hacker news with inline top comments    .. more ..    16 Apr 2016 Best
home   ask   best   3 years ago   
Visual Studio Code 1.0 visualstudio.com
949 points by lukehoban  1 day ago   458 comments top 78
neves 1 day ago 12 replies      
VSCode knockouts Atom in a dispute for becoming a developer editor in a corporate computer.

Sure, you all have root password in your computer. Unfortunately, I belong to a lower race: the corporate developer. I work in a Windows 7 machine, don't have root password and there's a big wall called proxy around me.

I didn't know about VSCode before this HN post, but I was trying to use a new editor instead of Notepad++. In my 5 minutes comparison match between Atom and VSCode, Atom was knocked out in the first minute. To quickly test a new general code editor I just want 3 "simple" things: column selection, regexp search and replace, and a python mode.

Atom: got the regex, must install a column mode extension, need to install a ntlm proxy authentication downloaded from (argh!) Sourceforge, configured it after some google searches, failed to install the extension because it needs a compiler. Ops, just spent 30 min for my 5 min test. Can't spend more time playing with a code editor, must go back to work.

VSCode: Download the portable version https://code.visualstudio.com/docs?dv=winzip and unpack it. Just works.

You've got a new fan VSCode!

thewhitetulip 1 day ago 18 replies      
VSCode has done the thing that nobody expected MS to do, change the way code was written on Unix/Linux.

I love linux/unix, but the problem always was with the lack of an awesome text editor cum IDE, yep there is eclipse but it is too clunky, I do not like sublime as it isn't FOSS (call me crazy), gedit took way too much memory, geany is fast and mean but the UI sucks plus functionality isn't that great.

Enter VSCode, code writing feels amazing again, not the functional part, but the actual manual part.

I do not like vi because I primarily was learning web dev and I didn't really get my head around using vi effectively and still learn the web dev, so I am not a emacs/vi superstar as I have heard that both of them are fine text editors.

but for the people like me who don't or can't use terminal based editors, VSCode is quite literally the best.

The new Che project of Eclipse does seem promising, but the last time I tried installing it, it took around an hour, consumed GBs of my bandwidth and still nothing.

I am still Waiting for the day I'll be able to program in its entirety on my android device.

I used Atom but it is too slow, it is surprising that VScode and atom share the same ancestor but one is blazingly fast and Atom is so damn slow.

Edit: yep vscode didn't transform coding on unix, it merely changed it to some extent, and why the downvoting? point out where I am wrong, I'll get to learn!

russell_h 1 day ago 1 reply      
I switched from Atom to VSCode for Go development on OSX a few weeks ago while Atom's Go plugin was going through a rough few days, and haven't been able to go back.

The patterns of use take a little getting used to coming from Atom or Sublime, but VSCode gives me real static-language IDE features that "just work" simply by installing the Go plugin. Comparable functionality in Atom requires multiple plugins and I never managed to make a few of them work at all. The control+tab file switching quickly became second nature.

I never had the performance issues some people have with Atom (on a 5 year old laptop), but VSCode feels a little quicker at some things. Nothing to write home about.

I love Atom's direction (plugability, a well-cultivated ecosystem, discoverable configuration), but for sheer usability I'm sticking with VSCode for now.

evmar 1 day ago 2 replies      
I'm your standard unix greybeard, the sort that uses org-mode to outline-structure their emacs config (that's actually what I do, not even a hypothetical), so I approached VSCode with skepticism.

I have actually been really impressed. It's fast and responsive, even on Linux, and the TypeScript tooling is fantastic. I think with a bit more UI work (like vi keybindings) it could potentially become my preferred editor.

oblio 1 day ago 1 reply      
Visual Studio Code could serve as a solid base for VS.NextGen. Following previously unheard-of paradigms (Unix) for Microsoft, Visual Studio could actually become modular, with each component becoming useful on its own.

Visual Studio Code would be the editor, Omnisharp the Intellisense platform, I think they were also developing some sort of common debugging interface, etc.

It would be a lot nicer than the current Visual Studio setup, where the installation drags in 6GB of cruft.

Of course, this would involve an internal power struggle between Visual Studio Code and Visual Studio proper, and I hope VS Code wins :)

atonse 1 day ago 3 replies      
I absolutely love how VS Code generally feels more native, performant, and polished than Atom, but lack of a good VIM mode is keeping me away right now. Hopefully the author of VIM Mode in Atom, makes a VS Code plugin.
agentgt 1 day ago 4 replies      
Does anybody else use several editors all the time? I use Emacs, Vim, Eclipse, Atom, and Intellij. I don't stick to one.

I wish I could stick to one editor but there is always some editor that does a way better job at a particular task. Each editor has its killer feature. I have tried turning emulation of emacs/vim on many editors to provide consistency and its never been really good. Thus I have several "default" keybindings in my head.

Because of this I try not to rely on too much magic or customization that any editor provides and instead write lots of shell scripts (Bash, Groovy and Python) to do code generation and to find things.

But I'm always wondering ... could I be more efficient by sticking to one.

VSCode will probably just become another editor I have lying around. Probably for Typescript.

andwaal 1 day ago 1 reply      
One of the things people does not seem to mention is the great debugging support you have in VSCode. The possibility to easy setup debugging with support for breakpoint, step through, inspection and so on.For react-native VSCode is the only IDE I have found which enables this. Previously one had to open Chrome and debug your apps from there, to have it inside the IDE makes it so more convenient. The same goes for Node(which you also can do in Webstorm, but not free and open source) and as far as I can tell the only IDE you debug Go probably. As an developer preferring solid IDE`s like VS and Eclipse with full debugging support it always feels like a step backwards when working with an language where this does not exists.
bbcbasic 1 day ago 1 reply      
What's with the license I have to agree? e.g.

5. SCOPE OF LICENSE. The software is licensed, not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not* work around any technical limitations in the software;* reverse engineer, decompile or disassemble the software, or otherwise attempt to derive the source code for the software except, and solely to the extent: (i) permitted by applicable law, despite this limitation; or (ii) required to debug changes to any libraries licensed under the GNU Lesser General Public License which are included with and linked to by the software;* remove, minimize, block or modify any notices of Microsoft or its suppliers in the software;* use the software in any way that is against the law; or* share, publish, or lend the software, or provide the software as a hosted solution for others to use, or transfer the software or this agreement to any third party



So with the msi installer a different license?

nickjj 1 day ago 1 reply      
I tried VSCode for the last couple of months and it didn't sell me.

It's noticeably slower than Sublime on a good workstation and it has a bunch of very minor annoyances that Sublime simply doesn't have.

When you encounter these annoyances dozens of times a day, it really turns you off from using it because a good editor should make you happy, not infuriate you.

For example, the way VSCode deals with multiple buffers and the sidebar is really poor. It tries to be cute and keep the sidebar's state in each buffer, but it's done really poorly and constantly disrupts you.

recursive 1 day ago 4 replies      
> Can we build a code editor fast enough that it doesnt feel like youre typing in a browser?

Is this a jab at Atom? I like this.

simple10 1 day ago 0 replies      
It's interesting to see how VS Code / Monaco deals with long lines like hex data without slowing down. It kinda cheats by wrapping the line even when not in line wrap mode. There's a setting editor.wrappingColumn that controls the wrap length.

However, even after setting wrappingColumn to an arbitrarily large number, VS Code greatly outperforms Atom. The click accuracy within a long line is off by several characters in my quick test, but good enough.

I was never comfortable using Atom because it would grind to a halt whenever I accidentally opened any files with long lines. VS Code just may be the first MS product that I'll use on my Mac on a daily basis. Looking forward to testing it out on a couple projects.

Corrado 1 day ago 0 replies      
For some reason I can't stand the fact that VS Code drops .vscode files all over my directories. I feel like I'm working with CVS again. I haven't played with it much and not at all lately, but the last time I tried editing anything in VS Code it generated these hidden files all over the place and drop me up a wall. That may be configurable and it may have changed with 1.0, I'm not sure.

It's also, just very slightly, too slow. By too slow I mean that everything I do just lags a tiny bit; I can type characters faster than it can put them on the screen, clicking in the file browser is not instantaneous, etc. It's a small thing but it really bugs me. I guess I'm just spoiled by ST3. :/

chucksmash 1 day ago 1 reply      
The two highest rated comments in this thread make the little vein in my forehead pop out.

Microsoft is doing some very cool stuff these days so props to them. "VSCode has done the thing that nobody expected MS to do, change the way code was written in Unix/Linux" though? I believe the term irrational exuberance applies. Let's not get carried away here.

yisheng 1 day ago 9 replies      
Are there any emacs/vim users here who moved to GUI editors like atom or VS code?

I would like to know what potential gains could come from using a GUI text editor.

fibo 1 day ago 0 replies      
Great story from Microsoft. Personally I use [neo]vim but I often recommend Visual Studio Code to my non programmer collegues. I think it is really user friendly.
deprave 1 day ago 0 replies      
One thing I've gotten used to and find missing in VSCode (and Atom) is auto-saving of untitled/unsaved buffers to temporary storage.

When I have an idea or want to use a new editor tab as scratch space, it's really important to me that whatever I put there isn't lost if I exit the editor. When I close the tab, sure, ask me if I want to save it somewhere. But when I close the editor itself, I want it to reopen and restore everything exactly as I left it.

The last thing I want to deal with is coming up with a path and filename when the editor can easily create a temporary file and map some unique id to it for later use until I tell it explicitly to save or discard it.

beefsack 1 day ago 1 reply      
I'm a long time Linux guy and absolutely hate Visual Studio, it's just clunky and unusable as Eclipse.

This post prompted me to try VS Code and I must say, I'm really impressed. There are still a few rough edges but I do understand it's still young.

As soon as the Vim extension becomes usable I'll be on board I think; things like visual selection don't appear to work correctly at the moment.

forgotmypassw 1 day ago 0 replies      
I'm quite surprised by how much smoother VSCode is than Atom despite being built upon the same platform, I just wish it had tabs and split tab groups, then I could give it a go for a full day and decide whether I like it or not.
sntran 1 day ago 4 replies      
As much as I love trying VSCode, the lacking of tabs prevents me from keeping it open longer than 1 minute. I'm just not used to not having tabs.
krat0sprakhar 1 day ago 1 reply      
I've been writing OCaml for a while and seeing that VSCode has a pretty sweet integration for F# gets me quite excited. Is there anyone here who's running F# on Linux / OSX and can share their thoughts?
frik 1 day ago 4 replies      
Does VSCode 1.0 still come with the tracking and analytics (phone home stuff) that cannot be turned off?
kensai 1 day ago 0 replies      
Visual Studio Code has been a very pleasant surprise indeed. Fast and simple. Not everyone needs a powerful IDE, especially when learning.

I have been using it a lot lately to write snippets of code in C or HTML.

thom 1 day ago 0 replies      
It certainly looks from the extension API docs that this is a thing the world needs - a modern GUI shell that allows arbitrarily complex extensions to be written in a language people seem to like. Having looked around the docs as a very heavy emacs user, I am not totally discouraged - every keypress seems to point at a command, and if everything is rendered as HTML, I assume it is effectively infinitely customizable (would love to hear opinions from experienced extension authors). If, on top of that, it solves a lot of emacs' foibles, like threading issues, performance edge-cases etc, then I plan to keep an eye on it.

That said, the available extensions seem pretty bare. I don't see many mentions of REPL interaction, and there are no extensions for many languages. I'm glad it's getting attention, but I suspect it'll take a decade of loving care to bring up to the level of most people's emacs configuration. I see no reason that couldn't happen more quickly, though.

zokier 1 day ago 2 replies      
Interesting that they decided to release 1.0 before sorting out the coreclr/dotnet story. My understanding is that Mono is still the best way to write C# with VSCode, even on Windows.
tzaman 1 day ago 1 reply      
I guess it's not Textmate VS Sublime Text anymore. It's VS Code versus Atom. While it's always good to have some competition, I also hate it to see awesome features present in one, but not the other. Well, if I'd have to pick one (and actually the only one that kept me with Sublime for this long), it would be speed.
sunnyps 1 day ago 0 replies      
I would really like to use VS Code as my primary editor but it has some issues that need to be fixed first, most importantly how slow the go to file functionality is. I work on a project (Chromium) that has tens of thousands of source files and while Sublime Text can handle that without issues, VS Code can't.

I would also like to see the C++ intellisense plugin that's under development improved further. I've found it to be a lot slower than QtCreator at indexing symbols.

GordonS 1 day ago 0 replies      
Maximum file size of 50MB[1] is going to prevent me from replacing Notepad2 as my general purpose editor :(

[1] https://github.com/Microsoft/vscode/blob/5b9ec15ce526decc5dd...

timeu 1 day ago 0 replies      
I have an IntelliJ Ultimate license and although it's really powerful and great, for small things (JS, Python, etc) I mostly use VSCode. So far I am really happy with it.
johne20 1 day ago 0 replies      
Anyone know how to "fix" the issue where I paste in a block of html and it doesn't line up and indent properly? This works as I would expect in Sublime.
spriggan3 1 day ago 1 reply      
I use it for Typescript development exclusively. Obviously it works quite well.
bsharitt 1 day ago 1 reply      
I'm a long time vim user who's switched mostly to Atom(at least for bigger projects, vim is still my "quick fix" editor). Last time I tried VS Code(6ish months ago?), I liked it all right, but stuck with Atom because at the time the availability of vim like bindings was weak and ruby support was lacking.
wildpeaks 1 day ago 2 replies      
The one thing that prevented me from switching to VSCode last time I tried it was the lack of projects management (e.g. a project remembers what files were open, what folders are associated with it, and you can quickly switch between projects, like the CTRL+ALT+P list in Sublime Text).

Is there such a feature now?

jagermo 1 day ago 0 replies      
EDIT: Ok, forget it, I just have to press Tab twice.I thought it was strange that they launched an editor without that feature.

Original Post:

I like working with VS Code, although I'm just starting out.

But one thing bugs me: Is there a way to get VS Code to automatically complete the tags and add the closing tags?

I know about intellisense, but I fail to activate something like autocomplete. I know about Intellisense, but I'd like something that, for example, just fills in <div></div> when I am writing <di + ENTER.

I know some other editors have that feature and I know it got disabled in VS Code because of problems - can anyone elaborate and explain why?

wmccullough 1 day ago 0 replies      
Yet again, just like the other Microsoft announcements, this thread is filled with "greybeard" superstition and vitriol.

It's to the point now where the conversations are becoming like this:

"I really like this new tool from Microsoft"

Samples Response:

"But Linux is just as good if you install X, Y, Z and are willing to spend hours learning the intricacies of the kernel"

"Embrace, Extend, Extinguish"

As developers, can we all be happy that Windows users are finally getting a nice range of really wonderful tools to use?

Not everything in computing needs to be a great ideological battle, especially when the majority of us are writing simple line of business apps in our day to day careers.

fcoury 1 day ago 1 reply      
Just piggybacking on this thread to ask if there is a way to configure the editor so it accepts the spread operator? I'm getting errors and my Google Fu is failing me.
avolcano 1 day ago 3 replies      
When I started using TypeScript a couple weeks ago I briefly tried out VS Code, but the VIM plugin was really, really bad (worse than Sublime's was when I used it a few years ago).

Now I'm on Atom, which has the best VIM support I've ever seen (haven't tried evil-mode, though) and seems to support a similar feature set. They felt about the same speed, too, on this 2013 Macbook Air.

Regardless, other than that quirk, I did really like VS Code, and I'm glad there's more competition in the free editor space :)

astannard 1 day ago 0 replies      
I find Visual Studio Code much better with plugins than Atom. Atom died after installing the Nuclide plugin suite and would not work until I uninstalled those plugins. Code on the other hand runs plugins in a separate thread meaning it does not tend to dies so easily. VS Code rocks!
ashwinaj 1 day ago 0 replies      
Parsing/indexing on Ubuntu 14.04 with an NFS mounted drive with a mix of C++, js and python is really slow.


I'm really hoping they look into this. I miss the intellisense from VS ever since I moved full time to Linux development.

annjose 1 day ago 0 replies      
I use VSCode for ReactNative projects and absolutely love its built-in debugging capabilities. With its clean and vivid UI, it makes my code look beautiful.
zdam 1 day ago 0 replies      
Today I used VSCode to write a slack bot in NodeJS.

The editor experience was smooth and fast, with fast intellisense.

I had NodeJS debugging working after 5 minutes reading a VSCode NodeJS page on the VSCode site and clicking a couple of buttons in the editor.

I had a very good initial experience and will use again.

messel 1 day ago 0 replies      
First impressions: felt great, supported a ton of languages, has some very powerful looking debug tools (for nodejs)

Anyone have any luck creating an extension with mac classic? Tried manually adding the theme (following their doc) and no luck. Then created a msft account to try and create a package to install it as an extension and couldn't get past 401 on create-publisher.

Back to sublime for now, but I'll keep an eye on this one.

kennell 1 day ago 1 reply      
Looks like they still haven't integrated the IntelliSense for Python features from the "big" Visual Studio yet. Thats a Bummer.
cdnsteve 1 day ago 0 replies      
Go, Ruby and Python support :)
doodpants 1 day ago 1 reply      
Version 1.0 seems to no longer support syntax highlighting for C# files. Why would they do this? Or am I the only one seeing this?
piyush_soni 1 day ago 0 replies      
Anyone knows how can I install it on Linux (Red Hat) when I don't have admin privileges? Any portable version I can just unzip and use?
0xmohit 1 day ago 2 replies      
dopeboy 1 day ago 1 reply      
I made the switch to linux in 2005. There's always been two tools I've sorely missed since that transition: excel and visual studio. Glad to see the latter finally come.
santaclaus 1 day ago 0 replies      
I'm surprised to see a LaTeX plugin maintained by Microsoft in VS Code. Seems a bit niche for first party support from Microsoft but I'm totes down!
paulfitz 1 day ago 0 replies      
For people like me trying out the .deb on linux: the executable to run is (somewhat cheekily) "code"
thejaredhooper 1 day ago 0 replies      
you still can't split working windows vertically... which will drive me nuts with my vertical monitor!
aksx 1 day ago 0 replies      
I remember them announcing that they'll get rid of the coreclr dependency for debugging C++, does anyone know if that is the case?
eiopa 1 day ago 0 replies      
VSCode is so good.

I do wish it had a global symbol search, similar to Sublime's (cmd+shift+r). It's indispensable for code navigation.

rcheu 1 day ago 0 replies      
Played around a little, definitely feels better than Atom, but lack of good emacs mode will keep me from using it for now.
vbit 1 day ago 1 reply      
Having tried it briefly, looked much better than Atom!

I would use it at work if I could turn off the phone home feature.

jessegreathouse 1 day ago 2 replies      
I can't find the option to open a terminal in the editor. Am I missing something? Needs a terminal pane.
intrasight 1 day ago 0 replies      
Probably a good option for newbies, but anyone that's been coding for any length of time will already have too much muscle memory to warrant a switch. For me it's Emacs for editing and Visual Studio Pro for "project administration" and in the rare situation, interactive debugging. I've not yet made the leap to OmniSharp, but that's what is next.
kahwooi 1 day ago 0 replies      
I use Visual Studio Code writing nodejs application. Love it.
serge2k 1 day ago 0 replies      
Can I just ask why (some) Vim/Emacs fans see the need to shit on everything and act like anyone who doesn't use one of those 2 editors is a moron?
sashmaaan 1 day ago 0 replies      
Is there a way to code and debug VB.Net-Code? Cant find anything about it...
sureshn 1 day ago 0 replies      
For web development, java scripting and rails dev I find Brackets to be the best (http://brackets.io ) , Its super easy to setup and much better than VS Code 1.0
dethswatch 1 day ago 2 replies      
Well we know what happens to vStudio and WPF now, don't we?
ssutch3 1 day ago 1 reply      
Does the mac launcher work if you primarily use python 3 now?
accbcc 1 day ago 0 replies      
why the shortcut(ctrl+',', ctrl+shift+f,...) not work in visual studio code?
itomato 1 day ago 0 replies      
What is a 'Folder' and why do I want one?
Yuioup 1 day ago 1 reply      
Visual Studio Code is my successor to vim.
drudru11 1 day ago 0 replies      
They finally gave column selection. Nice!
bobwaycott 1 day ago 0 replies      
Ah, yes. Yet another thread in which HN devolves into hyper-religious zealots arguing over their favored denomination of code editor being the one true way.
maxxxxx 1 day ago 2 replies      
What's so exciting about this? As far as I can tell it's just a pretty basic editor. Is there anything innovative in it?
ZoeZoeBee 1 day ago 0 replies      
I've played around with VS before but, I'm thinking of switching over to this full time. I've gotten sick of the time wasted on TypeScript Errors in Webstorm, the code Completion and Typings info is ridiculously better than Intellijs offering, which has moved to SAAS :(

Getting used to things, takes a little bit.

bobwaycott 23 hours ago 0 replies      
Typically a SublimeText & Emacs user here. Decided to check VSCode out. Can't ctrl+shift+[a/e] to highlight to beginning/end of line? Bummer. Also, seems utterly unable to find defined symbols within a Python class within an open file--but finds non-class functions and imports as symbols just fine. It's jump-to-def is significantly better than I've seen in ST, and the peek-at-def is pretty nice. I am quite impressed with its speed, especially when near-instantly showing tooltips with the docstring descriptions when hovering over classes/functions.

Overall, fairly impressed with 30 minutes of play.

codecamper 1 day ago 0 replies      
has anyone tried refactoring support? As good as Jetbrains?
PlzSnow 1 day ago 0 replies      
Download page says required MacOS 10.10, but working fine on 10.9 here.
miguelrochefort 1 day ago 2 replies      
I'm a bit confused by people's praise of VS Code. Are people really writing software with anything less featured than that?

As someone who uses Visual Studio for everything, I have a hard time understanding how people can get anything done in Atom/Sublime/Notepad++/etc.

awinter-py 1 day ago 0 replies      
I still have the CD-ROM from visual C++ 6.0, is that better than this? (service pack 1)
zxcvcxz 1 day ago 4 replies      
Still no CLI mode for editing text. Vim has had this for years. How am I supposed to integrate this behemoth into my work flow if I can't even run it in a terminal?

It's just too clunky for my taste.

It's also hilarious that Atom gets shat on for data collection when no one cares that VS does it too. Microsoft can do no wrong, only OSS projects have standards to live up to.

joeld42 1 day ago 3 replies      
Isn't this based on Atom (or at least similar design)? It really makes me sad that people are making editors with so many features and nice things, but ignoring the fundamentals like latency.


I'm eagerly awaiting a mac version of 4coder (http://www.4coder.net/).

earthnail 1 day ago 0 replies      
I think VSCode is amazing - if only I could change the colour of the blue status bar. I find it highly distracting. There's a Github issue about it, with MS saying that they may add more general customisation support in the future, but it doesn't seem like there's a short term solution.

I know it seems like such a minor thing, but I can't have that attention seeker on my screen. Which is a bummer, because I think IntelliSense and its Git integration are clear benefits over Sublime Text. And apart from this issue, I really, really like the UI.

Kite Programming Copilot kite.com
1101 points by wodow  2 days ago   232 comments top 75
dangoor 1 day ago 5 replies      
First of all, this is a cool looking tool. Useful, well-organized, easily-accessed information is always a wonderful thing.

I think a model like Dash would work a lot better: Rather than opting in my code to be sent up to Kite's servers, I opt in to the packages I'm interested in having indexes for. In some cases, as with node, there are ways to see what packages my project depends on and then those bits of indexed data could be sent to me.

My computer has a 512GB SSD. I could devote 10GB to indexes of libraries and my own code without blinking. The argument that it's too much data and therefore belongs in the cloud doesn't seem to hold up.

Also, there are cases where I'm not online... this is one of the great things about Dash. I have fast access to library docs anywhere I happen to be.

falcolas 1 day ago 4 replies      
Privacy question - what will Kite do with the source code stored in its databases when/if Kite shuts down or is acquired? How will you respect the licenses of the files you upload?

(paraphrased) "You trust Github/Slack, why not also trust us?" Perhaps because Github and Slack's monitization models are well known, and Kite's are not.

It's a great concept for a tool, but I could never get it to fly at work. I couldn't even begin to imagine trying to convince a technically savvy cofounder (let alone their lawyer) with "let me use this tool which uploads all of our code to their server."

baby 1 day ago 0 replies      
First, this is amazing. I want.

Second, I do a lot of code readings that include not shareable code, I would imagine a lot of developers from a lot of companies would be in the same position. From https://kite.com/privacy/:

* all the python files in your authorized directories are sent over the network

* everything you type in these files are sent as well

* all the terminal commands you are going to type (ouch ouch)

> Q: How does Kite secure this network traffic?

> A: As you would expect, all traffic goes over https.

Yeah unfortunately that is not enough, a MITM can also use https. How do you authenticate the server? Do you have certificate pinning?

> What information does Kite keep around on its servers?

Pretty much all the info I previously talked about, that you are now worrying about, is kept there, in clear (correct me if I'm wrong).

This is a big no-no at this point.

> Many developers have already chosen to trust their code to services such as Github and Bitbucket

Many developers also do not trust Github/Bitbucket with there code (and they should not) and do not store secrets there. And who would want github to have access all the terminal commands they type? This sounds like a nightmare.

At this point I don't see why anyone would use that, if not in a VM, with extreme care on what commands are typed in the terminal and what code is used with Kite.

Lewisham 1 day ago 5 replies      
I was really excited, then very disappointed to see the code I type is sent to your servers. This immediately prevents it from being used by many businesses, including my employers.

Super bummer :(

Please get the on-prem sorted out pronto!

adamsmith 2 days ago 6 replies      
Hi everyone, we couldn't be more excited to tell you about Kite and get your feedback!

We think connecting programming environments to a smart backend will improve programming in a lot of ways, and this is just the first step. We'd love to hear your thoughts on where we should go from here!

lawl 1 day ago 0 replies      
While I really like the idea, there's a couple of no gos here:

 * Only supports python (as of now, I know you said you'll do others) * No Linux support (yet) * Uploads code to your servers * Wants me to sign up to a crappy newsletter
Really liked all the jokes in the video though. But I'm not convinced (yet), sorry.

And there's the issue that's I'd want to test it before recommending buying it to my employer. But I don't do enterprise Java for fun, so there's completely different languages and libraries between the open source projects where I could upload the code (but don't want to because fuck everything cloud, also I won't pay for it, because I'm not making any money) and the for work projects (where I personally don't give a shit, but all the libraries/frameworks the we/the customer bought are proprietary). And maybe even the customer wouldn't like his code being uploaded somewhere, but they usually don't really care about the code.

bluetidepro 1 day ago 2 replies      
I don't want undermine the value of this product, but this seems like something that I've (and many others) sort of already solved by using products like Dash [1] and Alfred [2] together. You can easily and quickly find all info on docs while working right in Sublime Text, or while also using an IDE to read into functions throughout your project. And maybe I'm missing more what this product does, but that's just what I noticed based on the video.

[1] https://kapeli.com/dash[2] https://www.alfredapp.com/

cdnsteve 1 day ago 1 reply      
So if there was an open source version of this, I'd use it. I would never trust it otherwise. Large corps will never trust it either, IT sec policies would roast you for using this. Instead I see an opportunity for IDE's to step up this space and provide this built in, without copying and keeping your source code.

"What information does Kite keep around on its servers?Usage information about which results you click on in the sidebar.Contents of all Python files in enabled directories."

nodesocket 1 day ago 0 replies      
How does Kite protect against accidental API keys and passwords in source code (copy/paste) being shipped to them?
bbrks 1 day ago 0 replies      
I was about to ask some questions about exactly what gets sent to Kite and what you do with it. Your privacy page[0] answered my thoughts and concerns quite nicely.

[0] https://kite.com/privacy

shade23 1 day ago 0 replies      
While I realise that this could be helpful with editors.I do not see much use with IDEs.and when it comes to languages like Android/iOS/WebApps ?People tend to use IDEs.(I am not making my opinion the general opinion here).And when people google things,Documentations are often the last resort.You tend to google the exception or the specific condition and end up on StackOverflow where some one facing a similar problem solved it by using something which was mentioned somewhere deep in the documentation.Also if documentation and a few examples could work in most real world apps,then we really wouldn't need sites like Stack Overflow.

Simple use case:the `man` and `help` command are useful when you have not been able to solve for your particular use case.Else I would still prefer doing a google search which would tell me how to scp a file with the syntax and placeholders instead of reading the documentation.

The examples would help in this regard.But then again I am not sure how much.Normally documentation list pretty straight forward examples which any editor/IDE with intellisense (even Sublime provides a bit of prediction with plugins) ,should be able to provide.

This also goes against the tendency of comparing.Normally while trying to solve a problem,I tend to open 2~3 similar 'answers' which help me drill down to my particular problem.Whereas here I would be restricted to only a single solution.I love the idea for the technology involved.But I am not completely convinced with the help that it could provide.

_ZeD_ 1 day ago 2 replies      
I was exited until:

 What platforms does Kite run on? For now, Kite only works on OS X, but we'll support Linux and Windows soon, too.
bummer :(

rckrd 1 day ago 0 replies      
This is a great idea. I particularly think the trade-off between a separate tile vs. a traditional overlay is interesting.

While we lose things like auto complete, it might be less intrusive for the times when we don't need help. It will be interesting to see if we see a new generation of smart IDEs.

Cyph0n 1 day ago 1 reply      
This looks really interesting. One question I have is how will you handle hotkeys? If I'm focused in my editor, I don't really want to have to move my mouse to select options suggested by Kite.

Excellent demo. Concise, simple overview of features but with enough little details (loved that rm -rf warning!) to keep me interested, and really well-edited.

fizzbatter 1 day ago 1 reply      
This looks really cool. Bothers me having my code sent over, because i can't use it for a variety of use cases, but for my personal work i may give it a try. I've got two main desires though:

1. In editor pane. I use Vim in a full screen term, and really want want to deal with managing OS windows to allow a Kite window side by side with iTerm2. Perhaps an overlay would be solve this? That way it works for bash/etc?

2. Rust support. I'm learning rust lately, and this sort of tool could really benefit me with a learner-error-prone language like Rust. Based on the signup form though, Rust does not appear available.

eridius 1 day ago 1 reply      
This looks very slick. However, as others have said, uploading all source code to your servers is a pretty serious issue when working on anything other than open source projects.

Also, when asking about editors while signing up, you listed "XCode". That's not the correct spelling, it should be "Xcode" (lowercase c). Also, you should allow for selecting multiple languages/editors. I selected Swift/Xcode because that's my day job, but I also use Swift/Vim in some cases, and I use Vim for languages other than Swift/Obj-C. In fact, I'm guessing Kite won't be nearly as useful for Swift/Xcode as it would be for other languages, because Xcode already provides a lot of this functionality (e.g. intelligent code completion and quick help for any API).

andretti1977 1 day ago 2 replies      
Well, definitely this is a great project but at the moment, for what i was able to see in the demo video, the main features are very similar to code completion and API exploring as i can currently perform with my ide (i develop mainly java based app so IntellijIdea or Eclipse give me quite the same help).

Don't want to be rude but it doesn't seem like this tool may currently enhance my productivity.

SanPilot 1 day ago 2 replies      
> Left padding is so complicated that I've pulled it out into its own file, as you can see here.

Am I just really ignorant, or is this satire?

mwagstaff 1 day ago 1 reply      
Agreed that this looks awesome. Seeing code completion and context sensitive help for running terminal commands (e.g. netstat), not just programming languages, was what made me hit the sign up button.
Dangeranger 1 day ago 1 reply      
Often I work in a full screen editor environment like terminal Vim with Tmux. Are you considering support for a command line client that could run in a split pane or window alongside my terminal editor?

If you implemented such functionality the suggestion experience could be more seamless for myself and those with similar workflows.

zuck9 1 day ago 0 replies      
This is similar to the Developer Assistant plugin for Visual Studio made by Microsoft: https://blogs.msdn.microsoft.com/onecode/p/devassistant/
irq11 1 day ago 1 reply      
The title is a bit misleading. This only works for Python and OSX.
noonespecial 1 day ago 1 reply      
So it's watching my bash terminal? Does it send my passwords on over to your servers when I ssh somewhere without keys?
quantum_nerd 1 day ago 0 replies      
All "my BigTech Co won't let me use this at work" and other privacy concerns aside, this is an amazing tool for budding programmers or experienced ones using an unfamiliar language. Can't wait to try it out!
canistr 1 day ago 0 replies      
Is it really a launch if very few people have access to it in a private beta?

All this noise on Twitter/FB/HN/etc. doesn't help when we don't get a chance to play around with it. Just saying.

p01926 1 day ago 0 replies      
I dream about a tool like this every time I need to look something up, which only happens about a hundred times every day. I NEED THIS IN MY LIFE.

But reading the kite.com/privacy doc is absolutely gutting. They copy and keep all your code, permanently. That's fine for an open-source project, but it's a deal breaker for anything else. So thanks for the brilliant idea, but I'll wait for it to be implemented in a way compatible with my everyday workflow.

wuliwong 1 day ago 1 reply      
I thought I was signing up for Kite not for Kite's email list. Pretty misleading copy. Nowhere does it say "Coming soon" or anything to that effect.

Also, there seems to be no confirmation email.

neil_s 1 day ago 0 replies      
This is awesome! I was going to build something similar, just for the terminal, but extending it to code editors as well makes total sense. And what an all-star team!
jiiam 1 day ago 0 replies      
Ok, this convinced me. At first I was skeptical, but looking at how it works compared to existing methods that need a ton of configuration, I believe it is at least worth a try.

More importantly, I believe it appeals to newcomers. We are getting into a world where learning the proper way of coding requires a lot more than the famous 10.000 hours, mostly because there are hundreds of standards. This tool might become a much nicer introduction for newbies, compared to digging through pages of documentations in search for the one example that satisfy your use-case (I'm talking to you, Python requests).

libeclipse 1 day ago 2 replies      
This isn't that big a deal IMO. For a start, any non-trivial complex problem will probably not be included in kite, and the trivial stuff is generally memorised or easily googled.

This is really only spoon feeding.

sulam 1 day ago 1 reply      
So, this looks pretty damn awesome, and I want to try it out yesterday! Seems like a lot of people are worried about privacy, and I guess I understand that. But I want this for when I'm learning a new language, and I honestly don't much care what happens with that code.

Also I think people are way too worried about their code. It's vanishingly rare that _the code_ is where the value in a business is. "But if I had Google's source code, I could run my own search engine and put them out of business!" Really? Could you? Because last I checked, Google has more engineers working on search than any other company on the planet. The stuff they do next week is probably going to improve their code more than what you would do by yourself for the entire year. And that's just the code, there's far more to search than algorithms.

Dangeranger 1 day ago 0 replies      
Do you support code linting or code smells in addition to completions?
lincolnq 1 day ago 1 reply      
Wow, this looks pretty amazing - well done with the demo. I'm super excited to try it out, how soon will it be ready?
ausjke 1 day ago 0 replies      
I have long wished nodejs provides such helpful info, e.g. when I use the nodejs APIs I can get hints on the syntax and even some concise demo for usage, instead of opening a webpage and read online each time. Both python and PHP provide man pages for all their APIs etc, but no such thing for nodejs yet.
llamataboot 1 day ago 0 replies      
Hmmm. Regarding one member of their team: "Prior to Kite, he was a tech lead at Homejoy, driving customer acquisition and retention." Not to spread tooooo much guilt by association, but didn't Homejoy just get roasted around here not too long ago for what thy did with the data on their servers? [1] Doesn't really make me feel the warm fuzzies for what they might do with all that data if they shut down.

[1] https://medium.com/@johnsalzarulo/didn-t-homejoy-shut-down-e...

educar 1 day ago 0 replies      
Great video :-) Loved the left pad joke and duly noted down your panama account information.
saltycraig 1 day ago 0 replies      
He should've put left_pad.py in a folder with an __init__.py to make it a proper package ;)
aeorgnoieang 1 day ago 0 replies      
This looks fantastic. It would be great to get this working in Light Table.

Another commenter asked about hotkeys and I'd like to pile on to that sentiment I've recently started using Vim (and Vimium) and it's really disappointing not being able to navigate by keyboard.

aub3bhat 1 day ago 1 reply      
I think this looks great, but it reminded me of Lightable. Also rather than using Sublime text as a comparison, isn't PyCharm a better comparison. In my opinion Pycharm already provides a subset of functionality, in addition to several other features.
febed 1 day ago 0 replies      
Great idea! But doesn't it work by intercepting keystrokes? What prevents Kite from reading keystrokes in other applications like a browser?
vinitagr 1 day ago 0 replies      
Looks like an amazing tool. Have to use it before i can tell more. Showing the documentation and example is cool and all, a very useful feature would be the search and analysis of the error messages upon program compilation/run. Most likely from stackOverflow.

This will make things so much easier. Reminds me of how2https://github.com/santinic/how2

groundCode 1 day ago 0 replies      
Autocomplete on steroids. This looks very cool and the demo vid was very well done!
martinni 1 day ago 1 reply      
Looks great!

The only thing is I don't like the thought of having to share my screen real estate. Would it be possible to have some kind of navigable popup box within the editor?

notliketherest 1 day ago 0 replies      
This is really cool, and I wish you luck. It has great potential for educational purposes as well! I'd like to download it and try it when it's launched for my personal projects; however, I won't be able to use this at work (no way I'd get buy in to upload our source code lol). It'd be great to see local indexing on the roadmap for the future.
megacity 1 day ago 2 replies      
I don't understand why this needs to store all the typed code on their server.

Couldn't this data just be deleted once the lookup has run?

antiffan 1 day ago 0 replies      
Super cool concept. One thought: when I'm using my laptop I have limited screen space. It would be awesome to be able to use Kite on my phone's screen, with my phone clipped to my laptop using something like this: https://tenonedesign.com/mountie.php
mkelley82 1 day ago 2 replies      
What about support for VS Code?
e0m 1 day ago 0 replies      
This is amazing. Documentation pages that list methods alphabetically, or by some other random order, drive me crazy! Just being able to show me function calls by frequency and relevance would make Kite worth it. And there's so much more! Very excited about this.
BIackSwan 1 day ago 0 replies      
left_pad.py - lol
asimuvPR 1 day ago 0 replies      
This is nice. Could we get a general description of what tech it is built on top of?
heinrichf 1 day ago 0 replies      
Who wants to build an open-source cross-platform clone ?
werber 1 day ago 0 replies      
For the early sign up it be cool if you could specify that you write in multiple languages and across multiple platforms to get invites as soon as possible. This looks like an amazing tool for a more hands off teaching style.
giulianob 1 day ago 0 replies      
This is really cool. It reminds me of OmniSharp which provides Intellisense to any IDE. It just runs as a background process listening on HTTP so adding intelligent autocompletion to a text editor is fairly easy. I like this approach a lot.
drcongo 1 day ago 0 replies      
Could I suggest some kind of per directory .kiteignore file?
jackcosgrove 1 day ago 0 replies      
Many organizations already upload their source code to GitHub. I could get behind a tool like this that could scan GitHub repositories and build an on-premise index.
odbol_ 1 day ago 0 replies      
The juxtaposition between seeing this on the frontpage today, and the VIM 8.0 announcement on the frontpage yesterday, is hilarious.
tomphoolery 1 day ago 0 replies      
What's with the invite? Is this a service or something? What about this requires it to be proprietary and hosted elsewhere?
melling 1 day ago 1 reply      
Probably not the problem you're trying to solve but I'd like a better typing assistant as well as a co-pilot. For example, on the first line, I'd like to type "r" then be prompted for "import requests" Anywhere where the video had to be sped up is ripe for an advanced typing assistant. Typing entire lines like this seem unnecessary:

"from left_pad import left_pad"

I guess a super autosense along with Copilot would make for more exact coding.

cmiller1 1 day ago 0 replies      
Maybe I'm behind the curve, but I still use TextMate, is there any chance a plug-in is in the works for it?
mkoble11 1 day ago 0 replies      
Justin kan mentioned the upcoming launch of this on snapchat the other day and I was intrigued. This does look awesome!
ElijahLynn 22 hours ago 0 replies      
Very interesting. But closed. Not open.
slantaclaus 18 hours ago 0 replies      
I hope it supports TextMate...
d0m 1 day ago 0 replies      
That's great, very exciting to have it internet based and to have it become smarter and smarter over time.
mkagenius 1 day ago 0 replies      
Does it search Stack overflow along?
pknerd 1 day ago 0 replies      
Hopefully there will be a bit less traffic on Stackoverflow after using that. :-)
fareesh 1 day ago 0 replies      
This looks great - can't wait to try it. Can I beg for an invite here?
stcredzero 1 day ago 0 replies      
No nerds were harmed in the making of this product.

So no questions asked on IRC?

sneak 1 day ago 2 replies      
(scribbles with mouse, clicks on things)

"When I open my terminal...."

I am evidently not the target market.

Do professionals actually identify with this stuff? Am I really that out of touch when I think that that much mousing around is CRAZY slow? And who switches back and forth from GUI editors to a terminal?

clio 1 day ago 0 replies      
At age 13, I completed my PhD at Google while having an internship at MIT, Stanford, and Berkeley. By age 15 I won the Nobel Prize while working at my tenth SV startup. My name is Franklin, and I drink wine on the weekends.
plaidturtle 1 day ago 0 replies      
Loved the humor in the intro video :D
chinathrow 1 day ago 0 replies      
Nice tool, very nice demo video.

Unusable since I won't let my code be indexed by a third party. Also unusable since I won't let a third party have access to my shell. Imagine having your bash history stored centrally - a prime target for LEO/security services/black hats/data mining.

However - the code assistant is nice and I would love to have it running locally with a shared intelligent index - OSS based.

sandman83 1 day ago 0 replies      
awesome. intellisense on steroids.
hathym 1 day ago 0 replies      
I'm very impressed!
kevindeasis 1 day ago 2 replies      
This would be even more amazing if it was free or cheap.

It would be cool if they also open sourced it

DanteVertigo 1 day ago 2 replies      
This kind of tool destroys ones ability to program long sustainable production code. For a novice programmer this has tremendous negative effect on the learning curve. For an experienced programmer this tool is useless, because an experienced programmer will NEVER rely on "popularity" of some code-snippet out there in the wild. Programming is a very intense and deep practice and it is certainly not crafted using this kind of tools. This tool helps people write poor quality code for customers. Makes me wonder, what Knuth would say on this?
Post-Mortem for Google Compute Engines Global Outage on April 11 cloud.google.com
795 points by sgrytoyr  2 days ago   349 comments top 40
brianwawok 2 days ago 23 replies      
This is a very good Post-Mortem.

As I assumed it was kind of a corner case bug meet corner case bug met corner case bug.

This is also why I am of afraid of a self driving cars and other such life critical software. There are going to be weird edge cases, what prevents you from reaching them?

Making software is hard....

teraflop 2 days ago 7 replies      
> There are a number of lessons to be learned from this event -- for example, that the safeguard of a progressive rollout can be undone by a system designed to mask partial failures -- ...

This is a really important point that should be more generally known. To quote Google's own "Paxos Made Live" paper, from 2007:

> In closing we point out a challenge that we faced in testing our system for which we have no systematic solution. By their very nature, fault-tolerant systems try to mask problems. Thus they can mask bugs or configuration problems while insidiously lowering their own fault-tolerance.

As developers we can try to bear this principle in mind, but as Monday's incident demonstrated, mistakes can still happen. So, has anyone managed to make progress toward a "systematic solution" in the last 9 years?

cosud 2 days ago 0 replies      
Great writeup! PS: "To make error is human. To propagate error to all server in automatic way is devops." -DevOps Borat
cjbprime 2 days ago 5 replies      
It looks like there were at least three catastrophic bugs present:

1. Evaluated a configuration change before the change had finished syncing across all configuration files, resulting in rejecting the change.

2. So it tried to reject the change, but actually just deleted everything instead.

3. Something was supposed to catch changes that break everything, and it detected that everything was broken but its attempt to do anything to fix it failed.

It is hard to imagine that this system has good test coverage.

stcredzero 2 days ago 2 replies      
In this event, the canary step correctly identified that the new configuration was unsafe. Crucially however, a second software bug in the management software did not propagate the canary steps conclusion back to the push process, and thus the push system concluded that the new configuration was valid and began its progressive rollout.

Classic Two Generals. "No news is good news," generally isn't a good design philosophy for systems designed to detect trouble. How do we know that stealthy ninjas haven't assassinated our sentries? Well, we haven't heard anything wrong...

Gravityloss 2 days ago 4 replies      
I'm waiting for the time when they push over the air updates to airplanes in flight.

"You can fly safely, we have canaries and staged deployment"

A year forward:

"Unfortunately because the canary verification as well as the staged deployment code was broken, instead of one crash and 300 dead, an update was pushed to all aircraft, which subsequently caused them to crash, killing 70,000 people."

I'm not 100% sure why they don't do the staged deployment for google scale server networking over a few days (or even weeks in some cases) instead of a few hours, but I don't know the details here...

It's good that they had manually triggerable configuration rollback possibility and a pre-set policy so it was solved so quickly.

dylanz 1 day ago 1 reply      
Completely off topic, but this thread is an example of why I (and a lot of people) want collapsible comments native to HN. I'm on my phone, in Safari, and I had to scroll for over 20 seconds just to reach the second comment. The first comment was a tangent about self-driving cars, which while relevant, I didn't want to read about.
ndesaulniers 2 days ago 2 replies      
At Google, they do these really awesome post-mortems when there's a major failure. It provides a point of reflection, and are usually well written entertaining reads. Didn't know they made (some?) public.

They're a good learning exercise writing one, and is more of a learning exercise than a punishment.

ikeboy 2 days ago 1 reply      
>However, in this instance a previously-unseen software bug was triggered, and instead of retaining the previous known good configuration, the management software instead removed all GCE IP blocks from the new configuration and began to push this new, incomplete configuration to the network.

>Crucially however, a second software bug in the management software did not propagate the canary steps conclusion back to the push process, and thus the push system concluded that the new configuration was valid and began its progressive rollout.

I assume the software was originally tested to make sure it works in case of failure. It would be interesting to know exactly what the bug was and why it didn't show in tests.

pjlegato 2 days ago 1 reply      
Attention startups: this is what incident post-mortems should look like.
eranation 2 days ago 3 replies      
This is very interesting. From the little I understand (sorry for using AWS terms as I am more versed with AWS than GCE) this can happen to AWS as well right? even if your software is deployed to multiple AZs / multiple regions, if bad routing / network configuration makes it through the various protection mechanisms then basically no amount of redundancy can help if your service is part of the non functional IP block. I mean it seems no matter how redundant you are, there will always be somewhere along the line a single point of failure, even if it has multiple mechanism to prevent it from happening, if all of these mechanisms fail, then it's still a single point. What prevents this from happening at Azure / AWS? Is there anything that general internet routing protocols need to change to prevent it from happening?

e.g. I'm sure that we will never hear that Bank of X has transferred a billion dollar to an account but because of propagation errors it published only the credit but didn't finish the debit and now we have two billionaires. This two or more phase commit is pretty much bulletproof in banking as far as I know, and banks are not known to be technologically more advanced than Google, how come internet routing is so prone to errors that can an entire cloud service unavailable for even a small period of time? I'm far from knowing much about networking (although I took some graduate networking courses, I still feel I know practically nothing about it...)So I would appreciate if someone versed in this ELI5 whether it can happen in AWS and Azure regardless of how redundant you are, (which leads to a notion of cross cloud provider redundancy which I'm sure is used in some places) and whether the banking analogy is fair and relevant, and if there are any RFCs to make world-blackout routing nightmares less likely to happen.

wyldfire 2 days ago 4 replies      
> . Internal monitors generated dozens of alerts in the seconds after the traffic loss became visible at 19:08 ... revert the most recent configuration changes ... the time from detection to decision to revert to the end of the outage was thus just 18 minutes.

It's certainly good that they detected it as fast as they did. But I wonder if the fix time could be improved upon? Was the majority of that time spent discussing the corrective action to be taken? Or does it take that much time to replicate the fix?

obulpathi 2 days ago 2 replies      
> Finally, to underscore how seriously we are taking this event, we are offering GCE and VPN service credits to all impacted GCP applications equal to (respectively) 10% and 25% of their monthly charges for GCE and VPN.

These credits exceed what is promised by Google Cloud in their SLA's for Compute Engine and VPN service!

balls187 2 days ago 1 reply      
Nice post mortem.

That outtage gives GCE at best a four 9's reliability for 2016.

huula 2 days ago 0 replies      
I always like Google's serious attitude towards engineering, even after they have made some mistakes, they never try to hide anything.
totally 2 days ago 0 replies      
> However, in this instance a previously-unseen software bug was triggered, and instead of retaining the previous known good configuration, the management software instead removed all GCE IP blocks from the new configuration

> Crucially however, a second software bug in the management software did not propagate the canary steps conclusion back to the push process

I'm sure the devil is in the details, but generally speaking, these are 2 instances of critical code that gets exercised infrequently, which is a good place for bugs to hide.

pbreit 2 days ago 2 replies      
Do SLAs even matter in the slightest? Or are they just sort of "feel-good" things or ways for negotiators to demonstrate their worth?
heisenbit 2 days ago 1 reply      
"Lessons learned from reading post-mortems" http://danluu.com/postmortem-lessons/ is a good place to dig deeper

The first graph quoted from a survey paper is a classic fitting the GCE outage well:

Initial error --92%--> Incorrect handling of errors explicitly signaled in software

simonebrunozzi 2 days ago 0 replies      
I love his signature: "Benjamin Treynor Sloss | VP 24x7".
rdtsc 2 days ago 1 reply      
> However, in this instance a previously-unseen software bug was triggered, and instead of retaining the previous known good configuration, the management software instead removed all GCE IP blocks from the new configuration and began to push this new, incomplete configuration to the network.

Always test your crash / exception handling / special case termination+recovery code in production.

I have seen this too often. Most often in in "every day" cases when service has a "nice" catch way of stopping and recovering. Then has a separate "if killed by SIGKILL/immediate power failure" crash and recovery. This last bit never gets tests and run in production.

One day power failure happens, service restart and tries to recover. Code that almost never runs, now runs and the whole thing goes into an unknown broken state.

halayli 2 days ago 1 reply      
This isn't the first time a config system at Google causes a major outage.


DanielDent 2 days ago 1 reply      
My post yesterday seems even more relevant today: https://news.ycombinator.com/item?id=11477552

It's a shame it's not easier or more common for people to create clones of (most|all) of their infrastructure for testing purposes.

Something like half of outages are caused by configuration oopsies.

If you accept that configuration is code, then you also come to the following disturbing conclusion: the usual test environment for critical network-related code in most environments is the production environment.

zaroth 2 days ago 0 replies      
For the amount this cost them, they should have bought CloudFlare. If you play with [global BGP anycast] you are bound to get burned. This is not the first time that BGP took out your entire routing. This is probably not the last time that BPG will take out your entire routing. Whoever's job it was to watch the routing, I am sorry.

Pulling your own worldwide routes because you have too much automation; it will make a good story once it's filtered down a bit! Icarus was barely up in the air, too early for a fall.

grogers 2 days ago 0 replies      
How important for redundancy/quality of service is the feature of advertising each region's IP blocks from multiple points in Google's network? It seems like region isolation is the most important quality that Google's network could provide, and their current design is what made something like this possible, not just the bugs in the configuration propagation. They mention the ability of the internet to route around failures, so why not rely on that instead?
swills 2 days ago 1 reply      
The thing that stood out for me was:

"...team...worked in shifts overnight..."

hsod 2 days ago 1 reply      
> Crucially however, a second software bug in the management software did not propagate the canary steps conclusion back to the push process, and thus the push system concluded that the new configuration was valid and began its progressive rollout.

Perhaps the progressive rollout should wait for an affirmative conclusion instead of assuming no news is good news? I'm not being snarky, there may be some reason they don't do this.

trhway 2 days ago 0 replies      
as devops Borat was saying all along, automated propagation of a error as the main root cause here. A error (new configuration) should be rolled out site by site - ok us-east1, move onto us-west1 ... ok, move onto ... . A canary site may be the first in sequence, yet success ("no failure reported") can't be a big "ok" for automated push to all sites at the same time.
Tistel 2 days ago 0 replies      
The postmortem used the word "quirk." They might consider drilling down on the specifics there. Especially if that is the heart of the bug/accident.
mjevans 2 days ago 0 replies      
I hope that one of their solutions is the obvious one; make change control testing a closed loop instead of an open loop. (Watch for /success/ reported instead of failure notification.)
platz 2 days ago 0 replies      
> configuration file

configuration files strike again - remember knight capital?

nickysielicki 2 days ago 1 reply      
What does Google use for BGP? Quagga, OpenBGPD, BIRD, their own?

Also, does anyone have a link to statistics on global BGP software usage? I'm curious what the marketshare looks like.

JustUhThought 2 days ago 0 replies      
Just a thought. Maybe change the name from 'post-mortem' to, anything else before the event actually is a post-mortem.
sengork 2 days ago 0 replies      
Networking issues in either the storage or communication subsystems of any platform normally result in wide-spread disruptions.
itaifrenkel 2 days ago 0 replies      
What is the reason different GCE regions use the same IP blocks?
hvass 2 days ago 1 reply      
What is defense in depth? It is mentioned as a core principle.
awinter-py 2 days ago 0 replies      
chaos monkey?
contingencies 2 days ago 2 replies      
TLDR; they simply didn't test their (global!) custom route announcement management software. An edge case was triggered in production, and they gee-whiz-automatically went offline. Epic fail.

PS. To the downvoters, truth hurts.

herrvogel- 2 days ago 0 replies      
A bit of topic, but it really bugs me, that the banner on the top so pixilated.
qaq 2 days ago 2 replies      
DRY"The inconsistency was triggered by a timing quirk in the IP block removal - the IP block had been removed from one configuration file, but this change had not yet propagated to a second configuration file also used in network configuration management."
NetStrikeForce 2 days ago 1 reply      
I think most people are missing the main failure point: Why does one change propagate automatically to all regions?

All this could have been contained if they deployed changes on different regions at different times. That would also help with screwing less your overseas users by running a maintenance at 10am their local time :-)

Cruise samaltman.com
579 points by sama  2 days ago   385 comments top 65
not_that_noob 2 days ago 8 replies      
This has the potential to derail the merger, not just delay it, and would explain Jeremy's position.

The reason is that any acquirer will ask for the consent of a very high threshold of shareholders for an acquisition. We're talking sometimes as high as 95% of shareholders. Note that this is not people with options, but those who are actual shareholders. In practice, this isn't a problem because usually you have the shareholders generally lined up before you start the process of sale. And you also have drag-along provisions in the various stock agreements where the stock holder agrees to vote with the majority of holders of that class of stock, so large holders can pretty much make a merger happen if they wish.

In this case, Jeremy can claim that he is owed a huge percentage of the equity. Because there are no written agreements where his rights to the equity lapse, regardless of how long he worked, that putative equity is his. And in that case, more than enough for him to veto the merger.

Tough spot for Kyle to be in, but I'm shocked with his prior startup experience that he didn't get this resolved earlier. It would have been easy to have something be written up and signed for next to nothing right as Jeremy left.

I sympathize with Sam and Kyle over this, but unfortunately the legal world is an alternative universe, and they need Jeremy to close the deal.

morgante 2 days ago 5 replies      
I cannot fathom why the majority of commentators here are automatically agreeing with Sam that Jeremy is in the wrong.

If you look at the facts, it seems obvious that Jeremy is entitled to some compensation. He worked for the company for 1 month, without compensation. That would automatically entitle him to equity in the company. Now, they could have (and should have) signed a stock agreement with a cliff in it, but the did not. The cliff only exists if they agree to it.

I have no idea what Jeremy is asking for, but it seems like he should absolutely be entitled to some equity. He never agreed to give up the equity he earned from working on it for a month.

I suppose this underscores the importance of having legal agreements with anyone who works on your company, especially anyone you jointly apply to programs with.

Tarrosion 2 days ago 6 replies      
sama: can you comment on the various personal and financial interests you have in this case? Would you name and shame for a YC company in which you had not invested as an individual? One not run by a personal friend? One not about to be acquired for huge money and become another home run for YC?

Or similarly, you note in this post that you spent a whole day dealing with this issue. Hanging around HN we frequently read about how YC partners' time is in high demand, many applications to YC are viewed for literally only seconds, office hours are in fact not hours, etc. Would any YC company get such a chunk of your time?

I certainly don't mean to be some jerk on the internet telling you how you may or may not spend your hours. That's a) not my place and b) a topic I'm not qualified to philosophize on.

Nonetheless, it's more than a bit disconcerting to read a blog post which starts out with "here are some of my various connections to an interests in this company" followed by "and I'm doing them special favors, apparently at risk to myself, including writing this blog post."

This blog post gave me quite a sense of "well, sama and YC have a solid moral compass and plenty of self confidence but don't always follow the rules." The "I'm making an exception of my usual don't-be-on-YC-company-boards policy to be chairman of two YC companies" post from a year ago [1] had a similar vibe. Both posts made me wary of YC.

[1] http://blog.samaltman.com/energy Maybe I should clarify that I'm rooting for Helion and UPower and hope they go far with Sam. But a policy of I won't be on YC boards unless it's for my favorite company in one of my favorite application areas sounds a lot like I've given up desserts and other refined sugars (except warm brownie sundaes with ice cream and chocolate sauce).

_sentient 2 days ago 7 replies      
We obviously only know one side here, and this issue will doubtless bring all the contrarians and tinfoil-types to the yard.

However, even if we entertain the notion that Jeremy had some sort of de-facto equity interest in the company (a claim for which there is seemingly zero present evidence); can we at least agree that is uniquely shitty to suddenly level these claims days after the acquisition is announced?

One does wonder why this moral injustice wasn't righted promptly in the days, weeks, months, or years following his involvement in the company. More facts will likely emerge, but the timing alone seems like prima facie evidence of rank opportunism on his part.

zekevermillion 2 days ago 1 reply      
I am curious whether Jeremy reached out to ask for money first, or whether instead what happened is Cruise asked Jeremy to sign a waiver of rights and Jeremy wanted money to sign. I suspect it is somewhere between these variants. It does not make sense to me that Jeremy would just reach out "from the shadows" to demand a vig from this acquisition. If he did, and the alleged facts are true, shame on him.

But I wonder, how is Cruise concerned about Jeremy using their trade secrets if he never signed anything with the company? If they disclosed something to him when he was not an employee, and there was no NDA, then how is it a trade secret? Seems more likely that the acquirer saw Jeremy's name in diligence but without any signed NDA/Invention Assignment Agreement, and asked Cruise to close the gap by getting Jeremy to sign a waiver; then Jeremy asked for money to sign that (just speculating here). If this is how it went down, it's within normal bounds for Jeremy to request a payout. Maybe he asked for too much, but that is something that is purely a commercial dispute and I don't think deserves any moral outrage.

I may be missing something -- and probably am, having seen only this article and Cruise's complaint. But there is something that smells a bit off, when there's a rush to smear this guy using all the power of sama's fame, and the $ to hire a big lawfirm to terrorize the defendant into submission.

borski 2 days ago 3 replies      
So here's the thing: I actually think some of this is Kyle's fault, even if that doesn't feel "great" to say. We had a similar situation with a third cofounder for a few weeks (who is still one of my closest friends, though admittedly it's been a while since we caught up). Our lawyers recommended having us (and him) sign a document when we incorporated and receive compensation (it was like $25 each) for the IP created prior to incorporation.

That would have resolved this whole issue, if they had thought about it before it really became a problem, no?

naveenspark 2 days ago 2 replies      
From personal experience, the moment someone does any work on a project they have a claim. The state of CA is extremely worker friendly in this regard. I've made this stupid mistake twice in two different startups unrelated to Immunity Project. The first time, we had someone interview for a job and attend a few meetings. We ended up not offering them the job and they filed a complaint. We fought it and ended up spending nearly six figures on legal + more then you can possibly imagine to settle. It know this sounds insane, but its true.

The second circumstance was a co-founder who stole cash from the company and was booted. Similar end result. In both cases we had no documentation (classic startup excuse), and strongly believed in the premise that if you didn't do the work, you don't deserve to be paid. We lost in both cases. One of the primary drivers in both cases was the dreaded contingency attorney. Anytime someone is able to get an attorney to take a case on contingency with minimal out of pocket cost, they have little reason to be reasonable. And because filing is the nuclear option in the first place, they don't care about fallout. Contingency attorneys are paid a % of the resulting settlement so they will drive the case as hard as needed to extract the maximum outcome. In some cases the attorney will manipulate their client in pursuit of this outcome even if its not in their clients best interest long term. It was smart for Kyle to file first because it makes it harder for the other party to retain a contingency attorney who will cover defense in the deal. This will dramatically increase the other parties cost to litigate the case.

Lessons learned:

1. ALWAYS put stuff in writing.

2. NEVER have anyone do any "work" without some written agreement on compensation.

3. The only winners in litigation are the lawyers.

4. 3pt14159 makes a great point: ALWAYS settle early. The longer you let something drag, the more it will cost. Its always best to try to settle prior to either party filing a lawsuit. In this case it sounds like Kyle tried to settle first but was unsuccessful.

sama 2 days ago 2 replies      
Ok, I tried to answer questions here for awhile. I've got to head into other meetings for the rest of the afternoon.

BTW, my working assumption here is that Jeremy is a good person getting bad advice. I'm certainly not out to destroy his career, and I would talk to him about his next thing. We tried hard to keep this from being a public matter, but one things about YC good or bad is that we will do everything in our power to defend the people we fund if we think they're in the right. Since this was going to become public anyway, and Kyle can't say much, I wanted to clarify how hard Kyle worked to solve this privately.

And as a takeaway--put stuff in writing!!

zxcvvcxz 2 days ago 11 replies      
Knowing very little about the case, it's hard to take a side without legal due process. Statistically, from other similar cases, there's a good chance this Jeremy guy is probably full of shit. But this rubbed me the wrong way:

> Still, its important to the way Silicon Valley works that such behavior not be tolerated.

You're not above the law, nor should you have more say than any other resident in Silicon Valley (but by all means, vote in elections and write your congressman). If someone makes a legal claim, that's up for the courts to decide. They have every right to make such a legal claim. And investors have the right to fire back publicly, sure.

But this attitude is now starting to make me think that there's more to this:

> Kyle made an extremely generous offer to settle this claim by offering to give Jeremy a lot of his own money.

Smart people don't settle if a claim is baseless. Baseless claims get thrown out quickly and easily.

Edit: from another top-level comment,

>To that point, the fourth cause of action is regarding "Trade Secrets" in the possession of the Defendant and states that "Plaintiffs have reason to be concerned that Defendant may attempt to use such trade secrets in his further endeavors"Which does prompt a question of how a person who never had any involvement in the company and its technology came to be in possession of its trade secrets.

And now I already have some reasonable doubt that makes me want to think a bit harder.

To re-iterate, I still think this Jeremy guy is most likely full of crap. But I am not a big fan of the attitude and public shaming of YC here. What this tells me is as follows: if I have anything to do with a successful YC company in the future and I get involved in a legal claim that looks unfavorable, some popular top investor could write a blog post shaming me and ruining my reputation for other startups. Not professional if you ask me.

doh 2 days ago 3 replies      
This show the incredible value of YC in general. Two of my friends ended up in a similar situation when were selling their companies and their VCs essentially told them something like: "Don't you dare to fucked up this merger, give them the money they're asking for."

Having a VC that stands behind you during time like this has an incredible value and should be considered by any founder(s) when thinking about applying to YC.

jl87 2 days ago 3 replies      
"Still, its important to the way Silicon Valley works that such behavior not be tolerated."

Who are you to say what is or is not tolerated in SV?

Sam, you and YC seem like good people, but language like that makes me not want to be your fans.

It sounds very elitist.

alain94040 2 days ago 0 replies      
I have seen my fair share of co-founder disagreements, and I have issues with several parts of Sam's comments:

Even if Jeremy had signed a stock agreement, he wouldnt have reached the standard 1-year cliff for founders to vest any equity

Sam, are you recommending that co-founders with no salary be subject to a 1-year cliff? I have always argued that it's a bad idea, and today's case is the perfect example: if someone who is not paid leaves before 1 year, they receive absolutely nothing for their work. That's not right. I'm fine with a 1-year cliff for early employees who get a salary (see FAQ section of http://foundrs.com)

To play devil's advocate, you need to hear both sides of that story. Of course one month is not much time. But if I'm the one who said the one magic sentence that made Elon Musk fall in love with Mars and told him how to get there, and I can truly claim that without me, SpaceX wouldn't exist, do I deserve something? Hard to tell. By default, if two people start working on something, they are partners, 50/50. That wouldn't be right either, but maybe the truth is not a 100/0 split.

EDIT: after having read the legal complaint, it sounds like that person was not an original co-founder, but someone who had some discussions after the startup was incorporated. The only "oops" moment is having listed him as a co-founder on YC's application. You can imagine the scene in the courtroom: "did you or did you not list Mr X as a co-founder in the company's YC application? If so, are you lying to us now when you say he is not a co-founder or were you lying then?"

pmorici 2 days ago 1 reply      
Did anyone else read the linked complaint that was filed with the court? What I found interesting is it spends seven pages essentially painting the guy as a villain and claiming he had nothing to do with anything the company did then in prayer for relief it says they are worried he is going to take Cruise's trade secrets and use them in his own venture.

How can anyone claim that someone simultaneously had no involvement in your business and yet you are worried they have knowledge of and are going to use your trade secrets?

The whole complaint is very light on specific facts and contains a good dose of ad hominem language assailing the defendants character w/o alleging any specific actions taken by the guy to support the claim. It also alleges that the guy is interfering in the acquisition but doesn't specify how.

It seems like there is more to this story, unless they just managed to hire the world's worst lawyer.

pron 2 days ago 4 replies      
Knowing absolutely nothing about this case, and assuming Sam is 100% right, I think it is a bit unfair for Sam to use his huge PR advantage. Obviously, it's just business, and it's good to see Sam and YC putting their considerable PR weight behind one of their companies, but it's also problematic, especially at this point in time, where it doesn't seem like the other side has done any PR (otherwise this move is perfectly understandable). Maybe Jeremy will withdraw his claim? Maybe he'll take the next settlement offer? Maybe he's an opportunist, but maybe he truly feels he's been unjustly harmed (and maybe both)? And maybe he's just so angry with himself for dropping out that he just can't let it go? Is it really necessary to air this in public, possibly destroying a person's reputation, when you might well win anyway (and it is unlikely that this post would change the outcome one way or the other)? Or is it just a form of deterrence to others?
Animats 2 days ago 2 replies      
It's going to be amusing if GM realizes that Cruise doesn't have much technology and bails on the deal. GM/CMU has successfully demonstrated a Cadillac driving around Washington DC in traffic.[1] Cruise crashed into a parked car in San Francisco.[2]

[1] http://www.cmu.edu/news/stories/archives/2014/june/june24_co...[2] https://www.dmv.ca.gov/portal/wcm/connect/bc21ef62-6e7c-4049...

edw519 2 days ago 1 reply      
Sorry to hear about all of this.

As a repeat solo founder and bootstrapper, I have an intense desire to spend the maximum amount of time satisifying my customers by helping them solve their problems. Sure, this approach often leaves a bundle on the table, but so what; lots of us just want to accomplish a lot and have fun building stuff and helping others, regardless of the payback.

I'm so glad I chose this way when I read stuff like this:

...long and sordid history...

...should own a substantial amount of Cruises equity...

...interfering with the pending Cruise/GM merger...

...offering to give Jeremy a lot of his own money...

...avoid a protracted litigation...

...worked incredibly hard to settle this claim amicably...

...obvious ridiculousness of it...

...incredible bummer these situations have to happen...

...least sensible professional situations...

...unfortunately these situations are not uncommon...

...I place myself at risk talking about this...

...say something before the lawyers can stop me...

...such behavior not be tolerated...

...personally involved all day on Friday...

...time pressure because of the pending merger...

gkoberger 2 days ago 6 replies      
Finding a cofounder is often like dating. You sometimes need to "date" a few people before you find a "girl/boyfriend" (aka cofounder). It's too early for contracts or equity splits at this point, which results in enough ambiguity later on that these issue can arise.

I hate the formality of contracts, but is there any good procedure early on for avoiding this in the future? It seems every billion dollar company has a "secret" cofounder that shows up when the money does. I know I've definitely shared ideas and even code with friends, long before my startup became an incorporated startup.

I'd feel silly and presumptuous if I started handing out contracts, of course. Maybe something more along the lines of the YC handshake protocol, as opposed to a formal contract? Does it legally matter if you say "Hey, just wanted to acknowledge we talked a lot about this, and wanted to make sure you were okay with [terms]" and record the response?

damonpace 2 days ago 0 replies      
Every lawyer in Silicon Valley knows the biggest threat to your startup is your co-founder. Not VC's. Not competitors. Not Copy Cats. Not Google or FB. It's your co-founder! If you don't want to believe that, read the countless stories and lawsuits in SV about co-founder disputes.

Stories like this should give you the confidence you need to be a solo founder. Start solo & hire your co-founders after you get your paperwork done. It's not about equity or greed. It's about starting smart & protecting your investment.

6stringmerc 2 days ago 3 replies      
>And so Ive decided to say something before the lawyers can stop me.

Note to self to etch into brain: Do not emulate this in serious matters.

I can understand the compulsion though, no doubt.

michael_storm 2 days ago 1 reply      
> Even if Jeremy had signed a stock agreement, he wouldnt have reached the standard 1-year cliff for founders to vest any equity.

How is someone not fulfilling hypothetical terms of an agreement that doesn't exist an argument that they don't have a claim? "Furthermore, had they signed an agreement stating that they wouldn't get compensation, they wouldn't get compensation. Therefore, they shouldn't get compensation."

pfarnsworth 2 days ago 1 reply      
One of my friends knows someone at Cruise, and he was incredulous about the deal. He believes that most of the $1B will be related to hitting milestones in the future, and isn't just straight cash or equity up front. Does anyone know anything about this?

He basically said they don't have a working product, they have a prototype that works on one specific model, so the idea that this would garner $1B is insane unless there's some earnouts associated with it.

I guess it will be in GM's financial statements so I'll be on the lookout for that.

mangeletti 2 days ago 0 replies      
I'm gonna get a lot of hate for this opinion of mine:

This seems like a great way to muddy the waters for any potential future jury trial.

What a shameful move on the part of Sam Altman, using such a soapbox to publicly put somebody's personal ethics on trial, and for personal monetary gain.

JonFish85 2 days ago 3 replies      
Investor argues in favor of preserving his investment. That's about as much weight as I care to give his arguments.

Also, as an aside, is it really a "merger"? I see it as an acquisition--one company buying the other out.

chetanahuja 2 days ago 0 replies      
"I recognize that I place myself at risk talking about this, but its time that someone speaks publicly about situations like what is happening at Cruise. And so Ive decided to say something before the lawyers can stop me."

I don't understand. What is the great risk to @sama here? For all intents and purposes, this looks like a public naming-and-shaming of a previously unknown person by a prominent VC because they made a legal claim against an investment.

mcculley 2 days ago 0 replies      
> And so Ive decided to say something before the lawyers can stop me.

I hate when people say things like this. Maybe he meant that other people's lawyers will prevent him from saying something, but often people are referring to their own lawyers. Your lawyer can't stop you from doing anything. Your lawyer can only encourage you to not say anything which might damage your case. And people often take that advice in the interest of self-preservation or greed or damage control instead of speaking candidly. They then blame the lawyers as if the lawyers are the reason they can't talk.

jondubois 2 days ago 0 replies      
It sounds like Jeremy was part of the company before any of these 'vesting schedules' were agreed upon. It would be nice to read Jeremy's side of the story.

It's strange that somebody as wealthy as Kyle (who sold Twitch for $1 billion) would make such a fuss over what is probably only a couple of millions... It would be interesting to know exactly how 'extremely generous' his settlement offer was.

Also it's really strange/suspicious that the founder of Cruise would put himself on a vesting schedule... Is this common practice?

daveguy 2 days ago 2 replies      
Kindof off topic, but I find it odd that they are referring to Cruise/GM as a merger. GM is a behemoth compared to Cruise. Isn't that more of an acquisition? Is merger a legal term? If so, can anyone clarify why this is a merger and not an acquisition?
businessy350 2 days ago 0 replies      
As a naive entrepreneur I allowed someone to become involved with my business and quickly discovered they were not the right person to work with. Their behaviour became a concern and I had to sacrifice millions of dollars to prevent the destruction of what I have worked for. By taking an acquisition offer in an effort to remove them from a position of control I lost a lot and they made a lot. I deeply sympathise with the decision Kyle made to offer Jeremy his own money to end this. I have many regrets about involving that person in my business but to this day I do believe that the decision to allow them to walk away with a lot (of undeserved money) was the right one. The business lives on.

The person on the wrong side of my experience went on to deceive many other people and has left a trail of negative experience behind them, even using their involvement in my business to help deceive. I take comfort in knowing that my business survived their involvement and regardless of how they profited from my work they will likely never find honest success.

minimaxir 2 days ago 1 reply      
Wow, this is incredible transparency on YC's part, and an interesting tactical decision naming names. I assume this post went by several of YC's lawyers.

EDIT: Had asked about Jeremy's complaint; see sama's comment below

abalone 2 days ago 0 replies      
"Ive decided to say something before the lawyers can stop me."

Is this really a smart decision that the HN community should model? To view your friend's lawyers in a multi-million $ lawsuit as obstacles that should be routed around?

Posting to the HN community about this seems like an emotionally-driven decision. With so much at stake, wouldn't it be better to (a) follow your lawyer's advice and (b) do a post-mortem on it after the acquisition closes?

blazespin 2 days ago 0 replies      
https://www.google.com/webhp?sourceid=chrome-instant&ion=1&e... Is like the second entry on Google Search. Great job, Sam. Boy I don't think i'd ever want to do business with you.
tlogan 2 days ago 0 replies      
Here is how understand what I was told regarding these kind of problems.

- When acquisition happens, then acquirer will do due diligence. They will want that all people which were involved in the development without the contract to sign a waiver / transfer IP.

- If people involvement in the development were working for free and there were not contract, then, by default, they are eligible for part of equity.

In short if co-founder leaves and was not paid you must ask him to sign waiver / transfer of IP (not sure exactly what: ask your lawyer - then can craft that). I believe the key here is whether is that person was compensated or not.

Am I right here?

Scirra_Tom 2 days ago 0 replies      
Can't see any mention of what Jeremy did for Cruise apart from help find an office, he must of done something else? Would like to hear the other side of the story tbh.

Wondering if the risk Jeremy posed was identified in the duedil at any stage for previous rounds, and if the risk was identified if it was used as leverage for lower valuation at all, or if it was not identified or underestimated. Would of thought seasoned investors would of wanted to snub out any future issues like this before handing large amounts of money over.

sandGorgon 2 days ago 0 replies      
So the claims in this case are based upon the fact that they made the YC video application together and clearly mentioned in the YC application on what each cofounder's contribution was ?

Hmm...this is very tricky. Because I'm very sure they attributed some concrete work to each founder . in fact if i remember correctly, they ask how much code each cofounder wrote.

dataker 2 days ago 0 replies      
We don't know what made Jeremy leave the company and how he helped before YC.

If this is a case Jeremy was present at incorporation, he contributed to the product (in some way) and his shares were eventually diluted, this will be similar to Saverin's case.

oxryly1 2 days ago 0 replies      
Does this strike anyone else as naive speculation? And fiercely prejudicial, as well?
CPLX 2 days ago 4 replies      
As a side note, having read the actual court filing, this kind of language in legal complaints always rubs me the wrong way:

1. This case arises out of Defendants opportunistic and brazen attempts to extort money from Cruise and Mr. Vogt. As alleged below, after mutually parting ways with Mr. Vogt over two years ago, Mr. Guillory emerged from the shadows with his hand out within days of the March 11, 2016 news that General Motors Company (GM) intends to acquire Cruise. As explained below, Mr. Guillory should put his hand back into his pocket; he does not have any stake in the Company.

2. Defendants shocking and opportunistic claim is an attempt to thwart, interfere or otherwise delay GMs merger acquisition of Cruise for his own pecuniary benefit. Knowing that his claim could interfere with the GM transaction, Mr. Guillory hopes to leverage his extortionist claims to achieve a pay-off from the Company. Declaratory relief is therefore necessary to remove potential uncertainty regarding equity ownership, partnership interests, intellectual property and trade secrets of the Company...

Given that such inflammatory language will have no positive effect on the judge, and if anything distracts from the actual precise legal arguments, it seems calculated entirely for the attention of the press and/or general public.

I have no opinion on the merits of this one obviously, but in my experience, when you see a complaint with language of that kind it's often a sign that there's more to the story.

To that point, the fourth cause of action is regarding "Trade Secrets" in the possession of the Defendant and states that "Plaintiffs have reason to be concerned that Defendant may attempt to use such trade secrets in his further endeavors"

Which does prompt a question of how a person who never had any involvement in the company and its technology came to be in possession of its trade secrets.

In fairness, it's certainly plausible that its basis is solely in claims made by the Defendant, and not meant to imply there is any actual IP in his possession.

Or, it could mean that during the acquisition his early role came to light and he was asked to sign away any potential IP by the acquiring company and declined to do so without compensation, since he might want to do a similar project in the future. Did he reach out when he heard the news, or did the company reach out to him during acquisition due diligence?

That's complete speculation, but we have no choice but to guess, since unlike a typical complaint to commence a legal action, this particular one doesn't contain an affidavit or make any attempt to establish an underlying factual record at all.

Instead of saying he "emerged with his hand out" it could state "contacted X via email asking for Y on Date Z" in the style of an actual legal argument rather than of a press release. Rather than referencing "baseless allegations" and "shocking and opportunistic claim" it could just state the claims he made.

So, what shocking thing did he say? What is his stated rationale for compensation? On what date is there the first written evidence that he's making a claim of equity? Why aren't there any exhibits attached? Why aren't there any quotes from the emails he sent?

vnchr 2 days ago 0 replies      
I can't imagine PG posting something like this.
bitmadness 2 days ago 0 replies      
I disapprove of investor's commenting on such cases. Sam has a conflict of interest in this case, and was not even present for the events in question.
jboydyhacker 2 days ago 0 replies      
From the filing it looks like they only collaborated for one month. Assuming that's true - it's a pretty offensive shakedown. It sounds like Kyle tried to offer some portion of the proceeds to make it go away but it was declined. Out of curiosity how much was he asking for?

Also in what form did the claim take- Did Jeremy hire lawyers to write a demand letter? Why isn't that in the filing? DOes Jeremy have a lawyer or was he just talking.

Further, isn't there a way to close on the merger given the specious nature of the claim and just ignore the claim and this whole thing? I mean- they knew each other a month.

intrasight 2 days ago 0 replies      
Obviously I don't have the full context, but I don't see the benefit of an open discussion on this legal issue. It's just going to have to work its way through the legal process.
flashman 2 days ago 0 replies      
> According to Kyle, Jeremy did not write any code or build any hardware during this exploratory period.

He'd better be 100% right about this. I imagine it wouldn't look good for Kyle if it comes out that Jeremy wrote some code, no matter how insignificant. Because if 'no code written' = no equity, 'some code written' could turn out to be a gateway to having some equity.

jasonwilk 2 days ago 0 replies      
This shouldn't hold up the deal. GM can write in the agreement that Cruise shareholders have an unresolved potential obligation which they will cover with proceeds.

I had to deal with this at a previous company and it in no way blocked or slowed down the sale. Just a pain in the ass and something that is unfortunately too common.

You can never be too careful with starting your business.

matt_wulfeck 2 days ago 0 replies      
The more money the higher the stakes. There was a founder that left under potentially unfavorable conditions? Then they definitely should have done their due diligence before going forward on a mega, billion dollar deal.

This has nothing to do with silicon valley. These guys can learn something from the way investment banks prepare and close deals. Get all of your ducks in a row before putting that much money on the table.

andy_ppp 2 days ago 0 replies      
This is the sort of blog post I'd write :-)

My spidey-sense for business works like this (probably wrongly); as a geek I assume it's normal for investors to screw me over if I haven't done due diligence of contracts and also for every single former employee to come back if there is a chance for a pay day.

It's sad but I don't find it that surprising; I'm surprised we don't hear about this more.

theoracle101 2 days ago 0 replies      
The sheer amount of misinformation in this thread is astounding.

He wrote no code, literally did not prototype anything, contributed nothing.

Self driving cars take 100s of moving pieces and complex algorithms. You can literally just check the github repo to see who has contributed what. There is no one IDEA that is the silver bullet. Its an entire system working together.

Obviously I can't say much as most is hearsay (though I do believe what I've heard), but the one part of this story that irks me the most is that this all started when Jeremy (allegedly) drunk at a party, bragged to Cruise's counsel that he could stall the GM deal if he really wanted to. Can't believe its actually come to this.

I feel for the engineers there. All their hard work, and likely they will have to lose a large portion of their shares due to indemnity clawbacks when the deal goes through.

danielpwm 2 days ago 0 replies      
Sure, but Sam Altman is biased here. He is a share holder and has a lot to gain from the merger going through, and not being delayed or derailed. So it's hard to read this as if it were neutral, which is how he is presenting it.
kelvin0 2 days ago 5 replies      
Looks like that Jeremy guy is gonna have some splainin' to do in his next job interview. Pretty sure other startups won't want to touch him with a 10' pole, regardless of the veracity of the allegations made.
bookmarkacc 2 days ago 0 replies      
I don't know much about this domain. However it seems like this is an important time to create presedence.

It is in Angel investors interest that people coming out of the wood works be entitled to nothing.

sjg007 2 days ago 0 replies      
Real Companies of Silicon Valley Season 2 episode 1
noahmbarr 2 days ago 1 reply      
People will be opportunistic when it's most opportune.

A stern reminder to us all to get a release whenever you part ways.

errantspark 2 days ago 0 replies      
This made me smile, maybe the future isn't so grim. I hope this doesn't end with an undue amount of fallout for sama such that he's discouraged from doing something like this again should the situation require.
mslate 2 days ago 0 replies      
$1,000 This blog post will be taken down w/in 24 hours.
sharemywin 2 days ago 0 replies      
Seems like there should be some kind of project before company type of agreement. Kind of like "modeling agreements" photographers get you to sign before taking your picture.
studentrob 2 days ago 0 replies      
There is no value in making this public. It is going to be decided by a judge, arbiter, or parties themselves. Public opinion has no say in that matter.
yuhong 2 days ago 0 replies      
I really wish the restrictions on public companies can be reduced or removed so board of directors can tweet more on the companies.
Bluestrike2 2 days ago 0 replies      
Nobody should ever find themselves in a situation like this. Unfortunately, it's altogether too common even when everybody involved is acting in good faith. I can say from experience that if things ever get to the point they did with Cruise, everybody involved has made a series of blunders.

I've been on the other side (sort of; the situations aren't analogous) as someone pushed out by two other non-technical founders after they'd discovered a cheaper option in a startup-in-a-box (best description I can come up with). I wrote about this on here a year or two ago, but there's nothing like discovering that on the day your grandmother dies, and having to deal with their bullshit while focused on her funeral.

I didn't pursue the matter for a number of reasons (one of the two was a lawyer with sufficient resources to draw out any dispute, etc.), but as angry as I was at them for their actions, I realize that had I been more proactive, the entire situation could have been avoided. Instead of accepting repeated excuses and prevarications like "we'll deal with the legal documents soon, just after X" because the one was a good friend, I should have pushed to get everything out of the way first. I knew better, and I ignored my better judgment for what was largely emotional reasons. In hindsight when I look at how things went down in the end, and I look at the events leading up to it, I'm of the opinion that I was going to be be screwed no matter what. But I suppose that I got the last laugh, as they didn't get a line of code I wrote and they've more or less stagnated since a launch that few noticed and fewer cared about. They might not be dead, figuratively speaking, but they're certainly on life support.

Good contracts that are highly specific might seem insulting to some people (they're not), or they might seem like an unnecessary delay, but they're incredibly important even when everything goes right. They spell out duties and roles, and make absolutely certain that everyone is on the same page with no confusion or misunderstandings so that you can focus on building things without any uncertainty.

Basically, pay the lawyers and get things done right from the beginning. You don't have to go to a large firm and pay out $500/hr for this sort of work. There are plenty of small, solo practitioners who focus on business formation. When circumstances change, or you learn more about the business's nature and the risks you need to mitigate, you can always amend or replace your agreements at a later date.

We usually don't think in these terms, but getting involved in a startup without contracts in place is akin to writing complex code without tests. You can do it, but you're making a huge mistake that'll bite you in all sorts of unexpected ways.

tomjacobs 2 days ago 1 reply      
I didn't know legal documents could be funny.

"Mr. Guillory emerged from the shadows with his hand out within days of the March 11, 2016 news that General Motors Company (GM) intends to acquire Cruise. As explained below, Mr. Guillory should put his hand back into his pocket; he does not have any stake in the Company."

Maybe Jeremy could go build his own company. There's plenty of wealth to create, you don't have to take.

mkoble11 2 days ago 1 reply      
seems like a shakedown to me.

- jeremy left after a MONTH, never went through the YC interview with kyle

- >>> jeremy never signed any agreement over equity breakdown, etc <<<

- jeremy never inquired about equity when kyle raised previous rounds, only after the $1b exit.

pretty straightforward.

msane 2 days ago 0 replies      
I prefer to see the clean laundry.
gargarplex 2 days ago 3 replies      
Going through something similar with a pseudo ex-cofounder. He has been behaving extraordinarily passive aggressive.

For a long time, he hasn't been picking up phone calls, responding to emails, or completing tasks that he agreed to do. Sometimes he'll send a text, like seven days later, asking for a clarification on a requested-task that has now already been completed.

Things are finally starting to pick up. I don't know what to do. Technically he owns 50% of the "venture" but it's not like we've issued stock, etc. Things are hairy.

free2rhyme214 2 days ago 0 replies      
Sam's a leader. Reminds me of one of the recent Hubspot founders LinkedIn post. We need more leaders like Sam!
dmode 2 days ago 0 replies      
Jeremy deserves nothing in principle. You cannot ask for millions of dollars of someone's hard work when you have barely put in 1 month of effort. A billion dollar exit requires a lot of hard work and execution. Even if the core idea was Jeremy's, ideas are dime a dozen. Heck, several billion dollar ideas popup in my brain every day. Building on that idea and getting it to market is where the value is. I have no sympathy for Jeremy. He is an opportunist. And Sam is 100% correct.
rdl 2 days ago 1 reply      
Hopefully this gets resolved soon. Seems like three clear takeaways for everyone else.

1) Don't work with Jeremy Guillory

2) Be extra careful with paperwork and understandings early on. (Although it doesn't look like they could have done anything more.)

3) If you possibly can, you want Sam Altman on your side. not just for when things are going badly, but also when they go world changingly well.

brackin 2 days ago 0 replies      
Awesome work, I wouldn't be surprised if shaming these tactics stops him from filing or deters future shady characters from similar tactics.
Microsoft Sues Justice Department Over Secret Customer Data Searches wsj.com
391 points by phonyphonecall  1 day ago   66 comments top 13
dcgudeman 1 day ago 4 replies      
'Microsofts filing zeroes in on a provision of the Electronic Communications Privacy Act, written in 1986. The company argues that indefinite gag orders violate the First Amendment right to inform customers about the search of their files as soon as secrecy is no longer required. Additionally, the suit claims that the law flouts Fourth Amendment requirements that the government give notice to people when their property is being searched or seized.'

This is pleasing news, but to be honest I am a little concerned about the fact the Amazon didn't attempt one of these lawsuit earlier. I am not sure how cooperative AWS is with the government but I would assume they are the largest target for these types of requests. In general I like Amazon as a company but this makes me question their respect for user privacy.

icloudsearch 1 day ago 2 replies      
Throwaway because I am currently under investigation. Apple inadvertently notified me that <Agency> had subpoena'd my iCloud backups. I suspect that they violated the gag order in error. As a result they expedited their physical warrant and raided me 2 days later. As someone targeted by a federal investigation, it is clear that the government will vacuum up as much information as possible without my knowledge. Hopefully Microsoft succeeds in this lawsuit.
nkw 1 day ago 1 reply      
As much as it is generally reviled (especially by those who hang around the Internet) I bet the Citizens United decision will help Microsoft a bit in this suit as it reaffirmed First Amendment speech protections do apply to corporate speakers especially in the context of political speech.


c3534l 1 day ago 0 replies      
It's nice to see when two big corporations compete over each other over who fights harder for the civil liberties of it's users. You one-up those Apple bastards, MS!
3dk 1 day ago 0 replies      
Archive Link: http://archive.is/L6fJf

If you want to skip logging in.

ChuckMcM 1 day ago 0 replies      
It is interesting that law enforcement doesn't draw the connection between the abuse of a capability with the people making it harder to abuse. I don't think there would be any outrage or pushback if such requests were in the 10's a month rather in the 1000's a month.
dmoy 1 day ago 1 reply      
some1else 1 day ago 0 replies      
I thought I'd repost the lawful spying guides by the biggest cloud service providers [1] (including Microsoft). There's a great one from the Hotmail era I couldn't find on a whim though.

1: https://news.ycombinator.com/item?id=11504068

mtgx 1 day ago 2 replies      
Indefinite gag orders are definitely unconstitutional, and it has been proven before in Court. There should be an automatic limit as well for when the gag orders expire, like say 1-3 months, or whatever is considered "reasonable" for an investigation. After that, the government should have to get extensions every 3 months from a judge. After 2 or 3 years, the extension should be obtained only from a federal judge.

And it goes without saying that the gag orders should only be given in very specific scenarios, not for all data requests, or anytime the government wants to give one.

sqldba 1 day ago 0 replies      
What I want to know is - why now and not years ago?
Aoyagi 1 day ago 0 replies      
How nice of Microsoft, that they want to use the data all for themselves... and how nice for them that almost nobody even thinks that "not harvesting every bit of data you get your hands on just because you can" is also a possible scenario.
daveguy 1 day ago 1 reply      
Does this imply that the Justice department can search your computer if Windows 10 is installed? Or does this just apply to data MS has on you at MS? (OneDrive, use telemetry, etc)?
Gone in Six Characters: Short URLs Considered Harmful for Cloud Services freedom-to-tinker.com
464 points by ajdlinux  1 day ago   159 comments top 36
jiiam 1 day ago 8 replies      
Also notice the different attitudes of affected services:

- OneDrive "[...] reiterated that the issues we discovered do not qualify as a security vulnerability"

- Google Maps "[...] responded immediately. All newly generated goo.gl/maps URLs have 11- or 12-character tokens, and Google deployed defenses to limit the scanning of the existing URLs."

Well done, Microsoft!

d--b 1 day ago 2 replies      
This is breathtaking. This article is not only very important for the vulnerability it uncovers, but also it is one of very few articles that shows with very specific examples why breaches of privacy do matter.

Even if you 'don't have anything to hide', you don't want anyone to know that you sent someone the directions to a planned parenthood center. Not because you think it's a bad thing to do, but because the publicity of this information could be harmful to you.

barrkel 1 day ago 1 reply      
Sharing a link with someone via email or chat - a private channel - suddenly becomes a share in a public channel because of the lack of entropy in the shortened link.

Even more surprising is the number of people on here who don't understand why this is problematic, essentially blaming the victim for not understanding that their private channel is leaking information. It certainly is not obvious to the general public, and wasn't obvious to the people who implemented these services, that a side-effect of a shortener with insufficient entropy is leaking information from private channels.

stephenr 23 hours ago 7 replies      
I don't understand the use of URL shorteners for 99% of what people use them for.

Unless you're sending your link over a relatively short fixed-length limited medium like Twitter or SMS, there is no fucking point.

I've seen people post links to download apps, which go from their own site > some random bit.ly/etc URL > dropbox. I'm already seriously doubting if I want to run your app if you can't manage something better than dropbox file sharing, but to then rely on a bit.ly URL that could go fucking anywhere, when you're just putting the link on a webpage is beyond belief.

simonw 1 day ago 2 replies      
The ability to traverse the full content of a OneDrive account starting with a short URL and in some cases /upload malware to them/ which gets synced back to the user's computers is shocking. Even more shocking is that Microsoft apparently declared this to be as designed, not a security bug. That's some terrible software design.
stevetrewick 1 day ago 0 replies      
Scary, but isn't really more like 'using a trivially computable string as a trampoline for live authorisation tokens considered harmful for supposedly secured cloud services'.

Not as catchy, I admit.

jcrawfordor 18 hours ago 0 replies      
A long time ago, perhaps 6-7 years, I used an OS X app that took screenshots and put a link on the clipboard. I noticed that it used very short paths and they appeared to be sequential, so in a moment of boredom I made a little PHP script that just gave you next/previous buttons to iterate through them. It was amusing and I considered actually scraping them and then trying to OCR for sensitive information or something out of curiosity, but I never got around to it (pity, I could have scooped this article!).

Well, fast forward about two years, and that script is still sitting around on a forlorn webserver of mine. Somehow, I have no idea why, some random person ended up tweeting a link to it and it spread around a bit until the software vendor got wind of it. They ended up sending me a probably too-polite email asking if I could do something about it, and after a bit of back-and-forth I got instructions from them on how to enable more secure "long URLs" in the software (an option that I think was new since I made it, so I wonder if I may have actually inspired it...) and added those to the bottom of the page.

It's long gone now, and to be honest I can't remember which app was affected. Possibly tinygrab.

The point of this anecdote is that the problem is not at all new, and the problem of how to deal with it isn't new either. I suggested to the developer at the time that they should probably use long URLs by default, but it seems users just like those short URLs too much. Going to non-sequential assignment would have helped, but the space was still just too small.

Really, I think the fix is just communication. Microsoft's workflow used to be sensible in that OneDrive gave you a long URL and then you had to click another button to get a short one. That second click should come with a warning that there should be no sensitive information in the document, and it will potentially become public after shortening. Users will have to be trusted with the judgment, at least you've CYAd.

neogodless 1 day ago 2 replies      
I think short URLs are great for Twitter, sending people to public URLs, for other services where you're literally just shortening a public URL, if they want to include a tracking / redirect to harvest all your juicy habit information - but I don't think it's a great thing for private URLs.
AndyMcConachie 1 day ago 6 replies      
If your security depends on someone not walking your DNS zone, you're doing something wrong.

If your security depends on someone not guessing a URL, shortened or not, you're doing something wrong.

ryanswapp 21 hours ago 2 replies      
Speaking of short urls, am I the only one that refuses to click on them? I hate that I can't see where the link is going to take me.
spullara 20 hours ago 0 replies      
I pointed this out when I was at Twitter when they were still using the normal short t.co URLs inside DMs. We quickly switch to using very long tokens for those generated URLs. To me it seems completely obvious and I struggle with the developer that stored private information in something so eminently scannable.
Sleaker 16 hours ago 0 replies      
Well... The article is a little dis-engenuous about the shared folder stuff. If a user selected to share the folders with anyone that has the link and also allows write into the folder publicly from anyone, then that's by design. Obscurity on the url part isn't necessarily required, and it may even be a feature to allow easy dumping.. This is on the end user to make sure they aren't auto-downloading public data that has been dumped there.. I can see why this may not be ideal from a security standpoint, and allowing data mining/unauthenticated file drops may not be a great way to handle it, but I don't think the article actually gives the full details. Unless I'm completely wrong, and there is no options in OneDrive for sharing permissions (public, select group, etc) then yes it's a security vulnerability.
pdkl95 1 day ago 0 replies      
When you use a URL shortener, you are effectively encrypting the URL and telling someone they have to go to some 3rd party to get the plaintext. Without any checksum to verify that the 3rd party didn't send an incorrect URL, either maliciously or by accident.
whatever_dude 1 day ago 0 replies      
"...For Cloud Services" doesn't seem like an appropriate title to me. I would say it's more like "For Cloud Service Users".
downandout 15 hours ago 1 reply      
"After an email exchange that lasted over two months, Brian informed us on August 1, 2015, that the ability to share documents via short URLs appears by design and does not currently warrant an MSRC case.

What is it with these large companies ignoring serious security issues while paying attention to smaller ones? I reported something to Facebook that was a moderate privacy concern and got a bug bounty. A few months later, I discovered that I could make Facebook falsely report the domain that a posted URL goes to, and they denied that it was even a bug. So I could share a URL on mydomain.com, customize the contents of the share posting ("Obama says he's going to nuke Russia"), and Facebook would show users in the post that the link goes to Whitehouse.gov or CNN.com or any other domain I choose. This still works perfectly.

These companies really need to take a look at the analytical abilities of those they are employing to screen bug reports.

jessegreathouse 1 day ago 1 reply      
This is an article about how people are using url shorteners for the wrong reasons and/or not using security on private data.
Animats 20 hours ago 0 replies      
OneDrive publicly writeable? Why is that even possible?
tedmiston 20 hours ago 1 reply      
IMO the author is conflating two separate "issues".

> TL;DR: short URLs produced by bit.ly, goo.gl, and similar services are so short that they can be scanned by brute force.

This is not the issue for OneDrive. Everyone knew this already, right?

For Google Maps, it's definitely more nuanced. I'm glad Google acted swiftly.

> Our scan discovered a large number of Microsoft OneDrive accounts with private documents. Many of these accounts are unlocked and allow anyone to inject malware that will be automatically downloaded to users devices.

This is the issue for OneDrive. I'm not a OneDrive user, but if the documents are publicly editable per a setting the user controls, this isn't a "vulnerability" either.

Grue3 23 hours ago 0 replies      
Seems like the problem is not with the URL shorteners, but with OneDrive braindead security model. Somehow having a link to one file allows the attacker to see all the user's files? What were they thinking?
bognition 1 day ago 3 replies      
Honestly this title feels a bit like FUD. Sure restricting the space of possible URLs decreases the difficulty of brute forcing urls, but honestly if you don't want something publicly accessible put it behind a auth wall.
nxzero 1 day ago 1 reply      
To me, this is like saying Base64 encoding is dangerous; sure, if you think Base64 is encryption and are using it to store passwords, please stop.

Almost all tech can be used in the wrong way, this does not make the tech bad if use correctly.

aokyler 23 hours ago 2 replies      
I agree this could become a big issue - but I wouldn't consider it a "security vulnerability" per se.

URLs aren't secure, and shouldn't really be considered so.

neil_s 18 hours ago 0 replies      
What's more worrying to me than the enumerating of all short URLs, is the directory traversal when you know one URL. This is someone I know, and have specifically shared one file with, being able to see ALL my other documents. Glad to see that's gone now.
e0m 21 hours ago 0 replies      
This probably can be significantly helped from a UI design perspective. As more and more services auto-shrink links for readability there may not be as much of a compelling need to shorten links. Why in 2016 must we keep displaying everything as "raw text". This is a perfect example of the power of richer displays.
0xf005ba11 15 hours ago 0 replies      
Instead of trying to make brute force more costly, couldn't these services make it impossible, by forcing the fulfilment of a CAPTCHA when trying to expand/follow a shortened URL?
dorfsmay 1 day ago 0 replies      
As a very late adopter of twitter, I was shock when I first run into shortened URL, not understanding their values and seeing only the risks.

Interestingly, a lot of email client also replace links by their own creating similar risks, but nobody talks about those...

I have to applaud Slack for displaying and linking to links the they were meant to.

elwell 15 hours ago 0 replies      
One solution [0]: Password Protected URL Shortener http://thinfi.com/

[0] - at the cost of usability

finnn 18 hours ago 0 replies      
Is anyone else getting the following JSON for all requests to 1drv.ms?

{"error":{"code":"generalException","message":"General Exception While Processing"}}

rkeene2 23 hours ago 1 reply      
My URL shortener makes the user come up with their own short URL so they can decide how long to make it.


wickedlogic 1 day ago 0 replies      
I'd still like to see delete added goo.gl
xpda 23 hours ago 2 replies      
It's hard to believe so many people consider the use of shortened URLs a security measure. It is not, and was never intended to be. A URL is exposed, by definition, whether long or shortened. A shortened URL is a convenience, not a security tool. Some people misuse base64 encoding for "security" as well, but it does not mean we should get rid of base64 encoding.
cyc115 12 hours ago 0 replies      
simple script to brute force goog.gl urls for fun.:) https://gist.github.com/cyc115/f22db26de6a5d723ef6094a97f0ed...
nilved 22 hours ago 1 reply      
This vuln probably also exists on imgur
makecheck 22 hours ago 0 replies      
There is nothing inherently wrong with a short URL, provided that supporting infrastructure has proper security.

Even now, if you connect to your favorite trusted long domain names, nothing stops that from being totally hijacked by an untrustworthy Internet service provider or other entity that has access (or more insidiously, inserting crap like ads that were not in the original source).

And heck, long URLs are suspicious as well. Im sure by now everyone has received one of those ridiculous "important@facebook.com.kdsjfksdjfkdsfjdskfjdskfjdskfjdskfjdskfjdskfjdskfs.oopsmalware.com".

The push should be for broader adoption of mechanisms that make it hard to subvert what you download, and easy to verify what will happen when you click a link.

athenot 1 day ago 0 replies      
This article is more interesting from a UX point of view. It seems that many people think the gibberish-ly looking URL, however short, is nice and safe. That confers a false sense of privacy.

The part about automatically-generated short URLs in MS docs is (was?) worriesome. Few users understand the implication of having a public URL that directly references their document which, in all likelihood, were intended for a restricted audience.

I should point out that Slack has the same bug, though their URLs are simply obfuscated with a longer token. Shameless plug: Cisco Spark[0] has solved that with end-to-end encryption.

[0] https://support.ciscospark.com/customer/en/portal/articles/1...

Pxtl 1 day ago 0 replies      
Sounds like the web-office tools need a "partially public" option. I mean, I want to do whatever, whenever to my private documents, but when I open a document for public editing because my collaborators don't have a google account and so I just share out a long-URL with them, the expectation is that the worst thing that coudl happen is that a malicious actor that finds the URL could mangle the document and I'd have to revert it.

Giving my collaborators enough power to inject executables is far beyond my needs and my intent when I make the doc "open". At worst I'd expect to find a document edited with a link to an external malware exe, not some horrifying autorun problem.

You could also do warnings when the user clicks a link ina publicly editable doc "this document is publicly editable, which means that any rando on the internet might have set this link, not just your buddy who made the doc. Are you really sure you want to go there?"

Keeping secrecy the exception, not the rule microsoft.com
402 points by tbrownaw  15 hours ago   119 comments top 20
matt_wulfeck 13 hours ago 1 reply      
This is a great letter from Microsoft Nouveau and I applaud them for taking a stand. It's on us as citizens to exercise our rights and bring about change and reform.

I think we should also remember those that took a stand early and paid the price, such as former Quest CEO Joseph Nacchio who was run under the bus for not being an accomplice to the NSA [1].

1. https://www.rt.com/usa/qwest-ceo-nsa-jail-604/

gozur88 14 hours ago 7 replies      
The right way to deal with this is to set up your system such that you can't turn over customer data because it's encrypted with a key to which only the customer access.
drtillberg 13 hours ago 2 replies      
If the government can require Microsoft to break the contractual and fiduciary commitments to customers to protect data and report on what happens to it, can the government also require individual employees to break their commitments to their employers? Agents show up at data warehouse on 1000 Main Street, tell the employees they are prohibited from contacting their bosses, ever. What is the limiting principle, where does it end?
Zelmor 5 hours ago 4 replies      
Nice PR spin, but I do not believe their lies. They are just riding the Apple-PR-train, and people are eating it up wholesale. The whole of win10 is open to machinations and spying on you. You even sign your privacy away in their eula.

Do not believe their lies. Microsoft is a harmful entity.

e12e 10 hours ago 1 reply      
It just occurred to me, reading: "To be clear, we appreciate that there are times when secrecy around a government warrant is needed. This is the case, for example, when disclosure of the governments warrant would (...) allow people to destroy evidence and thwart an investigation.", that we shouldn't be too broad in denying the ability to destroy evidence or thwart investigations.

Consider charges of conspiracy, or of access to classified material. If the suspect destroys the evidence, and commits/have not already committed any other crimes -- should we really use the resources to investigate and prosecute such thought crimes?

We risk loosing sight of the fact that punishment is not a goal, it's a means to an end. Hopefully that end is a free and safe society.

ComodoHacker 6 hours ago 1 reply      
I have a growing impression that big tech players have developed a cooperative strategy and coordinate their moves to protect users' data in the cloud. And that movement has no altruistic or politic roots but strong economic ones. They just HAVE to ward off any needle threatening to stick the cloud bubble they made huge bets on.

And this is good for the public.

cjslep 14 hours ago 1 reply      
As someone far removed from practicing law, what are the ramifications if Microsoft fails? Would nothing change? Would others be barred from ever suing the U.S. Government for the same reason?
mikx007 4 hours ago 2 replies      
Can the government force a private business entity to lie to their customer? If not, then why can't Microsoft just setup some sort of service/status report that basically outputs "no" if and only if the government did not access data and "unknown" otherwise.
conradev 10 hours ago 0 replies      
I'm glad that Microsoft is speaking up, especially given their past history:


nxzero 13 hours ago 3 replies      
Beside Moxie, is anyone else having success expanding the use of encryption?
joeyrobert 10 hours ago 1 reply      
> Over the past 18 months, the U.S. government has required that we maintain secrecy regarding 2,576 legal demands, effectively silencing Microsoft from speaking to customers about warrants or other legal process seeking their data.

So should Outlook.com be considered insecure if the US government can access it at any time without you knowing? Microsoft should be able to inform you whether or not your information has been leaked. I hope Microsoft wins.

StephenConnell 13 hours ago 1 reply      
Good for them. Sounds well thought out.
tehwebguy 13 hours ago 1 reply      
> To be clear, we appreciate that there are times when secrecy around a government warrant is needed. This is the case, for example, when disclosure of the governments warrant would create a real risk of harm to another individual or when disclosure would allow people to destroy evidence and thwart an investigation.

So, like, every criminal investigation of a person who uses email?

hollander 4 hours ago 0 replies      
The only reason for the abuse of secrecy, is to keep the abuse secret.
r3bl 14 hours ago 4 replies      
So, a company that has added telemetry services to 90% of the desktop devices that are impossible to turn off completely (unless you block their entire IP range) is suing someone for not respecting user's privacy? What a joke.
nartz 13 hours ago 0 replies      
Go microsoft!
CiPHPerCoder 14 hours ago 2 replies      
On one hand, I commend Microsoft for doing this.

On the other, I wonder if they would if Apple hadn't already stood up to the government?

braderhart 12 hours ago 2 replies      
Does anyone else find it ironic that this is coming from Microsoft, yet they can't even open source a freaking web browser? Really?
xerxes777 5 hours ago 1 reply      
It's funny because Apple, Google and Microsoft are all public companies and government owns most of their shares. It's not even Apple-PR-train.
golfer 12 hours ago 0 replies      
Secrecy is great for Microsoft when it's in the form of extorting Android OEMs with bogus patents for billions of dollars a year. Or copying Google's search results. But not when complying with government data requests. Got it.
Intelligence Committee Leaders Release Discussion Draft of Encryption Bill senate.gov
378 points by david90  2 days ago   263 comments top 59
mangeletti 2 days ago 12 replies      
Government is trying to make it illegal for one person to keep secrets and whisper them into another's ear.

We can argue all day about how the law doesn't prevent criminals from using technologies (it doesn't, which makes the law idiotic, from a logic perspective), but that's not the important part.

The important part is that this group of folks we're calling Government is trying to prevent us from being allowed to have secrets and whisper to each other.

Government is not as stupid as we'd like to think. Government doesn't believe that "terrorists" will stop using encryption. These laws are not for "terrorists". They're for us. Take away somebody's ability to keep secrets, and you've gained a pretty good advantage over their position[1].

This is about only one thing: leverage; and leverage is power.

1. https://en.wikipedia.org/wiki/Enigma_machine#Breaking_Enigma

callcallcall 2 days ago 6 replies      
Instead of complaining into the echo chamber of comments, here are some things you can do to fight back:

Donate to the EFF: https://supporters.eff.org/donate/button

Call your Reps: http://TryVoices.com

Petition the President: https://savecrypto.org/

tbrake 2 days ago 6 replies      
> "Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order."

How can you utter that sentence and simultaneously not understand why your bill is effectively worthless for its stated purpose?

bcg1 2 days ago 0 replies      
Yikes, "license distributors" are covered entities:

"c) LICENSE DISTRIBUTORS. - A provider of remote computing service or electronic communication service to the public that distributes licenses for products, services, applications, or software of or by a covered entity shall ensure that any such products, services, applications, or software distributed by such person be capable of complying with subsection (a)."

I suspect it would practically impossible for FOSS projects to comply, and everyone who creates or distributes free and open source software that is capable of encrypting anything would fall under this definition. Also I don't see any provision for existing software... if this bill passes, are we just supposed to stop distributing software on Day 1 until it can be rewritten to make it possible to comply?

This bill is astonishingly stupid, even when compared to the unusually high level of stupidity of federal legislators.

tptacek 2 days ago 5 replies      
I'm getting pretty deep into bets on Twitter AGAINST this bill having a chance of passing. My logic is simple: this bill outlaws all sorts of things huge corporations use to protect their networks. No big company I've ever done security work for has ever been OK with crypto keys being escrowed by vendors; in fact, we were often instructed to look for exactly those kinds of features as disqualifiers for products.

I do not believe this Congress will succeed in passing a bill that would require Bank of America to escrow keys with IBM and Symantec.

coroutines 2 days ago 4 replies      
Feinstein is just the worst.

She is the equivalent of Mitch McConnell for the Democrats.

She fully understands exactly what she's proposing and she's the biggest hypocrite for it.

onetwotree 1 day ago 0 replies      
So I work for a company that sells a security related appliance. We sell to mid to large sized enterprise customers.

We made the decision to go with an appliance over hosted services because this way if we get hacked, our customers don't.

Part of our product is a secure secret store, and of course we use encryption for many other purposes. Our customers use our software (or standard tools) to generate their own key material to encrypt their secrets.

Very importantly, we can't help the government, or anyone else, get access to our customers secrets. We can't reasonably be asked to backdoor the software, because many of our customers do code reviews and audits on it before buying.

Can someone help me understand how this law would affect my company and others like it, our customers, and their users?

ewindisch 2 days ago 1 reply      
What this does and doesn't do:

This bill effectively makes it illegal for US companies and persons to build or use secure enclaves / TPMs and to publish cryptosystems without either including backdoors or retaining and storing keys. It also implies that companies would need to store keys indefinitely, otherwise they would not be able to decrypt data, as no time limitations are set on the capability of accessing data.

This would not make SSH or TLS illegal or require users to hand over keys. It could mean that if a US person or corporation contributed to an SSH or TLS library, they could be expected to provide a backdoor mechanism to the government. (EDIT: would not require to hand over keys enmass, or in any way above and beyond current statutes)

Interestingly, this bill covers vendors and presumably US persons that "provide a product or method". You'll still be able to legally use foreign-developed tools. The US would have grounds to ask those foreign agents to decrypt data, but would have limited means of enforcement.

studentrob 2 days ago 0 replies      
Voices [1] is a free app that lets you call, email, or tweet representatives from your phone

It's free and I have no affiliation. I just saw it on r/apple's monthly appreciation thread [2]

Representatives do care about your calls. They get reports on them every day

[1] http://tryvoices.com/

[2] https://www.reddit.com/r/apple/comments/4d71kg/monthly_appre...

tobbyb 2 days ago 0 replies      
There is something inherently despotic about framing seeking basic accountability as questioning the legitimacy of government.

Security has always been the first resort of tinpots and despots for self seeking behavior. Only those ignorant of history or too distracted with material gain and hubris will fall for it. There always has to be a balance because ultimately everyone is safe in a cage. But that's not what we mean by free democratic societies.

Spying on everyone gives some individuals a sense of power and the logical response to that must be to prosecute them in open courts so their regressive mindsets can be exposed for the sickness they perpetuate. Privacy is much more important and valuable than making day to day law enforcement and governance easier.

Now back to the real world if there was any serious interest in dealing with terrorism Saudi Arabia would have been tackled 30 years ago rather than let them fund and spread Wahhabi ideology globally and the latest round of terror. Yet even today they are the USA and UK's closest allies in the middle east while Iraq, Libya, Syria and Iran who have nothing to do with global terror campaigns are casually destroyed with millions dead and millions in disarray making a complete mockery of the world we live in and the humanity we claim for ourselves.

There is no legitimate argument for a surveillance society other than coming from ignorance of history or narrow self interest. It's high time this country makes an example of those emboldened enough to advocate it and reiterate its commitment to its fundamental values.

p01926 2 days ago 1 reply      
They're really hitting the "nobody should be above the law" talking point hard. How fortunate for us it sounds good but doesn't survive even casual scrutiny. Crypto might interfere with investigations, but that is very different from being above the law. There are huge numbers of cases where some perp used encryption and was still bought to justice.

The best analogy I can think of is the document shredder. As a society we accept that individuals can protect their personal privacy and safety even if this occasionally frustrates law enforcement investigations. Shedder manufacturers aren't forced to limit how good a job they do to potentially aid LE as this would do more harm than good. And, after all, if you banned shredders, criminals would still be able to just burn their incriminating papers.

noobie 2 days ago 2 replies      
This is hilariously absurd.

So let's say Microsoft provides me with a computer.

I go make some cool encryption program on the computer. Now I can use the computer to encrypt data.

One court order later and Microsoft is now required to decrypt the data I encrypted using their computer.

All Microsoft did was provide a programmable computer. Now they must do the impossible. This bill is ungodly horrible.

mtgx 2 days ago 1 reply      
> The bill establishes that: No one is above the law.

Yes - except diplomats, journalists, doctors, as well as conversations between people in person are all "warrant-proof", and therefore "above the law" as Feinstein calls it.

As Zdziarski also says in his post below [1], the 4th amendment doesn't grant the U.S. government anything. It tries to restrict the U.S. government from overreach. It says only upon probable cause can the government request personal information, but it doesn't say the government MUST get that information and in a format that's intelligible as well.

But when the U.S. government has started interpreting the Constitution however it gives it more power, even saying that your "emails" can be obtained without a warrant because they've been "opened" [2], or when it believes that spying on millions of people at once is "relevant" to a specific investigation (3-hop spying) then it's no surprise that they also believe the 4th amendment gives it the power to require the data in an intelligible format.

> No new collection authorities. The bill does not create any new collection authorities for the government to obtain communications. The bill simply requires covered entities to ensure that the governments lawfully-obtained evidence is readableso that law enforcement can solve crimes and protect our communities from criminal and terrorist activities.

Well, that's a lie. Until now, only "covered entities" under CALEA could be forced to facilitate spying. Now everyone else can be forced as well, including open source developers. I'd say that's quite an expansion of its "collection abilities", no?

[1] - http://www.zdziarski.com/blog/?p=5912

[2] - https://www.eff.org/deeplinks/2016/04/eff-supports-rep-goodl...

ipsin 2 days ago 2 replies      
The plain-spoken language of the bill is irritating, because it hides how much assistance it provides to the existing surveillance machinery.

For example, it doesn't exempt the FISA court, as far as I can tell, and seems to embrace that use.

I'm having a little trouble with the paradoxes... "Nothing in this Act may be construed to authorize any government officer to require or prohibit any specific design". Is this a fig leaf? If you design a system that makes it impossible for you to comply with the act, you're still required to comply, right?

I pray this can't pass in my country.

mattherman 2 days ago 1 reply      
If you disagree with the contents of this bill, EFF supplies a helpful form for emailing your representatives to express those feelings.


srj 2 days ago 0 replies      
Secure communication between terrorists is impossible to stop if they show any inclination to do so. This will only impact normal people using major online services.

Right off the top of my head a few ways terrorists would thwart this:

- Use end-to-end encryption that's easy to overlay on an existing medium (e.g. PGP).

- Create or use an app that doesn't comply with this law and use that for communication. At least on android all you need to do is allow 'Unknown sources' and you can install apps outside of the play store.

-Use something other than text. Go in an online game and spell something out on the wall.

By repeatedly trying to start this "conversation" it really seems the politicians don't want to accept that it's impossible to prevent encryption at the long tail of users (where the terrorists would be). Instead they're going to stick their heads in the sand. It could be a deliberate attempt to gather session keys for the intelligence services to do their bulk harvesting, but what it definitely won't do is stop terrorism.

phkahler 2 days ago 0 replies      
How can they not see the contradiction? "We want your data to be secure, but we also want US to be able to see it." Technology and math in particular doesn't know who is who, and equations don't behave differently because someone writes a law. Seriously, RSA is just M' = M^E mod N. You can publish your public key in the newspaper and have people send you encrypted messages on a postcard and nobody - even the government - can decrypt it without your private key. A law can't change that, although forcing back doors into OSes will eventually lead people to using end-to-end encryption more.
rwhitman 1 day ago 0 replies      
How is it that lobbies from oil, guns, banks, telecom have historically been so powerful in passing legislation through Washington, yet the software industry is still so completely limp at protecting it's political interests?

I feel like politicians see tech as an easy target to walk all over to rally the technophobe base, and with good reason - there's really no consequences for doing so.

Why is a company like Apple, at time when it has a historic stockpile of cash, trying to duke out political battles by writing open letters to the press and appealing for public support to uphold basic security practices when other industries manage to bend political will in their favor to do truly greedy things at the public's expense on a regular basis?

vermontdevil 2 days ago 0 replies      
Key for me is to identify certain dangerous provisions that has a high chance of sneaking through and becoming law.

I'm sure the senators involved put in as much outrageous stuff knowing it'll be watered down. This with the hopes a few key provisions are not watered down.

That's why in my opinion that bills like these should not be put up for discussions, amendments, and vote. I fear the worst though.

roldie 2 days ago 0 replies      
I wish Congresspeople were held to the same standard as the rest of us. This kind of lack of understanding of technology (intentional or not) is evidence of gross incompetence. Feinstein/Burr should be expelled. We all would fired if we demonstrated this lack of ability
TazeTSchnitzel 2 days ago 0 replies      
From reading the draft, it doesn't seem to say what happens if it is not technically possible (or practical, anyway) for the entity being ordered to comply.

Will they simply be held in contempt of court until they finish brute forcing an encryption key at the heat death of the Universe?

zmanian 2 days ago 3 replies      
What Silicon Valley needs to make it's voice heard here and to do that they need to pull back donations not just to Feinstein but to the Democratic Party until this disaster is withdrawn
idipous 2 days ago 0 replies      
What this bill says pretty much is that all US entities are not allowed to use secure encryption methods and practices. They can offer encryption but at the same time the implementation should be flawed in such a way that it can be reversed via a "backdoor" or a vulnerability.

That is the essence of the bill in my opinion and nothing else.

andrewmutz 2 days ago 2 replies      
I genuinely don't understand what the bill would do. This section seems to place no restrictions on the design of devices:

(b) DESIGN LIMITATIONS.Nothing in this Act may be construed to authorize any government officer to require or prohibit any specific design or operating system to be adopted by any covered entity.

If the bill says the government cannot place restrictions on the design of devices, but the bill says providers have to do things they can't do with existing designs (e.g. Whatsapp end to end crypto) what does this bill actually do?

konceptz 2 days ago 0 replies      
>>or any person who provides a product or method to facilitate a communication or to process or store data.

So any crypto researcher, in the USA, must be able to also defeat their own 2 channel crypto?

Also, since government compensation is listed, how does that work with intractable cryptanalysis of said work?

zmanian 2 days ago 0 replies      
Technically literate folks need to treat encryption regulation the way gun enthusiasts treat gun control. This must become utterly politically toxic to get involved with.
sklivvz1971 2 days ago 0 replies      
This bill is a joke, right? Right? Anyone?

This would ironically only jeopardize the safety of law-abiding Americans and lawful American interests. It would be utterly useless for anything else, including terrorism, espionage, criminality and foreign interests.

Quanticles 2 days ago 0 replies      
As far as I can tell, this is a win for encryption. It says that device manufacturers need to help law enforcement break into a device, but they do not need to create any backdoors. If Apple/Google/etc make it impossible for them to break into their own devices, then there is nothing that they can do. As long as they are not required to include backdoors then encryption wins.
ipsin 2 days ago 0 replies      
Any odds-makers want to speculate on the odds of this going all the way?

It seems like this could be an anchoring tactic -- now that we've seen the intelligence and law-enforcement wish-list, we should supposedly be happy with any other "compromise" bill that's not quite as apocalyptic.

FussyZeus 2 days ago 0 replies      
Politicians legislating for technology is the best real life example of the blind leading the deaf I've ever seen. We should add a constitutional amendment that requires the voting representatives understand the topic for which they're voting in order to have their votes count.
hathym 2 days ago 1 reply      
I believe that is someone hacked into the senate systems and exposed some secret data, maybe they would change their mind about this law?
peterwwillis 2 days ago 0 replies      
I would actually be okay with this if I had any faith whatsoever that court orders would be issued based on significant evidence that a crime was planning to be committed or had been committed. But as we've seen over the past 5 years, secret orders are given with gags based on practically zero evidence and gather up the data on an unlimited number of people, for effectively no purpose.

We can't trust the Government to properly issue court orders anymore, so it would be irresponsible for the People to give them any more power than they've abused already.

joesmo 2 days ago 0 replies      
This makes the FBI's requests to Apple look like child's play. I cannot possibly see how our tech economy can survive once all these backdoors are in the hands of criminals (other than the US govt) and enemy states. Feinstein is especially known for her extreme stupidity but killing one of the last prosperous industries in America (tech), this is just simply too much. At least we'll know who to blame when no one wants to buy US tech anymore.
giaour 1 day ago 1 reply      
I'm not a lawyer, but it seems like complying with this law would preclude compliance with HIPAA, ISO 9001, various NSA-IAD directives, etcetera. Compliance with standards like those is often written into government contracts and sometimes required by statute or policy.

If this law passed in its current form, wouldn't entire industries have to choose which laws to break when storing data?

xupybd 2 days ago 1 reply      
"Certain communication service providers that distribute licenses for a covered entitys products and services also must ensure that these products and services are capable of providing information or data in an intelligible format."

I'm having trouble understanding the meaning of that, but is it saying if you provide a means of encrypting customers data you must be able to access it unencrypted?

irixusr 2 days ago 1 reply      
Another brick in the wall.

What are we going to do a out it? Maybe Wikipedia or Google will deface their own websites, and the bill will die only to resurrect shortly after.

A better solution would be for the millions of tech workers to unite and vote GOP just to send a message that we don't automatically vote for anyone or any party.

If California's vote is locked for a certain party, then it is taken for granted.

arnonejoe 2 days ago 1 reply      
How would this be enforceable with e to e encryption? The defendant could simply claim the private key has been lost. Then what??
nxzero 2 days ago 0 replies      
Easily see criminals stealing non-criminal systems, user-accounts etc. - and sending encrypted data from them.

Basically, hackers just offer plausible deniability as a service, ransom evidence that you weren't the party sending the data, setup human targets, etc.

To submit a bill like this shows a complete disregard for how it will function in the wild.

irixusr 2 days ago 0 replies      
Think of every demographic in the US that politicians whore themselves to. The most successful ones are not always large. But they vote as a block, in high numbers, and are not overly faithful to any party.

Tech workers should support senators like Wyden or R. Paul and take steps to really knock down Feinsteins or Burrs.

sbov 1 day ago 0 replies      
I'm always conflicted with this.

On one end, I feel like security is hard enough that we don't need to go weakening it, in any way, to allow the government to be able to (with a lawful warrant) read the data. I feel like the citizens of the US are overall more secure with end to end encryption that no-one can backdoor.

On the other end, security is hard and we fail in so many other obvious, exploitable ways. Even with mandating that e.g. Apple be able to decrypt the contents of any iPhone it does not actually reduce our security in a meaningful way because there's so many other ways we routinely fail at security.

justinlardinois 2 days ago 1 reply      
Does this actually expand current law? The government already has the ability to subpoena customer data, including encryption keys.

> The government cannot require or prohibit any specific design or operating system for any covered entity to use in complying with a court order.

This seems to specifically exclude one of the main concerns of the whole Apple/FBI thing.

I also don't see anything explicitly requiring back doors or security loopholes.

If a customer's data is encrypted and the service doesn't have the keys, I'm not sure how this bill would help.

Of course, if it really doesn't change anything, I see that as a reason to not pass the bill.

elcct 2 days ago 0 replies      
So this is going to go level above War of Drugs in terms of US retardness.
nxzero 1 day ago 0 replies      
For anyone that thinks either the government, or that matter the general public, doesn't understand the intent of the bill, you are wrong.

Government clearly understands what is going on and has every reason to support laws like this.

What may not be clear, is that in my opinion, average person understands what is going on, but is afraid. Understanding this fear, and how to counter it is the key, not figuring out how to help people understand how the bill would function in the real world.

tzaman 1 day ago 2 replies      
A not so rhetorical question: If a bill like this passes, would it make sense for the privacy-aware companies to move completely overseas (like, to UK) where these laws to not apply?
tombert 2 days ago 0 replies      
Maybe I'm a bit confused; if this bill were to pass, would this make SSH illegal? How about geli on FreeBSD? Am I going to be required to hand over my encryption keys on my server?
digitalneal 2 days ago 0 replies      
Good time to try to push a bill like this thru. News is too obsessed with Trump to try to dive into a critical thinking issue.
LinuxBender 1 day ago 1 reply      
Apologies, this will be an unpopular opinion.

If encryption is deemed illegal for whatever reason, then perhaps start creating new things that legally don't fall under the category of encryption, but accomplish the same thing.

There are countless creative, imaginative and intelligent people on this site. PR teams, please let folks brainstorm first.

zxv 1 day ago 0 replies      
The bill may allow the government to force a software vendor to perform work without any agreement regarding costs. It allows the government to decide "reasonably necessary costs".

Once any work has begun, the government can force (subpoena) the vendor to testify regarding results, without any payment whatsoever.

tempodox 2 days ago 0 replies      
There was never any serious privacy in the U.S. but if that bill would pass even the fig leaves would vanish.
artursapek 2 days ago 1 reply      
Would this outlaw PGP?
hellbanner 2 days ago 1 reply      
This is requiring tech companies to provide decrypted data, yes.

I want a private key that is only creatable by N separate individuals, who will only release their part of the key when they can ascertain I am not under coercion. Is there a system that does this?

RIMR 1 day ago 0 replies      
Passing a law against strong encryption will totally prevent terrorists from using it to conceal their communications. I mean, how are they going to encrypt their data if it's illegal to do so? /s
ferongr 2 days ago 1 reply      
What's the probability of this bill actually becoming law?
elcct 2 days ago 1 reply      
Speaking foreign language counts as use of encryption?
SeanDav 1 day ago 0 replies      
All I can say is George Orwell was a clairvoyant genius. Right now it looks like his only mistake was he did not go far enough.
modscensor11 2 days ago 1 reply      
Just a reminder that trying to discuss these matters on HN is a bad idea as the moderators routinely bury any anti government sentiments and articles, ban accounts and IPs which are critical of the government and allow government sock puppets to control the conversation.

Then mods only defense is to say trust them and none of this is true, but ample evidence exists to the contrary.

American government is corrupt and HN Moderation policy is to abide and abet that corruption.

hawleyal 1 day ago 0 replies      
Dianne Feinstein doesn't understand the law.
prirun 1 day ago 1 reply      
I think policy makers do not understand how easy encryption is to use. I'm sending this letter to help them understand a little better why this bill makes no sense and will not prevent criminals nor terrorists from hiding data if they want to.

Dear Senator,

I am writing today to explain how a draft bill, the Compliance with Court Orders Act of 2017, will affect me.

For the last 7 years I have been developing a data backup program, HashBackup. HashBackup allows people to securely backup their computer data to cloud storage, without worrying about the storage company or one of its employees accessing confidential data through the use of strong encryption.

There are many reasons for maintaining strict confidentiality:- financial records- medical records- company trade secrets- top secret intelligence- general privacy protection- and yes, committing crimes

The purpose of this bill as I understand it is to compel any person or company who provides software or devices that can create unintelligible (encrypted) data, to assist the goverment in producing the original, unencrypted data, with a court order.

The critical piece of information to have in order to produce the original data is the encryption key. Without that, no one in the world can produce the original data, whether they wrote the software or not. So this bill's ultimate purpose is to compel individuals and companies selling encryption products to use subversive technical means to obtain encryption keys from its customers, presumably without the customers' knowledge.

My backup program, HashBackup, creates keys on each customer's computer. The customer is responsible for their key, just like the lock on their front door. Similar to a lock manufacturer, I do not know or have access to any customers' encryption keys. If the customer loses their key, they lose their backup, and there is nothing I can do to help them recover it.

If my customer uses HashBackup to store their data at Amazon or Google, and the government decides they want that data, I am the one who will get a court order to provide it since I wrote the software that encrypted it. The only way I could possibly comply with the order is to install special "backdoor" code in HashBackup that relayed the customer's key to the government. If customers realize that their encrypted backup data is not really secure and private, I will be out of business.

Our government presents this issue as a way for law enforcement to prosecute crime and prevent terrorism. But as we all know, criminals and terrorist do not obey laws; the laws end up only affecting the law-abiding. If this law is passed, criminals will be unaffected, as they can easily encrypt their own data and hide their keys.

Some people may believe that encryption is a complex technology that only big companies like Apple can use. It is not. Encryption is a simple technology that anyone can use. It doesn't require any special computer skills, training, or equipment. Criminals and terrorists will continue to use simple encryption after this law is passed.

To show how easy it is to encrypt and decrypt messages, here are two very simple programs to encrypt and decrypt messages. These are written in the Python computer language, but similarly simple programs can be written in most modern computer languages.

The first example program encrypts a message. The lines beginning with # are comments to explain what the program is doing:

 import binascii import AES import os # create a key and display it key = os.urandom(16) print 'Key:', binascii.hexlify(key) # here's the message to protect; # add spaces until it a multiple of 16 letters message = 'this is a secret' # encrypt and display the same message 3 times for i in range(3): iv = os.urandom(16) encrypted = AES.new(key, AES.MODE_CBC, iv).encrypt(message) print 'Encrypted message:', binascii.hexlify(iv + encrypted)
The next example program decrypts an encrypted message and display the original secret message:

 import binascii import AES import os import sys # get the key and encrypted message key = binascii.unhexlify(sys.argv[1]) encrypted = binascii.unhexlify(sys.argv[2]) # separate the iv iv = encrypted[:16] encrypted = encrypted[16:] # decrypt and display the original message print 'Original message:', AES.new(key, AES.MODE_CBC, iv).decrypt(encrypted)
Now we show the encryption program creating 3 completely different encryptions of the same secret message, all using the same key:

 [jim@mb ~]$ py easy1.py Key: 9cba06caad965229457652b3ae760595 Encrypted message: 4c77810f6f39946a2e525b2ef0e2fe6ed70201d22bb263734dd3aebbbf11af0d Encrypted message: d262cca8d9da4aa01c36be5dcf2809d212348438752ffea491a13dacd2999ba9 Encrypted message: 0749d160d9e751a67bb908ba8df7800a177e53ea03fad3694bbeab54cd680469
Here is the decryption program changing all 3 encrypted messages back to the original message:

 [jim@mb ~]$ py easy2.py 9cba06caad965229457652b3ae760595 4c77810f6f39946a2e525b2ef0e2fe6ed70201d22bb263734dd3aebbbf11af0d Original message: this is a secret [jim@mb ~]$ py easy2.py 9cba06caad965229457652b3ae760595 d262cca8d9da4aa01c36be5dcf2809d212348438752ffea491a13dacd2999ba9 Original message: this is a secret [jim@mb ~]$ py easy2.py 9cba06caad965229457652b3ae760595 0749d160d9e751a67bb908ba8df7800a177e53ea03fad3694bbeab54cd680469 Original message: this is a secret
An interesting fact you may not realize: one key can be used to encrypt the same message in many different ways. These simple programs above can encrypt the same message, using the same key, 340,282,366,920,938,463,463,374,607,431,768,211,456 different ways.

No matter what laws our government passes, criminals will not obey them. If a criminal wants to keep something secret using technology, it is not hard: all they have to do is privately share a key with someone, then send encrypted message like the above.

An important point is that these encrypted messages can be sent over ANY communication medium. Whether the government has access to them or not, they cannot be decoded without the key. Criminals can encrypt GPS coordinates and times for example, send them as a simple text message, and the government, Apple, nor anyone else would be able to see the original message.

I have no problem with law enforcement doing an authorized search to obtain a suspected criminal's encryption key(s) FROM THE SUSPECT. But as a producer of software, I should not be compelled to violate my customers' trust by stealing their key without their knowledge. Then I become the criminal.

Please do not pass this bill. It will not affect criminals or terrorists - just the rest of us law-abiding citizens.

Thank you,Jim Wilcoxson

antillean 2 days ago 4 replies      
It feels like everyone would be better served if the tech community admitted the legitimacy of the government's (and many, MANY people's) security concerns and stopped pretending that the right to privacy always trumps the right to security of the person. (All occurrences of the string "secur" in that EFF letter[1], for instance, are in reference to data and computer systems. Not one is in [direct] reference to people.) Or, if we don't go that far, we need to at least realise the need for political communities to have serious discussions about how to reconcile those two rights without jeopardising either of them.

The tech community's solutions WAY too often feel like they're motivated only by libertarian concerns for freedom which, while extremely important, are not exhaustively fundamental or final to -- and certainly do not settle the question for -- non-libertarians.

1. https://act.eff.org/action/tell-congress-stop-the-burr-feins...

The Linux Scheduler: A Decade of Wasted Cores [pdf] ubc.ca
434 points by tdurden  1 day ago   129 comments top 18
brendangregg 1 day ago 5 replies      
I've worked scheduling bugs in other kernels before (Linux is not an outlier here). The key metric we keep an eye on is run queue latency, to detect when threads are waiting longer than one would expect. And there's many ways to measure it; my most recent is runqlat from bcc/BPF tools, which shows it as a histogram. eg:

 # ./runqlat Tracing run queue latency... Hit Ctrl-C to end. ^C usecs : count distribution 0 -> 1 : 233 |*********** | 2 -> 3 : 742 |************************************ | 4 -> 7 : 203 |********** | 8 -> 15 : 173 |******** | 16 -> 31 : 24 |* | 32 -> 63 : 0 | | 64 -> 127 : 30 |* | 128 -> 255 : 6 | | 256 -> 511 : 3 | | 512 -> 1023 : 5 | | 1024 -> 2047 : 27 |* | 2048 -> 4095 : 30 |* | 4096 -> 8191 : 20 | | 8192 -> 16383 : 29 |* | 16384 -> 32767 : 809 |****************************************| 32768 -> 65535 : 64 |*** |
I'll also use metrics that sum it by thread to estimate speed up (which helps quantify the issue), and do sanity tests.

Note that this isolates one issue -- wait time in the scheduler -- whereas NUMA and scheduling also effects memory placement, so the runtime of applications can become slower with longer latency memory I/O from accessing remote memory. I like to measure and isolate that separately (PMCs).

So I haven't generally seen such severe scheduling issues on our 1 or 2 node Linux systems. Although they are testing on 8 node, which may exacerbate the issue. Whatever the bugs are, though, I'll be happy to see them fixed, and may help encourage people to upgrade to newer Linux kernels (which come with other benefits, like BPF).

jor-el 1 day ago 2 replies      
The quotes in the paper are interesting: "Nobody actually creates perfect code the first time around, except me. But theres only one of me.Linus Torvalds, 2007

And another, which highlights why there might be many more unearthed bugs, and would probably go unnoticed. "I suspect that making the scheduler use per-CPUqueues together with some inter-CPU load balancinglogic is probably trivial . Patches already exist, and Idont feel that people can screw up the few hundred linestoo badly"

Looking at the bigger picture in general, this again shows that getting software right is not easy. Now and then you still hear about the bugs popping up in the code which is very core to an OS. One I can recall is a decade old TCP bug which Google fixed last year[1].

[1] http://bitsup.blogspot.sg/2015/09/thanks-google-tcp-team-for...

Animats 1 day ago 2 replies      
Scheduling has become a hard problem. There's cache miss cost in moving a task from one CPU to another. CPUs can be put into power-saving states, but take time to come out of them. Sharing the run queue across CPUs has a locking cost. So it's now a cost optimization problem. That's a lot of work to be doing at the sub-millisecond decision level.
edwintorok 1 day ago 2 replies      
Nice work: paper, (upcoming tools), and actual patches.

Wish they'd look at disk I/O next, there are some problems there that are hard to describe other than anecdotically: e.g. my system runs on a SSD and periodically copies data to a HDD with rsnapshot. When rsnapshot runs rm on the HDD things freeze for a moment, (even switching windows in X) although the only thing using the HDD is that rm ...

j1vms 1 day ago 1 reply      
As indicated in the paper, patches (currently for kernel 4.1) are here: https://github.com/jplozi/wastedcores
Someone 1 day ago 3 replies      
Page 8: "To fix this bug, we alter the code that is executed when a thread wakes up. We wake up the thread on the local corei.e., the core where the thread was scheduled last if it is idle; otherwise, if there are idle cores in the system, we wake up the thread on the core that has been idle for the longest amount of time."

I don't quite understand the choice for picking the core that was idle for the longest time. I think they use that as a predictor of future load of the CPU, and scheduling based on future load see,s a good idea, but I think this could lead to cases where it prevents one of more CPUs to go to low power states when the system doesn't have enough work to keep all its cores fully occupied.

(Edit: how did I overlook the following paragraph, where they discuss this issue?)

Also, in general, I think they too easily call changes that remove the corner cases they find fixes. Chances are that they introduce other corner cases, either on workloads they didn't test or on hardware they didn't test (caveat: I know very little about the variation in hardware that is out there)

mmaunder 1 day ago 3 replies      
I'm just a lowly performance obsessed dev who uses things like node, php, python, etc. I run very high traffic applications and spend a lot of time buying and building my own servers to try to eek out every ounce of performance.

So can someone who knows about linux kernel internals explain the impact of this research? I read the abstract and some of the paper and it sounds very promising - like we may get significantly more performance out of our cores for multi-threaded or multi-process applications.

haberman 1 day ago 6 replies      
This is absolutely nuts!

If this result is true, our Linux machines have been wasting 13-24% of our silicon and energy for years (that number is for "typical Linux workloads") because the scheduler fails to fulfill its most basic duty.

The quotes from Linus in the paper just twist the knife.

jondubois 1 day ago 1 reply      
Many people in the Node.js community have had first-hand experience with with this issue. Node.js has had to turn off OS-based scheduling for its cluster module because you always ended up with a couple of CPUs taking all the load (and accepting new connections) while most of them remained idle.

I thought it was either a bug with the TCP polling mechanism or with the Linux OS scheduler itself. It's good that this issue is finally getting some attention.

hinkley 22 hours ago 0 replies      
The bit about creating a cgroup per tty was news to me, and now I'm wondering if the way I usually manage Linux servers scales up to heavy traffic (usually if I'm involved it's small potatoes).

Presumably things started as sysv scripts or even docker containers don't have this problem?

thinkingkong 1 day ago 0 replies      
Some authors appear to work with the old Xen crew (now founders at coho). Impressive work!
thrownaway2424 23 hours ago 0 replies      
I wonder what the impact is on networking loads. Often the most important thing is for a thread to wake on the core with ready access to the packet that woke it. Other scheduling concerns are counterproductive.
akkartik 1 day ago 2 replies      
Is anyone able to explain Figure 1? I don't understand what the levels are, and whether level 1 is the coarsest or the finest. The caption doesn't seem to make sense either way.. Also, Algorithm 1 is in terms of cpus, but the description mentions 'nodes' and 'cores'. Is a CPU a core or a node? Neither?
wutf 1 day ago 3 replies      
This is extremely promising. Makes you wonder if we ought not go further and implement a machine learning-based scheduler that studies and anticipates workloads and schedules accordingly so as to help jobs complete as quickly as possible.
blinkingled 1 day ago 1 reply      
Interesting work certainly. The patches look more like proof of concept rather than something that's ready for mainline.

I think they're better off if they post a RFC patch to LKML as it exists to facilitate discussion and testing.

unoti 1 day ago 0 replies      
It'd be interesting to run the same tests on the Windows scheduler to see how it compares. Anyone know?
nickysielicki 1 day ago 0 replies      
> the scheduler, that once used to be a simple isolated part of the kernel grew into a complex monster whose tentacles reached into many other parts of the system,

That's what I call vivid language!

atemerev 1 day ago 4 replies      
The year is 2016.

Software engineers are still obsessed with squeezing every last drop of performance from a single core, adding multicore or distributed load support as an afterthought.

Sorry, it doesn't work this way anymore. There will be no more single core performance increases laws of physics forbid it. Instead, we will see more and more cores in common CPUs (64, then 256, then 1024 then it will be merged with GPGPUs and FPGAs with their stream processing approach).

Learn distributed programming or perish.

Inky the octopus breaks out of New Zealand aquarium nytimes.com
345 points by jonathanehrlich  2 days ago   243 comments top 21
SpaceX_Tech 2 days ago 3 replies      
A number of years ago I kept two octopuses in captivity and I always enjoy reading articles like this, I wish more people took an interest in them and Im glad to see the audience at HN does.

They really are remarkable animals and unbelievably inquisitive. Trying to keep them from escaping, even from a relatively small 250 gallon tank was always a challenge and I can only imagine how difficult it is to retrofit the larger tanks they inhabit at public aquariums to be escape proof.

They two I kept were incredibly tactile in their curiosity and loved exploring my arms/hands whenever I put them into their tank. They would readily eat small crabs and shrimp right from my fingers and seemed to like playing tug of war, clinging to my hand with a few tentacles and them some of the heavier rocks with the others. Lego blocks, clear acrylic piping, small plastic toys would keep them busy for hours on end.

Many people dont realize this but they are unfortunately (or fortunately for humans) remarkably short lived. Most species live only for 1-1.5 years and even the Giant Pacific Octopus usually only lives for 3-5 years. I would always jokingly remark to friends that if they had a longer life span on the order of a decade or more, they probably would have invented some kind of breathing apparatus and conquered land long ago. They would probably have a much more advanced space program by now as well.

the_rosentotter 2 days ago 3 replies      
A similar interesting octopus story not mentioned in the article:

A particular light in a German aquarium kept short-circuiting and no one could figure out why. Using camera surveillance it was finally discovered that every night, the octopus would climb to the edge of his tank and shoot a jet of water on the light, shorting it. It was speculated that the light had been bothering the octopus' nocturnal routine.


sarreph 2 days ago 17 replies      
It upsets me to no end that we find evidence such as this piece that cephalopods are actually (relatively speaking) remarkably more intelligent than common wisdom pertains[0], and yet the culinary abuse and harm (i.e. 'live sushi/sashimi') of these creatures continues.

[0] - https://en.wikipedia.org/wiki/Cephalopod_intelligence

kobayashi 2 days ago 3 replies      
>Inky is not the first octopus to attract the spotlight. In the summer of 2010, Paul, an octopus in Germany, gained worldwide attention when he appeared to correctly pick the winning team in all seven of Germanys games at the World Cup in South Africa a feat that inspired a song. He has been immortalized in Oberhausen, Germany, with a six-foot plastic replica of him clutching a soccer ball.

To me, this cheapens the article. There are readers who are going to think that the octopus actually predicted those wins, when any thoughtfully rational observer would understand that it was merely a lucky happenstance.

danparsonson 2 days ago 0 replies      
> He managed to make his way to one of the drain holes that go back to the ocean, and off he went, Mr. Yarrall said. Didnt even leave us a message.

Yes he did - the message was 'I don't want to live in a glass box'

bnjmn 2 days ago 0 replies      
In 2016, Inky Dufresne escaped from Shawtank Prison. All they found of him was a muddy set of prison clothes, a bar of soap, and an old rock hammer, damn near worn down to the nub.
DanBC 2 days ago 0 replies      
The linked video is amazing. https://www.youtube.com/watch?v=9yHIsQhVxGM

And here's a "tool using" octopus - carring a coconut shell to hide in. https://www.youtube.com/watch?v=1DoWdHOtlrk

dpcan 2 days ago 0 replies      
Kind-of off topic I guess, but we were just visiting an aquarium in Seaside OR a couple weeks ago, and they famously have an octopus in the tank, with no top on it that you can stand next to and watch it swim around.

While we were there, it was dancing for us, speeding across the tank like I'd never seen. He really looked like he'd love to be free. So the question had to be asked, "What if he wants to get out?"

The aquarium attendant told us something in the vein of, if he gets out, he gets out. If he wants to be free, he will get free.

I thought that was an interesting answer, though I'm still not sure how I feel about it. I can tell you that if it tried to get free while I was there, I'd probably get the heck out of the aquarium. It resembled an alien, and I'm afraid of most giant things from the sea.

danans 2 days ago 3 replies      
I wonder if Inky knew that the drain hole led to the ocean, or if it was a just a lucky break.
hodwik 2 days ago 1 reply      
Just because something has complex self-preservation behaviors does not mean that thing is displaying consciousness. Complex behaviors are witnessed in insects and microscopic organisms, yet they have nothing like a brain.

What's more, we're computer scientists. If anyone should be aware that something can seem intelligent without sentience it should be us. Who here hasn't explored chat bots or game AI mechanics? Yet these inventions are remarkably simple compared with even the most basic of evolution's creations.

Are venus fly traps sentient because they catch food in their "mouths"? Of course not. Our knee-jerk reaction to equate behavior with sentience illustrates just how bad we humans are of seeing reality without an anthropomorphic lense.

It is far more likely that human beings became unusual because of our sentience, not that animals remain base in spite of theirs.

kevinmchugh 2 days ago 1 reply      
I'm currently reading The Soul of an Octopus and it's really joy inspiring. Part pop-science, part memoir, part inter-species romance. If you just come in for science you'll be annoyed by Clever Hans effect and confirmation bias, but that's all pop science writing on animal intelligence.


joshuamcneese 2 days ago 0 replies      
it's behavior like this that caused me to no longer be able to eat octopus, which was one of my favorite foods. but after learning that they are capable of planning and puzzle-solving... i felt guilty after every trip to the sushi place.
mrfusion 2 days ago 3 replies      
Amazing. Most humans couldnt come up with an escape plan like this.

It's possible he exhibiting long term goal oriented planning here.

Have we considered octopi might actually be more intelligent than humans?

Wouldn't it be funny if in the future we figured out how to communicate with them and they ended up solving our hardest problems or making breakthroughs in physics and math?

andrewclunn 2 days ago 0 replies      
Great article until they conflated stupid human sports superstition with cephalopod intelligence.
richardthered 2 days ago 1 reply      
Why is this news story everywhere?!Hacker News, Google News, newspapers, facebook feeds, ... it's like it's following me everywhere I go!

Is there some secret octopus cabal out there that's advancing the secret octopus news agenda?

Joof 2 days ago 0 replies      
Supposedly octopuses have a my h more distributed neural system. Most of their neurons are in their tentacles (we also have neurons in our body, but mostly the brain). I'd love to see an fMRI.
ianphughes 2 days ago 1 reply      
Not to sound too negative, but I kind of feel like the timing of this story is suspect. It seems to be on the heels of numerous articles [1][2][3] from Pixar talking about their new character, which is an octopus, escaping and rescuing Dory the fish.

FWIW, I am a huge fan of cephalopods and have a large octopus tattoo enshrining my admiration for the animal. They certainly are highly intelligent, so the story isn't impossible.

[1] http://zap2it.com/2016/04/finding-dory-director-hank-septopu...

[2] http://www.awn.com/animationworld/ultimate-sidekick-finally-...

[3] http://article.wn.com/view/2016/04/07/8216finding_dory_8217s...

bpchaps 2 days ago 1 reply      
Offtopic (sorry) - why is it that I can't read this short article in full in one screen on a 4k monitor? And why is it that when I move my mouse around, I get about 10 different places where a mini dialogue pops up? Somebody needs to make a new internet.
peter303 2 days ago 0 replies      
I am looking for a big enough crack in my cubicle wall to escape too!
bitwize 2 days ago 0 replies      
The bit with the jailbreaking octopus from Finding Dory comes to mind.
pier25 2 days ago 0 replies      
Octodad anyone?
Announcing Rust 1.8 rust-lang.org
340 points by steveklabnik  1 day ago   153 comments top 15
Perceptes 1 day ago 4 replies      
It's not mentioned in the post, but 1.8 also includes support for installing additional versions of the stdlib for other targets using rustup/multirust[1], which is huge for cross compilation:

 $ rustup target add x86_64-unknown-linux-musl info: downloading component 'rust-std' for 'x86_64-unknown-linux-musl' 13.77 MiB / 13.77 MiB (100.00%) 1.47 MiB/s ETA: 0s info: installing component 'rust-std' for 'x86_64-unknown-linux-musl'
Which allows:

 $ cargo build --target x86_64-unknown-linux-musl
You can get a list of available targets with `rustc --print target-list`.

[1] https://www.rustup.rs/

ultramancool 1 day ago 6 replies      
They should probably change their terminology away from "RFC" for referring to Rust RFCs rather than IETF ones. Maybe RRFCs or REPs something?

In this document is a perfect example of the problem, they list several Rust RFCs by RFC number, then talk about IP RFC based loopback detection, expecting everyone to know that RFC 6890 refers to an IETF one and not a Rust one. I mean, most of us can infer that just by length of the number, but it is pretty ambiguous especially when they're used in the same document like this.

webkike 1 day ago 3 replies      
I've been using Rust more and more for my personal projects. Frankly, I could not give a hoot about the memory management; it's pretty cumbersome to deal with. What I love about Rust is that it's a low overhead language that uses interfaces. I love interfaces! I honestly think that they're the best way to program.
thewhitetulip 1 day ago 7 replies      
I never got around to use Rust, maybe I'll get some good answers here on HN, how does Rust compare with Go/Python/Java?
manaskarekar 1 day ago 4 replies      
Anyone know of any real world applications using Rust?

EDIT: https://github.com/kud1ing/awesome-rust

I'm loving the pace of the release cycle! I don't think I can hold off the temptation to try it out - it's too shiny!

nickpsecurity 1 day ago 1 reply      
Congratulations. Particularly, I think the Tier 1 i686 might get Rust more adoption by Windows C/C++ crowds in commercial sector. Improvements for large files in Linux might aid adoption in backup/archive and streaming servers. Just curious, did Dropbox's feedback have anything to do with that?
cm3 1 day ago 1 reply      
Any word on linux-musl builds so that you can use official rust builds on alpine or void linux? Same question for FreeBSD builds.
0X1A 1 day ago 1 reply      
I haven't quite looked but is there a timeline for when compiler plugins will be stabilized? Interested in using serde but would prefer using macros
harveywi 1 day ago 1 reply      
Does anyone have any information about when/if we will see support for higher-kinded types in Rust? There is the RFC thread on Github (https://github.com/rust-lang/rfcs/issues/324), but I haven't been following the trajectory very closely, and a quick synopsis would be wonderful and appreciated.
quotemstr 1 day ago 1 reply      
Does Rust still abort on OOM? I won't use it by choice while it does that.
optforfon 1 day ago 1 reply      
A few days ago I posted a comment with my problems with C. Can you use Rust as a better C/cross-platform-assembly?

does it have native support for

- vectorization/SIMD

- hinting at likely branches

- prefetching memory

- forcing or blocking inlining

and all the magic in gcc C extensions

vbit 1 day ago 1 reply      
BTW, does rust come with some kind of ide support tools, e.g. a commandline tool for autocomplete?
EugeneOZ 1 day ago 1 reply      
Finally I'll switch to Serde JSON :) I use beta and beta is 1.9 today, with awesome features stabilized!
ysh7 1 day ago 1 reply      
Great news!! Yet is vagrant a real contributor? Or someone messed up his git user.name?
mtgx 1 day ago 1 reply      
Anything big (bigger than usual) planned for 2.0?
Merkel allows prosecution of German comedian who mocked Turkish president washingtonpost.com
309 points by doener  1 day ago   5 comments top 3
dang 22 hours ago 1 reply      
dijit 1 day ago 0 replies      
joesmo 21 hours ago 0 replies      
If it wasn't clear before, hopefully it's crystal clear now from this idiotic demand that Turkey is in no position to join the EU in its current state. Erdogan is human scum and he's making sure of that in many ways these days.
House Passes Bill to Sabotage Net Neutrality eff.org
297 points by finnn  17 hours ago   62 comments top 6
jimrandomh 16 hours ago 11 replies      
Some clarity is badly needed here. If you don't know some fairly arcane details of what's going on in Internet regulation, this looks as though it just prevents the FCC from setting price floors and price ceilings, which would be fine.

What's actually going on is fairly complicated, because there are five different parties involved: the consumer, a consumer ISP such as Verizon or Comcast, a backbone provider such as Cogent or Level 3, a business ISP such as Linode or AWS, and a business with a web site. The wires look like this:

 Consumer --- Consumer-ISP --- Backbone-provider --- Business-ISP --- Website
And the flow of money looks like this:

 Consumer --> Consumer-ISP --> Backbone-provider <-- Business-ISP <-- Website
For each connection, there is someone paying money who can take their money elsewhere if that connection is too slow. What's happening is that some consumer ISPs aren't happy with only being paid by consumers, and want websites to also pay them. That would make the flow of money look like this:

 Consumer --> Consumer-ISP --> Backbone-provider <-- Business-ISP <-- Website ^_____________________________________________________|
The problem is that this arrangement would have businesses paying money to ISPs that they didn't choose, and can't walk away from. From a consumer's perspective, if a web site is slow, it looks like the website's fault rather than their ISP's fault, which distorts the incentives. This sort of arrangement isn't really compatible with free-market incentives, since the flow of money doesn't match who's providing services to who; it's less like normal business, and more like extortion.

Unfortunately, I don't expect Congress to have access to clear explanations of all of this. But if you happen to have a congressperson's ear: rather than convince them of a position, please make sure they understand the full shape of what's happening. They're smart enough to draw the correct conclusion, but are constantly bombarded by misinformation.

nxzero 16 hours ago 0 replies      
TLDR >> "a bill that would undermine the FCCs ability to enforce key net neutrality protections."

"Fortunately, President Obama has said that he will veto the bill if it reaches his desk."

Fice 6 hours ago 0 replies      
Removing net neutrality is like allowing supermarkets to buy separate lanes on crowded city roads exclusively for use by their customers.
tzs 5 hours ago 0 replies      
Vote breakdown by party (D = Democrat, R = Republican):

 R D Yes 236 5 No 0 173 Not Voting 9 10
The 5 Democrats who voted yes were Kyrsten Sinema (AZ 9th), Jim Costa (CA 16th), Scott Peters (CA 52nd), Collin Peterson (MN 7th), and Albio Sires (NJ 8th).

tacos 16 hours ago 2 replies      
The EFF really needs to spend their bullets more carefully. And instead of these panicked press releases in response to the normal machinations of government, perhaps find a way to get their opinions heard and words inked while the bills are being drafted.

Their only tool has been a hammer for decades now. And it's wearing thin.

You can't kill every bill just because something is poorly worded -- even if you scare smarty/lefty internet people into believing the whole point is the worst possible construction. Frankly, we don't have that much power. Time to build up the rest of the toolbox.

ageek123 16 hours ago 2 replies      
The headline is a huge overstatement relative to what the press release says, which itself is scaremongering relative to what the bill itself says.
He Got Greedy: How the U.S. Government Hunted Encryption Programmer Paul Le Roux atavist.com
345 points by katiabachko  2 days ago   112 comments top 25
nickpsecurity 1 day ago 2 replies      
Another great, fun write-up by Ratliff. I'm surprised by by a number of things which I'll comment on in a disorganized way. :) One is how often Israeli commandos turn up in these organizations. In parallel, there's their well-known effectiveness plus the risk of Mossad connections that can burn you. Mexican cartels, Colombian, Paul Le Roux... they all buy them up. Cheap, too. I'd like to hear their logic on that.

That he was still producing 200kilos out of thin air was interesting. Operations are still going somewhere with possibly millions moving. Either his that are still running autonomously or others with him just having 3rd parties that can pull a huge transaction at once.

His OPSEC sucks. I mean, I'm amazed that he didn't get caught earlier in some unrelated investigation using his real name and emails on all kinds of shady stuff. Many I know are too paranoid to do that thinking someone would connect dots. He did it and nobody connected dots until piles of high risk crimes added up with benefit of easy tracing. Even police said a little more obfuscation would've thrown them. This means we've overestimated the police's ability to connect dots on suspicious items. Just don't know how much.

Spamhaus says a quarter of stuff came from this company. I read much in INFOSEC but never heard them connect it to something like this. Another "under the radar" aspect that's amazing. Plus, owning a registrar for spam cover is excellent example of subversion at protocol level.

$200-400 million a year could buy tons of INFOSEC and OPSEC. He could've rebranded under a new company to move his name further from the transactions. He could've potentially paid his Israelis to straight up break in and steal/alter records. He could've dropped a few mil strategically in Brazil on key people to spot legal and financial risks along with strats people use to dodge or buy cops. Before he went there. Far as Liberian deal, he should've sent one of his well-paid, experienced people to negotiate that. At his level, he should never leave protection or associate himself with something that's tainted. And when busted, getting immunity to flip is a rational option in his situation but admitting to murders was just stupid.

How about "An arrogant way of living?" Haha.

aws_ls 1 day ago 1 reply      
"In the early days of RX Limited, employees purchased individual web domains at public sellers like GoDaddy. Later, RX Limited spawned its own domain-selling company, ABSystemsthe equivalent of opening a printing press for web addresses. But instead of selling those addresses to others, ABSystems generated them by the thousands, virtually for free, exclusively for RX Limited."

This guy knew how to scale! Started/bought a domain registrar to generate the so many spammy sites needed to sell all those drugs.

Another unrelated point. He found himself in a career crisis in 2002, and also discovered he was adopted, which according to this series (and some Australian media articles) disturbed him. And there are two distinct career paths before and after it.

Although, I am filled with disgust at his actions, esp. he got people killed. But it also stuns me the amount of "progress" he did in a span of less than a decade from 2002 (assuming by 2011 he was done with it, sort of).

hackuser 1 day ago 2 replies      
Halfway to the airport, however, Le Roux switched tactics, said Stouch. He just essentially said he was no longer going to resist and that he would cooperate with our commands. According to the DEA, Le Roux waived his Miranda rights somewhere over the Atlantic and agreed to tell them everything he knew.

What miraculous luck that such a thing would happen, purely of his own free will.

allenbrunson 1 day ago 2 replies      
hacker news is not cool with link shorteners. most link shorteners (bit.ly, et al) are banned here. chances are good that the only reason this particular shortener isn't banned yet is because dang is not aware of it. should be replaced with this article's true url:


c6bb950be 1 day ago 2 replies      
This is a very interesting story
SEJeff 2 days ago 1 reply      
Another absolutely fantastic article on this same guy:


nxzero 1 day ago 4 replies      
Weight of 342 bars of gold would be 4255-kg (9381-lb)...

...find it hard to believe the carrying capacity of an average taxi would support this.

altotrees 2 days ago 0 replies      
So excited to red this installment. So far, this series has been fantastic. I had no idea who Le Roux was three weeks ago, let alone his shadowy background and connection to tools I have used in the past.

Thank you for the great work.

DyslexicAtheist 1 day ago 0 replies      
"... Then the arms ship MV Captain Ufuk was intercepted off the coast, Sol told me, the DEA knew that Le Roux was behind that shipment right away. Because La Plata Trading and Red White and Blue Armscompanies tied to the shipmentconnected back to ABSystems, and the websites were registered to him. ...*

quite poor opsec skills obviously not as tech savy as they painted him

smellf 20 hours ago 2 replies      
Is this the same Paul Le Roux who wrote the original software that TrueCrypt was based on?


dates 2 days ago 0 replies      
YES my lunch break is going to rule, reading this. i love this series so far!
danso 1 day ago 1 reply      
I'm assuming that this submission's headline differs from the original ("He Got Greedy") to make it more useful for HN readers...but I wish it were how other reputable news sites, such as The Washington Post, constructed their linkbaity headlines: `the-short-answer: the linkbait phrase`

As a reader, it makes me no-less interested in the content.

Swinx43 2 days ago 0 replies      
This has been a fantastic series of articles! I absolutely love this. Evan Ratliff is simply a superb writer in long form journalism.
ericjang 1 day ago 4 replies      
Among the most closely-guarded troves of knowledge in the world are those pertaining to organized crime. This stuff is so dramatic and interesting because it is sort of "forbidden knowledge".

I have high hopes for Quora (one of the YC portfolio companies) because they are trying to make accessible this sort of locked-up knowledge.

bronz 1 day ago 2 replies      
I am fascinated by TruCrypt and Bitcoin -- they had a very big impact on the world but their authors are completely unknown. Are there any other instances of things like that?
rpgmaker 2 days ago 1 reply      
Does anyone know if this is the last installment or how many there will be?
unixhero 1 day ago 0 replies      
Yesssss i have been waiting hard for the next part of the story. Ut's totally riveting.

I would pay for more of this!!! [And or for future investigative journalism of this incredible scope]

arprocter 1 day ago 1 reply      
Something which confuses me about the pharma sites is that most of the pills being sold seem pretty obscure, yet they clearly managed to earn a fortune
fweespee_ch 1 day ago 1 reply      
> He got greedy, Jody continued. He probably could have closed up shop in 2006 or 2007, been a rich millionaire, and never have been investigated at all.

This does seem to be a common thread with highly skilled and intelligent criminals. Their pride convinces them they can keep going when the truth is it is time to pull the ripcord years before they got caught and walk away with all the wealth a person would ever need to live happily ever after.

viral_krieger 1 day ago 1 reply      
I wonder why he was so willing to talk.
Taylor_OD 1 day ago 0 replies      
I love this series thus far. So interesting.
johnmoore 1 day ago 0 replies      
That story would make a class movie.
venomsnake 1 day ago 0 replies      
One of the things that annoys me about the series is we read only anout his botched stuff. None of the successes. He does not look like that big of a fish.
johnmoore 1 day ago 0 replies      
When is the movie lol
cornchips 1 day ago 0 replies      
Altgeld Garden Drug Co was in the middle of an interesting location... One of two registered... Altgeld Gardens is one of "Chicago Housing Authoritys largest housing development."


Altgeld Garden Drug Co., Chicago pharmacy license (054-003512) revoked and Erskine A. Cartwright III, Chicago pharmacist license (051-033091) suspended for 30 days followed by probation for two years after information came to the Department's attention thatfrom on or about the Fall of 2006 continuing to on or about the summer of 2007, the pharmacy dispensed a substantial quantity of prescription drugs, including controlled substances, pursuant to orders received electronically issued by physicians for patients who are alleged to have ordered the drugs via the internet. Additionally, the Department was not notified 30 days in advance of the pharmacy's closing. [1]


Street Address: 912 e 131st st, EVERGREEN PARK, Il 60805, USWebsite Address: RXINFODEPOT.COM^^VIAGRACHEAP.COMCompany Email: gamble8@msn.com [2]

Now a thrift store: st vincent de paul... Le Roux :-P


email above is associated with C-21 Dabbs & Associates [3]

maps: https://www.google.com/maps/@41.607956,-87.8476405,3a,50.4y,...


"Mr. Erskine A. Cartwright entered into rest on Sunday, February 23, 2014" [4]


The other registered location is 974 East 133rd St [5]


re c21 dabbs president - Karen Capriotti, Richton Park real estate managing broker license (471-015345) automatically revoked for violating the terms of a non-disciplinary order issued by the Department on April 8, 2013. [6]


Erskine A. Cartwright, contributor of excellence to the Xavier University [7]


disciplined in 2011

Probation01/01/201212/31/2013after information came to Department's attention indicating that from on or about the Fall of 2006 and continuing until on or about the Summer of 2007, the pharmacy dispensed a substantial quantity of prescription drugs, including controlled substances, p ursuant to orders received electronically issued by physiicans for patients who are alleged to have ordered the drugs via the internet; the Department was not notified 30 days in advance of the pharmacy's closing.

Suspension12/01/201112/31/2011after information came to Department's attention indicating that from on or about the Fall of 2006 and continuing until on or about the Summer of 2007, the pharmacy dispensed a substantial quantity of prescription drugs, including controlled substances, p ursuant to orders received electronically issued by physiicans for patients who are alleged to have ordered the drugs via the internet; the Department was not notified 30 days in advance of the pharmacy's closing. [8]


This just keeps on going.. He was married to Maggie Bell Cheatham Cartwright, mayor of the city of Keysville: http://augustafuneralnotices.com/wp-content/uploads/2014/03/...


1 https://www.idfpr.com/Forms/DISCPLN/1112_dis.pdf

2 http://www.subiz.us/biz-il-58953.html

3 http://illinois.cevo.us/company/c-21-dabbs-s-associates.html

4 http://www.legacy.com/obituaries/augustachronicle/obituary.a...

5 http://www.manta.com/c/mm7dlxl/altgeld-gardens-drug-co

6 https://www.idfpr.com/forms/discpln/2013_09dis.pdf

7 http://www.xula.edu/mediarelations/XUGold_Summer2011.pdf

8 https://www.idfpr.com

40 year old study could have reshaped American diet, was never fully published washingtonpost.com
298 points by garycomtois  2 days ago   110 comments top 24
narrator 2 days ago 4 replies      
The context of the early 70s was that "The Limits To Growth" and "The Population Bomb" had just been published and there was a real concern in the air that the world was going to run out of food quickly unless something drastic was done. I think this created a strong confirmation bias that favored any scientific validation of vegetarianism as good news. Saturated fat being the main component of meats that is not in vegetables, and carbohydrates being the main components of vegetables that are not in meats, the confirmation bias was decidedly pro-carbohydrates, anti-saturated fats.

IMHO, whenever you get people saying "Wouldn't it be wonderful if the science said <x> because it would help with <some other thing that is hard to figure out>" you get one of these situations.

jrapdx3 2 days ago 4 replies      
The subject of the article says as much about the politics of science as it is a comment on the science itself. To the extent the findings have been ignored, or perhaps even shunned, is not at all unique. Many important advances in medicine had a notoriously difficult time being accepted, as an example, the idea that bacterial infection was the cause of stomach ulcers had been around for decades before gaining traction.

I think the substance of the science discussed revolves around the composition of dietary fat. As the article notes, the recommendation for increasing the proportion of "polyunsaturated" oils is likely a major factor. Indeed, common vegetable oils contain a high proportion of linoleic acid, the "base" omega-6 dietary source. It has been shown in numerous studies that the omega-6 (N-6) to omega-3 (N-3) ratio is important since these essential fats are linked to immune system functioning.

N-6 fatty acids are associated with pro-inflammatory factors, N-3 primarily leads to anti-inflammatory products. In the archaic/traditional diet, N-6 and N-3 were present in roughly equal proportion, but with marked increase in vegetable oil consumption, N-6 to N-3 becomes "imbalanced", e.g., 10:1.

Inflammatory processes are well-known to play a role in cardiovascular disease, so it's not hard to see how increased N-6 fatty acid intake is a contributor. However this info has not been a secret in the fields of obesity and metabolic disease treatment and research, where the impact of dietary fat intake has been discussed and published for more than 20 years.

Since the mid-90's I've recommended sharply reducing polyunsaturated vegetable oil intake as part of "lifestyle" changes supporting optimum health, particularly for patients with predisposition to metabolic disease. FWIW I've followed my own advice for at least as long, the results have impressed my internist who jokes that I've become quite an uninteresting case.

(Don't have references at hand. If anyone wants I'll post them.)

Edit: grammar!

jeremyw 2 days ago 1 reply      
The article stops short of highlighting the most explosive detail. The studys investigators suppressed these data just as one of them, Ancel Keys, was consolidating political power and unifying opinion around his cholesterol hypothesis. And when, twenty years later, the contradictory results were published, they lied about the conclusions.

There has always been suspicion of knowing cherry-picking. But the evidence of fraud, by the central figure of saturated fat phobia, is much clearer now.

gobbo 2 days ago 1 reply      
This article leaves out or does not stress enough some important information:_How long was the experiment conducted for?_How many people have been monitored after the experiment?_Did the people go back to the previous diet, once the experiment was over?

To the first question, one can find hidden in the article: "Willett faulted the experiment because many of the patients were on the special diets for relatively brief periods - many were being released from the mental institutions. But about a quarter of the patients remained on the diet for a year or longer".

If people stayed on this diet for a year or so max of their 65+ years of life, this data seems utterly non-relevant to support either thesis. It is fundamental to know if the people (and how many) continued with the new diet for a sizable portion of their life. In any case the results should at least not include people that have been on the diet for just a couple of months.

It is hard to believe that a diet of low fat for just a random year in somebody's life (~1.5% of life span) would make a big difference against the remaining 98% of life spent eating fat. The question whether a low fat diet is better than a high fat one is very intriguing, but this data, as presented in the article, seem inconclusive.

asangha 2 days ago 0 replies      
Gary Taubes wrote a great book showing how politics marred nutritional science: http://www.amazon.com/Good-Calories-Bad-Controversial-Scienc...
fauria 2 days ago 0 replies      
In line with this submission, two posts linking to an article on The Guardin about sugar hit the front page of HN lately:

The Sugar Conspiracy: https://news.ycombinator.com/item?id=11444941

The sugar conspiracy: sugarnot fatis the greatest danger to our health: https://news.ycombinator.com/item?id=11471806

It revolves around a lecture by Dr. Robert Lustig (UCSF) that was also posted on HN six years ago. I found it amazing:

Sugar: The Bitter Truth (UCSF lecture): https://news.ycombinator.com/item?id=1006980

jinushaun 2 days ago 5 replies      
To me, the problem is not scientific studies, but mainstream reporting of scientific studies that turn into popular fads and trends. Science doesn't deal in absolutes, but society does. This is true for dietary fat, autism, gluten, paleo, salt, etc.
andreirailean 2 days ago 1 reply      
Mental patients didn't have a say on their diet 40 years ago. This experiment says a lot about the level of care for the wellbeing of those who are locked up and are not given a choice (supposedly for their own benefit). I wonder if these kinds of experiments are still being done at mental institutions and elsewhere people are treated like Guinea pigs.
Kinnard 2 days ago 0 replies      
"Groupthink is a psychological phenomenon that occurs within a group of people, in which the desire for harmony or conformity in the group results in an irrational or dysfunctional decision-making outcome. Group members try to minimize conflict and reach a consensus decision without critical evaluation of alternative viewpoints, by actively suppressing dissenting viewpoints, and by isolating themselves from outside influences."[1]


stephengillie 2 days ago 0 replies      
The nearly-unbelievable rigor of astrophysics and particle physics grants too much credibility to dietary and nutrition studies. Until a satisfactory level of rigor is established, these efforts will remain equal in validity to any other nutrition advertisement.

Calling it "science" is harmful.

gwern 2 days ago 1 reply      
> The lead investigators of the trial, noted scientists Ancel Keys and Ivan Frantz, are deceased.

No wonder.

mhkool 2 days ago 0 replies      
Dr Mark Hyman, an MD who practises functional medicine, recently launched abook titled 'Eat Fat Get Thin'. Today I received an email from him titled 'The results are in...' :

Dear Marcus,

Before I launch any program, I test it.Not just on my patients, which I have done for decades (in fact on over 20,000 patients), but on people all over the country following the program at home. We had over 1,000 people do the Eat Fat, Get Thin beta program and the results and stories were amazing.Here are the average results from the first group to go through the program:

 Weight Loss: 7.1 pounds (some lost up to 46 pounds) Waist Reduction: 1.9 inches (some lost up to 13 inches) Hip Reduction: 1.7 inches (some lost up to 16 inches) Blood Pressure Reduction: systolic (top number) 9 points, diastolic (bottom number) 4.5 points Blood Sugar Reduction: 23 points
Participants also reported an astounding 69% drop in ALL symptoms from all diseases. If youre ready to lose extra pounds have more energy and start feeling amazing click here to join the Eat Fat, Get Thin Challenge.

I am following the work of Dr Hyman for a long time and already knew that a diet with good fats is healthy, but the result of 69% drop of symtoms of all diseases is astonishing and makes you think: the bad foods make you sick and the good foods make you healthy.

agumonkey 2 days ago 0 replies      
Very reminiscent of the dismissal of Yudkin's sugar theory.
codexjourneys 2 days ago 1 reply      
The worst part is that for 20 years (until about 10-15 years ago), anyone stating that maybe saturated fat wasn't so bad was demonized and called anti-science. There seemed to be very little opportunity for reasoned discussion or actual comparison of results in the wild. Demonization of the opposing viewpoint, instead of reasoned discussion and further inquiry, IS the definition of anti-science.
bcheung 2 days ago 0 replies      
The book "Death by Food Pyramid" goes into great length about the history of how the food pyramid came to be and the story of how it got corrupted.
erikb 2 days ago 0 replies      
This headline sounds really interesting. But if you think about it more you find that this is true for a lot of papers. I guess there are quite a few papers that never make it to being published, because it's hard work and the competition is tough. And each one of these might have had an impact if it had succeeded in getting published.
fsloth 2 days ago 0 replies      
I had the understanding that individual genetics control response to dietary fats. I never see individual genetics referred to with these diet instructions and studies - which makes me very vary of them. Am I completely wrong (i.e. did my 23 and me test give unscientific advice)?
enibundo 2 days ago 2 replies      
Is it this difficult to know what to eat Americans? Just don't eat processed food and don't abuse with only one type of food ffs.
jsuich 1 day ago 0 replies      
I know the lead publisher. These guys are the real deal and are doing seriously sincere and in depth work.
bkovacev 1 day ago 0 replies      
American diet in the 70s was not what the American diet is today.
lisper 2 days ago 1 reply      
Similar political dynamics are playing themselves out today with respect to Ebola and septic shock:


Tycho 2 days ago 1 reply      
We don't need scientific studies to figure out what to eat. Just look at what has worked for millennia and avoid newfangled processed food.
iandanforth 2 days ago 1 reply      
Article does not contain the word "sugar." Article invalid.
garyclarke27 2 days ago 0 replies      
Continuued promotion of the false premise that, eating saturated fat and cholesterol is unhealthy,has literally killed and caused misery to hundreds of millions.ie Those responsible are mass murderers.Butter was demonised, yet grass fed butter is far healthier than any oil, including olive oil.Ghee has the highest smoke point, many vegetable oils turn to poison when heated because they are unsaturated ie far less stable, they also spoil very easily.I make ghee by gently boiling Rachel's organic butter for 30 minutes, then filtering through cheese cloth, it tastes great and smells lovely and nutty, unlike shop bought ghee which smells off to me.
A New Map for America nytimes.com
326 points by thisjustinm  20 hours ago   288 comments top 42
clarkmoody 19 hours ago 19 replies      
The fantasies of central planners never end.

The author neglects entirely the fact that these city-states arose without any central plan to create these economic zones. They are the result of the market and political processes we already had in place. Did some technocrat wizard in Washington say, "We should target the Northeast Corridor to produce 20% of our GDP"? No. That result was organic.

Here's an alternate proposal: decentralize power back to the states and have groups of states work out arrangements among themselves to enhance their shared cross-border economies. Reduce the federal take of taxes, leaving the money in the hands of the people who actually innovate, employ, and make economic decisions.

The primary fallacies in this central planner's thinking is that some new National Economic Planning Board will be a) completely altruistic in allocating a pile of cash to the places that will produce the most economic benefit, b) able to out-perform the decentralized economic decision-making mechanism of the market (prices), c) not be subject to the lobbying that so corrupts the Congress now.

lbaskin 19 hours ago 2 replies      
"What is needed, in some ways, is a return to this more flexible, broader way of thinking." Well, if the courts and the White House (as inhabited by Democrats AND Republicans) wouldn't keep moving power from the states to the federal executive, then maybe there would be more flexibility. Instead, what we have is a slow and constant undermining of the idea that states should serve as laboratories of democracy,[1] and a steady disappearance of the federal nature of the system in the U.S.

[1] https://en.wikipedia.org/wiki/Laboratories_of_democracy

(edited to correct a typo)

mrcactu5 20 hours ago 4 replies      
Here is a map of the US according the distance to major cities.http://www.dailymail.co.uk/sciencetech/article-2626281/The-m...

Electoral college reform (fifty states with equal population)http://fakeisthenewreal.org/reform/

This type of gerrymandering or repartition is a rich part of US voting history. The legal term might be "apportionment" or the math term could be "equipartition".


 Representatives and direct Taxes shall be apportioned among the several States which may be included within this Union, according to their respective Numbers which shall be determined by adding to the whole Number of free Persons, including those bound to Service for a Term of Years, & excluding Indians not taxed, three fifths of all other Persons. The Number of Representatives shall not exceed one for every thirty Thousand, but each State shall have at least one Representative;
These touch questions about geographical fairness have always existed. In the 21st century, these might be solved with computational geometry.

flavor8 19 hours ago 1 reply      
Tangentially to the article's point, Colin Woodward has an excellent book called American Nations, in which he identifies and tracks forward 11 distinct cultures formed by the way they colonized. His map: http://emerald.tufts.edu/alumni/magazine/fall2013/images/fea...

It's a great read.

padobson 17 hours ago 7 replies      
The Northeastern megalopolis, stretching from Boston to Washington, contains more than 50 million people and represents 20 percent of Americas gross domestic product. Greater Los Angeles accounts for more than 10 percent of G.D.P. These city-states matter far more than most American states and connectivity to these urban clusters determines Americans long-term economic viability far more than which state they reside in.

This reshuffling has profound economic consequences. America is increasingly divided not between red states and blue states, but between connected hubs and disconnected backwaters.

If you're wondering why 8 million Americans[1] have voted for Donald Trump in this election cycle, look no further than this snippet. The elitist garbage is so thick and so deep I had to put on waders - the ones I normally reserve for venturing through my backwater community. Using faceless macro-economics to justify ripping power away from suburban and rural communities is the exactly the type of liberalism that pissed off every person Trump is appealing to right now.

The very idea that a nation state should be organized not according to the political will of its citizens, but according to the most efficient allocation of capital, is contrary to the very idea of the democratic republic America is built upon.

Furthermore, I echo the opinions of others in this thread who have suggested that the individual rights of citizens are better protected when power is decentralized to the states, and after the states, to county and municipal governments, hopefully leaving the bulk of the authority in the hands of the citizens themselves.

Power to the people.


themagician 20 hours ago 3 replies      
Everyone would vote for a redrawing.No one would agree to any of the redrawings.
Retric 20 hours ago 0 replies      
In context Montana etc rebounded less because it fell less, and it fell less because it missed the boom.

There are many ways of looking at the US, but quality of life is more than just cost of living. The same house might cost 50k or 2.5 million just based on location, but you can't buy pollution free air, low traffic levels etc. On the other hand there are many advantages to living in or near a mega city like a wide range of good restaurants.

Even things as basic as crime stats get mixed into this. People simply get away with less crap in city's.

Getting back to politics I think America is simply less unified than people assume. People live vastly different lives and want a wide range of things.

gshubert17 18 hours ago 2 replies      
Reminds me of Joel Garreau's Nine Nations of North America (1981) about which he commented 3 decades later:


It also ignores state boundaries, but includes Canada and parts of Mexico and the Caribbean.

mmanfrin 19 hours ago 0 replies      
One of my favorite drawing-up of America is based on data from Where's George:


justinph 20 hours ago 8 replies      
This is interesting and it should be paired with a dramatic re-thinking of the way our democracy functions. Namely, we should abolish the Senate's overrepresentation of small, rural states. It made sense that all states got two senators in 1789, but not in 2016. Wyoming, with a population of less than a million, does not deserve the representation of two senators, the same representation that California, New York, or Texas receive. The US is less agrarian than ever. This antiquated representation makes less sense than ever and harms our democracy by under-representing urban populations.
brockers 17 hours ago 0 replies      
Thank god we have this article from the New York Times to tell the rest of the country how we should be organizing ourselves.
oblio 19 hours ago 1 reply      
I find it funny that most of these proposals completely ignore US territories. Those people are truly second hand US citizens.
mirimir 5 hours ago 0 replies      
ZanyProgrammer 20 hours ago 5 replies      
Northern California would be a lot nicer if it were a separate state, formed at the border of Monterey and SLO counties.
phkahler 13 hours ago 0 replies      
It seems to me that running the high speed rail through the large cities is a mistake. Run it out in the country and have a branch that runs into/out_of the big cities. That way a train can bypass a city without going into it, the land will cost less, and you can have straighter paths between distant places. Detroit to Florida is a common trip - lots of midwest people vacation down there in the winter. But you can't really take a train today, and this map doesn't really help.

It's the same problem we have with roads. Everything gets built up at the intersections because that has the best access. But then it causes massive congestion at the places that are already a bottleneck. Let's recognize this and not place new infrastructure to do it wrong from the start ;-)

nxzero 18 hours ago 0 replies      
America should just be honest, city and non-city areas should be divide and run independently as two populations.

Map showing what America really looks like:https://upload.wikimedia.org/wikipedia/commons/4/47/Cartline...

ausjke 18 hours ago 0 replies      
Check out the speedy railway system that is in China now:


The whole country is meshed with new railway systems that normally runs at 200 miles/hour(designed for 218 Miles/hour), it presents large pressure to local airlines and is really convenient when I travel there.

e0m 18 hours ago 1 reply      
For as much as I love the dream of high-speed rail linking our great metropoli, the thought of spending hundreds of billions of dollars to build out a network like that is daunting, especially when a flight from BOS to DC already costs $36 and only takes 1 hrs. Not to mention what autonomous cars might do to the picture.
em3rgent0rdr 9 hours ago 0 replies      
This maps illustrates free voluntary association, which is an alternative method of human organisation from central planning. https://en.wikipedia.org/wiki/Panarchism
zanny 19 hours ago 2 replies      
I think all these proposals (and there have been a lot of these) relate back to a central problem in human relationships: Dunbar's Number. Principally, once you are beyond that threshold in terms of politics (and it need not be exclusively people, you could sacrifice some empathy and have families count as units, or even local neighborhoods) your influence on representation dramatically wanes.

Not necessarily because of ill intent, but because you become just another number to whoever "represents" you.

My personal philosophy is that one day we will conclude that the best way to govern is to treat it like we treat most things. Find someone in our community who we think best represents our collective interests, elect them to some council of several neighborhoods, who elect someone from their body to represent the community at the county level, who elects someone to the state level, so on. In practice, I would imagine that each level up you go, the less time you would spend at that level - ie, a national body would behave a lot like how infrequently the UN convenes, and even then it should be mostly to adopt laws from more local governments into the collective one when they have overwhelmingly popular support.

You end up with each layer representing more and more localized interests, and since your base unit of elected official will always be someone elected with social relationships to most / all of their constituents, corruption is much harder to see take root. Have each constituency able to impeach at will, and you can have fairly long or even no term limits, and they will replace bad actors with good ones until they find the best person to represent the majority.

I imagine a system like that would also factor social mobility, it lets you move where the local politics are in your favor and you would see the gradual accumulation of optimal policy where people prosper the most, which would naturally over generations grow in size. At the national level, you can probably use split partitioning of districts and a re-balancing every census to account for these migrations and growths. That means gradually the best communities gain influence over time.

It also has the added benefit of letting everyone cut off higher-tier governance wherever they disagree. You can organize countries based on regional commonality and the borders would be organic with which districts want to participate in which city, or which county, or which state, or which nation. You would almost certainly see similar borders - in the US for example - that these maps demonstrate in the OP because common cultures would align. The only thing missing after that is open borders for migration, so people can freely travel to places whose ideologies align with their own.

BorisMelnik 17 hours ago 0 replies      
I know nothing about maps / cartography but why wouldn't they include a section called "the mid west?" It just seems that that is a term that so many people use, at least where I am from.
Avshalom 18 hours ago 1 reply      
It's gonna be basically impossible to build a metro-corridor from Albuquerque to Denver. Well I mean, basically impossible unless you're cool with removing several entire mountain ranges.
jordanlev 19 hours ago 0 replies      
It seems to me that the premise of this article is "things have changed economically over the past 50 years, so we should change infrastructure to match". But then what happens in another 50 years when things change again? Wouldn't we be locked into a more rigid infrastructure based on early 21st century economy, and then people in the future will be drawing new maps talking about how "the 7 mega-regions are not serving us well"?

Regardless, it sure would be great if we had a better rail system in the US!

aggieben 17 hours ago 2 replies      
I think I can summarize the OP thusly: "All economic and political powers should be in the service of the interests of big urban centers".

No thanks.

lbaskin 19 hours ago 0 replies      
"out that of Americas 350 major metro areas, the cities with more than three million people have rebounded far better from the financial crisis." I assume the writer means metro areas with over 3 million people, but the lack of clarity is confusing at best. Who knows, maybe some readers will assume there are more than 2-3 cities (i.e., not metro areas) in the U.S. with populations of that size.
samcheng 18 hours ago 0 replies      
This is a rehash of the (excellent!) Urban Archipelago manifesto from the Seattle weekly newspaper The Stranger in 2004:


woodandsteel 14 hours ago 0 replies      
The ideas in the article won't be politically successful in today's America, because congress and state governments are dominated by conservatives, and conservatives don't believe in infrastructure spending.
emdd 12 hours ago 0 replies      
Part of Minnesota really belongs to The Great Lakes--the eastern half isn't very "Midwest/Great Plains".
oldgun 16 hours ago 0 replies      
Couldn't help but...


gosukiwi 13 hours ago 1 reply      
For some reason I thought it was a map for the whole continent :-)
msane 18 hours ago 1 reply      
United we stand, divided we fall.
vph 17 hours ago 0 replies      
To be fair, author should stick "Great" in front of each region.
known 5 hours ago 0 replies      
Capitalism != Globalization
protomyth 18 hours ago 3 replies      
Any plan that puts North Dakota and Minnesota together shows the lack of knowledge of the planner. If everything went to heck, the Red River of the North would be a border.
hendler 18 hours ago 0 replies      
This looks like a map of Hyperloop stations.
powera 19 hours ago 1 reply      
I mean, this map (as any) has a lot of problems. The most obvious ones in my view are "How is Wyoming part of the Great Plains and not the Inland West" and "How is all of Indiana urban in the same way that Chicago is"?

But the bigger problem is twofold. First, you don't have to <redraw state lines> to do this, and it seems like a lot of HN commenters feel that redrawing states is the best approach. Second, due to Republicans who hate all government and Democrats who view all "urban planning" as inherently racist, there's no real possibility of a consensus to have any plan at all to improve American cities as a whole.

Grishnakh 20 hours ago 3 replies      
I've long advocated redrawing state borders, similar to how they're shown in http://www.tjc.com/38states/

The main factor is that cities (metro areas) should not cross state boundaries, because this creates an administrative nightmare. Look at all the problems between NJ and NY because the NYC metro area includes all of northern NJ, but it has its own separate state government.

There's many, many places in this nation where different parts of a state have entirely different cultures, and really shouldn't be in the same state together. "Upstate" NY and NYC are a prime example here, but so are Chicago and rural Illinois, plus maybe the Seattle and Portland areas and the eastern sides of their respective states. Maybe a lot of people would be happier with their states broken up so they don't have their local politics dominated by people hundreds of miles away who don't share their values, and would prefer to team up with similar parts of neighboring states (eastern WA and OR might want to just join Idaho for instance).

themagician is correct though: there'd be little agreement on how to redraw things. My idea for dealing with that is to make it voluntary, at the county level, and proceed county-by-county at moving state lines around, or having referenda elections on larger changes (such as folding Rhode Island either into the eastern half of Connecticut, or combining both of those with Massachusetts). Combine this with an election system that allows people to make multiple choices. For instance, let a voter in Spokane WA rank the following choices in their order of preference: 1. stay in WA with Seattle, 2. Become part of a separate, independent state of eastern WA, 3. Become part of a new state that includes eastern WA and OR together, 4. Become part of a new state that includes #3 and the ID panhandle, 5. Join ID.

The fundamental theme is that people in every locality should have the right of self-determination, something that politicians usually seem to sneer at. If voters in Charlotte, NC don't want to be part of that state any more, they shouldn't have to be, and if they can get the counties surrounding them to join them in creating a new state, or just merging with TN or VA, they should have that right. Of course, there are big issues of feasibility which must be considered. But a lot of break-ups wouldn't be that hard to do, such as separating NYC from upstate NY.

chinathrow 19 hours ago 0 replies      
I love newly thinked maps - but I don't like borders.
garou 19 hours ago 2 replies      
I clicked expecting the map of America, not USA.
miracle_code 18 hours ago 1 reply      
US of A, we all would be better off if this concept would die.

Split up into smaller, independent nations, don't terrorize the world with your armsdealing presidents wanting to achieve "democrazy".

Don't spy on its citizens as well as the rest of mankind.

Don't poison our food via tradedeals negociated in secret with global consorts.

Don't murder our leaders, only wanting to be free from you.

Please die.

todd8 12 hours ago 0 replies      
This idea isn't a new one. I vaguely remember reading such a suggestion in The People's Almanac (I think vol 2), published in 1978. I have it somewhere in my library but I'm on a trip right now so it isn't at hand; I wonder if any other HN reader's have it? It would be interesting to compare previous suggestions for boundary changes to this latest one. Would we find that we needed to change the boundaries every couple of decades? How would that work?

Further, I can't imagine a state like Texas signing up for being split in two. ("Don't Mess With Texas" has been it's anti-litter campaign for 30 years.)

Skylake's Linux power management is dreadful you shouldn't buy until it's fixed mjg59.dreamwidth.org
326 points by edward  2 days ago   154 comments top 18
dman 2 days ago 3 replies      
For what its worth Microsoft has struggled with power management on mobile skylake as well - https://www.thurrott.com/mobile/microsoft-surface/62772/micr... . There have been multiple firmware upgrades but if you look at /r/surface on reddit multiple people (myself including) still have issues with power management and sleep on the skylake surface pro 4's.
hacknat 2 days ago 6 replies      
I can personally confirm this. I bought a brand new Dell XPS 15 with Skylake (i7) in December. I installed Linux on it (kernel 4.3), and it has been a power management nightmare from day 1. I've only ever gotten 2 hours from the battery. I just sent it in because it powercycles at random now, never making it past the Dell splash screen anymore. When I run the hardware diagnostics, sans hard-drive, it dies in the middle of one of the processor tests.

Other people have been pointing out that Windows is struggling with Skylake as well, and I've heard the same.

Skylake was touted by Intel as being one of their proudest achievements in power management to date. My guess is that their changes were so drastic that the software didn't keep up.


I do have an NVMe hard drive, which does seem to cause some issues, for reasons passing understanding.

speeder 2 days ago 8 replies      
I am planning in buying a 4690K

LOTS of people keep nagging me that I should go for a Skylake instead, just because it is "newer" and "better because it is new"

I really don't understand that logic.

Beside the thing pointed in the article, Skylake has other problems:

Win7 don't work properly in it (and Win7 is the last Windows to emulate old DirectX versions correctly on Windows itself).

Skylake wasn't design to support analog video at all, something that is still common in third world countries, specially as people keep using old monitors that never break, and are frequently superior to almost all reasonably priced new monitors.

Skylake doesn't support OSX (and there are people with reasons to want that).

Skylake uses DDR4, that in third world might not be even available for sale, or might have some insane prices (2, 3 times the DDR3 price).

Skylake has a couple bugs, and more might pop up in the future.

except in US and maybe some EU countries, the price to build a Skylake system is higher than the speed benefit it gives compared to Haswell (usually at most 10%, frequently less...).

EDIT: I would also like to point out that Devil Canyons has been reported to work with DDR3 up to 2666 with no issue, some mobos allow Devil Canyons to go up to DDR3 2800 without erroring or being unstable.

The thing is, those DDR3 can ALSO reach much lower latency than similar bandwidth DDR4, the few DDR3 vs DDR4 benchmarks done so far, show that usually there is no difference, and when there IS a difference, is usually DDR3 winning.

openfuture 2 days ago 1 reply      
This is literally the best timing ever. I was going to place the order for my XPS 13 yesterday but ran into some banking trouble. Then on my way to the bank today I was browsing HackerNews on my phone and now I'm conflicted if I should go through with the purchase or try to find the older model.

Does anyone have a reasonable guesstimate as to how likely it is that this gets fixed, because it sounds to me (from this thread) that there is a flaw in the design of the chip and this won't be fixed so easily.

Animats 2 days ago 2 replies      
Intel: "Long term reliability cannot be assured unless all the Low-Power Idle States are enabled."

Does that mean if you run the CPU too much, it will die quickly? Is there some low limit on time at full power? Electromigration problems, perhaps?

csense 2 days ago 1 reply      
I was thinking of going AMD for my next system. This post solidifies that decision. Hopefully when their next-gen arch is released [1] it won't be as buggy as Intel's -- which seems like a fairly low bar.

[1] https://en.wikipedia.org/wiki/Zen_%28microarchitecture%29

dsp1234 2 days ago 1 reply      
Note that several commenters on phoronix[0] are saying that they are not having any problems (along with the commenter on this thread[1])

[0] - https://www.phoronix.com/forums/forum/phoronix/latest-phoron...

[1] - https://news.ycombinator.com/item?id=11492693

TYPE_FASTER 2 days ago 6 replies      
A few semi-relevant notes:* We've bought multiple Dell XPS 13 laptops with Windows off Amazon because the same spec there was roughly $400-500 cheaper than buying the XPS Developer Edition from the Dell website.* We tried running Linux on a Dell non-XPS Skylake Core i7 laptop and it was having many kernel panics. A quick Googling revealed people with a Skylake chipset having a similar issue.* I noticed just a couple days ago that Dell has updated their XPS Developer Edition laptop to Skylake. One difference I see on the site is it ships with Ubuntu 14.04 SP1. I haven't read much about SP1, other than it looks like it's about a year old.

So yeah, I'm still buying XPS laptops with 5th gen chipsets because we've had issues with Skylake.

nkurz 2 days ago 6 replies      
Skylake's Linux power management is dreadful you shouldn't buy until it's fixed

Why is this phrased as being an issue with Skylake, rather than an issue with Linux? That is, why not "Linux's power management on Skylake is dreadful and you shouldn't install it until it's fixed?"

Also, as someone who is running a custom compiled Linux 4.4 on Skylake, what's the best way to check what idle state is being used? Idle stats with 'powertop' shows the majority of idle time being spent in C8-SKL. Is this the same as the PC8 he's talking about?

lllllll 1 day ago 0 replies      
I got my Asus UX303UA(which won over the dell xps13 option) - i7-u6500 last week. I installed Linux Mint(MATE edition, though I use mainly i3wm). After upgrading to kernel 4.5 I get 8-9h of battery with normal use ( Vim, firefox several tabs, rails/node/redis/postgres server running...), even longer if I'm on-off the computer. I'm really happy with it so far.

Besides, I could add +4GB RAM and replace sata HDD with SSD.

xcasex 2 days ago 0 replies      
This reminds me of something.. Oh, right. Baytrail support. that's still lacking as well, and that's also a C-state issue.
ciokan 2 days ago 2 replies      

Good or bad? Have no idea what C8 should say that's why i'm asking. Dell XPS 9550 ubuntu 16.04

MrQuincle 1 day ago 0 replies      
Seems a bit exaggerated. I now have a Yoga 900 running 4.4.0-18-generic. It's fine to work through the entire day (6 hours).

The only thing that's still causing hiccups is the combination of Wifi and Bluetooth on the same chip which doesn't play nice if I for example stream spotify to my bluetooth speakers. However, that has nothing to do with Skylake.

blinkingled 2 days ago 0 replies      
I guess with all the pressures and cost cuts in QA you'd be better off sticking to Haswell Gen machine for next few years. Which are perfectly fine by the way - Haswell Xeons for your workstation and anything around the i7-4xxx for your laptop will do you fairly well for next 3 years or whatever it takes for Intel to put out a power efficient, stable and well supported part.
jonotime 2 days ago 2 replies      
Interesting since I continue to be impressed by my skylake's low power consumption. I built a desktop (arch linux kernel 4.2 - 4.4) a few months back and my killawatt generally show 25-35 watts. Thats way below my old desktop. Its also plenty cool.
ikeboy 2 days ago 0 replies      
I had an HP skylake laptop that overheated last month, then refused to boot, running ubuntu. Had constant issues when resuming from suspend, would sometimes refuse to start, or would lose wifi.

Now wondering if it's connected.

bb85 2 days ago 1 reply      
Anecdotal, but I've been running Ubuntu 15.10 for a few months on a Dell XPS 15 (9550), and with kernel 4.4 everything works flawlessly.

When idling, power consumption is 8W, and powertop shows 30% C8 and 70% C10.

suprjami 2 days ago 1 reply      
OK, it's broken and doesn't work. I'm getting over 10 hours battery on a Skylake laptop, but it's broken and doesn't work.
CDC map quietly confirms the Haitian cholera epidemic started by UN peacekeepers slate.com
276 points by nkurz  1 day ago   53 comments top 10
aroch 1 day ago 4 replies      
I'd just like to point out that the CDC itself has published papers detailing the origins of the Haitian cholera strain: http://wwwnc.cdc.gov/eid/article/17/7/11-0059_article

As another example, Lee Katz, CDC's chief bioinformatician for the labs that study diseases like cholera (Who, full disclosure, used to work with my lab on Vibrio stuff): http://mbio.asm.org/content/4/4/e00398-13.short

There have been articles by other groups directly addressing the introduction of cholera by aid workers. The CDC also talks about this issue directly during conferences and presentations as an event that we need to learn from.

leroy_masochist 1 day ago 1 reply      
FWIW, I work in Haiti, have numerous friends in the UN mission here, and they have long acknowledged this is true. Certainly Haitians know what happened. Talk radio is a big thing here and they've been talking about it forever.

I think the article is probably technically correct in terms of the highest levels of the CDC and UN being sensitive and slow-rolling the news...but I wouldn't say it's as pervasive a cover-up as the article implies.

tim333 1 day ago 2 replies      
Bit of a major screw up there. If they'd been open about the source they probably could have fixed it. Even now googling Cholera prevention it mostly seems to be sorted by chlorinating the water supply and using bleach on cholera contaminated stuff - not rocket science and could probably be done without $2bn. When I'm 3rd world travelling I tend to figure if the tap water smells of chlorine you're ok.

Funny seeing the London map. My flat's on that. Thankfully we have less cholera these days. I remember being struck in Nepal about 20 years ago by seeing some guy crapping directly on the river bed of the main river in Kathmandu which was probably being used for water by villages downstream. Again some of this stuff is not rocket science.

kelvin0 1 day ago 0 replies      
It would be a tragedy if this cholera outbreak was the only cause of many poor people in Haiti. The UN have been killing people over there for many years:



nthcolumn 1 day ago 1 reply      
A few Nigerian peacekeepers spread HIV in Cambodia which had been previously relatively free.
Kinnard 1 day ago 1 reply      
Each year all the sophomores at my high school take an 11-day wilderness trek in the Great Smokey Mountains. One of the many things we learn is not to shit near water. I probably remember this particularly well because when someone in my troupe fucked this up, we got an angry lecture from our guide.

I like to be gracious but I can't imagine how the UN fucked this up

brownbat 1 day ago 4 replies      
Aside from its own cholera epidemic, along with water, health, and disaster relief crises, in 2014 Nepal had a lower per capita GDP than Haiti.[0,1]

I appreciate the desire to make the UN a truly global effort, but maybe there should be some filter where peacekeepers only help at home or in countries worse off. Otherwise, we're not only raising the risk of incidents like this and other peacekeeper scandals, but also taking soldiers away from vulnerable populations at home that already need their help.

[0] http://www.tradingeconomics.com/nepal/gdp-per-capita

[1] http://www.tradingeconomics.com/haiti/gdp-per-capita

bayesian_horse 1 day ago 2 replies      
I can actually understand the impulse to keep this quiet. Lack of trust in Aid missions or Peace Keeping missions is already hurting a lot of people.
pessimizer 20 hours ago 0 replies      
The interventions in Haiti post-earthquake are an embarrassment and a tragedy. The massive outpouring of money was largely sucked up by the salaries and comforts of the administration of parasitic NGOs, governments' main provision was armed troops, and imported food aid decimated local agriculture.

Here are years of too much detail:



The groups failures went beyond just infrastructure.

When a cholera epidemic raged through Haiti nine months after the quake, the biggest part of the Red Cross response a plan to distribute soap and oral rehydration salts was crippled by "internal issues that go unaddressed," wrote the director of the Haiti program in her May 2011 memo.

Throughout that year, cholera was a steady killer. By September 2011, when the death toll had surpassed 6,000, the project was still listed as very behind schedule according to another internal document.

The Red Cross said in a statement that its cholera response, including a vaccination campaign, has continued for years and helped millions of Haitians.

But while other groups also struggled early responding to cholera, some performed well.

None of these people had to die. Thats what upsets me," said Paul Christian Namphy, a Haitian water and sanitation official who helped lead the effort to fight cholera. He says early failures by the Red Cross and other NGOs had a devastating impact. These numbers should have been zero."

How the Red Cross Raised Half a Billion Dollars for Haiti and Built Six Homes


bcook 1 day ago 1 reply      
..."started by" or "(was) started with"?

Regardless of origination locale, can we (HN) try to be more universal with our topics?

What Its Like to Wake Up from Autism After Magnetic Stimulation nymag.com
305 points by nkurz  2 days ago   155 comments top 24
tgflynn 2 days ago 3 replies      
I'm amazed by the improbability of this guy's life. He had an abusive father and a schizophrenic mother dropped out of school at 15 then worked as a sound engineer for a famous rock band, built a successful high-end auto repair business and then became a best selling author. I have to admit I was skeptical reading the article but his story seems to check out (https://en.wikipedia.org/wiki/John_Elder_Robison).

I wonder how relevant his experiences with autism and TMS would be though to those of us with less extraordinary lives. I mean I'm guessing that having a life like this would tend to suggest that someone's internal mental makeup is somehow rather non-mainstream as well.

luxpir 2 days ago 2 replies      
I feel it needs pointing out that the savant-stereotype surrounding autism still needs taming a little.

Autism can make the lives of some sufferers extremely difficult, and also those of their carers. We all know this, yet the typical response to 'my child is autistic' is an assumption, often verbalised, that that child would 'at least' be good at mathematics, music or 'computers'. Sometimes they are not.

It's similar to how the terms low- and high-functioning are not particularly helpful in most cases [0]. In general I think we need to become a little more nuanced in our approach to autism.


[0] - http://www.stuartduncan.name/autism/low-functioning-autism-v...

Practicality 1 day ago 8 replies      
So, funny that on hacker news and lots of programming blogs when this topic comes up a lot of people chime in about being on the (autistic side) of the spectrum too.

Ironically, I feel left out. I am on the other end of the spectrum. Kind of like what this guy described after the treatment, although I've been dealing with it my whole life, so I don't get all worried.

I feel like the only programmer who is intensely aware of the emotional state of my colleagues. I can sometimes tell people what they are feeling (when they are opening up) and it shocks them because I know it better than they do.

Of course, I listen to trance-music at work so I can pretend to be autistic (please understand it's a bit of a joke) and ignore all the swirling emotions.

Anyway, I've found others like me, but they seem to be more rare than autistic people. It seems to me like it would be nice to not be aware of all the emotions all the time.

I sincerely envy the "insensitive" people quite often.

It seems like it would be a lot easier if I were able to be selfish to a normal level without caring that someone's emotions might be unsettled.

motti 2 days ago 3 replies      
My mother published a fairly seminal paper on the topic [1] 18 years ago which concludes that emotional awareness (specifically, the "Theory of Mind"[2]) can be learned by people with Autism.

At the time this was against prevailing wisdom but AFAIK is now considered accepted wisdom.

[1] https://scholar.google.co.uk/scholar?cluster=165456960940191...[2] https://www.autism.com/understanding_theoryofmind

tehwalrus 2 days ago 4 replies      
Some people have argued [1] that it was not his autism, but his alexithymia which was altered by the TMS. Alexithymia is an orthogonal condition: it can occur with or without autism.

Believing that a "cure" for autism is required is also a rejection of neuro-atypicality as a valid state of being, which is a common form of subconscious Ablism (discrimination against disabled people). That is not to say that no autistic people want to try treatments, simply that we should not forcibly treat all of them (least of all children, which is a line even Robinson himself doesn't argue for crossing.)

[1] https://soniaboue.wordpress.com/2016/04/06/a-shot-in-the-dar...

0942v8653 2 days ago 1 reply      
An article written by Robison:

An Experimental Autism Treatment Cost Me My Marriage https://news.ycombinator.com/item?id=11313452 26 days ago, 560 points, 313 comments)

qewrffewqwfqew 2 days ago 3 replies      
The sort of post-TMS emotional hypersensitivity he describes is "normal"? On one hand I wonder if I'm further on the spectrum than imagined and should seek help ... on the other, being overwhelmed by other folks' emotional state sounds crippling.
thonos 2 days ago 2 replies      
Everytime I read one of these Autism articles I feel like I might be affected myself. I lack most of the symptoms I read on the internet but often feel disconnected and not caring about what's actually happening. Like a robot on autopilot with occasional breaks when I realize where I actually am in my life. For example when I hear really bad news, I'm just like "eh, life goes on".

I'm not sure when this started but I remember a moment a few years back when I realized this trait for the first time.

Is there a short check I can do to find out more?

anateus 2 days ago 1 reply      
This gave me a strong Flowers for Algernon vibe.

For someone that's high functioning only with experiences like these is it really possible to see what things are still "missing".

philovivero 2 days ago 2 replies      
I'm glad this guy wrote this up.

Now I have no desire to get off the spectrum.

randomgyatwork 2 days ago 1 reply      
We need to stop seeing different types of personalities as diseases.
endymi0n 2 days ago 3 replies      
If a simple coil is able to do this to the brain, how come the many Teslas of a superconducting MRI magnet don't do zip?

Genuinely interested...

phineastcat 2 days ago 0 replies      
I'm on the spectrum and don't feel any emotional disconnect unless my blood sugar drops (usually from forgetting to eat or sleep.) When that happens, it's like part of my brain just... goes to sleep. I'm still awake, but I have a really hard time producing or sensing any emotions. My loved ones tell me 'it's like talking to a robot and not [PhineasTCat].'

The weirdest part is I can physically feel that part of my brain isn't awake; it's like a weight in my head, pressing on my eyes. When I was little I called it 'the brain fuzzies.'

foxhedgehog 2 days ago 0 replies      
This is legitimately one of the most incredible and heartbreaking stories that I have ever read.
agumonkey 2 days ago 4 replies      
I wonder how sexual development happens in autism. In terms of emotional connection it's a pretty central and strong source.
rdudek 2 days ago 0 replies      
My daughter is will be 4 years old in July and she's been diagnosed with autism last October. Me and my wife have been wondering if TMS is being done now more broadly and have it tried on her?
pingec 2 days ago 0 replies      
Sounds like his recently awakened sensitivity is on the level of a child's and he has yet to go through the coping process of desensitization.
hammock 1 day ago 0 replies      
If it's accepted that magnetic pulses can stimulate nerve cells in the brain, "re-tun[ing] the way brain cells communicate," what does this mean for EMR in the environment, e.g. from Wifi and our cell phones? We are constantly being told that it's harmless, but it must have some effect on our brains.
timwaagh 2 days ago 0 replies      
this sounds interesting. i always wanted to be able to read people better and emote normally. i don't have a marriage to save so that should not be the problem. hopefully this treatment will soon be available in my country.
ESRogs 1 day ago 0 replies      
He really likes that skinned knee example.
smegel 2 days ago 3 replies      
The biggest takeaway from this for me was...so what the hell is EM radiation from my mobile phone doing to my brain???
dschiptsov 2 days ago 0 replies      
Autism is a set of habits, a biased training, if you wish. It cannot be undone by any brain stimulation whatsoever. Brain doesn't work that way.
iopuy 2 days ago 1 reply      
Jesus Christ, this guy is the author of 4 books all related to autism?

 - Look Me in the Eye: My Life with Asperger's (2007) - Be Different: My Adventures with Asperger's and My Advice for Fellow Aspergians, Misfits, Families, and Teachers (2012) - Raising Cubby: A Father and Son's Adventures with Asperger's, Trains, Tractors, and High Explosives (2014) - Switched On: A Memoir of Brain Change and Emotional Awakening (2016)
He really hit the gravy train. I can't wait for "Sending An Asperger's Kid To College" and "Grandpa has Asperger, Son"!

nashashmi 2 days ago 1 reply      
Ok. Now I am going to call it. Back in the late 90s, people used to joke that you shouldn't keep cell phones at your wasteline or your "futures" will be affected. And then they would joke further that in 20 years you will have some weird people walking this earth.

Well, it is 20 years later now, and we should see the affects of this supposed cell phone radiation. If I had to guess, I would say the version of the future we were predicting is the one we live in today ... where lots of people now have autism.

The article says "magnetic" waves through the brain can "fix" autism. If magnets and electro waves are the fix, then maybe cell phone and radio waves were the cause that disturbed the brain to be this way.

Regulators Propose Banning Theranos Founder from Blood Testing wsj.com
259 points by trimbo  2 days ago   191 comments top 27
dcgudeman 2 days ago 11 replies      
The more I read about theranos the more apparent it is that there is something fundamentally wrong with it's core goals, leadership and technology. One easily identifiable red flag is the composition of its board. It's nearly all ex-military and government officials not veteran entrepreneurs and technologists. Just to name a few: George Shultz (former Secretary of State), Sam Nunn and Bill Frist (former U.S. Senators), James Mattis (General, USMC, retired) and Gary Roughead (Admiral, USN, retired) Henry Kissinger (former Secretary of State), William Perry (former Secretary of Defense)


JoaquimBean 2 days ago 1 reply      
Funny to see tech VCs try to get into the medical space with no knowledge or expertise in the subject. Expect more of this as clueless GPs try to cash in on personalized medicine trend and shady founders give them every opportunity to hop aboard. There are already professional VCs who do this shit all day everyday, they just hang out in Kendall Square and RT. 128 not SF.
drcode 2 days ago 2 replies      
Medical research is in great need of a major shakeup, because I feel like current research models have seriously underperformed in recent years...

...but now that isn't going to happen, primarily because of this debacle.

It's so sad that the "keystone cops" at Theranos have done so much damage to the reputation of the medical startup community- Possibly, they've set medical research back by several years with their bad behavior.

Every time from now on when someone dares suggest that medical regulation is stifling innovation, they will be asked to defend Theranos, which appears indefensible.

jonknee 2 days ago 2 replies      
It's just a matter of time before huge writedowns in the valuation happen. And Elizabeth Holmes won't be described as a billionaire for much longer (which unless I have missed something is almost all on paper).

Without a drastic plot twist it appears this company is little more than vaporware. At least the investors that will lose their money are people who should have all known better (and can afford the loss!), back in the dot com boom this thing would have been held by mom and pop.

chollida1 2 days ago 2 replies      
I can't imagine the stress she must be under right now, unfortunately, it seems like the vast majority of it was her own doing.

Will be interesting to see what the company does. Normally the CEO would be "asked" to step down from having any involvement with the company whatso ever.

However, I believe she's the majority shareholder so the usual remedy of removing her from the company altogether might not work so well.

Man, there goes any hope of a decent exit anytime soon Thernos, as usual its the employees themselves who will absorb the brunt of this. I hope they have alot of money saved because if they try to raise again, and its debatable if t hey'd be able to, its going to be a nasty round.

wavesounds 2 days ago 0 replies      
"One of those tests, a blood-coagulation test known as prothrombin time, measures how long it takes blood to clot and is often used by doctors to determine which dosage of the blood thinner warfarin to give patients.

Wrong prothrombin time results could cause doctors to prescribe too little or too much warfarin. Too much of the drug, also known by its brand name Coumadin, can cause fatal bleeding, while too little can leave patients vulnerable to clots and strokes, according to medical experts."

Huge free market failure here. Thank god we still have some working government regulation in this country.

dwolfson 2 days ago 5 replies      
How did a company like Theranos get so "far" with all signs early and present pointing to deep, fundamental problems? I refuse to believe investors simply failed to perform due diligence.
makomk 2 days ago 0 replies      
Of note is that this letter is dated before the big dog-and-pony show they did of appointing a bunch of experts to their scientific and medical advisory board. Guess that was their attempt to get ahead of this news.
mplewis 2 days ago 2 replies      
Rehosted for 24 hours without the paywall: http://pastebin.com/RwipXxds
aznpwnzor 1 day ago 0 replies      
I've been short Theranos from the beginning. It's very obvious to people who have interacted with the type of person Holmes is.

> Stanfraud graduate (not even graduated)

> Father has a IV in his name

> Both parents work in DC (east coast)

These are HUGE red flags in a field where results are much more tightly correlated with technical expertise. They wouldn't be in another field that is less tightly correlated such as banking or politics.

Furthermore, anybody that has done any amount of research in any capacity knows that an undergraduate claiming their research project (in biology especially. CS is possible) could launch an entire company is either purposefully delusional or incompetent.

programminggeek 2 days ago 0 replies      
It seems like Theranos was a scheme to trick investors. It feels like the emperor has no clothes, but it was one of those ideas where "they are successful because they are successful" without anyone looking behind the curtain.

Maybe it's that legitimate medical tests take long enough that you could get a lot of sales and investment off of early trials and social proof.

I don't know anything about it to say that it really was a Bernie Madoff type situation, but it has a bizareness to it that feels similar.

kqr2 2 days ago 1 reply      
Direct link to letter from CMS to Theranos with proposed sanctions and justification for sanctions:


return0 2 days ago 1 reply      
Why haven't we heard anything from the VCs or , for that matter from anyone except WSJ ? If this letter is true, this is completely gross, how can a startup which is being punished for fraud still enjoy high valuations and, apparently the tolerance (if not support) of the silicon valley ?
electic 2 days ago 5 replies      
I wonder how much Quest and LabCorp have lobbied to get Theranos under the microscope. Almost all labs have findings including FDA labs that need be to corrected. I just find it odd that WSJ seems to get access to government documents, internal information, and competitor benchmarks over and over again. Theranos faults aside, something does not smell right here.
Ankaios 2 days ago 0 replies      
Anybody know which retirement funds and other institutional investors are most exposed to Theranos through VC and other investment?
cylinder 2 days ago 2 replies      
Uber skirts city/state regs; you can't mess with the FDA, among other federal agencies (such as FAA).
desireco42 2 days ago 1 reply      
I can't imagine being in her shoes. Kind of sorry for her, she was supposed to be an inspiration for women everywhere.

On the other hand, she is an excellent example of how not to be disconnected from reality for founders.

forrestthewoods 2 days ago 2 replies      
At what point does the fraud become criminal?
AzzieElbab 1 day ago 0 replies      
Wow this is personal. The 4 trillions dollars empire strikes back
ageofwant 2 days ago 0 replies      
wsj's paywall prevents me from getting to their version of "the facts" and their presentation of it. So I'll just make up my own.

Suffice to say that this debacle won't do any further biotech investment any good, and that's a great shame.

US$ 10B is a lot to piss away, I hope some good came of it.

mrfusion 2 days ago 0 replies      
That sounds oddly specific ...
TheRealPomax 2 days ago 1 reply      
To Read the Full Story, Subscribe or Sign In.
transfire 2 days ago 2 replies      
My personal opinion is that their technology was too disruptive and would have ultimately undermined too much money making in the industry so it had to be stopped. The whole things smacks too much like a witch hunt. Including the fact that whenever I mention my opinion is gets down voted to oblivion.
the_economist 2 days ago 2 replies      
In light of all the negativity about this company, I would like to note that I have a friend who regularly uses their services in Arizona and is delighted by them.
plainOldText 2 days ago 2 replies      
It's sad to hear Theranos still has issues, but I think people should give them credit for showing the world the lab experience can be quick, simple and painless; not to mention the fact that they actually publish their prices online, which other labs do not do. You can also order and view all your results on the phone app, which is also nice.
stevebmark 2 days ago 2 replies      
Federal regulators "banning" a specific person from an industry is rare. 23 and Me didn't receive anything close to this type of regulation, scrutiny, and public accusations. Theranos may not be a perfect company, but it's likely some powerful people are pulling strings to snub them out for an agenda that supersedes regulation.
daveguy 2 days ago 0 replies      
Note the letter, dated March 18th gave Theranos 10 days to respond (April 1st). According to the company they responded within the timeframe and have not received any sanctions yet.

Rumor is the response was short and read: "Bring it, Feds! We have Kissinger! ... KISSINGER!!!"

Jeremy Guillory's Counter-Complaint against Cruise Automation drive.google.com
328 points by finkin1  1 day ago   329 comments top 51
rayiner 1 day ago 11 replies      
The complaint has two major theories:

1) There was an actual agreement between Guillory and Vogt that they would be a 50% owners. The YC application is a memorialization of the fact that this agreement existed.

2) Even if there wasn't an actual agreement, Cruise is using IP that Guillory developed.

The relevance of the YC application is this: Oral contracts are in general perfectly valid, unless they apply to a specific situation that requires a writing. A YC application listing the parties as 50-50 co-owners is at least strong evidence that an oral contract exists with those terms. It's reasonable to infer that if people have a writing proposing to do X, then they actually did X or have already agreed to do X.

While a vesting schedule might be typical, it's not going to be implied into existence unless there is some evidence the parties intended for there to be a vesting schedule. For similar reasons, questions of how much Guillory actually contributed will be relevant to (2) but not (1). A 50-50 joint venture is like marriage. Come the divorce, the assets will be split 50-50, even if one party earned all the money. The law won't come in and try to value peoples' contributions after the fact. That would be impractical. The law trusts that people say what they mean and mean what they say.

This case will turn on whether Vogt has any evidence to counteract the inference that may be made from the YC application. It will also turn on legal issues such as whether a writing, not just an oral contract, is required for the sort of arrangement Vogt and Guillory allegedly made, and if what's in the YC application is a sufficient writing to meet that requirement. IIRC stock issuance requires a signed writing in Delaware so that could be a stumbling block depending on how the agreement is framed.

davemel37 1 day ago 3 replies      
Honestly, I think this whole story is a case of Kyle and Sama making a serious misstep in how they treated a fellow human being. It's clear Jeremy was involved and contributed in some capacity. If we ignored the legal for a minute, he is arguably entitled to at least a discussion about the cap table and some sort of payoff. However, Kyle telling him he gets nothing and than offering him $100k of his own money is both very insulting and very telling. It is a low ball offer starting a negotiation.

It all went downhill from there. It was no longer about money, now it became about justice, and from a justice perspective Jeremy deserves some credit, acknowledgment and respect for his contribution.

Just read Jeremy's complaint and you see he mentions the rewriting of history and the lack of mention of him in the press coverage, etc...

Ronald Reagan had a plague on his desk that read, "Man can achieve anything so long as he doesnt mind who takes the credit."

If Kyle would have shown some respect to Jeremy, this problem would have went away for a couple million.

I don't blame sama, he started with a preconceived notion of charlatans coming out of the woodwork and was also biased to one side. His anger is the most telling sign of all. It is anger at not respecting Jeremy initially, leading to digging a massive hole.

Walking away from this story, I want to side with Jeremy. If we lived in a meritocracy, I am inclined to believe he is not really entitled to much more than an honorable mention as the brains that started it all...but this was mishandled in such a way that any judge would WANT TO SIDE WITH THE LITTLE GUY, and the YC application and video is enough basis to let them find in Jeremy's favor...even though we all know he doesn't deserve it all.

I think an apology, and public acknowledgement of Jeremy's contribution to the direction and strategy would go a long way in settling this dispute...that and a few million dollars.

beambot 1 day ago 2 replies      
> In early October 2013, Guillory met with 28-year-old Vogt, a self-proclaimed MIT drop-out who had spent a month to earn a degree in installing Microsoft Windows, and whose most impressive technical achievement by his own account was to build a device to crack certain kinds of high security safes. But Vogt had a shared interest in the emerging self-driving field from his days at MIT and its entry in the DARPA challenge. More importantly, Vogt had millions in capital from his successful sale of two previous start-ups in TV and video gaming, along with investor contacts.

Can someone shed light on this paragraph? Twitch sold for $1B, so it's probably a bit disingenuous to take so many digs at Kyle's expertise & accomplishments... If anything, Kyle's software expertise is just as (if not more!) valuable than Jeremy's MechE skills for the early Cruise product.

EDIT: Also, I'm pretty sure Kyle worked on MIT's DARPA entry [1]. At the very least, I know he was working with laser rangefinders -- I wrote an article back in 2008 using photos of his SICK LRF teardown [2]. If anything, after reading this "he stole my expertise/idea" claim, I'm more inclined to side w/ Kyle & sama.

[1] http://web.mit.edu/6.111/www/s2005/PROJECT/Groups/15/main.ht...

[2] http://www.hizook.com/blog/2008/12/15/sick-laser-rangefinder...

jamiequint 1 day ago 4 replies      
As someone who has both started and worked very early at multiple startups, it's so incredibly outlandish to hear someone claim that they brought in a business plan and some ideas, and that ideas alone should represent an equal percentage ownership to someone who actually worked on building a business for multiple years. In startups no battle plan ever survives first contact with the enemy. There is a reason why most successful companies release an initial version of a product early, then adapt to market conditions rather than sitting down, writing a long business plan, and executing it.

If Jeremy's MechE experience and background in self-driving cars was so valuable how did Cruise manage to pivot from just offering an autonomous driving add-on that only worked on the highway to building a fully-autonomous city-based driving solution without him. How did they manage to raise millions of dollars, write all the code, and build all the hardware without him. It just doesn't add up.

AndrewKemendo 1 day ago 4 replies      
The most interesting thing to me is that Cruise went through YC, several funding rounds and most of a massive public acquisition - apparently before anyone did enough due diligence to find out about this being even a potential problem (if the claimant has any grounds - which it seems there are at least some amount) and heading it off at the pass.

That alone speaks volumes.

1123581321 1 day ago 2 replies      
The facts seem to be more on Jeremy's side than Kyle's except that the application video demonstrates that Jeremy believed Kyle also knew something about robotics.

Regardless of the outcome of this incident, if you apply to Y Combinator with someone who knows the YC partners better than you, and your cofounder decides to push you out, your cofounder will be supported by YC against you. This is now something that every team of founders will have to think harder about now. It will harm founder cohesion which will reduce the success percentage in each batch.

On the other hand, this is a positive signal to people who want to exploit a cofounder to get past the YC application process and then push them out of the company.

minimaxir 1 day ago 2 replies      
> The promise was memorialized in the October 21, 2013 Y Combinator application, submitted by Vogt with the knowledge and approval of Guillory, that identifies Guillory and Vogt as the founders of Cruise and lists Guillory as a 50% shareholder of Cruise Automation

This is interesting, as the YC Application does require breakdown. ["If you have not formed the company yet, describe the planned equity ownership breakdown among the founders, employees and any other proposed stockholders. (This question is as much for you as us.)"]

iandanforth 1 day ago 2 replies      
From the complaint:

"Vogt, as the sole Director of Cruise Automation, Inc., authorized the issuance of 50% of the Companys stock to Guillory;"

That seems like a very clear statement. It's either true, in which case Guillory has a very strong case, or it's false and he doesn't.

alain94040 1 day ago 2 replies      
As a self-proclaimed expert on co-founder issues[0], I'm glad that we're hearing both sides of the story. As expected, they don't match at all. Hopefully, SamA will read both, try to find an honorable middle ground, and write another blog post.

Basically, One mistake seems to have been made: writing on the YC application that they are both founders, possibly stating a 50/50 split. That's one mistakes, two years of hard work, and one billion dollars.

[0] As the author of the co-founder equity calculator, I still receive about one email a week from founders asking for advice about co-founder issues. After several years, I think I have seen about every possible problem with co-founders.

Bahamut 1 day ago 0 replies      
After reading the various viewpoints posted, here are my thoughts.

Jeremy sounds a bit greedy, and probably won't get 50% compensation, but probably will get a significant amount since it sounds like he wasn't dealt with fairly through the whole process if his claims hold up.

However, based on Sam Altman's actions as depicted, this makes me not to ever want to work for a YC company, and I've been approached by plenty at various stages (early to late). With an investor that wants to resolve things in bad faith, I cannot trust that I wouldn't ever potentially get screwed the same way, all because an investor believes "That person does not deserve compensation, so we'll operate shadily to make it end that way."

It makes all the talk about nice people and such from YC leaders sound as fake as the reputation of many tech industry people in the Bay Area is touted to be.

aresant 1 day ago 4 replies      
Sounds like they offered $4.5m ("triple the last offer" of $1.5m) to go away.

I assume the attorney would only make that statement if they had supportable documentation.

Given that Guillory appears to be a "needs a paycheck" guy that's an awful lot of money to walk away from without a damn good case.

possibility 1 day ago 3 replies      
> After hearing the announcement, Guillory contacted Vogt to inquire about his share of the proceeds from the sale of Cruise to GM. Vogt responded that he was due nothing, but first offered $100,000, then $1 million, and then $1.5 million and acknowledgment that Guillory was a co-founder but only if Guillory would immediately surrender his ownership rights.

> The second Director to contact Guillory, Altman, also said he was authorized to negotiate on Cruises behalf and offered Guillory triple the amount of Vogts previous offer, but only if Guillory would agree to sign a formal settlement agreement that same day.

3 x $1.5 million = $4.5 million. Personally, I would have taken the money, but I think it must be incredibly hard to make such a decision under time pressure and without counsel. Still, you can retire on that money and basically be happy, and I would have chosen that over this shitstorm if I'd had the presence of mind.

refurb 1 day ago 2 replies      
"After Guillory engaged counsel, cross-defendants then precipitously filed and made public their lawsuit, accompanied by a public blog post by Cruise investor and Director Sam Altman that wrongly accuses Guillory of extortion and an attempt to disrupt General Motors (GM) acquisition of Cruise."

This is why you don't speak publicly about a court case you're involved with. Now every single word Sam wrote will be put under the microscope and whether or not he "meant" something won't matter. All that will matter is what the jury believes he meant by it.

theoracle101 1 day ago 2 replies      
So let me get this straight.

Jeremy was "waiting", while Cruise raised seed, Series A then B, and congratulated them assuming that he still had 50% and was happy to see his work grow?

He never thought to protest, or sign any documents at each round giving his consent. If this isn't extortion I don't know what is.

It will be pretty easy for Cruise to prove he wrote no code/prototyped nothing. All he has is association with Kyle and Cruise for 4 weeks before they parted ways.

Sad to think all the engineers at Cruise, working their ass off, getting fucked over by this guy. He'll probably end up with more than all of them.

a_small_island 1 day ago 1 reply      
Here is the YC application video from the counter complainthttps://www.youtube.com/watch?v=_P6oXe1YI90
akg_67 1 day ago 0 replies      
The media coverage of this dispute, Sam Altman blog post, details of claims and counterclaims are doing nothing more than tarnishing YC brand. YC need to settle this dispute as quickly as possible.

Protecting YC reputation as the ones in founders corner in the world of "Angels are demons and VCs are vultures" is more important. The salacious details of strong-arming, fire your lawyer hire mine, and exploding offers are doing nothing more than giving appearance of YC that it is not much different from the people they were trying to help founders deal with.

the_zodiac 1 day ago 0 replies      
Sam, you messed up here. Your post just ended up giving more leverage to Jeremy.

There is a reason you should listen to lawyers and not just write something 'before the lawyers get to you'.

pbreit 23 hours ago 0 replies      
This thread seems to be falling faster than it's numbers would suggest. There are currently at least 3 older articles with fewer votes above it.
Dwolb 1 day ago 1 reply      
For what it's worth, the YC app video mentioned in the complaint here: https://m.youtube.com/watch?v=_P6oXe1YI90
sergers 1 day ago 1 reply      
after reading this, YC and Sam altman might be the dagger to kill the acquisition by GM...

if true of course... but cant deny that he was a founder and has somewhat of a claim. do i think he deserves 50% in any possible scenario? no... but he was being strong-armed into taking the deal (which is just business as usual).

if this goes to Jury trial he has a case for more than the measly 4.5million

edit: "deserves" was a bad choice of words, i meant entitled.

steven2012 1 day ago 0 replies      
This is why sama should have stfu and not said anything. There are two sides to every story and the argument presented is compelling, so it's up to a judge and/or jury to sort this out. Of course sama has a dog in this race, which makes it even dumber that he commented at all. I hope he learns from this.
burger_moon 1 day ago 2 replies      
It still isn't clear to me how Vogt cut Guillory from the company. How that is even possible when they had already established the company at a 50/50 split?

This also sounds like he was around for a lot longer than Sam implied in his blog.

I have a lot of mixed feelings about this whole thing; parties on both sides have been rolling around in mud it seems.

masterponomo 20 hours ago 0 replies      
I doubt this is what PG had in mind when he brought Sam on board. Just a prediction, we will soon be wishing Sam well in his future non-YC endeavors. He's perfectly justified in strongly protecting his own investment, but using HN to vilify the opposition--not cool.
samfisher83 1 day ago 0 replies      
Can Sama get sued for Libel? I think writing that post was not a good idea. This Jeremy dude seemed like he had spent some years working on this.
coldcode 1 day ago 0 replies      
Given that joining YC is supposed to make building a startup easier they cleared screwed up this time in not requiring clear contracts with everything specified. There is no place for oral contracts or quasi legal agreement given that the potential payoffs are so huge.
onebot 1 day ago 2 replies      
Unbelievable. An experienced & successful entrepreneur would take on an unknown cofounder without any kind of vesting schedule + cliff. Doesn't make any sense to me. I am not buying Jeremy's side at all.
tlogan 1 day ago 2 replies      
It seems like KEKER & VAN NEST LLP is Jeremy's law firm. They represented Google in copyright infringement vs Oracle.Do I read this correctly?
boto3 1 day ago 0 replies      
This is gold:

In early October 2013, Guillory met with 28-year-old Vogt, a self-proclaimed MIT drop-out who had spent a month to earn a degree in installing Microsoft Windows.

tlrobinson 1 day ago 1 reply      
Well, I have a feeling we'll be seeing a change to the wording of the equity split question on the YC application...
danielpal 1 day ago 4 replies      
I just read both complains. This one is frankly ridiculous. The fact is that Kyle incorporated the company before he met Jeremy. And from Jeremy's complain, he is trying to build the case by saying he was more competent than Kyle. Yet why didn't he continue with the idea by himself if he was so competent?

The only proof he is using to say he was a co-founder is a YC application. This is I hope a non-binding document. I hope judge agrees that the only way to get equity in a company is if its granted in the form of shares. Jeremy was never granted any shares so he own's 0 shares.

He also acknowledges he did no provide any IP to the company. So if he didn't provide any IP and didn't receive any shares he should be entitled to 0.

I really hope Kyle wins and Jeremy is found guilty of tortorous interference and is obligated to pay for Kyle legal fees.

mooreds 1 day ago 1 reply      
And this is why founder vesting is so important. Ideas and knowledge are great, but execution is what really matters. If they'd had a cliff (3 mos, 6 mos, a year, etc) and a written agreement, none of this would be happening.

I went through this with co-founders recently. It was unpleasant and expensive, but at least everyone knows where we stand w/r/t leaving, vesting, etc.

This excerpt from Do More Faster is worth reading:

"A common reason for startup fatalities, particularly in the early days, is some sort of conflict between co-founders. One of the main reasons for co-founder conflict is that many aspects of the relationships were either ill-defined or misunderstood. To minimize the chance of this, its critical that you and your co-founders come to agreement on some key issues. Ive framed the most important of these as a set of questions that the co-founders should be asking each other as they enter into the business relationship.

Many of these questions are hard but they get only harder with time. The sooner you address them, the better off your startup will be."


jontas 23 hours ago 0 replies      
A lot of people are criticizing Guillory for waiting until the deal was announced to come forward. Whether or not this is true (it is disputed in the two opposing briefs), one can hardly fault him for not wanting to spend time, money, and effort litigating for half of a company that may or may not be worthless. I would wait for some evidence of success/value before deciding to invest my time/money into claiming my half of the pie.
rdl 1 day ago 0 replies      
Is there a standard restricted stock repurchase agreement/ founder vesting here? If so, was it exercised?

I now have a new fear which trumps "failure to file 83b in time". I am so incredibly paranoid about doing 83b, already.

bing_dai 1 day ago 0 replies      
To any entrepreneur who reads this thread and suddenly develops the cold sweat-inducing thought that "Oh No...I do not have proper paper work with that departed ex-cofounder/ex-employee either!", please build the courage to talk to that person and have proper written agreement in place. Consult a lawyer if necessary (IANAL). That way, you would not be in the same situation as Cruise and Guillory.

I worked at a VC firm for about 3 years. By far the most difficult situation to mediate was co-founder disputes.

parray 5 hours ago 0 replies      
Knowing Jeremy, this doesn't surprise me whatsoever. Greedy and good at selling his side of the story. One of the most selfish human beings I know. Kyle, I'm rooting for you to win this case here. You deserve it for the hard work you put in.
danbmil99 1 day ago 0 replies      
Not precisely equivalent, but I was involved in a startup where 3 of us split the shares without any vesting agreement in the paperwork.

Fast forward 18 months, one of my co-founders was fed up and decided to quit. He claimed (correctly) he was entitled to his 33.3% regardless of future work or any other factors. Of course he would be diluted if there were investments or option grants, but his position was the split represented the full value of our contributions at the start date. After all, he argued, we were paying ourselves salaries for the work we did, so that was our compensation -- the equity was simply an investment that may or may not pay off some day.

In the end, we paid him a lot of hard-earned cash to buy back most of his stock over a period of years -- enough for him to live very comfortably without working, while we sweated our asses off to make something of the venture. Probably stupid of us, even though in the end the company went public and the stock was quite valuable for a while.

Moral of the story: get the paperwork right or pay the consequences.

BTW, quitting co-founder wrote up the founding documents...

6stringmerc 1 day ago 0 replies      
The one thing this dispute and drama makes me wonder is if GeoHot might have a competitive advantage for a limited window. Time will tell.
karmacondon 1 day ago 0 replies      
YC includes a vesting clause as a standard part of their incorporation documents, in part for just this situation.

I've heard that a corporation was formed BEFORE the YC application. If shares were issued in that corporation without a vesting clause, then that's that.

If shares were not issued and the YC application is the only evidence of a 50/50 split, then why wouldn't one assume that vesting was part of that agreement? The question on the application was "describe the planned equity ownership breakdown...". Someone could reasonably argue that they agreed to a 50/50 split given the assumption of a vesting schedule, and would not have agreed to it otherwise. Which is to say, if the YC application is the proof of ownership, then how can you ignore everything that is also implicit in that application?

prawn 1 day ago 0 replies      
I imagine that things that seemed insignificant in the HN application may prove now to be quite problematic. I'd guess that founders might feel inclined to nominate a 50/50 split, assuming that anything else could be a red flag for YC's judgement?
axg 1 day ago 0 replies      
IANAL, but wouldn't Jeremy's 50% be relative to the time he left the company? No reasonable person would assume a co-founder leaving a startup would retain 50% equity.
hoodoof 1 day ago 8 replies      
It seems that the people who now own the company acknowledge that he was the cofounder but feel that "well he didn't do much, so he doesn't deserve his full shares".

The law doesn't work like that.

It's exceedingly strange to have had the initial cofounder depart and nothing was done to formalise the terms of that separation.

Also Sam seems really annoyed that this ghost-co-founder has turned up with this claim at the most inopportune time, and suggests that this is bad behaviour. I don't think so, it's the right way to play it. Wait until you have maximium leverage and then play your legal cards. The missing cofounder would have been a fool to play it any other way, thereby losing his leverage. The evidence that he has played it right is that so many people are running in circles desperate to resolve it - he has them against a barrel.

It appears the due diligence was pretty loose. Heads will roll.....

nykho 1 day ago 0 replies      
In the cruise Cross complaint it says that they entered together to Cruise as a joint venture. In this joint venture they put code, algorithms, etc. Is it posible to say that newer algorithm, code, etc or even other responsibilities not mentioned from Vogt, are not part of the joint venture?. The idea of this it would be to contain the % of ownership of the joint venture. Or is this their plan all along?
a13n 1 day ago 0 replies      
It's pretty common SV knowledge that ideas are a dime a dozen and team & execution are what really matters. However, this doesn't necessarily hold up in court. It'll be very interesting to see how this plays out. Especially considering sama's involvement.

Any idea when we'll get an update?

nxzero 1 day ago 0 replies      
Very possible this has been covered, but how would a startup execute proactive due diligence to counter such claims from go to exit?
enraged_camel 1 day ago 0 replies      
It looks like this whole case rests on whether Jeremy can actually produce any document that shows a 50/50 split. This can be the corporate charter, or it can be some sort of paper with both their signatures. IANAL, but even the YC application alone may be sufficient if it indeed does say they're joint owners.

As a side note, Sam Altman's recent blog post [1] vilifying Jeremy really rubbed me the wrong way. Sam is hardly a neutral player in this, and his post really felt like an attempt to ruin Jeremy's reputation in Silicon Valley. Sam really should have kept his mouth shut here, because depending on how this case plays out, it may be his own reputation that may be endangered.


jboydyhacker 1 day ago 1 reply      
A couple reactions after reading the cross complaint:

First. In a game of legal posturing sometimes a good writer can make a great deal of difference. Jermeys lawyers are fairly good writes and they weave quite a huge story. I think as I said in original comments there is almost no way this case gets dismissed on summary judgement. Thats unfortunate because it means no easy way out.

Second. Man Jeremy is pretty dismissive of Kyles background and its downright nasty. two successful startups and not related to autos. Well, does Jermey have any successful startups at all? Its not a small thing and someone unpleasant to read if you are in the startup world or have spent much time actually trying to build a business to see lawyers talking smack about a guy whose done pretty well.

Lastly, its a fine piece of writing but I still go back to what the hell did Jermey do for one month that would entitle him to anything. I think you have to go back to what is the convention in the industry which is a typical vesting schedule applies and thats a risky in any startup.

I also have to say poor Kyle must feel terrible. Im honestly kinda sick to my stomach reading the complaints. Startups are tough thing and 2.5 years vs 1 month in a big difference in blood sweat and tears no matter how much Jermey put in. It strains any reasonable amount of credulity that if Jeremy felt this way hed never mention it until now. I believe under the law that does weaken his case quite a bit. I forget the legal concept but in some cases when you don't speak up- it minimizes your right to speak up later.

It's deceptive to not speak up and let someone else continue building something under the mistaken belief they owned it- when you beleived you owned half. I think that's the part that has a lot of people taking Kyle's side- imagine if you built something for 2.5 years and you thought you owned all of it- and someone else believed the whole time they owned half?

There is an inherent unfairness to that and the law does recognize that.

My best advice for Kyle would be figure out a way to close the GM deal without settling as these guys are in for a fight. Get everyone else paid, close the deal and let the lawyers handle it as even reading their very well written prose- I dont think there is a case here for Jeremy and given all the drama in the nice prose I think their lawyers know that too and its just a well worded shakedown.

But yeah- really a sickening read. A lot of my opinion is based on the assumption Jeremey never said a thing about this until after the huge sale. If that's the case, quote sun tzu all ya want but it's still slimey and I think against some basic precepts of US corporate law.

rajacombinator 18 hours ago 0 replies      
This whole incident really lowers my opinion of YC.
rdl 1 day ago 0 replies      
Has anyone pulled the $20 worth of filings from Delaware on file number 5403771? Seems stupid for everyone to do it.
mkoble11 1 day ago 2 replies      
haha, this seems like total bullshit.

there's no WAY an experienced founder like kyle would have given 50% of the company away, especially without a vesting schedule.

alexcaps 1 day ago 1 reply      
This makes me sick. Jeremy makes me sick. Despicable.
Jeong19 1 day ago 3 replies      
This thread is full of nasty comments about sama and his blog post.

To those of you attacking him, remember that you're talking about a man who has already proven himself to be one of the most disruptive entrepreneurs SV has ever seen, despite still being relatively young. When Sam was a fresh Stanford dropout, he built Loopt, the very first location aware app, which spawned dozens of imitators, including Foursquare and Gowalla. It also doubled as a dating app popular amongst gay men and easily beat Grindr to market by a decade.

If sama says Jeremy's claim is baseless, then I'm inclined to believe him, on the strength of his reputation and accomplishments alone.

Edit: Could the downvoters at least explain themselves? Is defending YC or sama enough to deserve downvotes now?

Proposal: Go should have generics github.com
348 points by dsymonds  2 days ago   406 comments top 40
NateDad 1 day ago 3 replies      
I work on juju (https://github.com/juju/juju), which all told is about 1M LOC. In my almost 3 years on the project, I have not been bothered by lack of generics, basically at all (and I worked for 10 years in C# on projects that used a lot of generics, so it's not like I don't know what I'm missing).

Do we have 67 implementations of sort.Interface? Sure. Is that, by any stretch of the imagination, a significantly difficult part of my job? No.

Juju is a distributed application that supports running across thousands of machines on all the major clouds, on OSes including CentOS, Ubuntu, Windows, and OSX, on architectures including amd64, x86, PPC64EL, s390x... and stores data in a replicated mongoDB and uses RPC over websockets to talk between machines.

The difficult problems are all either intrinsic to the solution space (e.g. supporting different storage back ends for each cloud), or problems we brought on ourselves (what do you mean the unit tests have to spin up a full mongodb instance?).

Generics would not make our codebase significantly better, more maintainable, or easier to understand.

mattlondon 2 days ago 7 replies      
I can feel the pain on the Sort issue. I've personally found sorting annoying in Go - I had a bunch of structs representing data entities from a database that all had the same field and I wanted to be able to sort them by this field.

Seemed like a LOT of work (basically implementing the same sort that was 99% identical for every struct) or use weird reflection-workarounds to get this to happen. In Java I would not even given this a second thought and be back to coding up the important part of the code ages ago.

I am a new go-lang user so would love to know what the best approach to resolve this is without a) repeating the same thing for every struct, or b) relying on "unsafe" reflect techniques (since AppEngine rejects code that does that) - surely sorting structs is a super-common, basic thing for a systems language? I've seen someone just nonchalantly say "Use interfaces" but I'm not sure still.

I like the language generally but this is a real "WTF?" moment for me.

bigdubs 2 days ago 5 replies      
After watching Rob Pike's Go Proverbs talk I am pretty convinced generics, as much as some would want it, will never happen. He proselytizes "just copy a little code here and there" quite clearly, which is at odds with the complexity that generics would add.
Animats 2 days ago 4 replies      
Generics as a language retrofit tend to be ugly. See C++.

I was at one time plugging for parameterized types. Go already has parameterized types; "map" and "chan" are parameterized types. You write "make(chan int)" and "make(map[string] int)". You just can't define new parameterized types; "map" and "chan" are all you get. With parameterized types, you could create more generic data structures; if you needed a generic b-tree or a quadtree library, you could have one. Maps in Go are more special than they should be.

Parameterized types are less powerful than generics, but not too far from what Go now has. The goals in the document mentioned here require generics with all the bells and whistles. Remember, Go still has reflection; if you don't need high performance, you can simulate generics at runtime.

f2f 2 days ago 3 replies      
"The intent is not to add generics to Go at this time, but rather to show people what a complete proposal would look like. We hope this will be of help to anyone proposing similar language changes in the future."

This started in 2010. Hopefully an illustration that go's developers are not against generics in general, this ought to quell some of the negativity... Pick one of the four proposals you like :)

teps 2 days ago 1 reply      
What people think of generic package instead of fine grained generics? https://docs.google.com/document/d/1vrAy9gMpMoS3uaVphB32uVXX...

I think they would really fit the language well. The good part is:

* Only the package and import statement change, the rest of your code stay the same and is not cluttered

* They are easier to reason about as it is more coarse grained

* They do not break the compatibility

The the bad part is:

* You cannot implement filter/map/reduce (but being able to implement them would conflict with the orthogonality of the language)

* It could lead to code bloat, but not more than manually copy pasting the code.

coldtea 2 days ago 2 replies      
As long as programmers that are comfortable with (and prefer) 30+/40+ year old PL paradigms are at the helm of Go's design, it's not very likely the language will grow Generics.

To paraphrase Max Plank:

"A new language-level feature does not triumph by convincing its opponents and making them see the light, but rather because its opponents eventually die, and a new generation grows up that is familiar with it."

insulanian 2 days ago 1 reply      
My code is full of map, filter, reduce/fold and similar generic reusable functions.

How do people deal with such things in Go? Do they really make copies of such functions for every type they're working with? (And by type I don't mean just int/string, but all model entities/classes.)

golergka 2 days ago 0 replies      
Lack of generics was one of the reasons I abandoned Go halfway through a hobby project (the other reason was lack of normal exceptions).

But. Go's principle is simplicity and understanding the concepts you're working with. And generics as a concept is a little bit more complex than simple List<int> explanation leads you believe. As C# developer (language with very good generics support), most of other C# developers I've met, unfortunately, can not easily and confidently explain covariance and contravariance concepts in an interview setting which means that they don't understand generics concept completely. Mix it up with "null" virtual type, and you've got yourself a type system that you think you understand, but really don't, and will discover this misunderstanding in the worst possible moment.

So, while Go sucks for projects that I personally usually work on, its qualities make it a great language for other kinds of projects, and for these projects, generics may not be wort it with a trade off with simplicity.

dom96 2 days ago 3 replies      
Maybe instead of adding generics to Go it's time to look into alternative programming languages which already implement generics, like for example Nim.
tssuser 1 day ago 0 replies      
Let me give a concrete example of how I've been personally impacted by the lack of generics. My project makes liberal use of pointers to represent "optional" fields, since they need to be distinguished from the zero-type. Alternatives would be to have a boolean associated with every field, but that clutters the API and still faces a lot of the problems with using pointrs, such as:

- Easy to forget to check that pointer != nil

- Overloaded semantics: it's unclear whether a pointer represents an optional type, or is being used to pass-by-refrence (i.e. unclear whether a value should be treated read-only)

- Need to deep copy every struct, which is easy to forget and inefficient (at least the reflect version)

There are solutions to each of these points, but they all add complexity (e.g. generating code), and most take a lot of extra effort. With generics I could have Optional<T>, With a Get() function returning 2 values: the value type, and present (i.e. the way maps work). The caller is forced to handle both returns, making it much harder to forget to check it.

A lot of arguments for generics focus on higher-level functional programming abstractions, but this is a simple and extremely common use-case, and the lack of a solution is responsible for many real-world bugs.

willvarfar 2 days ago 1 reply      
I would be happy if there was a generics solution aimed just at type-safety for containers, and not a general 'reuuse' thing.
rebnoob 1 day ago 0 replies      
"Let the machine do the work." [1]

By Rob Pike, a man of contradictions.

[1] https://blog.golang.org/generate

tombert 2 days ago 3 replies      
Isn't a huge issue with generics the compilation time?

Much as I love Haskell, I'm not going to sit here and tell you that a big program compiles quickly.

That might be an individual issue with Haskell, but regardless, isn't type-inference kind of expensive in compilation-land? And wouldn't that kind of kill one of the big features of Go?

chmike 2 days ago 0 replies      
Consider using the D language instead if generics is a problem. Go is what it is and shouldn't change. It has it's advantages that make it optimal for particular contexts. Otherwise you'll turn it into another c++. There is a strong benefit in keeping Go simple as it is.
acjohnson55 2 days ago 0 replies      
At this point, I have to just conclude that Go isn't "for me". I respect the great things the community has produced. But I'm just not interested in a static language without generics.
agentgt 2 days ago 2 replies      
I have some biased doubts (come from the JVM world) about needing really fast compiling and is often cited as the reason Go does things the way it does (or is).

Is binary dependency management just not an option ever?

I have a friend that works for Google and supposedly they have a proprietary build infrastructure that will offload the building of C++ code into a cluster. I sort of wish Google open sourced that as I believe it basically does some form of binary dependency management.

Yes I know Go like C++ can target lots of platform (and thus needs many binaries built) but an organization only needs the major ones. And yes I know the language statically compiles to a single binary but that doesn't mean things can't be precompiled.

Go these days seems to be mainly used for microservices or small utilities and thus you don't need and should not have a gigantic code base for such things. I can understand monolithic UI apps having large code bases but this is clearly not what Go is being used for these days.

There are many other languages that compile to native that seem to compile fairly fast (OCaml and Rust from my experience but I don't have huge code bases).

Is compilation speed really an issue given the use cases for Go?

jgalt212 2 days ago 0 replies      
As an outsider, I've been following Go for a while, and given the lack of common high productive language features such as Generics and optional function arguments with default values, to me, it seems like right now Go is much better than C, and in some dimensions better than Java and in others worse.

If it just adds a few things, and then when you account for portability and speed, it could be better than the dynamic languages that people often compare it to.

plq 1 day ago 0 replies      
There was a time when the only language with decent platform support had to have turing-complete meta-programming support, inheritance, polymorphism, lambdas, preprocessor, custom allocators, placement new, std::erase_if, etc, etc. because we were basically stuck with it.

Those times are now way behind us. Today, there is a plethora of languages to choose from, each with their strengths and weaknesses, each most powerful in the niche it's designed for.

Go is not a language with generics. If you need generics, don't use Go.

Go should not have generics unless it's trying to dominate the world. And we all know that no language can achieve world domination nowadays, not anymore. So it should rather trying to be the best language possible in the niche it was designed for. That niche doesn't need generics. On the contrary, a vocal part of the community says generics would taint Go.

Go doesn't have generics. It's however got a proper FFI. Use it. Or don't.

isuckatcoding 2 days ago 2 replies      
This makes me wonder if this has happened before in another language. I can totally imagine 10 years ago someone saying "oh we'll never need that in PHP" and voila 10 years later you've now got feature X in PHP. Any of you wise old timers want to share such examples? Does history keep repeating itself with these sorts of things?
ungzd 1 day ago 0 replies      
Proposal: Algol should have dependent types.
musha68k 2 days ago 1 reply      
The one thing that makes Go special is that it's pure "Engineering-Zen".

While that doesn't make programming in Go the most fun exercise it makes it a profound one (after some getting used to).

Less distractions, less eGo (forgive the pun).


I'm still having a hard time embracing all of that myself - I don't even like Go.

I really miss all the functional cleverness I've come to get used to over the years - especially talking Erlang/OTP as the main (losing) "competitor" for most of my backend projects here (microservices, kubernetes yaddayadda).

slantedview 2 days ago 1 reply      
From the post:

> As Russ pointed out, generics are a trade off between programmer time, compilation time, and execution time

This misses the most important metric: quality. Lack of generics forces copying and pasting of code which inevitably lowers quality and increases defects. It's amazing to me that with the all the expense that crappy software causes, we're more focused on compilation and execution time. Last time I checked Golang's performance numbers, the supposed benefits of this focus were not present while the downsides of being a language that forces programmers to do the wrong thing were present as well.

kzhahou 1 day ago 1 reply      
Came for a Proposal. This article only provides motivation for generics.

Are there any concrete proposals on the table? I don't recall seeing any, and it would be great to work from that and pick it apart. Otherwise, we're just arguing the opinion that they're useful, against the opinion that they'd soil the language.

bsaul 1 day ago 0 replies      
Could anyone here tell me why, in practice, it isn't possible to write generic algorithms such as sorting or Red/Black T using interfaces only in GO ? It seems like having interfaces such as "comparable, equatable,etc" should work in theory.

I've read somewhere that it was memory usage related, but i've got trouble picturing why (maybe an example would help)

meapix 2 days ago 0 replies      
Can you give an example of the issue you're trying to solve with Generics and Go is giving you hard time? don't take Go to C++.
dschiptsov 2 days ago 2 replies      
Go is supposed to be a better C, not a better C++.
sambeau 2 days ago 0 replies      
If it was up to me I would break with ASCII for the syntax. It would make parsing easier for the compiler while simultaneously making it slightly annoying to use for the programmer.

Having to reach for a complex key combination would be enough to remind everyone that Generics should be used sparingly.

amhunt 1 day ago 0 replies      
Sitting in a lecture by Kernighan rn and he says GO will NOT be implementing generics
ngrilly 2 days ago 0 replies      
The four proposals linked at the bottom of the page are very interesting, and prove that a lot of work have already been invested in bringing generics to Go. It makes me confident that it will happen one day, when the pieces fit together in a nice way.
andrewfromx 2 days ago 2 replies      
can I tell u the BEST thing about golang? Strings cannot be nil! It's amazing. They are always "" or you know, "something" so you never have to test for if s == nil || s == "" or in ruby s.blank? to cover both cases. that is all.
kafeltz 1 day ago 0 replies      
Rich Hickey could play on golang, this guy is so fascinated by simplicity too.
amelius 2 days ago 1 reply      
How does Erlang solve it?
AzzieElbab 1 day ago 0 replies      
If you google "brutally practical" you will get "uninspired hack". Either that or the whole thing is simply pre-alpha
elcct 2 days ago 0 replies      
One day someone will create a fork and implement it.
max_ 2 days ago 0 replies      
just fork the repo.
xiaopingguo 2 days ago 1 reply      
Why not just fork the language? Why does one language need to do all the things?
peteretep 2 days ago 2 replies      
If they accept generics, then there is an implication that the language design isn't infallible as a result of being written by Rob Pike, and then the whole house of cards falls down as people start clamouring for things like real exceptions.
mk44 2 days ago 2 replies      
Go is designed by google, for google. Why should they make it to your liking? Why do you rely on google?
thegenius2000 2 days ago 1 reply      
I agree with the author's request, I'm just not convinced he proposes a design. I mean I recognize see the need for some sort of generic programming, but the big question is how not why, right?

Edit: My bad. Didn't see the bottom of the page.

Google App Engine Silently Stopped Sending Email 5 Weeks Ago code.google.com
281 points by markdown  1 day ago   109 comments top 18
cramsdale 1 day ago 6 replies      
Hey Folks,

The issue reported here is linked to App Engine and Gmail tightening up their spam filters. The root cause was an increase in organizations sharding out their spam systems to utilize App Engines free tier in such a way that is (a) in direct violation of our ToS and (b) making all of our lives suck a bit more (raise your hand if you want spam). Its unfortunate that while App Engine is trying to provide a free tier that enables developers to easily use our platform, others see it as an opportunity for exploitation. Even more unfortunate is that it has a negative effect on legitimate users. Its a fine balance that has been highlighted by several users within this thread.

Spam filtering is not a perfect science, and were constantly tweaking things -- with our customers in mind. This issue should be limited to new applications where the trust signal might be a bit lower. Thus existing apps / customers shouldnt be experiencing issues (which was also highlighted by a few within this thread). If this isnt the case email me: cramsdale@google.com. For those asking, hey, why am I being penalized for being a new customer? See my previous comment about spam filtering not being a perfect science. Then email me.

Were here and we want to help.

-- Chris (Lead PM for App Engine)

jpatokal 1 day ago 1 reply      
Google Cloud Support here. To correct the misleading title, this is not a generalized outage of any kind, but an issue with some applications sending mail that trigger spam/malware/etc filters. Since spammers generally do not comply with RFC 3514, filtering is unfortunately not an exact science, so false positives happen and we're working with the customers in question on a case-by-case basis.

Also, App Engine is integrated with both Sendgrid and Mailgun, and we strongly recommend using these if you're planning on sending larger quantities of mail:



martindelemotte 1 day ago 4 replies      
I wonder if people at Google know how awful it is to report an Appengine bug. You have to battle for days to get your bug acknowledged.

I've noticed that they've added more support people since the early days but it's still a pain as they seem to have an incentive to answer the tickets as fast as possible without doing any real investigation.

The linked issue is a good example of this behavior.

fencepost 1 day ago 2 replies      
Reading through the thread, it looks like in the last few days it's been narrowed down to "messages which contain the URL of the App Engine instance silently disappear with no bounces or errors."
tominous 1 day ago 0 replies      
Maybe I'm old-fashioned but if I was affected by this issue (and it had persisted for so long) I would set up an SMTP server and an appropriate MX record, then demonstrate using mail logs or port snooping that this was definitely not a receive-side issue.

Of course the support organisation here (Google) should be well equipped to set up this kind of testing themselves and work with a customer to root cause the issue. In my experience though these issues are rarely taken seriously until there is no-one else left for support to blame.

cyberpanther 1 day ago 0 replies      
I had a Google engineer tell me once that the App Engine email api was never meant to send a lot of mail. That is why the quota is so low. I would recommend using a third party service to do e-mail.
ajackfox 1 day ago 1 reply      
I'm pretty surprised by the long wait times between "updates" from support... that's pretty rough. I understand it can be hard to get a good signal to noise ratio with support, but when so many other people are reporting issues, perhaps it's time to take it a bit more seriously?

This thread is a great example of why support is so hard.

waleedka 1 day ago 2 replies      
Must be an isolated issue. I run two App Engine apps and send 30K emails a day and I haven't noticed any change in my email open/click stats, which implies that emails are being delivered as usual.
Maxious 1 day ago 2 replies      
I've been getting bounces on Google Apps hosted gmail for calendar notifications coming from calendar-notification@google.com

Email is hard.

awinter-py 1 day ago 1 reply      
The problem is that pesky humans can't decide what they want. Not sending mail is a bug but not receiving mail (i.e. spam filtering) is a feature? I can appreciate how this is confusing.
mikecb 1 day ago 2 replies      
Sendgrid is a great alternative and not hard to set up.
daveguy 1 day ago 2 replies      
At least a few reported that it was bouncing at the destination once they set up an appropriate handler. They are only "not being sent" when there is a url in the message and that is a big red flag on the receiving side (not much text but a url). It doesn't look like an App Engine problem. It looks like messages being identified as spam problem.
hartator 1 day ago 0 replies      
This is a documented API endpoint: https://cloud.google.com/appengine/docs/python/mail/ with quota.
mattbillenstein 1 day ago 4 replies      
Don't use appengine for anything -- ever. It's a terrible platform/product and google would rather you move on to GCE anyway...
samskeller 1 day ago 0 replies      
How could you loudly stop sending email?
markdown 1 day ago 0 replies      
tedmiston 1 day ago 1 reply      
> I've set this thread to not be visible by anyone but yourself and Google.

Or not.

Animats 1 day ago 0 replies      
This is what happens when you buy a service from an organization oriented toward ad-supported services. The mindset is that it doesn't matter if the user isn't being served.
ASCII Art Weather wttr.in
331 points by hjc89  2 days ago   102 comments top 34
pixelbeat 2 days ago 0 replies      
Oh cool, this is using my ansi -> html conversion script!


dredmorbius 2 days ago 4 replies      
What's impressed me about this is how much faster it is than Web pages or Android apps.

Really: just transmit the data necessary to convey your information. Your app is in the way.

wttr.in on Android using Termux is actually pretty awesome.

insulanian 1 day ago 0 replies      
This is awesome!

But now I get:

> Sorry, we are runnig out of queries to the weather service at the moment. Here is the weather report for the default city just to show you, how it works. We will get new queries as soon as possible.

Can't you cache the data for an hour to prevent this from happening? Heck, just show me something even if it's fake as I love how the thing looks :)

edw519 2 days ago 0 replies      

 \/\/\/\/ / \ / \ / \ /\_/ 0 0 \_/\ | | \/ \ |_| / \/ \ / \ \-----/ / ---------- Brilliant! \ / \_______/ | |

manuw 2 days ago 1 reply      
And the moon: http://wttr.in/Moon
akerro 2 days ago 1 reply      
We were unable to find your location,so we have brought you to Oymyakon,one of the coldest permanently inhabited locales on the planet.

>Freezing fog

Don't want to know more about this place.

benzinschleuder 2 days ago 2 replies      
It works in the Terminal, too!

curl http://wttr.in/london

korginator 2 days ago 1 reply      
The weather data appears horribly inaccurate. I'm traveling in Vietnam (Hanoi) today and we're seeing temperatures between 25 and 31 deg C, but the site says we're roasting at 34 - 48 deg C.

I checked Bangkok where I will go tomorrow, and the site claims we will hit 45 deg C which is ridiculous.

fabiendem 2 days ago 2 replies      
Nice! :)alias weather="wget -O - http://wttr.in/london -q"
tsukikage 2 days ago 2 replies      
wttr.in/Cambridge looks completely wrong. Says Cambridge, UK at the top, but -2C and heavy snow? Really?

EDIT: looks like it's using http://www.worldweatheronline.com/cambridge-weather/scottish... rather than the one in East Anglia

oneeyedpigeon 2 days ago 3 replies      
It's pretty cool, but it doesn't quite line up for me. Unicode characters (but ... "ASCII"?) are the prime culprit, but something also going on with the 'delimitting' header lines too - they're way off.
geoffry 1 day ago 0 replies      
Nice! I like the aggregation into time blocks people tend to care about.

What's the definition of the probability of precip you're using? And how are you aggregating it? I ask because definitions can vary a lot and aggregation may not be straightforward.

Another thing to consider is how you interpret/convey wind direction. Usually weather data sources provide the direction the wind is coming from. And people seem split on if the arrow should point to the origin or direction, depending on their background. It's a shame there aren't more characters like (with the arrow going the other direction) to better represent origin/direction.

tyingq 1 day ago 0 replies      
Related, "Forecast Font" takes an interesting approach to this, using a webfont: http://forecastfont.iconvau.lt/

Because it uses css to overlay elements, the woff font itself can be just the required pieces, rather than all the combinations. The woff font is 4.6kb. Not as tiny as ascii art, but still pretty small.

buro9 2 days ago 1 reply      
I much prefer weather via finger using graph.no:



And the command:

 finger london@graph.no
Which produces this:

 -= Meteogram for united_kingdom/england/london =- 'C Rain (mm) 17 16 ^^^ ------^^^^^^ 15 ^^^ --- ^^^ 14^^^ ^^^ 13 ^^^ 12 ^^^ 11 ========= === ^^^ 10 ============ === 9 ' | 2 mm 8 | | | | | | | | | 1 mm _11_12_13_14_15_16_17_18 19 20 21 22 23 00 01 02 03 04 05 06_07_08 Hour SE SE S S S S S S S S S S SE S S S S E SE SE S SW Wind dir. 1 2 5 4 4 4 5 4 4 4 3 3 3 2 3 2 1 0 1 2 1 3 Wind(mps) Legend left axis: - Sunny ^ Scattered = Clouded =V= Thunder # Fog Legend right axis: | Rain ! Sleet * Snow
So it's 16'c with a light cloud cover until 1pm, clear until 4pm after which it gets a little cloudy again, some rain between 11pm and 7am, which is very light and heaviest around 2am.

That is the equivalent of this:


Which has, for me, proven to be the most accurate and informative weather forecast.

And if you just want to use the latest meteogram image:


Also: Weather available via HTTPS! I dislike how the vast majority of apps on mobile devices use location for reporting local weather but do so over HTTP and leak location data. BBC, I'm looking at you.

If you're on Android there's a great widget that makes using any other weather app pretty redundant for most cases:


cat-dev-null 2 days ago 1 reply      


 curl -sk https://wttr.in/sfo

yaronn01 2 days ago 0 replies      
To visualize weather in the terminal you can also use:

$> a=$(curl -Ls "bit.ly/1OuRPDJ"); curl --data "$a" "tty.zone?cols=${COLUMNS}"

(via https://github.com/yaronn/wopr)

leni536 2 days ago 0 replies      
Nice, looks nice in w3m an lynx too (I wonder if it's possible to enable colors though). I have new alias:

 alias weather="w3m -dump wttr.in/budapest"
Edit: I just found in the comments that it works with plain curl too with color. Nice.

hammerha 2 days ago 0 replies      
Really good! Now I can see the weather on the command line in addition to a calendar and a clock.

I think It'd be better to show the weather of yesterday instead of showing the weather of the day after tomorrow so that I can compare the sensory temperature.

tptacek 2 days ago 0 replies      
I don't know why looking at this makes me so happy, but it does.
gitaarik 1 day ago 1 reply      
Made a small bash function for it. You can give the city as an argument and otherwise defaults to the env var $WEATHER_CITY and if that's not set, won't provide any city to the site which will result in the site guessing your location.

weather() {

 if [ "$1" ] ; then city=$1 else city=$WEATHER_CITY fi curl http://wttr.in/$city}

panic 2 days ago 2 replies      
Neat idea! The social buttons on the bottom kinda ruin the aesthetic, though (at least for me).
chrisdew 2 days ago 0 replies      
Why does it forecast sunshine at night?
throw7 1 day ago 0 replies      
I wish it showed dewpoint. Almost all these weather apps never show dewpoint (or it's hidden away), but instead almost always show the relative humidity percentage which is useless and just takes up space.
a3n 2 days ago 0 replies      
It even looks good when I turn off CSS, just lose color, and presentation of the badges at the bottom. Looks really nice in the terminal (urxvt/linux).
acz 2 days ago 2 replies      
For PowerShell:(Invoke-WebRequest wttr.in/Brussels).AllElements | ?{$_.tagname -eq "pre"} | Select-Object -ExpandProperty outerText
aerique 2 days ago 1 reply      
Nice it supports coordinates as well: http://wttr.in/52.1,4.22
slazaro 2 days ago 2 replies      

Perhaps the link should point to the base URL, apparently it detects your location if available (didn't work for me because I have it disabled).

edem 1 day ago 0 replies      
It says "ERROR".
jccc 2 days ago 0 replies      
I'm in Oxford, Ohio. Thinks I'm in Oxford, England.

(Not criticizing, just amused.)

ninjakeyboard 2 days ago 1 reply      
cool! wind direction causes column alignment issues a bit in chrome.
bdz 2 days ago 0 replies      
I thought this will be something based on METAR codes...
shmerl 1 day ago 0 replies      
What is the source for the weather data?
uberneo 2 days ago 1 reply      
can't find a way to change fahrenheit to celsius
thecryof 2 days ago 0 replies      
Plain, cool.
Rust and Nix = easier Unix systems programming kamalmarhubi.com
252 points by kalmar  2 days ago   79 comments top 13
zuzun 2 days ago 8 replies      
I always find it a bit unfair when I see sloppy C programs usedfor shock value. What if the Rust developer uses fork().unwrap_or(default_value) in a hurry,or writes

 if let Some(child) = fork() { do_only_child_stuff(); } else { do_only_parent_stuff(); }

 if let Some(ForkResult::Child) = fork() { do_only_child_stuff(); } else { do_only_parent_stuff(); }
Now, if you're about to tell me that the examples above are totally stupid and nodeveloper would do such a thing, then you know how I feel about the sloppyC versions. Doing a system call and not checking for error is totally stupid as well.

By the way, you can also write your own wrapper functions in C, that transform the return value into something like

 struct fork_status { enum { ERROR, PARENT, CHILD } state; int ret; };
Then Clang and GCC will warn you about missing switch cases.

That said, the libc bindings in Rust are pretty low-level and a project thatoffers higher-level wrappers can be very helpful, so I hope my comment doesn't create the impression that I'm ripping on the project itself.

geocar 2 days ago 6 replies      
I was very confused. I thought this had something to do with Rust and nix[1].

[1]: https://nixos.org/nix/

subway 2 days ago 1 reply      
Neat library, way too already-overloaded name.
justincormack 2 days ago 1 reply      
I maintain LuaJIT syscall bindings https://github.com/justincormack/ljsyscall - they cover quite a lot, namespaces, netlink and so on. I spent quite a bit of time making them more intuitive than the raw bindings, with consistent error handling, also namespacing constants and so on. It is definitely useful to have these types of interfaces not in C.
bigger_cheese 2 days ago 4 replies      
Minor nit pick but don't you typically do something like this in C

pid_t childPid;

switch (childPid = fork()) {

case -1: ... /error handling /;

case 0: ... /Child Specific/

default: sleep (5);}

edit - seems to mangle formatting but something like that seems fairly clean.

superobserver 2 days ago 1 reply      
This gets me thinking how awesome it would be to have functional programming on *nix systems, like Haskell (specifically). At least then it might be forcibly designed to be made more useful and ultimately get more people on board. One can dream.
sergiolp 2 days ago 4 replies      
I can't help but think they're trying to fix something that isn't broken at all.

Adding new abstraction layers rarely helps when doing systems programming. You (as in "the developer") want to be as near to the machine as possible. C does this pretty well.

Perhaps I'm just getting old :-(

SixSigma 2 days ago 5 replies      
In reliability theory "X failed" is a poor error message. What we want to know is which failure mode has been triggered.

The function of kill is to kill a given pid, so there are two failure modes : "the pid didn't exist" or "the pid didn't die"

bogomipz 1 day ago 0 replies      
The term NIX is becoming a bit overloaded - we've got the Nix package manger which run on NixOS, Nix the Rust library all of which can run on most 'Nix systems.
ZephyrP 1 day ago 0 replies      
I feel there are more promising options for a name than "Nix".
etrain 2 days ago 0 replies      
type systems are great.
peterwwillis 1 day ago 1 reply      
"the return value is conveying three different things all at once. [...] Thats a lot of information for one poor little pid_tusually a 32-bit integerto convey!"

Someone never had to bit-pack their programs to save memory, disk space, or bandwidth. In fact, it's a huge waste of memory; if you only need 3 bits, a 'char' would have sufficed. Saves 24 bits!

Of course, we could use nibbles to make data structures where the fork return value only takes up 3 bits instead of a whole byte, but that could be considered micro-optimizing. (the compiler may do this for us anyway, though)

larozin 2 days ago 1 reply      
We have switched to Nix as internal dependency manager for our C++ project. It is really exciting! No more "after commit XXX you need to (re)build/update YYY with ZZZ". Developers just type `nix-shell` and get sane guaranted to work environment on their local machines corresponding to git HEAD. If we need to add or patch dependency we just edit and commit nix file. And if developer need to rollback to old commit/branch it will get old/custom environment from cache without submodule rebuilds.
Announcing TensorFlow 0.8 now with distributed computing support googleresearch.blogspot.com
214 points by mrry  2 days ago   40 comments top 8
TrickedOut 2 days ago 3 replies      
Is OpenCL anywhere on the roadmap? I now make laptop and desktop purchasing decisions almost entirely on Nvidia card presence. One reason I didn't get the latest MacBook Pro.
pvnick 2 days ago 1 reply      
Can anybody offer a TLDR of how this works (or point me to one)? It seems particularly well-suited for convolutional nets with many layers if I understand correctly, but I am curious as to whether e.g. recurrent nets may receive the same speed-ups from parallelization.
therobot24 2 days ago 2 replies      
Since TensorFlow was dubbed as slower than most (http://arxiv.org/abs/1511.06435) it'll be nice to see how this affects perceived performance
fudged71 2 days ago 7 replies      
I wonder how effective this would be on a fleet of raspberry pis. With things like Resin.io, Weave, and Kubernetes, I wonder if it would be possible to create something like Seti@home for crowdsourced machine learning for all kinds of different applications. Many of us have spare raspberry pis laying around that could be utilized in a global network.
taliesinb 2 days ago 1 reply      
I'm getting 404s for some of the tutorial sections when selecting r0.8 (e.g. https://www.tensorflow.org/versions/r0.8/tutorials/mnist/tf/...). master works. Seems like some of the documentation is only built for master and for r0.7, not for r0.8.
modeless 2 days ago 2 replies      
Very cool! Any progress on Windows support?
elcct 2 days ago 0 replies      
I can predict in 10 years we will see a rise of computer psychotherapists.
hiddencost 2 days ago 2 replies      
Nice; it only took them 7 months to catch up to amazon:


Merkel Grants Turkish Request to Prosecute German Satirist bloomberg.com
211 points by eloisius  1 day ago   376 comments top 50
geff82 1 day ago 18 replies      
Nobody seems to see how Merkel got this thing very right.1.) Law says: you may prosecute it. So she "allows prosecution", as she also can't ignore diplomatic implication of doing otherwise.2.) She also declares that the government will get rid of this law.3.) She will surely not pressure the justice system in this case...4.) The case will get dismissed as there is no basis for punishment any more (in Germany, you are entitled to be punished under the lesser harsh law when the law changes, and when the law disappears, there will be no punishment).

I think this was an intelligent move. She complied with Erdogans request and in return says a big "F* Y" by eliminating the law and saving the comedian.

ChrisBland 1 day ago 3 replies      
Turkey makes the claim that insulting the head of state is a 'crime against humanity'. Turkey is a corrupt country and is committing 'crimes against humanity' on a daily basis. My username is real name, I live in the US, please come sue me. If you need to be insulted vs just stating facts, the party leadership are doo-doo heads. For anyone not aware, here is LY HRW report on Turkey. https://www.hrw.org/world-report/2015/country-chapters/turke...
Kristine1975 1 day ago 2 replies      
"In a country under the rule of law, it is not up to the government to decide," Merkel said.

"Mutti" is trying to deflect the blame again: In this very special case (103 StGB), the law mandates that the government authorize the prosecution. Otherwise there is no case.

mercer 5 hours ago 0 replies      
I rather like the outrageous and ballsy response from one of Holland's biggest comedians, especially considering that we have a similar law here (if I understand correctly):

https://www.youtube.com/watch?v=_6jW2cIMfos (Dutch)

For those who don't speak Dutch: Teeuwen is expressing his outrage over the fact that when Erdogan used to be a 'boy whore' in Istanbul, he was paid by Teeuwen for sex. And even though Teeuwen 'stimulated' Erdogan, the latter didn't return the favor (and do what he was paid for). He also says that many other people have the same complaint, including our prime minister.

When the interviewer tries to clarify and explain to the viewer that this is a satirical bit to make a point, Teeuwen insists over and over again that this is the literal truth and that it's not satire.

Crass, but effective. In an interview a few days earlier Teeuwen actually argued that this is what people should do en masse, especially in places with such a law, and despite the risk.

If you consider that he is not an idiot and knows that there's a real risk in doing these kinds of things, and that a good friend of his (Theo van Gogh) was actually murdered over insulting islam, it's an incredibly courageous thing to do.

mpweiher 1 day ago 2 replies      
I am not usually a Merkel fan, but I think this is a brilliant move, as it sends two loud and clear messages:

1. We are a country of laws, not of autocratic presidents. Therefore it is the task of the judiciary, and only the judiciary to decide this matter. I have full confidence in the judiciary to do so and to come to the right conclusion.

2. And I have a pretty clear idea of what the right conclusion is: what the Turkish president demands is ridiculous. In fact, the fact that we have a law that allows him to demand this is ridiculous. We are therefore getting rid of the law.

Not allowing the prosecution to go ahead would have sent the message that autocratic decisions by the executive in judicial matters is the correct way to proceed, regardless of which way the decision goes. It also wouldn't have sent as clear a message as to the ridiculousness of the request as getting rid of the law.

Again, not usually a fan, but this is damn good.

interfixus 1 day ago 10 replies      
No sinister men with long coats and barking dogs at three o'clock in the morning, but the screws are being tightened on free expression over much of Western Europe these days, not least as concerns potential offense towards a certain easily offended religion.

[edit: typo]

pilif 1 day ago 4 replies      
>In a state of law, its not the domain of the government, but rather the prosecutors and the courts, to weigh individual rights,

IMHO that's all that needs to be said. This is exactly how it should be. This is a problem for which laws were written and this is something the judges should eventually have the power to decide upon.

If we don't like their decision, it's up to us to change the laws.

nanoman 1 day ago 5 replies      
I think this is the right move, regarding separation of powers. I trust the German jurisdiction to do the right thing here.

Plus, she said that the law protecting foreign officials from defamation is obsolete and they will void it.

kyleblarson 1 day ago 0 replies      
During Erdogan's recent visit to Washington DC his security personnel attempted to bring their thuggery to American protesters and journalists and that did not work out so well: http://www.motherjones.com/mojo/2016/03/turkish-presidents-a...

edit: fixed typo

mvdwoord 1 day ago 4 replies      
I would have had great respect if Merkel had taken a stand on this issue. Regardless of letting the supposedly trustworthy courts of Germany decide on this, this would have been an excellent opportunity to show the world what European values are all about. It comes over as political cowardliness, but this seems to be the norm now more than ever.
bayesian_horse 1 day ago 6 replies      
It's a pity that most people don't understand the finer point s of the decision, like that it is only a "permission" to conduct investigations, and that the responsibility for anything else will be in the hands of a court. Or multiple courts, probably.
phreeza 1 day ago 1 reply      
I think this is the way it should be done. Separation of power means the judicial branch needs to make this decision. Looks like the legislative branch will now revoke the law that lead to this, but either way, it should not be up to the executive to make this decision.
brakmic 23 hours ago 2 replies      
I'm sure this entry will be downvoted very soon, but however, let's try it. :)

Well, now almost everyone in Germany talks about the Comedian and the Turkish President ignoring the much bigger scandal popularized by the term "Panama Papers".

I'm not from the "conspiracy lunatics" fraction but let's dissect this whole stuff a little bit less emotionally:

a) In Germany we have very independent courts.

b) and a very stable democracy (which most of us are truly proud of)

c) and in fact we do have such a silly paragraph that 'protects foreign diplomats' from being 'insulted verbally'.

d) The current government also announced that'll soon throw out this obscure paragraph, which btw. was mostly used by the former Iranian Shah Reza Pahlevi to attack its critics in Germany (that's why we call it 'the Shah Paragraph').

Anyway, I'm very confident that our democracy is stable enough to handle anything, even the childish behaviour of a foreign head of state. By following our laws, no matter how ridiculous the paragraphs may sound, we _protect_ our democracy and dignity.

I'm not a fan of Merkel but one thing is clear: Our Chancellor is governing our country while some others prefer to sue comedians. ;)

I'm not a very political person nor a member of any of our parties but I always go to vote.

That's how we protect our democracy. By letting people vote, the government govern, and courts do jurisprudence.

And we'll never ever sue our comedians. In fact, Erdogan helped us clean up our constitution by throwing out a useless paragraph.

tehwebguy 1 day ago 5 replies      
Erdogan is a terrible leader, he's been arresting journalists critical of him.

Even Russia has taken shots at him, implying that Turkey is the means by which IS is able to turn oil into cash and continue operations (my money is on the next US president deposing him).

I just can't understand why Merkel would care what he thinks?

jessegreathouse 1 day ago 2 replies      
She should have told Turkey to shove it instead of appeasing them. When this man gets exonerated by the judicial system it's unlikely that Turkey will be satisfied and the result will be the same for relations between Turkey and Germany. Dance with the one you came with, Merkel.
krylon 20 hours ago 0 replies      
In Germany, we have a saying, "Getroffene Hunde bellen" (A dog, when hit, will bark). If the poem had been directed at, say, Obama, he probably would have been like, "whatever, I don't give a four-letter-word", and the whole thing would have been properly ignored by pretty much everyone.

The fact that Erdogan goes apoplectic instead and is all like "off with his head" is really telling more about Erdogan's ego problem than about the German legal system or the media.

I think I learnt in elementary school to not let somebody else provoke me like that. I have been told time and again that I am kind of naive, but I had somehow assumed that a head of state would have managed that. It seems that people never learn that the best way to deal with this would have been the line Jeff Bridges gave in the Big Lebowski, when a character named Jesus essentiallly goes on a rant: "Yeah, well, that's just, like, your opinion, man".

techterrier 1 day ago 2 replies      
I'm not sure she could do anything else. However bad the limits on free speech are, applying the law selectively is probably worse.
melvinmt 22 hours ago 1 reply      
Contrary to popular belief there is no real freedom of speech in Europe, as least not in the sense as Americans know it. You can still get up to 2 years of prison time for insulting the King or a friendly Head of State in the Netherlands (and Germany apparently), you can be prosecuted in French for ridiculing the Holocaust (just look at the case for Dieudonn) and the list goes on and on.

Erdogan is of course an insecure and manipulative guy who likes to get back at anyone who mocks him, but he's also quite smart to be aware of and to use the legal options that are available to him in Germany as well as in Turkey. If you don't like it, and supposedly uphold liberal values, change the laws. It's as simple as that.

hussong 1 day ago 1 reply      
For those interested in some of the finer legal aspects of the situation, here's an interesting article in German (excellent discussion there as well): http://verfassungsblog.de/erlaubte-schmaehkritik-die-verfass...

Bhmermann may have gone a little bit overboard on his exemplary "Schmhgedicht" -- unneccessarily long and nasty just to make a point, other indicators are the music, the flag in the background and subtitles only for the poem (making the example much stronger than the context / introduction) -- but given the context, he should be fine.

the-dude 1 day ago 0 replies      
Keep in mind here Erdogan's intented audience is his own people, not the outside world.
tobltobs 21 hours ago 0 replies      
This decision and the year long coverage of the now coming law suit will make sure that 'Erdowahn goatfucker gangbang' will be in the google index for decades.

Maybe Erdogan will be even the number one result for 'goatfucker' or 'gangbang party' after this all settled down.

I don't know how this could be called a victory for Erdowahn.

Apart of this I really look forward to the process. This will be the best satire ever, worldwide, at primetime.

I believe Bhmermann wanted just that and it would have been sad if Merkel would have destroyed his evil genius plan.

mabbo 23 hours ago 2 replies      
She's rolling the dice a bit, but it was her best shot.

If she very strongly was in support of his prosecution, she'd be seen as very anti-free speech. If she blocked it entirely, Erdogan would be pissed off and probably stop blocking refugees for her.

Her goal here is that the courts decide to throw out the law entirely when it goes to trial (is that a thing in Germany? Can courts do that there?) or they give a tiny slap on the wrist. Then she can say to Erdogan "Well, we tried to stop him".

Worst case scenario here is that the comedian actually goes to jail. That would probably end Merkel's career.

alt_rox_haxer 14 hours ago 0 replies      
"Turkeys Deputy Prime Minister Numan Kurtulmus said on Monday that the German comedian had committed a crime against humanity by insulting the Turkish head of state."


This is what we have come to, folks.

dijit 1 day ago 0 replies      
techterrier 1 day ago 0 replies      
As an aside, I'm really hoping the Streisand effect finally does something useful.
pbhjpbhj 22 hours ago 0 replies      
>German Chancellor Angela Merkel has cleared the way for the prosecution of German comedian Jan Bhmermann (Wash.Post) //

>Chancellor Angela Merkel granted Turkeys request to prosecute a German satirist who derided President Recep Tayyip Erdogan (Bloomberg) //

The crucial statement of what Merkel has done to "clear the way" and what action she took to "grant" Turkey's request to start a prosecution appears to be missing from both stories? Can someone fill in this detail because without it it just looks like "Merkel has not attempted to prevent democratic legal processes from continuing in their normal course".

What's this really about?

Edit: someone on reddit informed that there's a statute protecting foreign heads of state and that it requires the German parliament to 'allow' the prosecution in some sense.

cm3 21 hours ago 0 replies      
If laws weren't a chaotic accumulation of snapshots of ethics and morals at some point but logical and reasonable instead, we'd have this:


- easy to understand and argue

- no room for personal opinion, especially regarding ethics


- less income for crime+punishment system that has a whole industry around it and in some countries even prisons operated as public companies

- emotional views on penal system would go ignored

Precedent law is also highly questionable and dangerous. It's hard to understand why laws do not apply to many, especially those mucking around and making laws.

It could be very simple, but as long as there's no Vulkan (Star Trek) like approach to these things, I'm afraid we'll always have laws that favor some and punish others, regardless if the actions harmed anybody.

IkmoIkmo 18 hours ago 0 replies      
I don't get why people go wild about this. Imagine I sue you for hate speech against me... does the Chancellor get to decide to throw the case out? No. You let it go to court. The judge looks at the case and judges, according to, ya know, the law? Who are you to deny me that case?

If the law is sound, and it is, the case will get thrown out. But it'll be done by a judge, not by a politician a priori.

It's a very simple separations of power story for me.

Further, the comedian will be protected under free speech laws. Case closed?

dotcoma 1 day ago 0 replies      
Never learn a thing from history, Frau Merkel!
pmarreck 23 hours ago 0 replies      
The speech in question was intentionally provocative/insulting, intentionally illegal (it was even stated as such prior to it), and was barely satire, if at all: http://blogs.reuters.com/great-debate/2016/04/13/a-dirty-not...

Worst of all, it wasn't even funny, unlike the video that enraged Erdogan last month.

agounaris 1 day ago 0 replies      
Thats a disgrace for Merkel and Germany! Lets criminalise comedy...
CapitalistCartr 1 day ago 0 replies      
Yes, the poen is crass at best. The fight for freedom of speech isn't fought at Michelangelo's "David", it's at Larry Flynt's "Hustler".
Jun8 21 hours ago 0 replies      
Here's a video montage from Der Spiegel of the the program: http://spon.de/vg9uR. In a typical Jon Stewart fashion Bhmermann says things and "check" with his "producer" which ones are illegal to say.
blubb-fish 19 hours ago 0 replies      
The "poem" was insulting - and Germany has that law. And with respect to that it will be a German court which decides upon whether a punishment is needed. I think that is fine.
nxzero 1 day ago 0 replies      
Appears, though not an expert, that a pardon would be possible, but a pardon would require a conviction:


ralfruns 1 day ago 2 replies      
If you would publish such a "poem" about anybody in Germany, you could be sued for defamation. Just because you claim it is satire doesn't mean it is protected speech.
13of40 1 day ago 3 replies      
"(1) Every person shall have the right freely to express and disseminate his opinions in speech, writing, and pictures and to inform himself without hindrance from generally accessible sources. Freedom of the press and freedom of reporting by means of broadcasts and films shall be guaranteed. There shall be no censorship."

...but then...

"(2) These rights shall find their limits in the provisions of general laws, in provisions for the protection of young persons, and in the right to personal honor."

So it sounds like their constitution is pretty standard on this point: You have an absolute, indelible right to freedom of speech (unless we decide it's bad speech).

halis 23 hours ago 0 replies      
She's a coward, plain and simple. You don't compromise core principles just to push an agreement through.
tdaltonc 22 hours ago 1 reply      
Why does Germany have a law against insulting other countries' heads of state?
chris_wot 22 hours ago 0 replies      
Here's a translation of what the comedian actually said:


He appears to be telling Erdogan what would be illegal, and making up all sorts of horrible things it is very obvious that Erdogan doesn't do, interspersed with things he may well be guilty of, like beating up minorities.

Now should the German court object to Erdogan coopting the German legal system, I wonder if a defence might be that in fact Bohermann was saying a whole bunch of ridiculous things that are obviously untrue but that satirises how sensitive the Turkish president is.

Now if the Turkish president says that it wasn't all untrue then he'll need to admit to some malfeasance, which he clearly won't ever want to do. So the Bohmermann can say that it was all absurdity and clearly as none of it was true he proves his point that his criticism of Erdogan is valid and that he is an over sensitive despot who is trying to prevent freedom of expression and criticism.

Either way, no matter what the Turkish President does, the comedian wins. The penalty is jail time, but just how long is the minimum and can the comedian be pardoned? And if the comedian goes to jail and the law repealed, then it's open season in Germany and every man and his dog will be throwing even worse insults at Erdogan!

I can see a sort of German Streisand Effect occurring where the insults ratchet up incredibly and an entire nation sticks there collective middle finger up at the Turkish President, who as soon as the law is repeated will be powerless to do anything about it!

Erdogan just can't win, even if he succeeds in jailing the comedian.

AKifer 21 hours ago 0 replies      
Anyway, Putin's Russia is always a safe fallback for that guy.
lr4444lr 22 hours ago 0 replies      
This is one of those times, despite all of the criticisms people on the other side of the Atlantic have about us (some of which are perfectly legitimate) that I am unabashedly proud to be an American, and of our laws and customs.
nmbr213 1 day ago 1 reply      
hums 'Erdowie, Erdowo, Erdogan'
ck2 1 day ago 0 replies      
I saw Amanpour interview that Turkish president over his prosecution of journalists that were exposing him.

He's an insecure little twit isn't he?

venomsnake 1 day ago 1 reply      
Turkeys Deputy Prime Minister Numan Kurtulmus said on Monday that the German comedian had committed a crime against humanity by insulting the Turkish head of state. No one has the right to insult Erdogan, Kurtulmus told reporters.

And if I call a sexual pose that includes extreme bending over and complete submission "The Merkel" will I be prosecuted under German law too? That is a risk I am willing to take.

NietTim 1 day ago 0 replies      
I find this very worrying.
venomsnake 1 day ago 0 replies      
Once you start paying the Danegeld, you never get rid of the Dane.

It was up to her discretion to allow the prosecution to continue if the translations 104a StGB given here are correct. She should have pissed Erdogan.

jackcosgrove 1 day ago 2 replies      
This is why Germany is still not fully western like the USA, UK, and France. Too much authoritarian hangover from the lack of a modern revolution.
nikolay 22 hours ago 1 reply      
This lady has done such huge harm to Germany and to EU - where's the democracy? Why is she still in power? Germany, wake up! You're destroying not just your own country, but EU as a whole as well!

She invited the migrants and so caused the whole migrant crisis. This alone costs EU billions, forced countries to start building walls, and made it kneel down before Erdogan! Now, she's doing extra favors to him! Such a disgrace!

marcoperaza 1 day ago 0 replies      
No man should be dragged before court in shackles to answer for his mockery of a politician. How pitiful for a great nation like Germany to be bullied into this by Erdogan. This is truly a new low, even for Europe's already troubling record on free speech. Germany desperately needs Turkey to save them from this migrant crisis, but has no real leverage.
Famous Photo of Chernobyl's Most Radioactive Material Was a Selfie atlasobscura.com
247 points by hberg  1 day ago   97 comments top 21
owyn 1 day ago 4 replies      
There's an amazing documentary about this that contains a lot of footage of the actual incident and cleanup called the "Battle of Chernobyl".


Things that still haunt me: the helicopter pilots who put the initial fires out flew in 120-180C temperatures and pretty much all died of radiation. And the sequence that starts about here:


Where they are picking up radioactive materials by hand and throwing it off the roof next to the reactor because the robots they were trying to use all break down. Even 1 hour of exposure was deadly so they rotated through shifts, and the guys who did it were called "Bio Robots"

ChuckMcM 1 day ago 1 reply      
The most interesting thing about the elephant's foot was that it disproved the "China Syndrome" hypothesis. That hypothesis of course was that an uncontrolled meltdown would simply melt down through to China (not that it could really go past the core :-) However, what the elephant's foot showed was that the melted core would diffuse into the material as it was melting, eventually it loses enough mass that it goes subcritical, re-freezes and that's that.

That is why pretty much every western reactor has a reservoir of sand under the containment vehicle, if the worst of the worst happens, it melts into the sand which becomes glass.

jordache 1 day ago 5 replies      
"The shutter speed was probably a little slower than for the other photos in order for him to get into position, which explains why he seems to be moving and why the glow from his flashlight looks like a lightning flash."

WHAT? the timer of the shutter has nothing to do with the the actual shutter speed. Using a timer for an old skool selfie has no relationship to blurriness in the exposure caused by too slow of a shutter speed.

caf 1 day ago 0 replies      
Of the five corium creations, only Cherobyl's has escaped its containment.

This is statement is a bit too definitive, because it simply isn't known yet how bad the breach is at Fukushima Daiichi No. 2 - from muon radiography it certainly seems to have breached the primary (steel) containment.

dickwads 1 day ago 0 replies      
"Was a Selfie" - not a selfie"Remarkably, hes probably still alive.""the radiation probably caused the film to develop strangely"

Is there any solid info or is this just clickbait at its best?

LaFolle 1 day ago 4 replies      
A great use case for drones to fly in and take photographs.

A quick Google search shows it already has been done => https://www.youtube.com/watch?v=ra7YbBvbRYQ

Had drones existed in 1986 and deployed to take close photographs of disaster, would it have been safe to access that drone after it returned?

xigency 1 day ago 2 replies      
> and in doing so has been exposed to more radiation than almost anyone in history

This is patently absurd. Those exposed to the most radiation are all dead and died from radiation exposure, effects, and side effects.

lostlogin 1 day ago 0 replies      
In case some didn't follow the first link, it contains this gem: Korneyev's sense of humor remained intact, though. He seemed to have no regrets about his life's work. Soviet radiation, he joked, is the best radiation in the world.
fvrghl 1 day ago 2 replies      
Am I the only one who thinks it looks like he is headbanging while holding an electric guitar?
Jabbles 1 day ago 6 replies      
> Research on the substance has found, for example, that dumping water on it after it forms actually does stop some fission products from decaying and producing more dangerous isotopes.

What? I bet it doesn't. There's no way cooling will interfere with the half-life of the elements. They probably mean that solidifying the extremities reduces toxic/radiation exposure.

mclovinit 1 day ago 0 replies      
Somewhat related to this, I am amazed by the analysis done by bionerd23. Her study of cesium 137 levels in vegetation is interesting. She measured the levels in mushrooms found in Bavaria and apples found just 4km away from Chernobyl and saw that only 0.10 of cesium was found in apples. Interesting study.

You can find her videos on youtube.

unicornporn 1 day ago 0 replies      
> The shutter speed was probably a little slower than for the other photos in order for him to get into position, which explains why he seems to be moving and why the glow from his flashlight looks like a lightning flash. The graininess of the photo, though, is likely due to the radiation.

Yeah, wouldn't that have been exotic. Having worked many years with high end scanning and digitizing photographs from the 1850 to today I can say that apparent grain in a photo from the 80s is not a strange thing, especially if it's a high ISO film. Correcting a bad exposure when post processing enhances that grain. The "graininess" here looks more like interpolation artifacts after upressing, possibly a highly compressed JPEG, though.

cipherous 1 day ago 0 replies      
Amazing that Artur Korneyev, the guy in the picture, is still alive.
stplsd 1 day ago 0 replies      
There is a very interesting documentary from 1991 made as

part of BBC Horizon series called "Inside Chernobyl

Sarcophagus" --> www.imdb.com/title/tt1607059

Crito 1 day ago 1 reply      
More complete quote of the photographer's joke:

> "Don't worry, Soviet radiation is the best in the world. It makes hair thicker and men more potent."


RichieAHB 1 day ago 0 replies      
Always makes me wonder whether these people know what the radiation is doing to them and they're doing it out of some heroic duty, or whether they have no idea whatsoever ... I can't stop looking.
exabrial 1 day ago 2 replies      
When they selfie, was the camera on timer? What is the source of the lightning looking stuff?
mirap 1 day ago 0 replies      
Soviet radiation, he joked, is the best radiation in the world." :
rasz_pl 1 day ago 0 replies      
I bet bionerd23 knows Mr. Korneyev quite well.
acqq 1 day ago 0 replies      
Much more information about the problems to keep the plant from causing more damage is in the NYT article from 2014, the one where the state of health of Artur Korneyev is given:


"These days Mr. Korneyev works in the project management unit, but because of his health he has cataracts and other problems related to his heavy radiation exposure during his first three years he is no longer allowed inside the plant. Soviet radiation, he joked, is the best radiation in the world."

bobwaycott 23 hours ago 0 replies      
I can't get past seeing two users of the Speed Force--one bent over an electric guitar, the other thumping along on bass, captured in a flash of lightning.
Understanding the ginormous Philippines data breach troyhunt.com
261 points by Flimm  2 days ago   90 comments top 13
luso_brazilian 2 days ago 7 replies      
> As serious as the info above is, its only scratching the surface. Per the reports linked to earlier, theres also biometric data relating to fingerprints in the system. This contains columns names such as these:


> The values within there can be quite detailed and Ive no reason to think that this isnt indeed legitimate print data uniquely and biologically identifying the owner. You dont get to reset that stuff once its been released into the wild!

That's one of the biggest dangers in using biometrics as a factor in authentication. Once it leaks (and keeping data safe is one of the hardest task in today's world) there is no changing, no resetting, it is out there and rendered useless at best or a vector for identity theft at worst.

wiredfool 2 days ago 0 replies      
The killer quote for me:

 I actually had to create five new data classes when loading this breach, that is Id never seen this information in a breach before: Marital statuses, Biometric data, Physical attributes, Family members' names

Nutmog 2 days ago 2 replies      
Although this is a lot of data on each person. Each individual field doesn't seem too sensitive on its own.

Electoral enrollment status and place you live is usually public information. It should be to prevent vote fraud.

Without other ID, you give your passport details to every company that uses it for ID, every airline, even the bouncer at a bar. When you're travelling and don't have the local ID, you use it to get a sim card, bus pass, just about everything. It's not really secret.

As for the biometric data, what use would a malicious actor make of that? They can't impersonate you because authentication shouldn't be done with only reproducible biometric data. They could identify you if you're physically touching them, but then they can already see you in person.

Mother's middle name according to the article can usually be predicted by her parents names. Family history and names is also public data. Just ask the Mormon church which hoards it.

veb 2 days ago 5 replies      
A friend of mine in the Philippines, a security researcher himself, said to me that "the breach itself isn't really serious -- it's the candidate the breach favors thats the bigger controversy"
studentrob 2 days ago 2 replies      
> somehow, last weeks news that 55 million Filipino voters data was now out in the wild went largely unnoticed

> ...

> Theres voting history against names (it appears to just be dates rather than the candidate voted for).

So, the data leaked was voter registration info. Actual votes were not in this database.

Other headlines would lead a reader to believe actual votes were leaked. For example, "Megabreach: 55 MILLION voters' details leaked in Philippines". Leaking votes alongside emails would be far more injurious than email addresses and family names.

wjnc 2 days ago 2 replies      
Wonder how well hashed that FINGER_INFO is? Any chance to reverse engineer a fingerprint that would give the same hash? That would be awesome, but not in a good way. A false passport including working biometrics. Implementing a new hash would require what before adequate coverage, 15 years? You cannot easily imagine blocking a whole country's access to international travel because of a data leak.
nmc 2 days ago 0 replies      
Similarly, personal records for 50 million Turkish citizens got leaked a few days ago: https://news.ycombinator.com/item?id=11420139
b_emery 1 day ago 0 replies      
On an etymological side note, I love the origin of the word ginormous:

ginormous |jinrms, j-|adjective informal, humorousextremely large; enormous:

ORIGIN 1940s (originally military slang): blend of gigantic and enormous .

nxzero 2 days ago 1 reply      
Increasely wonder why average person trust any party to secure data that literally belongs to them.

Are there any startups that are building tech allow end-to-end identity management systems? Seems like a huge market.

romanr 2 days ago 2 replies      
So if I ever traveled to Philippines and scanned fingerprints at the border, anyone in the world can unlock my TouchID?
ivanceras 2 days ago 0 replies      
I hope the banks will be cautious on the possibilities of identity thief on loaning on somebody's account.
n3far1ous 1 day ago 0 replies      
I'm a potato...
mypolopony 2 days ago 0 replies      
Love it!
Every shot Kobe Bryant ever took latimes.com
271 points by iamben  2 days ago   174 comments top 24
achompas 1 day ago 3 replies      
A number of commenters have astutely identified the change in shot distribution over Kobe's career, which is due to a combination of age (older wing players tend to drive less and shoot more as they get older or experience injuries) and league trends towards more 3-point shooting.

If you're interested in reading an excellent analysis of the 3-pointer in the modern NBA, I highly recommend Ben Morris's article on Stephen Curry, whose historic shooting ability is so absurd, one could argue he is underutilized despite his high field goal attempt numbers.


josephscott 2 days ago 5 replies      
Of the 30,699 shots, he missed 16,966 and made 13,731.

At the smallest level of performance it is nice to see that you can fail more often than you succeed and still be very successful over all.

waynecochran 1 day ago 1 reply      
Here is an image of every pass Kobe made in his career:


exDM69 2 days ago 9 replies      
How curious that there's a band of no shots that's right on the three point line. But then there are plenty of shots a foot closer to the hoop.

The explanation is probably psychological, you don't want to take shots that are as about as difficult as 3 point shots, but worth only two. But the situation isn't really any better if you take a single step forwards.

Of course, the positioning of the defensive players matters, they're usually just inside the 3 point line.

jonas21 2 days ago 1 reply      
Looks like they used Leaflet, a Javascript mapping library, for the visualization, so you end up with funny stuff like this in the source:

 var courtBounds = [[33.1593, -118.0198], [34.2353, -118.5198]];

riebschlager 2 days ago 2 replies      
A random thought, but you could use this data to play an extremely long game of HORSE with Kobe Bryant.

I'm sure someone is already setting up a Tumblr blog to document their attempt :)

ssharp 2 days ago 3 replies      
It will be interesting to compare this shot chart, of the greatest scorer of his generation, to what Steph Curry's, who may be the greatest scorer of his generation, career shot chart ends up being.

Where Curry's game is extremely efficient, with most points coming from behind the line or near the basket, Kobe was shooting all over the place. Kobe's game was also much more reliant on getting to the foul line.

They were/are both prolific scorers but do it in completely ways.

distances 2 days ago 2 replies      
Quick spoiler: it's about basketball, not photography.
curiousgeorgio 1 day ago 4 replies      
Knowing almost nothing about Kobe Bryant (I haven't followed the NBA for years), it looks like there's an interesting trend in 3 point attempts. At any given year of his career, the distribution of 3 point shots made compared to other shots made seems fairly balanced, as one might expect.

However, the number of attempted 3 point shots (or 3 pointers missed) seems to rise significantly in the latter half of his career. I wonder if there's something to be said about an increase of confidence (deserved or not) behind the 3-point line, and whether that extra point outweighs the increased likelihood of missing as an overall statistic (obviously it could make the difference between winning and losing in a single game). Or perhaps it's indicative of a trend for the NBA overall with more 3 point attempts in recent years. Or I could be seeing something in the data that isn't there.

dsfuoi 2 days ago 4 replies      
How is this recorded; and so accurately?
ben_jones 1 day ago 0 replies      
Say what you will about the NBA (like the fact that they're about to vote to have corporate logos on jerseys in the near future), but what they're doing with data science, and especially the open sourcing of it, is a gold standard not just for sports but for many other industries.
peterjmag 2 days ago 1 reply      
A 14 foot dunk[1]? That'd be a pretty impressive jump.

[1] http://i.imgur.com/H81YlNl.png

agentgt 2 days ago 0 replies      
It would be pretty cool if you could enlarge the graph and change the color of the dots based on other meta data.

For example instead of hit/misses it would be neat to see the colors be based on average time left in the game (gradient from one color to another).

Or perhaps a color for "nothing-but-net-swoosh" (I doubt they have those metrics but maybe they do?).

ocodia 2 days ago 4 replies      
How was he able to make shots from behind the basket?
sccxy 2 days ago 1 reply      
How do you like colors of this chart?

I cannot recognize colors of shots behind 3 point line. Looks like all are 'missed' for my eyes.

anc84 2 days ago 0 replies      
What is the actual accuracy of the positions?
e0m 2 days ago 5 replies      
It's amazing that there's a noticeably higher hit rate on a very precise line right down the middle and a relative shot gap 10 degrees on either side before reaching his "sweet zone". Anyone know why being only a few degrees away from center makes it harder to score?
tedmiston 2 days ago 1 reply      
This visualization is cool, but did anyone else get stuck in it and have to force reload to scroll on mobile?
putdat 2 days ago 1 reply      
For anyone interested in the raw dataset: https://www.putdat.com/hnJwrwM
return0 2 days ago 0 replies      
Curious when we 'll see the "Kobe bryant shot generator". Next days? Next week?
uptownhr 1 day ago 1 reply      
this graph would be awesome if an instant replay of these shots were available
chrismbarr 2 days ago 2 replies      
Too bad you can't ONLY show the missed/made shots, only both.
plg 2 days ago 0 replies      
is there source code showing how to pull down these data points?
yitchelle 2 days ago 2 replies      
Does this include free throws?
       cached 16 April 2016 15:11:01 GMT