hacker news with inline top comments    .. more ..    24 Feb 2016 Best
home   ask   best   3 years ago   
Graphing when your Facebook friends are awake defaultnamehere.tumblr.com
1297 points by adamch  5 days ago   189 comments top 51
ceocoder 5 days ago 6 replies      
My favorite part -

> This friend recommended nvd3.js, presumably because youre not making real graphs in 2016 unless your graphing library is <something>.js and requires at LEAST one other <something else>.js as a dependency. Everyone looks at you like what, you DONT already use <something else>.js? Jeez say goodbye to your Hacker News karma. Just apt-get install npm && npm install bower && bower install- NO STOP IT THIS ISNT WHAT TIM BERNERS-LEE WANTED.

edit: as huckyaus mentioned in a different thread, author did http://swagify.net/ as well. In completely unrelated news, I'm changing my handle to [Tr1Ck$h0t][LEGIT][60x7]$$$C30C0DER$$$, that will make me really popular among the cool kids.

542458 5 days ago 10 replies      
Some people might take issue with it, but the writing for this had me in stitches. I very much agree with the author on graphing libraries - there are a few good simple ones, but as soon as you want anything unusual you have to jump to these big, hard to configure monstrosities. More than once I've just given up and written my own server-side generator.
BinaryIdiot 5 days ago 7 replies      
> If you reload the page youll see approximately fifty-bajillion network requests go off as Facebook desperately tries to load all the junk that it needs to display facebook.com.

I like this part. As a developer I've often looked at the network usage of large websites / web applications and it's always surprising to me just how...unoptimized it is as far as network connections go.

I mean Facebook loads decently enough and all I'm just surprised the first load isn't condensed into a small, handful of network calls to save on latency.

spydum 5 days ago 1 reply      
I like to do this sort of web spelunking all the time.. But the writing and humor really make this more enjoyable than it should be! Of course Facebook leaks info to you about your friends - that is the sole attraction for people to use it! Seems like you could turn this thing into a browser extension as well if you felt daring.. Like some sort of FB snooper.
jonesb6 5 days ago 1 reply      
"If you I dunno, didnt have a lot of friends in high school, you might recognise that as a UNIX time stamp - the time in seconds since midnight, January 1, 1970. "

Great article. And a further reminder why Facebook kinda sucks.

jacalata 5 days ago 5 replies      
As someone who is not personally humiliated by my interest in computers/tech/programming, I wasn't really entertained by the constant "oh yea lol it's cause I'm a waste of oxygen that I know that, don't you hate me as much as I hate myself?" Maybe I know too many nerds with actual self esteem issues to find it funny.
xiphias 5 days ago 0 replies      
So to make it useful it just needs to find the pairs of people who ,,go to sleep'' at the same time
christiangenco 5 days ago 0 replies      
This style of writing is so entertaining; it's like a funnier stream of conscious of what goes on in my head when hacking things like this together. If OP is the author, please write more.
a_bonobo 5 days ago 1 reply      
>Similarly, Im not sure why there are these weird spikes every three minutes (+- ~1minute) sometimes.

Could these just be keep-alive requests? For example, the mobile app checks whether it's still connected?

WilliamSt 5 days ago 1 reply      
You should try to add some sort of tracking of when people start to write a message to you. If that's in any way possible. It would be really stalkery if you knew whenever someone started writing a message and perhaps decided not to send the message.
gengkev 5 days ago 5 replies      
I don't have a Facebook account, but is there really no way to not share your available status to your friends? In Gmail you can simply sign out of Hangouts.

On a side note,

> If youre wondering why the response starts with for (;;);, its to, among other things, encourage developers to use a quality JSON decoder, instead of like, yknow, eval().

This is wrong, as I commented on the linked StackOverflow post, perhaps a bit too strongly. But it's really frustrating to see that people have misconceptions because of incorrect answers on StackOverflow.

buremba 5 days ago 5 replies      
It would be real creepy if someone does the same thing for Whatsapp, you can even predict who's talking to each other much better than Facebook. It's a bit harder to collect data from web.whatsapp.com because it's using Websockets but let me know if someone develop such tool and publish it on Github. :)
theon144 5 days ago 0 replies      
I know I'm in the minority here, but I just couldn't bear the writing style. I'm sure the content is interesting, but this article tries way too hard for my tastes. I had to give up after the first couple of paragraphs.
awjr 5 days ago 0 replies      
This is very well written, intelligent, and very entertaining. It's almost like he channelled Deadpool. Kudos.

Oh and did not know about the Copy as cURL feature on Chrome!

anaphor 5 days ago 0 replies      
I did the same thing with the XMPP interface before they scrapped it and it was obviously much easier...also I used the built in graphing that's in Racket to visualize it. Also I made a thing to do desktop notifications whenever someone came online, which is actually kinda useful.
bijection 5 days ago 0 replies      
Antimatter15 has a pretty cool clock style visualization of this from 2012 [1]

[1] https://antimatter15.com/project/facebook-clock/

drdiablo 5 days ago 1 reply      
Nice work! I really like the idea that the web allows anyone to programmatically dig into the UI and extract data to do things. A friend and I actually made a whole API to interact with FB chat. You should check it out: https://github.com/Schmavery/facebook-chat-api. I'd really love to see what you can come up with, with some of the stuff we support.
glossyscr 5 days ago 0 replies      
"Graphing how addicted your friends are to Facebook and Facebook Messenger"
pranaysharma 5 days ago 1 reply      
Great work and nice style of writing...felt like nerd Deadpool ripping away FB :P
dclowd9901 5 days ago 0 replies      
> when its midnight and your x-axis formatting function doesnt convert UNIX times into JavaScript date objects properly because theres no timezone information and I dunno JavaScript was written by some guy in two weeks (yeah I aint afraid to call it out what of it) and your binary-search based conversion of sparse timeseries data into uniformly dense timeseries data is causing so many data points to be graphed that its slowly crashing Chrome and youre watching helplessly as your RAM goes up and Chrome wont close the tab and it just doesnt seem right that 2016, the year of the Linux Desktop has brought us this situation I mean I thought if you had enough <something>.js libraries this stuff was meant to just scale right up so tha-

So, did you forget everything you learned about memory management? Or do you think Javascript really doesn't have sound memory management principles? Hell, it's not like you need to retain references to rendered points. Just dequeue them. Browser graphing libraries render to canvas which is just pixels.

karlding 4 days ago 0 replies      
You used to be able to do this with the Facebook Query Language (FQL) that Facebook exposed, sending something like this query to the FQL endpoint.

 SELECT uid, name, online_presence FROM user WHERE online_presence IN ('active', 'idle') AND uid IN ( SELECT uid2 FROM friend WHERE uid1 = me() )
Unfortunately, the current version of the Facebook Graph API[0] doesn't have the online_presence field, so this is no longer possible. Maybe the Graph API will be updated in the future to also return the online_presence fields?

[0] https://developers.facebook.com/docs/graph-api/reference/v2....

mattlutze 5 days ago 0 replies      
I followed his GitHub link at the bottom of the post and see that he's Australian. My preconceived stereotypes of Australians suddenly explains quite a bit of his writing style and humor, and makes the post that much more enjoyable.
gohrt 5 days ago 1 reply      
What determines whether the app is online? What happens when the user is using the phone but FB is in the background? Does FB get some kind of update when the user is active on device? Or do OP's friend live in the FB app all day long?
Wingman4l7 5 days ago 0 replies      
Reminds me of the old-school user tracker (whose name escapes me) that would give you a bar graph of your friend's online/offline presence when AOL Instant Messenger was the dominant chat client.
Matiss 5 days ago 0 replies      
This is awesome! Thank you for sharing the code for this. Overall I would say that this could be very entertaining to watch over multiple sites. Potentially gathering a good profile of your friends over time!
enig_matic7 5 days ago 0 replies      
So, I can mine when my friends are online.

Perhaps, buy some targetted ads about 'SleepCycle' and show them to the naughty ones who sleep less than 6 hours. :P

LargeCompanies 5 days ago 0 replies      
This is random, but....

Nice with this data I might finally and truly finish my Social Alarm Clock idea and do so in which it truly improves the sound of your alarm clock; one that always makes you smile, laugh, etc.

There's been tons of social alarm clocks(from Justin Bieber to Nestle to Sony to Wakie, etc) since releasing sleep.fm in 2007 (a century ago in Internet years) yet no one has executed on the idea properly.

dyscrete 5 days ago 1 reply      
Awesome and hilarious article. Id just like to note `for (;;);` is not to prevent users from using bad JSON parsers like `eval` but prevent older browsers with little to no cross domain policy from loading it with a script tag and doing evil XSS by overriding Array or Object constructors or prototypes to pull that data
atrudeau 5 days ago 0 replies      
Cool hack and awesome, fun writing, but on a more serious note : how is knowing your friends' usage/sleep patterns useful in any way? Could it be used for some dark, machiavlique purpose?

And how about for advertisers? "Get your sleeping pills here" type ads?

soofy 5 days ago 0 replies      
Another neat FB analysis:

Data Science of the Facebook World


Buetol 5 days ago 3 replies      
Small tip: If you don't want to be tracked, you can also turn off the chat.
dmichulke 5 days ago 0 replies      
Thank god HN doesn't have the same feature (ehh, I suppose at least). But how about linkedin and reddit?

I also bet that Whatsapp has this feature since I often see "Last seen at ...".

lewapkon 5 days ago 1 reply      
Are you aware that there is actually no requirements.txt in your repo?
mariust 5 days ago 1 reply      
This is crazy, I had this idea like 1 month ago and I thought I will find some free time to make this happen by the end of this month, I guess I should thank you :) Nice story by the way :)
zimpenfish 5 days ago 0 replies      
You can use the MQTT Facebook plugin for Bitlbee and get similar online/offline/active information right there in your IRC client without all the screen-scraping faff.
jordan801 5 days ago 0 replies      
Love it. I knew where you were going right off the bat, but your writing made me read through it. Now I feel like a secret agent. I'm not sure why.
davidwparker 5 days ago 0 replies      
Nice little investigating!

Personally, I have chat off all the time on FB, and I don't have the Messenger (or FB) app on my phone either, so I guess I'm always sleeping :)

beatpanda 5 days ago 1 reply      
seriously though how are you not already using D3
obelisk_ 5 days ago 1 reply      
inb4 facebook resolves this issue by banning anyone who's connected 24/7. (that wouldn't solve the problem either way, btw -- a small group of people could conspire to pull this data at irregular intervals and then share the data with one-another to get a more complete picture while still staying reasonably undetectable if done right.)
aham 5 days ago 0 replies      
This is brilliantly creepy, and so well written as to be both engaging and informative. Thanks!
teen 5 days ago 0 replies      
You're really funny! Great post. Highcharts.js is the easiest js library to make quick charts btw.
merb 5 days ago 0 replies      
Not sure if this blog post is great because of the thing he is doing or the way he writes it.
Globz 5 days ago 0 replies      
Very good and fun to read article.

Thanks for all this amazing info!

peace - [2edgy4u][ev REE DAI][24x7BLAZEIT]|ggg10Bzzz|

vmateixeira 5 days ago 0 replies      
Very good post! And very well written, very humorous. Thank you for your teachings as well!
pascalmahe 5 days ago 0 replies      
Loved the article. Great writing style!

Especially loved all the links to Facebook :D

meapix 4 days ago 0 replies      
I don't have facebook but my friends are on facebook.
AznHisoka 5 days ago 3 replies      
Does this work for anyone, even if you're not their friend?
gchokov 5 days ago 0 replies      
Impressive. Kudos to the author.

p.s. I am hiring ;)

brightball 5 days ago 0 replies      
Great writing style. Hilarious.
yojoma 5 days ago 0 replies      
This was hilarious and really cool!
david90 5 days ago 1 reply      
This is creepy, but yet very good illustration of social engineering
Snowden: FBI obscuring crucial details in Apple case twitter.com
640 points by Karunamon  4 days ago   208 comments top 23
citizensixteen 4 days ago 3 replies      
More on All Writs Act of 1789.

The Dangerous All Writs Act Precedent in the Apple Encryption Case


"Tim Cook, the C.E.O. of Apple, which has been ordered to help the F.B.I. get into the cell phone of the San Bernardino shooters, wrote in an angry open letter this week that the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. The second part of that formulation has rightly received a great deal of attention: Should a back door be built into devices that are used for encrypted communications? Would that keep us safe from terrorists, or merely make everyone more vulnerable to hackers, as well as to mass government surveillance? But the first part is also potentially insidious, for reasons that go well beyond privacy rights.

The simple but strange question here is exactly the one that Cook formulates. What happens when the government goes to court to demand that you give it something that you do not have? No one has it, in fact, because it doesnt exist. What if the government then proceeds to order you to construct, design, invent, or somehow conjure up the thing it wants? Must you?"

ianamartin 4 days ago 7 replies      
No tinfoil intended here, but it strikes me as very unfortunate that the Supreme Court Justice most likely to be opposed to this recently passed away last weekend.

In my not-a-lawyer opinion, I think that Apple will absolutely take this as far as it can. With only an 8-member court, Anthony Kennedy becomes even more important than ever.

We should be lobbying SCOTUS harder now than ever before. We need them to rule against this far more than we need to be calling congress people.

We need the Supreme Court to act with the effect of precedent. But I'm not optimistic. We would need Roberts and Thomas to back off their national security platforms, and we need RBG and Kagan to understand the problem better.

Kennedy is a wildcard, but if we can explain the issue in plain English to those key people and get them to agree, this is doable. Alito and Sotomayor will fall in line.

If we do our jobs as members of the body politic, write amicus briefs, and hound the members of the court, this is doable.

Thomas and Roberts can be swayed. So can RBG and Kagan. It would be an easier 5-4 decision with Scalia still around, but this is possible without him, and we need to focus our efforts.

I'll be putting my money where my mouth is over the weekend and creating a website that submits comments to the individual justices. I'll also be asking for help/edits on the boilerplate I'm offering as a starting point.

notthegov 4 days ago 5 replies      
He is suggesting that the FBI sees this as an opportunity to set a precedent and doesn't care about the data?

If so, in FBI logic, in the future there could be a more legitimate need for Apple to comply because a suspect could have a WMD. But so far no such threat exists.

However, let's distort the issue and exploit this opportunity now knowing few will go against law enforcement tactics against the San Bernardino killers?

Because they will need the power in the future but the public has to be scared into acting now to prevent the real hypothetical future attack?

alblue 4 days ago 1 reply      
I've written up a summary of the current situation for InfoQ here:


Basically, the FBI shot themselves in the foot by changing the password for the iCloud account within a day or two of the incident, instead of consulting with Apple. This meant the phone couldn't auto backup data which is why the snapshot of the data is not necessarily the most recent. Had they not done this they would have been able to connect the phone to a power outlet and a wifi connection, and it would have uploaded the data to Apple's servers from which they could have asked Apple to acquire the data.

Both Apple and the FBI have been requested to appear before a bipartisan committee to answer specific questions about the case.

trenchy12 4 days ago 1 reply      
The phone in question is a government issued work phone? Hadn't heard that before. Pretty big detail that isn't mentioned often.
musesum 4 days ago 4 replies      
Senator Feinstein wants with compel Apple to put in a backdoor though legislation: http://www.mercurynews.com/politics-government/ci_29527867/t...Would suggest anyone living in California let her know what you think.

I went to a RightsCon in the midst of the Arab spring. Talked to folks with friends that were being "disappeared" based on what was on their phone.

Meanwhile, David Chaum is suggesting a secret sharing scheme:http://www.therebel.media/david_chaum_restoring_internet_pri...

"Chaums proposed Privategrity system would use nine special servers in nine different countries to encrypt users' data. The theory is, the system would almost always prevent mass government surveillance but would allow government access to combat terrorism or child sex abuse."

geographomics 4 days ago 1 reply      
Snowden's analysis is rather lacking.

He claims that the FBI already has all of the suspect's communication records as retrieved via service providers, but ignores the important detail that iMessage uses end-to-end encryption, rendering any such records unobtainable by the service provider.

Yes, the last backup was six weeks prior to the phone being seized, but this only means that the phone may well include six weeks' worth of pertinent evidence. And there is nothing to suggest that the FBI is only interested in messages between co-workers.

Ultimately, the phone's data would need to be decrypted and analysed to see if the first four assumptions that Snowden makes are actually true.

The final assumption is that there are other feasible technical measures that could be taken to crack this phone. This would perhaps be the most interesting point, but Snowden chose to not expand upon it at all.

nickysielicki 4 days ago 5 replies      
Maybe I'm too far-out there, but what do we really know about the NSA's quantum computing abilities?

Given their budget and their ability to keep things under wraps (eg: consider the scope of PRISM and how they ran that for close to a decade), is it that crazy to think this is a debate they don't care about winning?

Teams at universities made 16 qbit machines something like 5 years ago. D-wave claims 512 qubits today. I don't think it's out of the question that NSA is far ahead of both of them. D-wave employs "100+ people" according to Wikipedia. NSA is estimated to have upwards of 30,000.

It makes a lot of sense, then. NSA got caught with their pants down, naturally backlash from it is still happening today. So if your opponents are going to be winning some ground back, the best PR move is to have them win ground that doesn't matter. (Or that won't matter in a couple years.)

I think these debates about the necessity of key escrow and modified firmware are conversations they're having with the intention of losing, to prevent meaningful pushback but to still provide the illusion of it.

It just doesn't make sense to me that they would invest billions into dragnet infrastructure with the knowledge that something as inevitable as letsencrypt or an iPhone passcode could make it all useless.

Edit: wording and some additional comments

ojbyrne 4 days ago 2 replies      
It seems like "parallel construction."


The FBI already have what they need, by illegal means. Unfortunately, due to security, they're stuck.

nostromo 4 days ago 5 replies      
The intelligence community never lets a terrorist attack go to waste.

I'm convinced they have a wish list in wait for every tragedy. Next on the list was getting a back door on every cellphone.

meowface 4 days ago 4 replies      
There are allegations that the FBI could easily decrypt the phone if they actually wanted to, found here:



Any truth to this?

ayyghost 4 days ago 5 replies      
I would like to see some clarification on point #5. The only other option I see for the FBI is to continue manually bruteforcing PINs, the arduousness of such a task being why they requested Apple's help in the first place. Is he talking about 0days?
tuyguntn 4 days ago 0 replies      
Everytime I hear such stories remember about Overton window [1], its a way from unthinkable to policy,

Around 10-15years ago privacy issues were almost unthinkable (phase #1) (average person didn't think about privacy too much), then wikileaks came out, then Snowden (phase #2, radical) and so on.

Sure FBI has access to phone calls in San Bernardino case, but they are making buzz in news, in order to step to next level, probably from sensible phase into popular, then naturally next step would be `policy phase` and surveillance would be totally legal and everyone will accept this, if not we, then next generation would accept it.

[1] - https://en.wikipedia.org/wiki/Overton_window

cat-dev-null 4 days ago 1 reply      
Does anyone have additional follow-up details of the supposed black SUVs at Apple Cupertino? VEEP, POTUS, TLA, etc.

EDIT: Previous item: https://news.ycombinator.com/item?id=11120365

ryan606 4 days ago 1 reply      
If Snowden's allegations are true, then it seems pretty clear that the FBI already has all information they claim they need, and doesn't need Apple's help. Rather, this seems to be a "land grab" by the DOJ/BHO Administration to secure government access to all communication devices, all in the name of "National Security". Not unlike the 2001 Patriot Act. Very sad.
augb 3 days ago 0 replies      
This may have already been stated, but in case it hasn't ...

If Apple, as a legal "person" [1], can be compelled against their will to create something that does not exist at the government's will, then what is holding the government from compelling an individual to do the same?

[1] https://en.wikipedia.org/wiki/Legal_personality#United_State...

MikeNomad 4 days ago 0 replies      
The lies that so many of the citizenry buy into are far from nuanced. Rather, they are bald-faced. Often, the liars simply rely on Status Conferral, Ignorance, and Indifference to get by. I contend that Twitter is as much hindrance as help.

It has been a long time since the citizenry last needed to fully engage the Check Boxes of Government: Soap, Jury, Ballot, Ammo. A lot of folks are having a hard time believing the last one is an option. Know Your Roots, indeed.

Shivetya 4 days ago 0 replies      
I am more concerned about the idea that the phone password was changed after the government obtained the phone. How is that story not gaining more traction?
blazespin 4 days ago 0 replies      
Does anyone know which version of iOS 9 the device is? Plenty of security updates just in 9.2.1 alone:https://support.apple.com/en-ca/HT205732

I'm sure if must be an early version of iOS 9. Probably lots of zero days (that are no longer zero days) available.

draw_down 4 days ago 0 replies      
I don't think the backups they got are viable because apparently the suspect's employer changed the iCloud password.
markman 3 days ago 0 replies      
I think apple should tell the court/gov to fk off!
mayneack 4 days ago 2 replies      
Off topic, but this is exactly the scenario that Twitter wants to replace by expanding the tweet size limit. Instead of a picture of text, we could expand to real (presumably searchable) text.
jack9 4 days ago 1 reply      
I'm a fan of snowden, but this is wrong on so many levels it's hard to understand why anyone thinks his points are valid? This is about privacy and technology - depending on the specifics. I'm not sure what these points are speaking to, because it's none of the relevant issues...I guess it's just to contradict the FBI?

1. Can't prove all when there's data that hasn't been retrieved (encrypted data). What they do have is irrelevant.

2. What they do have is irrelevant...is this a pattern?

3. What they do have is irrelevant. Also, coworkers aren't what they are looking for...wtf

4. Irrelevant...wtf

5. Unsubstantiated and unlikely that Apple has a way to break it's own strong encryption. Apple probably can disable the bricking-by-attempts. If the FBI are so damn confident the 256-bit AES key can be bruteforced, they can damn well do it themselves.

Justice Department Wants Apple to Unlock Nine More iPhones nytimes.com
530 points by jstreebin  13 hours ago   265 comments top 41
jrapdx3 11 hours ago 7 replies      
The article describes the Justice Dept. doing exactly what has been so widely predicted on HN and elsewhere. Doesn't seem like good timing on the government's part to publicly announce the intention to seek numerous iPhone "unlockings". Rather it plays into Apple's argument about unleashing a torrent of court-ordered demands which will have adverse consequences for security.

Legal minds should weigh in, but I'm thinking the only effective remedy is going to be congressional action, to pass law that defines the limits of court discretion re: forcing firms' assistance breaching their carefully constructed security/privacy systems.

This news prompts me to write my representative and senators and strongly urge them to support enacting this form of protective legislation. If there's enough of an outcry from the electorate there's a far greater chance of putting sensible policies in place. The fact it's an election year can only make voicing our concerns all the more effective.

sago 12 hours ago 2 replies      
> What we discover is that investigation into one crime often leads into criminal activity in another, sometimes much more serious than what we were originally looking at,

They want access so they can go fishing too? They're really not doing a good job of sticking to the 'necessary and proportionate' line.

newman314 12 hours ago 1 reply      
This part is interesting...

"The judge has indicated skepticism over the governments demands. Initially, Apple agreed to a formal order to help the Justice Department gain access to Mr. Fengs phone, but Judge Orenstein balked, questioning whether the All Writs Act could be used that way. He invited Apples lawyers to raise objections."

kareemm 12 hours ago 2 replies      
This sounds exactly right. From an article I posted earlier[1]:

> In interviews with BuzzFeed News Wednesday, the former officers with the FBI and NSA acknowledged that U.S. intelligence agencies have technology that has been used in past intelligence-gathering operations to break into locked phones. The question, they added, was whether it was worthwhile for the FBI to deploy that technology, rather than setting a precedent through the courts.

This article seems to confirm that Law Enforcement is going to do its best to set a legal precedent.

[1] - https://news.ycombinator.com/item?id=11163338

r00fus 13 hours ago 1 reply      
Clearly this is an agenda.

I still don't understand why Apple needs to save the FBI from it's own incompetence in asking the government office that managed the iPhone to reset the password.

It seems to me that unless tech companies come together to defend Apple, we may see (unregulated and unaccountable) government become very very part of all facets of computing.

0x07c0 1 hour ago 0 replies      
Cant a legal hack be to move core security development out of US jurisdiction, and let Apple USA lease tech from Apple Iceland/Switzerland/Ireland/etc, as is done with taxes today ? This would make Apple USA unable to fulfil any court order demanding change to source code.
Laaw 12 hours ago 2 replies      
I know this is going to sound crazy, but there are parallels here between Apple vs. the FBI, and Superman vs. Batman.

Superman represents an unchecked power, and Batman finds this unchecked power to be unacceptable as a risk, in case the power is ever used against humanity.

Is this a subtle marketing ploy from DC Comics

tdsamardzhiev 8 hours ago 1 reply      
"This is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case" --Bill Gates

Have something to say, Bill?

BWStearns 13 hours ago 0 replies      
At least now all doubt is formally removed that they want to use the precedent set in the SB case for more mundane requests. Hopefully this should make Apples' PR fight easier.
cft 12 hours ago 7 replies      
Note how Android unlocking demands never came up in this discussion. That's because the phones are vulnerable.

I am a Nexus user.

splatcollision 1 hour ago 0 replies      
9 more phones this week. 12 next week, 20 the following...
datashovel 12 hours ago 3 replies      
I wish I had a timeline that showed me the frequency of stories coming out on this.

I am only spitballing here, but does anyone else think the heat has risen for federal law enforcement to set some precedents on this stuff now that Antonin Scalia has died? My hunch is that with another liberal judge on the Supreme Court there may be a push to have some of this type of case heard at the highest court.

jMyles 10 hours ago 1 reply      
I think I need someone to explain this to me because none of this hype makes any sense.

I am usually wary of oversimplifying these sorts of controversies, but this one does seem exceedingly simple to me. It goes like this:

Is it possible, even with Apple's help, to break the encryption of <insert device model here> without knowing the encryption key, given that the passphrase provides reasonable entropy?

If the answer is other than a flat, unambiguous "no," enjoying the consensus of the scientific and security communities, then that device is simply not secure, right?

...and, to extrapolate just a bit: when device that are secure by this definition are in the mainstream (and my understanding is that even current iPhones, unlike the one at issue in this case, are) then this is entirely moot, right?

acqq 5 hours ago 0 replies      
> Apple has in a number of cases objected to the Justice Departments efforts to force its cooperation through a 1789 statute known as the All Writs Act

And the full (!) text of All Writs Act is just:



"(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.

(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction."


Note it's not any law that regulates any form of encryption or communication security or what some company has to do to help some law enforcement procedures, a lot of laws with such topics were fought about, proposed, discussed and introduced through the years, like CALEA. This is just "we can demand anything we want."

The issue is, should this Act be allowed to be used in such contexts. A precedent can even make unnecessary the current process by which the laws are being made. Note there's nothing specific in that sentence from 1789. Who needs laws if anything goes?

fooey 10 hours ago 5 replies      
It seems hard for me to believe that Apple now has at least 10 instances where the government is trying to force them to decrypt their phones, and this hasn't happened with Google or MS yet.

I don't recall ever hearing a big standoff with MS refusing to decrypt a Windows desktop or server.

Is encryption just that much more common on Apple devices? or is Apple just the first ones to make this all public?

arrty88 13 hours ago 4 replies      
> The Manhattan district attorney, Cyrus R. Vance Jr., foreground, and New York Citys police commissioner, William J. Bratton, behind him, say they have about 175 iPhones they have been unable to unlock.

Wait, how many have they been able to unlock and how? Sheer luck?

Pxtl 12 hours ago 2 replies      
Will we be hearing an apology from FBI spokesmen that insisted this is a one-time thing?
ianamartin 5 hours ago 1 reply      
I've already made my legal and political opinions in other threads on the topic and won't rehash them here, especially since so many other people are making the points better than I did.

However, here's something I haven't thought of, though I sort of hate to boil the thing down to a business proposition. The fact is that iPhone is a massive business. What all is a company allowed to claim as "burden" in the discussion of undue burden?

Let's say the FBI wins, and Apple is forced into this. Then the narrative in the mind of the public is that Apple has back-doored their phones and made them insecure.

Apple loses literally billions of dollars per quarter for some amount of time until they can repair the PR damage.

Is the loss of, say, 50 billion dollars in revenue over the next calendar year something a reasonable person would call "undue burden?"

What about other ancillary effects that cost either direct money or productivity? There are rumors of something like an iPhone 6c that is scheduled to be released perhaps soon. (Supposedly a revamped 4" phone like the 5s but with the latest hardware) After all this hubbub about a potentially insecure 5c, who is going to go buy a 6c without wondering if it has the same problems?

Casual tech watchers don't understand the nuts and bolts of this situation. They hear some things, read some things and go along with the popular media consensus.

If the alleged 6c were actually going to be launched in a couple of months, the branding, production, packaging, marketing would all have been bought and paid for already.

Does having to recalibrate the launch of a new product and all the costs that might incur count as "undue burden?"

Etc., etc. Maybe they need a significant portion of the iOS team to do this, and the work causes delays in the next version of iOS, iPhone 7 has to get pushed back for release and misses the holiday quarter, again, lost sales accounting for billions.

I think the potential impact on Apple's bottom line could honestly be taken into consideration of burden. Curious about what other people think. Is money just not talked about in these considerations?

ericfrederich 2 hours ago 0 replies      
How about making a phone where there isn't a backdoor?

The fact that Apple has the ability to update a phone while it is locked is a backdoor.

caf 6 hours ago 2 replies      
Here's what I wonder.

Suppose Apple loses and tells its engineers to produce this update. What happens if those engineers all refuse? Can they be found individually in contempt of court?

FrankyHollywood 8 hours ago 1 reply      
I still like BGs argument (and do consider myself a hacker haha)

"It is no different than [the question of] should anybody ever have been able to tell the phone company to get information, should anybody be able to get at bank records. Lets say the bank had tied a ribbon round the disk drive and said dont make me cut this ribbon because youll make me cut it many times.


merpnderp 12 hours ago 1 reply      
Apple does have a point. I probably won't own a device with a known vulnerability even if it was at the behest of the government.
exodust 8 hours ago 1 reply      
Might criminals, paranoids and privacy extremists wishing for their phones never to be cracked, just choose an 11 digit passcode? I hear this would take too long for a computer to crack.

Everyone else can choose a 4 digit code, and still enjoy very good security up until the point they are wanted by the FBI.

People are confusing the fight for unbreakable encryption with this new fight to keep manufacturer-specific passcode retry attempts nice and secure.

The very fact we have this dependency between the encryption and the retry system, is a weakness probably deserving of attention.

lips 12 hours ago 2 replies      
Question which I can't get out of my head: It would stand to reason that the ruling on this case would affect other commercial phone and/or OS manufacturers, but how would it reflect on some OSS projects, where the coders are not necessarily employees of the project?
pcwalton 12 hours ago 3 replies      
> The judge has indicated skepticism over the governments demands. Initially, Apple agreed to a formal order to help the Justice Department gain access to Mr. Fengs phone, but Judge Orenstein balked, questioning whether the All Writs Act could be used that way. He invited Apples lawyers to raise objections.

This is curious, because I was under the impression (due to the lawyers on HN) that this is basically an open and shut case in the eyes of the law: the government has the ability to compel Apple to act. Why would the judge think differently?

(I'm genuinely curious as to the legal aspects of this and not taking a side either way.)

skc 6 hours ago 1 reply      
Silly question, but what would you suppose Apple would do if this were a branch of the Chinese govt asking for this?
nickfromseattle 10 hours ago 1 reply      
Between this and the on-going case with Microsoft Ireland, would anyone like to speculate on the impact to US tech companies ability to compete internationally if the US Justice Department wins?

There may not be a foreign equivalent for US companies working on complex or enterprise problems.

Europe is often times the second highest revenue generating region outside of the US for US tech companies. Do European businesses care about this? Would this cause them to adopt a lesser alternative? Does this comply with EU Model Clauses that govern regulated verticals like defense, finance, academia, healthcare, etc?

I am not a lawyer, but I can't imagine the EU Model Clauses would allow for something like this.

neximo4 7 hours ago 0 replies      
America is ruled by corporations. It is unjust but can you imagine Apple, an american company, having fines or being rendered such that it was disadvantaged to sales in China/India or setting off its decline.

The only time the exception was ever made was to prevent monopoly about a hundred or so years ago.

Otherwise its perfectly ok to be an American corporate citizen and challenge the law.

rrggrr 13 hours ago 3 replies      
State, county and municipal governments are next.
FrankyHollywood 6 hours ago 2 replies      
The discussion about encryption is getting completely out of context, like 'encryption' is something magical.

We're talking about cracking a 4 digit access code of a phone, which is extremely easy. Apple knows this, that's why they set a digital booby trap which fires after 10 tries.

So the real discussion should be, "Can the government force a company who placed a booby trap, to remove that same trap if needed?"

Whether this is a digital trap, of a bomb placed on a doorknob is not important.

Spooky23 12 hours ago 0 replies      
The public information officer for the FBI should commit seppuku on camera for the ridiculous display of lies and poorly orchestrated misdirection.
ck2 7 hours ago 0 replies      
Wow so the FBI lied. Imagine that.

Guess law enforcement thinks telling the truth is not something "good guys" are required to do.

briankwest 13 hours ago 1 reply      
I thought it was 12, now its 9? Are they using new math?
known 6 hours ago 0 replies      
Does Apple own the iPhone after it's sold?
bpd1069 10 hours ago 0 replies      
Shivetya 12 hours ago 2 replies      
Well the spin game is guaranteed to ramp up. Sycophants are already laying the ground that Apple and Cook would have to accept some of the blame in any upcoming terrorist attacks. I am amazed they haven't tried the kiddie porn route yet.

Still another issue is, if they were compelled to create it they could be compelled to surrender it too. With that its a matter of weeks or months before it gets leaked to a criminal organization or country.

My long term concern is, would we ever know if they got compelled to change iOS to insert a backdoor that gets pushed to our phones. Even if we do how long before carriers are required to lock users out for not updating?

arca_vorago 11 hours ago 2 replies      
Here is my take on the recent apple vs justice saga:

Being the cynical fuck I am, a former action arm of the darkside, I have been telling friends and family for years that they should assume anything with a cellular modem in it is potentially comprimised by a nation state or above actor (yes, "above" nation state exists... Its called the deep state you fool).

I automatically assume that such publicity is actually closer to a honeypot to entice foolish mid level criminals into thinking iBrain devices are "secure", when I think they probably have miltiple backdoor avenues in place.

Of course, I'm just the hn resident conspiracy theorist, so it's probably just me being paranoid...

nickysielicki 12 hours ago 2 replies      
I think it's important to dispel this fiction that Apple will be "unlocking" anything.

To use the word "unlock" seriously blurs the lines of what's going on here. They're merely asked to flash it with software that removes a delay in submitting passcodes and removes the wiping function after ten failures.

That's not unlocking it.

If Apple complies with the order, the FBI will still be getting an encrypted iPhone back, and they'll still have to sit around and try to decrypt it.

mc808 11 hours ago 1 reply      
Let's end drug prohibition first, and then discuss whether to hack the remaining phones, if any. This whole fiasco has nothing to do with terrorism.

Alternatively, introduce a restriction that this form of forced labor can only be compelled in terrorism cases where lives are in imminent danger. How many phones will be left to hack?

gravypod 10 hours ago 2 replies      
I'm confused. From what I understand apple has been doing this for some time. I even remember someone saying that apple did this many times before. Even if apple isn't the one doing this, there are also plenty of people who are familiar with low level vulnerabilities of iPhones that can essentially do the same tasks.
jondubois 11 hours ago 5 replies      
What's wrong with the letting the government get access to the phones of a few potential criminals/terrorists?! I don't get what all the fuss is about.

I don't fully trust the government, but I trust it far more than I trust Apple.

Sometimes I feel like the whole Snowden thing is just an excuse for big corporations to keep all their data and analytics practices to themselves outside of the scrutiny of the government.Since when did the government become the enemy? There is something really twisted happening behind the scenes here.

Big corporations are manipulating us into thinking that the government is not to be trusted. But think about it; the government doesn't care about making a profit.

Without the government, the masses have no voice. I would gladly help society and let the government look through my phone if it will help prosecute a criminal.

Spotify moves its back end to Google Cloud spotify.com
665 points by dmichel  22 hours ago   357 comments top 41
latchkey 19 hours ago 18 replies      
What Google Cloud needs is a better sales story. AWS consistently beats out Google in this respect. This story is welcomed and there should be more success stories published like this.

My business is a heavy GC user (AppEngine, Datastore, CloudStorage, BQ, ComputeEngine, ManagedVM) and I couldn't imagine achieving what we have achieved in such a short amount of time on any other platform.

We (myself and another guy) started at zero and shipped our product in 3 months on what is effectively an infinitely auto-scalable platform where we don't have to do any devops or carry a pager. I'd much rather work on features than chores. =) 4 months later and we've had profitable growth and zero downtime (knock on wood) and we're hiring.

Thanks Google!

simonebrunozzi 19 hours ago 4 replies      
I want to commend some of the Google Compute Platform employees that commented in this thread.

I was at AWS for 6 years (left 2 years ago... today!), and I've always been a proponent of being more open and communicative with developers, but it rarely happened - I guess that AWS' PR policy and such are a big showstopper for these kind of discussions. Although, some individuals did their best (e.g. Jeff Barr) to try to share as much as possible.

It seems that the Google guys know how to do it.

Keep doing it. It will help your business a lot.

waffle_ss 20 hours ago 5 replies      
I tried Google Container Engine (GKE) and really liked it - it's the best cloud solution for deploying Docker to production in my opinion, mainly due to its use of Kubernetes. Unfortunately in my Web apps I make heavy use of Postgres-specific features, and since Cloud SQL only supports MySQL, Google Cloud is a total non-starter for me.

So for now I'm on AWS, using Postgres on RDS and deploying containers with ECS. ECS is a lot simpler than Kubernetes, but since my apps are pretty simple (a half dozen task definitions), it's not a big deal. I really hope Google adds Postgres to Cloud SQL at some point.

obulpathi 22 hours ago 0 replies      
> Google has long been a thought-leader in this space, and this shows in the sophistication and quality of its data offerings. From traditional batch processing with Dataproc, to rock-solid event delivery with Pub/Sub to the nearly magical abilities of BigQuery, building on Googles data infrastructure provides us with a significant advantage where it matters the most.

Big Data is the core strength of Google Cloud. Good to see this move by Spotify!

> What really tipped the scales towards Google for us, however, has been our experience with Googles data platform and tools. Good infrastructure isnt just about keeping things up and running, its about making all of our teams more efficient and more effective, and Googles data stack does that for us in spades.

What I really really liked about Google Cloud is the ease of use. Spin up a VM, start Cloud shell, SSH into your instance, install a bunch of software and you will know what I mean. It's "Quality" Cloud.

jhgg 14 hours ago 2 replies      
At work we moved to GCE at the beginning of this year, from Linode after they were having stability issues over the christmas break. No complaints from us. So far have been very happy with it. We were considering moving to AWS, but to realize the same pricing as GCE we'd have to purchase reserved instances - the sustained usage discounts have been huge for us.

Additional things we liked: - gcs is way more responsive than S3. also, was fairly painless to migrate our S3 buckets to GCS via the web console. - peering with cloudflare lets us save on bandwidth costs! - network load balancer has shown itself to be very reliable and solid for holding open A LOT sustained websocket connections. - http load balancer has shown itself to be very capable of ssl termination & routing (love that we can route /api to our API servers, and the rest to our static servers). additionally, no pre-warming was required. when we did the datacenter switch, it was just 5 mins of downtime. didn't have to worry about pre-warming for our production load like we would have on ELB.

Things we didn't like: - salt-cloud's driver for GCE is still lacking. Can't specify disk size for provisioned storage. Can't specify local SSD storage either. Also parallel provisioning didn't work. Something about PyCrypto not liking the way it forked. Not GCE's fault - billing support non-existent unless you purchase a support plan. - documentation still needs some work.

jamesblonde 18 hours ago 1 reply      
The big point of this move is the hit it will have on on-premises Hadoop offerings: Cloudera, Hortonworks, MapR. It's a massive vote of no-confidence in their offerings. Spotify are effectively ditching a 2000 server, 90 PB Hadoop cluster to go GCE. As Spotify say themselves, that's big news....
peterfschaadt 15 hours ago 0 replies      
We host a lot of our applications on Google Compute Engine but have had many issues with even simple features available from other cloud providers. For example, Google's HTTP(S) Load Balancer offering does not support SNI [1], HTTP to HTTPS forwarding [2], or sticky sessions [3], making it unusable for us. The support we pay for has been pretty helpful, but all we hear is "we have a feature request for this but I cannot provide an ETA on when and if this will be implemented". Many of the issues in the Compute Engine public issue tracker [4] haven't been updated in many months or over a year in some cases. Additionally, it can be very confusing finding out which beta services can only be accessed via the gcloud tool and not the web console. Without the ability to even schedule a window for maintenance on our VMs, we often feel like we do not have the control we need over our hosting environment. Please increase your transparency around addressing Google Cloud issues, all the Docker updates have been great, but many of these issues are over a year old and still show-stoppers for some users. Thanks again for churning out new features/services constantly, but please help close out some of these older feature requests!

[1] https://code.google.com/p/google-compute-engine/issues/detai...[2] https://code.google.com/p/google-compute-engine/issues/detai...[3] https://code.google.com/p/google-compute-engine/issues/detai...[4] https://code.google.com/p/google-compute-engine/issues/list

dublinben 20 hours ago 1 reply      
When did Spotify abandon their original peer-to-peer architecture?[0]


boulos 18 hours ago 0 replies      
This was mentioned somewhere deep in a thread, but Spotify (and others!) will be speaking at our upcoming customer conference (GCP Next) in a few weeks:


You'll be able to livestream the sessions here:


Disclosure: I work on Compute Engine (and I'll be at Next).

ceocoder 15 hours ago 0 replies      
We (Sojern) moved to 100% GCP as well this month, admittedly not nearly at the same scale as Spotify, but we did. Other than some growing pains - that GCP team is already aware of - this has been a very smooth migration for us.

We use Google Cloud {Storage, BigTable, Container Engine, BigQuery, Monitoring, DNS, Compute} and may be some services I'm missing. I'd be happy to answer any questions.

agentgt 15 hours ago 2 replies      
I have some questions based on previous experience many moons ago experience (3 or 4 yrs).

When I tried to port some of our platform to AppEngine I had some issues with various Java libraries (writing tmp files, opening sockets, etc). Once I sort of got past that and used some of Googles own APIs (which is sort of annoying that I had to couple my stuff) I had timeout issues. See we have to integrate with all these enterprise third parties (SOAP/REST) and these guys can be really slow.We also couldn't use our own pub/sub (AMQP/RabbitMQ) so that was going to have to be ported as well.

Things must have changed because its hard for me to imagine Spotify being able to get all their needs met on a rather coupling platform.

* How does one write code for Google Cloud while being agnostic of Google Cloud?

* Maybe appengine supports AMQP?

* Or maybe the container engine fixes these problems? (ie need something more custom run it in a docker image).

Our current platform runs on Rackspace and Digital Ocean. These guys are IaaS so your basically doing DevOps which is a pain... but Rackspace does have kick ass customer service.

matt_wulfeck 17 hours ago 0 replies      
The GCE model is the future. Google knows this because they've already discovered it internally by running their own services. They know containers are he future and they built a lot of the LXC kernel updates that makes things like docker work.

Most people don't need the future yet. Really people are just trying to get out of the business of managing and scaling their hardware with as little work as possible. Containerization is much farther down the line.

So I posit the future GCE customers are not people "moving to the cloud" like AWS, but rather people "moving to the small, contained, service" -- indeed, it's current AWS customers.

sigmar 21 hours ago 0 replies      
>"...feature testing and more intelligent user-facing features," the Google staffer wrote.

I have to wonder if Spotify is doing this so that they can (eventually) use Google's deep learning technology in improving their recommendation engine. They purchased Echo Nest in 2014 to achieve this.

pdknsk 18 hours ago 6 replies      
I notice App Engine isn't mentioned in their stack. I'm a bit worried that Google abandons it once Snapchat moves off it. It has already been in maintenance mode for some years now (save for Managed VMs). The writing was on the wall when Guido left the team. Apparently Google still uses it internally (as the recent switch to Monorail made evident), so perhaps it's safe for a few more years.
atrudeau 21 hours ago 3 replies      
This reads like they've been acquired by Google and are integrating. Now Google just has to write the check and own music streaming.
derEitel 18 hours ago 1 reply      
I would be interested to get some more technical info. OK so you use GC, but how? What products do you use, how do you build your scalable infrastructure so anywhere in the world I can have all the music in the world? I love reading those type of posts from Netflix and was hoping to find something similar here
halayli 17 hours ago 1 reply      
Congrats to the sales team at Google Cloud. I wonder how much Google's new AI services played a role in convincing Spotify to use them.
hanief 13 hours ago 0 replies      
Om Malik sees it as a first step toward acquisition by Google (or rather, Alphabet).


jonesb6 17 hours ago 1 reply      
Great now they can free up some engineers to bring their Linux client out of beta, which has been in beta since dinosaurs.
icaromedeiros 19 hours ago 3 replies      
I was wondering about Spotify's contributions to Hadoop stack such as Snakebite and Luigi. What will happen to these projects if they're moving to BigQuery?
NearAP 17 hours ago 1 reply      
I've run a few small side projects on GAE (Google App Engine). I use it as a very simple and fast way to get an MVP off. My major issue is that their documentation tends to lag (sometimes way behind) when they change stuff, especially things that are integrated to other services they provide. For example after dropping support for OpenID 2.0, the documentation for 'Authentication Type' on Google App Engine was not updated to reflect this, neither was the documentation for securing your urls. This cost me considerable time and effort.
mratzloff 16 hours ago 0 replies      
Today: Highly publicized move onto Google Cloud

Later: Silent, gradual move away from Google Cloud after experiencing a number of issues and bugs, constant connectivity issues with services like Cloud Storage, silent failures that do not return error messages on a random basis, detailed billing info only available through arcane APIs and not the administrative UI, broken functionality and rigid inflexibility of BigQuery, and other non-obvious negative behaviors

flurpitude 19 hours ago 1 reply      
Now how about Spotify fixing their front end so that Premium customers on Android can just hit "play" to play the album they want to play, in the right order? And how about an app in the Windows Store so that you can use it on a touchscreen? And how about some improved metadata that work for classical music? And a way to report corrupt or mistagged tracks and get them fixed?


misiti3780 19 hours ago 2 replies      
I had no clue spotify operated their own data centers.

Does anyone have a link to that compares google cloud vs aws on a per price + per service basis ?

frakkingcylons 17 hours ago 0 replies      
The short and sweet of my user story as a hobbyist fullstack developer and wannabe data analyst is AWS has standalone services for your apps that either don't exist on GCP or are better than what GCP offers.

I'm talking about pay-as-you-go compute functions with Lambda (I'm aware that GC Functions are on the way, Lambda has been out for more than a year already), managed Postgres with RDS, and managed task queues with SQS. But GCP's console UX is killer compared to AWS, and using BigQuery feels too good to be true compared to how difficult it is to accomplish the same thing with Hadoop/Spark.

balls187 11 hours ago 1 reply      
I wonder if this has to do with Amazon's streaming music competitor being more of a threat to Spotify than Google's?
ergo14 4 hours ago 0 replies      
I think I could try moving to GAE if they had Postgresql offering for database storage.
an4rchy 19 hours ago 1 reply      
I'm curious regarding the economics of this but could anyone approximate the cost associated with this move or expenses going forward. It sounds like this would be a pretty big account for Google.
doxcf434 10 hours ago 0 replies      
A little birdy told me that if you find a bug in GCE's live migration they'll buy you a bottle of scotch. Apparently the team gets blamed a lot for problems that turn out not to something else. :)
tomschlick 7 hours ago 0 replies      
Still no IPv6 on Google's cloud... why?
verbatim 17 hours ago 0 replies      
Has anyone seen stats published on how big of an infrastructure Spotify runs?

Or how it compares to Netflix, which runs on AWS?

dmourati 15 hours ago 1 reply      
Does Google Cloud offer an equivalent to AWS Direct Connect?
KaiserPro 18 hours ago 2 replies      
Sorry but spotify's infrastructure is not a shiny beacon of correctness.

They've compounded mistake upon "Oooshiny lets use that"

here is a post where someone dissects spotify's infrastructure bit by bit: http://www.secretbatcave.co.uk/software/docker-and-you/

This isn't an anti google compute, its got some really great features. But, spotify's backend infrastructure ain't one

Yes, I appreciate that that post is from a while ago, and they might have completely paid back that massive technical debt/innovation token debt.

crimsonalucard 5 hours ago 0 replies      
Why google over aws? Why isn't this man answering the real question?
lukasm 19 hours ago 2 replies      
Isnt it risky to move to competition's infrastructure?
dkubb 16 hours ago 1 reply      
(Serious question) Isn't it risky to rely on any Google product as a foundation for your business?

They've shut down more popular services that people depend on than Google Cloud. They tend to enter a market, undercut all the competitors, and then once they are dominant in the niche they terminate or change the service in a way that makes it not fulfill the original promise.

tschellenbach 16 hours ago 0 replies      
I wonder if they are still using Cassandra or moved that over as well.
ed_blackburn 20 hours ago 1 reply      
I always used to think Facebook would make a move for Spotify..
shockzzz 20 hours ago 1 reply      
Smells like a puff-piece
snissn 18 hours ago 2 replies      
In the same way that facebook shut down parse, I am afraid that google is going to shut down google cloud. And reluctantly have become okay with relying on AWS.
No patent if invention lies only in computer program, says Indian Patent Office business-standard.com
544 points by joshsharp  17 hours ago   161 comments top 27
gilgoomesh 15 hours ago 13 replies      
I've always though trying to discriminate against "software" patents was particularly stupid.

First: it simply encourages patents where the entire computer is included in a description of the software, turning it into a product/apparatus patent.

Second: the problem most people have with software patents is not the fact that software is being protected. The problem is that software patents are rife with "inventions" that are merely a low-effort merging of existing ideas usually ideas that are well established and the context is changed slightly.

This second point applies to any industry, not just software. Biotech industries are continually trying to patent drugs and genes using the same pattern. Fix the stupid determination of novelty, rather than discriminating against certain kinds of invention.

Joky 14 hours ago 1 reply      
How is it different from Europe?According to Wikipedia [0]: "Under the EPC, and in particular its Article 52, "programs for computers" are not regarded as inventions for the purpose of granting European patents"

[0]: https://en.wikipedia.org/wiki/Software_patents_under_the_Eur...

yalogin 11 hours ago 1 reply      
This is awesome. India is doing the correct hung these days. First they show Zuckerberg the door and then this. Kudos to whoever is in charge of this change.
chrisbennet 13 hours ago 0 replies      
"To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries"

Software patents are currently a drag on innovation. The benefits of giving a company a monopoly in exchange for sharing their software "invention" isn't a good bargain - especially when their "invention" will be, and has been, independently invented over and over again 99.9% of the time.

Patents may be OK for some things but they cause more harm than good in the software field.

decafbad 13 hours ago 0 replies      
Turkish Patent Institute also explicitly states no software patents.

Search for programs:http://www.tpe.gov.tr/TurkPatentEnstitusu/resources/temp/FCF...

datamanc3r 13 hours ago 0 replies      
I'm really liking this trend. The US's version of this is Alice v CLS Bank case. Very similar rulings, and the effect is reverberating throughout the legal community.

I think it's great that process patents in general are going bye-bye. Now we can make some real strides in the medical, business, and software fields without being deterred by trolls and monopolies.

Kiro 5 hours ago 1 reply      
I thought this was how it worked in most countries except the US.
datamanc3r 13 hours ago 0 replies      
The US equivalent of this ruling would be the Alice Corp. v. CLS Bank International. Very similar ruling by the US Supreme Court, urging the USPTO to stop endorsing process patents in general because of their claims to abstraction.

This ruling is reverberating throughout the legal community.

It's great, and we can make real strides in the medical, business, and software fields without being hindered by trolls and monopolies.

quanticle 15 hours ago 3 replies      
Does this mean that software patents are not valid in India? If so, what will this mean for trade relations between India and the US?
studentrob 15 hours ago 2 replies      
Finally someone with some common sense.

Software is already protected by copyright.

tremon 2 hours ago 0 replies      
Enter software patent enforcement through trade agreements in 3, 2, 1...
musesum 14 hours ago 1 reply      
Uhm, this sounds a lot like: https://en.wikipedia.org/wiki/Diamond_v._Diehr

Which is essential the beginning of patents, in the US. Basically, the software has to run on a hardware device.

How is it different? (IANAL)

z3t4 7 hours ago 0 replies      
Because a computer program is just a set of instructions, you could argue if we even need copyrights!? Personally I think software copyrights is a nice middle way.

Software pattens is just silly, you want to have comments in your code? Pay Microsoft! You want to make object oriented code? Pay Oracle. Need networking? Pay Facebook.

tehwalrus 7 hours ago 0 replies      
So, just like the EU definition then; where software patents are disallowed. Good.
afsina 8 hours ago 1 reply      
I also find this distinction stupid. Just abolish all patents and make your business plan accordingly (High quality products, Trade secrets, Saturating the market, Early entry advantage, etc.) I have yet to see a compelling argument against this.
simula67 13 hours ago 2 replies      
So does this means we can create ISOs of Ubuntu etc with all the media codecs pre-installed and distribute them freely in India ?
99_00 14 hours ago 3 replies      
Does this mean that in India, if a big company likes a startup they can just clone their product? It's has to be cheaper than acquiring.
acchow 15 hours ago 1 reply      
What if you write the program into silicon?
chris_wot 11 hours ago 0 replies      
Right, all Linux distribution move their patent encumbered software to a special Indian-based repo server. Or someone else does it with donations from Westeners to keep the servers running.

I can dream. But should this work, then that's the end of the U.S. and European hegemony on abstract ideas like business processes, patents based on processes "that use a computer" and any mathematical concept - which puts paid to patents on most network protocols and compression algorithms.

And what a great world that will be. The first grand step in killing all patent trolls.

danfinlay 15 hours ago 0 replies      
Hasn't this judge seen the Matrix?
nashashmi 15 hours ago 1 reply      
Does this make UI innovations unpatentable? Can GUI be considered a hardware?
ronakdoshi 10 hours ago 0 replies      
This seems to be the result of The groups, which raised protest against the previous guideline issued in August, 2015.
crimsonalucard 3 hours ago 0 replies      
What is their definition of "Computer" ???
joe563323 9 hours ago 0 replies      
I never thought this could happen in any country. Just awesome news.
idibidiart 15 hours ago 1 reply      
How about a hardware invention/device made entirely of FPGAs?
tn13 13 hours ago 1 reply      
Honestly I would not give much important to Indian Patent Office. It can be appealed in High Court and Supreme Court which may take our lifetimes to arrive at any conclusion
blazespin 6 hours ago 0 replies      
Right. Go from like 20 years to 0 years.

Does anyone ever think that maybe they should go to 5 years for software patents instead? Why go from one extreme to another?

German government to use Trojan spyware to monitor citizens dw.com
503 points by temp  1 day ago   183 comments top 30
brakmic 1 day ago 14 replies      
I doubt they have capable programmers working for them. A few years ago the Chaos Computer Club discovered the 'predecessor' version of this State-Trojan ("Bundestrojaner"). This version was a perfect example what happens when you _want_ to have such a software but your programmers _suck_ at even most basic things (like establishing a working traffic-encryption).

Here's the video (in German): https://youtu.be/zAV-hTpperU

We shouldn't fear their 'capabilities' but rather their lack of knowledge that'll ultimately lead to 'open systems' which can later be exploited by other criminals.

In fact, our State (I'm from Germany) supports criminal activities by using a crappy software that'll crack the basic security measures of Windows.

I doubt they have any professional Linux programmers working for them. Working for the State also means earning only a fraction of what you can earn in the free market.

I do not fear the State but criminals who'll sooner or later exploit holes created by our "security agencies".

jacobrobbins 20 hours ago 5 replies      
This is the correct path forward to move society into a digital era. It follows the well established principle that the state uses force in legally proscribed ways to maintain security. Known as the monopoly of the legitimate use of force, this is a core concept of modern law (https://en.wikipedia.org/wiki/Monopoly_on_violence). This concept carries over cleanly from the past into the digital era. In this case govt security forces are committing digital violence in the same way that criminals do. Same thing as when the SWAT team breaks down a door, just a digital version.

The alternative is that the government co-opts manufacturers so that government agencies can carry out security tasks without using digital violence. Thats what the FBI is seeking in the Apple case and it is a much worse direction for society because it challenges the existence of strong security in our increasingly digital society.

Note that the legitimate use of force is done according to law. As stated in the article, In order to use the malware, government officials will have to get a court order, allowing authorities to hack into a citizen's system.. If your objection to this is they say that its done according to law but we know there will also be instances of them using it inappropriately then you are also arguing that strong encryption (and pretty much any interesting technology) should not be allowed for public use because we know there will also be instances of it being used to achieve bad ends.

I understand that the reality of police, military, etc are not as nice as the theory but I have not seen people here explicitly rejecting the use of force by the state. If you oppose the German government employing spyware, you should consider whether you also oppose it arresting people in general. I suspect most people here have no alternative to suggest in place of the centuries of legal tradition that western societies are built on.

Quanttek 1 day ago 3 replies      

> According to a 2008 decision by the German Constitutional Court, remote access to a citizen's computer is permissible only if there is life-threatening danger or suspicion of criminal activity against the state.

alexandercrohde 21 hours ago 3 replies      
I think this really illustrates one of the biggest concerns with concentrating software power in the executive: what if a totalitarian seizes control? How much damage can they accomplish?

Last time, less than 100 years ago, 2/3rds of the Jewish race was eliminated. How much damage could be done to a targeted minority in the information age? Governments by my account, have killed (6 million) an order of magnitude more innocents than terrorists ever have, and short of nukes, ever will.

pmille5 20 hours ago 0 replies      
Civilians are now subject to an unprecedented level of surveillance. It would be a mistake to underestimate the probabilities of abuse of personal and private information. The 'justifications' for spying are as endless as the means for carrying it out; in 2001 it was Al Queda, today it's ISIL and tomorrow it will be something else. Exactly how these surveillance programs are implemented is beside the point. The results are very clearly a loss of privacy and freedom of expression. Whether or not you're likely to become a security threat will be left to the interpretation of bureaucrats rummaging through your Evernote entries and text messages.
carsongross 1 day ago 1 reply      
If you are doing nothing wrong, you have nothing to fear, citizen.

This is for your own protection, citizen.

Your prompt compliance in this matter is appreciated, citizen.

therealmarv 1 day ago 0 replies      
It sounds like big news but I'm pretty sure that US intelligence is laughing at this kind of software... Germany is very bad on spying on its own citizens (this is by design, e.g. the privacy laws) in comparison to the USA which I think is even better on spying German citizens than their own government ;)
scurvy 1 day ago 1 reply      
Good thing the EU is now forcing US companies to keep EU customer data in the EU. You know, to prevent spying on people's data.
cuillevel3 5 hours ago 0 replies      
The funny thing is they don't want to develop an all-purpose trojan. It's only meant to intercept communication before it is encrypted and sent over the wire. This came to happen because they were unable to listen in on Skype calls in the past. So they're basically deploying a trojan which is able to copy VOIP traffic.

From media reports it's unclear if communication includes chat and email, which would make the trojan a keylogger. There are lawyers that argue email, without PGP encryption, is within the 'Quellen-TK' laws reach.

Furthermore the government is not allowed to turn the infected machine into a listening station, by law the flat of a person is under stronger protection than his communication.

Technically this will be really hard to enforce in software...

mihaifm 1 day ago 3 replies      
Are our operating systems so vulnerable? Even if we're talking about governments, how is it still possible for someone to 'break' into my computer without me doing anything stupid. How do they plan to install Trojans into my computer?
sageikosa 19 hours ago 0 replies      
I just hope they don't start pressuring anti-virus makers to ignore their malware; lest we be exposed to malware pretending to be government spyware.
teamhappy 1 day ago 1 reply      
Do we know who wrote this version? The last one was from FinFisher IIRC.
gypsy_boots 1 day ago 1 reply      
> The interior ministry spokesman defended the government's decision, saying "basically we now have the skills in an area where we did not have this kind of skill." The program was already endorsed by members of the government in autumn 2015, the ministry said.

By this do they mean they've only now just found and hired someone that can build this program? Is that what they mean by "skill"?

akerro 1 day ago 0 replies      
> "basically we now have the skills in an area where we did not have this kind of skill...

when we were STASI

swehner 13 hours ago 0 replies      
Apparently this "trojan" only works on a Windows computer.


lostInTheWoods3 1 day ago 2 replies      
Are we headed for civil war in cyber space? This is the kind of bs that starts to wake people up.
ai_ja_nai 17 hours ago 0 replies      
Goog luck hacking in my Ubuntu box with latest patches and an iptables firewall...The only reasonable way to obtain people's data is to lock them in some Guantanamo like infrastructure and get their password.Betting on weak security as a mean to control people can't eventually prevail because open systems get patched at faster speed than vulnerabilities found.
antitamper 1 day ago 1 reply      
What's to stop someone setting up a honey trap computer all exposed with Microspy Windows running on it, and effectively summoning these guys.

I genuinely am interested in their payloads...

thinkindie 1 day ago 4 replies      
considered how Germans are obsessed with privacy and state surveillance (see for example cash usage vs electronic payments), let's see a country going nut in 321...
MindTooth 7 hours ago 0 replies      
How can someone justify spyware in any shape and form?!
CyberDildonics 18 hours ago 0 replies      
So this goes both ways and the German citizens can monitor their government right?
matt4077 1 day ago 0 replies      
On a practical level, I feel like configuring my systems as just-try<n>.come-get-me.de

If it's like any other IT project, they probably have just finished the Windows XP version of their 'trojan'.

coldcode 23 hours ago 2 replies      
Good luck getting a trojan onto an iOS 9 based iPhone 6.
patkai 1 day ago 0 replies      
One could easily mirror the title as: "German citizens to use Trojan spyware to monitor governments".
gotchange 1 day ago 0 replies      
> They [trojans] are often used by hackers and thieves to gain access to somebody else's data.

What does this make the German government?

If you get something on a suspect, bring him/her into custody and start your investigation but bugging them and putting their digital life at risk for the lure and greed for information gathering is just detestable and unethical.

IncRnd 22 hours ago 0 replies      
I see why merkel was upset with the US spying on her...
dschiptsov 14 hours ago 0 replies      
It seems today's governments, like churches of the dark ages, wants too much control over what is not their fucking problem.
throwaway21816 1 day ago 3 replies      
When the state has a monopoly on force any speech against them is hate speech. Defending the censorship of people you dont like will simply come back to bite you.
actionwords 1 day ago 6 replies      
Merkel has already told facebook and twitter to delete comments and ban accounts negative of her 'policies'.
error53 1 day ago 2 replies      
I will always remember that days when german businesses requested servers in their offices because AWS was under NSA...
Umberto Eco has died bbc.com
545 points by kawera  4 days ago   126 comments top 22
zorpner 4 days ago 6 replies      
Umberto Eco on operating systems and religion, in 1994:

The fact is that the world is divided between users of the Macintosh computer and users of MS-DOS compatible computers. I am firmly of the opinion that the Macintosh is Catholic and that DOS is Protestant. Indeed, the Macintosh is counterreformist and has been influenced by the "ratio studiorum" of the Jesuits. It is cheerful, friendly, conciliatory, it tells the faithful how they must proceed step by step to reach - if not the Kingdom of Heaven - the moment in which their document is printed. It is catechistic: the essence of revelation is dealt with via simple formulae and sumptuous icons. Everyone has a right to salvation.

DOS is Protestant, or even Calvinistic. It allows free interpretation of scripture, demands difficult personal decisions, imposes a subtle hermeneutics upon the user, and takes for granted the idea that not all can reach salvation. To make the system work you need to interpret the program yourself: a long way from the baroque community of revelers, the user is closed within the loneliness of his own inner torment.

You may object that, with the passage to Windows, the DOS universe has come to resemble more closely the counterreformist tolerance of the Macintosh. It's true: Windows represents an Anglican-style schism, big ceremonies in the cathedral, but there is always the possibility of a return to DOS to change things in accordance with bizarre decisions.....

And machine code, which lies beneath both systems (or environments, if you prefer)? Ah, that is to do with the Old Testament, and is Talmudic and cabalistic.

(from here: http://jowett.web.cern.ch/jowett/EcoMACDOS.htm )

schoen 4 days ago 3 replies      
One remarkable thing about The Name of the Rose is that the characters in it don't think and talk like modern people who happen to have been transported into the Middle Ages. They seem to think differently -- about what's possible, what people can expect from life, how you know things, what counts as an argument...

Possibly my favorite part:

"What you say is very fine, Adso, and I thank you. The order that our mind imagines is like a net, or a ladder, built to attain something. But afterward you must throw the ladder away, because you discover that, even if it was useful, it was meaningless. Er muoz gelchesame die leiter abewerfen, s er an ir ufgestigen . . . . Is that how you say it?"

"That is how it is said in my language. Who told you that?"

"A mystic from your land. He wrote it somewhere, I forget where. And it is not necessary for somebody one day to find that manuscript again. The only truths that are useful are instruments to be thrown away."

The "mystic from your land" was Ludwig Wittgenstein, who said that in his Tractatus 591 years after that conversation was set, in modern rather than medieval German ("Er muss sozusagen die Leiter wegwerfen, nachdem er auf ihr hinaufgestiegen ist") - "he must, so to speak, throw away the ladder after he has climbed up on it".

fenomas 4 days ago 4 replies      
Foucault's Pendulum was maybe the most transformative book I've ever read - it changed how I think about literature (and of course the Knights Templar). Ah well, guess it's time to reread it. :(
PavlovsCat 4 days ago 2 replies      
I didn't read any of his novels (yet), but this I consider one of the most important documents I'm aware of.


If we still think of the totalitarian governments that ruled Europe before the Second World War we can easily say that it would be difficult for them to reappear in the same form in different historical circumstances. If Mussolini's fascism was based upon the idea of a charismatic ruler, on corporatism, on the utopia of the Imperial Fate of Rome, on an imperialistic will to conquer new territories, on an exacerbated nationalism, on the ideal of an entire nation regimented in black shirts, on the rejection of parliamentary democracy, on anti-Semitism, then I have no difficulty in acknowledging that today the Italian Alleanza Nazionale, born from the postwar Fascist Party, MSI, and certainly a right-wing party, has by now very little to do with the old fascism. In the same vein, even though I am much concerned about the various Nazi-like movements that have arisen hereand there in Europe, including Russia, I do not think that Nazism, in its original form, is about to reappear as a nationwide movement.

Nevertheless, even though political regimes can be overthrown, and ideologies can be criticized and disowned, behind a regime and its ideology there is always a way of thinking and feeling, a group of cultural habits, of obscure instincts and unfathomable drives. Is there still another ghost stalking Europe (not to speak of other parts of the world)?

nappy 4 days ago 0 replies      
It's sad to lose such a great thinker.

For those who haven't read anything by Eco but want something more digestible on a Friday evening than a novel, I highly recommend his essay Ur-Fascism. Eco was brilliant and had a clear-eyed view on the lasting impact of the Middle Ages into today... and it's pretty clear how growing up in a fascist society impacted his views.


His reflections on fascism remain as important as ever.

hodwik 4 days ago 0 replies      
I started reading Numero Zero for the first time a few days ago, and decided to stop, because I had a feeling he might be dying soon. It's the last book of his I have left to read, and I wanted to make sure I had something to read of his after he passed. Sorry I don't have to wait.

RIP -- Mr. Eco. Your books instilled in me the love of reading when no one else could. I will always owe you one.

officemonkey 4 days ago 3 replies      
Harper Lee and Umberto Eco in the same day. It's like when Shakespeare and Cervantes died on the same day.
pklausler 4 days ago 1 reply      
I'm going to re-read The Name of the Rose this weekend and raise a glass in thanks to all the pleasure that this wonderful writer has added to my life.
patkai 4 days ago 0 replies      
"The Antichrist can be born from piety itself, from excessive love of God or of the truth, as the heretic is born from the saint and the possesed from the seer. Fear prophets, Adso, and those prepared to die for the truth, for as a rule they make many others die with them, often before them, at times instead of them." Umberto Eco, The Name of the Rose, p. 491.
JoeDaDude 4 days ago 1 reply      
In addition to literary works, Umberto Eco also had a hand in designing a card game. The game used custom designed cards to represent characters and verbs which the players would use to tell a story.Some information (and photos) are available at Board Game Geek:


imrehg 4 days ago 0 replies      
The concept of the anti-library definitely shaped my approach to knowledge a lot.

Umberto Ecos Antilibrary: Why Unread Books Are More Valuable to Our Lives than Read Ones https://www.brainpickings.org/2015/03/24/umberto-eco-antilib...

blackdev1l 4 days ago 0 replies      
It's 1:45 am here in Italy and this news is a true shock.
jplahn 4 days ago 2 replies      
We read Name of the Rose in my 10th grade English class and it was a tome that challenged us all for the couple of weeks that we pored over it. I love that book. I've read it one other time since then and it's amazing the number of layers that continue to appear when you read it a second (and, presumably, a third) time. When you spend so much time dissecting somebody's work, you develop a sort of relationship with them, one that forms easily when you have a teacher that distills a deep appreciation for the work you're knee deep in trying to understand.

Mr. Eco you will be missed.

koevet 4 days ago 0 replies      
It's probably worth mentioning that very recently Eco, along with other writers such as Hanif Kureishi and Tahar Ben Jelloun, decided to leave his long-time publisher, Bompiani, and start a new publishing house, named "La nave di Teseo" (Theseus' vessel). It did that at 83, investing 2 millions euros in the process. Remarkable.
ZephyrP 4 days ago 0 replies      
Foucault's Pendulum is one of the most interesting books I've ever read. He'll be missed.
kh_hk 4 days ago 0 replies      
Hearing the news I couldn't help but think about the first game I've ever played, "La Abadia del Crimen", a version of "The Name of the Rose", for Amstrad CPC.



rcurry 4 days ago 0 replies      
I can't believe how many legendary people have died in the last few months. I still remember reading Foucault's Pendulum when it came out in English - I was too young to really dig the story at the time, but I can recall struggling to get my head around some his prose because he was just on a whole different level from the other books I had been reading back then.

I read Baudolino some years ago, but didn't come away from it with the same sense of awe that I got from reading Name of the Rose, or Foucault's Pendulum.

vermontdevil 4 days ago 0 replies      
I liked the book, The Name of the Rose. Got me hooked on historical fiction books after such as Sarum among others.

Not a bad film too with Sean Connery and Christian Slater.

neemsio 4 days ago 0 replies      
greenyoda 4 days ago 3 replies      
- This story claims it's a hoax:


"On Friday (February 19) the author's reps officially confirmed that Umberto Eco is not dead. He joins the long list of celebrities who have been victimized by this hoax. He's still alive and well, stop believing what you see on the Internet, they said."

- Wikipedia reverted the notice of his death, saying it was a false rumor:


Edit: Now Wikipedia is saying that he's dead.

Edit2: Now the BBC is reporting his death: https://news.ycombinator.com/item?id=11137855

davidw 4 days ago 1 reply      
I trust that dang et al will replace the link with one in English when it becomes available.

(Which he/they have, transporting/merging the comments with this story... that was kind of weird)

zouhair 4 days ago 0 replies      
Frigging 2016. The hecatomb year.
How Googles Web Crawler Bypasses Paywalls elaineou.com
636 points by elaineo  4 days ago   232 comments top 44
lloyddobbler 4 days ago 5 replies      
"Remember: Any time you introduce an access point for a trusted third party, you inevitably end up allowing access to anybody."

See also: http://www.apple.com/customer-letter/


slig 4 days ago 2 replies      
If they're now blocking clicks from Google, doesn't that mean that they're cloaking and violating the Google's Webmaster Guidelines [1]?

[1]: https://support.google.com/webmasters/answer/66355?hl=en

anewhnaccount2 4 days ago 1 reply      
If this is true, what WSJ is doing is called "cloaking" and should cause it to get de-indexed: https://support.google.com/webmasters/answer/66355?hl=en
eps 4 days ago 1 reply      
Correct me if I'm wrong, but wasn't there a long standing Google's policy that the version of the page served to their crawler must also be publicly accessible. That would then be the reason why WSJ articles were accessible through the paste-into-google trick, rather than because WSJ was incompetent and failed to "fix" the bypass.

So does it mean that Google will no longer index full WSJ articles or does it mean a change in the Google's policy?

zaroth 4 days ago 10 replies      
And congratulations, you have likely just "exceeded authorized access" and committed a felony violation of the CFAA punishable by a fine or imprisonment for not more than 5 years under 18 U.S.C. 1030(c)(2)(B)(i).

From the ABA: "Exceeds authorized access is defined in the Computer Fraud and Abuse Act (CFAA) to mean "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter."

To prove you have committed this terrible felony, the FBI will now demand that Apple assist in disabling the secure enclave of your device in order to access your browser history. But remember, they only need to do this because they aren't allow to MITM all TLS and "acquire" -- not "collect" -- every HTTP request your machine ever makes. </s>

mbroshi 4 days ago 6 replies      
Am I alone in feeling like this is akin to a tutorial on how you can shoplift without getting caught? WSJ, for better or worse, does not want to give you content without your paying for it. If you take that content without paying, you are stealing. Just because you have figured out how to get past their security does not mean it's not stealing.

(See the second precept here: https://en.wikipedia.org/wiki/Five_Precepts)

mikemikemike 4 days ago 1 reply      
This is an odd debate. Let's say a restaurant declares "veterans eat free." This blog post is like a friend telling you "Hey if you tell this restaurant you're a vet they'll give you a free meal." No one said it's legal or ethical. It's lying to trick someone into giving you something at their expense.

I think the relevant point, underscored by the author's last sentence, is it doesn't matter who you open a back door for - it opens the possibility for anyone to barge through.

mangeletti 4 days ago 3 replies      
This is not meant to be purely controversial, but I thought long and hard about WSJ back a few months ago when HN mod (always forget his name) said to stop complaining about HN links being posted because paywalls were ok. I agree paywalls are ok. But some things are not ok.

Take a look, for instance, at the WSJ.com home page with an ad blocker turned on (note all the missing letters and scrambled up titles). They want me to pay, and they want me to see ads, and they want to track my behavior? Should I send them my DNA also?

Organizations like WSJ are exactly the disease that causes ad blockers to proliferate and ruin the web for all the decent publishers. They're at war with my privacy (by breaking their site intentionally when I visit with a blocker on). They want it all, ads, tracking, your private data, and subscription revenue, not to mention...

# Agenda-Driven Content

I mean, we're basically talking about NBC or Fox here, just on the web. Imagine every morning when you woke up you turned on the television and tune to some "news" show. After talking about the weather, they start talking about a lost pickle that is thought to be potentially alive and moving about with free will. Over the next two years, talk about the same pickle extends to every other TV show. Before you know it, everybody in the nation is talking about the same pickle. Years go by, and that pickle has become a part of our society, and that's not because people are born with an innate care the well-being of pickles, but because "news" shows taught them to be.

That's not a good position to be in. I have to believe I'm not the only one in here that doesn't watch any TV. So, why do we all treat the same media giants differently on the web? We crave their content so much that we build browser add-ons to get to their content, etc.

metafunctor 4 days ago 3 replies      
I'm pretty sure Google will soon stop indexing WSJ. Why index something if the vast majority of users cannot access the pages behind the links?

EDIT: The "paste a headline into Google" trick still works for me, though. If this continues to be the case, they will keep indexing, of course.

sylvinus 4 days ago 1 reply      
Well, that trick won't last long either. It's trivial to verify that an IP indeed belongs to Google:


kenshaw 4 days ago 0 replies      
Basically, the article is stating to change the User-Agent to GoogleBot or Bing or whatever other crawler UA you'd prefer. While that's doable, that's something that is easily detectable and prevented, as all of the big crawlers can be validated against DNS.

Additionally, I would like to point out that I wrote a Varnish extension for the express purpose of validating User-Agent strings through DNS lookups, and is available here: https://github.com/knq/libvmod-dns

It was built because we had specifically a problem with bad bots crawling a large site (multiply.com) and this was one of the easiest ways to filter out the bad bots from the good, and to enforce robots.txt policies on a per bot basis. It works very well, as you can do any kind of DNS caching internally and prevent this kind of behavior, if that's your goal.

matt_wulfeck 4 days ago 1 reply      
I like wsj but I only read maybe 1 article every other day. They need a more reasonable price point, especially since the market will almost bear no price at all.

That being said I do enjoy their content, save for maybe the op-eds.

jrochkind1 4 days ago 0 replies      
I thought Google specifically disallowed returning different pages based on User-Agent targetting googlebot, and this included paywalls.

Are they running afoul of Google policies and going to get pinged by Google?

I can't find the text from Google now (when can you ever find any docs at google?), but I am very certain I remember reading from them that you may not return different content to GoogleBot based on User-Agent.

crazysim 4 days ago 2 replies      
Doesn't this kind of also hurt SEO? I'm would guess Google has some automated system to detect and apply a negative signal to sites that provide different content to a Googlebot user agent than a non-Googlebot user agent. I guess these sites are counting that the other signals outweigh that negative hit.

Otherwise, why would expertsexchange be obligated to provide the answers at the very bottom? Did something change?

Gratsby 4 days ago 0 replies      
If you hit a paywall or a "sign up to access this content" message from a google search result, report it. Google will remove them from the search results, they will lose their largest traffic source, and they will address the issue. Or they won't because they have enough paying customers.
zem 4 days ago 1 reply      
i thought of doing that when the "search google" trick stopped working, but i decided it crossed the point where i would feel like i was unfairly circumventing their clear desire not to serve me the content. i've just added wsj to my mental ignore list and count it as a few more minutes gained to do something else.
jdunck 4 days ago 2 replies      
If Google (or any other crawler) wanted to play nice with paywalls, they could issue a public key for their bot, and put a signature in their User Agent string that the domain could then verify.

Those signatures could obviously leak, but on a per-domain basis. Perhaps the domains could have a secure way of bumping the valid key generation if they had a leak.

mchahn 4 days ago 1 reply      
Bypassing the paywall is more unethical that blocking ads. It is one thing to have control over your own browser but another to steal something from another site.

Also, isn't it illegal to bypass computer security?

hueving 4 days ago 2 replies      
Based on the comments here, am I to understand that constantly browsing the web with my user agent string set to a googlebot string, I am committing a felony? How would I even know which sites I'm gaining unauthorized access to?

That is completely idiotic if there is a string you can put in a Mozilla browser config that is literally illegal to browse the web with.

chrishn 4 days ago 0 replies      
> Remember: Any time you introduce an access point for a trusted third party, you inevitably end up allowing access to anybody.


ikeboy 4 days ago 2 replies      
New workaround: paste the article title into archive.is. I don't know what they're doing but they have a workaround of some sort.
jgh 4 days ago 4 replies      
I just tried clicking on "Harper Lee, Author of To Kill a Mockingbird, Dies at Age 89" from wsj.com's homepage and got the paywall.

I then pasted the headline into google and clicked on it from Google results and did not get hit by the paywall.

throwaway21816 4 days ago 0 replies      
>Archaic news source does something to hurt their market penetration to internet

Great idea here guys

GigabyteCoin 4 days ago 1 reply      
I was under the impression that the "hack" whereby you searched for the article on Google and clicked through to that article (effectively skipping over the paywall) was a demand of Google's and not an oversight by the paywalled website.

I thought that google deemed providing search results which were behind paywalls as a "bad experience" for their search users, and would penalize websites for doing so.

Is this no longer the case?

tete 4 days ago 0 replies      
Doesn't Google usually try to punish websites that show users something different and even mentions that somewhere?

Not an SEO Expert here, but wonder how and whether Google will end up handling that. I mean making an exception could also be considered abuse of power in some countries of the world. Don't have any strong opinion yet on that, just saying that because of how the EU exercised certain laws in recent years.

Illniyar 4 days ago 0 replies      
Aren't you supposed to verify if a visitor is a googlebot by reverse lookup of the IP address? I.E.:https://support.google.com/webmasters/answer/80553?hl=en

User-agents are notoriously unreliable.

philip1209 4 days ago 0 replies      
I wonder how many Google Cloud customers use the servers to run spoofed Googlebot crawlers from the Google IP range in order to bypass paywalls and scrape large sites (like LinkedIn) without hinderance.
0xCMP 4 days ago 0 replies      
It's broken already. Tried to access an article about new china rules for online news and it pay-walled me. They're probably looking for clients coming from googlebot.com now.
mildweed 2 days ago 0 replies      

Content providers register a (yet-to-be-written) Google News API account, get an API key, with which Google indexes the site and the site recognizes as legit.

mikestew 4 days ago 1 reply      
So does HN now choose to not post articles from the WSJ? I was comfortable with the "google it" trick, and frankly was a little annoyed with constant "paywall, wah!" comments when what should be by now a well-known workaround was available. But that workaround no longer works.
coverband 4 days ago 1 reply      
My Windows anti-virus deletes the linked sample code automatically upon download, marking it as "Trojan:Win32/Spursint.A". Did anyone have the same experience? (I was actually more interested in using it as a template for writing a simple Chrome extension.)
f137 3 days ago 0 replies      
I wonder if anybody tried to do as suggested? I copied the files to Chrome as per instructions, and the paywall was still in place.
jasonwilk 4 days ago 0 replies      
I've noticed that this has stopped working on WSJ if you've already hit the paywall and try to google the article to bypass.
warrenmar 4 days ago 1 reply      
You can also access WSJ for free at the library.
jupp0r 4 days ago 0 replies      
It's not bypassing at all. Googles crawlers are deliberately let in because a paywall that nobody runs into is useless.
chinathrow 4 days ago 0 replies      
So soon they have to block anyone with a fake Google UA and whitelist the well known 66.249 IP range. Trivial.
yyin 4 days ago 0 replies      
Does WSJ check visits from a Googlebot UA against a list of known Google IP addresses?
amelius 4 days ago 0 replies      
Fix: replace the user agent string by a cryptographic challenge/response scheme.
pmontra 4 days ago 0 replies      
They'll start allowing only some IP addresses search engines agreed with them.
daveheq 4 days ago 0 replies      
Possible in Firefox? Some people won't use Chrome.
spitfire 4 days ago 0 replies      
Is there a version of this available for Safari?
systemz 4 days ago 1 reply      
So their next move is check if IP is from Google
dude_abides 4 days ago 1 reply      
Or simply use incognito mode and click on Google search result.
obelisk_ 4 days ago 1 reply      
1. Google's Web Crawlers are not "bypassing" paywall. It's the paywall that let's crawlers through. I.e. exactly the reverse of what the author implies with their headline.

2. The idea that this is somehow new is wrong. The way for a server to identify crawlers have "always" been to look at the user-agent, and, when done right, IP, verified either by net block owner or by doing PTR lookup and then checking that the A or AAA record for the claimed host points back at the same IPv4 or IPv6 address. Meanwhile, I do agree that paywalling is a more recent phenomenon, at least with regards to the extend it is popular among sites today, but the concept of presenting different data to crawlers and visitors arose much earlier and is something Google have been aware of and has made sure to delist such sites when found, whereas in fact Google has since then moved abit in the direction of allowing it in that they do so for Google News if declared as explained by others ITT.

So in my view, it seems that the author is jumping to incorrect conclusions based on an incomplete understanding of what's actually going on here. What then about the HN readership, how come this article became so highly voted and I don't see these issues raised by anyone else? Or maybe I'm just crazy?

Go 1.6 is Released golang.org
562 points by geetarista  6 days ago   351 comments top 29
sinatra 6 days ago 11 replies      
Go checks a lot of boxes for my ideal language for developing web services: Static type, C derived, has garbage collection, generates a single binary, supports concurrency very well, is opinionated, is small/simple, its community prefers to just use standard lib for most work, etc. Yes, Generics is an issue and so is debugging. But, overall, I can't think of many other options that check so many boxes.

EDIT: I must highlight the point about checking lot of boxes. In many discussions about features of programming languages, we get responses like, "language Y does that too. Why not choose that language?" Well, because we don't pick languages for one specific feature. We pick them for the combination of features.

jonesb6 6 days ago 8 replies      
The reason I love Go is that every time I pull it out, I write a small amount of it and it runs beautifully. For example my company has a critical micro-service implemented in ~300 lines of Go, it's been running for six months now without a single hiccup, highly performant, very sexy.

The reason I will almost never use Go for web apps is because interaction with databases is limited (almost entirely) to raw queries. Maybe I'm spoiled by the likes of Active Record, Sequelize, Mini-mongo, Sql-alchemy, etc, but it's a huge drop in efficiency to spin my own SQL.

The point to take away here is that Go, more so then many other languages IMO, has its strengths and weaknesses. If you use Go in one of it's weaker use-cases you're gonna have a bad time. If you use Go for one of it's strengths you're gonna have a great time.

See you guys and gals in n weeks when we need to rehash the pros and cons of Golang again.

nathany 6 days ago 1 reply      
There is a Go AMA on reddit for the next 24 hours.


eddiezane 6 days ago 6 replies      
I've really enjoyed the time I've spent with Go but feel like the state of dependency management has kept me away.

Am I being stubborn in my longing for an npm, Ruby Gems, or pip? Is there a reason why one of these hasn't emerged/been adopted by the community? (I'm aware of the 1.5 experiment with vendoring.)

Semver and pinning versions has always just made sense to me. I can easily adopt new features and fixes automatically without worrying about things breaking.

How does the community feel this far along?

Cyph0n 6 days ago 4 replies      
I can't wait to see what's new in 1.6! I really had a pleasure working with Go for my senior project last year. If I need to write either a server (HTTP or TCP/UDP), or a client application that must be easy to build and distribute, Go is my first choice.

What Go is lacking at this moment in my opinion is:

1) A comprehensive and mature web framework. Play w/ Scala is my go-to choice now, with Django a very close second.

2) A decent cross-platform GUI toolkit; heck, I'd settle with Qt and/or .NET bindings for Go. The power of Go is statically linked binaries, and I think the area of desktop applications will be easy to target if a good solution emerges.

dominotw 6 days ago 4 replies      
I've been writing some gocode recently and huge chunk of code is

if err != nil ...

I know you can do if ; err!=nil but that not that much better and you end up in deeply nested if blocks.

i have to mentally block out err !=nil to read any gocode linearly. How is this acceptable, I don't get it.


We recently scanned all the open source projects we could find and discovered that this snippet occurs only once per page or two

This seems false from my experience, def way more than 1 or 2 instances per page.

golergka 6 days ago 1 reply      
I just recently started with go, but I love how simple (apart from horrible $GOPATH) and effective that is.

Still can't get over the moment I realized that in order to deploy my web server on an empty virtual box all I had to so was to build and upload. After all the languages and frameworks that required endless customization and setting up it was a true eureka moment.

protomyth 6 days ago 4 replies      
Can someone give a decent explanation of the following:

1) Supposed I have a library that was written in C that receives a security update which is used in a Go program. Under what conditions do I need to get a recompiled version of the Go program.

2) Supposed I have a library that was written in Go that receives a security update which is used in a Go program. Under what conditions do I need to get a recompiled version of the Go program.

3) Is there a way to tell from the binary that the program was written in Go?

Trying to figure this out for my Sys Admin dealing with Vendors role.

jernfrost 6 days ago 0 replies      
Read the debate with Go vs Java here with interest. I'd like to add a point I think is missed by the Java crowd in favor of Go.

Complexity isn't free. Java might have and abundance of tools, IDE's, language features etc, but you can't claim that matching up every Go feature or tool with something superior found among the huge Java universe makes Java superior in every way.

I find that there is an unfair assumption being used by the Java advocates, here which is that every software developer has a deep knowledge of Java.

As one of those people who can certainly write Java code, but who is not familiar with the Java eco system and has not spend a lot of time with I must say that Go to me is a clear winner.

My exposure to professional Java development has been quite frustrating compared to writing Go code. Every Java project I have gotten has used some different built tool: Ant, Maven or Gradle. They have also all seem to use different IDE's. The complexity of each of these tools is staggering. Considerable time has to be spend learning these tools.

Go in comparison is laughably simple. You can get productive in less than a week without ever having used the dam thing. The tools and the libraries are very quick to get into. In fact I find Go code so easy to read that although I am an iOS developer by trade, I frequently read Go code to understand how various algorithms and network stuff works.

An organization would easily be able to add people to a Go project without much previous exposure to the language. Adding people with limited Java knowledge to a Java project however would be far more expensive. Considerable time would be needed for training.

There is a lot of money to be saved from having a well thought out standard library combined with a simple language with simple well thought out tools.

As a Swift/Objective-C developer, my major gripes with my development process is actually the complexity of the tooling. Both Swift and Objective-C are fairly straightforward languages IMHO. In this regard I greatly envy Go developers although I do enjoy the strong typing and generics in Swift.

kampsy 6 days ago 0 replies      
I fell in love with python because it was clean and easy to work with. Like most developers, I used to use c when I needed a performance boast. Then I got fade up and decided to learn a new language that could give me the feel of python and the performance of c. Two languages from a list of 10 passed the above criteria Go and Rust. Java did not even make the list because I Don't use languages that are owned by evil empire's(Oracle).

I went with Go because it was easy to use and understand. I could read other people's code easily( Even with a large code base, I have never found myself scratching my head trying to figure out my own code does), could set up my workspace in less than a minute and all the text editors I used (sublime, Atom, Vim) supported it. I Don't really care about the fancy IDE's. Just syntax highlighting and code completion is good for me.

I started learning go on September 2015. And I have managed to implement the porter stemmer algorithm and an inverted index in it. Miss generics but LOVE interfaces. The fact that any concrete type that implements method 1 satisfies interface 8 is awesome. You can easily reuse code from different package without changing anything.

alblue 6 days ago 0 replies      
Release notes are here:


Notably new this time is transparent http/2 support and tighter rules for integration with C.

dh997 6 days ago 1 reply      
Go CSP is minimal and ortongonal, I just wish it did three things:

0. could lto optimize or link against a shared library to reduce the titanic size of compiled programs and cut down on duplication of instruction. Therue is no practical sense in wasting memory and storage on systems with dynamic linkers: edge cases of including the world for rare situations but YAGNI in real production systems.

1. could output flat binaries and self-host runtime (panics) for practical kernel development in Go

2. Generics (both types and immutable constraints), I think C++1z has the right approach to this (and constexpr and constant arrays are nice and are able to provide more hints to the compiler).

I also wonder why Go wasnt developed as an IR compiler / llvm frontend, because it would've levered an existing debug and portability ecosystem with much less work.

sriram_malhar 5 days ago 1 reply      
Have been using Go since its release, and like the deployment experience, the feeling of solidity of putting together a tight system. The toolchain is great. 1.6 is yet another Solid release in that direction. Thank you all.

However, the _language_ doesn't give me much programming pleasure alas. Since there is plenty of time for Christmas, here's my syntax wish list :)

'?': C's if-then-else operator.

Block-syntax for closures ala Ruby. Unifying blocks and closures makes creating DSLs easy, but doesn't add to cognitive load (no more than using anon funcs)

Pattern matching like Scala, ML, Rust.

Sum types -- (Yeah, I lied. Not just syntax enhancements), or at least discriminated unions. I'd like to see an example (in the FAQ entry on the topic) on why support for it is troublesome.

For 2017 Christmas, -------------------

Macros ala Nim.

Systemic support for Goroutines, including detection of conditions where a goroutine would never get scheduled. Erlang-like tools for built-in goroutine insight.


My ideal language would be an intersection of Nim+Go

zenlikethat 6 days ago 0 replies      
Congratulations to the Go team! There are many excellent folks working on the Go language and it's been an absolute joy to work with in my experience.
ukd1 6 days ago 0 replies      
https://golang.org/doc/go1.6 - lists the changes
Exuma 6 days ago 3 replies      
I upgraded and it broke our app, something to do with the way it handles https has changed, not sure what
bmh_ca 6 days ago 4 replies      
Go has a lot going for it.

That said, there were a few points I noted, based on a recent go I gave it (pardon the pun), at least in relation to my style of development for this project:

1. It's hard to tinker, mostly because it's fussy about what variables are defined or used. This is a strength in the usual course, but when one is trying to posit what a poorly documented 3rd party API is doing it can be a serious pain.

By tinkering, I found that I often had to comment out or uncomment lines, or handle or ignore errors. There was a lot of flipping up to the beginning of the file. I would spend so much time fiddling with the lines that I would at times forget what I was even trying to do.

I might just have memory problems, I acknowledge. :)

However, what would make sense is a go "mode" where it runs in a non-strict way, with what would ordinarily be errors being warnings. A "tinker" or "whirl" mode, so to speak, that softened the requirements so one could get a better sense of what was happening before committing to a design.

An interpreter mode might also be quite valuable, to address this problem and the ones below.

2. Error propagation - I see the point of errors being returned and the lack of a "throw/catch" style, and its benefit, but I feel it's a lot of typing for marginal gain. I usually end up with an error propagating a set of strings that ultimately conclude as: "Database error: transaction error: processing error: http error: reason", which is to say: equivalent but less information than a stack trace would give. I see the mandatory error acknowledgement simultaneously as a strength and a waste of time, and I admit being on the fence about it.

3. The next point I am not on the fence about: Debugging. It is not apparent how to get a stack trace, and the best option looks like including a third party application that generated errors. For the obvious and reasons below, this is a problem.

4. Package management: This was fussy and could be time-consuming. It is not apparent to me why one needs a GOROOT and a GOPATH. I think Python's virtualenv gets it right, by comparison. A second but related problem is package versions. Maybe I'm missing something, but making sure you get the latest semantically equivalent version (in the semver sense) was not apparent.

5. Package debugging: If you include a 3rd party package, and it's broken in any way, it's a veritable quagmire to identify and fix the problem. My experience was that the best way to debug a third party package was to block and copy all its bits and then debug it as a local source in your own. Obviously this is bad for a long number of reasons, and I might be missing something, but no more apparent option appeared when I investigated on how to tell what is even happening inside third packages.

6. Automated testing: I've not seen a test runner that reloads when source files change, particularly one that might be used with goapp from AppEngine, meaning go auto-testing can be quite a bit of patient thumb-twiddling as the binary reloads.

Which is all to say that there are some concerns about developing a larger project in this language, particularly if there is quite a bit of complexity that needs lots of testing or potential debugging and/or inclusion of many third party packages.

I've not reviewed the 1.6 notes, so perhaps these are addressed to some extent there.

In any case, none of the issues above is insurmountable, and overall I give the Go design a lot of credit for experimentation and interesting choices, but the issues I've seen above give me pause before committing a team to the language for the moment.

niccaluim 6 days ago 2 replies      
Not officially. "Go 1.6 is soon (but not yet)." - commit message from today.
pori 6 days ago 1 reply      
Seen a lot of Erlang mentions in this thread. Is that the native alternative to Go?

Personally, I prefer to write code in a functional manner. While I've always thought Go looked like an amazing platform for programming in general, I haven't been keen on moving to another imperative language.

It seems the landscape for functional alternatives are mainly Scala and Clojure which are both based on the JVM and require a bit of time to learn the tooling. I am not a Java or JVM export, so I haven't been too inspired by this either.

helper 6 days ago 0 replies      
Rebuilding our integration docker image right now. If all our tests pass I expect to have go 1.6 binaries in production by this evening.
jay_kyburz 6 days ago 1 reply      
Can anybody tell me if you can run Go in Chrome using the NaCL stuff? I remember there was talking of it a few years ago but I don't know if anything ever came of it.

A google seach show that you could build for NaCal in Go 1.3 but only run it in special builds not Chrome itself.

CSDude 6 days ago 0 replies      
I would just love some IDE-debug love and better packaging. More packages I use and more I distribute my files, compilation takes considerably longer. Maybe I do not know, but is there some process to compile some parts before hand and link only the changed resulting binary?
robbles 6 days ago 3 replies      
There was some discussion leading up to the release about whether to merge the "SSA" branch, which seems to be a refactor that allows for easier compile time optimisations but also slows compile times for the time being.

Does anyone know if that was included in this release?

rphlx 5 days ago 0 replies      
> Source trees that contain a directory named vendor that is not used in accordance with the new feature will require changes to avoid broken builds

That seems a little bit distasteful.

kiril-me 6 days ago 0 replies      
Do you know any framework using http2 on go lang?
enneff 6 days ago 1 reply      
Binaries are up but not everything is fully updated yet. Announcement blog post coming shortly.

Edit: Blog post up: https://blog.golang.org/go1.6 maybe change the article link to that?

andreamichi 6 days ago 0 replies      
A draft for the 1.6 release notes: https://tip.golang.org/doc/go1.6
obelisk_ 6 days ago 1 reply      
Release notes: https://golang.org/doc/go1.6

Mods, maybe change OP link to this?

fuddle 6 days ago 1 reply      
Go is great, but I wish they would add terany operator support.
Harper Lee has died nytimes.com
461 points by lolptdr  5 days ago   166 comments top 18
haberman 4 days ago 12 replies      
I loved "To Kill a Mockingbird" so much when I read it as a kid. The moral of the story seemed really obvious. In the last few years I came across this article which blew my mind and changed my perspective about the book's meaning a lot:


616c 4 days ago 1 reply      
Nothing blew my mind in the last few years like discovering how close Harper Lee and Truman Capote were, as they were both authors I idolized at different stages of my life.


And that Dill was partially based on her childhod friendship with Capote.


This seems to be well established now in pop culture and art, but I was completely unaware when I first heard.

The fact the world has such inspired people, despite their stressful surroundings was a blessing to us all in the form of great art.

Goodbye, Harper.

rm_-rf_slash 4 days ago 0 replies      
They say an artist is never appreciated until they die, but I believe Harper Lee was one of the most rightfully appreciated authors of our time. Most of us have read To Kill a Mockingbird, at least, and for those of us who did, it was a powerful indictment of America's eternal and original sin of race and exploitation. A book or a death changes little in a broad cultural context, but it serves to remind us how we can and should all be better to each other. Rest in peace.
ldd 4 days ago 3 replies      
Real courage is when you know you're licked before you begin, but you begin anyway and see it through no matter what.

That is one of my favorite quotes of all times, specifically taking into account the setting of the book.

newscracker 4 days ago 0 replies      
> Until last year, Lee had been something of a one-book literary wonder. To Kill a Mockingbird, her 1961 epic narrative about small-town lawyer Atticus Finchs battle to save the life of a black resident threatened by a racist mob, sold more than 40 million copies around the world and earned her a Pulitzer prize.

That book by the "one-book literary wonder" was unforgettable for many things, including the fact that it was one of the first books I read twice. I'd say that that one work that stood strong for decades across generations should probably not be used to diminish the author using terms like "one-book wonder".

libeclipse 4 days ago 0 replies      
"Shoot all the bluejays you want, if you can hit 'em, but remember it's a sin to kill a mockingbird."

This is sad news indeed.

bfrancom01 4 days ago 2 replies      
I couldn't stand most of the books I had to read in high school, especially To Kill a Mockingbird. Others included The Great Gatsby, & Lord of the Flies. All awful books IMO, & still dreadfully awful. I can't believe American culture thought (still thinks?) those books were good. Luckily I read books that I liked on the side to make up for it.
orbitingpluto 4 days ago 0 replies      
It is some small comfort that her legacy cannot be further tarnished under the fiction of her consent.
seeing 4 days ago 0 replies      
Harper Lee's words: all I want to be is the Jane Austen of South Alabama.
grecy 4 days ago 4 replies      
To Kill A Mockingbird is still one of my all time favorite books and movies. Sad news.

Has anyone read the newly released book? Thoughts?

padobson 4 days ago 1 reply      
Atticus Finch is maybe the greatest character in American literature.

His courage in standing against racial injustice is notable, but the true depth of the character comes from his quiet strength and his unabashed dedication to his family and his fellow man.

He's always there for his children, tucking them in at night and encouraging them to be good to each other and their neighbors. He's always ready to impart wisdom and morality upon them in the most gentle manner.

But still there's that quiet strength, as in the scene when he shoots the rabid dog. Watching the scene through Scout's eyes, a powerful figure comes alive in the person of Atticus for the first time - showing us that a strong man is prepared to stand up both against moral and physical oppression.

As role models go, you could do a lot worse than Atticus Finch.

fbernier 4 days ago 3 replies      
Sad news, but on a totally unrelated note: Why is the date in the URL set to tomorrow?
CaiGengYang 4 days ago 0 replies      
Great book by a legendary author ---- I still remember I had to read the book during my secondary school days for my literature classes and we were tested on the material in the book during our finals. I really enjoyed the book (very poignant ending) and I would read the book multiple again and again during my free time.

A timeless storybook about bravery and courage in the face of blatant racism and discrimination. As a society, we should work towards ending racism and discrimination in all spheres and this book will surely play a part towards this goal ...

jamesDGreg 4 days ago 0 replies      
"Shoot all the blue jays you want, if you can hit 'em, but remember it's a sin to kill a mockingbird."
guylepage3 4 days ago 0 replies      
Harper Lee was one of my favorite authors when I was a child. A true legend.
mignev 4 days ago 0 replies      
sad news :(
huntleydavis 4 days ago 2 replies      
While this is tragic news, this really doesn't feel at all correlated to HackerNews.
ck2 4 days ago 1 reply      
Author ONLY of "to kill a mockingbird" (seriously, she only ever wrote one book, weirdness)
iTerm2 Version 3 Now in Beta iterm2.com
622 points by rickhanlonii  5 days ago   241 comments top 49
gnachman 5 days ago 36 replies      
(author here). I pushed out a promotion today to let users know about the new version before auto-updating everyone. It breaks backward compatibility with applescript, so it'll be a rough upgrade for some folks.

I'd love to hear any thoughts on how to make this less painful.

My first experiment with in-app advertising (promoting the beta version through a popup dialog) has gone well, with a 31% click-through rate, and of those 25% downloaded the beta.

swagtricker 5 days ago 2 replies      
Great app. This announcement reminded me that I use it every day & hadn't donated yet, so I did. $10USD won't be retirement money, but at least have a beer & tip your bartender:)
jpsim 5 days ago 7 replies      
I'm sure I'm missing iTerm2's big appeal, but every time I try to use it, I find myself going back to Terminal.app, which I find more responsive and just as featureful, especially when combined with zsh and a windowing manager. That's probably just because I'm familiar with it and I didn't come from tmux or anything similar, but I keep hoping I'll be "enlightened" at some point and realize the error of my ways ;)
venantius 5 days ago 0 replies      
I just donated $25. iTerm is an amazing piece of software and I honestly can't imagine living without it.
matt_wulfeck 5 days ago 3 replies      
Iterm2 was one of those things I was not expecting to miss so much when I switched to a Linux desktop. There's something about the look and feel of text that I'm used too. Don't get me wrong, there's good terminals for Linux, but I think iterm2 was the best. I'd gladly pay for a Linux port.
isomorphic 5 days ago 5 replies      
I love iTerm2, I keep up with the "current" beta versions, using them all day in production.

I would love it if they'd make a "dark" titlebar version of the window chrome. My setup currently has windows without any titlebar at all (thanks to iTerm for that feature!), but it makes rearranging windows challenging.

I look forward to trying out the newer features!

dchuk 5 days ago 1 reply      
One of the best mac apps in existence but holy jeebus is the naming a mess:

- It's called iTerm2 Version 3 now, rather than iTerm3- It's called iTerm2 Version 3 now, but the actual app version is 2.9

sstanfie 4 days ago 0 replies      
I'm sure if you're reading these comments, iTerm is the program you use the most on the Mac.

Give George a donation through the Donate button on his site (https://iterm2.com/) to let him know how much we care about this tool. Takes 10 seconds if you have PayPal.

kaishiro 5 days ago 1 reply      
I played with iTerm2 for a while (coming from Linux) because I was told I had to have it. I switched back to Terminal.app after my last clean install because I didn't really see what I was getting.

For someone who tmuxes for tabs and splits, what am I missing?

glossyscr 5 days ago 4 replies      
iTerm is OSX' killer app.

Couldn't find anything similar on Windows. I used MobaXTerm which is ok but never feels as polished and slick as iTerm. Especially iTerm's own fullscreen mode which allows to quickly alt-tab is great.

sstanfie 4 days ago 0 replies      
Another suggestion: how about simply calling it "iTerm". This can be version 3. I know "iTerm2" was a fork of the defunct original iTerm. But now that you're pushing through to v3, in kind of makes sense to reclaim the title.
pmoriarty 5 days ago 2 replies      
Is there a way to make a previously hidden iTerm window show without also bringing any other iTerm windows to the front?

I'm looking to replace TotalTerminal with iTerm (since TT doesn't work on El Capitan without making OS X less secure), and tried using a function key to hide/show a small iTerm window, but while that does work, the problem is that when it shows the small window, it also shows my regular large iTerm window as well (which I have always running) and the times when I want to show the small iTerm window I don't want the large iTerm window obscuring what's behind it.

Not sure if I explained that well, but that's what I'm hoping to find a way how to do: basically have a small, TotalTerminal-like iTerm2 window that pops up when I hit a certain keyboard shortcut, without also bringing up any other iTerm2 windows that I may have running in the background.

I'm also open to suggestions for other TotalTerminal replacements that work on El Capitan.

AceJohnny2 5 days ago 1 reply      
So if I'm running iTerm2 Test release 2.9.date (current 2.9.20160206), does that mean I'm running the v3 beta?

Its version names are confusing.

_aarti 5 days ago 3 replies      
I have used iterm for a long time and I would like to donate to your project. I make all my donations with Patreon, would be great if you could add support for that, if it's not too much trouble. https://www.patreon.com/
hk__2 5 days ago 1 reply      
> Undo closing sessions, tabs, and windows. If you close a session by accident, you get five seconds to hit Cmd-Z to undo it.

Does that mean my session is not really closed until 5 seconds after I closed it?

cooper12 5 days ago 1 reply      
> Session Restoration allows your jobs to keep running after iTerm2 upgrades, is force-quit, or crashes. It's like tmux without tmux!

Anyone know how this works? From my basic (possibly incorrect) understanding, iTerm currently spawns a bash shell for each tab which in turn has its own children for its processes; so killing iTerm would kill all of its children. Does it use a separate daemon process to spawn children now?

sstanfie 5 days ago 1 reply      
Can we configure iTerm2 v3 now with a simple file? It's so difficult to programmatically create profiles, setup typefaces and colors.
octref 5 days ago 0 replies      
> iTerm2 has been updated for the modern Mac OS X "flat" look and is stunningly beautiful.

It does look very polished! Just two things:

When you choose "No title bar", the rounded corners and drop shadows all disappear so it looks a bit too "sharp".

And it would be really great if you can add an option to specify internal padding, similar to urxvt's internalBorder.

Great work and thanks again!

dsego 5 days ago 1 reply      
Didn't know you can ls and then cmd+click to open a folder/file. And alt+click positions the cursor. Nice touches.
Philipp__ 4 days ago 0 replies      
You guys deserve all the best. Will make the donation soon... (student here) I have never came across terminal app that is working with you... urxvt and many other on Linux were always working against me. This one was drag and drop and it works.
fmela 5 days ago 1 reply      
This is fantastic. I love the new look, and the font rendering seems to be even nicer than before.
blckshp 5 days ago 2 replies      
I have been a long time Visor/TotalTerminal user and wanted to try iTerm2 on 10.11 but was concerned with its use of the Sparkle updater framework. I could find no sign through all of my research if confirm if updates are performed through https instead of http and I declined to install it. I also couldn't find a way to contact the anyone to ask, so I'm glad you posted. So? What does it use? Don't you think this may be worth noting on the announcement or changelog?
biztos 5 days ago 0 replies      
I'm late to the thread but just wanted to say THANK YOU for all the hard work in general; and especially now for this:

"iTerm2 can change your profile (for example, affecting the color of your terminal) when you ssh to a remote host, when you run sudo, or even depending on your current directory."

Like many people, I use profiles mostly to have different colors for different hosts. This will make my workflow a little easier and a lot more consistent Every. Single. Day.


erikb 5 days ago 0 replies      
There are a lot of people expressing their love for the tool but until now I fail to see why. "Love" is not a good enough reason for me to exchange a seemingly good enough standard tool with something else. Also the situations in which I want to optimize the Terminal are few. Right now I can only think about copy&paste and as far as I can tell that is solved in the standard terminal already.
coldtea 5 days ago 1 reply      
I've been trying iTerm on and off (sometimes using it for months) but always went back to the Terminal.

So far, this release seems it will finally make me switch.

yeukhon 5 days ago 0 replies      
Is there a screenshot for the new version...?
ozy123 5 days ago 0 replies      
Undo closed window is sweet. Nice work.
asd 5 days ago 0 replies      
Amazing work. This app has so many features that I think go unnoticed to many. I recommend going through all of the tips of the day (iTerm2 -> Show Tip of the Day) and perusing the various preferences available in the app.

I donated a while back and will be donating again tonight.

slajax 5 days ago 0 replies      
Thank you for all the hard work of the iterm2 team.

I've used this application for years now and without it, I would be useless.

I do 99% of my development within it, so it really is a super important tool for me and I'm very very excited to see it's continued improvement.

jgworks 4 days ago 0 replies      
A quick and dirty one-liner to pull the newest xkcd:


pkmishra 5 days ago 0 replies      
Thank you so much for your hard work. It's default terminal for me.
spleeder 5 days ago 0 replies      
One of my favorite new features has got to be true color support.
strages 5 days ago 0 replies      
It would be great having little video's of each new feature. For example with the automatic profile switching, or the marks/shell integration features.
joshontheweb 5 days ago 1 reply      
I just donated but do you ever consider charging? I think most here would pay. iTerm2 really is the best option and provides a lot of value to developers who make money using it.
monkmartinez 5 days ago 2 replies      
Zsh shell via iTerm2, coupled with prezto or Oh my Zsh == Nirvana.
Fizzadar 5 days ago 0 replies      
Awesome - I've almost forgotten Terminal.app exists these days. Shell integration is super exciting, I can see myself using that a whole lot in the coming months.
iso-8859-1 5 days ago 1 reply      
There is already the need for standardization on inline images, as notty uses another approach than iTerm2, which uses another approach than Terminology.
machbio 5 days ago 1 reply      
I started using Mac since September - Iterm2 saved from the horrible Mac Terminal.. But why is there no option to rename Tabs ?
a-b 5 days ago 0 replies      
I'm waiting for mutt and weechat to adopt a new iTerm2 inline images feature. That would be epic!
ronjouch 5 days ago 0 replies      
Kudos for the changelog starting with a very succinct summary + link, then expanding what changed :)
hanniabu 5 days ago 2 replies      
Issue: On mobile the hamburger menu isn't expanding

Android, Samsung S4, Chrome V. 48.0.2564.96

sadiqevani 5 days ago 0 replies      
I freaking love it, especially tabs and fonts, thank you for the hard work man.
Ezhik 5 days ago 0 replies      
Why is it not called iTerm3?
pholz 4 days ago 0 replies      
great app, i've been using it for a while (i also use terminator on linux). together with homebrew and fish it makes the osx command line experience fantastic!
bechampion 5 days ago 3 replies      
that is the one thing i miss from osx .. i had all kinds of triggers on screen , specially colouring ip addresses , and urls and guids .. hope it comes to linux one day.
aethant 4 days ago 0 replies      
Loving it so far! Thanks for all your hard work.
pvinis 5 days ago 0 replies      
iterm is the best terminal i have found. well done!

ps. people should run iterm, and then press cmd-/ to see something fun! ive seen them change a few times.

random3 5 days ago 0 replies      
Love iTerm2, upgraded and donated :)
obel1x 5 days ago 1 reply      
the linked filename says v2.9?
Skype keeps ignoring people who complain or are having issues with Linux client nickforall.nl
587 points by cujanovic  6 hours ago   334 comments top 82
nakedrobot2 5 hours ago 12 replies      
Skype worked far, far better 10 years ago than it does today. From all indications I've seen, Skype is getting dramatically worse all the time. From a personal standpoint, it crashes for me multiple times a day and I can rarely get group calls working on the first try. Often Skype requires a force-quit and then it crashes twice more when it is being restarted. This is on Mac and Android.

Fun fact: I have a friend who worked for Skype in Prague. He said the codebase is a true horror, an extreme mess, and that soon it would "reach a singularity" :-) He also said that there are whole parts of the codebase that he was not allowed to see, all indications pointing to stuff related to routing the traffic through servers of "the man" ;-)

ElijahLynn 3 hours ago 3 replies      
Stop using Skype. The NSA allegedly collects all Skype traffic anyways. Do you really want that?

"The full capture of voice traffic began in February of 2011 for Skype in and Skype out callscalls between a Skype user and a land line or cellphone through a gateway to the public switched telephone network (PSTN), captured through warranted taps into Microsofts gateways. But in July of 2011, the NSA added the capability of capturing peer-to-peer Skype communicationsmeaning that the NSA gained the ability to capture peer-to-peer traffic and decrypt it using keys provided by Microsoft through the PRISM warrant request."


rdsubhas 4 hours ago 4 replies      
I've been educating as many people (especially Management and Business people) as I can to switch over from Skype to any other alternative (like Hangouts). Because Skype is:

* A memory hog

* A bandwidth hog (its really inefficient about network usage, and uses a lot of bandwidth even when idle)

* Has much lower call quality (a consequence of the above), just try having a call in Hangouts or Skype and notice that Hangouts has much lower audio lag, doesn't kick out people constantly even when screen sharing, etc

* Is now owned by Microsoft

* Never cared about privacy or security (not that Hangouts does, but Skype just sets a very very low precedent)

* Group Messaging is a mess

* Individual Messaging is a mess

The list goes on and on. Its 2016, and "Let's Skype" is not cool anymore. There are much better options available.

haddr 5 hours ago 4 replies      
Skype on Linux is far inferior recently. Mostly due to the fact that the Linux version has been somehow abandoned. It haven't received updates since at least 1 year. For example, one recent change is that when someone sends a picture, on Linux you are sent a link to it, where you have to go to the Skype website and login in order to view it (and login each time you open a link). Sometimes it's a resized version of the picture which makes things worse. Another thing is the screen sharing. On Linux you can't share screen with more that 1 person, making it useless for telcos at work. And there is much more...
cm3 3 hours ago 1 reply      
For an excellent and disruption-free experience I use Mumble and if I have to WebRTC, but the browser experience isn't as stable, performant and reliable. Nothing beats Mumble if video isn't a requirement. You can join free Mumble servers, host your own or rent a server. It's open source, so you're not at the whim of a company and integration with your operating system is much better.

update 1: https://wiki.mumble.info/wiki/FeaturesIt has encryption which cannot be disabled and the advanced audio features make it well suited for reliable and pleasant day to day use. It's low-latency and instead of a centrally managed contact database like most commercial services have Mumble uses certificates for authentication and identification of your friends across servers.

update 2: There are alternative server implementations, one in C and another one in Go, meant to run on OpenWRT in terms of hardware requirements.

sean-duffy 10 minutes ago 0 replies      
When I used to use Skype on OSX I always hated it, people talk about iTunes being bloatware but the amount of resources Skype used was obscene. The final straw was a bug they never fixed that would log me out of Facebook in Safari every time I opened Skype. It was something to do with the fact that I'd foolishly linked my Skype and Facebook accounts in the past, I'm not sure if even to this day they ever fixed that.
gravypod 39 minutes ago 1 reply      
I've seen my friends slowly drift away from Skype. At this point when I install a new operating system, I just use web.skype.com to get in touch with my friends that haven''t moved onto something else. It works the same on all platforms, but I don't know if many people know about the web client.

It's really helpful.

apatters 4 hours ago 3 replies      
If the claim that the Linux client is no longer able to join calls is true, I think the Skype team really needs to respond.

Microsoft has been doing all sorts of cool things lately and it's odd that the Skype team hasn't been a part of this movement toward a modern, multi-platform world.

In my little corner of that world as the owner of an agency which spends money on Skype credit every day and uses Skype for a healthy part of our business communications, if Linux users start having trouble connecting to calls we are done with Skype immediately. There are enough alternatives out there nowadays that we will drop this tool.

pentae 4 hours ago 2 replies      
What I dont understand is - Why is there not a serious competitor to Skype?

If there was a cross-platform Skype clone that worked on OSX, Linux, Windows, iOS and Android that was stable and secure - the whole world would jump onto it. All it has to do is not be a bloated piece of crap like Skype.

Instead, everything else out there is fragmented.

Were all waiting, get on it already!

minusSeven 10 minutes ago 0 replies      
This is not just limited to linux. I use skype occasionally on blackberry and their app on blackberry is despicable. They made slight bug fixes 6 months back after some 2 years of not updating the app. Now it works but still experience lot of crashes. They never bothered to release a native app and people just the android ported one.
balabaster 1 hour ago 3 replies      
There are viable alternatives to Skype.

I've been using Slack (https://slack.com/) for a while too... it does everything useful that you could ask of a chat application and works very much like IRC worked back in the day. Everything it doesn't do natively, there's an integration for, just like with IRC bots.

You can do:

- Private chat with one or more parties

- Open Group chat via channels (both private and public channels)

- Voice/Video via numerous integrations including Bluejeans, Appear.in, Skype, Hangouts, you name it.

- ChatOps via services like IFTT & Zapier or even your own custom bridge into your network.

- Get notifications right in Slack from your source control, build servers, JIRA, Confluence and any number of other services via webhook integrations.

- A billion other wicked cool integrations (https://slack.com/apps) that allow you to do just about anything, including the eternally useless, often inappropriate and highly amusing Giphy.

- It's free(ish)... the featureset is restricted on the free account, but even with the free account it has enough to be seriously useful to even loosely defined teams of adhoc members. For enterprise requirements there is a small per user/per month charge which unlocks a wealth of enterprise ready features.

- It's archivable & searchable

Highly recommended and well worth a look for small and large teams alike.

It's more targeted at teams, but for circles of friends, it works nicely too. Because of the way it's structured, it works more like a web based, centrally hosted IRC server than Skype, as such it doesn't really have the same network effect, but it's so much more flexible than Skype in every other respect.

mrmondo 4 hours ago 1 reply      
I'm surprised people still even use Skype, I went really down hill around 5 or so years ago. It's slow, bulky, closed source and it has been disclosed by Edward Snowden and Wikileaks to have ties directly into the prism program with the NSA.
SunShiranui 5 hours ago 9 replies      
Skype has been getting worse and worse over the years. Personally I've switched to Telegram for chats, and I'll be looking for alternatives as far as voice calls are concerned.
i336_ 5 hours ago 2 replies      
While I'm unsure about the inability to join calls, I can at least agree that the Linux client is terrible.

I finally caved a few months ago, got an account, and started using it ("oh wow it handles 's/woops/fixed/', that's awesome")... until the client began freezing, chewing 100% CPU for as long as I patiently left it running, and not getting itself sorted out. Removing ~/.Skype (XDG, anybody?) and re-signing in worked... for about 3 minutes, at which point my profile data re-synced, and the client began choking again.

Last I tried the Web-integrated version (Skype icon, top-right of outlook.com et. al., takes a minute to become clickable) I couldn't even type "/me ..." - the line would send verbatim. At that point I gave up completely.

I used to use IRC but I find it too Spartan nowadays, but on the other hand I don't want to have to remember what chat tab is in what window, and I can't handle the idea of running 15 isolated instances of Webkit for all the separate chat systems out there, so that kills websites and most current "desktop" chat clients.

I don't use the Internet to communicate much, somewhat ironically. Everything drives me to distraction.


- XDG: TL;DR = says stuff should be in ~/.config, ~/.cache, etc. https://wiki.archlinux.org/index.php/XDG_Base_Directory_supp...

- I cannot help but admire the reverse-engineering going on at https://github.com/EionRobb/skype4pidgin/tree/master/skypewe... to make the outlook/skype web integration programmatically consumable. I have no idea how it works but the commits are very recent, which is a big positive sign.

StreamBright 5 hours ago 3 replies      
My biggest disappointment with the business version the fact that it is impossible to turn off the pop up notification when somebody logs in or out from Skype. Before you post me URL from the support website, non of them works, everybody in the office (10+ engineers) tried to disable this but no success. The only way you block that is to put yourself into do not disturb mode, but than non of the legitimate notifications are displayed either. Skype for business is a perfect distraction tool without providing any quality or functionality that other software already have. I just do not understand that in 2016 MS is at this level when it comes to user experience after being in the user facing software business over 40 years.
mcs_ 3 hours ago 1 reply      
46 active contacts and 12 blocked account in my Skype (2014 Skype and/or Microsoft Patents Pending)

Family: Wife (mac), Mom(ubuntu) and Sister(win)All - Family = work or business (i can safely say that 90% are OS from MS).

Do I want all those contacts in my slack ?No i don't.

Do I want to change to another very powerful chat system?Well, sometimes connect sqlite3 to find a conversation is not really what i want to do but the problem is to use chat system as storage for important communication so, No I don't what another shitty chat system.

My "rest folder" contains current work, future work, very good and bad work experiences from the past and maybe unplanned new jobs.

People are still there in green every morning cause they may want support or want to give jobs and after they pay they tends to use less email and more (shitty) chat systems.

In my case skype is only for work and i don't what to confuse the clear skype sound in my phone with something else that the work. Remove those contacts today means lose money tomorrow, i cannot remove that program and it is immediately installed after vim and git.

So after declaring to be a slave of skype like many others, I don't ask microsoft to change it, to fix it, to improve it or do it more cool or modern. I ask for my freedom: We need public, usable and having a sane license API to build something _better_ around it and remove that green icon from the status bar or my GNU/Linux Mint.

lawl 5 hours ago 0 replies      
I use web.skype.com these days. I don't want that piece of crapware installed on my box, as I don't trust it.

The web client works well enough for chat so I can talk to my friends who don't want to move away from it.

It does however not support calls since for some reason it needs a browser plugin for that. WebRTC would clearly be too easy.So I just link people a Firefox Hello link whenever they want to use voice.

edent 6 hours ago 3 replies      
This is very disappointing. Skype has been one of those "just works" solutions for calling distant family members - even if they're running underpowered hardware.

I currently use https://tel.red/ to connect to Lync / "Skype for Business" on Linux. I wonder if that's a possible solution?

binarez 4 hours ago 0 replies      
Some (most?) of my contacts are not showing up online when I use the official Skype client on Linux. I use the web client:


oever 6 hours ago 2 replies      
I'm a happy user of VOIP. Instead of using skype, I use SIP for which there are many computer programs. A good convenient program is CSipSimple.


edent 5 hours ago 1 reply      
> but starting from February 22 the Linux client is unable to join calls

Hmmm... My Linux client just made a successful voice & video call to an OSX Skype client.

While it would be nice if Skype was properly maintained, I'm not sure quite what the "unable to join calls" bit is all about.

kelvin0 2 hours ago 0 replies      
Under the best of circumstances, Skype on WINDOWS is at best barely functional (I know we use it every day for remote business meetings). So I can hardly be surprised any other OS's client is so broken ...8.5 Billion!http://www.wired.com/2011/05/microsoft-buys-skype-2/
coldtea 5 hours ago 0 replies      
>Skype keeps ignoring people who complain or are having issues with Linux client

Well, if they are too few and far between compared to Windows, OS X, iOS and Android then it makes sense. Opportunity cost et al.

And, while it's often brought up, I think that when it comes to consumer products (as opposed to server and dev stuff) Linux users don't really have some kind of "extra-influence" to compensate for being a niche group.

Zash 4 hours ago 1 reply      
Skype hasn't been a pain on Linux since the Microsoft takeover. It was a huge pain long before.

XMPP with http://swift.im/ and http://conversations.im/ is much more pleasant.

ohitsdom 3 hours ago 0 replies      
Skype on Windows is awful. Frequent crashes, shared screens drop all the time, and very inefficient. Only reason it's not uninstalled is that we have to use it at work.
theinternetman 3 hours ago 0 replies      
Skype feels like it runs just as well on my brand new laptop as it used to do on my 9 year old machine.

As in not well at all and whenever any progress has been made with computing speed the Skype team have refactored their app to perform just as poorly on the new hardware.

Also why is the "Skype Home" part of the app just a facebook advert? I don't have an FB account so Skype tells me to get one every time I open it. Seemingly FB is more important than my contacts.

joeyspn 2 hours ago 0 replies      
Meet Jitsi...


It's a nice FOSS alternative for group calling.

_druu 4 hours ago 2 replies      
Would've retweeted if it wasn't for the #thanksBill hashtag...

I haven't been on Windoze since I don't know how long. And the Mac Client is superb. Linux client, absolute desaster, indeed.

But still, this has absolutely nothing to do with Bill.

spronkey 5 hours ago 1 reply      
It's not just the Linux client. The Windows client has terrible usability issues too.
lyncisnice 5 hours ago 1 reply      
Is this a surprise, really?

Lync (their custom, completely incompatibile VOIP solution sold to -- idiots, essentially) only works half-decently on windows. There's an OSX option, but it's just a factual checklist on the product spec, as in reality it's garbage.

The best part, is that "skype for business" actually lowers the quality of the product even more. I had my own set of issues with Lync, but it just doubled since we had to transition.

And that's for the "business" side.

farresito 5 hours ago 1 reply      
The Linux client is pretty disappointing, to be honest. The only reason I keep using Skype is because of friends using it.
bronlund 5 hours ago 6 replies      
Why people use Skype is beyond me.
superskierpat 36 minutes ago 0 replies      
Cant wait for the various tox clients to stabilize.
ghostek 3 hours ago 0 replies      
Skype for Linux was declared dead under Palmer's, resources reduced to a minimum and new versions and features blocked. Skype CEOs and CTOs at that time are equally responsible, made millions and disappeared. It's been an uphill battle since, you can found some linux developers on LinkedIn and ask them. A joke that goes around is that Skype could die soon this year unless it turns profitable. Anyway, from a business perspective MS doesn't understand or value Linux desktop, so nothing to be surprised here.
chtfn 3 hours ago 0 replies      
I recommend trying jitsi (meet.jit.si) for conferences with features.Ring is a new one, that looks very promising for secure multiplatform p2p one-on-one communication. (ring.cx)On my phone, I use CsipSimple with my trusty VOIP provider Diamondcard.us.
gargravarr 5 hours ago 1 reply      
Not sure I understand the issue here, can someone summarise? Yes, Skype is an utter POS on Linux (90s UI, total incompatibility with any of the fancy things like picture sharing, inability to join group calls etc.) but the link implies the client can no longer participate in calls. I was chatting to a friend just yesterday via the Linux client - they called me and I accepted the call.
martin-adams 3 hours ago 0 replies      
>> but starting from February 22 the Linux client is unable to join calls

My colleague using Ubuntu managed to join a call I made to her with no issue. There must be more to it I guess.

t0mislav 2 hours ago 0 replies      
It's time to simply abandon this sucker. It won't be easy, but I hope better alternative will emerge.
snowpanda 5 hours ago 0 replies      
I had to use Skype for work a lot. But things like this and the fact that I don't trust Skype enough to install it, kept me from using it.

So at the time I bought the cheapest Android phone I could find and used it just for Skype, it didnt even have a sim card. And I was always easy to reach for coworkers.

Hopefully this helps someone else in the same position. Luckily I dont have to use Skype anymore.

jayarcanum 3 hours ago 0 replies      
Skype on linux is akin to taking fertility drugs on birth control. It's super dumb and always feels dirty for no reason. It installs 127 packages and then removes only 112, leaving me saying I knew this was a mistake so that I could waste 15 minutes with TopTal because they can't get on a hangout. Skype is owned by the original nerd's evil empire what do you expect. Never should have tainted my system...
flurdy 6 hours ago 2 replies      
And this is a surprise?
nik736 5 hours ago 3 replies      
The Mac OS client is COMPLETELY BROKEN. Message orders change constantly, if you type fast the messages are jumping up and down constantly which is annoying since the order sometimes gets messed up.

Also the background colours of messages are bugged, sometimes my messages are grey, instead of being blue as they should be.

What the fuck?

Aoyagi 4 hours ago 0 replies      
Good. The sooner Skype ends, the better.
Gratsby 3 hours ago 0 replies      
Wow. My previous job had no phones only skype and most of us just had linux on our desktops.

There is a solution - Cisco Jabber. They have a hosted solution now. I can't find a link currently and I haven't used it since we have it on-premise. But I did talk with someone recently who worked on their cloud product.

lucb1e 3 hours ago 0 replies      
Honestly I'm really happy they haven't updated the client. Looking at the Windows client, I was happy they left a more serious and professional client for the Linux users.

Of course when you can't make calls anymore, it might be time to update the failing component...

shmerl 1 hour ago 0 replies      
Don't complain. Ditch it.
rciorba 5 hours ago 0 replies      
Great! I hope this way less and less people will expect me to use skype.
sandGorgon 4 hours ago 0 replies      
yes the linux client sucks... bu the OTHER linux client (i.e. Android) works beautifully. Which is why I cant wait for things like RemixOS or Intel's Android Linux [1]. With predictions that mobile chips will approach PS4 performance in 2017 [2], I cant help but wonder again if Valve made a colossal mistake in not basing SteamOS on desktop android.

[1] http://liliputing.com/2016/02/intels-android-smartphone-prot...

[2] http://venturebeat.com/2016/02/16/mobile-devices-will-be-mor...

_pmf_ 50 minutes ago 0 replies      
> Skype keeps ignoring people who complain or are having issues with Linux client

All 234 of them!

toxican 3 hours ago 1 reply      
The longer MS ignores Skype on linux, the happier I'll be. Unlike the Windows version, it's at least usable and a great deal more stable (in my experience, anyway)
stuaxo 5 hours ago 0 replies      
That is really poor, I have skype credit for when I go abroad and need to call the UK from a local number (e.g. Real good with banks or utilities).
andrey_utkin 4 hours ago 0 replies      
Sounds like great justification for my business contacts why I cannot have a voice call in Skype with them. Could anybody please give a link to official bugreport or serious announcement about breakage of calls?

User of XMPP (Jabber) with transport to Skype.

CSDude 5 hours ago 0 replies      
Skype is far inferior to any competitor. I just send a link to people through https://apprtc.appspot.com/ to have better video call experience. Skype does not even keep track of notifications cross devices. It was way better in the old days.
vasili111 5 hours ago 1 reply      
The reality is that, Skype is a kind of software that is better to use Windows version + WINE than native Linux version.
jaimehrubiks 3 hours ago 0 replies      
Discord is the best alternative, or at least it will be. It lacks 1to1 calls yet but they will be implemented. There are no plans for video or screen share yet i think though
stuaxo 1 hour ago 0 replies      
I took a call on it an hour ago, seems to be working fine ?
neppo 3 hours ago 0 replies      
I started using appear.in for quick video telephony.

The beauty with this one is that you don't need an account, you just send a invitation link via slack or mail

Sir_Substance 5 hours ago 2 replies      
The deep irony of this is that I prefer the linux client to the windows one (or did until it broke, haven't tried to make a call recently), because it is ad free, clean and simple. I wish there was a reverse-wine I could use to run it on windows.
mikescandy 2 hours ago 0 replies      
I guess the userbase is not worth investing. (As a Windows phone user, this is something I hear quite often)
georgeek 4 hours ago 0 replies      
They might be pushing users away from the Linux/Mac apps towads an online version of skype. Which is actually the easiest way to use their service, when you absolutely have to.
svendlarssen 3 hours ago 0 replies      
I've been complaining since Nov last year without any result. It's terrible and I really hope Skype will do something about it.
cevaris 2 hours ago 0 replies      
At this point isnt't like asking Microsoft to port over Word to Linux?
gurra 5 hours ago 0 replies      
Some of my contact lists disappeared the other day. I am using Skype 4.3 on Ubuntu 14.04. I am trying to move most of my communication to Slack, but some clients and friends are still on Skype which makes this a pain for me.
tome 5 hours ago 1 reply      
The quality of outbound calls to telephones ("Skype Out" I think) has dropped markedly recently. My respondants can't hear me about half the time. The quality seems to come and go by the week.
aurelien 41 minutes ago 0 replies      
ignore skype and use ekiga.
maweki 4 hours ago 0 replies      
I can no longer log in into skype for linux. Using the same username/password on Android works fine. No use in the Linux client.
gog 5 hours ago 1 reply      
Anbody have expirience with alternatives that provide group voice calls and support all platforms (win,linux,osx,ios,android)?

Group calls are the only thing I use Skype for...

gerardnll 4 hours ago 0 replies      
MacOS is also a competidor and I don't have any issues with it neither Skype has stopped updating the app.
amelius 4 hours ago 0 replies      
How well does video chatting work within the browser nowadays? If it works well, then I would say Skype's days are numbered.
PaulHoule 3 hours ago 0 replies      
Skype is getting pretty bad on windows too. Try it on a PlayStation vita.
nickforall 3 hours ago 0 replies      
Thank you very much for sharing, we're overwhelmed by all the tweets.
jaimehrubiks 3 hours ago 0 replies      
Skype was a grate sofware, now it is just a sad and buggy software
dschiptsov 2 hours ago 0 replies      
Why, it is Microsoft. Rudimentary Linux support is mere PR actions, be it for Skype or .Net or whatever.

Their strategy, obviously, is still platform lock-in.

mindo 4 hours ago 1 reply      
I'm surprised M$ haven't killed skype like the next day they bought it as they often do when they buy/take over companies and their products.

Skype is actually the only M$ product I use, and I would be more than happy to move to anything else as long as there would be a good alternative to it...

moonbug 4 hours ago 0 replies      
The only good communications program MS has ever produced is Comic Chat.
betimsl 3 hours ago 0 replies      
I'm a Linux user and I don't sign that.
sbose78 4 hours ago 0 replies      
If you are using for work, I would recommend HipChat !
rhabarba 3 hours ago 2 replies      
How many Linux issues are required before people stop using Linux?
kempe 4 hours ago 0 replies      
Skype always crashes when you log of a windows machine.
Kenji 4 hours ago 0 replies      
They keep ignoring all their users, Windows too. A couple of weeks ago, they shipped a completely broken version that would crash regularly and scramble the message order randomly if the messages were sent within ~1 minute. Hello QA? Where are you? Hello beta testing? You cannot ship a program this broken to all your users?!
exo762 4 hours ago 1 reply      
Microsoft is doing a service to all of us by destroying Skype. Nobody should use it anyway from the moment MS has bought it with sole purpose of handing data over to NSA&Friends.
ryanlol 5 hours ago 2 replies      
Does the OS X client work well for anyone else?

I keep having inability to join calls, getting stuck in calls and at worst even having the client say I'm not in any calls and no sound coming out of my speakers while others can still see me in the call and hear my microphone.

GitLab 8.5 released gitlab.com
602 points by doubleg  2 days ago   230 comments top 27
josteink 1 day ago 8 replies      
Looking at this thread here, Gitlab seems to be much more open about their development than Github, and has a real sense of community, yet Github (still) remains the popular option, despite their more community-hostile traditional board-meeting decision process.

Is there a gradual shift in the FOSS community towards Gitlab (which in all honesty would make more sense), or am I just seeing the enthusiast in this thread?

jobvandervoort 2 days ago 6 replies      
We're super excited with GitLab 8.5. It's much faster, no matter the size of your instance (but especially for larger instances).

The Todos, ability to revert commits and CNAME support for Pages, are things that have been much requested and we're happy to have now.

As always, we're here if anyone has any questions about anything.

flashm 2 days ago 3 replies      
I've moved all my private repos to Gitlab based on the chat on here and other places recently RE Github, Gitlab, and other solutions.

I'm very happy overall, the interface is great. It's a bit slower than github currently (the web interface) as I'm using the online version rather than self hosted, but apart from that it's really bloody good.

I'll be recommending it to others going forward and using it for all new repos that I want hosted.

praseodym 1 day ago 3 replies      
Their performance graph shows response timings up to 25 seconds [1]. GitHub's mean web response time goes up to 200 milliseconds. The difference is two orders of magnitude. Is GitLab really that much slower?!

[1] https://about.gitlab.com/images/8_5/issue_timings.png[2] https://status.github.com/

joaoqalves 1 day ago 2 replies      
When I met Gitlab, 3 years ago, I didn't expect this. The product is so much mature, the UI is so much better and the feature-set increased too. I respect these guys. The competition is though out there. Github is _the_ place where many git users started and is the _de facto_ standard for open-source/show-cases or even tech blogging, these days.

There are a few things that annoy me as a Gitlab user (UX things), apart from the search/responsiveness of the application. Moreover, they improved _a lot_ the installation/upgrade process over these years. I'm expecting big things from you now :)

Anyway I need to say that these guys have been working a lot and deserve much credit. Kudos for you, guys!

One of the things that annoys me most is that the homepage of the repository, where you have the README is not the same where you have a file browser (Perhaps this is Github-biased, but is soooooo much better. Think about it :)

nikolay 1 day ago 0 replies      
I love GitHub, I'm loyal and grateful to them for all they've done for us, but GitLab is significantly more agile these days and loyalty easily can be reassigned. Even Bitbucket is picking up development, so, if I was GitHub, I'd really seriously reorg and ramp up development and innovation!
pilif 2 days ago 3 replies      

> GitLab no longer loads large Git blobs (e.g. binary files) into memory when browsing a Git repository. This prevents timeouts and memory leaks.

Nope. Not loading something doesn't prevent memory leaks. It might make existing leaks not as bad (because you're leaking less).

Either you're not leaking at which point it doesn't matter how big the thing you load is, it will get freed once it's not used, or you're leaking at which point, yes, if you only load small things, you get to run for a longer time before you die, but you will still die eventually.

Only loading smaller things doesn't plug leaks.

Aside of that: This looks like a very impressive release. Congratulations!

lgp171188 1 day ago 1 reply      
Great job GitLab team! Way to go! Unfortunately I cannot use it for my projects till the issue https://gitlab.com/gitlab-org/gitlab-ce/issues/12920 exists. Hopefully, it will be resolved some time in the future.

I am firm believer in FOSS and I am very glad with GitLab embracing it as much as possible without affecting their revenues. I have started creating my new repositories on GitLab from this month

nrclark 1 day ago 2 replies      
Was 8.5 able to address either of these?

Large commits can't be viewed:


Users created via LDAP login continue to count towards the user-count even if the LDAP account is deleted:


palidanx 1 day ago 1 reply      
I just upgraded and the diffs are WAY faster now. Thanks so much for all of the hard work!
fweespeech 2 days ago 2 replies      
> With GitLab 8.5, were offering GitLab Geo as an Alpha to all our Enterprise Edition customers. Once GitLab Geo has left Alpha / Beta state, a special license will be required to use it.

I'm not sure I like this trend.

While I understand some features GitLab may feel its worth a "second license" fee, it sets a bad precedent.

Similarly, I don't want to give you $390/year for a GitLab instance with 2-3 users which keeps me from paying for the stuff I use for sideprojects. Although, tbh, if you are going the secondary license route for various features it seems I'm better off looking into an alternative and just implementing them myself.

I honestly was just using the post-receive hook, etc. for this sort of thing.

branchly2 1 day ago 1 reply      
When I go to github, there's a search bar at the top to search for the public repo I'm looking for.

I can't find the search feature at gitlab.com. How do I search for users or public repos of interest at gitlab?

ausjke 1 day ago 1 reply      
Still using redmine + gitolite here but have been watching Gitlab for a while, in fact I tried it yesterday and it's still quite resource hungry and slow(using DO's default installation with 1GB memory).

Redmine+Gitolite has nearly everything I need but Gitlab's code view interface is better. Redmine's backend seems running more efficiently but its interface is not modern enough at this point, especially on how to review git repos.

oneeyedpigeon 1 day ago 4 replies      
I'd love to try GitLab out, but the OSX installation instructions [1] are a bit of a put off. I'm not even sure if that's the right URL, but it's where google takes me. The instructions refer to a "runner"; I'm not really sure I understand what that is, and it's not explained anywhere. The "ci" makes me think this is something to do with continuous integration, so I'm really not sure if this is the right thing to be looking at.

The instructions also say "(In the future there will be a brew package)"; this is sorely needed!

[1] https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/blob/ma...

dman 1 day ago 1 reply      
Can i use dnf update on fedora to update the gitlab package if I have the repo installed? I am on fedora 23 and doing dnf update doesnt upgrade gitlab. Also doing a dnf install gitlab-ce gives me a message that gitlab-ce-8.2.0-ce.0.e17.x86_64 is already installed.
cheald 1 day ago 1 reply      
Very easy upgrade from 8.4.3 to 8.5 on Ubuntu using the omnibus packages. I did have to install bundler in my system Ruby (I have RVM on the system; the install scripts executed via apt-get apparently doesn't care), but that was the only hiccup.
mrmondo 1 day ago 0 replies      
Another great release in an incredibly fast turn around time, well done to the team and everyone that's contributed.
giancarlostoro 1 day ago 1 reply      
Are there any blog posts about techniques used to improve performance you guys would care to share? Thanks!
talles 1 day ago 3 replies      
> yes, all important things for those of you that speak Spanish or Portuguese

What do they mean by that?

koolba 1 day ago 1 reply      
Maybe a stupid question but is there a publicly hosted GitLab that provides free repo space (and the usual pay for private repos) or is it only self hosted?
whitenoice 2 days ago 2 replies      
Impressive release! Is there a guide on migrating from install from source to using omnibus? We currently upgrade from source but would like to move to omnibus.
d33 2 days ago 1 reply      
Two releases ago, updating was a bit of a pain for me, so I guess I'll wait until Friday with this one. Anyway, the new features sound really good!
amist 1 day ago 1 reply      
Still waiting for issues priority levels. Without it, the issues page is just a mess.
monksy 1 day ago 0 replies      
Awesome that theres a release.. but just as I'm migrating from one server that it has it built from source to a new one that uses the omnibus package.
exstudent2 1 day ago 1 reply      
Much faster! I notice it's rendering large source files instead of displaying them as binary now, so great!

One issue: I'm getting a really weird animation/hover over effect on the Gitlab icon in the upper left corner. Is that meant to happen? Is there a way to disable this.

Other than that, everyone should upgrade to this version.

dudul 1 day ago 1 reply      
Nice, looking forward to the upgrade to GitLab pages on gitlab.com !
quadrangle 1 day ago 3 replies      
This comment is not meant to be the main judgment on what is otherwise an interesting update, but:

> To focus on your content

shows a screenshot with extremely long text lines that are far harder to read than than when the sidebar thing helps keep the lines to a still-too-long-but-not-as-bad length. How does nobody at GitLab realize that you need some max-width or a container or something to keep text line length comfortably readable

(the same can be said for Hacker News, but everyone seems to know that it's ugly already)

Answers to your questions about Apple and security apple.com
543 points by mrexroad  2 days ago   362 comments top 39
panarky 2 days ago 5 replies      
This FAQ has more than 1000 words, but these are the words that matter:

 The only way to guarantee that such a powerful tool isnt abused and doesnt fall into the wrong hands is to never create it.
Can a court force a company or an individual to create something that does not exist?

China required Google to actively censor search results about sensitive topics, and Google quit China. (They may now be heading back [1].)

Bing stayed in China and silently replaced their organic results with government-approved propaganda [2].

The best way to prevent governments from oppressing their citizens is to refuse to create tools that enable oppression.

[1] http://www.theatlantic.com/technology/archive/2016/01/why-go...

[2] http://www.theguardian.com/technology/2014/feb/11/bing-censo...

af16090 1 day ago 4 replies      
One thing that I don't think has been covered enough in this whole debate about forcing Apple to unlock the iPhone is that "Farook and his wife destroyed their personal iPhones, and the hard drive from their computer was removed and has never been found"[1]. The iPhone the FBI is after is one that was issued to him by his employer. It seems to me to be very unlikely that Farook and his wife would go to the trouble to destroy all their other electronics but somehow forget to destroy his work phone (assuming his work phone had incriminating information on it in the first place).

[1]: http://www.usatoday.com/story/opinion/2016/02/18/apple-court...

dkopi 2 days ago 6 replies      
"Law enforcement agents around the country have already said they have hundreds of iPhones they want Apple to unlock if the FBI wins this case. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks. "

Actually - the master key, the backdoor, already exists.The master key is Apple's ability to sign a new version of IOS, and update the software on a locked phone.

The Federal government isn't asking Apple to create a backdoor. Their asking apple to use the backdoor that already exists.

mikeash 1 day ago 3 replies      
The question I'm most interested in is whether newer iPhones are still subject to this attack. Unless I missed it, no answer to that question is presented here.

It sure feels to me like Apple is dancing around that issue. I'm betting that newer iPhones are still vulnerable, and Apple is a bit embarrassed at dropping the ball there. (The Secure Enclave stuff doesn't necessarily protect against this attack, it depends on how it's implemented and the official documentation doesn't quite say.)

If nothing sooner, it's going to be interesting to see what happens in the fall when iOS 10 and the iPhone 7 presumably will ship, along with a new version of Apple's iOS security guide. Diffing that with the 2015 edition could prove quite educational.

jonpaine 1 day ago 5 replies      
Can someone ELI5 a typical opinion in support of the Government's case? I've read through various comments and I haven't seen a concise opinion in favor and am genuinely curious.

Does it boil down to (1) trust that the Government won't abuse the existence of the tool and (2) trust that the tool will never be leaked?

Or is it more fundamental - that the target data is so valuable that the ends justify the means?

I know it's more nuanced than that, but I think - in particular -someone's view on the All Writs component just follows their view on the above in most cases.

[edit]: I'm considering this a research sub-thread, not a debate sub-thread. Trying to understand, not convince. So forgive me for not responding one way or the other.

kingnothing 1 day ago 3 replies      
In all likelihood, the NSA has already created this hacked version of iOS that does exactly what the FBI is requesting. The government can probably already get the data off of the phone if that's all they're after. But it probably isn't. I imagine all of this is so the government can try to set precedent in order to publicly use that technology in courtrooms and investigations instead of having to keep it hidden from the world.
pilif 2 days ago 1 reply      
>>The government says your objection appears to be based on concern for your business model and marketing strategy. Is that true?

> Absolutely not. Nothing could be further from the truth. This is and always has been about our customers.

so it is about marketing :-)

All joking aside though, I agree strongly with this document and I'm both a bit surprised and very happy about their detailed arguments and about the passion they put into this issue.

As a customer I'm happy to see that they are really fighting for me and not giving in, even to the point of refusing a comparatively reasonable request out of fear of producing a precedent.

ericfrederich 1 day ago 1 reply      
> Is it technically possible to do what the government has ordered?

>>Yes, it is certainly possible to create an entirely new operating system to undermine our security features as the government wants.

So... something to fix in the next release. Apple could be doing this all along. Maybe they've already done it in the past via a FISA warrant.

My point is, if you rely on software for security, and that software can be "upgraded" at any time by the manufacturer, it's a problem.This is the definition of a back door.They could design their OS so that it has to be unlocked to "upgrade", but they didn't...

interpol_p 2 days ago 3 replies      
This letter comes off very strongly. It's as if they treat the government as just another customer. The way they describe their process for assisting law enforcement almost reads like their process for providing developer support:

> We also provide guidelines on our website for law enforcement agencies so they know exactly what we are able to access and what legal authority we need to see before we can help them.

The concerning portion of this letter is:

> Yes, it is certainly possible to create an entirely new operating system to undermine our security features as the government wants.

I have a feeling Apple is currently working on preventing updates to the Secure Enclave ROM from happening while a phone is locked (or at least ensuring the keys are wiped if it does happen while a phone is locked).

atourgates 1 day ago 4 replies      
One thing I don't understand is, what prevents the FBI (or Apple or anyone else) from duplicating the contents of the iPhone in question to a virtual machine, then trying the 10,000 possible 4-digit unlock combinations on virtual machines until they find the correct one?

I assume that since this seems like a fairly easy solution that it's not possible, but what makes it not possible?

frogpelt 1 day ago 2 replies      
One question for the FBI: why so much investigation over a crime committed by someone who is dead?

Based on the nature of the crime, I'm guessing there weren't many accomplices. The one guy who helped him get the guns is probably where they need to be focusing their investigation and interrogation. If ISIS helped him, how? He took a gun to work and killed people. That's not an elaborate scheme.

It does not benefit the FBI to lose goodwill with the American people over this case.

madez 2 days ago 1 reply      
When Apple says that theyve never unlocked a device for the authorities one should keep in mind that the authorities have and use the power to force entities to respond this way.
johnrob 1 day ago 1 reply      
Could Apple alter the icloud account in question such that a login succeeds with any password or session key? I wonder if there is some variant of that which would allow the remote backup strategy to work.
specialist 2 days ago 1 reply      
I was surprised to learn that iOS 4 - 8 permits updating the firmware without first entering the PIN.

Device Firmware Update modehttps://www.theiphonewiki.com/wiki/DFU_Mode

This technical factoid is relevant to the current discussion. I did not understand how creating a custom firmware was useful.

To further ground the discussion, I found this informative:

Legal Process Guidelines U.S. Law Enforcement


Whereas before I was firmly against Apple helping to crack the San Bernadino iPhone, I'm now merely mostly against.

I don't understand how this action can help FBI. What additional, unique information could possibly be on this phone that they couldn't discover by alternate means?

I don't understand how an error by FBI obligates Apple to clean up their mess.

My understanding is that iOS 9 changed things so that this kind of forensics backdoor is no longer possible, mooting this discussion.

FBI should take their lumps and learn from their mistakes.

cballard 2 days ago 2 replies      
> Yes, it is certainly possible to create an entirely new operating system to undermine our security features as the government wants. But its something we believe is too dangerous to do. The only way to guarantee that such a powerful tool isnt abused and doesnt fall into the wrong hands is to never create it.

Is this just security through obscurity, then?

zeveb 2 days ago 1 reply      
The contradict themselves:

> Is it technically possible to do what the government has ordered? Yes, it is certainly possible to create an entirely new operating system to undermine our security features as the government wants.

And yet:

> We have done everything thats both within our power and within the law to help in this case.

If it's possible for them to do it, then it's within their power, and it's perfectly within the law for Apple to write a custom OS and deploy it onto a device with the device's owner's permission (in this case, the owner is the County of San Bernardino).

They don't want to do it. Heck, I don't want them to be able to do it. But they can, because they designed a system which they can backdoor.

nebulous1 1 day ago 1 reply      
They could have/should have circumvented all this by not allowing firmware to be forced onto a locked phone without it wiping its own key store.

Admittedly users could also solve the issue for themselves by using much longer passwords instead of short passcodes.

ikeboy 2 days ago 3 replies      
>The digital world is very different from the physical world. In the physical world you can destroy something and its gone. But in the digital world, the technique, once created, could be used over and over again, on any number of devices.

They leave out the fact that Apple would need to sign (literally, using their private key) every time it is used.

>Unfortunately, we learned that while the attackers iPhone was in FBI custody the Apple ID password associated with the phone was changed. Changing this password meant the phone could no longer access iCloud services.

Why can't Apple change the password back, reset the flag that says the password was changed, and have them turn it on again?

cpt1138 1 day ago 0 replies      
My primary concern here is that there are 14 people dead and the powers that are asking for this obviously failed to protect them. To me the arguments people are making for Apple to comply are like abstinence education. Despite all facts pointing to the effect that with all that they ALREADY have on us they are completely useless at "protecting the American public" why are they using that as an argument here? Obviously because people are still buying it, but at some point shouldn't we point back to fact that they were unable to stop 14 people being massacred?
spiralpolitik 1 day ago 1 reply      
Isn't the solution for Apple to have the phone also sign the firmware update so that the user has to enter their passcode to accept the update and sign the signature of their key.

If the firmware isn't signed by both keys (the users public key being stored in the secure enclave) then the phone should refuse to boot.

That way even if Apple is compelled to sign a rogue firmware, it still requires the user must also be compelled to accept it.

exodust 1 day ago 1 reply      
>"hundreds of iPhones they want Apple to unlock if the FBI wins this case."

Only hundreds?

It's not "unlocking" anyway, it's exposing the phones to an opportunity of cracking them open. A non-trivial time-consuming task, hardly the domain of opportunistic hackers with stolen iPhones.

>"government-ordered backdoor."

"Backdoor" is not what is being asked for, so they shouldn't use the word "backdoor".

Encryption is not under threat by this request. If raw computing power can break the encryption, then Apple should improve their encryption. Use more bits, more salt or whatever. Make it so a computer needs 50 years to crack a password, even with electronic brute force. Then it wouldn't matter whether the self-destruct kicked in or not.

And no mention of the compromise offer for Apple to keep the alternative OS on their premises and destroy it after.

Apple are trying just a bit too hard to "not put customers at risk". The risk is almost zero.

If Apple's security was as good as they claim, then not even Apple, no matter what they did to help, could crack the phone. That's where we want to be. At the point where it simply doesn't matter what the FBI asks for, the phone is uncrackable. Sounds to me like we're not there yet. Apple helping crack this phone will help us get there. And that's why I don't agree with Apple's position here. Let's see this phone cracked open, and then evolve the security to a point where a similar request would be impossible to achieve no matter what Apple or anyone did.

uptown 1 day ago 0 replies      
If corporations are people, would requiring a corporation to produce work product constitute a form of slavery? Or if writing code is a form of speech, would forcing them to write code violate their constitutional right to free speech?
euroclydon 2 days ago 1 reply      
I would like to know the technical limitation law enforcement is facing when trying to decrypt data in iOS 8.

I assume the data is encrypted using a key derived from the user's passcode, and that that key is purged from device memory after an idle period. Brute force attempts to guess the passcode are throttled, and too many attempts cause the device to delete the encrypted data.

Can someone confirm I'm on track so far?

Then, law enforcement would be limited to trying to circumvent the passcode entering throttling logic on the device, which Apple has physically engineered to be a destructive operation, thus it's outside the capabilities of even the most sophisticated technology labs in the US government?

Am I still on track?

coldcode 2 days ago 0 replies      
To me this post explained a lot of the legal side of the issue: http://www.zdziarski.com/blog/?p=5645 I think it may have been on HN earlier.
ryanmarsh 1 day ago 0 replies      
Our forthright discussion on this issue on HN, while valuable, will not help the broader problem of educating the voting public. It's kind of like John Oliver's interview with Edward Snowden[1]. This issue needs to be translated into "pics of my junk" and become a sort of meme. Is the issue being framed wrong more of a problem than it not being framed at all?

1. https://m.youtube.com/watch?v=XEVlyP4_11M

hipaulshi 1 day ago 1 reply      
Maybe I shall starting offer 1m USD dollars for leaking this said software to me. O.k. I am just kidding, but just imagine how much some organizations are willing to offer to get hands on this. Will you ever trust Apple again if it known this software is leaked? What if such software is leaked to a competitor corporate? What is such software is leaked to an enemy spy agency? Apple will be very doomed.
glasz 1 day ago 0 replies      
i want to believe. but i'm having a hard time.

according to the new york times, for whatever they are still worth

> Apple had asked the F.B.I. to issue its application for the tool under seal. But the government made it public, prompting Mr. Cook to go into bunker mode to draft a response, according to people privy to the discussions, who spoke on condition of anonymity.


is the nyt reporting correct? i know they tend to side with natsec bullshit. i fear this being a really big pr stunt.

also, the nsa siding with apple is just an expression of rivalry, no?

allemagne 1 day ago 2 replies      
The only two reactions to this news seems to be cynicism and praise. I think both voices in response to Apple's letters are valid and useful for improving user security in the future, and yet incomplete by themselves.

Sure, Apple should be praised for refusing to give government agencies the ability to unlock an iPhone, but a significant part of their motivation is not altruistic. It's in Apple's self-interest to make a stand in this case, but we can't always trust corporations to prioritize customer privacy over caving to government pressure.

Similarly, Apple has already admitted that a backdoor exists for all iPhones. In my opinion, this is an inexcusable security hole at best, and at worst an implication that Apple intended at some point to comply with government requests for encrypted information. However, the fact that the FBI has made this request in the first place, and that Apple is in a position to decline (at least initially) and make it public, is a good sign that the three-letter agencies may not be as all-knowing as some may fear.

staunch 1 day ago 0 replies      
If it wasn't for Tim Cook...all the other tech giants are failing ethically.
edibleEnergy 1 day ago 0 replies      
Can they not just clone the disk and bring it up in a vm? Is there anything that would prevent them from building some tooling for that?
geekrax 1 day ago 0 replies      
Thing that bugs me most is the url `/customer-letter`.Is this the one and only "Customer Letter" they're ever going to write?
jmount 1 day ago 0 replies      
Certainly claims to be a different Apple than the one that released the iPhone3 that claimed it encrypted Exchange 2007 data (when it did not).
gboudrias 1 day ago 0 replies      
I dislike Apple as a matter of principle, but I really love them when they are kicking and screaming for the right cause.
an_account 1 day ago 1 reply      
Why can the FBI just create a modified operating system?

I haven't seen this question answered anywhere.

rtpg 2 days ago 5 replies      
Disclaimer: kind of glad that Apple's making noise, but kind of frustrated that it's about this specific case.

The answers to these questions has some pretty deceitful phrasing....

>First, the government would have us write an entirely new operating system for their use.

Only "new" in the sense of not being exactly the same as the current one. Implies much more work than we know to be the case.

>Law enforcement agents around the country have already said they have hundreds of iPhones they want Apple to unlock if the FBI wins this case. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks.

The master key analogy falls apart because the order specifically calls for making a version that only works on a targeted phone. At best it would be the equivalent of Apple being asked to make many individual keys. Unless, of course, they want to make a version of iOS with the exploit that would work on any iPhone.

> Of course, Apple would do our best to protect that key, but in a world where all of our data is under constant threat, it would be relentlessly attacked by hackers and cybercriminals. A

This is implying hackers could do anything with a version of iOS that is made to only work on one phone. You could absolutely release the update file that the FBI is asking for and have no risk of compromising anything because (again) this is for a specific phone.

>Has Apple unlocked iPhones for law enforcement in the past?>No.

(The answer then proceeds to say "Actually yes we have, just not past iOS 8)

>For devices running the iPhone operating systems prior to iOS 8 and under a lawful court order, we have extracted data from an iPhone.

>We feel strongly that if we were to do what the government has asked of us to create a backdoor to our products

Using a backdoor already existing in your product...

>One of the strongest suggestions we offered was that they pair the phone to a previously joined network, which would allow them to back up the phone and get the data they are now asking for. Unfortunately, we learned that while the attackers iPhone was in FBI custody the Apple ID password associated with the phone was changed. Changing this password meant the phone could no longer access iCloud services.

Seriously FBI?

I know this letter isn't for me. I want to be on Apple's side based off of how they present the case. But if you look at the court order, off of the fact that the FBI got a warrant for a specific device, off of the fact that they're asking for an unlock of a specific phone, off of the fact that its technically feasible to do this without compromising all iPhones thanks to digital signage...

My impression is that Apple's position is that its technically infeasible to make this exploit, which isn't really true.

There's the other "but with this, we'll have to do a bunch of phones" argument... is there a term for being overburdened with writs from the court? What's the constitutional protection against that? That feels like the only valid defence at this point for them (from a legal standpoint)

hahainternet 1 day ago 2 replies      
> Should we put in place ubiquitous video and audio surveillance in every square foot of the country just in case the FBI ever wants to review something that happened?

In public areas that are often visited? Absolutely yes, an unbiased source of evidence available to the public? Excellent.

> Law enforcement has apparently lost the ability to do on the ground investigation work in favor of whiz bang-ery

Apple has provided a child porn trading network protected by the very principles of mathematics and their refusal to cooperate with the FBI.

What they're doing is precisely what any law enforcement agency would.

hahainternet 2 days ago 2 replies      
> I, for one, would like to live in a country where the government is a servant, not a master.

Would you? Why not Somalia?

hahainternet 2 days ago 2 replies      
> The issue is the precedent that is made

That searching the effects of a dead terrorist is acceptable? I really don't find this objectionable in any way whatsoever.

> Apple could no longer argue they had to create something to fulfill the warrant, since it was already created.

Good, Apple's desires to not be subject to the laws of nations where they do business has historically hurt their customers. Even now people argue that Apple are doing this to protect their customers of which there's no evidence whatsoever.

tacos 2 days ago 0 replies      
There comes a time where the only competition for a huge corporation is the government. And you can't win that one (AT&T) -- even when you do (Microsoft).
Why Apple Is Right to Challenge an Order to Help the F.B.I nytimes.com
418 points by doe88  5 days ago   311 comments top 31
msravi 5 days ago 6 replies      
From here (4th para from the end): http://www.nytimes.com/2016/02/19/technology/how-tim-cook-be...

"Apple had asked the F.B.I. to issue its application for the tool under seal. But the government made it public, prompting Mr. Cook to go into bunker mode to draft a response, according to people privy to the discussions, who spoke on condition of anonymity."

If this is true, it sort-of implies that Apple would have done it, but secretly, and they were forced to take their very public stance because of the FBI's posturing.

bsder 5 days ago 8 replies      
The best way to put this for the other side is:

"How about we start with FBI mandated remote control gun disablers given that it's guns that killed these people? Oh, you're concerned that someone will figure out how to bypass it, and it won't just be the FBI disabling your gun?

Congratulations. You now understand my position."

cptskippy 5 days ago 1 reply      
What bothers me most about this article is the following statement which is accepted without contest.

"Law enforcement agencies have a legitimate need for evidence, which is all the more pressing in terrorism cases."

What makes a terrorism case more pressing? How many domestic terrorist attacks have had related followup attacks? How many domestic terrorist cases have been linked to other domestic terrorist attacks? How many domestic terrorist attacks have been carried out by the same set of individuals or groups?

The reality is that domestic terrorist attacks are not common or frequent, there is no urgency in investigating them because they do not lead to followup attacks. They're coordinated events, not a series of related events so there's no pressing urgency?

grecy 5 days ago 9 replies      
I've been explaining this case to others and I've come up with a good way to make them understand.

"Instead of the FBI making this request, how would you feel if the Government of China were asking? or Russia, or Syria? Do you want them to have the ability to read your encrypted data off your iPhone?"

buzzdenver 5 days ago 7 replies      
Doesn't the fact that Apple is capable of unlocking the phone mean that a backdoor already exists ? Then it's just a question of a lone wolf telling the FBI how to do it, maybe along with using some secret keys that could be stolen if Apple is hacked like Sony was. I would like a phone that is unhackable even by its creator. Anything else is just a question of time to get broken into.
moonshinefe 5 days ago 3 replies      
The fact that Apple has made this issue very public (with http://www.apple.com/customer-letter/) is unprecedented almost (Lavabit and SOPA had some similarities). I applaud them for taking a stand and not just giving in.

If this legal precedent gets set that the FBI can force US tech companies to break into their own customers' encrypted data, you can bet the industry will lose millions if not billions of dollars worldwide in tainted reputation.

Who's going to buy US companies' devices that claim privacy via encryption if they're easily backdoored at the FBI's request?

ikeboy 5 days ago 1 reply      
> It is also theoretically possible that hackers could steal the software from the companys servers.

It's also theoretically possible for hackers to steal Apple's private key from their servers, in the exact same way. As far as I see, there's no change to the threat model by Apple making a new software version, and signing it using the same process they use to sign other versions of iOS. It's useless if not signed, so the real worry is someone having the ability to sign it, and that applies exactly the same if Apple signs iOS or FBiOS.

This suggests the authors don't understand the technology well enough to know this.

edit: this is assuming the software is locked to a specific device. So the signing doesn't matter to any other device. If the software worked on all devices, then a leak of a signed version would be problematic. Although even if they couldn't lock it to device, they could make it only work for a short time, say a week, so if that signed version leaks later it would have no effects (I'm not sure if you can change the clock on a phone without unlocking it though).

zaroth 5 days ago 0 replies      
The problem is not ability to search the device after it has been cracked, the problem is specifically does the government have the power to force companies to develop backdoors for their own devices?

In this case the cracking capability is for a locked phone in FBI possession. Let's assume the same technique isn't possible on newer phones. So what about the next case where the FBI wants remote access over LTE while the phone is unlocked / in use by the suspect?

If you can use All Writs Act to compel Apple to develop the first backdoor, then surely the same is true for the second.

chrischen 5 days ago 3 replies      
This is also a great product move by Apple, as if they win it shows even the FBI can't access your locked phone.
marincounty 5 days ago 0 replies      
Does anyone feel this whole incident is a carefully staged by the FBI and Apple?

I'm not into conspiracy theories, but I'm wondering on this one.

Why would the FBI, or Apple make this so public? The Apple letter seemed staged?

The federal government always seems to get what it wants in the end, especially if one has a lot to lose?

I imagine the conversation starts off with an indignant, appalled CEO.

"Hell No--I'm not giving you access to my customers data!"

Federal government counters with, "Do you want us to scrutinize your past, and present life?"

"Do you want us to look at every stock trade you ever made?"

"Do you want us to publicize the personal information we have on you already?

"You know we can make your life misserable? You know we can make your companies life misserable?"

No this isn't Russia, but our law enforcement branch of the federal government scares me, and I'm a nobody. There's been some deaths, especially in tech, that seem suspicious. The drug overdoses--guy in San Francisco that was about to give a talk on ATM hacking comes to mind.

That tech guy who died in that fiery car crash on Los Angeles.

(I don't want to argue with anyone. I have no evidence. Just a weird feeling. And yes, Tim Cook seems like a choir boy. He comes across as someone who doesn't even jay walk.)

rrggrr 5 days ago 0 replies      
Let iPhone users opt-in and you'll find far fewer proponents of backdoor encryption than will be reflected in Congress. I wouldn't be surprised if most in the LE and Intel communities didn't opt-in. Why? Perhaps because the USGOV has yet to prove they can keep their own data secure. The Office of Personnel Management hack, Clinton official emails on a private server, and many more instances have shaken the faith in USGOVs ability to be an effective steward. I'm in favor of master keys for the FBI after they prove to the public, in a transparent and accountable manner, that those keys can be kept unassailably secure from misappropriation or abuse.
cmurf 5 days ago 0 replies      
What if Apple's coerced firmware update bricks the phone? That's destruction of evidence they'd need immunity from. What trust and conflicts arise when a company has blanket immunity from such evidence being destroyed?

So many slippery slopes.

mrb 5 days ago 4 replies      
Off topic, but: "Apple is doing the right thing in challenging the federal court ruling requiring that it comply"

I am not a native English speaker. Why "it comply" and not "it complies"?

geggam 4 days ago 0 replies      
When two nuts with rifles trigger a "National Security" problem I think the problem is with the Nation not the people.

What happens when an entire nation threatens us ?

stillsut 4 days ago 0 replies      
Couple of thoughts:

- Doesn't an iPhone become completely secure if you prevent if from passively polling for OS updates. If the iPhone would only poll and install updates after user un-locks and allows, then there would be no way change the necessary software configuration without breaking the encryption. And the encryption can't be broken, thus if you could chose OS -level default "don't accept or even check for any updates without user permnission" you really would have an unbreakable device. But if they ever did implement this, it would be terrible for Apple's forced upgrades and their platform would fragment into many incompatible versions. I think everyone knows which option Apple will chose between: CompletelySecurePhoneOS or AbilityToForceUpgradesAndPatches.

- Correct me if I'm wrong but didn't Tim Cook initially state cracking this phone was impossible according to Apple's experts? And now it seems it's a quite reasonable issue of Apple signing an OS-update specific to this device's unique ID; so quite feasible. So was that a lie?

TheAppGuy 5 days ago 1 reply      
I've got a feeling we're being manipulated by someone with an agenda at play.
EGreg 5 days ago 0 replies      
All they need to do is compel companies (by hook or by crook) to install backdoors in their algorithms or hardware.




Who is to say that other state actors haven't done the same to chips produced by their companies? The truth is, the genie is out of the bottle.

A year and a half ago, I wrote a serious article on this: http://magarshak.com/blog/?p=169

InTheArena 5 days ago 1 reply      
The guy who wrote the two most important 4th amendment case opinions over the last thirty years (both in favor of privacy rights, both by 5:4 votes), and who had the longest record of cracking down on laws that were being stretched to cover uses never imagined (which by definition, the Writs law is being abused) just died.

It's not good timing....

tosseraccount 5 days ago 1 reply      
Apple indeed may have a right to refuse the administration.Does the administration have the right to remove Apple Computer from the GSA government purchasing schedule?
GnarfGnarf 5 days ago 2 replies      
Why doesn't the FBI copy the contents of the terrorist Farook's iPhone to a second iPhone (after all, it's only a hard drive). Make ten attempts on the second iPhone, brick it, then copy the contents again, try the next ten digits, and so on until they hit the combination?
LeicaLatte 5 days ago 1 reply      
Curious if Apple is breaking any user agreements if they end up doing this. Sharing information on servers is one thing. Sharing a key which enables access to all future communication too is different. Does their EULA cover such scenarios? Can it open them up to possible lawsuits from its users?
clumsysmurf 5 days ago 7 replies      
One thing I hope can be clarified: Is the FBI asking Apple to patch iOS on this one device, one time only (in a way that can not be reused) ... or are they asking Apple to provide a "reusable" patch / modification that allows future devices to be accessed?
mgleason_3 5 days ago 2 replies      
Given the powers and size of the national security budget and the NSAs in particular, why do they need Apple? Shouldnt the NSA be able to crack this on their own?

Kinda makes ya wonder what all that moneys spent on...

Shivetya 5 days ago 0 replies      
So here is a simple question. How will we know if the US becomes successful in having manufactures put in a backdoor? Can it be done to the current 6 models through a software update?
j_m_b 5 days ago 0 replies      
Glad to see this from the editorial board of the NYTimes
jy2947 4 days ago 0 replies      
I may be wrong - but I have a feeling that, technology companies like apple and google are developing software on device to make user data so protected that they will say "I can not technically to crack my software" even ordered by a Judge (presumably for legit reason), thus the DOJ is using this case trying to prevent it from happening. And, if this is the case, then personally I am at the DOJ side, because I recognize this is a less ideal world (actually I think it is even worse), and this country is technically in a war.
Tepix 5 days ago 0 replies      
Has there been any precedent of (the|a) government forcing someone to sign a piece of code against their will?
redindian75 5 days ago 4 replies      
Wonder why can FBI just hand the phone to Apple keep the phone just get the data we don't needed specifics.
botw 5 days ago 0 replies      
I wonder why the head of FBI didn't ask Tim Cook first in private. or I missed something?
marcoperaza 5 days ago 1 reply      
TLDR for what follows: Mandated backdoors must be a red line, but this is not a request for a backdoor and actually seems pretty reasonable. Trying to argue that the tech industry shouldn't help, even in this case, is not only the wrong position in my book, but a sure way to lose the bigger debate.

My views on the general encryption controversy are:

1. Everyone must be free to make their technology as secure as they possibly can. There can be no mandated weakening of security, back-doors, or other requirements to make the information more easily accessible by law enforcement. On newer iPhones, Apple has patched up the flaw that the FBI wants their help with exploiting. They must continue to be allowed to do that.

2. The government must be able to demand, with a court order predicated on probable cause, that companies provide any and all information that they have that could be useful in circumventing their security features. This can be everything from technical specifications and threat-model analyses, to lists of unpatched vulnerabilities and code-signing keys.

3. It seems to me that American companies have a moral obligation that goes beyond the legal obligations in point #2. They should be actively assisting the government in recovering information, especially when concerning issues of national security. In extreme circumstances, like total war, this should definitely be legally mandated. I'm undecided as to what the policy should be generally. On a practical level, it's probably not feasible for the government to, e.g. start hacking around the iOS codebase themselves, so just information might not be enough.

I'm not too troubled by this court order, especially given the particular circumstances. The right to make products as secure as you can, even from yourself and the government, is what's really important to defend. Trying to argue that the tech industry shouldn't help, even in this case, is not only the wrong position in my book, but a sure way to lose the bigger debate.

Apple's definition of "backdoor" is highly suspect. A backdoor is if I ship my product with an intentional vulnerability, so that I can hack into it later. Apple's not being forced to add a backdoor, it already exists because the security features break down against an adversary that has Apple's private key, at least for the default 4-digit PIN configuration. Now the government is asking them to use their own capabilities to help hack this phone. Of course, Apple didn't create this backdoor for malicious reasons, they just didn't include themselves in the threat-model, greatly simplifying updates and other security features, and allowing the walled-gardenness of iOS. It's also central to the walled-garden. Curiously, this is in direct contradiction to their claim for some time now, that they were designing iPhones such that they themselves can't break into them.

Now put yourself in a Congressman's shoes. The FBI has been telling you for years that tech companies are being purposefully antagonistic to their legitimate search and seizure authority. That the tech companies are purposefully designing features with the sole intention of shutting the government out. Now here's a case where there was no mandated backdoor, the government was able to devise an exploit method, and they got a court order from a judge to make Apple use it on a dead terrorist's phone. "Mandatory backdoors would hurt everyone's security", one of the arguments that we've been winning with, now sounds like a bullshit cover for "we are against any government surveillance". Can you smell the legislation coming yet?

Disclaimer: These are obviously my own personal views and nothing else. They do not necessarily reflect the opinions, policies, or practices of anyone but myself.

(Reposted from https://news.ycombinator.com/item?id=11131456 with additional)

buzzdenver 5 days ago 1 reply      
I wouldn't be surprised at all if Apple already gave a version of the OS to the FBI that enabled them to brute force the password for that one phone with the condition that they publicly put up this show as if they were not cooperating.
Issue and Pull Request templates github.com
520 points by joshmanders  6 days ago   135 comments top 26
jamesRaybould 6 days ago 3 replies      
There is already a way of doing this using the URL like: https://github.com/jamesRaybould/go-mssqldb/issues/new?body=...

You can then add it as a simple href to the readme.md.

It also means that you can have multiple templates depending on what a user wants to do, just by having multiple links and changing the content of the `body` parameter.

Simplest way to get going on this is to use http://urldecode.org to write the markdown you want and then hit the encode button, take the result and add it after `body=`

We also use it to auto-assign labels using `labels=` in the URL

jakozaur 6 days ago 3 replies      
Great job!

Next item, be able to star issues.

That would help a lot and we are able to avoid +1 comments.

erikb 6 days ago 1 reply      
Now I actually start to worry. Did anybody here ever have the problem of making people happy with a software project?

The usual complain goes like this "You need to do X because I want to be able to do Y." In the complainers mind there is the untested idea that having X will enable him to do Y which solves his unspoken problem Z that he isn't even aware off. The thing is, at this time you don't know Z. You don't know if Y is really solving Z. And you don't know if X is really solving Y. And neither does he. But if you want him to use your tools he doesn't need to worry about that as much as you.

What happens if you just go like "Okay, user wants X, here is X!" is that the users will continue to complain (maybe even more) because Z is still not solved, and because there was no testing and planning involved X is actually creating another problem Z2 that nobody had before. At least that's my experience with an open source project I managed for about 3 years.

What I found actually needs to happen is to discover Z and to discover a way to solve it in the context of the project (which other people may not be as aware of as you are), and with an at least minimized chance of creating more problems. Then this actual solution needs to be sold to the users, because they are not aware of Z, so they think they don't care that you solved Z. But only after doing all that people will stop complaining (not even remembering that there was a problem and how much pain you went through to solve it of course).

Hope that makes sense and explains why I start to worry now, when everybody starts cheering. What I hoped would happen is that you don't hear much about the suggested changes, some other changes happen a few weeks down the road, and then the complains stops without anybody noticing. A success would be that you don't read about github anymore after 1-2 months. People cheering and github saying "Hey we did X" is a really bad thing.

VeejayRampay 6 days ago 0 replies      
Well done Github. Simple and elegant solution that I hope will help people a lot.
swang 6 days ago 5 replies      
Kinda meh on adding it to the repo since it's yet another file I have to "manage" that isn't really part of the working code.
anonicode 6 days ago 1 reply      
> This is the first of many improvements to Issues and Pull Requests that we're working on based on feedback from the community

So there is more to come

minimaxir 6 days ago 1 reply      
The template is more for actual issues with the software than to-do lists/user grievances, the latter of which I see used more frequently in GitHub Issues. Maybe it's time to separate GitHub Issues into Issues and Discussion.

EDIT: Missed the fact that the feature is opt-in by the repo owner, which makes things more expected depending on the nature of the repo. Although now thinking about it, the separation is still not a bad idea.

_ikke_ 6 days ago 1 reply      
steveklabnik 6 days ago 0 replies      
I have a PR open for Rust to use this. I and others are very skeptical in general, but there's some interesting discussion so far: https://github.com/rust-lang/rust/pull/31732
lr 6 days ago 1 reply      
I asked Craigslist to do this years ago for the "for sale" sections, so that people included the number of doors on a car, the color, etc., and the kind of heat in an apartment, and so on. Such a simple thing, and would make searching so much better, and the service in general better.
colinodell 6 days ago 1 reply      
pull_request_template.md also works.
tobr 6 days ago 2 replies      
So, the issue template is just a default text that individual users can modify, delete, or otherwise disregard?
fiatjaf 6 days ago 1 reply      
I want to know how this works: http://gitmagic.io/
marcinkuzminski 6 days ago 1 reply      
How does that work with branches ? Is there a master branch required to have this file, what if project doesn't have master branch ?

I think the concept of having a file in source code is flowed for DVCS unless you have so called "source" branch that you can define that is a default source of such information.

arnarbi 6 days ago 1 reply      
Why isn't this in a separate branch akin to gh-pages, or a separate repository akin to the wiki data?
logn 6 days ago 1 reply      
The problem I have with this is, I don't want a template for the comment a contributor leaves on a PR; I want to display a message to them before they submit a PR. It's not a standard way to display messages, requiring users to read editable text (that has no clickable URLs) and then delete that text after they read it and submit.
kuschku 6 days ago 0 replies      
Itd be interesting if itd provide a separate input box for each section of the template maybe even a graphical editor for lists if the template specifies a list.
atrotors 6 days ago 0 replies      
Well, it seems like the open letter is working!

I hope they address the other issues as fast as this one. Rating system is the next one on my list.

rurban 6 days ago 1 reply      
I'm excited, but the PULL_REQUEST_TEMPLATE.md name is too long for root. What about PULL_REQUESTS.md and REPORT_ISSUES.md?
VeilEm 6 days ago 1 reply      
Doesn't seem to work on enterprise github yet. :(
pducks32 6 days ago 1 reply      
I'd like them to choose a folder name that isn't specific to a site. .github would look silly on hit lab but I like the idea of having a serrated folder.
dang 6 days ago 0 replies      
Url changed from https://github.com/dear-github/dear-github/issues/125 to the announcement post.
shmerl 6 days ago 1 reply      
What about attachments to issues? Using gist for it is simply annoying.
EC1 6 days ago 1 reply      
There's a special place in hell for people that make jokes and post massive animated memes in issues.
thescribe 6 days ago 4 replies      
This sounds like more 'enterprise' bureaucracy. Coming soon, overly complicated paperwork.
gcb0 6 days ago 0 replies      
talk about moving slow.

two years and that's what we get? meanwhile my bigger diffs are still garbage. and we have to use other companies to have a simple agile board... and don't even get me started on decent branch management and rebases...

sigh. really hate that my employer buys that

The Apple letter to customers couldn't happen under proposed UK law privacyinternational.org
471 points by J-dawg  3 days ago   102 comments top 14
ikeboy 3 days ago 2 replies      
The court order was public. Apple didn't reveal anything not already known. This article seems unaware of that fact.

Also, there's NSLs in the US as well.

iofj 3 days ago 1 reply      
This is already the case. Wiretapping orders in Europe can come from a large number of organisations, including any police force, interpol, a few UN departments, some branches of the EU itself, ... there is no judicial review. The wiretap orders do not mention a court case, there is no way to appeal them, and telling anyone about any order, even in general terms, is punishable by jail time (for the person who does it, not the person responsible for them. In other words, technically if you're an engineer at a telco and you tell your boss why you're spending hours without telling anyone anything, technically that's 2 years). There's no appeal, no information about a court case linked (because there may not even be a linked court case, e.g. when a kid I knew ran away I know the police tapped her phone to find her. There never was anything more than an investigation). And of course, the government is under no obligation to even pay for the time spent doing the wiretap, nor does it pay for the equipment and upgrades needed to make them happen (for instance cisco's "lawful intercept" licences, which run in the thousands of euros per device, alcatell, lucent, etc. have similar stuff).

The one positive is that it's a huge mess, and many police departments have no idea how to use these laws. But I find it hard to believe that there aren't a few police departments that are actually capable and using these rules for personal gain.

fit2rule 3 days ago 7 replies      
The more the UK slips down the hole of tyranny and fascism, the more despondent I become - even though I'm not a UK citizen.

The reason is, I just don't know of any way that the British people can claw their way back up out of this hole - their tyrannical government seems to be 10 steps ahead of every effort to reign it in.

So I feel like I'm witnessing, helplessly, the decline of the UK as a power, and as a nation of free peoples, and the despair comes from knowing that as time goes on, the likelihood of non-violent solutions to the oppression of the British people are ever-more unlikely.

DanBC 3 days ago 0 replies      
There's some useful, informed, discussion in the UK Crypto mailing list.


geographomics 3 days ago 2 replies      
The purpose of the non-disclosure sections of this law is to prevent the suspect being wiretapped (or similar) knowing that they're being wiretapped.

It's not exactly very useful if someone under active investigation finds out that they're being watched, and changes their communications behaviour as a result.

In this case, it wouldn't need to be applied as the suspect is dead.

mmmBacon 2 days ago 1 reply      
The UK lacks a formal Constitution with something like the 1st Amendment. Instead it has something called the Human Rights Act which includes all kinds of exceptions to free speech. The US 1st Amendment is not absolute but it's the closest thing we have to an absolute right here. The infringement of free speech is possibly the single most controversial aspect of US National Security Letters. It's generally very difficult to limit a person's free speech because of the 1st Amendment. While in UK it seems like they can easily add exceptions like not being able to discuss a court order.
cmurf 2 days ago 2 replies      
If only it were so easy to use party affiliation to identify adversaries on this topic.

Those in favor of government power to compel Apple to commission software, laws to weaken encryption or safeguards such as rate limiting, and spending public funds to aid closed research to crack encryption have one thing in common. They are statists. They believe in the absolute authority of the state.

Guess again if you think it's a dysfunction of government when parties disagree. Extra scrutiny is required when they agree.

mtgx 3 days ago 0 replies      
You know what this would lead to in the UK? The spy agencies would gag companies to even tell their customers they got hacked, if it happens to be because of a vulnerability they created for the spy agencies.

So people will continue to have their accounts hacked more and more and everyone will keep quiet about it.

kevinprince 2 days ago 0 replies      
Probably gone amiss in this whole thing. Apple technically could post this letter under the proposed legislation because they are not a "telecommunications provider" which is a specific term in UK law referring to those companies who provide telecoms services usually mobile operators, BT etc.

Apple is not a licensed telecoms provider as they would never of been able to provide iMessage in the UK as it lacks any ability for real-time intercept a requirement on telecoms providers.

msravi 2 days ago 0 replies      
Apple did not want to make this public, and would have been quite happy to give the FBI what it wanted under seal. It was the FBI that actively wanted to make this public, ostensibly to establish legal precedent. See https://news.ycombinator.com/item?id=11131866
formatkid 2 days ago 1 reply      
Are there any precedents where the UK has placed a gag order on a foreign company, and successfully extradited and imprisoned a CEO for violating said gag order?
kintamanimatt 3 days ago 0 replies      
Isn't this close to the essence of NSA letters, that have in-built-in gag orders?
Smircio- 3 days ago 3 replies      
I can't believe the USA is being shown up by UK on the topic of government corruption. We gotta step up our game. Time to vote Trump.
lifeisstillgood 3 days ago 1 reply      
We (and our governments) need to recognise that there is no such thing as secrecy anymore, just as there is no privacy anymore.

So just as we as individuals need to adjust to a world where our love affairs are known to our telcos and smartphones before our spouses, we need to require our governments to adjust to an open-by-default world where most of what they want to keep secret is just out there.

this is the idea that a city watched over by CCTV is a police state if only the police can view the cameras.

If everyone can view the cameras it's a free but different society

Apple Apologizes and Updates iOS to Restore iPhones Disabled by Error 53 techcrunch.com
400 points by aj_icracked  5 days ago   193 comments top 17
baldfat 5 days ago 6 replies      
> Apple Apologies

I am an Apple hater BUT I have to say very proud of the new Apple and actually saying they made a mistake and apologizes. This and the fight for security are both things as a self proclaimed Apple Hater applaud Apple for doing. Good job!

illumin8 5 days ago 4 replies      
This seems like the right thing to do - disable the unauthorized Touch ID sensor, but don't brick the phone. The secure enclave is still intact and secure, and if you want Touch ID back, you can get it repaired with authorized parts.
mbrd 5 days ago 0 replies      
Anyone else get the impression that the head of PR at Apple was on vacation and returned this week to put out all the fires?

Seriously though, this seems like a consumer-friendly decisions, as was the iOS backdoor/San Bernadino press release yesterday and it's nice to see.

roddux 5 days ago 1 reply      
Nice move, it's pretty cool of them to offer reimbursement to people who bought replacement phones in the meantime.
jasonjei 5 days ago 1 reply      
Some part of me believes that the old Apple that Steve Jobs was in control would have stood his ground with "Error 53." The Tim Cook Apple is a lot more compassionate with respect to these sort of things.
CountSessine 5 days ago 3 replies      
Maybe this is a silly question, but does anyone know how secure the TouchID on the iPhone is compared to the 4 digit pin? I remember from a comment in the Android source that the android 5 face recognition is about equivalent to a 3 digit pin. Is TouchID more secure or less secure than the 4 digit pin?

Is it more tractable or less tractable for someone to brute-force the 4 digit pin than the TouchID? I.e. if someone wanted to get into my phone, and they removed the official TouchID sensor and now it falls back on a 4 digit pin, does that do them any good?

I wonder if I could get the old behaviour back - if someone was tampering with my phone by removing the sensor, is there any way of bricking the phone until I can get it to an apple store?

aj_icracked 5 days ago 1 reply      
I am a little torn on this given there isn't a cited source and I don't know if Apple would give TC (or anyone) an exclusive on this. If it's true we're dancing in the streets though!
gradients 5 days ago 1 reply      
Wow- this is great for me. I have been sitting on iOS8 for some time now because of this.

I broke my screen and home button and had them replaced before I went on vacation. Luckily I had read about the error 53 issue before attempting to upgrade my jailbroken device.

I'm very surprised Apple would respond so well to an issue typically caused by 3rd party repairs.

iBzOtaku 5 days ago 0 replies      
Boy, lately things haven't been going well for Apple.
TazeTSchnitzel 5 days ago 1 reply      
> This test was designed to check whether Touch ID works properly before the device leaves the factory.

Does that mean Error 53 stemmed from Apple having distrust in their supply chain? Interesting.

maerF0x0 5 days ago 3 replies      
Anyone else find it suspicious that this comes the day after court order to backdoor their devices?
profeta 5 days ago 0 replies      
So they pleased users and complied with that judge order in one bat?


jsudhams 5 days ago 4 replies      
Does apple make lot of money or loose lot of money on repairs? Or else they should let third party repairs.Typically for product companies it is better if they have ECO system of repairs/service by third party so that they them selves don't have to support for long which costs lot of money. Other than life safety devices others should allow customer who want to repair their product should be allowed.
wfunction 5 days ago 2 replies      
Who actually buys the explanation that this was not intended to leave the factory?
dismal2 5 days ago 0 replies      
If you have a smartphone and think you have any sort of privacy, you're delusional
chris_wot 5 days ago 0 replies      
Yes, well, it probably helps to know that the Australian Competition and Consumer Commisioon (ACCC) was investigating Apple for abuse of market power over this issue.

The last time this occurred, it was over illegally claiming iPhones and other Apple devices were out of warranty when they weren't, and misleading consumers that to get any form of warranty service after one year they would need to purchase an Apple extended warranty. They were not only fined millions, but were forced into printing a humiliating retraction on their website and in the press - one that basically was reported on worldwide.

I'm not at all surprised they backed down this quickly this time around. It's almost certain they would have been found to have committed the offence of third line forcing, to which there are very, very steep fines.

hackaflocka 5 days ago 1 reply      
But wait, they earlier said it was an intended security feature. Now they're saying that it was a factory test not intended to go public?

New personal rule: never update the phone again... ever.

Draft.js Rich Text Editor Framework for React facebook.github.io
582 points by tilt  1 day ago   110 comments top 26
marijn 1 day ago 11 replies      
My ProseMirror [1] project is in the same space (including using persistent data model detached from the DOM). It has a richer, tree-shaped document model and collaboration [2], but not quite as much programmerpower behind it since I'm a single OSS dev as opposed to a giant tech company.

[1]: https://prosemirror.net[2]: http://marijnhaverbeke.nl/blog/collaborative-editing.html

bantic 1 day ago 0 replies      
(biased author of Mobiledoc-Kit here)

The past year or so has really seen a resurgence of browser-based text editors. Off the top of my head I can think of 4 editors/editor-frameworks launched in the past year (Mobiledoc-Kit, ProseMirror, Trix, and now Draft.js). Browsers are creeping toward exposing all the events that are necessary for interpreting the meaning of a user as they input text. (Some notable exceptions remain, such as an event that would be fired when a spelling correction is accepted, but mutation observers provide a fallback for cases where it's not otherwise possible to catch the input on the way in.)

A major focus of Mobiledoc-Kit, which seems to have some overlap with Draft.js, is on exposing an API that allows programmers to programmatically interact with the internal (structured) document. Our goal is to allow developers to be able to construct editors that fit snugly fit their use case, whether that's building their own UI for a toolbar, or more complex procedural rules for document (e.g., add a constraint that there can only be one "H1" section in a document and disallow adding a second one).

Since Mobiledoc-Kit was built for a publisher originally (Bustle), the ability to intersperse text with richer content was a goal from the start. So it has a "card" concept that allows adding any rich content (embedded tweets, videos, slidehows, etc.). In fact, the Mobiledoc-Kit demo page [1] has a demo where a Codemirror editor is embedded inside the Mobiledoc editor.

It's great to see so much new energy in the browser editor world. I am hopeful that as browser features and new editors and editor features converge, we'll see some exciting new developments that broaden the perspective on what sort of content is possible to author from within a web page.

[1]: https://bustlelabs.github.io/mobiledoc-kit/demo/

tomdale 1 day ago 3 replies      
For those of you looking for a rich text editor like this that is lighterweight and doesn't come with a heavy React dependency, I can highly recommend Mobiledoc[1]. I've been using it in several production sites and it has performed like a champ.

The best part of Mobiledoc is its portability; I've seen it used in both Ember.js and Riot.js, two libraries on opposite ends of the spectrum.

It's also been designed for rich, interactive content in addition to rich text. You can add interactive cards (think slideshows, before/after image sliders, etc.) and easily provide a different implementation on each platform. This lets your content authors write once and have a great experience on both native and web, and adding a new card is super easy.

1: https://github.com/bustlelabs/mobiledoc-kit

leeoniya 1 day ago 5 replies      
Is there a specific benefit to having this built on top of React rather than just wrapping an existing editor's API [1][2][3]? Is it cross-usability for React-native or just NIH syndrome?

I'm not sure how I feel about re-implementing all the things and introducing a React dependency to everything. The lock-in seems okay if React really is the final word in UI frameworks (though it is very large and currently very slow). I am certainly not in this camp, however.

[1] https://github.com/neilj/Squire

[2] https://github.com/quilljs/quill

[3] https://github.com/zenoamaro/react-quill

iandanforth 1 day ago 3 replies      
Neat, but. I once had to do extensive testing of a rich text editor and know where the most bugs were? un-ordered lists. The world has been trained to expect a very specific set of behavior from bulleted lists by MS Word and it's really tricky to emulate. Specifically, how do tab and shift-tab modify the list? If you have an indented bullet, and hit return from the end of the line, what happens? What if the previous line was bold? What if I select most of two lines and hit delete?

Their demo falls far short of expected functionality which makes me think that there is a huge amount of work to go from this library to a working editor.

tiglionabbit 1 day ago 1 reply      
Oh hey, this looks a lot like something I was working on.


React makes it easy to do a stateless transformation from your data model to some output, so you can model things the way you want to: as a series of overlays onto the text.

My project uses the Google Drive Realtime API as its data model, so you can collaborate on the text too. Or use the in-memory version to edit alone.

I never finished this thing. Was hoping to use it on a project at work, but got shot down. Emulating cursor movements without a text area was the fiddliest part. But I got pretty far into it as a proof of concept at least. I was impressed at how fast it was despite being a JavaScript emulation of content editable.

amelius 1 day ago 2 replies      
Some bugs found after quick testing:

- When adding a long paragraph, and hitting enter in between, the caret disappears from the screen.

- When typing some text, say "abc", followed by a large number of spaces, and then selecting everything, the selection extends past the width of the editor window (colored selection bar sticks out).

- In a long paragraph, changing to a code-block, again the caret disappears.

More seriously:

- In a paragraph of 10,000 words, the editor becomes really slow, even when just typing text. This is strange because such operations (i.e., typing) are local, and React is supposed to deal only with incremental changes. I'm wondering what is going on here.

jstejada 1 day ago 0 replies      
This is really awesome-- At Nylas we've /also/ been building one for the past year to use in our email composer inside N1 (https://githbub.com/nylas/n1), with the additional constraint that it needs to support extension by third party plugins.

Building a nice declarative editing interface around an inherently mutable structure with an imperative API like the DOM (which can mutate state from under you, like focus) is a real challenge. Props to the team at facebook for this.

simonw 1 day ago 1 reply      
Has anyone figured out how to get a string of HTML out of this? I tried bouncing around with the $r object in the Chrome devtools console on http://facebook.github.io/draft-js/ but couldn't work out how I would return a string of HTML suitable for persisting to a server.
mhodgson 1 day ago 0 replies      
Looks like a nice entrant to the space. React is very well suited to this problem space and they clearly understand many of the pitfalls and problems.

A few questions/concerns:

1. It doesn't look like the undo/redo state is global to the page. The built in undo/redo stack in browsers is global to the page so this is the expectation users will have. If you use multiple instances of Draft.js in your page they will each have their own stack, which is less than ideal. I realize having a singleton to manage this across all editor instances is more difficult in the React/Flux paradigm, but it would be much better from a user experience perspective. Related to this:

2. I don't think you can nest Draft.js instances. There are a number of simple cases where you might want to do this (e.g. custom block with image + caption). To support this in the future it seems you would need to account for it in the selection and undo/redo stack state handling.

3. The data format has a lot of repetition in how it stores inline styles[1]. I'm interested to know why they chose to represent the data this way instead of using indices. For instance, you can represent a inline bold style with a json object like so: {type: 'BOLD', startOffset: 5, endOffset: 10}. The format they chose to use is easier to render directly, but more difficult to parse visually and less space efficient (except in the case of styles that only cover a few characters).

Finally, it seems most modern WYSIWYG editors mentioned in the comments here were at least partially influenced by the original Medium post "Why ContentEditable is Terrible"[2]. It would be great for the community to standardize on a data model/format that could be used in all of these editors. There are enough commonalities (blocks, elements, etc.) that I believe we could create a common document spec that would be usable in all of these popular editors. The benefit of this would be having a common spec to build additional libraries for diffing, server rendering, native mobile editing, and so on.

[1] http://facebook.github.io/draft-js/docs/advanced-topics-inli...[2] https://medium.com/medium-eng/why-contenteditable-is-terribl...

pfooti 1 day ago 0 replies      
This looks pretty neat, although I'm leery of the react.js dependencies as I don't do a lot of react development. I'm sure I could wrap it up or something if needs be. There's a lot to be said for this new move in third-generation rich text editors to move away from relying on contenteditable and the DOM as the source of state. A lot of different projects are doing this becuase contenteditable is clearly not a great solution.

Still, am I missing any kind of delta event emitter? I'd like to be able to hook edit events and push operational transform content over the wire to support collaborative editing. Other projects like ProseMirror, Quill.js and maybe Mobiledoc support this (I haven't used mobiledoc yet, but it looks like that's going to be supported Soon).

nthnb 1 day ago 0 replies      
I've tried to work with a number of WYSIWYG editors and they always get you part of the way before becoming a real pain. No one seems to do a very good job planning them out and maintaining them. I, for one, am really happy to see Facebook release something. Knowing Isaac I suspect this is some work related to Facebook Notes which is cool because it means they're using it in the wild.
fredck 1 day ago 0 replies      
It's curious to see that many pet projects are going public at the same time, all having the same goal of bringing control over the contenteditable madness through a custom data model.

We at CKEditor are going in that exact same direction [1]. We are making a strong switch to the project, wishing to make it a powerful editing framework, just like Draft.js but in a larger scale.

[1]: https://medium.com/content-uneditable/ckeditor-5-the-future-...

hokkos 1 day ago 2 replies      
Great but no support for tables, I can't use it for now :(

So I use CKEditor because it support everything the client want but it is like a trade with the devil. It is the worst js lib I ever had the displeasure to use, it made one developer never want to be on my project again.I needed to fix its sources, and have the non uglyfied code load in my app to debug it, because they only distribute working minimised merged js, I had to make the full sources load in webpack : pack all the js and load de dependancies in order following a config js file. The code is full of ridiculous timeout making the code unfollowable. Never use CKEditor !

I will gladly switch once it support tables.

swah 1 day ago 1 reply      
By the way, did Facebook ever wrote why they only allow plain text? Its easy to imagine but I wonder if they ever A/B tested it.
brianorwhatever 1 day ago 0 replies      
I was just about to roll my own. Thanks fb!
thewhitetulip 1 day ago 0 replies      
Does it support github flavoured markdown? Or can we make it support it?
HappyTypist 1 day ago 0 replies      
Bugged on Firefox for Android - typing overwrites what you typed before.
amelius 1 day ago 1 reply      
Any ideas on how they implemented this using React?
ejo3 1 day ago 1 reply      
This is very nice and minimal. It's not working well on mobile though. I wonder if they are planning on working on that.
nanoojaboo 1 day ago 0 replies      
How does it compare to Trix by Basecamp?
cdnsteve 1 day ago 0 replies      
dustinpkane 1 day ago 0 replies      
Man that is beautiful
dgellow 1 day ago 0 replies      
It's a better idea to open an issue on the github project.
Numberwang 1 day ago 1 reply      
Seems good. I would have loved a few more features though.
fiatjaf 1 day ago 1 reply      
Anything done by Facebook gets infinite upvotes nowadays.
Stripe Atlas stripe.com
532 points by hepha1979  2 hours ago   184 comments top 54
tvladeck 59 minutes ago 5 replies      
This is cool, but they should not offer a C corp as the default choice. An LLC should be the default for the vast majority of entrepreneurs. The only reason VC-funded companies are C corps is becaused VC LPs don't want to be hit with taxable income (which would flow through the VC to them). An LLC is much better for a variety of reasons:

- Flow through taxation = you only get taxed once. With a C corp you pay corporate income tax and then you get taxed on any distribution

- If you sell the business, you better hope you have enough leverage to get a stock sale and not an asset sale, because in an asset sale, you're again getting majorly double taxed. The vast majority of exits are asset sales though because they shield the purchaser from unknown liabilities

- From an LLC, you can easily become a C corp. From a C corp, it's majorly difficult (practically infeasible) to become an LLC; you retain optionality in one case but not the other

adarsh_thampy 8 minutes ago 0 replies      
Stripe. We love you.

Recurring billing is such a pain in India and we have been thinking about registering in the US for a while. More than the high costs some of the lawyers charge, the issue is with opening a bank account.

Applied for the beta. Hopefully, we'll get accepted soon. Even if I don't make it to the free list, I'll gladly pay the 500$ fee. That probably should tell you enough since it's coming from a bootstrapped startup founder.

Olscore 1 hour ago 1 reply      
While I don't have much to add, this is very interesting and almost feels patriotic (as an American.) Stripe is, in a way, hacking the global economy and luring entrepreneurs to the do business in the United States. While this iteration may fall short of perfection, or open questions, it also opens up some imagination and interesting ideas or possibilities.

Could this be the beginning of startups offering citizens of one country, the ability to (easily) incorporate / operate a business from any nation? Perhaps this is more interesting when considering crypto-currencies which are already eroding national boundaries in some sense. While I cannot say this is a good or bad thing, it is interesting to think about the consequences and evolution of this concept plus crypto.

To me, the idea of operating a business (pseudo-person or entity) in any nation, is intriguing. Especially mixing in the possibilities of Ethereum, Blockchains. Forex. Hm... Imagination running wild right now.

yeahrightfam 1 hour ago 3 replies      
This means nothing for me (and should also mean nothing for the targeted audience of the post).

I've been constantly ignored from Stripe since they launched their beta in Mexico (actually way before that, I subscribed years before, when Stripe launched in the US). I can't do business with them because I'm not part of their secret club, while at the same many businesses here somehow get access and start using them. That feels like some kind of unfair competition.

I know, you are going to say, they are not obliged to provide service with you, but then, after reading the kind of PR they publish (like this one) you would feel like it, at least they should be morally obliged to stand by their word.

"Stripe Atlas is invite-only to start. ... You can apply directly or get a referral from one of our partners."

Oh ok, so another secret club, and this time the gatekeepers in Mexico are some guys named Antoni and Lelo de Larrea , which for you outside of Mexico, the Larrea family are a powerful group in Mexico that came to be through corruption, government favors and pretty much all the things you usually hate from Mexico. Remember when the miners in Chile were trapped and then rescued? The same thing happened at more or less the same time in Mexico, a lot of media coverage here in Mexico, the mining company owned by them, it was relatively cheap to rescue them but they decided not to do it, they let them die because it was not worth the money. And now I have to do business with those people if I want to process my payments?

Yeah, thanks Stripe, but no thanks.

glossyscr 1 hour ago 8 replies      
I just checked the prohibited businesses https://stripe.com/de/prohibited-businesses

I am fine with most of them being prohibited but at some points it's getting quite restricted:

1. Virtual currency that can be monetized, re-sold or converted to physical or digital products or services or otherwise exit the virtual world

4. Sexually-oriented or pornographic products or services

9. Engaging in deceptive marketing practices(here: who decides what is 'deceptive')

14. Age verification

15. Age restricted products or services(which are the most products/services)

50. Centralized travel reservation services or travel clubs

pentae 2 hours ago 4 replies      
This is huge. As someone who is involved in the digital nomad community here in Chiang Mai, Thailand - getting incorporation and processing set up for a lot of people here is very difficult.

Although places like Thailand are a great place for independent bootstrapping and theres a solid network of entrepreneurs - one of the biggest hurdles is incorporation, banking and acquiring. This is taken for granted when youre living in a first world country - but for the new location independent entrepreneur who is building their startup from cafes or coworking spaces in Chiang Mai to Ho Chi Minh or Medellin, getting a corporation, processing and a bank account structured is often a huge problem.

kiloreux 2 hours ago 3 replies      
I live in Algeria, and we can't use credit cards here, my bank account doesn't support debit cards transfer and if I veer receive 10$ from outside the country, then I'm in for 1 day of questioning the resources for those money, This is a great use case for my country and great initiative from Stripe, Thank you.
Liron 2 hours ago 2 replies      
Stripe Payments was Exhibit A of overcoming Schlep Blindness to come up with a killer value prop; looks like Stripe Atlas is Exhibit B.


eis 2 hours ago 4 replies      
A very nice product it seems. But people should be aware that having a US business, bank account and so on makes you a "US person" in the eyes of the US government which comes with downsides. If you recently tried to open a bank account somewhere you might have seen the form you have to fill out which tries to discover if you are indeed such a "US person". I don't know exactly what the result apart from probably the bank refusing to take you as a customer is since I am careful to not become such a "US person".

Nowerdays it's becoming increasingly a better idea to incorporate in a different country than the US if you can, especially for online businesses including privacy, tax and ease of doing business.

koolba 2 hours ago 2 replies      
Interesting angle. For a while I've wondered why nobody does a tech/startup version of "Company in a box". This looks like it's exactly that. Incorporation, payment processing, the works.

Is Stripe getting a cut of the eventual revenue from the service providers that are providing the offerings? What's the incentive on their side? Or are they just hoping to scrape by on the transaction fee revenue (which are way less than people think they are because they pay out most of it upstream[1]).

Also, what's the expiration on the $15K of AWS credits? The usual one year or longer?

[1]: If you're wondering why just think about how you get "1% cash back on all purchases!".

soneca 1 hour ago 3 replies      
Wow! This solve so many problems that our startup (www.worldpackers.com in Brazil) have!

We are a global marketplace, so we have to charge people from everywhere, and stripe still doesn't cover Brazil.

Opening a Delaware company is a must have as we are starting a series A fundraising.

And the network, wow!

BUT... I wonder how achievable is the direct application as a way for getting in the beta. We are not part of any accelerator by choice (except YC that rejected us on the interview phase). We have a great company, just not important friends.

So, a question to the community: What is the better aproach: Direct application or look for someone to refer us?

amgin3 2 hours ago 5 replies      
Is there really a market for this? Why would anyone outside the US want to open a US company when you can just as easily open a company and bank account in a tax-free country with little/no oversight?
fitzwatermellow 2 hours ago 1 reply      
Kudos to the Stripers for continuing to innovate in the payments space! Really enjoying the simplicity and elegance of your btc payment solutions ;)

Wondering if Atlas could be used to "port" successful internet business models to "foreign" locales? Setting up a Flipkart in Morocco, or a Youku for Samoans...

qnk 52 minutes ago 0 replies      
We have already incorporated and has been a long and painfull process, but not as painfull as trying to open an account at Silicon Valley Bank. After some back and forth, they rejected our application saying:

 Ive just received your info from client support and my apologies if no one replied to you sooner. Unfortunately we wont be an appropriate banking fit as we dont typically bank service providers. We maintain a focus on venture backed companies and typically teams that are local to our presence (based in Silicon Valley, SF Bay Area, NYC, Boston, London).
Just signed up for the beta, pretty excited about this!

adhipg 2 hours ago 2 replies      
How does taxation work in this scenario? I'm imagining that all profits(?) will be subject to US taxes.

Would the company that Stripe help register in the US be a subsidiary of my existing company (not registered in the US)?

jonhmchan 2 hours ago 0 replies      
I absolutely love this idea - it solves for a HUGE pain point that entrepreneurs have dealing with the logistical, legal, and financial groundwork for a startup and getting to payments easily. Good lord, if Atlas were around for me to setup my startup, I would be crying tears of joy.

What I'm confused about is why they didn't focus more on the convenience advantages and positioned Atlas as a non-geo tied incorporation/setup offer. As many people have noted, the advantages of doing business as a U.S. company if you're not in the U.S. is unclear. It seems far more appropriate as a side note to the much needed advantages of solving a legal, financial, and accounting nightmare just to get payments. Why emphasize international?

sagivo 13 minutes ago 0 replies      
they aim to help global community of entrepreneurs but it is tailored for the specific silicon-valley community.

- c-corp only - investors in the valley work with it mostly. even though for MOST of the businesses s-corp or LLC will be better.

- silicon valley bank - is very popular in the valley, but has limited support if you're outside as opposed to more popular banks. (transfer fees, integrations with other providers like payroll etc)

i like the idea, but they have to think outside of their valley scope to really help people worldwide.

glossyscr 1 hour ago 1 reply      
While I really like the ideaa one stop-shop company creator I am a bit unsure if Stripe will achieve the same quality level like dedicated registries which do this for several years.

Points I am missing/not seeing:

- Can I decide about the administration location (eg also Delaware or does it have to be my actual location)?

- Can I get some virtual office with address, mail forwarding, etc, sometimes offered by registry?

- Is Stripe a full state approved registry or do they use 3rd party registries? What are the ongoing costs (there can be significant differences)?

- How many people are in customer support?

- Is Stripe stated as the registrant in the Delaware corp database?

The only advantage I've seen is that Stripe is opening the bank account for you and it seems you do not have to visit the States but other than that I am not sure if going all-in with one entity (Stripe) is a bit too risky.

And if looking at dedicated registries there 3-5x more information on their websitesthis is not a clear indicator for quality of service but since this is not Stripe's core competency it's something I'd be a bit cautious. But still something Atlas can catch-up.

seizmo 2 hours ago 1 reply      
Knowing the ridiculous U.S. tax laws (e.g. you once had an Green Card and now they want to tax you pretty much for the rest of your life regardless of where you live and work), overboarding bureaucracy and general lack of legal security (e.g. frivolous patent lawsuits), I would certainly open my business pretty much anywhere else.
StriverGuy 2 hours ago 0 replies      
This is great. While I am not in need of incorporating any business, I do have to say that the UI design on Stripe's site is beautiful.
edoceo 23 minutes ago 2 replies      
Nobody mentioned the shares based tax implications of Delaware Corps. Surprise! You owe them $50k!
rglover 12 minutes ago 0 replies      
Relatively inexpensive and looks hassle free. Stripe, you're a gem. Hope this works out well!
philfrasty 2 hours ago 0 replies      
Does this fulfill the requirement from the YC application? International founders, please note: if your company is a non-United States entity (corporation, limited liability company, etc.), your participation in YC is conditional on conversion of your foreign company into a United States corporation.Could just sell the intellectual property from A to B for a $1.
plehoux 2 hours ago 0 replies      
> - Pay federal income tax on income generated in the U.S.

> We strongly recommend that you work with tax and legal experts to handle these ongoing requirements. To help, Atlas users get direct access to resources and guidance from Orrick and PwC. You can also chat over the phone for free with a professional from PwC.

^ from the FAQ, should be in bold characters on the home page.

"tax on income generated in the U.S.", what does income generated in the U.S. means? Good luck finding an easy answer to this which will satisfy both your local jurisdiction and the U.S. PwC and the likes thrive because the tax code is a complicated beast that just get bigger every year.

Apart from raising money in the US, as a Canadian company, I don't see any advantage to this.

The amount of knowledge needed to deal with those issues clearly makes it suited to experienced entrepreneurs with the means to get good counselling.

My guess, it's designed for YC founders. :)

jasonsync 2 hours ago 2 replies      
Does this mean Stripe will phase out the ability for Canadians to accept USD and deposit funds directly to Canadian banks offering "US fund" accounts (that are not technically US bank accounts)?

Currently, a Canadian business can accept $USD with Stripe and have it deposited directly into a Canadian US fund account without conversion to CAD.

Stripes competitors can't do this - and have traditionally told Canadian businesses that they would have to incorporate in the US, setup a USD bank account at a US institution, in order to accept USD without conversion back to CAD.

That process is what Stripe Atlas simplifies.

PayPal allows Canadians to accept USD by holding the funds in a USD PayPal account. However, getting the funds to a Canadian bank account always involves converting to CAD.

smpetrey 28 minutes ago 0 replies      
The front-end is strong with this one. Stripe is always on their A-game. very nice.
nailer 1 hour ago 0 replies      
Here in the UK opening a bank account with SVB involved about 50 pages of paperwork, and if you make a mistake, re-doing the whole section.

SVB could easily do a web app to help people fill in the important bits, and mail them a printout to sign, but they haven't.

impostervt 1 hour ago 1 reply      
I wish you could incorporate an S corp for side projects. C corps need boards and stuff - a bit much for my hobby projects. But, event for hobby projects, if I expect to make income (at some point) I usually set up an LLC and maybe even start a bank account. And I also use Stripe to collect payments.
Kinnard 31 minutes ago 0 replies      
My first thought is to contrast this with Bitcoin which really is Internet money. It's delocalized by default.
lexap 38 minutes ago 0 replies      
In terms of the startup incorporation, how does this compare to Clerky? As a pre-incorporation startup based in CA, which is preferable?
jscott0918 46 minutes ago 0 replies      
This is really cool. Basically "Startup as a Service"
wiradikusuma 58 minutes ago 0 replies      
I hope someone from Stripe is lurking here. What if I already have a US company but just want the bank account etc? The reason is, apparently since 9/11, it's a requirement to be in person to open an account.
mrfusion 43 minutes ago 1 reply      
Are there tax issues with Delaware llcs? I feel like I've read about people getting hit with huge deleware tax bills out of the blue?
nedwin 36 minutes ago 0 replies      
Minor point but surprised that for such a major release the site isn't mobile optimised.
jimbunnay 26 minutes ago 0 replies      
I'm a UK citizen, so I'm wondering if I do this, would I then be able to qualify for a visa to live and work in the US?
akoumjian 39 minutes ago 0 replies      
Wasn't there another company or two that just did specifically this?
jimbunnay 27 minutes ago 0 replies      
I'm a UK citizen, if I do this, would I then be able to qualify for a visa to live and do business in the US?
aprdm 2 hours ago 2 replies      
Wow this is simply amazing! I would love to be able to use Stripe in Brazil and that seems to make it possible!

Must be a headache legally tho

peterjancelis 59 minutes ago 0 replies      
Amazing service. Hope to see Atlas expand to Nevada LLCs or (one can dream) Hong Kong Ltd's soon.
vruiz 2 hours ago 3 replies      
This almost seems too good to be true. What's the catch?
sklivvz1971 1 hour ago 0 replies      
This would have a huge impact in Italy where setting up a company is a major pain point.

That said, I'm pretty sure there are a ton of hidden problems in incorporating abroad (e.g. if someone sues you, you have to travel).

dataker 1 hour ago 0 replies      
In the prohibited items, it lists:

>Personal computer technical support

Is there any reason for that? Also, are freelancers in that category?

amalag 1 hour ago 0 replies      
From their FAQ:

>At a minimum, youll have to pay U.S. federal income taxes on your U.S. income, and pay the Delaware Franchise tax every year.

alecsmart1 1 hour ago 0 replies      
Am wondering if anyone is aware of the tax implications? Do taxes have to be paid in US and local country as well?
pbnjay 2 hours ago 0 replies      
Very interesting. It almost reads like it's oriented to first-time businesses, but makes almost no mention that a Delaware company is probably overkill for most people starting out.
juanrossi 2 hours ago 0 replies      
I hope this works and can be done in a massive way.

Being from outside the US, it's hard to start a company there and create a bank account without spending thousands of dollars to travel there.

vermontdevil 1 hour ago 0 replies      
I wonder how this compares with Estonia's E-Residency


flexie 2 hours ago 2 replies      
Great with the payment solution. But why would anyone want to pay US corporate tax, US accountants etc. - often on top of the local tax, local accountant etc?

Don't forget that many other countries would still regard the "Stripe Atlas company" as taxable in their local country if the company is actually run from the local country or has offices in the local country. So from day one you would have to deal with international taxation, double taxation etc.

Geee 2 hours ago 0 replies      
Why should I want to incorporate in the US, if I'm European SaaS startup?
jedisct1 2 hours ago 0 replies      
This is huge. Kudos to Stripe for setting this up.
Confusion 2 hours ago 1 reply      
Is this primarily aimed at citizens of the US and countries otherwise not serviced by Stripe? What could be a reason for me to want this as if I'm, say, German or Canadian?
dschiptsov 2 hours ago 0 replies      
Facebook for payments? Very clever.

And they should make a Chinese landing page.

bigpoppa 2 hours ago 2 replies      
well, im not impressed. stripe took it 80% the way there, they left out logistics.

freight, customs and last mile are the most expensive and complicated factors of global physical ecommerce.

where is the stripe solution to simplify that?

StripeNoGood 2 hours ago 1 reply      
Funny, I have a Delaware LLC company registered in USA (it's an offshore company) but my bank account is outside the US (completely legal), yet Stripe denies me right to open an account and accept the payments.

Now I read about this Atlas, what a hypocrisy...

I happily use PayPal since then.

San Bernardino County tweets it reset attacker iCloud password at FBI's request sbsun.com
381 points by randomname2  3 days ago   170 comments top 18
jedberg 3 days ago 7 replies      
I've worked with the FBI and the Secret Service investigating computer crime.

The Secret Service is extremely competent when it comes to computer forensics, and when they don't know what to do, they don't guess, the consult with experts.

The FBI is the opposite in every way, mostly because of budget constraints and the subsequent lack of training. I hope that this is a good learning opportunity for them and a chance for them to increase their training budget in this area.

vermontdevil 3 days ago 0 replies      
Wonder if folks realize this is the work phone not the personal one. The personal phone was destroyed by the terrorists. I doubt there's anything of value on the work phone.

But then again obviously FBIs long term goal is to break in all the phones regardless of the circumstances.

randomname2 3 days ago 7 replies      
Also reported by Reuters: http://mobile.reuters.com/article/idUSKCN0VS2GC

Some are saying the password reset requested by the FBI prevented a backup and closed the "front door" they already had, forcing the Apple backdoor.

The simplest possible explanation for them shutting themselves out has to be incompetence rather than malice, right?

mortdeus 3 days ago 0 replies      
You people seriously want me to believe that it was the fbi's incompetence that led to the gov throwing away their only get in free card for the most popular American phone used to coordinate the only substantial ISIS affiliated attack on US soil. Come on now, do you guys seriously think that this was unintentional?

You don't put rookies on this and I'd seriously be surprised if the NSA wasn't involved in this matter personally.

The government wants a back door installed into all iPhones period. I mean how do you expect apple to build a tool that can bypass the same security features the government is trying to deal with right now without them inadvertently letting everybody and their mother know that there is some fatal flaw in the security layer of every modern iphone and/or iTunes.

There's no magic way to fine tune a tool like this and if out spy agencies don't know this then god help us all. Isis is probably gonna win. rolls eyes

I mean jail breaking is one thing. This is vault busting and once people know there's a bug and where to look they will find it and exploit it.

And apple's only remedy will be to patch the backdoor. Which is obviously what the gov is trying to prevent apple from being able to do by getting a precedent established in the courts that wags a finger at Apple saying "ah, ah, ah you didn't say the magic word"

Please goddamnit!

The gov doesn't want to be Samuel l Jackson anymore. They want to reverse the roles and this case is the perfect cover. Just like the gov exploited the bombing on 9/11 to pass the patriot act. This is no different.

DrewHintz 3 days ago 0 replies      
Here's the tweet:

"The County was working cooperatively with the FBI when it reset the iCloud password at the FBI's request."


cmurf 3 days ago 0 replies      
What's with this stupid 'terrorist's communication device of choice' meme? Oh wait, it's not a meme because no one but the FBI uses it, it's a propaganda ploy. Let's test this:

U.S. dollar is the criminal and terrorist currency of choice. We must therefore, of course, break the dollar.

Ok, fail.

doxcf434 3 days ago 1 reply      
I wonder what data the FBI thinks is on the phone that wouldn't be available via other means such a call logs, email, cell tower pings.
obsurveyor 3 days ago 1 reply      
Why would you ever do this with the real device without thoroughly testing the circumstances with a stand-in first?

From a technical perspective, it seems very simple and easy to replicate before actually doing it and locking yourself out completely like they seem to have done.

dawnerd 3 days ago 2 replies      
Honest question: If the county reset the password, couldn't they reset it again and gain access?
sktrdie 3 days ago 1 reply      
Any details on this? How did they reset it if iCloud is using standard encryption techniques?
nxzero 3 days ago 0 replies      
Oh, shit, FBI is either stupid, or more likely, has the data and playing the field.
ktRolster 3 days ago 1 reply      
The FBI is looking worse and worse here
largote 3 days ago 1 reply      
What kind of work-issued device is not put on an enterprise management policy? (a.k.a. the employer should be able to unlock it)
jpgvm 3 days ago 0 replies      
I would like to see Apple implement a new firmware signing scheme that requires the user to sign the firmware using a key generated on that device and not backed up that is protected by the passcode etc. Once initialised the device will only accept updates signed with this key and upstream updates would be verified against the Apple key before being signed with the local key.

This would eliminate this vector and not drastically effect the usability of the device. Though it would also need a way to fully reset the device including the removal of this signing key in order to bring the device back to factory settings in the case of loss of the device specific signing key.

ryao 3 days ago 0 replies      
If Apple did write the firmware that the FBI wants and then signed it, would changing the device UUID hard coded into the firmware not invalidate the signature? Is the concern that there are somehow other signing keys in the chain of trust that exist outside of Apple that would make it a general exploit or is the concern that they would be a much lower threshold for getting this sort of thing? Apple might have a point if it is the latter, but if it is the former, the security of the iPhone is already compromised.
lasdfas 3 days ago 1 reply      
Why can't the FBI just work directly on the phone hard drive (removed the hard drive from the phone and connect it to another computer)? Why are the going through IOS operating system?
pteredactyl 3 days ago 0 replies      
Your tax dollars at work...
awqrre 3 days ago 2 replies      
I don't really understand how a backdoor doesn't already exist if Apple can reset passwords for encrypted data...
AI generated music to improve focus, relaxation and sleep brain.fm
730 points by jasbrainfm  2 days ago   283 comments top 80
sergiotapia 2 days ago 22 replies      
I still can't find anything better to program to than Nujabes. I'm going to give this a genuine shot, but Jun Seba really left his mark on me for life. I find myself listening to his albums and songs at least twice a day.

I think it's because of his repetitive beats, smooth strings and soft instrumentation. There's a reason there are 10 hour 'homework' edits on youtube for almost all of his songs.

Counting Stars: https://www.youtube.com/watch?v=Z-tTmSY4m4M

Voice of Autum: https://www.youtube.com/watch?v=jvcQWJaaQDw

Arurian Dance: https://www.youtube.com/watch?v=w6E9WMM0vko

ahewett 2 days ago 8 replies      
Adam from Brain.fm here! Happy to answer any questions. :)

I've been doing this stuff for a while and I love talking about it.

I've contacted Giovanni, our lead neuroscientist, so hopefully he'll be able to get on soon as well.

I'm a regular of HN and it's wild to see something of mine up here.

bamazizi 2 days ago 3 replies      
I believe taste/preference as the differentiator is missing.

The "intense + focus" music on brain.fm puts me to sleep. My coding music is ASOT weekly series, it's usually couple of hours of house and trance music where I get immersed into coding zone and once finished i take a 10-15min break, repeat.

When I concentrate I don't hear anything that's when I know I'm in the zone. It's my preference and it's surely different from yours, hence why the differentiator is missing.

ASOT Episode 751: https://www.mixcloud.com/dancecontrol/armin-van-buuren-a-sta...

jkxyz 2 days ago 2 replies      
I'm sure that most of the benefit of using this tool is derived from the fact that the music is consistently low-tempo and relaxing ambient music. Comparing that to an album of ambient music, it might not be so consistent in its style and so could distract from the focus.

Still, the generated music is quite nice. I still feel that I'd rather listen to a real album, though, created with artistic intent and not computer generated. Music (as a listener and creator) is very important to me and I'm not ready to concede its creation to the machines just yet. Perhaps in a few more years...

6stringmerc 1 day ago 2 replies      
After a quick little look through the Terms of Service...


I guess this is a helpful disclaimer in many ways, because this allows me to presume that all their claims are invented, all their peer reviews are suspect, and that their entire product line is inferior to a generic recording of waves hitting the beach, crickets at night, or a babbling brook.

vinchuco 2 days ago 1 reply      
If you open all of them in different tabs, do you become good at everything?
PascLeRasc 2 days ago 4 replies      
I just worked on something similar at a hackathon this weekend with the Muse Headband, it was really fun. We used a support vector machine to maximize the "calmness" output of the band, which is some weighted sum of gamma and beta waves I believe.
bonoboTP 2 days ago 2 replies      
I like the way the music sounds but I'm very skeptical of the science and the AI behind it.
lettergram 2 days ago 0 replies      
My startup built basically the same thing, but if you had an eeg it would also learn your preferances and iterativly improve. We called it BrainBeats:


Startup: http://synaptitude.me

pjbrunet 2 days ago 0 replies      
Sounds like typical "drone" or "space" electronic music, which is arguably a subcategory of "ambient" music. (Not my cup of tea, but it is what it is.) Also recently discovered http://mynoise.net they have some interesting soundscapes.
oli5679 2 days ago 0 replies      
White noise helped me cope with exam stress at undergrad. Here's my favourite....


option_greek 2 days ago 1 reply      
It doesn't seem as good as http://musicforprogramming.net/
shinefuller 2 days ago 0 replies      
>17 subject were tested to measure effects of a Brain.fm focus session
jonaf 2 days ago 2 replies      
Is there any real science to this? Can someone provide legitimate references? I tried this last time it was on HN. It felt like a hoax; I was less focused because the sounds were less calming than the air conditioning in the office, and because the trial repeats after about 10 minutes.
d0mdo0ss 2 days ago 0 replies      
:( no mention of JM Jarre. Here are some oldies but goodies


Magnetic fieldshttps://www.youtube.com/watch?v=wyzXZ_NFVrg

mathrawka 2 days ago 1 reply      
I subscribe to https://www.focusatwill.com/ I would like to see a comparison of the two to understand the pros and cons of each.
gumpyoung 2 days ago 1 reply      
I don't mind to try this new one... my favourite is http://musicforprogramming.net, all tracks are available as podcasts on iOS devices too.
mixmastamyk 2 days ago 2 replies      
So, tried it and was enjoying it a lot, helped me to focus writing (finally) on a particular chapter of a book I've been dreading for some reason.

So, I get in the zone and then click! internet error. Had to refresh, and now it demands I complete a survey and register... grumble grumble. :/

Cool site though, good luck.

hrbrtglm 2 days ago 1 reply      
As the primary goal is to listen to the music, I do really appreciate the fact that the webpage stops its graphics animations when it loses the focus.

It is great to improve my focus as I am not disturbed by my waving cpu meter.

Great work, love it.

jalopy 2 days ago 3 replies      
Curious about the tech/science behind this. Is it mostly binaural beats?
j45 2 days ago 1 reply      
For the productivity obsessed on HN making negative comments, I'm surprised more haven't tried this kind of stuff out.

I have used white noise or waves for a long time to drown out outdoor noise around me.

My initial start with this kind of stuff was listening to various stations on somafm.

I like finding music that fits well in the background, isn't too engaging or something I'm familiar with, and hopefully devoid of vocals so I kept looking and came across a few instrumental tracks on itunes.

There's maybe a reason babies benefit from wave/sleep machines. White noise does have an effect that can aid in focus and concentration, science, placebo, or otherwise, I'm happy for the sustained productivity boost I've been able to have for several years.

I did buy brain.fm on a whim a while back it has replaced simplynoise or more to that point. If there was a bit more information published on how it was put together I'd be interested, and if not, I'd probably keep using it.

Would like it to be a downloadable or app that I could keep with me. Some things aren't for those who can't put themselves in other people's shoes, or imagine something may work for others that doesn't seem to be imaginable or work for them.

vijucat 2 days ago 1 reply      
3 suggestions:

"Library Background Noise for Relaxation"


"DISTANT TRAINS ECHOING IN THE RAIN.. Relaxing SoundScape to help Sleep, Study & Meditate"


"One Hour of HQ Coffee Shop Background Noise"


brain.fm is great, too!

But honestly, silence + just getting into the groove works best. Minimizing distractions is key. Unfortunately, nothing beats late nights at meeting these criteria.

julianz 2 days ago 0 replies      
I set this to "intense focus" and the result is almost exactly the same as the opening track to Tangerine Dream's 1983 album Hyperborea, "No Man's Land". Funnily enough, I've always found that an amazing album to listen to when in need of concentration or relaxation.
rjurney 2 days ago 1 reply      
I don't know why, but this makes me feel smart. Placebo++
SCHiM 2 days ago 1 reply      
As someone who experiences asmr I was expecting a somewhat similar experience while listening to the 'sleep' module/mode. But I don't think this does anything for me, in fact the sound set me a bit on edge for no apparent reason.
tunnuz 2 days ago 0 replies      
Similar service which I really like (no AI, but you can calibrate the sounds to match your hearing curve) https://mynoise.net/
Hydraulix989 2 days ago 1 reply      
Brainwave entrainment is pseudoscience. The placebo effect is powerful.
vhiremath4 2 days ago 1 reply      
Been using Brain.fm for a few months now. Incredibly boosted performance programming on my end.
exception_e 2 days ago 0 replies      
Related: http://mtcb.pwop.com/

This is by Carl Franklin of the .NET Rocks! podcast. Definitely helps me focus.

dclark5218 2 days ago 0 replies      
I have to say, I tried this as something that has always piqued my interest - using sounds and music to make me a more efficient human. I was skeptical, I put it to the test while coding.

Within 10 minutes I felt a strange calm hum in my head and have now been using it for 2 hours with no sign of dropoff. Very cool, going to keep using. If this continues like it did tonight, I could see this becoming part of my daily work routine.

robinduckett 2 days ago 0 replies      
Put on intense focus and promptly fell straight to sleep at my desk.
daveguy 2 days ago 0 replies      
While everyone is giving their favorites I thought I would throw mine in. Two sites -- pandora.com and coffitivity.com

On pandora -- their baroque classical station

On coffitivity -- University undertones.

You have to fiddle with the volumes a bit to get them balanced, but once you do it is a great passive sound for concentration and focus.

Also a good one that I picked up from my college roommate -- drum and bass techno. Anything with lyrics gets me thinking about the lyrics.

davnn 2 days ago 1 reply      
I'm sure there are huge personal differences. I have tried a lot of different sounds until now, but I cannot imagine listening to one type of sound over a period more than two weeks.

Variety works for me and keeps me happy at work which is as important as being productive alone. Productivity will not last long without happiness.

Variety works for me.

mattdlondon 2 days ago 1 reply      
I found the intense focus music (and the "white noise"/hissing in it) to be really, really grating and kinda put me on-edge while listening.

I also found the repetitiveness/predictability of the rhythm to be troubling - I'd end up focusing on the noise and thinking about "what was coming next" to be ultra-distracting.

Kinda like when you have a noisy neighbor at night and you are just trying to get to sleep, but all you can focus on is the noise coming from your neighbor. You cant switch off - all you can do is focus on the noise.

Personally nothing beats rainymood.com for focus for me, but thanks for sharing. I guess I am different as everyone else seems to think this is effective.

illogikal 2 days ago 0 replies      
Marconi union has always worked very well for me. The weightless album in particular: https://www.youtube.com/watch?v=nKsEqFgKhoA
itsnotvalid 2 days ago 0 replies      
So there are already tons of apps on App Store or Play store featuring auto-generated beats for working and sleeping. Is there any clinical studies saying that this service is better than any of those? If the effects are the same, why choosing this over others?
louprado 2 days ago 2 replies      
Does this music ever repeat ? I can't tell if it is a play list of previously AI generated music or continuously novel AI generated music.

I stopped listening to focusatwill.com because the repetition was too distracting even with a paid subscription.

jtmarmon 2 days ago 1 reply      
been using this for months and enjoying it a lot while hacking. i definitely get into flow more quickly and stay in it more easily
paulrd 2 days ago 0 replies      
Sometimes super down,down tempo is the way to go for working: https://www.youtube.com/watch?v=aVnLon8TvXk
jkalmadi 2 days ago 0 replies      
Hey all! cofounder of brain.fm here.

Wowza :O

We had zero clue that we would hit front page of hn (the spike! https://imgur.com/RpUvpiH.png). Thanks for the upvote love!

Here's some deets on brain.fm:



Background music while focussing (i.e. coding, working, studying, creative work)



We actively study the relationship between music and the brain via our lead neuroscientist at Northwestern University (2 pilot studies via EEGs on brain.fm, on focus: https://goo.gl/t2qPPb, on sleep: https://goo.gl/i324Zj).

We're also working the with the Team USA Olympic wresting team (via coach Matt Lindland). Hoping to have the research case study live soon :)



"It feels like your headphones are giving you a mild dose of Ritalin."

^ Hustle (https://goo.gl/Quzwsd)

"Brain.fm has had a radical effect on my focus and mental clarity."

^ AppSumo (check out 290+ reviewshttps://appsumo.com/brainfm)

"One of the cool things about Brain.fm is that you can try it for a few minutes and immediately reap the benefits."

^ Product hunt (see: https://producthunt.com/tech/brain-fm + https://goo.gl/6aYiDK)

"I press play, my brain switches into super focus mode. It genuinely feels like Ive taken a double-dose of my ADHD meds at times."

^ Smart girls with ADHD (see: https://goo.gl/VQx3XT)

Reddit discussion thread^ see: https://reddit.com/3s0sq1



I'd like to share the hn community a '$25 for life' deal.(usually it's $149 for lifetime, $7 for monthly and yearly for $48). Link: https://brain.fm/hackernews


Happy to answer any questions!


jqm 2 days ago 1 reply      
I listen to soma.fm groove salad while programming. (https://somafm.com/groovesalad/)

I've discovered some great artists on there. Jens Buchert for instance. https://www.youtube.com/watch?feature=player_embedded&v=GomA...

batz 2 days ago 0 replies      
So an AI can learn to generate music that compels people to become more receptive to suggestion, in particular the suggestion that they should act as proxies for the will of an AI.

Well played.

jwl 2 days ago 0 replies      
Really like the intense focus music. Seems to work really well for me. However I am not a fan of the nature based ones. The nature sounds comes of as too artificial. I might consider buying something like this, but not sure if I think a monthly subscription is worth it. Could there be a market for making an "album" with 10 generated songs in a category?
nitrogen 2 days ago 0 replies      
The customization popup seems a bit too aggressive. The first sound I tried was cool, but I want to hear two or three different example programs before I invest any amount of time into the site. I like the concepts of generated music and brainwave entrainment, but I want to hear at least one sample from each category.
cyanbane 2 days ago 0 replies      
Some awesome suggestions on here.

Also wanted to note:




hugofirth 2 days ago 0 replies      
I know you probably have more important things on your roadmap about now :), but any plans to support media keys (Pause, Skip etc...)? Perhaps using something like http://www.sway.fm/api
StapleHorse 2 days ago 0 replies      
I'so bookmarking this thread :)

I use to listen Digitally Imported streams. It offers very fine granularity in electronic styles, like (ambient, lounge, chillout dreams, space dreams). Very nice for background music doing stuff. Also, Amethystium is very nice for relaxing.

pmontra 2 days ago 0 replies      
"Those who fit into any of the above categories, whether knowingly or not, should not use this application." (Emphasis mine)

Doesn't that "or not" invalidates all the disclaimer? How could they enforce that clause in a court?

chejazi 2 days ago 0 replies      
Currently listening to intense focus. I've been casually looking for background music like this for a while. Thank you.
martindevans 1 day ago 0 replies      
I just tried this and really liked it. However the sign up process seems totally broken.

Each screen of the process asks 3 questions and seems to completely freeze up the entire browser tab (latest chrome) for about 30 seconds.

netgusto 2 days ago 0 replies      
This is awesome. I was using https://rain.simplynoise.com/ as a whitenoise generator, and some Spotify focus playlists.

Been using brain.fm for 1h now, and I'm loving it :) Thanks !

Diederich 2 days ago 1 reply      
I have a background in music composition, so ANY music I listen to...no matter what, distracts me, since part of me is decomposing it.

It's taken several years, but I've conditioned myself to enter high focus mode by listening to white noise. Self conditioning is, I think, the key part for me at least.

cpeterso 2 days ago 0 replies      
I like the White Noise Meditation albums. Some tracks are literally just white noise or pink noise. It is much more relaxing than it sounds! :)


leafac 1 day ago 0 replies      
Hi, Adam (ahewett).

I tried getting in touch via the website's "Contact Us" link. But apparently the form is broken due to your email server verifying DMARC records.

Please, get in touch with me via brain-fm@leafac.com.

Kpourdeilami 2 days ago 0 replies      
I have been using this for a couple of months to stay focused while I'm coding and it is very effective.
jiraaya 2 days ago 0 replies      
Would love to understand how this tool overcomes sensory gating https://en.wikipedia.org/wiki/Sensory_gating
jorgecurio 2 days ago 0 replies      
well it's obviously helping me concentrate because I'm posting this comment.
unsignedint 2 days ago 0 replies      
I signed up for lifetime :-)It would be cool if I can Chromecast this. (A little easier to connect headphones to my sound receiver than sleeping right next to my PC...)
sharmi 1 day ago 0 replies      
I find age of mythology soundtracks work very well too
runjake 2 days ago 3 replies      
I like this a lot but, in my opinion, the pricing is way too high and keeps me from giving you money.

I'd buy it as a $5 app, for sure.

frr149 2 days ago 1 reply      
Any promo codes for Hacker News denizens? :-)
ogig 2 days ago 0 replies      
I've been using music for years to improve my focus, relaxation, sleep, happyness, sadness, social relations and many more. Music make us feel things, we all know that. For me it's out of question that it can make you better, speaking broadly.

Now, having brain.fm picking the music so I can feel X seems like a step backwards. I already can do that but much better just using the wonderful universe of existing recorded music.

I don't see the value for me here.

bad-joke 2 days ago 0 replies      
Just curious: why is this program not recommended for people using a pacemaker?
PSeitz 2 days ago 0 replies      
Makes rather tired than focused
jrometty 2 days ago 0 replies      
This might sound hilarious, but I've always used Frank Ocean's Channel Orange as coding music.
whelp 2 days ago 0 replies      
Mozart's music sounds like AI generated. Not sure about the focus/relax/sleep parts though.
anentropic 2 days ago 1 reply      
AI generated "music" to improve focus, relaxation and sleep

there, fixed that for you

autotravis 1 day ago 0 replies      
I've been working (programming) to this album lately: http://pza420.bandcamp.com/album/friends

Nice and mellow, but not boring.

Paradigma11 1 day ago 0 replies      
I love it.

My only suggestion would be, more lastfm and less khan academy.

gsantostasi 13 hours ago 0 replies      
My name is Giovanni Santostasi. I have a PhD in Physics and I work in the field of neuroscience of sleep at Northwestern University, in particular I'm interested in slow wave sleep. I'm also the leading neuroscientist at brain.fm. Slow wave sleep is the deepest stage of sleep and it is fundamental for learning and cognition (and several other physiological functions like getting rid of toxins in the brain, metabolism and hormonal regulation). Slow wave sleep is one of the most regular rhythmic brain state. It is easy to recognize using an EEG system because it produces very regular bursts of large amplitude and relatively slow oscillations, called slow waves (with a frequency of about 1 Hz). This is one of the most active fields in neuroscience right now. Many experiments in labs around the world have shown that the amplitude of these oscillations are strongly correlated with learning activity during the day. Also performance on cognitive tasks in particular related to memory are strongly correlated with the amplitude of the slow waves. Scientists tried to understand if slow waves were just an epiphenomenon, i.e. if they were the indicators of a fundamental physiological principle or they had a causative role, i.e. if by generating slow waves the brain caused physiological changes that helped the process of memory consolidation in the brain (making memory long stable over long term). Therefore in the last 10 years scientists tried to modify the slow waves using external stimulation. The used initially transcranial direct current stimulation tDCs and obtain amazing results. By creating currents that oscillated at a frequency close to the typical frequency of slow waves (about 1 Hz) they were able to enhance the amplitude of the waves. What was even more amazing that the enhancement in amplitude changed the memory performance of the study participants in a standard memory tests relatively to a sham condition. The change were not just statistical significant but quite dramatic (they enhanced by 20-30 percent the natural benefit in memory due to sleep alone). The results were published in Nature, the most prestigious science journal. In our lab we reproduced and in fact improved these results using acoustic stimulation (using short burst of pink noise synchronized with the brain oscillations during sleep). This and many other experiments repeated in many labs around the world show clearly that the relationship between mental states and brain rhythms is bidirectional, brain states create brain rhythms, but brain rhythms bring the brain to particular brain states. The field of brain stimulation is relatively new in neuroscience as a very active, promising and in fact revolutionary area of research. Sleep is just one area but people are exploring using rhythmic brain stimulation how to increase attention, information processing, improve mood and cognition in older people, helping with ADD. It is unfortunate that in the last decades the idea of using brain waves to enhance brain function has been appropriated by charlatans and new agers. But right now brain rhythms are making a huge come back as a legit scientific study that is bringing break throughs almost on a daily basis. At brain.fm we are simply using the knowledge of this new field of science to improve people well being. We are moving the knowledge from the lab to people daily life. We are not claiming to have a magical tool to enhance focus, attention, sleep. We are doing what good scientists do. Experimenting, trying different things and using the scientific method and an evidence based approach to determine what works and what doesn't work. I believe we are doing much better than most companies in the industry of neuroscience commercial applications because we are focused on testing with scientific means our technology and prove ourselves wrong before we make any claim. When we do is because we see noticeable effects and reasonable repeatability of our findings. I notice several criticisms about the small sample size of our studies. I have to clarify that this is very typical size for pilot experiments that are trying to test new approaches in brain stimulation and other physiological studies in general. The Nature paper I mentioned for tDCs and slow wave sleep had about 17 subjects. Also the p=0.05 as statistical threshold is something that is used all the time in the biomed field. Being a physicist it took me sometime to get adjusted to such small significance (in comparison with what we consider significant in physics) but it is understandable given the complexity of living systems and the great variability in human physiology. And how many companies you know in this industry that can back up their claims with any study at all? Or are interested in testing, experimenting, learning from their mistakes and improve their products continuously from what is learned? We accept your criticism as an input for pushing ourselves in doing better and creating even better products. Be part of this experiment in human enhancement and let us know what you think. Thank you,Giovanni
sebringj 1 day ago 0 replies      
I get a little uncanny valley from listening to this.
timwaagh 2 days ago 0 replies      
its interesting. definitely something i would use. but not something i would pay for. why not have an ad-supported version for those who care about their wallets?
subpixel 2 days ago 0 replies      
I dig it. I'm creating an SSB pinned to my menubar for this right now.
akerro 2 days ago 0 replies      
This is great, I nearly felt asleep before going to work!
pawurb 2 days ago 0 replies      
Just subscribed. Thanks for the hackernews discount.
caglar 2 days ago 0 replies      
Here is a perfect list of focus music playlist by GURUs
ericlamb89 2 days ago 0 replies      
kept me off facebook for 3 minutes...nice!
phacops 2 days ago 1 reply      
An Apple TV app for this would be great
ilostmykeys 2 days ago 0 replies      
Doesn't help. I'm about to rip my headphones off. Such anxiety inducing music (intense focus) ... pfft.
joolze 2 days ago 1 reply      
Sure, this probably helps you focus better than a standard studio album.

I would argue that 90% of the benefit of this music is just from the extended intervals of contiguous playing, so there's no "break" disruption. I think any DJ (esp. deep house) worth half their salt can get someone "in the zone" for half an hour at a time. And artists devoted to minimalist ambient or trambient can get you going for hours straight.

Honestly the "Focus: Intense" or whatever I find super annoying. It's got this constant anxious buildup feel to it and never fucking breaks into what I would consider that peak when I start playin my keyboard like a goddamn piano.

Basically, no fucking way would I even consider shelling out an additional Spotify subscription for some "high tech" whale song machine.

Mark Zuckerberg Backs Apple in Its Refusal to Unlock iPhone nytimes.com
397 points by dnetesn  1 day ago   260 comments top 27
haberman 1 day ago 10 replies      
I'm really trying to figure out what this case is really about, vs. what the players are saying it is about.

The government says it just wants to unlock this one iPhone. But is it really just looking for a legal precedent in a case that the public is likely to support the unlocking?

Apple says is it afraid of creating a "master key" that could fall into the wrong hands. But doesn't it already have such a key, in the form of a signing key controlling what payloads the iPhone will agree to load? Is Apple primarily concerned with both precedent and perception of security on its phones?

I personally feel that any mechanism by which iPhones could be unlocked with a warrant -- but only with a warrant (ie. the gov't physically lacks the capability to do it themselves) -- is a good compromise. It's in Apple's interest to push back on such requests, so you have two powerful and well-funded entities adversarially fighting to define the line of what can get unlocked and what can't.

Now NSL's, those are a whole different kettle of fish.

acqq 1 day ago 2 replies      
Don't forget, one of the issues is: on which legal basis is Apple requested to help:

The question is, is this act (the whole text follows):


"(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.

(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction."

a reasonable legal ground in this case to demand from a company to change their products, in this case make a special version of the operating system? Is this act good to mean "we can order anything to anybody"? Especially when there is "the Communications Assistance for Law Enforcement Act of 1992" (CALEA).

"All Writs" appears to be too dangerous to be used for precedents like this one, "change your products to help us." What is the next requested change going to be? Give us the change you've made ("obviously not an "unnecessary burden" anymore"). Make more changes, permanently. ("you've agreed already before!").

noelsusman 1 day ago 4 replies      
Can somebody explain to me why Apple couldn't create this exploited OS and restrict it to only run on the specific device in question?

If that's the case, then they could post the source code on Github and it wouldn't make any difference. Modifying the code to remove the device restrictions would invalidate the signature and any iPhone would refuse to run it. Isn't that the whole point of code signing?

I'm finding it hard to see how Apple's stance is anything other than meaningless grandstanding. Since the vulnerability already exists, the security of similar iPhones is currently reliant on the security of Apple's private signing key. After releasing this exploited OS, the security of similar iPhones would still rely on the security of Apple's private signing key. Nothing at all would change, it's Apple's fault for allowing this vulnerability to be there in the first place.

Where am I wrong on this? I've been hoping Apple would answer this question for me but instead I've just gotten more hyperbole.

neom 1 day ago 4 replies      
Given what I saw when I was at DO, everyone should back apple in their refusal to unlock the iPhone.
tbabb 1 day ago 18 replies      
What kind of a democracy do we live in where we rely on corporations to protect the people from an overreaching government?
yyyuuu 1 day ago 2 replies      
I really wonder sometimes about the great gap there lies between the problems that we face in third world v/s the problems that are faced by people in first world countries.

Here in Delhi, and even more so in rural parts of India, connectivity to services like internet,banking,healthcare etc. is still a luxury for the majority. Most people here wouldn't even understand this hot issue of iPhone unlocking request by FBI.

When I see folks on HN, indulge passionately in discussing the most minute detail of this Apple issue, I really wonder how long would it take for my country (or for that matter, the majority of the world population that still lives in poverty and distress) to come to a stage where we can start thinking about the next basic right that comes once you have achieved the food, water, shelter part of life, that being privacy.

rconti 1 day ago 1 reply      
>I dont think building back doors is the way to go, so were pretty sympathetic to Tim and Apple, said Mr. Zuckerberg

Shortened the article for ya.

dredmorbius 1 day ago 2 replies      
I don't often find reason to praise Facebook, but this would be one.

When news of the FBI's demands to Apple first appeared, I hoped to hear from Google, Twitter, Facebook, and Amazon, as online service providers. Mozilla and Wikimedia as related infrastructure. Also Samsung, LG, Lenovo, and Dell, as hardware providers, and T-Mobile as a mobile services provider (AT&T and Verizon are assumed to be in the tank with the FBI/NSA/CIA).

This puts the list of supporters at Twitter, Google, and Facebook. Good work.

Waiting on Microsoft and Amazon.


PascalsMugger 1 day ago 0 replies      
The nightmare scenario is as follows.

Sure, unlocking this one phone sounds pretty reasonable. Apple will maintain control of the unlock mechanism, the FBI gets it warrant obliged, end of story. This is what the government side is spinning (see the nytimes op-ed today from William Bratton, NYC police commissioner).

The reality is that is not the end of the story. New York City has already said they have 200 phones waiting to be unlocked. Given an FBI win in the case, and Apple building the unlock mechanism, there's no reasonable defense against these unlocks. And this is just one city.

I wonder how many full time Apple employees would be required to service the steady flow of requests from law enforcement across the world to unlock phones. Hundreds? Thousands? I'm sure they already have law enforcement liaisons, but we're talking a whole other level of commitment in order to essentially create a worldwide law enforcement IT help desk.

Somewhere during the process of industrializing the unlocking of phones, a lot of people are going to start saying it would make sense if Apple would just provide the ability to unlock directly to law enforcement agencies. That would solve the problem of law enforcement heavily burdening Apple with all these requests.

Assuming Apple capitulated to that (presumably forced to capitulate because I doubt Tim Cook would do it willingly), we finally reach the nightmare scenario where access to the unlocker is no longer strictly enforceable and it's only a matter of time to where criminals have it. This is a true Pandora's Box, because there's no patch that will plug this hole.

This is a true slippery slope, in that its progression is all but assured. The only thing capable of stopping it is to have hardware that is incapable of having an unlocker created for it. Hopefully that's where we're at with newer phones, although that seems to not be fully confirmed. It's one thing for law enforcement to make Apple open a lock it has the capability to open. It's another to require that Apple make their product less secure than they otherwise would make it. I don't see that happening through the courts. At the very least, it would require an act of congress, probably followed with a lengthy court battle over the constitionality of such a requirement.

pcurve 1 day ago 5 replies      
This is an interesting tug of war. Considering 50% of Americans are taking the opposite stance, the SV elites are in the minority. (35%) Yet no pro-government business executive has emerged. I guess it's a risky position to take.

I have a feeling the government will eventually figure out a way to get its way without our realizing.

droopybuns 1 day ago 1 reply      
Good for Mark. Not an easy position to justify to shareholders. I can think of one ceo who is outrageously cowardly in contrast.


Iv 1 day ago 1 reply      
Ok, a few question for someone who has been a bit too depressed to follow the latest evolutions since the Snowden revelations:

- If the NSA approached Apple to ask for the same, would it be legal for Apple to talk about it? To refuse it?

- Hasn't the NSA already done that?

- Would the Chinese government allow a non-backdoored iPhone on their market?

I am sorry but I really do not see any reason to believe that Apple's devices are not already rooted to the core. This one FBI issue seems to be a perfect PR occasion.

Falkon1313 1 day ago 1 reply      
What I'm not seeing people talk about is whether the FBI should be allowed to force someone to do something unethical, immoral, and/or criminal. Generally speaking, breaking into a system that you aren't authorized to access, or creating and distributing tools that allow other people to do so, is considered 'bad'. Shouldn't Apple have every right to say no, that's wrong, I'm not going to do that?

Governments have ordered people to do bad things before. How do you view those who justified their evil actions with excuses like "I was just following orders" or "just doing my job"? Is it right for our government to put people into that situation -- not just government employees or their targets/adversaries, but neutral 3rd parties?

If a policeman ordered you to do something repulsively bad that would harm your family, friends, and neighbors, would you not want to be able to say no?

That view doesn't require any great technical knowledge of cryptography or hardware/software/etc. Pretty much anyone could understand it. Yet no one seems to be mentioning it.

alttab 1 day ago 0 replies      
This article does nothing to explain anything that Zuckerberg said that might illuminate his position.

All he said, according to this article, was:

"I dont think building back doors is the way to go, so were pretty sympathetic to Tim and Apple.

Its disappointing to the mission that were trying to do.

We're talking about a company that gives away your information to FBI, CIA, and publicly via an API. Of course they are going about it the wrong way - you just simply give them the data to begin with, as a business model.

bunkydoo 1 day ago 0 replies      
Zuckerberg seems to be a bit of a fair weathered fan for privacy. Facebook has traditionally been very if not entirely compliant with providing government agencies with data. Due to a couple occurances with my personal use of Facebook, I have found that it is quite likely that they even do extracurricular surveillance as well. Just my opinion
veeranimous 1 day ago 0 replies      
I might be conspirator here. but I heard Apple did worked with govt several incidents. This whole thing appears like a setup to trust these corporations who's bread and butter is selling our data for profit.(where does ethics come here?). a company which bought WhatsApp for billions of dollars and providing service for free is not doing a charity. especially it's stock holders won't be happy about it. it appears like a setup to gain trust on these corporations which govt, corporations continue to use. I don't have a problem personally, if it helps to catch a terrorist. but I dont trust profit based corporations talking about ethics. it's just a PR stunt.
nickik 1 day ago 0 replies      
Apple should just build their sysyem so that it can not be backdoored. Make the TrustedZone non upgradable or give the signingkey to the use (Smartcard in the package of the phone). User can either keep or destroy the key, as they see fit.

More security for everybody. No backdoors. The FBI can as for speciak version all they want.

To be sure, they could still ask apple for a prober backdoor, but at least they can anker it to a individuel case.

melted 1 day ago 0 replies      
Prediction: within 2 years Apple will have iPhone 7s, on which no one can bypass the encryption no matter what. All they'd have to do is put secure enclave software into ROM burned at the factory, and make it self-destruct if it's tampered with. "Sorry officer, not even we can bypass exponential back-off on this CPU."
JumpCrisscross 1 day ago 0 replies      
Please call your representative and senators about this. Not email, not mail - call. Even if it means holding for half an hour. It makes a difference, and they need to hear us.
giancarlostoro 1 day ago 0 replies      
If we want to keep fighting issues like these we need all tech companies / CEO's to voice the issues with these problems and all future tech related problems, these lawmakers really shouldn't be allowed to make laws without the backing of all / most / reasonable number of the tech giants, just because "GoDaddy" supports it isn't good enough, if "enemies" are on the same page with a bill then you might be in the right direction.
gaelian 1 day ago 0 replies      
"While these companies have said they would comply, when legally obliged to, with handing over information on their users, they say they believe that creating technological back doors to their digital systems can lead to potential abuse by governments worldwide."

This article is overlooking that it's not only governments that people would have to worry about if intentional backdoors are implemented.

keitmo 1 day ago 0 replies      
I'm not much for conspiracy theories, so I decided to make my own.

<tinfoil>What if the FBI's request is just a ruse to obscure the fact that the NSA has already unlocked & decrypted the phone and found evidence needed in the criminal charges?</tinfoil>

Mikho 1 day ago 0 replies      
One of the interesting issues here is that national security depends on the corporation decision and the actually corporation can access the information on the device, but does not want to help the government to protect people from potential terrorist attack. FBI does not ask for backdoor codes and does not ask for breaking encryption and does not ask access to unauthorized infothe phone owner granted the permission. The only thing FBI ask is to not brick the phone and not erase the info while it tries different device locking code combination. There is nothing here that would break privacy or encryption.
ryan-allen 1 day ago 0 replies      
Facebook don't encrypt our private chats to my knowledge and I have read articles of immigration agents having access to private Facebook chats [1].

So given this seems to be the case, isn't Zuck a huge hypocrite and this is just a PR stunt?

[1] https://news.ycombinator.com/item?id=5864427

robbiet480 1 day ago 0 replies      
Anyone have video of this yet?
DeepYogurt 1 day ago 0 replies      
pbreit 1 day ago 3 replies      
I feel like my positioned has changed a bit now that it is clearer the iPhone is owned by the same party that wants to recover the data?
Linux Mint downloads (briefly) compromised lwn.net
472 points by temp  2 days ago   231 comments top 30
jnbiche 2 days ago 11 replies      
I've used Mint in the past, and it was my go-to distro for family members who aren't so technical.

I'm not bothered by the licensing issues mentioned, and I'm ambivalent about the namespace issues, but I've been increasingly uneasy for some time now about Mint's security practices. Serving downloads over http and not providing GPG signed SHA hashes like every other distro is fairly irresponsible in this day and age.

This recent security issue, and the poor response to it, are basically the straw that breaks the camel's back for me. I'm moving on to Ubuntu-Mate, since frankly Mate was the primary reason I was using Mint anyway. Serving downloads of the most popular Linux distro from the same machine as is running WordPress is cringeworthy, and failing to take the compromised machine totally offline until it's 100% sure the compromise has been mitigated (through reformatting, including boot sector) shows really poor judgment.

I'm a bit sad to be so critical, since I recognize that Clem has done a lot for the Linux world, and as a Mint user I've benefited personally from his work. But when you're distributing operating systems to so many users, you have to take security seriously. To do otherwise, even on a "hobby" project (although I'm fairly sure it's his full-time job now) is pretty irresponsible.

In many ways, I'd like to pitch in, but based on other interactions I've seen and read about, I'm not sure my input would be welcome, particularly wrt security issues.

Edit: I'm also playing around with FreeBSD for my development environment, since I can use Mate on there. To be honest, I don't really need a DE these days anyway, since I only use terminal and a web browser. I should look into just using a Windows Manager.

Edit 2: Apparently they do provide GPG signed hashes. I've been looking for them each time I've downloaded Mint distros, but never came upon them. So I stand corrected.

mschuster91 2 days ago 5 replies      
> Add to that, that they do not care about copyright and license issues and just ship their ISOs with pre-installed Oracle Java and Adobe Flash packages and several multimedia codec packages which infringe patents and may therefore not be distributed freely at all in countries like the US.

Seriously, with the rotten-ness of the US patent/copyright/political system, it's better for mankind to just say "ok, US users can't get this, but everyone else can".

E.g. many European banks do this for "US persons" - they simply cannot get accounts because the legal risks are just too high.

Edit: It's not just banks. E.g. BMW Group (and likely other huge non-US corps with US subsidiaries) refuse to allow US persons to look at financial statements, again due to regulatory hassle.

izacus 2 days ago 3 replies      
> Add to that, that they do not care about copyright and license issues and just ship their ISOs with pre-installed Oracle Java and Adobe Flash packages and several multimedia codec packages which infringe patents and may therefore not be distributed freely at all in countries like the US.

Hmm, that was actually one of major selling points for Mint around me - it was the distro that "worked", with relevant software, codecs and drivers being preinstalled and not crippled due to strange laws on the other side of the ocean.

snarfy 2 days ago 6 replies      
I remember installing it when it was relatively new and people were gushing over it. A few weeks later a new version came out. I tried upgrading when I found there was no upgrade path. Upgrading Mint means reinstalling Mint.

I remember the days before apt-get when there was only dpkg. Before Debian I used Slackware so I'm all too familiar with package management (or lack of).

The idea that someone would release a new distribution, based on Debian of all things, and it not be able to upgrade was repelling to my mind. Re-install Mint to upgrade? No thanks I'll install Ubuntu over it.

Cinnamon is nice but I never understood why it needs its own distribution. I should be able to apt-get install cinammon-desktop or whatever and it work like any other package.

mhw 2 days ago 1 reply      
Hmm; I'm puzzled by a contradiction between this and another recent article. From this article we learn that we shouldn't do this:

"Secondly, they are mixing their own binary packages with binary packages from Debian and Ubuntu without rebuilding the latter. This creates something that we in Debian call a "FrankenDebian" which results in system updates becoming unpredictable <https://wiki.debian.org/DontBreakDebian#Don.27t_make_a_Frank.... With the result, that the Mint developers simply decided to blacklist certain packages from upgrades by default thus putting their users at risk because important security updates may not be installed."

while from <https://news.ycombinator.com/item?id=11131081>:

"Nobody else requires that you rebuild every package before you can redistribute it in a modified distribution - such a restriction is a violation of freedom 2 of the Free Software Definition, and as a result the binary distributions of Ubuntu are not free software."

I appreciate that the latter one is discussing a hard requirement as a result of Canonical's IP licensing. But the former seems to indicate that it would be bad practice to just copy all of Ubuntu's (or Debian's) binary packages and build a new derivative distribution on top of it. Is the latter piece arguing in part for a freedom that would be a really bad idea in practice?

unixhero 2 days ago 2 replies      
I realize they have not taken security seriously in designing their delivery mechanisms. However I do not care. Linux Mint solves all my problems of configuration. It is configured so nicely and with Cinnamon it comes with so many useful bells and whistles, I'm not moving anywhere. It's great. Mint will be back after this blow and I am sure it will not happen again. I use it daily and I am super productive on it as my desktop. My family uses it also, on new and old computers, and it is perfect.
embik 2 days ago 1 reply      
> Secondly, they are mixing their own binary packages with binary packages from Debian and Ubuntu without rebuilding the latter. This creates something that we in Debian call a "FrankenDebian" which results in system updates becoming unpredictable

This is interesting because Debian itself encourages derivative projects to use their binary packages[1]:

> For those derivatives that re-use Debian binary packages, add some source packages and modify some source packages, where possible we encourage them to use standard Debian mirrors and add a second repository containing only the source and binary packages that have been added or modified.

Or maybe they don't encourage that behaviour but still give guidelines in case you want your derivative to work that way? I'm not 100% sure.

[1] https://wiki.debian.org/Derivatives/Guidelines

akerro 2 days ago 1 reply      
I had to quit using Mint because a lot of packages in their repo are really, really, old. Just to give example that made me install Manjaro on friends PC is ownCloud client for file syncing. It's a few years old, contains a lot of security bugs and doesn't work with HTTPS. You need to add repo with opensuse in URL address. Mint developers were contacted by ownCloud developers to resolve the issue, a few years ago, and they ignored it.
kozukumi 2 days ago 2 replies      
Fucking bang on point. Mint has a nice out of the box experience but after using it for a while you begin to see all the shit they stuffed in the cracks. It is a shame as Cinnamon is a lovely DE, I wish there were an official Ubuntu build with Cinnamon as the default DE similar to Xubuntu with Xfce.
onlycommenting 2 days ago 5 replies      
There's something interesting to be said here. "They make {{ package }} unusable by hijacking it's name space", well who gave them that name space? I understand the whole first come first serve and all but if we played that way things could get messy real fast.

There was recently an article on HN about the "Web of Hashes" and this article got me thinking about it. Why not give each application an UUID and let that be it's name space? Give the user an option to still use- they're example- xedit while having another xedit installed along side?

I can see how this could also get messy. Just spit balling here.

bitL 2 days ago 1 reply      
Mint's HiDPI is simply the best experience on Linux these days, not to mention it just works. But let's attack it because it doesn't conform to some autistic standards of ours. Way to go friendly Linux community! Let's make all distros unusable, super complex, require all people to wear their own personal TPMs and certificates so that they can feel finally secure. Let's blame Mint for not having DNA real-time sequencers for confirming package authenticity! Let's force my grandma to compile all her packages - she must be upgraded as well or she won't make it during singularity, right? /s

You are blaming Mint for things that are wrong in some context with Debian/Ubuntu or Linux or even unsolved in computing as such. And the small team of developers simply can't respond to every single issue within minutes as you wish, they have their plate full.

teekert 2 days ago 1 reply      
An yet, it just works, looks nice, is fast on old hardware, mounts everything out of the box, controls your audio from the volume icon and gets out of your way in general. 17.3 is one the best out of box experiences imo.
XorNot 2 days ago 0 replies      
Never let a good security breach not be an opportunity to air a bunch of unrelated greviences, apparently.
bitL 2 days ago 1 reply      
As a super happy user of Linux Mint - guys, please keep doing what you are doing! Thank you so much for giving us a proper desktop Linux! You have my (financial) support! Don't get pressured by some random loud Internet criticism and change for worse! Please don't do Win7->Win8 or iOS6->iOS7 regression in Mint as well because of a few unhappy voices trying to acquire power over you!
VarunAgw 2 days ago 2 replies      
Every once in a while, I get difference error in /etc/issue*. I really hate all of these. I use Mint only because I like its GUI interface. I really cannot stand Ubuntu desktop for a moment
AdmiralAsshat 2 days ago 1 reply      
So, functionally, is there any real difference between using Mint's ISO to install-from-scratch versus using you're preferred distro of choice (Ubuntu/Fedora/FreeBSD, etc.) and installing the Cinnamon Mint desktop on top of it?

I've been playing with Mint for the past few weeks and experimenting with full-Mint-on-a-VM versus Ubuntu-with-Cinnamon-desktop, and I don't really notice much of a difference. After reading about all of Mint's problems this morning, I'm tempted to stick with Cinnamon exclusively as a DE unless someone offers a compelling reason to use the full distro.

BuckRogers 1 day ago 0 replies      
I see a lot of people asking for alternatives. I spent 12 months trying almost every distro I could get my hands on and have some recommendations for those interested.

This was my shortlist at the end of all my adventurism and testing.

1. Linux Mint

2. Ubuntu MATE

3. Antergos Cinnamon

Pretty short list but those are what I found I settled on as possible choices for my own use. If the goal is getting down to business and getting work done rather than fiddling with the system I think those 3 would fit most people's needs. I was a longtime Xubuntu user prior to this adventurism, and IMO there are just better alternatives though it would probably be #4 if I had one, but I'm just not a fan any longer. MATE man handles XFCE.

I leave Mint at the top because other than these security concerns, it remains the best distro for me. I love their LTS update policy, continually delivering updates to Mint during the entire support span of Ubuntu LTS. Their desktop env is also just better IMO than alternatives.

Ubuntu MATE is pretty good and for the type of person like myself who is drawn to Mint, would be a really good alternative. It's missing a few features of Cinnamon, which is superior in general for me to MATE. But overall this is what I'll install if I decided to ditch Mint.

Antergos is just Arch with a nice installer. I didn't spend a long time testing this but it would be my choice for a rolling distro. Many people I know want that and they offer Cinnamon as a main, supported environment. Might be the best of every world for some. I prefer the slower updates of LM and UM, and install newer packages through PPAs or compiling it.

As an aside, I have completely given up installing other desktop environments onto distros that didn't originally ship with them. I see people recommending that, and it may work out but it's a mess if you want to switch back in my experience. I prefer to pick a distro that ships with the DE of your choice. I would not run for example, 'sudo apt-get install cinnamon-desktop-environment', anywhere at any point. :)

Hopefully this helps someone out there looking to migrate off of Mint. I'm still using it (on 17.2 here) but may move to UbuntuMATE or Antergos Cinnamon, depending on Clem's response.

red_admiral 2 days ago 3 replies      
Starting a post with "I know this is voluntary work, pitch in or shut up and all that ..." doesn't make the quote you're attacking untrue.

For what I'm paying for Mint ($0.00) and what I get out of it in terms of productivity, I find it quite a decent distribution.

pweissbrod 2 days ago 0 replies      
I guess this is what you get when you try to make a cathedral out of the bazaar
ouiyaaa 2 days ago 1 reply      
People I understand your criticism, but may I suggest donating to them too if you've used Mint? Once his bills are paid off, maybe he'll spend more time worrying about Mint?
borplk 2 days ago 2 replies      
Is there a way for me to get the Mint Cinnamon experience with Ubuntu under the hood?

The last time I tried I couldn't get it to work in a painless/reliable way.

lucaspottersky 2 days ago 0 replies      
ironically, by not caring about copyrights and such, they provide a better User Experience!
Mikeb85 1 day ago 0 replies      
I've tried Mint. It's basically Ubuntu + a bunch of bugs. The quality is seriously sub-par, I'd much rather use any 'official' Ubuntu derivative.
stuaxo 2 days ago 0 replies      
There are way less Mint developers than others, and it is mainly user driven. - So of course it less likely to be professional, at the same time it is more user driven.
incepted 2 days ago 0 replies      
I thought this was about mint.com... Relieved.
rpgmaker 2 days ago 0 replies      
This post is pretty damning. I was considering using Mint at some point but after this I will stay away.
m00dy 2 days ago 8 replies      
Whos using Mint these days anyway ?
geostyx 2 days ago 1 reply      
I've been using Mint for the past month or so, should I be using something else?
wfunction 2 days ago 3 replies      
When I read the title I thought this was about Mint.com... perhaps it should be changed to "Linux Mint" or something?
icebraining 2 days ago 2 replies      
Could [Linux] be added before Mint? I thought it was about Mint.com
Beijing is banning all foreign media from publishing online in China qz.com
501 points by vincvinc  5 days ago   263 comments top 36
yuanotes 28 minutes ago 0 replies      
You guys really don't know how things work in China.

As a Chinese I don't give a damn about these new ridiculous rules since we always have ways to bypass them. And theses things changes very fast in this country.

We have laws, and the way them work are different than that in western countries.

rdlecler1 4 days ago 4 replies      
Any non-Chinese company that insists on tying its fortune to the Chinese market is taking on tremendous risk. The goal posts are always changing , you need to constantly worry about IP theft, you can easily get on the wrong side of the government, and they strongly protect local interests. Investment is welcome, but as soon as you actually start making a lot of money and recouping your investment some barrier of sorts is bound to appear and you'll be phased out in favor of a local player. This is going to come back to haunt China at a time when growth is slowing and when they are going to need investment the most.
dageshi 5 days ago 9 replies      
Sounds like the normal thing in China. Make something illegal, don't enforce it, if someone's saying something you don't like then enforce it specifically against them, keeps everyone else in line.
11thEarlOfMar 5 days ago 4 replies      
This is pure insanity: "Quartz contacted the Ministry of Industry and Information Technology from Hong Kong asking for further clarification on how the rules would work, but the ministry said it could only reply to faxed questions that came from a reporter with a mainland press card."
SCAQTony 4 days ago 8 replies      
I am not a sociologist, political scientist, or an economist. It appears that China is too big to govern and has become a diseconomy of scale. China has 160 cities with over 1-million people in them (US has 10 cities) and I think it's a miracle that the lights still work and they have running water.

When you double the size of a plane it it becomes 4-times heavier (Observe what it takes to fly a B-52).

The PRC seems to be circling the wagons to protect from some unknown enemy that the free flow of information will allow the arrows to strike.

sharetea 5 days ago 3 replies      
And so it starts. Economic collapse will prompt the dictatorship in China to

- Increase anti-foreign rhetorics in media. Don't like it, Microsoft? tough

- Ban Foreign services. Don't like it, Uber? tough

- Devalue Yuan by 50%. Don't like it, Apple? tough

- Nationalize foreign assets. Don't like it, Ford? tough

Animats 4 days ago 7 replies      
China's leadership seems to be becoming more paranoid. Yet China has no serious external enemies other than the ones they make for themselves, the economy is stressed a bit but production is in great shape, and the standard of living has been rising for years. Why?
song 5 days ago 1 reply      
Well, ever since the change of government China has been closing back on itself again and censorship has been stronger and stronger. It's not surprising and tells me I made the right choice to leave the country in 2013...
contingencies 3 days ago 0 replies      
I've worked for foreign publishers here in China. I've worked for foreign publishers that have been raided and shut down by the publishing bureau in China. I've continued to work for the same foreign publishers, operating essentially the same business, even after they were raided, and seen them continue successfully for more than a decade.

There are rules and there is implementation. Reality in China is not so cut and dried.

I share pbkhrv's sentiment about this possibly being a preparation for a rash of bad economic news late this year. I have it on very reasonable authority that the RMB will tank at least 15% by end of year.

The view from here in China is basically the same as ever... nobody with money really cares about foreign journalism and reporting, only food prices (steadily increasing), education (crisis), health (crisis), pollution (huge) and inflation (big). Transport is also a problem. They just try to get their money out.

The Chinese government has a difficult job. They don't really do too badly when all things are considered.

outside1234 5 days ago 0 replies      
How is this not a World Trade Organization treaty violation? Serious question.
xjp250 4 days ago 1 reply      
Xi Jin Ping is worse than King jong un. He is a stupid and arrogant leader. He want people in China to call him "(xi big big)", but actually we like to call him "(xi bao zi)"
chrischen 4 days ago 2 replies      
Any move China takes that blocks foreign competition can be seen as an extreme version of an import tariff. Instead of protecting low level industries like corn producers either subsidizing domestic production or taxing foreign imports, China focuses on higher level industries like technology companies, culture companies, etc.

While China doesn't have the benefit of Google in the short term, by blocking them it gives it a chance for local companies to develop the technology and catch up.

Also take the example of TOMs shoes giving away free shoes replacing local markets and producers. These poor countries of weak governments, and even a small foreign company can impact the local the economy in uncertain ways. http://www.economist.com/blogs/freeexchange/2014/10/economic...

If you can understand this you can understand the viewpoint of Chinese officials. We come in with the viewpoint of "how can I have my fair and equal opportunity to extract wealth from China" while the capitalists in China are thinking "how can I extract wealth from China and prevent the foreigners from doing so." In reality the playing field isn't level. Our counterparts in China don't have the same education, quality of life, and financial status. Therefore a foreign company with foreign talent would already enter the market with an upper hand. By the time local companies are ready, they'd be fighting an uphill battle against foreign incumbents, or worse yet, not develop at all.

If you're familiar with Star Trek, there's the concept of the Prime Directive. It's principle is that the developed races must never contact or interfere with an undeveloped race because doing so would alter their natural development.

Foreign companies don't have an inherent right to the Chinese market. If they feel they do, or want to enter, it's because they feel there is profit in it. The profit comes from exploiting the opportunity in the local market, and in an underdeveloped market such opportunities are ripe. This isn't exactly fair if mature companies are allowed unfettered access.

qihqi 4 days ago 0 replies      
It looks like China will change the 'blacklist' model of the Great Fire Wall to a 'whitelist' model. That is the only way they can enforce this law.

Maybe they got tired of having banned content mirrored by un-blocked IP ranges and constantly having to hunt them down.

SeanDav 4 days ago 0 replies      
From the Chinese government point of view they have several good reasons (for them) for doing this, chief among them (in my opinion) saving face and controlling mass opinion.

When China was the huge success story it was, until recently, they were far more tolerant of criticism. Even then, the Chinese Government would clamp down very quickly on criticism. Right now their tolerance is pretty much zero. They do not want to admit or even hear that they have done anything wrong or that China has significant problems.

They also greatly fear any kind of mass action. During the boom years, with high employment and everyone happy, there was little chance of mass action. Now with entire industrial areas becoming ghost towns, high unemployment, no pensions and growing poverty, mass action becomes a real threat.

superbatfish 5 days ago 2 replies      
This seems like a huge deal. How does this not have 100's of upvotes on HN? Am I missing something?
est 5 days ago 2 replies      
please note this also includes online gaming. Blizzard, Valve and Steam would be in some trouble
venomsnake 5 days ago 0 replies      
I think that China's openness (or lack of) in internet affairs is strongly correlated with the health of their economy. It could be a nice proxy.
MrKristopher 4 days ago 0 replies      
To me this looks like a big win for companies based in China. The social media companies for the billion people in China will be employing local people, and the advertising revenue will stay within China.Not that this is the main goal of the ban though..
natch 4 days ago 1 reply      
There are some qualifiers around this alarming headline.

According to this story [http://www.independent.co.uk/news/world/asia/china-set-to-ba...]:

'This ban covers words, pictures, maps, games, animation and sound of an "informational and thoughtful nature" -- unless they have approval from the State Administration of Press, Publication, Radio, Film and Television.'

Still it's very onerous but not a complete shutdown.

vpalan2 4 days ago 1 reply      
If I wanted to do massive, irreparable harm to China, this is the law I would pass. And yet, they have done this willingly to themselves, without hesitation or incident.
paulddraper 4 days ago 1 reply      
"banning all foreign media from publishing online in China"

Seems like a contradiction. Are you publishing online, or in China?

nvk 5 days ago 0 replies      
They have to handle the devaluation of the Renminbi and a slumping economy somehow /s
longcheng 4 days ago 1 reply      
Chairman Mao once said, "our enemy would attack us with pen & gun". Looks like Beijing is taking the pen away from its enemy. :-)
ommunist 3 days ago 1 reply      
This is imperial. I especially like the notion that Ministry only answers to reporters with mainland press pass. The China is the center of the civilized world again, the world where the US is a barbarian outskirt.

Will the foreign websites published in Mandarin be banned to view from mainland China?

smegel 4 days ago 1 reply      
I would say bad China, but given how polarised and politicised the Western media is, I find it hard to fault them.

Unbiased journalism seems such a quaint concept these days, and as the divisions between right and left take on an almost war like characteristic, everything becomes propaganda.

Hell, I might even move to China to get away from it all.

_snydly 4 days ago 1 reply      
Will Hacker News be blocked? It looks like it's currently available: http://www.blockedinchina.net/?siteurl=news.ycombinator.com
ajeet_dhaliwal 4 days ago 1 reply      
Seems absurdly broad, if this article is correct. Doesn't this basically mean Chinese would be unable to read or view anything we can? Including this site? With the exception of Chinese published/created information.
tonyferguson742 3 days ago 0 replies      
It's getting harder every single day to run a business in China as a foreign company.
davesque 4 days ago 0 replies      
And people wonder why their stock market is tanking...
restalis 5 days ago 1 reply      
"acquisition of an online publishing license"!?

"How do you license media in an age when everyone could become a writer and publisher?" As far as I can imagine - you don't, that's the thing! Maybe they won't do you anything for now, but if they don't like what you're publishing they will have a ready-available "legal" reason for detaining you for publishing without a publishing license (which of course could be claimed to be totally unrelated to your published content)!

pbkhrv 4 days ago 0 replies      
This might be one of the things they are doing to prepare for a wave of negative news about the state of their economy.
rahimzayid 4 days ago 0 replies      
This is not that rare .. pretty much the same applies for Arab countries in my eys.
a3n 4 days ago 0 replies      
And this is the country that we're looking to, to bring North Korea back into the fold.
lukasb 4 days ago 1 reply      
does that mean no Stack Exchange?
curt15 5 days ago 1 reply      
The govt is just aiming to completely rewrite history. Tiananmen square? Never happened!
invaliddata 4 days ago 1 reply      
Does anyone know to what extent this affects news organizations in Hong Kong?
The Daily Mail Stole My Visualization Twice flowingdata.com
452 points by thehoff  5 days ago   138 comments top 29
NelsonMinar 5 days ago 1 reply      
A few years ago the Daily Mail ran an article about a visualization I made. They obeyed my CC license, so I have no complaint as serious as Yau's. But the article was just full of errors, including spelling my name wrong in three different ways. I wrote the article author and pointed out all the errors and he responded "No copy editing! It's a tight budget."

The Daily Mail truly doesn't give a shit. About quality, about copyright, about decency. It seems to be working for them.

nicky0 4 days ago 2 replies      
Send the Daily Mail an invoice for their use of your work. Pick a reasonable price and bill them. Then if you don't pay you've got something tangible to sue them about.
ollybee 5 days ago 2 replies      
I use this plugin (also available for Chrome) to redirect to pictures of tea and kittens should I accidental click on a Daily Mail link. https://addons.mozilla.org/en-GB/firefox/addon/kitten-block/
andy_ppp 5 days ago 7 replies      
What does the law say about putting a license on use of things like this "Embedding this content into your site without written permission from the author will involve a 100000 fee for it's use. You agree by embedding this content that you abide by these terms."

Is something like this enforceable?

squeaky-clean 4 days ago 2 replies      
> I made an alert pop up that said poop whenever someone loaded the Stuff.co.nz page. Like I said, I'm sophisticated.

I would probably have handled this much less maturely, haha. What would be the legality of displaying some really graphic image (like goatse) to only 10% of users when you detect you're within an iframe? :P

Ripping the source code of the visualization is so scummy though. I wish I could say I can't believe the Daily Mail, but this article isn't even surprising...

jrs235 4 days ago 3 replies      
How would the Daily Mail feel about (and what would they do) if someone constantly scraped their website and redistributed the content? Perhaps a fun side project called TheLessAdsDailyMail.com?
6stringmerc 5 days ago 1 reply      
What I Would Do: Find out what law firm represented the Beastie Boys when they went after GoldiBlox.

Why I Would Do That: They were successful in their defense of the rights of the Beastie Boys and reached a settlement that included a public admission of guilt.

Long-Term Goal: To discourage such behavior through numerous examples of punishment using established rules.

andy_ppp 5 days ago 1 reply      
The morally corrupt posing as moral guardians.

I know people who have had other things like photos from flickr stolen by them.

They are disgraceful!

cookiecaper 4 days ago 0 replies      
This kind of thing is beyond rampant at all levels.

I think the people most concerned about following the rules are small-medium businesses that are big enough for someone to try to sue, but not big enough to have an army of lawyers that makes them practically invincible from all claims that don't originate from a similar Super-Massive-Corp. Business insurance is pretty meaningless for practically any claim that doesn't involve unsafe facilities, and they often include clauses similar to "If you lose in the wrong way, you owe us all the money we paid for your defense".

There's an impression that since big media outlets are such big targets, they're careful about this type of stuff, but it's not true at all. They're only careful when it's another SuperMassive's copyright. They know that a legal fight with them is not possible for any other creator, and they know that they can get an immediate benefit by violating your copyright. They'll rip your stuff off, they may take down the thing they didn't have a license for after you complain, and they'll just laugh at you because they know an attorney is going to charge tens of thousands to even start proceedings against someone as big as them.

We need to fix the way legal costs work.

azalutsky 5 days ago 0 replies      
You must be really good at creating visualizations. :) way to go sir!
adjohu 4 days ago 0 replies      
autorespond *@dailymail.co.uk I hereby deny permission to reuse content from my website.
beckler 5 days ago 2 replies      
sounds like someone needs to set his X-Frame-Options header.
fixermark 4 days ago 2 replies      
It suddenly occurs to me that in addition to it being rude to deep-link someone's content via <iframe>, it may be dangerous to Daily Mail's security model.

I wonder if they've configured everything correctly to ensure that an embedded iframe can't find its way to the user's Daily Mail cookies or credentials?

tonyle 4 days ago 0 replies      
This reminds me of the days of flash. There use to be a ton of sites stealing other people's flash games. You could buy flash obfuscater and de-obfuscate programs. People would steal your game code and re-skin the game,etc. Then the new strategy was to put the ads inside the video game.
wnevets 5 days ago 1 reply      
the daily mail is awful, I wish people would ignore their garbage.
eddiecalzone 4 days ago 0 replies      
The Oatmeal was recently linked to without permission by the Huffington Post. Matt Inman had a predictably brilliant response.


alex_hitchins 4 days ago 0 replies      
I would suggest doing something like Nanex does with their graphs and images, use watermarks or some other identifying mark that is clearly unique to you. This way, they may think twice about clearly showing work that is not theirs.
suyash 4 days ago 0 replies      
First things first: How did you even track who was using your Visualizations? Can you explain so others can learn from the lesson as well.
jwatte 4 days ago 0 replies      
If they actually downloaded and republished your dikes, then that is clear copyright infringement. Which is both a crime, as well as cause for civil action.You could report them to the DA (or whatever is the equivalent where you or they live.)It would be interesting to see how that went!
vermontdevil 5 days ago 0 replies      
The Flowing Data is great. Yau really builds great visual charts of various data.
Sir_Substance 4 days ago 0 replies      
Remember to disable your ad blocker when on dailymail.co.uk to fund this high quality content, it's not cheap to make! Wouldn't want them to have to close up shop!
autotune 4 days ago 0 replies      
Perhaps the solution would be to embed a link to your site within the content you create itself, be it visualizations or whatever else?
hjek 4 days ago 1 reply      
Why is it any worse to link to a page than to put it in an iframe? (The author's page header was still on there, so there's a clear attribution.) Why is the author so dissatisfied with his page getting so many views? I'd assume that's the point of putting things on the internet.
joepie91_ 4 days ago 1 reply      
They embedded/copied/proxied it. They did not 'steal' it.

Regardless of whether you find their behaviour acceptable, those are two very, very different things.

teachingaway 4 days ago 2 replies      
If you put a lot of effort into a project and don't want it stolen, please REGISTER THE COPYRIGHT.

0. Register the copyright within 3 months after you publish the project.

1. Register online at https://eco.copyright.gov/ - it costs $35 (or so) and is not particularly difficult to do.

1.1 registration is not difficult, but it is tedious and involves navigating a super-old government website that kinda sucks.

2. You can also hire a lawyer to register for you, which costs around $200-300.

3. Once you have the copyright registration, you can write a polite letter to whomever is stealing your stuff (or write a nasty letter, depending on your mood).

4. You can force them to pay you compensation for stealing your copyrighted content.

5. If your stolen stuff is being hosted by a third party provider (like imgur or whatever), you can send the host a DMCA takedown request, and the host will quickly remove the offending content.

that is just US law. Milage may vary in other countries.

edit - a lot of downvoting on this comment. Too snarky? Too anti-open-source? i thought this is useful info. Sorry to offend!

Raphmedia 5 days ago 7 replies      
Didn't you read the article at all? It's only a few paragraphs:

"So how did Daily Mail embed the visualization without the word poop popping up on an empty page? They downloaded all the files from my server on to their own server and deleted the snippet that brought up a poop alert. That way they didn't have to deal with those pesky safeguards I setup.

In other words, The Daily Mail deliberately stole my work."

fixermark 5 days ago 3 replies      
I can't help but think that it would make sense for Mr. Yau to either (a) Change the server setting to emit the X-Frame-Options: DENY header or (b) monetize views on his graphic.

In general, you can't assume people won't deep-link your content, and that includes embedding. Taking steps to protect against or take advantage of traffic spikes is the responsibility of a content provider.

This, of course, wouldn't protect against DM just straight yanking all his assets and hosting them itself, which should be clearly immoral (and possibly illegal, depending on jurisdiction). But "framers gonna frame" is a fair thing to assume about the nature of web content, along the lines of "<img> tags are cheap and if people see something funny on your site, they're gonna use 'em to share it."

lmm 5 days ago 1 reply      
As soon as you searched you saw that many other people had written this kind of thing, and yet that hadn't done any good. What made you think this post would make any more difference than the previous ones you found?

If you want to actually make a difference, talk to your solicitor. You might even get some money out of it.

The man who made 'the worst video game in history' bbc.com
431 points by otoolep  2 days ago   209 comments top 42
SeanDav 2 days ago 8 replies      
Talk about screwed up priorities. Atari spent $21 million on ET video game rights, $5 million on an advertising campaign and gave 1 programmer, 5 weeks to deliver something that would justify that cost. No wonder they went bankrupt!
mrspeaker 2 days ago 8 replies      
Anyone who is in to Atari 2600 knows that ET is verrrrrry far from the worst game available on that system! And it's so sad making it a great game would have take so few tweaks! http://www.neocomputer.org/projects/et/
moonshinefe 2 days ago 3 replies      
It's a cool story. I'm actually really amazed he managed to make a game that sold 1.5 million copies (@ $40 per unit that'd be $60mil) in _5 weeks_. As the sole programmer. In an era when programming was far more tricky and low level.

It isn't his fault the managers were being unreasonable in the timeline, and the company grossly over-manufactured the cartridges.

If I made something in just 5 weeks that sold 1.5 million units, I'd be proud of myself! hehe, and as others have pointed out, it isn't actually the worst game.

purpled_haze 2 days ago 1 reply      
If you want to learn much more about this, watch the movie, "Atari: Game Over":http://www.imdb.com/title/tt3715406/
joeax 2 days ago 1 reply      
If we're going to rate Atari games adjusted by the level of effort and time put into them, I'd say this is one of its better games. This is one developer coding non-stop for five weeks straight, and he had the temerity to push back on Spielberg's ideas. I wouldn't say he caused Atari's demise, but rather he almost saved the company.
freditup 2 days ago 3 replies      
A couple of comments based off of the first ET poster/ad in the article:

* Atari games like this cost $40? That seems expensive!

* Why did Pennsylvania residents have to call a different number?

* Funny that a point of advertising was getting the game before everyone else. It reminds you that these were real games people wanted and not just nostalgic blasts, how I view them now.

(Link to poster: http://ichef.bbci.co.uk/news/624/cpsprodpb/1972/production/_...)

Animats 2 days ago 4 replies      
What, not "Desert Bus"?[1][2] (Now available for IoS and Android.)

[1] http://www.newyorker.com/tech/elements/desert-bus-the-very-w...[2] https://www.youtube.com/watch?v=nBr7EhL6Jpg

pmiller2 2 days ago 2 replies      
Let's not forget, the same person also created the best-selling original title for the Atari 2600: https://en.wikipedia.org/wiki/Yars'_Revenge
kqr2 2 days ago 2 replies      
Another contender for the title of worst video game:

 Big Rigs: Over the Road Racing was critically panned. The game's criticism is largely directed at its "blatantly unfinished"[2] state: lack of collision detection and frequent violation of the laws of physics, frequent and major software bugs, poor visuals, and severe lack of functionality. As a result, the game is now widely regarded as one of the worst video games of all time.

TheAndruu 2 days ago 0 replies      
This guy's job is what originally attracted me to software engineering... the idea you could be so good and important to a company that they just pay you to pump out something awesome and let you do it. Granted this focuses on a failure, but he had many successes and the failure is Atari's fault for pushing an impossible deadline.

Of course times have changed and this isn't a practical scenario anymore, and likely for good reason. But it still reminds me of how a simple DOS game that a man could do on his own was state of the art. Sure there's the odd app like Flappy Bird that goes viral and garners success, but that's the luck of the lottery, really. It's different from back then.

I miss that simplicity.

Patrick_Devine 2 days ago 1 reply      
Custer's Revenge has to be the worst Atari 2600 game ever created. Overt racism and sexism combine with bad game play in one rape-y package.
alblue 2 days ago 0 replies      
There was an interesting write up in 2013 of someone who reverse engineered the game to develop a fix for the main flaws in the gameplay:


It's quite an interesting read and exposes some of the concerns that must have been present in designing games for incredibly limited memory at the time, including where to put the patched instructions.

kstenerud 2 days ago 2 replies      
I still don't get why this game is so maligned. It was one of my favorite 2600 games! The only game I liked better was pitfall.
ctdonath 2 days ago 2 replies      
My wife remembers that game quite fondly. May be hip to dis it now, but a lot of people did enjoy it.
CM30 1 day ago 1 reply      
Personally, while I'd say ET was a disaster in a lot of ways, I've always thought the talk of being the 'worst game ever' is just ridiculously overblown.

I mean, for the time it was moderately impressive on a technical level, and as dull as it ended up being, it wasn't really all that broken as far as bugs go.

No, if you want something a bit more worthy of the title, try Big Rigs (mentioned below), Action52, Superman 64 or Sonic 2006. Something that is literally broken beyond the point you can easily repair it, and which were a lot less impressive for the time they were released in.

gozur88 1 day ago 0 replies      
Hah! The worst? Penn & Teller's Desert Bus is the worst. By design. From the wiki page:

>The bus contains no passengers, there is little scenery aside from an occasional rock or bus stop sign, and there is no traffic. The road between Tucson and Las Vegas is completely straight. The bus veers to the right slightly, and thus requires the player's constant attention. If the bus veers off the road it will stall and be towed back to Tucson, also in real time. If the player makes it to Las Vegas, one point is scored. The player then has the option to make the return trip to Tucson for another point, a decision which must be made in a few seconds or the game ends. Players may continue to make trips and score points as long as their endurance lasts. Although the landscape never changes, an insect splats on the windshield about five hours through the first trip, and on the return trip the light fades, with differences at dusk, and later a pitch black road where the player is guided only with headlights

mschaef 2 days ago 0 replies      
Here's a great piece on how E.T. can be fixed with a few relatively minor changes:


As much grief as Warshaw has gotten for E.T., it really is an amazing accomplishment that he put it together in five weeks. (This is particularly true, considering the extreme resource impoverishment of the 2600 platform.)

gillianseed 2 days ago 0 replies      
Of course this game did not lead to the 'videogame crash' of 83, other videogame areas like the arcades was doing just fine, and home computers as well.

The problem was that the console games of the time were incredibly poor in graphics/sound, and typically also in game play.

Consumers wanted better games than what the console hardware at the time could produce, once something came along which was a technical leap compared to the Atari, Coleco etc, it did fantastically well, this was the NES.

krylon 2 days ago 0 replies      
I only recently watched the episode of Code Monkeys that tells this story. I did not know this was based on a true story. (I would not have suspected that a company would only assign a single programmer to such a big title, and on such a crazy schedule. Although, now that I think of it, I guess game industry veterans can tell lots and lots of these stories...)
JacobAldridge 2 days ago 1 reply      
To be described as 'the worst' in any genre on an international site does, of course, warrant a degree of scale that separates you from those who are, really, probably no better than you.

The worst movie ever made probably doesn't have enough Rotten Tomato or IMDB reviews to be considered. I was once told I had hosted the "worst program on television"[1], but being community tv there were probably 100 people watching each week and as far as I know no extant copy has survived - we'll never appear on a "worst TV shows of all time" list.

So almost by definition on a site like BBC.com, 'the worst video game in history' means 'which also sold tens of thousands of copies [2]', which is a measure of success and recognition most genuine failures won't achieve.

[1] Someone actually called the station and left a voicemail to that effect. I took it as a compliment - it meant he'd watched the whole show, because nobody calls to complain if they just changed the channel.[2] Or, in ET's case, 1.5 million.

nkozyra 2 days ago 0 replies      
The narrative has always been about hubris, to some degree, but shifting the blame to E.T. was always a distraction from some of the bigger lessons.

Atari had reached a point where it thought it could print money in perpetuity regardless of what it did. And that was true for a while. But you can't screw customers over forever. Eventually they bail, and that's what the big "video game collapse" was all about. Poor quality products being pushed at absurd prices. The lesson here is for startups with lock-in or few competitors: it doesn't take much to have it all fall apart. Make the best product you can.

I mostly marvel at the fact that this was done in 5 weeks. That's absurd. And while it was, objectively, a "bad" video game, there were far worse. They just weren't as high-profile. The second lesson is for developers: always appreciate the fact that you live in a world where patches, releases, and iterative development allow you to retroactively fix the things you had to do in a hurry.

alecsmart1 1 day ago 1 reply      
There is a very nice documentary if anyone wants to hear from the actual game developer - http://m.imdb.com/title/tt3715406/

It's on Netflix as well.

harel 2 days ago 0 replies      
To be fair, people have made worst games in recent times. The fact we are hanging on to ET as The Worst of all, is a bit unjust. If someone can screw up a game with today's technology they deserve the title even more than a game created in 5 weeks on very limited tech.
tomphoolery 2 days ago 0 replies      
I remember learning about this game on a G4 special, and seeing Warshaw's spots talking about how it was made. I wasn't alive when this game was released, but it seems to be very frustrating to play. But hey, that's what you get on the first try when you rush things (coughJavaScriptcough). I'm glad to see someone's "fixed" it just to see what it would have been like had Warshaw been able to get the time needed to really complete the project. It looked like a great idea, just a terrible execution.
chvid 2 days ago 1 reply      
Some amazing takeaways from the article:

- 5 weeks development time, one person.

- 5 mio 1980-USD marketing budget.

- 4 mio units produced

- 1.5 mio units sold

The units probably listed at 15-20 USD (corresponding to 50-60 USD at today's prices) and cost around 5-6 USD to produce.

Amazing facts if you have any idea on how the game industry work today.

In particular the little resources spent at development stands out. Showing that video game development back then probably was more akin to making a board game or a toy than the huge software development projects it is today.

rplnt 2 days ago 0 replies      
This is a great video review of the game https://www.youtube.com/watch?v=2DTjLG3usQo if you want skip the intro the actual gameplay starts at around 2:00
dsmithatx 2 days ago 0 replies      
I was 8 years old when the game out and I actually enjoyed the game, bugs and all.
danatkinson 2 days ago 0 replies      
I can't imagine any sane person actually blames him for his work and not the company that decides to put one developer in charge of writing such an important game in such a short space of time.
kintamanimatt 2 days ago 10 replies      
> "It's awesome to be credited with single-handedly bringing down a billion-dollar industry with eight kilobytes of code. But the truth is a little more complex."

Eight kilobytes?! How do you build anything meaningful, especially a game, with just eight kilobytes?

linagee 2 days ago 0 replies      
ET from Atari had a better cover than game. (But that was actually true with most games from the era. Just double true with this "game".)
jmadsen 2 days ago 0 replies      
I didn't remember people still being that hairy in '82. I thought we were mostly cleaning up by then, unless you were in a band.
rangibaby 2 days ago 0 replies      
I would like to read the story of "Big Rigs"!
nielsencfm123 2 days ago 1 reply      
So Atari spent $21,000,000 to buy the rights and $5,000,000 on marketing but having more than 1 developer on the project was too much...
jvoorhis 2 days ago 0 replies      
Gotta say, ET was not all that bad. But my expectations were low after playing too much Big Bird's Egg Catch.
rado 2 days ago 0 replies      
Anyone else remember the "E.T. Comes Back" text/graphic adventure for Apple II?
JoeAltmaier 2 days ago 0 replies      
Well, the tale grew in the telling. Howard used to say that nobody else would take the project because the deadline was so short. He thought it was worth a try. Now the story is, he was hand-picked by Spielberg. Ok, Howard.
unsupak 2 days ago 0 replies      
I used to like this game.
dudul 1 day ago 0 replies      
The guy single-handily coded, in 5 weeks, a video game that sold 1.5 million copies! I'd like to be responsible for this kind of screw up any day :)

Granted that the sales were probably mostly due to intense marketing and ad campaign.

grillvogel 1 day ago 0 replies      
that is not Beat Takeshi
ai_maker 2 days ago 0 replies      
cjslep 2 days ago 1 reply      
Here I thought I Wanna Be The Guy was the worst video game.
nickpsecurity 2 days ago 2 replies      
No, the man who made the worst video game in history was Hideo Kojima with Metal Gear Solid 2. Hardcore fans of prior game(s) felt a combination of let down, shock, and anger at the details. Imagine my surprise when I find out it very well could've been an ingenius plot to screw with the players. As others noted, the games overall plot against the protagonist was what he was doing to the players. Start here on a nice analysis here if you're curious why MGS2 had the effects it did:


Paul Graham on Doing Things Right by Accident themacro.com
366 points by runesoerensen  6 days ago   87 comments top 19
aws_ls 14 minutes ago 0 replies      
I guess PG is a genius. I realized a bit painfully, that I may be much mediocre in comparison. I know comparison is wrong/etc. But what the heck?

I also wonder now, that what I think (and say to friends) of as my life style business tech startup, is actually a Zombie? Did we really manage to hit the magic break even (revenue = comfortable salary + expenses). Hmm...But something in me tells me that, there's more to it, as my effort has been ongoing, although its little less than thrice of the time PG spent on Viaweb.

One motivation, which also contributes to make me keep working in it, is my earlier partners, who still have a stake, and they contributed a lot, to this in the early years. Somehow, there's a feeling in me that they should get a good return on that effort. Which also means that my returns will be more, so its not a pure selfless line of thought there.

Just some musings, after reading the very good interview transcript. And just want to assure that there is no irony/sarcasm in my post (I think, it may come across like that in the early part). And also no "sympathy" replies please. As I actually feel quite upbeat about things.

Apologies for being tangential (if I have been), just felt like writing this.

peterclary 6 days ago 3 replies      
Off-topic but: Hooray for transcripts! I can see the benefits of being able to hear the pauses, tone, inflections, etc. but even leaving aside the deaf and hearing-impaired, there are so many advantages to having the text (it's searchable, you can read it while listening to music, it's quicker to read it than to listen to it).
aresant 6 days ago 1 reply      
"Plus, then, I had given this talk about the Harvard Computer Society, and I said, If you want to raise money, raise money from people who made the money doing startups. And then, they can give you advice, too. And I suddenly noticed, they were all looking at me. And I had this horrifying vision of them all e-mailing me their business plans. Which is funny, because thats what YC turned into."

That gave me chills.

The entire startup experience, the essence of being an entrpepreneur for me is in that moment when your brain subconsciously processes all the data around a problem and throws out something obvious and audacious in the same breath. And before you can conciously object BAM you have said it outloud and the adventure begins.

Outdoorsman 6 days ago 2 replies      
>>Paul : It is actually a trick for interviews. If someone asks you a boring question, just answer the interesting one they might have asked, and nobody complains.<<

That's classic...

An example of how to actually live "your" own life in this world...not paying a great deal of attention to uninteresting things that others bring up; rather molding those same things so that they become interesting, and illuminate parts of your life and the lives of others...

In my estimation, my life is what it is--one I'm very happy with--because of my having just that attitude...

And, yes, I totally agree:

>>Paul : When I was a kid at Christmas, the Sears Catalog was your reference work.<<

Terr_ 6 days ago 3 replies      
This reminds me of a bit from "The Dilbert Future" (1997):

> Most people won't admit how they got their current jobs unless you push them up against a built-in wall unit and punch them in the stomach until they spill their drink and start yelling, "I'LL NEVER INVITE YOU TO ONE OF MY PARTIES AGAIN, YOU DRUNKEN FOOL!"

> I think the reason these annoying people won't tell me how they got their jobs is because they are embarrassed to admit luck was involved.

> I can't blame them. Typically the pre-luck part of their careers involved doing something enormously pathetic. Take me, for example. I'm a successful cartoonist and author because I'm a complete failure at being an employee of the local phone company.

pkrumins 6 days ago 5 replies      
That reminds me of this amazing talk called Why Greatness Cannot be Planned:


TLDV: Innovation is not driven by narrowly focused heroic effort. We'd be wiser and the outcomes would be better if instead we whole-heartedly embraced serendipitous discovery and playful creativity. We can potentially achieve more by following a non-objective yet still principled path, after throwing off the shackles of objectives, metrics, and mandated outcomes.

This also matches my experience 100%. All my best discoveries are accidental.

notahacker 6 days ago 1 reply      
Reading about how his original motivations were purely pecuniary, he was keen to sell his company as quickly as possible and his ambition was to go back to essay-writing and hobbyist programming, I can't help thinking young PG probably wouldn't get accepted into YC these days...
bootload 6 days ago 1 reply      
"Early-stage startups are just fast-moving chaos. That is a constant. That was true in Henry Ford's day, it was true when we started YC."

Interesting quote. There must be some organisation to early startups, otherwise they wouldn't work. Is the chaos just a description of what cannot be observed and described?

Fantastic read. Liked the bit about straw-drawing to talk to customers.

S4M 6 days ago 1 reply      
I find interesting the part where PG says that a startup either makes its founders rich either goes down, and basically discards the possibility that it ends up to be just enough to pay its founders a good salary. I think it can be a pretty nice outcome but then again YC must select founders who are very ambitious.
EGreg 5 days ago 0 replies      
e-commerce was not my lifes work. I didnt actually want to spend my life working on this. I did it to get money and make that money.

Aaron : Yeah. This is such an interesting thing because its so opposite from what you tell people a lot of the time, what YC tells people, certainly, of Dont do things just because theres a business there, right?

This is it, right here. If you want to know what most successful businesspeople have in common - not the unicorns - it's that they were prepared to sell their first venture and/or give away a lot of equity to the right people to make it work. Once they have the money, comnections and track record, they can have much more control in their next company.

We went a completely different route. We've tried to change the world... :)

alanwatts 6 days ago 0 replies      
"Superior work has the quality of an accident"

-Alan Watts, The Way of Zen

Kenji 6 days ago 3 replies      
I can't believe one of the founders was doing this alongside grad school and PG was like yeah you know, you have a lot of spare time there.

And here I got so much work with full time studying that I can barely finish reading a single book alongside. How can people say university is enjoyable, fun, lots of spare time? For me it's just endless hard work and barely any breaks inbetween.

ArkyBeagle 5 days ago 1 reply      
It's amazing the lengths to which people will go to avoid Windows programming. I know I have :)
z3t4 6 days ago 0 replies      
I love listening to (success) stories. You should make more of those.
lsniddy 5 days ago 0 replies      
luck = opportunity + preparedness
vidoc 6 days ago 3 replies      
Full-of-himself !
JohnD19 6 days ago 3 replies      
I stopped reading this "treatise" when in the first paragraph Aaron spoke highly of the war criminal Donald Rumsfeld.
darshanp 5 days ago 0 replies      
One of the best things I've read in a long time. Paul Graham is God!
Atlas, the Next Generation [video] youtube.com
392 points by bpierre  15 hours ago   132 comments top 34
Nican 9 hours ago 0 replies      
If people are interested in looking at more cool content on the subject, I recommend you looking at:

- http://drc.mit.edu/technology/

- http://www.cs.cmu.edu/~cga/drc/

- https://github.com/RobotLocomotion/drake/wiki

- http://robots.ihmc.us/humanoid-control-workshop/videos

I attended WPI during 2013-2014, and worked with Atlas. I am very excited and impressed by Boston Dynamics. (And hopefully start working on the field again.)

redcodenl 6 hours ago 5 replies      
Watching the video, the only thing I see is robot abuse. #freeatlas!


wfunction 5 hours ago 1 reply      
Can someone explain what would be the single greatest challenge (from a research perspective) in making such a robot today? For example, is it:

1. The sensors?

2. The actuators?

3. Coming up with accurate dynamical models?

4. Solving the models accurately?

5. Solving the models efficiently?

6. Making the models robust to inaccuracy/noise?

Yes, I realize all of these are probably hard. What I'm trying to understand is whether the biggest challenge is coming up with e.g. an accurate (possibly nonlinear) dynamical model, or with solving the model (efficiency/accuracy), or with making existing models that are otherwise already completely accurate robust to outside noise, or with the manufacturing aspect (precision), or whatever.

irrlichthn 12 hours ago 9 replies      
Watching that, especially that part starting at 1:23 makes you realize quickly that in about 10 years, 95% of all jobs can be replaced by machines. Scary and interesting at the same time.
eatfish 9 hours ago 2 replies      
When the robots become self aware that guy from 1:25 has it coming.
otoburb 11 hours ago 1 reply      
I half expected the video camera to turn around and show the audience that all of the footage was shot by an Atlas model. Maybe that could be a stretch goal for the next generation after Atlas.
karmicthreat 12 hours ago 6 replies      
It has a great kinematic system. But with all those QR codes scattered around it obviously has little knowledge of its environment. I think this understanding and planning is going to be the big hurdle for Atlas style robots rather than just walking around.

Just look at the number of types of door out there and what it would take for a robot to figure out how to navigate it without having encountered the exact door before. Its going to need to figure out that it is a door. Experiment to find the unlatching mechanism. Figure out if the door swings or slides and in what direction. Then open it without hitting its self and finally make its way through. Then exporting the training data so other robots can learn it as well.

mrfusion 13 hours ago 3 replies      
Does anyone known if it's walking using zero moment point like asimo? I thought they were beyond that?

It doesn't seem to have a very natural gait. Very uncanny valley.


wgx 4 hours ago 2 replies      
I found it interesting how lots of the top comments on YouTube (ie: a wider generalist audience) were concerned about robot abuse and the robot uprising. We may scoff, but it's a real concern of lay people.
mangeletti 1 hour ago 0 replies      
As I've watched these videos over the years, it's been impossible, especially now, for me to not see how these and other such robots will replace and eventually extinct all humans.

In theory, a family of 4 humans could run a global economy run by robots and no humans. That's a sort of ridiculous, maximal state, but what makes any of us think that, given a continuum from the current state to that maximal state, we won't be somewhere closer to that state in 30 years, especially when considering the unreasonably effectiveness of rent seeking on technology-driven monopolies (e.g., Amazon)?

NeutronBoy 14 hours ago 0 replies      
That is super impressive. The video of the robot walking around in the snow, and multiple times almost falling over but righting itself, exactly how a human would...
dluan 14 hours ago 4 replies      
Why do they always gotta smack around the robots like that :(
geerlingguy 1 hour ago 0 replies      
Does anyone else start to think of Blinky[1] when the guy starts pushing around the robot?

[1] http://youtu.be/P0lKDy6E918

kriro 9 hours ago 0 replies      
Pretty impressive. Seems like a non-stiff torso could help a bit. I'm sure they are investigating that option/have tried it.

Hockey stick guy genuinely made me laugh. They should call this the hockey stick test (once again very impressive).

Not sure what impresses me more overall the walking on non trivial terrain in the beginning or the adaption to the "hockey attack". The video certainly makes me want to work in robotics. Haas Bioroid is here ;)

danbmil99 10 hours ago 1 reply      
Note the quiet compared to Big Dog... you can hear birds sing in the background. That's a big deal. Their 4-legged pack mule for DoD was killed partly due to noise.

Enjoy the silence..?

HeyShayBY 7 hours ago 2 replies      
Anyone read "The Industries of the Future" by Alec Ross?He talks about the technologies of the future, the technologies who will become an integral part of our lives in the next 20 years.

The first episode in the book is about robotics.I really urge everyone to read that book.

This Boston Dynamics video gives me serious Terminator vibes.In reality, from an Economics stand point, I'm really curious and afraid to discover how will this affect the lives of millions and millions of workers world-wide who will lose their jobs to Robot.How can they stand at the right side of a technology revolution they know nothing about?

What do you think?

visarga 8 hours ago 0 replies      
They don't seem to be using end-to-end deep reinforcement learning. I think the robot movements will become smooth and organic once they replace the current specialized approach with more general algorithms.

Robotics is a core application of reinforcement learning as it deals with an embedded agent in a feedback look with the exterior. That's why DeepBrain chose games to test their algorithm, because in a game the player is embedded in an artificial world which is much easier to use in the trial and error learning phase. Logically, after mastering Atari games, at some point they should focus on robots that function in the real world. It helps that Deep Brain and Boston Dynamics are owned by the same company.

dogma1138 5 hours ago 0 replies      
On thing you can already bet on is that in 20 years that guy is going to wake up in the middle of the night to find a T1000 with a hockey stick in it's hands and a grin on it's facial expression monitor pointing at a box and say "would you kindly; pick it up?". Later his tomb stone will say "Don't be a dick to robots".
unixhero 5 hours ago 0 replies      
As a futurologist I don't like this one bit. Seriously, I feel like this company will destroy us all.
citizensixteen 5 hours ago 0 replies      
Player Piano, the first novel of Kurt Vonnegut, was published in 1952. It depicts a dystopia of automation, describing the deterioration it can cause to quality of life. The story takes place in a near-future society that is almost totally mechanized, eliminating the need for human laborers. This widespread mechanization creates conflict between the wealthy upper classthe engineers and managers who keep society runningand the lower class, whose skills and purpose in society have been replaced by machines. The book uses irony and sentimentality, which were to become hallmarks developed further in Vonnegut's later works.


bliti 4 hours ago 0 replies      
Impressive. They seem to have reduced how much noise it makes during normal operation. Does anybody know how long will the battery last on the current version?
sunseb 5 hours ago 0 replies      
It's not the Terminator T-800 yet, still it's impressing. :-)))
GolDDranks 3 hours ago 0 replies      
#robotsarepeopletoo #botrights
jordanthoms 14 hours ago 0 replies      
Very awesome, each generation is just so much better.

I wish they had shown it climbing those stairs though! :)

stephengillie 9 hours ago 0 replies      
For those not wanting to watch a video, Atlas appears to be a humanoid robot: http://www.engadget.com/2016/02/23/boston-dynamics-presents-...
macarthy12 13 hours ago 0 replies      
What percentage of the body weight is batteries? HOw long can it operate ?
julbaxter 4 hours ago 0 replies      
Does someone know if they are using ROS?
diskcat 9 hours ago 0 replies      
It doesn't have the grace of an actual human.

Its solution to any problem seems to be more stomping.

nikolay 8 hours ago 0 replies      
Although a great incremental update, is the new Atlas any better than Asimo?
alinspired 9 hours ago 1 reply      
it can use a shiny Bender skin :) hope some Futurama fans are working there
chetangole 9 hours ago 0 replies      
that's terrifying!
Scottli 8 hours ago 0 replies      
and then they will put a weapon on it
Happpy 5 hours ago 0 replies      
Poor robot, #abusedinboston
shostack 10 hours ago 0 replies      
Am I the only one that saw this and got excited thinking it was a video of FB's new ad platform?
Google Cloud Vision API enters Beta googlecloudplatform.blogspot.com
350 points by axelfontaine  5 days ago   105 comments top 26
abtinf 5 days ago 2 replies      
Disclosure: I am an evangelist for the Watson Developer Cloud suite of services at IBM.

The new wave of vision services are amazing. There are a lot of players in this field, including IBM Watson, which has a suite of vision APIs available with similar features.

One key differentiator of the Watson offering is that we have a trainable API called Visual Recognition [2]. The pre-trained APIs are excellent and have broad uses, but it's amazing to see the results from even basic training to identify image tags directly relevant to your use case. There is a demo [3] that allows you to try it out by creating a new classifier right in the web page.

You can find some demos at:

http://vision.alchemy.ai/#demo - example images that demonstrate facial detection and identification, label extraction, object identification, and so on.

Another demo at http://visual-insights-demo.mybluemix.net/ uses the Visual Insights [1] API to identify a set of relevant tags.

[1]: https://www.ibm.com/smarterplanet/us/en/ibmwatson/developerc...

[2]: https://www.ibm.com/smarterplanet/us/en/ibmwatson/developerc...

[3]: https://visual-recognition-demo.mybluemix.net/

tegansnyder 5 days ago 3 replies      
I've been using this since the private beta to enrich my eCommerce crawlers with product identifiers not found on the content of an eCommerce product page, but found in the product image itself. Imagine a part number or UPC displayed on a product box, but nowhere in the HTML content of the product page. Using the Google CV OCR feature I can extract meaningful product data from an image to compliment my existing crawl data. It works great.
jfoster 5 days ago 15 replies      
I feel like this is some really compelling tech. It would be so amazing to build stuff with this in mind. I wouldn't be comfortable doing it, though. This sort of API is available only until Google decide that they don't want it to be available. There's not really anything close to equivalent that you could drop in to replace it if it were being shut down, the price were being hiked, or you had some sort of other issue with it.

I'm not trying to pick on Google for shutting things down; I would feel similarly if this API were from Microsoft or Facebook. It's not the first time there's been an API that I think is really cool, but was very apprehensive about actually using for anything serious.

netinstructions 5 days ago 3 replies      
I was looking into label detection APIs (and Google's offerings as well) for a silly game/website I was thinking of writing, but $5 per 1000 images is way too steep, especially if each user is submitting 1-5 images per interaction with the website. The $2 per 1000 images price they mention on the blog post is only if you're doing 5+ million images a month.

I played with IBM Watson visual recognition API and it didn't look like it did what I needed it to (recognize a hand drawn image of a cat for example -- it just kept labeling it only as a 'cartoon').

Bummer. At least the first 1000 images are free so I can prototype it out of curiosity.

chippy 5 days ago 2 replies      
I couldn't find a specific legal SLA for this new service. Does anyone know if:

1) by using the service you grant Google use of the uploaded images. (e.g. they can use your image to increase their corpus, improve the service or use it for advertising, or use it to extract street numbers for their maps, or its always private and never stored)

2) What the resulting copyright is of the returned data. If you were to build a database based on the results, what license or copyright status this would be. Would all rights belong to me, or would Google claim rights over the results.

ig1 5 days ago 1 reply      
If the OCR is good then they're totally burying the lede, it's pricing is 100x cheaper than commercial OCR APIs.

It's potentially a game changer, plenty of industries have piles of scanned documents. Cheap OCR means this data suddenly becomes accessible even if the value per individual document is low (i.e. for input into machine learning).

jfoster 5 days ago 4 replies      
I don't know for certain, but I suspect that Google utilized images from the web in training this system. Even if they didn't, suppose they had. I think this can raise an interesting question around copyright.

In training an AI system with hundreds/thousands of bits of data, no single piece of training data makes much of a difference. If one of my images on the web that I had captioned with the keyword 'dog' was used to train this system about what a dog looks like, is the model they end up with a derivative work of my captioned image? Yes, but my data would make up an infinitesimally small part of that model. Yet, in aggregate, the trained model might almost wholly rely on lots of copyrighted, rights-reserved images.

Would the resulting model be a copyright infringement? It would seem as though no rights owner would have a substantial enough claim. Yet, without all of the copyrighted works, perhaps the model would be ineffective.

stevesearer 5 days ago 1 reply      
I would definitely pay for a WordPress plugin that uses this as I manually tag photos on my site with a lot of standard things this could probably just knock out in a flash.
jrnkntl 5 days ago 2 replies      
Just tried a couple of images with digits to test out the OCR w/ the TEXT_DETECTION setting, unfortunately it assumes what it reads is a defined language with words. I am looking into using this for digit-recognition and only digits, but that doesn't seem to be a use case (as it is now). Does anybody know of another service/API that can do reliable digits-only OCR on (not the finest clear quality) images?
swampthinker 5 days ago 0 replies      

While this technology is fascinating, I can't help but feel a little unsettled reading that.

mayank 5 days ago 0 replies      
Interesting that this is released in source closed, API-only form, rather than the open-code model taken by TensorFlow. I wonder how far you could approximate the model by training a learner on the API responses.
Jabbles 5 days ago 2 replies      
Is the best way of sending an image still base64 encoding it in JSON?
dzhiurgis 5 days ago 1 reply      
Is there any website where can I just upload a pic and see how it works without trying to figure out how to access their API?
miltonmoura 5 days ago 1 reply      
This is great news. I have been working on a Swift framework for using this API in OSX and iOS (https://github.com/mgcm/CloudVisionKit) and I was wondering when it (the API) would become available for public use.
misiti3780 5 days ago 0 replies      
When I hit "go to api console" i get the following: https://www.dropbox.com/s/xsysabgywa4t5mm/Screenshot%202016-...
dk8996 5 days ago 0 replies      
At Cortex (http://www.meetcortex.com/) we are using this and technology like it to help brands be smarter about marketing content on social media. Really cool stuff.
ahamino 5 days ago 0 replies      
Affectiva offers SDKs for facial expression and emotion analysis from images that work in realtime and offline without having to send images to the cloud.


disclamer: I work for them.

SuperPaintMan 5 days ago 0 replies      
There is mention of GCV being able to calculate various image properties (dominant colour, being the example) yet there is no reference to what it actually returns in the API docs.

Can someone who has this active shed some light?

kevando 5 days ago 0 replies      
Google is scary good at releasing scary technology in a friendly box.
kauegimenes 5 days ago 1 reply      
Anyone tried using the API to solve captchas?
chenster 5 days ago 0 replies      
Would it be possible to do product recognition such as brand and model from images without label?
afro88 5 days ago 2 replies      
Does something like this exist for sound? Any open source projects worth looking at?
piyushmakhija 5 days ago 0 replies      
Can we find the dimensions of things in a photo using this api?
misiti3780 5 days ago 0 replies      
Am I the only one that signed up but cant have access to it ?
nchiring 5 days ago 0 replies      
High price. May be suitable for MVP.
alwaysdoit 5 days ago 0 replies      

Errata: I'll need a research team and a year and a half.

       cached 24 February 2016 16:11:01 GMT