuff, and when it did not work, they just assumed they were bad at it. For people like that, a "growth mindset" can be helpful.
All of this should be pretty darn obvious. I don't really gather what new, credible information Dweck is adding to our understanding of how learning, motivation, and achievement works.
If something excites or intrigues you, then do it. But don't delude yourself that your personal growth really matters.
Most entrepreneurs solving ambitious problems look crazy to outsiders. Hence the famous Steve Jobs quote
"The people who are crazy enough to think they can change the world are the ones who do."
Look at what the Gates, Jobs and Musks of this world have achieved with their 'anything-is-possible' mindsets..
Btw, for those who are interested in this stuff I've created an app to help people develop a growth/positive mindset at http://positivethinking.net
It's tempting to throw away the old thing and write a brand new bright shiny thing with a new API and a new data models and generally NEW ALL THE THINGS!, but that is a high-risk approach that is usually without correspondingly high payoffs. The closer you can get to drop-in replacement, the happier you will be. You can then separate the risks of deployment vs. the new shiny features/bug fixes you want to deploy, and since risks tend to multiply rather than add, anything you can do to cut risks into two halves is still almost always a big win even if the "total risk" is still in some sense the same.
Took me a lot of years to learn this. (Currently paying for the fact that I just sorta failed to do a correct drop-in replacement because I was drop-in replacing a system with no test coverage, official semantics, or even necessarily agreement by all consumers what it was and how it works, let alone how it should work.)
The hardest risk to mitigate is that users just won't like your new thing. But taking bugs and performance bottlenecks out of the picture ahead of time certainly ups your chances.
On average, I get much more satisfaction from removing code than I do from adding new code. Admittedly, on occasion I'm very satisfied with new code, but on average, it's the removing that wins my heart.
It's a good thing nobody contributes to my github repos since noone had the chance to run into the issue...
I'm curious though if there are any strategies folks use for experiments that do have side effects like updating a database or modifying files on disk.
The emphasis shift on breaking vs fixing looks like a good example of how fashion trends in tech create artificial struggles that help new people understand the "boundaries" of $things.
Fashion's like a tool for teaching via discussion
Edit: I'm just commenting on what I percieve as a fashionable title not the article.
Any change Github is at anytime going to show the specific merge-conflicts for a PR that cannot be merged?
I could see this begin ok in most cases where speed is not a concern, but I wonder what we can do if we do care about speed?
Objecting to the name "technical debt" on the basis that it is not the correct financial use of the term is like objecting to the name "work day" on the basis that it isn't measured in joules. It's a category error.
You've seen those charts where people use their smart watch to record their heart rate during the game of thrones finale? (No? Here you go: http://blogs.wsj.com/digits/2015/08/13/what-game-of-thrones-... )
Sure, downloading the Netflix pause-your-stream-when-you-fall-asleep app is comfortable, but it also provides a treasure trove of audience response data. Forget focus groups, now you have the real-time emotional response of many thousands of people A/B testing your original content in real environments.
And this ain't old-media Nielson, this is biggest-user-of-AWS technology-first Netflix.
$ sleep x && pkill Chrome
Hmm. I was too hopeful for a Sock API.
But this would be hard as a DIY project.
For example, I use an Xbox One, which to my knowledge doesn't have an IR receiver.
Orwell saw this coming. Winston Smith watches his exercise program: "6079 Smith W! Bend lower! You're not trying."
I don't see any use for it, except perhaps saving bandwidth.
Surely it must takes some time for the device to find out that you're actually sleeping, then you anyway have to rewind back to the point you stopped watching, so I don't think it makes a big difference to go 10 minutes or 1 hour back.
Only to realize I was the fool. ;)
 - https://en.wikipedia.org/wiki/Actigraphy
However, there are ways to increase your socks accuracy. More on this later.
Might not work if you have cats.
...but then they wouldn't be able to sell you special socks.
If you want to watch their shows too much, download them illegally via file sharing services. They can arrest a very limited number of people, and by engaging in such activity you lower other people's chances to be persecuted.
Although Shkreli never explicitly denied it, he had implied the accusations were false. Until yesterday, where he bragged about it during an interview with DX:
Im definitely the real fucking deal. This is not a fucking act. I threatened that fucking guy and his fucking kids because he fucking took $3 million from me and he ended up paying me back. He called my bluff. He said, Youre not fucking going to go after me. [I said] Yes I motherfucking will. I had two guys parked outside of his house for six months watching his every fucking move. I can get down. I dont think RZA knows that. I think he thinks Im some powder puff white guy CEO thats got too much money. No. No, no, no.
The guy is a pure sociopath. I had long ago predicted this day would come and it's quite nice to see. Will be happier when he's convicted and sentenced.
To have the guy that abused the system to such extremes that the people and media noticed it, pressuring government to regulate, be taken into custody for something unrelated to this. As if they couldn't have found this a year ago.
It really sounds like "let's find some dirt on this guy".
But what it says is that the SEC is motivated by sometimes petty reasons to go after people that are indirectly related to actual commission of SEC violation. Which of course, every CEO makes pretty much every business day. If the SEC were neutral, why didn't they find and eliminate Shkreli before social media got all hot to trot on hating him? The SEC is basically saying, well, he's unpopular, we have the power to take him out, let's do it.
Something about that seems wrong to me.
The whole conduct of the prosecutors doesn't look impartial to me. It seems as if someone was vilified by the media and next thing you know he is arrested and charged with fraud in an unrelated case.
As if this was still a society where you had to slaughter the occasional sacrificial lamb to appease the anger of the people.
Then again, he's already screwed over a lot more people as CEO of a pharmaceutical company than he probably could as a super villain. It takes the efficiency of capitalism to achieve real evil, I guess.
Yulia Tymoshenko, former prime minister of Ukraine was convicted of "embezzlement and abuse of power". Julian Assange, editor-in-chief of Wikileaks is facing extradition. Elliot Spitzer, former attorney general, was ousted from power due to a prostitution scandal that appeared targeted.
Whatever you think about US health care and drug prices, we should not rely on a system that requires individual actors to be good people. We should strive for a system that does not require moral actors to function.
Of course I could be wrong. Shkreli arrest could be legit and be purely coincidental to the outrage that he has drawn.
Apple, Reddit, Twitter, the Business Software Alliance, the Computer and Communications Industry Association, and other tech firms have all publicly opposed the bill. And a coalition of 55 civil liberties groups and security experts all signed onto an open letter opposing the bill in April. Even the Department of Homeland Security itself has warned in a July letter that the bill could flood the agency with information of dubious value at the same time as it sweep[s] away privacy protections.
Isn't this massive news?
I mean the bill in itself is horrible policy making, but the way it's being snuck in is scandalous in its own right.
Have i misunderstood something?
If you live in the United States, this phone number connects you with your congresspeople and senators in order to make your voice heard.
Citizens stopped CISA before, we can do it again. Don't lie down.
Wouldn't a simple fix for things like this be 'only allow a new law proposal to be about a single topic and nothing else'?
TEMPORARY H-1B VISA FEE INCREASE.Not-withstanding section 281 of the Immigration and Nation-ality Act (8 U.S.C. 1351) or any other provision of law,during the period beginning on the date of the enactmentof this section and ending on September 30, 2025, thecombined filing fee and fraud prevention and detection feerequired to be submitted with an application for admissionas a nonimmigrant under section 101(a)(15)(H)(i)(b) ofthe Immigration and Nationality Act (8 U.S.C.1101(a)(15)(H)(i)(b)), including an application for an extension of such status, shall be increased by $4,000 forapplicants that employ 50 or more employees in theUnited States if more than 50 percent of the applicantsemployees are nonimmigrants described in section101(a)(15)(L) of such Act.
(Here's a summary of CISA I wrote a few months ago on HN: https://news.ycombinator.com/item?id=10454172 )
Today (and yesterday), Techdirt claims the following changes to CISA:
1. Removes the prohibition on information being shared with the NSA, allowing it to be shared directly with NSA (and DOD), rather than first having to go through DHS.
2. Directly removes the restrictions on using this information for "surveillance" activities.
3. Removes limitations that government can only use this information for cybersecurity purposes and allows it to be used to go after any other criminal activity as well.
4. Removes the requirement to "scrub" personal information unrelated to a cybersecurity threat before sharing that information.
'yuhong helpfully posted a link to the revised bill attached to the budget bill. I compared it clause for clause to the version that passed the house. That is 10 minutes of my life I will never get back. Unsurprisingly, only one of Techdirt's claims is true (but worded misleadingly). The other three are simply false.
Here's the breakdown:
<strike>1. The "CERTIFICATION OF CAPABILITY AND PROCESS" part of Section 107 now allows the President, after CISA has been started by DHS, and after publicly notifying Congress, to delegate to any federal agency, including NSA, the authority to run the process described by the rest of the bill. The previous version required DHS to run the entire process. Techdirt isn't wrong about that change. Techdirt is wrong to be confused about why NSA would be a designated coordinator for threat indicators under CISA (NSA houses virtually all of the USG's threat intelligence capability; no other department has comparable expertise coordinating vulnerability information).</strike>
I was wrong about this; the new bill specifically disallows DoD or NSA from running the CISA portal.
2. The bill doesn't change the authorized usage of cyber threat indicators at all (nor does it change any of the definitions of threat indicators, vulnerabilities, and so on). The few places I found changes at all actually improved the bill (for instance: Section 105 5(A) no longer allows threat indicators to be shared to investigate "foreign adversaries").
3. CISA has always allowed the USG to use cyber threat information in law enforcement pertaining to a specific list of crimes --- that is one of the ways CISA is significantly worse than CISPA. But Techdirt suggests that CISA can be used by the DEA to investigate drug crimes. You cannot have read the bill and believe that to be an illustrative example, because drug crimes aren't among the listed crimes: fraud/identity theft, espionage, and protection of trade secrets. It should not surprise you that the list of applicable crimes has not changed in the budget bill version.
4. The new CISA act retains all the "specific person" and "technical capability configured to remove any information" language regarding personally identifiable information in "cyber threat indicators". The "scrub", by the way, has always applied to private entities (Techdirt may have tripped over themselves to write this bullet point, because the new bill clarifies "entity", "federal entity", and "non-federal entity", and so the scrubbing language now reads "non-Federal entity" --- but the original bill defined "entity" as "private entity"!)
Taking this to extremes, why would politicians not sneak every crazy wild idea that they have onto this bill if it's a must-pass bill?
I don't like to sound defeatist, but honestly what does this change?
In addition, because it's a budget bill, regular conference committee rules don't apply. The idea was that having conference committees dicker over each line item would be a great way to prevent both houses from agreeing. So the "fix" they made for money bills can be used for cyber-surveillance bills too.
I may have missed the details. Apologies if that's the case. If this was added to the Omnibus, the reason why was obscurity. My misunderstanding of the details is a prime example of voters not being able to track who's responsible. That's the point.
Can you imagine sitting across from someone you are negotiating with and you are about to sign and they slip a sheet of paper inbetween the document, making you agree to it?
Of course not. But what you'd never do to a fellow american in person, congress is more than okay with doing to you without you being there or realizing what is going on.
Lowest of the low.
What will be interesting is if all the riders on this budget bill are so unpopular that the voting public demands a government shutdown.
Personally, I think everyone here is better off spending time writing software to make surveillance less practical. Even if the U.S. government is nominally constrained by laws (they aren't in practice), there are plenty of other actors in the world that aren't governed by any constraints and will monitor all electronic communications up to their technical capacity to do so.
If you care about privacy and information security you need to be working on tools to make it impossible for surveillance to occur, not petitioning a Congress that is dead-set on screwing you.
If another article is significantly more substantive, let us know and we can change the URL.
Had he test his point on a dummy account : delete account = problem solved
Also, during the early days of inline password generators, there were cases where the suggested password was incompatible with the associated system.
There's also the issue that often you are not sure what keyboard layout is current enabled and even such unsuspicious characters like ! or # are on completely different locations on different keyboard layouts (then there's the z-y swap on German derived keyboards and have you ever had a look at a French keyboard layout?).
You can never be sure if a system locks you out after failed attempts, so I want to be sure that there are as few error sources as possible.
The solution for me was to stick on LTS distros.
On the other hand, I'm sad that I didn't try to do that myself.
When I tried to log in to the timeclock application again using the password, it threw Null Pointer Exceptions (it was a Java app, incidentally). In order to get back on the clock and get paid again, I had to reset my password -- but entering my current password into the "old password" field caused the system to throw more Null Pointer Exceptions.
I called Apple IT to do a manual reset of my password, and after explaining my situation, the response a very cold, concise and condescending "why would you do this..."
Ok and hear me out on this: a startup idea based on emoji passwords that encodes/decodes emojis into their hex/binary equivalent. takers?
1) The user tried to see if emoji can be used for the password.
2) Without checking on the web/forums/etc first.
3) On their main user account (not a disposable one).
4) With FileVault turned on.
I can't even...
I think there would have been much less of a problem if encode and decode were far more obvious, unambiguous and intuitive to use. Probably without there being two functions.
Still a problem of course today.
What I don't get is: why has Python 3 adoption been so slow? Is it just backward compatibility, or are there deeper problems with it that I'm not aware of?
I am not competent to say whether this is spot on or rubbish or somewhere in between , but it seemed interesting at least.
 Almost all of my Python 2 experience is in homework assignments in MOOCs for problems where there was no need to care about whether strings were ASCII, UTF-8, binary, or something else. My Python 3 experience is a handful of small scripts in environments where everything was ASCII.
I'm guessing it's not a coincidence that string encoding was also behind the Great Sadness of Moving From Ruby 1.8 to 1.9. How have other mainstream languages made this jump, if it was needed, and were they able to do it in a non-breaking way?
By Python 2.7, there were types "unicode", "str", and "bytes". That made sense. "str" and "bytes" were still the same thing, for backwards compatibility, but it was clear where things were going. The next step seemed to be a hard break between "str" and "bytes", where "str" would be limited to 0..127 ASCII values. Binary I/O would then return "bytes", which could be decoded into "unicode" or "str" when required. So there was a clear migration path forward.
Python 3 dumped in a whole bunch of incompatible changes that had nothing to do with Unicode, which is why there's still more Python 2 running than Python 3. It was Python's Perl 6 moment.
From the article: "Obviously it will take decades to see if Python 3 code in the world outstrips Python 2 code in terms of lines of code." Right. Seven years in, Python 2.x still has far more use than Python 3. About a year ago, I converted a moderately large system from Python 2 to Python 3, and it took about a month of pain. Not because of the language changes, but because the third-party packages for Python 3 were so buggy. I should not have been the one to discover that the Python connector for MySQL/MariaDB could not do a "LOAD DATA LOCAL" of a large data set. Clearly, no one had ever used that code in production.
One of the big problems with Python and its developers is that the core developers take the position that the quality of third party packages is someone else's problem. Python doesn't even have a third party package repository - PyPI is a link farm of links to packages elsewhere. You can't file a bug report or submit a patch through it. Perl's CPAN is a repository with quality control, bug reporting, and Q/A. Go has good libraries for most server-side tasks, mostly written at Google or used at Google, so you know they've been exercised on lots of data.
That "build it and they will convert" attitude and the growth of alternatives to Python is what killed Python 3.
Fixing the unicode mess is nice too of course, but you can get most of the benefits in Python2 as well, by simply putting this at the top of all of your source files:
from __future__ import unicode_literals
Also make sure to decode all data from the outside as early as possible and only encode it again when it goes back to disk or the network etc.
1) It was easier than porting to CP3.
2) It gave me a tangible benefit by removing all CPU performance worries once and for all. Added "performance" as a feature for Python. Worth the testing involved.
3) It removed the GIL. If you use PyPy4 STM, which is currently a separate JIT. Which will be at some point merged back into PyPy4.
So for me, Python3 can't possibly compete, and likely never will with PyPy4 once you consider the performance and existing code that runs with it. PyPy3 is old, beta, not production-ready, based on 3.2 and Py3 is moving so fast I don't think PyPy3 would be able to keep up if they tried.
Python3 is dead to me. There's not enough value for a new language. I'm not worried about library support because Py2 is still bigger than 3 and 2.7 will be supported by 3rd party libraries for a very long time else choose irrelevance (Python3 was released in 2008, and still struggling to justify its existence...). My views on the language changes themselves are stated much better by Mark Lutz. I'm more likely to leave Python entirely for a new platform than I am to migrate to Python3.
PyPy is the future of Python. If the PyPy team announces within the next 5 years they're taking the mantle of Python2, that would be the nail in the coffin. All they have to do is sit back and backport whatever features the Python2/PyPy4 community wants into PyPy4 from CPython3 as those guys run off with their experiments bloating their language. I believe it's all desperation, throwing any feature against the wall. Yet doing irreparable harm bloating the language, making the famous "beginner friendly" language the exact opposite.
I already consider myself a PyPy4 programmer, so I hope they make it an official language to match the implementation. There's also Pyston to keep an eye on which is also effectively 2.x only at this time.
To use anything newer, I'd have to ask users to install a different interpreter, or bundle a particular version that adds bloat. There's no point. The most I've done is to import a few things from __future__; otherwise, my interest in Python 3 begins when Apple installs it.
This should be under penalty ;)
Anyone to divide it into few simpler sentences?
UPDATE:And another one from our connected sentences loving author:"We assumed that more code would be written in Python 3 than in Python 2 over a long-enough time frame assuming we didn't botch Python 3 as it would last longer than Python 2 and be used more once Python 2.7 was only used for legacy projects and not new ones."
There are a lot of other subtle changes that makes the transition harder: comparison changes and keys() being an iterator for example. These are good long term changes, but I wish they weren't bundled in with the bytes/unicode changes.
(and yes, Unicode in Py2 is a mess ...)
They just broke to many things (unnecessarily!) internally. Particularly they changed many C APIs for enhancement modules, so that all of them had to be ported, before they could be used with Python 3. They did not even consider a portability layer ... why not??
Some (not all) of the bad decisions (like the u"..." strings) they did change afterwards, but than it was a little late.
So many modules are still not ported to Python 3 -- so the hurdle is a little to high -- for small to nil benefits!
So, the problem (from my side) is not Unicode at all ... just the lack of reasonable support from the deciders side.
Maybe, some time later, when I have to much spare time.
The 'there should be one and preferably only one obvious way to do it' rule sounds like another reason. It's like being asked to choose between a perfect general use knife or a Swiss army knife.
But I always think Flint is prime for opportunity. The people need basic essentials, water, food, shelter. But the infrastructure to build factories is there. Power, train lines, the whole deal. It's really a shame. The sad part is, the people are still hell bent on supporting the companies that destroyed the town. Michigan in general is like this, its why they don't allow Tesla vehicle sales.
Growing up my family owned a junkyard and the Flint river ran behind it. It was disgusting. Some of the guys would wade through it on their way two and from work. It was a shortcut, but you had to be a true animal to go that route.
It is true that different water supplies will have different levels of contaminants (lead, arsenic, etc) but can all be within EPA limits. Switching to a water supply with a higher level of contamination will increase exposure. The medical study seems to look at the percentage of children below 5g/dL before and after the switch. It goes from 2% to 4%. So with the old water supply, a certain percentage of children were already being exposed to elevated levels of lead. Switching to a water source with higher lead levels will push more children who are being exposed to lead through other sources to above the 5g/dL mark. However, this would seem to indicate that the primary source of lead for these children above 5g/dL is something other than the water.
At some point it should become necessary to recognize and acknowledge that self-government has failed and must end. I'd suggest some form of a city death penalty - declare the city dead and give the locals a one-time offer of relocation assistance to an approved list of better places. The city government, and anyone who remains, are officially on their own.
We've known Flint (and many similar cities) are doomed for decades. Why do we keep them alive as zombies rather than just help the humans and let the municipalities die?
Can you boil lead out of water, or does it just become more concentrated?
And yet they never took care of their water supply? The one state with so much fresh water has little regulation on keeping water protected.
I keep wondering why its been prophecied that the world in the end will wage war over water, not oil. And now I am beginning to understand.
Americans that cry about how the system "doesn't work" really don't have a clue about how this would turn out in other countries.
Full disclosure: my wife works as a reporter Michigan Radio, but generally doesn't cover Flint.
It all looks like a game between Emergency Managers appointed by the governor to see who can save the most money fastest.
The Snyder administration will certainly pay a heavy price for "giving free handouts" to the Democrats in Flint, all to remedy a problem that many Republicans don't believe exists.
Unlike React, Google does not really treat Angular as a first-class citizen because they have such split focus and conflicting React like library for web components called Polymer. They provide some resources, but nowhere near the amount of resources that Facebook throws behind React and React Native.
Now lets talk about the fact that the Angular 2 project got off to a shaky start and I know they actually rewrote various parts from scratch more than once (hence why it took so long to reach beta, approximately 2 years). That horrible templating syntax needs to be mentioned, the decision to use square and rounded brackets for binding events/data and using things like asterisks in my opinion makes Angular 2 fall into the same trap that Angular 1 did in regards to developer accessibility.
I am really loving TypeScript these days and I think the decision to support it as a first-class citizen out-of-the-box was a good one (the partnership with Microsoft definitely paid off). But with that said, I think Rob Eisenberg (of Durandal fame) beat the Angular 2 team to the punch in the small space of a year in releasing his framework Aurelia (http://aurelia.io). It is what Angular 2 should have been in my opinion. Nice syntax, convention over configuration and a breeze to use.
Though initially skeptical of Typescript, I've found that Angular 2 really benefits from the advantages of having a coherent object model and optional type safety. Typescript never gets in the way, you can selectively use type declarations only where you want to use them. It's often helpful to leave them out while prototyping and then add them later when you want more robustness and easier debugging while you are working on writing the glue code and application logic that connects your various components.
As other posters have noted, you're still saddled with a lot of the artificial complexity and odd terminology that is pervasive in Angular 1.x. There are also bits and pieces of the library ecosystem, particularly the routing engine, that are over-engineered and painful to work with in practice. But, in general, I find version 2 much more intuitive and easier to reason about than version 1.x. Key features like data binding are much saner and behave more predictably.
I've never particularly liked Angular or React (my personal preference right now is for Vue or Polymer), but I think Angular 2 is a solid improvement over its predecessor. More significantly, I think the improvement is substantial enough to justify the team's decision to do a clean break.
1. TypeScript - It's really nice to be able to use a typed version of JS, although it does feel like I'm writing C# sometimes! It supports lambda syntax / ES6 which is great.
2. Annotations seem a bit clunky, not really sure what the point of them is.
3. Absolutely love the functional reactive / RxJS stuff they've incorporated - it's going to make it VERY easy to write really powerful apps.
4. It's a million times easier to develop with than angular 1. $scope.apply anyone?
No simple way around this, and no link I can see to go to .com instead. That's quite frustrating.
It's a shame, because it does seem like both a very powerful and nice approach to building SPAs that I would love to contribute to.
Step 1: Include the Angular 2 and ng-upgrade libraries with your existing application
Is anyone with a serious application actually considering this? It would have been nice to include only the pieces of Angular 2 that you actually use. Instead, we have to ship both libraries, our application code and an additional plugin down the wire? I don't see this upgrade path as a legitimate option for anyone who cares about page load times.
* Templating syntax is intuitive after an hour or two
* Decorators are great! (sidenote: Warning Babel6 decided to remove them until the spec settles down)
* Typescript I'm undecided about. Its a bit of a pain to work with and tooling is still early days e.g. if you want to import a single js file/lib, you create a Type definition file (.tds) just for that. And if you don't want to document every interface in that .tds, then you can give it an "Ambient" aka "whatevs" definition. But in that case it will not be retain its semantics.
* The new component router wasn't ready for prime time 2 weeks ago. I doubt that has changed. And frankly, I feel a bit uncomfortable with how magical it is. That could change though, I know allot of effort is going into it.
* One of the best things is losing many of the hacky artifacts of Angular1 (pseudo-modules system, 9 types of component, config phases etc etc)
* IMHO the lack of opinion built into the framework will still cause allot of foot-shooting around the globe, especially compared to Ember or Aurelia.
That said, if I was going to start a large enterprise project right now, I'd SERIOUSLY consider the core being written in Angular 2 + Redux. I'd have to revisit Ember before I had that decision though, its been over two years ...
It is based on ember CLI and helps a lot scaffolding new projects.
I'm looking for tools that will help me create web apps with rich client experiences. I've read the critiques of AngularJS here and it sounds like it does have some limitations, but still a very good framework for corporate web apps with moderate user base and small # of browsers.
I work on a rather large Angular 1.4 codebase daily and while this is good news, I'm not sure how we'd ever upgrade to be honest.
angular2.min.js - 568K
angular.min.js - 148K
File size really increased (Angular1 * 4 == Angular2), if compared with first version. Something went wrong.
I've previously written & been part of teams for a few non-trivial 'full stack' js apps that run both on the client and server, and react's abstraction from the DOM is perfect for such things. Wondering what the 2.x approach is here.
As an aside, seems to me that the days of running JS purely in the client are coming to an end, for projects when developers can have a free hand on the tech stack.
Here is a blog from mr. Ruby-on-Rails explaining why DI is a stranger in the Ruby world:
With some parallels I think.
That being said, I use both react and angular. Angular is a full library that solves all of my problems, even if the solution isn't what I would consider ideal. React forces me to do a lot more work to get something running as it is not a framework. It is a tradeoff of time versus flexibility.
I wish the success of a web framework was a bit more about the technology nature of it rather than the market adoption and hype.
We've started experimenting with systemjs and really like it (though support is a bit limited right now, plus it not really liking PhantomJS/karma), and we want to modernize our Angular 1.x app packaging/loading/bundling, but don't really want to do needless work if we have to move to another solution for Angular 2.x.
That is some very unsound advice. I find it worthy of ridicule that it's being suggested as a possibility.
The upgrade path was very necessary to address the huge amount of breaking changes.
Right now, there is a massive cookie consent form blocking my view of the actual article.
Or rather, another incarnation of IRC chat bots, email listservs, and stuff that's been around forever as commodity autoresponders, only now it's worth millions in investments to write the equivalent of a weekend hack IRC bot because of artificial scarcity imposed by a non-open platform.
By having six investors in the fund, each fund can mitigate risk of Slack's platform not getting traction while lowering the barrier for developers to enter. This slideshow by A16Z outlines why the venture capitalists (including some on the list of Slack fund contributors) are tightening their belts around investing and telling companies like Slack to generate reliable business models rather than IPO prematurely.
This premature IPO behavior was the reason for the last bubble, and I think this investment fund is proof that we are NOT in a bubble. The new strategy for these investment funds is to allow their startups to generate revenue on a much more stable basis without the need to go public (and get cash for equity) for this to happen. Most B2B companies would eventually benefit from a recurring-fees model built around the Slack platform, and this enables smaller, fledging companies to scale much more quickly towards long-term cashflow positivity.
In all, the kings of tech companies are those that find some sort of platform or natural monopoly. Slack may be next in line to follow Airbnb, Uber, Twitter, Facebook, and Google respectively. Overall, by allowing a method to build these platforms while not going public, investors increase returns for their companies in the short AND LONG term while maintaining a course of innovation!
Slack is still very much at the bottom of the growth curve. I have seen electrical contractors who need a way to chat with onsite workers at various projects switch from using WhatsApp/SMS to Slack. If one click job scheduling apps start appearing in the Slack App Store they will be quickly adopted by these businesses. I would be surprised if Slack or something like it has not completely wiped out internal email in 5 years.
Not much I guess. Twitpic anyone? .
I'd love to create a Browserling integration. Browserling (www.browserling.com) is a live interactive cross-browser testing service and this integration would let you embed a live browser directly in Slack.
Use case: Let's say a user reports a bug in IE10 on Windows 7 in your webapp. You just use `/browserling windows7 ie10 URL` command in Slack and that will embed a real interactive IE 10 on Win7 that runs your webapp at `URL` directly in Slack.
1. Remember when Dropbox was dumb, because rsync? (Bunch of naysayers here citing fee alternatives).
From what I'm seeing, bots and integrations are great and here to stay.
Businesses will gladly pay money in exchange for time and complexity not spent rolling your own.
2. This seems like a boon for us happy slack users!
I can't help but post this based on my experience pitching to vendorsto join an app store.
Slack CEO: Yammer made $1.2B. We need to make $12B. For that I need to makea hit song with 10,000 background dancers with me on the stage.
Board: How much can you pay each dancer?.
Board: Ok. Announce an App Store.
You are already a hero and there are hundreds of them to jump on stageto dance with you in that 5 minute song.
CEO: Now you are talking!
- If you've never used Hipchat, Slack is completely revolutionary.- If you've used Hipchat, Slack is still cool...and then you see the price comparison and ponder...WHY?
I think the slack platform could eventually branch out into more traditional ERP areas (accounting, production etc.) and it could be an interesting potential shift from "everything from one hand" to "let's configure our ERP from different services"
Building a platform like this is nontrivial and there's tons of problems ahead but I like the general idea.
It seems like text chat is hard to get wrong, and with so many options, I wonder why (real) people choose slack specifically.
Slack has a great core experience and I understand why it's doing so well. But it's weird to see an $80m fund to invest particularly in Slack addons when a lot of existing features don't yet have API support.
Here's a fresh integration with Slack Button in Ruby, https://github.com/dblock/slack-bot-server serving a "Hello World" bot. Hope it helps someone.
Past tense! Much better/realistic parallel, than Facebook F8.
It's kind of weird actually. There's two sorts of people that defend these announcements, I've found:
The first thinks that they are going to build an "amazing" platform some day and that they'll follow this model for "growing revenue". So of course they defend it.
And then there's the second group that has some "great idea" who plans to build on Slack's platform. Personally, I look forward to 2 years of stories about how Slack was unfair to them, or changed the rules on them, or broke an API. Or didn't review fast enough, or any of the other complaints that pop up monthly about other closed platforms.
Mark's talk about privacy is, in my opinion, totally misplaced. No right is absolute, and that includes the right to privacy. Criminals, for example, simply don't have it. This is not me saying; this is our Constitution saying it (and the Constitution of every Western country that I know).
We are biased to see all measures against privacy with bad eyes, specially after Snowden. But that's because you are good people and see the matter with those eyes, not with the eyes of a criminal. Do you guys think that pedophiles, terrorists and drug dealers have the right to privacy ? I don't.
Also, what the NSA was (is?) doing is a complete absurd, with no judicial oversight, mass collecting everything they can get in secrecy. This has nothing to do with what we have here. In Brazil, only a judge can authorize someone to be wiretapped, it can only be done in criminal cases with jail time (no civil cases). Also, the judge must specify a single phone number or single e-mail account and the decision must be reviewed every 15 days, otherwise it expires. Also, there's a national database of wiretaps that every judge must feed by the end of the month, specifying how many wiretaps there are currently running.
WhatsApp and Facebook are not, by any means, above the law. If they want to provide a communication service here, the law is clear that they must abide by judicial orders that allow wiretapping in very specific cases.
To be fair, some Brazilian judges are pretty stupid and have no idea how the internet works so it's quite possible the original users data request was super broad and that's why Facebook and WhatsApp just ignored it. On the other hand, it's only through very effective wires and digital data examination in recent years that the Brazilian justice is finally putting some big sharks into jail. That's why I have mixed feelings about all this (and I'm a Telegram user myself).
Source, in Portuguese: http://gizmodo.com.br/investigacao-trafico-droga-bloqueio-wh...
"In face of the constitutional principles, it does not seem reasonable that millions of users are affected in result of the company (whatsapp) inertia"
"""em face dos princpios constitucionais, no se mostra razovel que milhes de usurios sejam afetados em decorrncia da inrcia da empresa"
The judge also said that a fine would be more appropriate.
source (in portuguese): http://g1.globo.com/tecnologia/noticia/2015/12/whatsapp-just...
It seems like we've taken a step back in technology.
And this is quite interesting because Argentina is becoming the new Venezuela (at least they were, but few weeks ago they had elections and the left wing lost). And Venezuela clearly is becoming the new Cuba.
Three of the major phone operators (Vivo, Claro, TIM) implemented the ban, while the fourth (Oi), did not. The CEO of Vivo, one of the major phone operators, came out a couple of months ago saying that WhatsApp is "piracy", since they are not affected by the same regulations as the normal phone operator.
: http://www1.folha.uol.com.br/mercado/2015/08/1666187-whatsap... portuguese)
This boils down to the fact (for me, and by proxy, my community) that I (and by proxy, my community) will not use insecure communication because someone or someones wants me to do so.
Shake your fist, rattle your sabres, put me in your sights, it will not change my (and by proxy, my community's) resolve.
And if I (and by proxy, my community) is to be prosecuted for using secure channels, then I (and by proxy, my community) will resort to steganography. Exact circumstances aside, there's no getting around the effects of a dedicated mind and an overwhelming power (of math) on my communications' transit.
The only means by which a paternal element can mediate the policies of my interactions would be to mediate the interface by which I (and by proxy, my community) communicate (in this case -- electronic/digital computer<->human), and enforce this with vigilant, and economically costly violence.
This matter-of-factness is similar to that in traffic stop interactions. I'm not happy that men with guns can systematically stop my transit, search my belongings, and steal my assets (at least in Texas), with ex post facto logic applied to the inherent justice, and I have no way of stopping this. The exact circumstances aside, there's no getting around the effects of a dedicated mind and an overwhelming power on my transit.
So I work around it, I try not to get stopped, and I deal with it when I do get stopped. I don't shake my fist or pout, beyond for the benefit of opening doubt in the minds of those ignorant of the underlying physical process.
Also, if you've designed a system like this, could you also design one where you'd be unable to comply with the shutdown order? I suppose one of the Bitcoin related message services would be like that.
Your comment history says otherwise: https://news.ycombinator.com/item?id=4167143
Seem to be a run of the mill dev to me. I'm surprised you got as many credulous responses as you did.
Anti-technology culture tells a lot about an economy, group or nation.
Edit: to everyone saying they also can't watch YouTube 1080p without lag/buffering/whatever: perhaps it's not perfect anywhere outside the third world, but I could imagine that there it would suck even more. It's just a comparison, not a research paper.
My company (the one I started, hi) uses Office 365, and all three of us use Office 365's full office suite, the actual real desktop app one.
What we use Office 365's cloud stuff for is their Exchange cluster (oh God, so delicious), and for OneDrive for Business (ie, what used to be Sharepoint).
Browsers just aren't fast enough to handle web apps that large (not picking on Office 365's web apps, anything that big just sorta murders browsers), and I don't think they ever will be. This isn't something you can solve when your only tools are HTML, CSS, and JS.
In India, almost all laptop manufacturers give the option of preloaded Ubuntu. Yet people choose to pay for Windows - for either Excel or Photoshop.
I would pay a large sum of money for a compatible spreadsheet. It is well worth doing a startup around.
Everything else - Word or PowerPoint already has reasonable substitutes. Even if it is as simple as a PDF doc.
But there is no substitute for Excel.
As an aside I use LO as sort of a middleware for document conversion via PyOO (start headless LO, convert/load/creat documents etc. via Python script). I think UNO is rather complicated to use at least I struggle everytime I try to read the documentation (possible that I'm too dumb). I hope LO as a service helps make this use case more interesting and thus leads to more documentation and PyOO like libraries.I feel like there's some potential to get LO into more widespread use by improving/advertising the "headless LO" more.
Oh I'm building this webservice...yeah sure upload your files as Excel or Calcs...we can use that and create nice Calc documents from either one.Powered by LO.
I gave Google Docs another go and I must say I was surprised at how much better it was from 3 or 4 years ago. It was good enough for me to consider using Google Drive; me and my team are now using it for everything and couldn't be happier. We actually ditched Dropbox in the process.
Box, Dropbox, Microsoft and other players in this segment of enterprise productivity software should be worried. I'm happy to pay for it and wouldn't run a company without it.
I think a LibreOffice SaaS would have a hard time competing on features with Google Docs, let alone price.
It reminds me of all those hundreds of early 20th century battleships that suddenly became completely irrelevant when the Dreadnought came by.
[Edit: replaced nearly nonexistent with irrelevant to make my point clearer]
So I don't have high hopes for this thing.
I also find Google docs handy to use, even though I use markdown stored in the cloud for writing my own content, managing research notes, etc.
I like the idea of being able to self host cloud services but ownCloud and LibreOffice face stiff functionality competition.
From my perspective, Windows is an inferior system to any UNIX-based system on almost every front. It has a very strong application ecosystem, but technically it's unpleasant to work on (for me). So, given that, if there's something I want an OS to do that Linux can't do, I would be motivated to work on making Linux able to do that thing so I could do that thing on an Open Source OS I enjoy using, rather than work on replicating Windows so I could do that thing on an open source OS I don't enjoy using.
But, it seems there are people who genuinely enjoy Windows more than Linux (or BSD), and are willing to work for 17 years in pursuit of being able to run an Open Source Windows version. I admire them for it, but still can't understand it.
My experience so far from today's experiment run, .. it still is quite unstable, saw several BSODs (about 7 of them varying from processor locked to the real blue screen) Most of the times I lost data during the crash. Files disappearing etc.. Good part is that it reboots really fast.
VMware Tools installed -albeit complaining- and I could use VMware shared folders which was convenient.
Of course this is a release candidate and we are not at 1.0 so stability really isn't a promise.If they manage to get it more stable then it is starting to become usable.
That's also why I've stopped updating my Crossover for $40 every year or two. Basic laptops and desktop boxes are so cheap these days that it becomes a question of whether your time is worth fussing around with compatibility software.
I always feel like the most obvious use for it is to start writing truly hateful and abusive code.
I'm sure this is because I'm getting old.
Since Swift is built on LLVM and there's direct LLVM support for WebAssembly, I wonder if Apple will get behind WebAssembly so they can get Swift in the browser.
The reason I ask is that asm.js is really painful and cumbersome to write by hand and wasm seems substantially nicer, but I only have small bits of numerical hot loops which I want to use wasm/asm.js for, and I have no desire to bring a bunch of code written in C into my little project.
I'm more worried about more specific things like hardware access (GPU, mouse inputs, networking, windowing)
It seems wasm runs at native speeds and take full advantage of optimization, but can it really be a solution fits all? There must be some things wasm can't do. And so far, since JS did almost everything, I don't see the point of wasm if it can't do what other language can.
Are there plans for a properly WebAssembly LLVM backend that does not depend on forking LLVM (like emscripten)?
If one were to build a Go -> WebAssembly compiler, what are good routes to take? I can see there's going to be multiple possibilities.
thank you for sharing. I am a Computer Science Master student and i would like to contribute to the development. The git looks really full and i don`t know where to start.
And call them "applets". Nobody's ever done that before, right? :trollface:
Does WebAssembly address either of those points?
A judge ruled for a 48 hour ban of WhatsApp from telcos to try to coerce WhatsApp into releasing private chat information for an ongoing criminal investigation (wild guess: they want information from politically exposed actors due to the recent corruption investigations). There are precedents, and that's a tactic local judges are using to try to get cooperation from international private companies.
This is the actual fact, but the article is conflating that with Marco Civil and other regulatory attempts that have nothing to do with this particular court ruling.
TL;DR TechCrunch publishes unchecked, alarmist news.
In my company, our deployment engineers, who usually are on very remote places with bad and unreliable internet, rely on WhatsApp. I'm not saying this is the best practice, but this is simply the way Brazil works right now. Even the mobile phone companies offer plans with free WhatsApp connection, because that is what most people here care about. Another example: In Brazil, 9 in 10 doctors use WhatsApp to talk to patients (http://www.cityam.com/230372/digital-health-wearables-and-ap...).
To disregard all the people and businesses that rely on WhatsApp for whatever reason is unbelievable. But this is not without precedent, once another Brazilian judge blocked YouTube for a whole day because it refused to take down a celebrity video.
This says a lot about the over-sized, inefficient, and stupid state we have, always meddling and intervening.
However, the real reason is not for what Techcrunch is saying.
The issue is that WhatsApp didn't want to cooperate with the federal police and release chat information from some criminals. According to some sources there, they followed all due process and WhatsApp ignored.
As a retaliation, to show that WhatsApp has to comply with Brazilian local laws when storing data from Brazilians using the service in Brazil, they banned WhatsApp for 48 hrs.
A lot less alarmist.
If provisions like those in the article persist, predictably the predominantly young users of social media will protest loudly, I would think the resulting unrest would be too big a liability for the judges and politicians.
A while back I knew a guy who worked for a US company involved with setting up inventory and telecommunications software for businesses. Having traveled to Brazil to assist with installing the systems, he described the extremely convoluted regulatory environment down there, and how difficult that made it to get anything done.
While the whole affair is hard to understand, the basis for picking on particular targets (e.g., WhatsApp) doesn't make sense. Unless all such services are banned it only punishes the particular providers for no good cause. Speculating out loud about their target selection is unproductive, but possibly someone has more actual info about it.
So I guess like politics anywhere, what they do know well is how to shoot themselves in the foot. Until it's realized what they've done it will cause a lot of trouble for legitimate enterprises, let alone the massive population so negatively affected.
Edit: In the time it took me to write this comment, a bunch of people have add comments about the situation. Wow, that was fast...
This is also what WhatsApp states in its legal documentation: https://www.whatsapp.com/legal/ : "The contents of messages that have been delivered by the WhatsApp Service are not copied, kept or archived by WhatsApp in the normal course of business."
Furthermore, messages are end-to-end encrypted. So how could WhatsApp comply to the judge's demand?
It is a single judge that gave an order to block the service for 48 hours.
It can be reversed if another judge decides the "liminar" (I don't know how to say this in English, it's a temporary decision) shouldn't been given.
SMS wasn't even on the radar.
Then I receive a message from my brother saying he was going to the hospital (on WhatsApp, just before they cutted it off). Fortunately he had time to tell me he is fine.
My other brother is in a ship, almost same connectivity problems.
I know that there are workarounds, other applications, vpns, IP masking etc. But WhatsApp is something that my parents and brothers can use.
PCC is the largest criminal organization in Brazil. It's involved in several criminal activities like drug dealing and gun trafficking. It was also responsible for "closing" Sao Paulo city some years ago forcing people to stay at their homes as well as killing hundreds of cops ( https://en.wikipedia.org/wiki/Primeiro_Comando_da_Capital ).
The judge tried to obtain the information from WhatsApp for several months but it was simply ignored. Blocking WhatsApp was one of the last options that she had to try to obtain the information.
Here is more information from a reliable source ( it's in portuguese ): http://www.conjur.com.br/2015-dez-16/bloqueio-whatsapp-pivo-...
First off, we are nowhere near "shutting down social web". WhatsApp was shutdown by a court order because they did not comply with a subpoena to hand over information from a user in July and August. I recently submitted a link with a local (Brazilian) newspaper explaining the issue.
>If Brazils conservative Congress gets its way, theyre going to take down the entire social web as we know it, with bills circulating through the legislature to criminalize posting social media content and to allow the government to spy on its citizens.
Conservatives are not the only ones trying to censor the internet in here, absolutely every politician wants it.
>Its an about-face from last year, when President Dilma Rousseff approved Marco Civil, a groundbreaking Internet Bill of Rights, as a response to the Snowden revelations that the NSA was spying on Brazil. The landmark bill, Brazils first internet legislation, protects net neutrality, user privacy and freedom of speech.
On the contrary! Marco Civil threatens user privacy (more below), and the "net neutrality" part has lead to just the same that happened today: Mobile companies were forced to shutdown their "free WhatsApp and Facebook" plans, making millions get blocked from WhatsApp. Anyway, back to the privacy issues, article 11 of the text is the more worrying one. Some highlights:
2 A autoridade policial ou administrativa poder requerer cautelarmente que os registros de conexo sejam guardados por prazo superior ao previsto no caput. 4 O provedor responsvel pela guarda dos registros dever manter sigilo em relao ao requerimento previsto no 2
It says basically that police can require records of visited CONTENT without a court order and the ISP is required to supply that without informing the user. Somewhere else in the text it forces ISPs to store user history for a year. If the text really wanted to protect user privacy it would say something about cryptography, which isn't mentioned anywhere in the text.
Article 2 says there must be a "social purpose" for websites and that gov. may take websites down if it feels it doesn't serve the public interest. Brazilian govt. already has a history of censoring YouTube and Facebook videos involving politicians, judges or celebrities.
Because, you see, SMS is too expensive in Brazil. So people resort to WhatsApp instead.
() It doesn't matter if SMS is not controlled by a single company, the block has to be enforced by all internet and cellphone operators in the entire country.
It's simple really.
As for the article it is one of the most bizarrely biased articles I ever read, spouting some information that are outright lies.
Example: it says that Marco Civil law was an example of the congress favouring internet openness, that is an outright lie, the judge that banned WhatsApp for 48 hours, used Marco Civil to do it, if Marco Civil had never passed, WhatsApp would not be banned today.
Another innacuracy is saying that it is a "conservative" congress dominated by "evangelical extremists" and "military apologists"
The biggest bloc in the congress was allied with the leftist president in the elections, and still is mostly allied with said president. (the exception is "PSC", that is a socialist christian party, they tend to ignore the president wishes a lot, still it is 13 deputies out of 79 in that bloc)
Second biggest, is indeed right-leaning, but their policies resemble US democratic party of the 90s, instead of true conservatism.
Third bloc is dominated by a party with no political leanings to left, or right (they only do whatever it takes to stay in power, and have left and right politicians in their ranks). The vice-president is of that party, and they are in "opposition" only because they want the vice-president to take over.
Fourth is PT, with 59 seats, it is the president party, and is named "workers party" and has many outright communist people in it.
Next 3 groups are socialist, then there is the democrats party, that has policies like US democrats, then the rest of the parties are mostly socialist too.
In total there are from 512 lawmakers, 108 are "conservative".
Also, I've been following the votes on the Uber ban on Brazil, almost in all cases left wing parties that voted to ban Uber (and some even proposed to not only ban Uber, but make a law that make apps that call regular taxis to send lots of personal information to the governmens, including full GPS-tracked route of the person while inside the cab).
Meanwhile the big bloc that is "conservative" (the one that on my list is on the second biggest bloc in the congress) is the one that regularly vote against laws that restrict freedoms.
Still, our congress is awful, and is indeed proposing (and sometimes passing) lots and lots of bullshit laws.
I'm the CTO of Fieldbook, we're really proud of what we've built here. In particular, I really like our API explorer that allows you to run real node code right in the browser to explore our API. (And see our realtime updates in action on the same page). That feature is powered by Tonic (https://tonicdev.com)
Its mad fast to setup a database with a REST api with Fieldbook, and we'd love to hear what you think / what could be better / etc.
It's a great product I'm going to use more. Big fan - there have been several side projects where I've wanted to use Google Sheets as a prototype DB - with the simpler API and better relationship model, I'm going to use Fieldbook from now on.
How does it handle data types? Can you put any type of data into any cell? If I want a column that is numbers is there anything that stops a user adding a string to one of the cells by mistake?
I had high hopes for DabbleDB before Twitter bought them and shut it all down.
Can you share which frameworks you used ?Did you use a template for the front page ?
What are some real world use case for using fieldbook?
(Sadly went nowhere and subsumed by Twitter.)
Doesn't sound too far off from Kinvey and Parse except for the fact that MBaaS services have been around a lot longer and have much more robust mobile and web SDKs.
Way back(~2004) I was working for UPS. One of our package loaders had a BlackBerry, back when only suits had them. He was mute and since he couldn't speak he used the BB for all of his communication. Here I was just geeking out over smartphone tech(Kyocera 7135, woo!) and he was able to have his whole life changed in a fundamental way with tech that was conceived for business productivity.
One thing that IMO should be modified is the dependency on Twilio. I don't know how it is in the US, but Android users in Europe should not need an Internet connection for sending text messages - the phone is capable of doing it by itself. I think it's more common to be without Internet access but with mobile service than the other way around.
EDIT: submitted the suggestion as a GitHub issue.
For those of us who have to live with a loved one who suffers seizures, thank you to the author for making this and thank you ingve for sharing it. Hopefully it can avert a tragedy like mine for someone else in the future.
For many patients, it's important to record how long their seizures last - to escalate/911 if needed, and also after the fact to aid diagnosis and treatment. I could see this app playing a role there too. After the event, the Pebble might prompt the wearer/responder whether to log it as a seizure, which would (mostly) automate the seizure log recommended by Epilepsy Society.
 now on iPhone too http://neutun.com/ https://cloudpebble.net/
// A sqrt function I got from the web that uses integers only (since Pebble emulates floating point math)" 
If you are interested in wearable tech and epilepsy you should also check out the "Embrace Watch"  - It measures electrical conductivity across the skin of a person wearing the watch and is able to use that as a proxy for heightened electrical activity within the brain (which can be indicative of a tonic-clonic seizure). It pairs with phones to send SMS messages to nominated contacts as alerts.
It was developed out of MIT and is now being commercialized. I'm currently waiting to take delivery of this watch (from an IndieGoGo campaign last year), so can't speak to its effectiveness but I have high hopes, particularly since it doesn't just rely on motion. Motion detection is helpful, but by then it is too late for the person having a seizure as they have no warning to make themselves safe.
There are commercial devices that work along similar lines, such as http://smart-monitor.com which is bought as a $20 per month subscription. But something open running on a platform like pebble is much more interesting.
My wife died of a tonic-colonic seizure 11 years ago. Something like this might have saved her.
Kudos. This is awesome.
* More specifically, Myoclonic Astatic Epilepsy (MAE), which he appears to have been lucky enough to have outgrown, though I don't know if saying he "had" epilepsy (past tense) is accurate (or even relevant to the discussion).
A friend convinced me to take a few MBA classes at a local university. The first class was accounting. It opened my eyes to understanding what our product and business owners were saying on my projects at work. Now I could understand the "why" behind the screens I was building! I asked questions that made them re-think their screen mockups. Since then I've graduated and taken classes in Finance, Leadership, Economics, and my favorite: Strategy.
I use more knowledge from my MBA in my coding career than the stuff I learned in my undergrad in Computer Engineering.
In my experience, an MBA doesn't make me a better "coder." But it has given me confidence and competence in my interactions with customers and the leadership team. I'm very glad I took the time and effort to pursue my MBA.
I joined Google this summer and I have 2 ex-consultant MBAs in the team I'm managing, along with a third employee who is ex-BCG-but-no-MBA. They are awesome. They freaking rock at analysis, and are highly skilled at asking good & pointed questions to help nail down business opportunities & good/bad ideas. Two of them have technical BSes (EE & CS) and are fantastic PMs: well organized, analytical, strong communicators, outgoing, and perhaps most importantly, they know when they're weak in an area and how to recruit complimentary team members.
This by no means should be considered advice that everyone needs an MBA, that all MBAs are equal, that all tech PMs need an MBA, or even that all Google MBAs are good at their jobs, but MINE ARE, and they'd be much less proficient if they hadn't spent that extra two years in business school (along with tech internships both years). Just like everything else, people need to set goals and work appropriately to achieve them. For some individuals this will suggest an MBA; for many others, not so much.
Honestly, the biggest piece of business school advice I'd offer anyone is that if you can't get into or afford a top tier school, don't bother paying a school at all. Just try to DIY it the best you can. The gap between what students get out of the tier 1 programs and everything else (with a few notable exceptions) is immense.
I'm not counting exec MBA programs at all. They're specifically targeted at people who are already execs and just look to amp up certain skills (M&A, international development, etc).
From a randomly selected job posting on Facebook's web site:
Requirements B.S. or M.S. Computer Science or related field Experience building high-performance, large-scale server applications and reliable software Expert knowledge developing and debugging in C++ End-to-end experience in online ad serving and background in online advertising/auction theory strongly preferred Knowledge of Perl, PHP, or Python a plus Knowledge of Hadoop/MapReduce a plus
There is a huge "getting your foot in the door" advantage to that credential. I can totally believe she didn't use much of what she learned at HBS in what she did at Google. But would she ever have gotten that VP job at Google without that sterling resume?
MBA is probably really not necessary, but if you have the oportunity to do one on a top school, it may open some doors and expand your network. At least it has no negative effects (if you can efford it).
Especially if you have technical background and want to move to management position. It simply diversifies your background and strengthens signaling.
For what's it's worth nearly all the excellent executives I've met over the years didn't have an MBA and nearly all the worst ones did...
It's also funny to read in the article that Thiel has said MBAs are useless, because his books are a joke when compared to the most basic business courses. It's also laughable that Sandberg would say this, having already gotten an education from a place which has been central to business trends globally for decades. It's likely that Facebook et al would not exist without HBS and similar institutions in the US.
My background is economics (and political philosophy) - and I work in tech - first as a programmer, the product manager, and now as founder: knowing economics has been useful in my roles as PM and founder.
Everyone should know some basic economics - micro-econ concepts such as marginal utility, producer/consumer surplus - as its useful for business.
And everyone should know basic macro stuff (interest rates/GDP/etc) because in a democracy it pays to have informed citizens.
An MBA, however, is overkill.
99% of all top tech company CEO's are techies who learned practical business through experience --- and are not MBAs.
Sheryl Sandberg knows exactly what she's talking about.MBA was designed for corporate middle management.No need for that in a startup - especially at founder level.
Now I invest in startups. I do not invest in MBA founders. I'm doing very good investing.
Its simple. Every logical argument says the same.
I also have a friend who is MBA and works at FB. They have a whole formal program set up for them.
So while it may not be advantangeous per Se I think companies do use it as a proxy for character traits or pattern of achievement. Because of that it is an advantage. Even if not if they have a formal Recruiting program then IT is an advantage.
More to the point, most of what I was taught in my MBA course is irrelevant to a bootstrapping startup using Lean/Customer Development methods.
I have an MBA, I normally go around saying it doesn't matter. Mostly it's because bragging about your MBA is douchey, and we know it. I don't feel like people I work with care either way.
A lot of top execs do have the credentials often dismissed so I'm not personally sure they'd be there without that kind of education.
The value of attending business school (assuming it's a top school) might be more related to "outside" factors such as more opportunities, tapping into good networks and of course, involvement in different disciplines with all the resources you need to grow your thinking and expertise.
What I am concerned about is that some statements can easily be taken the wrong way by people who honestly would benefit from MBAs. Facebook not choosing or using an MBA as main criteria is fine, but Facebook is not the only company that matters and i'm sure having an MBA does also not discredit you in their eyes.
What you get out of them and their utility probably is very contextual in the same way any degree is.
My suspicion is that for many roles and at many times in a technology business, the utility is low, but that for some roles at some times, it is quite high.
Ultimately, the thing that's might be funky is that if you hire someone for their expertise in domains pertinent to MBAs, you are putting them very close to having control of the legal construct of your business. Like a sysadmin, you need to place a lot of trust in them to ensure they are doing their job correctly if you don't have the domain knowledge to provide careful oversight.
This whole issue (usefulness of MBA in tech management) sounds very similar to the usefulness of CS degree in development issue. We can talk all day about the effect the CS degree has on getting jobs in the first place, but putting that entirely aside, as a developer with a CS degree, I can certainly point to some very useful things for the job that I learned in the course of doing the degree, and I could tell somebody without a CS degree what those were and where to read about them. Ignoring the entire issue of whether or not the 'piece of paper' would help them in their career, this knowledge certainly would.
If anyone (MBA or not) has any such advice, I'd be very grateful to hear it!
Can anyone post some favored texts/resources for self-directed learning?
What do we include in the HN home-brew MBA?
If you can learn things for yourself effectively then there are a whole range of degree level courses which are completely unnecessary. In fact, not wasting your time with them, can be an advantage of its own...
Although even then... its always good to have others with experience teaching you. Regardless of the subject matter.
There is no 'rocket science' in business and there is plenty of material available to learn from.
If you're a walk-on for a $250,000-per-year sinecure, then they're going to give you a real tech job, and not some lowly code-the-stories position.
Am I missing something?
Sure, it may seem interesting to be an executive in Facebook, but that is not nearly as lucrative (and interesting) as working in trades or billion dollars deals in finance.
So how does one interpret this? It sounds like she doesn't really have a good idea as to what makes a great employee, and falls back to magic catch phrases, altough this is probably an industry (actually multiple industries) wide problem currently (How to identify a great employee a-priori).
So if she doesn't really know what makes for great employees, is her advice about MBA's really relevant then?
IMHO yes MBA's have a bad rap, but just like everything the knowledge you gain from a MBA program can open your mind to thinking about problems in a whole different way. A lot of techies have no concept of how the business side of the industry works, and it would not be a bad thing to understand it. But you can also gain that awareness from a couple of good books on the subject, not just from attending a MBA.
Just for completeness the other advantage of a MBA is the network, which is another discussion. (Of value for the person, not necessarily for the business, which is the point of the article)
Quoting Donald Knuth / The Art of Computer Programming:
> Many random number generators in use today are not very good. There is a tendency for people to avoid learning anything about such subroutines; quite often we find that some old method that is comparatively unsatisfactory has blindly been passed down from one programmer to another, and todays users have no understanding of its limitations.
Maybe it's time to have Math.random and equivalents call a CSPRNG, with a Math.insecurerandom when performance matters?
Also because the specification has very little by way of requirements in that regard, no matter how good some implementations may be you should always assume you code may end up being used in an environment where Math.random() is no better than the worst generator you can think of.
If you need specific properties in your PRNG then you still need to provide something in place of Math.random().
Worst idea ever, this not-a-real-bug got a correction in just a few days without even being in the bug tracker, while there are real bugs stalled for years in the tracker. Writing a blog post and making a lot of noise on the internet works way better than using the bug tracker.
There you can see the code and watch it run. Neat!
I'd think that having a "secure" random number generator isn't that important of a deal given the fact that all code runs client-side anyway (so why the need for cryptographic security?).
I would also recommend running the provided DieHarder test, which is crafted to measure the quality of PRNGs.
Were any professional experts on PRNGs asked for advice?
TL;DR long strings of repeated results are a sign of true randomness. Am I misinterpreting the relationship between that and this article?
When algorithms are getting tinkered with behind the scenes, this leads me to believe there's still way too much churn in the JS space.
I'm happy to get feedback, but please go easy on me. We will plan much further in advance next year and make it easy to scroll through ideas and look beautiful and not be annoying in the countless ways it seems to be currently :)
This was a lot of fun and came together really fast given the time constraints. Colleen was amazing and did the write-ups quickly. I've been working frantically to get this out. Still needs work though. Please send comments. But first, I need to go drink some water as I haven't left my desk in many hours.
UPDATE: as I suspected, my inbox is exploding with emails from other YC startups with gift ideas. Will update as fast as I can.
I just sent the site to my mom. She could pick anything and it'd be a great gift, it's that good.
An unsolicited suggestion: Maybe it would be best to have to "Buy From YC Companies" page or something like that, and then just select 6-8 of them on a separate "for the holidays" page. At least that way an everyday consumer could quickly scan the list without having to read 20+ startup descriptions (which can be tiring, even for the hn crowd).
Personally, I thought it was worth the read. I had no idea that many of these companies were YC backed, or that some of them existed at all.
I'm being a little overboard of course, but I really wonder how dependent we will be on our machines to survive at all in a generation or two.
I really like Level Frames. Will definitely use them in the future for my space.
The site makes me wish YC kept a publicly filterable curated list of products from YC companies that included these things like pretty images and a tagline that captures exactly what the company does.
And hey, I can't even talk; I make freemium mobile apps so it's not like I'm solving real problems either.
It just sucks and I wish it was sexier and more profitable to go after real problems rather than silly stuff like e-sheets or digital frying pans that perfectly cook your grass feed beef steaks.
This is perfect for a gift exchange.
But why would pre-order only items be included in this time-sensitive list?
As a side note, I am shocked at how non-HN-user-friendly most of these sites are. I saw an insane number of tracking scripts blocked and most were rendered completely unusable without JS.
The Pantelligent picture just shows a picture of a box with Pantelligent written on it, not the actual product.
The uBiome one is straight-up meaningless clip-art (of a robot holding a wrapped present) with the company logo badly pasted on. Sure, the nature of the product makes it hard to get a picture of it, but the clip-art could most certainly have been chosen better.
The Craft Coffee one only shows pictures of text-only ads for the product, not what you would get when you actually subscribe.
Who in their right mind thinks that putting a button called "Show me the list" dead center of the page? Hey guys, I have a novel idea: instead of adding a button, just _show_ me that list!
And do you know what happens if you press that button? The website scrolls down a ~300 pixels and then you can see the first 1.8 entries of that list!? F*ck this shit! You have ~900 vertical pixels at your disposal and all you manage to do is to show me TWO lousy items?
I actually tried to scroll down the list and it took me FORTYFOUR (!) scrolls of my mouse wheel to reach the end of the page. 44 scrolls to see a list of just 40 items?! This is horrible! In what world do you live if you think that this is a good user experience.
There is a lot of stuff killing the web right now, but one of the things nobody ever talks about is this horrible "modern" design which is nothing more than a wasteland of white padding, waste of space, way too large fonts and oversized picture banners which take way too much bandwidth too load.
In my opinion we should introduce a whitespace-to-content or padding-to-content ratio which punishes bad webdesign.
Another offender for this is medium.com. Yes, it has good content, but you have to hunt for it in the wast amount of padding and oversized images.
Just go and have a look at the mediums frontpage. What do you see? A few words, two buttons and a large image. In order to see any content you have to scroll down and even then they manage to only show you 2 items at the same time. If you want to see more you have to scroll constantly.
502 Bad Gateway
After scrolling through the rest, this has to be one of the best collections of first-world problem junk.
What kind of person thinks to themselves, "Man, I really wish I had a gift idea list based on a particular financial investor."
1. The hypothetical example you give about the Financial Times writing favorable stories for investors is an example of conflict of interest, which is a different issue than the elitist exclusivity discussed last thread. (And much more gray)
2. As noted in the previous thread, both Reddit and Hacker News are transparent in terms of submission moderation, which is what is being proposed here. (Albeit less modern)
3. Having an anonymous account post this Google Doc does not build trust in that you could build a competitor. There is more to building a link aggregator ranking system than following a Rails tutorial.
4. Having random people come together to build an idea just because they can doesn't work well. That's why Idea Sundays stopped on HN.
My dream startup would be an optimized link aggregator; the use of upvotes as a statistic for quality is why I spent so much time doing data analysis on Reddit and HN data. But this isn't the way to build a competitor.
The tier 1 group is not as small as you think, and they are pretty diverse group of people from all around the world. When they post something, it goes up straight to the featured page. There is no censoring. They are definitely not paid by producthunt the company to submit these new products, they're merely users sharing what they discover. Their main incentive for posting on product hunt is to be the "first one" to discover a cool new app and share it with others. Now if you understood this, think about how ridiculous all your speculations are.
* anyone who missed the story on HN today would have no idea what this was about,
* leading with accusations that PH is an "elitist/bro community" is needless antagonism, but most of all,
* you're pitching a non-conflict of interest alternative to PH without revealing anything about yourself.
Third, the only way to significantly improve upon these sorts of communities would be to build them on the block chain. But the technology to do that doesn't yet exist.
At $6 million you can hire and pay for about 10 to 15 people for a few years at a competitive salary and work from a not completely terrible office.
I'd like it if these posts weren't spreading "$N Millions of dollars!" fud so much as if it were some terrible wasteful thing. This is not someone's personal spending money that they're buying maseratis with, the founders do not get to use this money to buy themselves nice cars. It's not a life changing event, it's simply an opportunity to build a business.
Even if it relates to bad science, bad product, etc....
It's all very 'kumbaya' positive, which is fine.
That being said, I think ProductHunt will be sufficiently difficult to replicate.
I seriously want to know why someone should care about Product Hunt and what its impact and/or place is in the tech world.
helps startups get their 15 minutes and puts them onto the path of success.
Revert to the old PH design. I hadn't checked the site for > 1 month. There is an incredible amount of noise and bloat in the new interface. And it needlessly looks too much like Kickstarter, which arguably has discoverability problems of its own.
Just a Meteor Telescope app on Heroku at the moment. Any thoughts?
Blaine Cook was "rejected" from Twitter after years of hard work. But he faced an insane scaling problem, and most of us would look bad if we faced the same set of problems.
Steve Jobs was "rejected" by Apple after years of hard work.
Or my all time favorite:
John Lasseter was fired from Disney because he was too enthusiastic about cutting edge digital animation (rather than the traditional animation techniques for which Disney was famous), then he became head of Pixar, which got bought by Disney, and which took over Disney's animation, and so now he is head of animation at Disney. They fired him, but now he is back, and now he is in charge, because he was right.
Lots of great people do great work and then get fired. Getting fired doesn't mean they were wrong. Sometimes it simply means they were too right, and nobody wanted to hear it.
I'm now working for Google.
One thing I can tell for sure, specially after interviewing others. It's all random. Most of interviewers make their mind about the candidate in seconds. If you are a charming person you have a good chance. If you are not a very likable person you have a very small chance.
>There is a Taoist story of an old farmer who had worked his crops for many years. One day his horse ran away. Upon hearing the news, his neighbors came to visit. Such bad luck, they said sympathetically. Maybe, the farmer replied. The next morning the horse returned, bringing with it three other wild horses. How wonderful, the neighbors exclaimed. May be, replied the old man. The following day, his son tried to ride one of the untamed horses, was thrown, and broke his leg. The neighbors again came to offer their sympathy on his misfortune. Maybe, answered the farmer. The day after, military officials came to the village to draft young men into the army. Seeing that the sons leg was broken, they passed him by. The neighbors congratulated the farmer on how well things had turned out. Maybe, said the farmer.
The point being that when you become so upset with being turned down for a certain job you are setting yourself up to be let down by missing the big picture. The reality of the big picture is you have no idea how something that might seem like a great success might lead to great failure, or great failure might lead to great success.
If so, that's bullshit. The only reason we don't see any examples here of people who never get accepted is because they're invisible to the industry. Many of them probably ended up committing suicide or switching careers. (I've contemplated both more than I care to admit in polite company.)
We can't all be winners.
(But by that logic, we can't all be losers all the time either. You're probably somewhere in between both extremes.)
I simply don't get interviews these days. Sigh! On to a better company.
I go in and apply. I meet with 6 people out of thousands, representing 1-3 teams out of hundreds. It doesn't work out, for any of <n> reasons, some of them just luck of the draw. But now my interview is in the system and will be forever referenced. I'm given a polite but non-informational "it's not a fit" and sent off to a competitor.
Idea: Big companies shift to lighter-weight interviews which aren't considered final. If you're good enough to make it to on-site and it doesn't work out (but there was lots of reasons to think it would have), then you get happily scheduled for another round in a few weeks or whenever, and Company tries to not leave you with a stigma of rejection.
This frequently happens with executive recruiting, but not at lower levels. At least, I haven't seen it. Instead we get so many stories like on this website, where it should have been obvious just by CV/portfolio alone that they were awesome developers.
It's mostly about understanding the company culture, reading the interviewer's face and trying to figure out what they want to hear as you go along (of course technical skills are a prerequisite).
The only time I didn't get an offer was because I asked for too much money.I think asking for more money is a good idea though; it weeds out all the frugal companies.
I think that if your success rate is 90%, it means you're not charging enough.You need to bring the price up and allow the success rate to drop - Then the average quality of offers will go up.
In an interview for a CTO type position a while ago, the only technical member of the interview panel was visibly aghast that I had never made a bootstrap theme - which, despite me explaining where that sort of task fits into the webapp ecosystem to the others, had already rubbed off on the rest of the panel. The extensive team/project building portfolio presented was irrelevant.
I thanked them for their time and didn't call back as I've had my fill of toxic work environments out there.
As I got deeper into IT-recruiting, I realised that candidate filtering at the top of the funnel is fundamentally broken. Especially in Europe companies expect a CS degree and don't appreciate self-taught skills as much as in the US.
I am trying to change this. If you look for a tech-job in the most liveable city in the world, check out my story "8 reasons why I moved to Switzerland to work in IT" on http://medium.com/@iwaninzurich/eight-reasons-why-i-moved-to... or send me a mail to the mail-address in my HN-profile.
At any given moment I might have between 5 to 20 possible jobs that I'm searching for people for. In a given week I might receive 1,000 applicants.
It is incredibly hard to get anyone into a job and often great people are rejected for various reasons.
The Business of Rejection - that's recruiting.
That one seems pretty legit to me.
Eventually he ended up being an engineer there.
My experience and rejection also indicated there's something arbitrary random going on in the interview process. Once a recruiter from Google commented my grades with a serious attidute, saying I should keep them as high (I was still a student) and I immediately realised that grades weren't even checked because my grades were horrible (GPA<3, ridiculous bible theology social classes ruined it for me) and if they cared I should get them higher.
I went to an on-site at a major company, and there was a guy who just wouldn't smile. He also led me down the wrong way on the tech part, which is easy when you make zero facial gestures and talk like a robot. I figured it out eventually, it wasn't hard, but he dinged me.
With the other people it was just a breeze. We chatted about various low level performance things, about how the work environment is, and so on. The tech parts were easy, because you could tell whether you'd actually understood the problem correctly.
It is sad that we still have to follow this broken process because of lack of any viable alternative.
8 years later the same chap was the first angel investor in the startup I co-founded and worked with us as Chairman for a number of years before the company was acquired.
I never did ask him if he remembered rejecting me!
The whole you rejected me, but haha I'm better off comes across as pretty self-centered and entitled.
-edit- removed question,more
You have to consider the time dimension and boom-bust cycle.
"I showed up at the store and they didn't let me in."
"Because it was closed!! You showed up at 3am!"
Here comes the racist right here. people get rejected all the time even when they are white, in fact, most of the people that get rejected for a job are white. I think you do not fool anyone anymore with this kind of narrative. It's tough for everybody, so don't make it about race or gender. Stop complaining and try harder.
And FYI, I'm black.
People who say those kinds of things are no better than him. Possibly worse.
The solution to dealing with people like him is to be able to separate them from society or fix the system so it can no longer be exploited so "easily".
He may have hurt a lot of people but it's been through proxy as far as we know. Like Drone strikes, if you can't see the damage you're doing you can't feel guilty about it.
Like Morgan on the Walking Dead. I do believe Martin is a good guy on the wrong path.
It's easy to come together to have shared hatred for this guy and it's hard to realize
I can do better as a human being with empathy towards someone who is broken; sad and probably doesn't understand why people hate him.
He's just being "successful" as it was always defined to him.
Like the Boston Bomber. Getting "Revenge" does not stop the perpetual cycle violence and misbehavior.
The Wolf of Wall Street was a glorification of this type of behavior and a lot of people saw Jordan in that movie as a "Hero"
Shkreli seemed like such an obvious troll in how he defended his price gouging by saying that a CEO's role is to maximize profit for the benefit of shareholders...and yet did so in such an unnecessarily obnoxious way that if he truly were the uber-capitalist, he would know that bragging and drawing attention to what an asshole you are does not achieve the true capitalist goal. I would've bet money that in a year, he would reveal that his act was just a trolling piece of noble performance art to raise awareness of how evil corporations could be.
I'm holding out hope that getting arrested and indicted is still all part of his greater plan, though if so, it's a bit more elaborate than it needs to be, IMHO :)
PDF of complaint: http://www.plainsite.org/dockets/download.html?id=214847399&...from: http://www.plainsite.org/dockets/2mxis2kze/new-york-southern...
The Retrophin complaint also contains more detail about what happend with Merril Lynch:
24. Shkreli also had to contend with Merrill Lynch, which had sued him and MSMBCapital in connection with the Orex Trade (the Merrill Lynch Arbitration). Shkreli andMSMB Capital had entered into a settlement agreement with Merrill Lynch that required Shkreliand MSMB Capital to execute confessions of judgment in favor of Merrill Lynch. Theconfessions of judgment would not be filed if Shkreli and MSMB Capital timely paid the agreeduponsettlement amount. Shkreli funded the Merrill Lynch settlement and avoided the filing ofthe confessions of judgment by causing a $900,000 investment in Retrophin equity securitiesmade by MSMB Healthcare to be recharacterized as a loan, causing the loan to be repaidwith interest, and using the loan proceeds together with other money taken from Retrophin topay Merrill Lynch. See generally 47-58, infra.
Edit: No need to hope anymore. Grand jury started in January and investigations ongoing since 2012.
1) "Innocent until proven guilty" and "wow, that timing sure is convenient".
2) LOL. grabs a bucket of popcorn
From what the media reports on him and what I saw on Twitch, seems as though he may have a bit of a Jekyll-Hyde type personality.
They want to sweep him under the rug and make everyone believe this is fixing something. This arrest is akin to Martha Stewart getting one of the few indictments from insider trading after events like Enron went down.
It is a show, it is a game, he played it too loudly. He became the public fall guy show piece in my opinion. Going after him for a multi-year SEC investigation right when he made another big price change? Too much attention was brought to drug pricing and controls, and they had something on him.
Update: As has been pointed out, this comes as no surprise since this kind of price gouging is perfectly legal.
It makes you feel good, you feel justice has been served.
But let me give a harsh dose of reality, if he is going to court/jail, shouldn't most of the Wall St. bankers be in jail.
Including every bodies favorite banker John Corzine. http://www.newsweek.com/stalking-jon-corzine-317733
So before you feel good about feeling good, let's not forget that many bankers walk free in society and this is more of click bait story, just saying.
In short, he was arrested for securities fraud. This isn't related to his price-hiking antics, rather it involves his work running pharmaceutical companies and lying to investors.
Note to self: if you ever take up stealing as a primary business, do it quietly and don't attract attention to your fellows.
1) What do these cars do in ambiguous driving environments: construction zones, poorly/under relined lanes, freshly paved roads, hazards, dark/rainy roads where camera images are useless, etc.
2) How do these cars handle system failure while driving? Blown tire, engine failure, etc.
3) Is there "Moral Decision Engine" code in current generation cars? E.g. person runs out in front of an autonomous car, the car chooses to spare the person by veering off and hitting some inanimate object. I can imagine a class of accidents in traditional hands-on cars where a driver hurts himself in order to avoid harming a pedestrian. Is such moral logic hard wired into autonomous cars?
What have they been doing over the last 3 years? I even tried reading their blog, but they only report on building more prototypes or driving more miles. It's a blackout of actual information about their challenges and achievements. When will they be confident enough to launch it, or at least talk about it?
 "California: Self-driving cars must have driver behind wheel under DMV proposed rules" (16 December 2015)
 "Google 'disappointed' by proposed restrictions on driverless cars" (16 December 2015)
And introduce more bureaucracy as now Google Car has to negotiate with Google for access to AI tech, computers, maps etc instead of just using whatever they can?
Could we please stop parroting this blatant falsehood? Their net loss for a particular operating period, when amortized over all the vehicles they sold in that period, came out to ~$4,000 per vehicle. That is not, in any way, shape, or form, the same as losing that money on each vehicle sold.