hacker news with inline top comments    .. more ..    1 Sep 2016 Best
home   ask   best   3 years ago   
The Dropbox hack is real troyhunt.com
1148 points by joshschreuder  21 ago   480 comments top 34
oxplot 19 ago 9 replies      
Make sure you sign yourself up for something like https://haveibeenpwned.com if you haven't already. Sometimes being timely in responding to leaks can make a big difference on any further leaks.
achr2 10 ago 2 replies      
Dropbox should absolutely be held to the flame for trying to downplay the severity of this. Their communication says 'This is purely a preventative measure', but if you had/have reused this password on any other sites (let's face it a huge proportion of non tech savvy people do this) then your entire online presence may be exposed.
0x0 20 ago 12 replies      
It was pretty obvious the dropbox hack was real several years ago, because lots of spam mail started arriving at my dropbox-unique email almost immediately after the breach. I changed my email to another unique address quickly back then. Unique-per-service email addresses work pretty well as a canary for breaches. Just make sure there is more uniqueness than just the service name to such addresses, or someone could see your pattern and start spamming by guessing popular services.

On a side note, don't forget the time dropbox accepted ANY password during logins - http://www.cnet.com/news/dropbox-confirms-security-glitch-no...

willvarfar 21 ago 4 replies      
50% of the leaked hashes were bcrypt and the other 50% were salted sha1.

So, asking the HNers who crack passwords or follow the tech closely and have a good feel:

Salted sha1 can be brute forced much quicker, but in practical terms what kind of complexity of password is vulnerable today if it was stored salted sha1 vs bcrypt?

And how can this be projected to change in the next couple of years?

donw 21 ago 9 replies      
Since lots of people will be rotating passwords, this is probably a good time to set up Two-Factor Authentication (2FA) as well.

I recommend Authy as your 2FA app, as it lets you set a backup password, which you can use to move your 2FA tokens between devices.

For your critical services, keeping encrypted copies of your backup codes is a must.

lllorddino 14 ago 2 replies      
> 1Password now has a subscription service for $3 a month and you get the first 6 months for free.

Don't pay for this people. Use the open source password manager Keepass http://keepass.info/

zaroth 16 ago 6 replies      
> As for Dropbox, they seem to have handled this really well.

I'm biased, but I can't agree with this. From what I can tell, there are two communications from Dropbox -- one in 2012 [1] and one last week [2].

In 2012 they did not disclose that hashes were stolen, so I don't see how it's really relevant. In the latest communication, they don't actually explain the risk to the user. They say it is "purely as a preventative measure" but if salts and hashes were accessed, then that is not the case.

Just because Troy doesn't have access to some of the salts, doesn't mean the attacker doesn't have access. We don't know how many iterations of SHA-1, but SHA-1 can be run by a single GPU on the order of billions of times per second. So unless Dropbox is coming out and saying they know for certain that random 128-bit salts were definitely not accessed by the attacker, almost all of the SHA1 hashed passwords are getting cracked. Users need to know their passwords are exposed, and must be reset not as a preventative measure, but because they are almost certain to be compromised.

As for the salted/bcrypt passwords, we can see from Troy's hash they used $2a$08$ which is bcrypt with a cost factor of 8 -- 2^8 iterations. Gosney's latest rig [3] could crack these bcrypt hashes at about 105,700 / 8 = 13,212 per second. That's not terrible, but that's still 416 billion tries in a year for a modest investment.

[1] - https://blogs.dropbox.com/dropbox/2012/07/security-update-ne...[2] - https://blogs.dropbox.com/dropbox/2016/08/resetting-password...[3] - https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a27...

watson 15 ago 4 replies      
What really bothers be about this is that Dropbox hasn't bothered to reset the sessions. Even after I manually reset my password (which I wasn't prompted or forced to do btw), all my apps (iPhone, desktop etc) that have existing sessions wasn't expired. So for all I know, a hacker might already have an open session to my Dropbox and changing the password will not fix that

Clarification edit: I did receive the e-mail from Dropbox letting me know that I should change my password, but when visiting dropbox.com I was already logged in and wasn't prompted to perform the pw reset

randyrand 4 ago 1 reply      
How is it possible for Hashcat to crack a 20 character long random password in 6ms? That is mind boggling.

I thought he was just going to hash the password and see if it fit the leaked hash, but no, it looks like he actually did the reverse and cracked the hash to see if it fit the password, right?

Edit: oh it looks like he provided the password to hashcat in the form of a psudo 'dictionary' to use. So Hashcat was not really cracking it - just iterating through a 1 word dictionary - like he said.

VeejayRampay 20 ago 7 replies      
Can someone in the know indicate how to BEST manage passwords for different services in a secure way in 2016? Should I be using password managers ( la 1Password, LastPassword and others), or use something like Keychain Access on Mac OS X (what are the Windows equivalents?), anything else? It's important to note that not everyone is well-educated on the matter, despite the fact that most people on HN are technical people.

EDIT: Thanks everyone for your answers, this is a good example of the power of communities.

peteretep 20 ago 9 replies      
Dropbox is about the only service I use a memorable password for, as it has my 1Password file in it, which has my Google one-time-auth codes in it. If I lose my phone while on the road, only remembering my Dropbox password is going to get me out of the mess. Any sensible other solutions here? It's still ~14 characters, but other than making it more random, what are my options?
maherbeg 9 ago 2 replies      
What sites does everyone have two step verification on? I'm trying to figure out where I need to setup two step verification that also accounts for a phone being stolen/lost.

Between gmail, dropbox (1password is synced here), and apple, I'm not sure where I should be enabling it. It seems like everywhere but gmail and apple is probably the right move...

sordidfellow 14 ago 0 replies      
So we finally get validation of https://news.ycombinator.com/item?id=5300492
aluhut 21 ago 4 replies      
Self hosting is my way to go. Had enough of this.

> My wife uses a password manager. If your significant other doesn't (and I'm assuming you do by virtue of being here and being interested in security), go and get them one now! 1Password now has a subscription service for $3 a month and you get the first 6 months for free.

How about...not? There are tiny open source tools for every OS. You can do it locally, save it on a stick or on your damn phone...why taking more risks especially facing this massive fail here?

jorblumesea 9 ago 0 replies      
Funny, I just got an email a week ago saying they had noticed my password hadn't been changed in awhile (2012, which was interesting based on the article). Sounds like they knew about this and beefed up security.Or, they beefed up security on newer passwords but didn't cut over the old ones? The email did not mention any data theft, kinda wish it did. Too little, too late.
cimnine 20 ago 1 reply      
I wonder if they got the seeds ('secret key' in [1]) for the 2FA as well.

[1] https://en.wikipedia.org/wiki/HMAC-based_One-time_Password_A...

danso 10 ago 0 replies      
Well, thank goodness I got robbed after 2012, which caused me to change all my passwords everywhere. Else I don't think I would've ever gotten around to changing my Dropbox password, as it's just a long string of randomness.
jsmthrowaway 21 ago 3 replies      
Repeating from the other thread:

I highly recommend Troy's HIBP service, hiding your e-mail from showing up in public searches (important for opsec), and donating whatever you can to Troy. He's doing excellent work. This is the first time it's notified me and it was great, because I completely forgot I signed up. I appreciate a service that low maintenance.

HIBP is a truly essential service and I'd be happy to pay more. Even with good password discipline it's useful knowledge on your exposure and I cannot recommend it enough. He mentions it near the end but this is one of those no brainers that should be repeated very loudly.


raverbashing 20 ago 0 replies      
I wonder why the SHA1s don't have the salt. Were they removed so that only the original owners have it so it's easier to crack?

Oh well, another HIBP entry with my email address...

cpach 14 ago 1 reply      
So besides resetting the password, should one also unlink devices and apps?
StanislavPetrov 12 ago 1 reply      
It never ceases to amaze me how people have bought into "cloud" computing. Its hard enough to protect your own data, on your own secure machine. Once you entrust your data to a third party you should have absolutely no doubt that it is at risk. The larger the organization that that third party is, the more inherently insecure it is. In the cloud, it only takes one careless, stupid, or inept person to expose the data of thousands (or millions). And you can't fix stupid.

No thanks, I'll keep control over my own data.

Ffaine 16 ago 0 replies      
I've never trusted dropbox, cloud etc. They drive me paranoia. :/
martin-adams 18 ago 1 reply      
If find this just interesting that just last week my steam account was successfully logged in from Russia (I'm in the UK). Looks like I forgot about Steam to make my passwords stronger.
jbverschoor 19 ago 0 replies      
How can I tell if someone has accessed my account / files?
sureshn 19 ago 0 replies      
Recently I had received an email from Dropbox asking me to change my password and now I read about the hack , I wonder if there is any correlation here.
gjolund 6 ago 0 replies      
Use unique passwords ffs.
vladimir-y 16 ago 0 replies      
btw Argon2 https://github.com/P-H-C/phc-winner-argon2 is better than bcrypt for passwords hashing
chinathrow 19 ago 1 reply      
Great read.

He goes on to say that 1Password has a subscription now and that you should signup for it.

No. I will never, ever put all my passwords into a cloud based password store. I simply do not trust them to not fuck it up at one point in time.

Am I alone with this view?

dbg31415 20 ago 3 replies      
Why isn't Dropbox reporting this? I'd have more respect for them if they were more honest about this.
omginternets 20 ago 2 replies      
HIBP says I was pwnd. So ... like ... what do I do now?

SHA-1 hashes should still be okay, right?

aorth 20 ago 2 replies      
@dang Can we please change the URL to not have the query parameters?
gowthamgts12 20 ago 2 replies      
Why these troyhunt guys place a clickbait to hibp in every article? Don't be sick
5 hours ago 5 ago 1 reply      
Joof 12 ago 0 replies      
What's the big deal? It's not like it allows attackers to directly modify files on anyone's computer if they have Dropbox installed.
Google Takes on Uber with New Ride-Share Service wsj.com
586 points by coloneltcb  1 ago   451 comments top 48
segmondy 1 ago 2 replies      
This is not about taking on Uber. Google is testing AI for self driving cars. Once we have self driving cars, the idea is that you deploy these cars and the cars figure out who to pick up and who to drop off and possible doing group pick ups along the way. Waze is going to predict who to pick up based on their collected data thus far using ML, their data scientists are going to supervise it and correct it. Once we have self driving cars, Google will have the tech that can manage assigning cars and picking people up. This is what it is all about.
michaeldunworth 1 ago 0 replies      
Google is emphasizing for low prices and people not to make careers from this for one reason, automation. This is a pilot for them, and will be replaced by autonomous cars in a few years. They don't want to be on the hook for hundreds of thousands of jobs and fight that moral fight. Uber is about to have a huge amount of people displaced from the jobs they created, and Google doesn't want to share that reputational hazard imo. Good call for Google.
luka-birsa 21 ago 3 replies      
Love it how Uber is getting Ubered by providing a service they were supposedly providing but it was only a marketing scam to get around Taxi regulation.

This is proper "sharing economy" where the other party isn't doing this to make a living out of it. I wonder who will Airbnb the Airbnb and is that at all possible.

The end will be the same anyways - both companies are competing for a spot on the customers mobile phone so that they could provide a service when autonomous cars are up and running.

mintplant 1 ago 3 replies      
I've noticed Google Maps will sometimes give me Uber ads when I'm looking up directions ("this route only $N on Uber" or such). Idle speculation but I wonder if this was a mistake for Uber -- perhaps Google has seen a high rate of click-through on these and will now try to get in on that action themselves.
hyperbovine 1 ago 2 replies      
> Unlike Uber and its crosstown rival Lyft Inc., both of which largely operate as on-demand taxi businesses, Waze wants to connect riders with drivers who are already headed in the same direction.

Funny because that is Lyft's (n Zimride) original model. The more things change, the more they stay the same.

camiller 1 ago 1 reply      
Basically this is different from uber/lyft because it is trying to match you with someone already going to the same area, say on their normal commute. You are not just calling up a driver to get you from place to place.

I can't help but to think of Ford Prefect's Electronic Thumb from H2G2.

LordHumungous 1 ago 2 replies      
I was actually just thinking about this the other day- why doesn't a large tech company with lots of cash create a ride service which basically lets the driver keep everything? Uber can't possibly compete. Google can destroy them before they can become a threat in other tech spaces.
losteverything 1 ago 1 reply      
Great news. As a PT worker at one of the articles mentioned companies, I know there is considerable demand for rides to and from the retailer. This could be huge if employees shift from dial-taxis or uber to "co-workers" via waze.

Other night a pizza server at a shop next door said she was very slow. It's summer and nobody buys pizza. She added it costs her $10 one way cab ride and makes nothing for the day.

This is the type of news I would post on employee board when it comes to my area.

fma 1 ago 0 replies      
It's a good idea, and in Georgia there's a program to pay you to car pool (http://gacommuteoptions.com/Save-Your-Commute/Earn-Cash.-Win...).

I see this as something similar. But I was never able to find someone to car pool with.

mmanfrin 1 ago 32 replies      
Honestly I wish they wouldn't try to compete on price. Maybe I'm alone with this, but I'd rather not feel obligated to tip a driver because the ride is so cheap. Pay them a living wage, let me pay the exact fee, and let me not have to carry goddamn cash like I used to in the era of Taxis.

e: Addressing common replies:

"This is for people commuting already" -- okay, point taken; my point about Uber/Lyft still stands.

"Tipping isn't obligatory" -- yes, it kind of is. Uber used to bar drivers form asking, but they recently lost a lawsuit over that rule and so now Uber drivers will occasionally ask for tips (which will cause it to slowly become the norm). When tipping becomes the norm, the low-base-wage of the driver becomes less of an 'issue', and then tipping becomes even more of a necessity as that is where the drivers will make their actual margins.

dannylandau 1 ago 1 reply      
With so many competitors in the marketplace, such as Lyft, Gett, Via, Juno, and now Google, seems like Uber's leadership position is at risk. There appears to be very little differentiation between all of them, and while Google is starting out with carpooling, it is just a matter of time before they expand. Not sure how any investor could ever justify Uber's $60B valuation. In 10 years, will likely be 1/10 of that.
mahyarm 1 ago 0 replies      
There are a whole bunch of .54/mile commute carpool apps out there. Uber & Lyft have them / have had them too. Usually they don't pan out because it's not enough money for the hassle.
devy 1 ago 1 reply      
Waze carpooling has been around since May [1]

[1] http://www.wsj.com/articles/alphabet-unveils-program-for-car...

yalogin 1 ago 0 replies      
Google had to get in at some point. They should have entered a year ago may be but I think this is a good enough time. Google can afford to not take a cut for their service and hurt Uber quite a bit. If they are not taking a cut they can also reduce the price for the rider.

However, how can it be viable to the driver. I understand if someone is already going in that direction they can make a little money but if I want to live on it (like Uber is pitching) will the price be enough?

saisun1988 18 ago 1 reply      
Doesn't Google give "directions" to Uber? Literally & metaphorically?

If Google starts charging a premium for consumers like Uber who use its services with a major commercial reason, Uber wouldn't be able to sustain.

genedelisa 15 ago 5 replies      
What if actual there were a licensed Taxi service that offered the online/app capabilities of Uber? Do you think that would compete?
627467 23 ago 0 replies      
This won't be the first true ride-sharing program, but it's high enough profile to show people how ubers and lyft of the world have highjacked and distorted the meaning of that word.

Uber is not part of the "sharing" economy. This is.

yefim 1 ago 8 replies      
How are they vetting drivers? I wouldn't trust a driver if all they had to do to qualify is download the Waze app.
dano 1 ago 1 reply      
This ought to be a boon for vanpool's where demand in terms of source and destination can be matched to drivers and 6+ passenger vehicles. Researching the necessary correlations would be fascinating work.
Zigurd 1 ago 0 replies      
Google is not "taking on Uber." An important point is that Google is not making money off the payments for the ride, which presumably all go to the driver.

For the driver that means defraying the cost of a commute in return for going a few minutes out of his way. True ride-sharing, not a gypsy-cabs-plus-reputation network. It's more akin to a transport-specific Splitwise than to Uber.

What Google gets out of this is a real-world model of on demand automated transport patterns, pricing, demand, etc.

sequoia_semper 1 ago 0 replies      
This is an actual ride sharing experiment instead of a taxi for hire business, quite nice to see this.
josh_carterPDX 1 ago 0 replies      
Wait, doesn't Lyft use Waze? So it's Lyft in a different interface?
swolchok 1 ago 3 replies      
Why would you pay to carpool to/from work instead of arranging carpool with a coworker, paying for your share of gas directly, and cutting out 1) the (future) middleman 2) the tax man?
hosh 1 ago 0 replies      
Back in the day, when Google opened up a 411 service, Microsoft did the same. It looked like a way to expand the search engine. After several years of operation, they shut it down. Why? They were collecting voice samples to feed into their voice recognition system, and they had collected enough.

I can't help but wonder if this ride sharing is a similar move. It sounds like a stepping stone for the kind of services that might be practical with self-driving cars. There might be some angle on collecting data that isn't obvious.

aristus 1 ago 1 reply      
Google likes to use software to eat the world. But sometimes their software-only approach just ends up slobbering all over it. The point of Uber isn't the "sharing" of a ride, but the availability and predictability of getting one.
JOnAgain 16 ago 0 replies      
I predict this will fail as it is described today. Because it pays little and is meant to find people on the way already, 1) people won't be dedicated to driving people, 2) which will make it unreliable to get a ride, 3) which will cause people not to use it or at least not rely on it. Also, with little money, 1) whole segments of the (population (especially in the bay area) won't be incentivized by the money, 2) people will be less likely to go out of their way to pick anyone up, and 3) one or two annoying ride sharers will cause drivers to decide picking people up isn't worth the occasional annoyance.
ChuckMcM 1 ago 2 replies      
Ok, not unexpected given that Drummond stepped back from being a board member, of course they got that seat by buying nearly 7% of the company[1]. Which if they had sold it to the other investors who came in on $62.5B round[2] they could have taken about $900M out which they could use to start their own ride sharing service. Sort of like drinking the Unicorn's blood to create a spell that will kill the Unicorn. The irony here, especially after Google did the same thing at Apple, big investment, board seat, oh wait you have a business that seems to be a winner (iPhone) lets step back and do that!

I wonder if this will make it harder for GV to participate in any sort of funding rounds.

[1] "Google Ventures invested $258M at $3.7B post-money valuation in 2013" -- https://www.quora.com/What-percentage-of-Uber-does-Google-ow...

[2] http://www.bloomberg.com/news/articles/2015-12-03/uber-raise...

alkonaut 1 ago 6 replies      
Can we stop calling every new taxi service "ride sharing"? Are people "sharing" anything in any meaningful way? The drivers car isn't shared, he sells a ride, that's a Taxi. A medallion or other arbitrary system doesn't define what a taxi is.

Can I tell uber I want to share a ride to the airport with any stranger? (my taxi co will do that)?

iamcasen 1 ago 3 replies      
Uber and Lyft have had to tackle so many legal issues already. Drastically improving and modifying how they deal with drivers on a daily basis from both an operational and legal standpoint.

If what the article says is true about google vetting problem drivers with mere user reviews, they don't know what they are getting into.

I think the idea is great of course, and I imagine it would cut down on freeway traffic during commute hours. It just seems that the legal web of trust, insurance, safety, etc will be a lot to handle.

ianamartin 1 ago 2 replies      
Am I the only one who laughs when I see, "Google, a unit of Alphabet Inc., . . . ."?

Umm, who reading this article doesn't know who Google is? That construction is almost always there to let you know who some no-name subsidiary or division of a much more well-known company is.

In this case it functions in the reverse if at all--reminding people that Alphabet is a thing, in case you didn't know.

Anyway, I just think that's funny.

bluejekyll 1 ago 2 replies      
> Google, a unit of Alphabet Inc., began a pilot program around...

So, basic question, What is the difference between Alphabet and Google again? It seems like everything is still being branded as Google. I know it's slightly off topic, but I am honestly confused as to when something is not Google.

JohnMF 1 ago 1 reply      
Lyft recently shut down their commute share program due to lack of interest... and now Alphabet is restarting it.
sredniv 1 ago 0 replies      
"Google takes on Earth by building a new mechanical planet"
symbolepro 1 ago 0 replies      
The best part of the interview is the way Sam has asked questions.
1 day ago 1 ago 2 replies      
jdauriemma 1 ago 0 replies      
known 21 ago 0 replies      
Wondering why Napster was ruled illegal :)
TheOneTrueKyle 1 ago 7 replies      
When I was younger and financially unstable, I had a decision to make. Take a crappy restaurant job or live out of my car. I chose to live out of my car. Every time I hear the argument that people in the restaurant industry are getting unfair pay, I ask myself, "I wonder who made that decision to work there in the first place"

Stop this bullshit tipping. These people made a choice and then chose to complain about it.

Also, this only seems to occur with FOH employees in the restaurant industry. You don't really hear BOH employees (you know, the people who actually do the work of cooking your food) complain.

salomelunarojas 1 ago 0 replies      
We should stop calling this ride sharing. It's still taxi. Modern taxi.
youarewhite 1 ago 3 replies      
dirtyaura 1 ago 1 reply      
Larry finally got his way :D
readhn 1 ago 1 reply      
RIP Uber.8/29/2016.
vegabook 1 ago 5 replies      
read: "Google ride-share is to Uber as Windows Phone is to Android". Late to the party, tragically deficient in first-mover network effect advantage, and on the decline in credibility since they're shutting down all moonshots, including, as we saw as recently as today, halving the staff at Google Fibre.

Talk about panic catch-up with no intrinsic advantage, nor vision. "Mountain View, start your photo-copiers". We know where that ends...

Larry and Sergei have shown in the past 3 years that they have no staying power on anything that isn't an obvious profit lay-up in short order. This thing will burn through cash at a rate that will make any of their other ill-fated ventures look like a bargain. I mean, UBER has already coughed 1.2 yards this year!

Smells like Google+ all over again. Isn't this the sort of sham that the Alphabet carve-out was supposed to avoid?

MrZongle2 1 ago 0 replies      
I can't help but think that if Google is successful, the entire endeavor will end up like Reader: Google wipes out the competition, decides that they no longer want to run the service, end it, and there is no-one left to fill the void.
ilostmykeys 1 ago 0 replies      
This is a hitchhiking service, not a "I want to get from my hotel to the airport" service. What are the chances that someome happens to be passing by my hotel on their way to the airport and happens to have room for an extra passenger. LOL. Retarded (to view it as competing with Uber/Lyft) Just part of the media that is itching to start a new drama.
codecamper 1 ago 0 replies      
This is it? Ha. Uber must be letting out a collective sigh of relief.
Myrmornis 1 ago 1 reply      
Has Waze quit using the childish cartoon stuff by default under Google?
durga 1 ago 0 replies      
Google is simply bored while making so much money so comfortably, with an absolutely dominant market position in search. So every few months they need to do these copycat things simply to entertain themselves ;-).
How I Built a Custom Camper Van (2015) syntheti.cc
732 points by pvsukale3  2 ago   331 comments top 85
grecy 2 ago 10 replies      
I did something similar.

I wanted a vehicle I could explore the world with, so I turned my Jeep into a house on wheels with fridge, drinking water and filtration, solar and dual batteries, interior cabinets and a custom modified pop-up roof so I can stand up and walk around in the Jeep.

I joked about applying for a home owners grant :)

The full pictures and story are in this album - http://imgur.com/a/OLK3o

I'm driving it around Africa now.

EDIT: I'm a Software Engineer too, and I decided there is more to life than sitting at a desk - a few years back I drove Alaska->Argentina, now it's around Africa for 2 years.

EDIT2: I've hit my posting limit.

Yes, I'm still alive!

Follow along if you want to see if I stay that way!

Facebook: https://facebook.com/theroadchoseme

Instagram: https://www.instagram.com/theroadchoseme

Twitter: https://twitter.com/dangrec

YouTube: http://youtube.com/c/theroadchoseme

And my website: http://theroadchoseme.com

patcheudor 2 ago 3 replies      
A couple comments for your own safety and the safety of the vehicle:

1) Those batteries should be in battery boxes. You can find them at any marine supply store. Note that for boats where batteries are commonly stored like you have them there, it's the law. For RV's it's a good practice and may be required by some insurers and in some states.

2) H2S also known as hydrogen sulfide. It's explosive and it's possible for even the best sealed batteries to have a problem whereby H2S is released. If those batteries have vent ports, you need to ensure they are connected to a vent tube and run out of the vehicle. If they don't have vent tubes, don't assume they won't vent. I run sealed batteries in my boat and it came with a H2S detector connected bilge ventilator. If the H2S detector senses a build-up of the gas it sets off an audible alarm and kicks the ventilator on. I've seen the aftermath of battery compartment explosions. Trust me, it's not something you want to experience. The cheapest option here is to get batteries which allow for the connection of a vent tube.

UPDATE: here's a decent article on the issue with a picture of a vented battery box (I didn't know those were a thing - cool!):


UPDATE #2: just went out and looked at my boat. This is what's in the battery compartment attached to the bilge fan:


gnarcoregrizz 2 ago 1 reply      
This resonated with me: "Life is easy. Humans are fucking badass -- we absolutely dominate our environment and are so smart and powerful."

I really understood that in the desert in Utah, where I got the feeling that I wasn't supposed to be there, far away from any semblance of civilization, but there I was surviving just fine with the help of our machinations.

I bought my RV for what you did, and its a perfectly comfortable home... a home that goes 80mph! I've been to almost every state now, and lived on hilltops with "million dollar" views, been in the desert under the stars, worked from deep in the rainforest in the pacific northwest, all for less money than rent for my apartment was. We can live comfortably for about a week completely off the grid. I would have bought a smaller, more offroad capable van, but I live in it with my fiance, so that was untenable.

I don't know how long you've been doing it, but there are definitely stressors and downsides that accompany the lifestyle. My RV was broken into once and I had everything stolen, and since then I've been constantly on edge when being away from my vehicle, so I often wish it looked beat to shit to deter people from messing with it. Also, staying in parking lots sucks and is sad if you're doing it for any extended period of time. I definitely have a missing sense of community and permanence, but its been a great journey!

jdpigeon 2 ago 2 replies      
This would have appealed to me about two years ago, but not that much anymore, and I'm still close to a decade away from paying off my student debt.

I'm more interested in 'settling down' and 'getting to work' these days, realizing that my sense of personal success is mostly dependent on quality relationships, productivity, and a sense of community belonging. Now, I've done my fair share of living life on the road, and I always enjoyed the experience, but just like the comedown from a psychedelic drug high I was always grateful at the end to be back home squared away in my "real world."

My issue is not with the self-determinism or the low-impact tiny house living, just with the transience of it. Is he certain that he'll be able to be productive working out of the back of a van or in random cafes around the country? What about stimulating interactions with colleagues? Girlfriend??

jordanlev 2 ago 4 replies      
I absolutely loved reading this. I liked how he went into it cautiously, testing out whether he could get by with a small fridge, small bed, less possessions, etc. And I also appreciate the web page design itself -- one long vertically-scrolling piece, very easy to read through!

One thing I find ironic though is the attitude towards other people who make a different decision about the worth of a home and the mortgage. Does he not realize that his van was only possible because his parents owned a home, raised him there, and let him park the van in their carport for 40 days while building it out?

aresant 2 ago 5 replies      
His "Can I live without my precious possessions?" answer is the most engineering LOL thing I've read all day:

"Pile up my crap. Anytime I need something in the pile, take it out of the pile and save it for later. Monitor usage."

Thank you for posting this.

jws 2 ago 1 reply      
Great article, small technical issue:

First, cut all the 0 AWG wire. Why 0 AWG? Because I had a 1500 watt inverter, which meant I could be pulling 150 amps (1500 watts output / 120 volts output 12 volts input = 150 amps input).

That's nearly the right answer, but "watts / volts volts" is not going to end in "amps" as an answer. I'd suggest: 1500 watts / 12 volts = 125 amps.

I also whole heartedly agree with him with statements like "By far the most beautiful place I've driven through has been the drive from Butte, MT to Idaho Falls, ID.". I drive mostly across the country twice a year. I avoid interstate highways. The evening routine is to look at satellite imagery for interesting terrain, look at something like Panoramio to see where people take pictures and of what, then piece together some travel for the next day. Pull over and take a mini-hike if anything looks interesting.

scarecrowbob 2 ago 1 reply      
As cool as this, like a lot of folks here I don't see how a pickup and a gooseneck wouldn't be a better (probably cheaper) option, even if you had to renovate / shop around for the gooseneck.

I know a whole lot of folks who live this way, mostly itinerant musicians.

While this is a much nicer build-- I think it's quite beautiful-- it is a lot closer to a custom conversion van most folks I know have much different, less successful experiences with DIY RVs.

To the folks who cite "stealth" as a rationale here, there are a lot of reasons why you might get kicked off a patch of ground... one persons "hack" is another person's criminal trespass. There are a lot of great places that you can camp out without getting hassled and without relying on other folks footing the bill for your plumbing and pavement.

To the folks citing mobility, I still don't see how that kind of van is more mobile than a pickup.

So while I think that it's really cool-- I gotta say that I think it would have to be cheaper / easier / more reliable to buy a pickup and 5th wheel or similar.

cko 2 ago 3 replies      
I'm a full-time pharmacist working 50 hours a week, with several investment rental properties.

Since April of this year I've been sleeping in my 2002 Toyota 4Runner in the parking lot at work. Shower at the gym, infrequent laundry runs, hang out all day at the library with all the other strange people. Pros: feeling of simplicity and freedom; enough said. Cons: a mid-sized SUV is too small and not private enough. I want privacy when I first wake up and put on my contacts and get dressed. I want to wake up, sit up and meditate for 30 minutes without anyone seeing me.

I'm getting a Ford E-150 van for $1500 next week. Going to put in hardwood flooring, maybe insulation and plywood on the walls. Excited.

cassidyclawson 2 ago 0 replies      
Awesome build!

I am a product designer working in tech in San Francisco. I also live in a stealth camper van, mostly by the Whole Foods in Potrero. I ride a folding bike to work downtown. Life is very good and I wouldn't trade this setup for anything.

Here is my build out:http://wonderbywonder.tumblr.com/tagged/chrono/chrono

And here I am:http://i.imgur.com/s4ZpdaO.jpg

scotty79 2 ago 2 replies      
Or you could just move to Poland. $33,750 could buy you studio in any medium town in Poland, even in sub-million population cities.

You'd get: no mortgage, apartment with a toilet, clean running water, wifi and all the electricity that you'll ever need. 5-10 times more area for your stuff. Monthly cost of utilities, tax and fee towards building maintenance of about $150 in total, access to a lot of young, English speaking people you could hire for cheap to help you with your projects.

rubicon33 2 ago 1 reply      
I am having a hard time with this article. On the one hand, it resonates with me DEEPLY.

"Sure, it's clich, but it's clich for a reason -- this subconscious drive for freedom is hard-wired in our DNA. No modern comfort or toy can take the place of true autonomy."

On the other hand, I can't deny certain life comforts. Relationships come to mind when considering a life like this. Sure, living frugally on the road while coding your own project sounds exhilarating. But I wonder how I'd feel without my significant other?

I guess what I want more than a life in a van, is economic freedom with a home.

ryandrake 2 ago 4 replies      
I always read these stories with a sense of awe and wonder. "I took 2 years off of my totally boring office job to X" where X is something that is 1. expensive and/or 2. not generating income or not nearly as much income as Boring Office Job. How the hell does one live without their salary for 2 years without going into debt or depleting savings? Don't you people have student loans to pay off, medical bill payments, or other financial obligations that can't be delayed? I don't think I could last much more than 3 months, and I'm quite proud of my meager emergency savings. What the hell do you people do for a living that you can save such a vast amount of money (and presumably blow it during said 2 year activity)?

I'm not criticizing--just very curious. Most of the time when this kind of question is asked, the response is a vague and coy, "Well I got a little savings..." Awesome--how on earth?

codecamper 2 ago 0 replies      
"use the public facilities"

Yeah, right. That's the plan for the first little while & then you'll be just pooping in the woods.

You see, we're in europe in a motorhome. Every time we see a little camper we know two things are going to happen. They are going to start sliding doors at all hours of the day.

And they are going to go poop in the woods.

And there are hundreds of them.

So be sure to get yourself a proper porta potty. Nobody wants to see your toilet paper.

dominotw 2 ago 3 replies      
>, I have a pee bottle and a 5 gallon jug. Line the jug with two trash bags, and cover the poop with kitty litter. Then toss it in a dumpster.

1.is this legal to dump trash in somone else's dumpster without owners permission?

2. Is it ok in the US to dump poop in dumpsters? I know nursing homes incinerate poop but not sure if there is a law specifically against dumping human waste.

CPLX 2 ago 2 replies      
That was pretty awesome, I enjoyed reading all the way to the end.

I wonder how long it'll take him to regret the fact that his bed only fits one person in it.

andreasklinger 2 ago 1 reply      
Similar but less extreme version: "Just" a "mobile office"

http://davidmckinney.com/blog/2013/12/29/redesigning-the-off...By mr david awesome mckinney :)

Paul_S 2 ago 1 reply      
This is a heart-warming story but he is definitely conflating 2 separate issues.

If you want to have a gap year and drive around the country then do that and it's clearly what he wanted. If you want to cut down on expenses there are far better ways of doing it without buying a van. It makes as much sense as saying the only way to cross a river is to build a giant sling (fun - yes, but mundane options are available).

dexterdog 2 ago 1 reply      
I'm actually curious about the insurance situation. If you are living in your van I would expect the insurance to either be a lot more or worse, to decide not to cover you because you didn't get a special policy. Then there's the issue of what happens if you are in an accident because now your wheels and your bed are in the shop, a shop which is not going to be able to restore your situation properly.
marknutter 2 ago 3 replies      
So why didn't he just buy an RV? Not to take away from his accomplishment, but isn't this just the most engineery thing to do? Instead of leaning on another industry that has spent decades perfecting exactly what he is trying to build, he spent all the time he could have used actually exploring the world building what is certainly an inferior solution in every regard.
lesdeuxmagots 2 ago 1 reply      
I did exactly this! Bought a used NV2500, went to town. Took 7 months to build. Have closets, cabinets, cooktop, sink, wood floors, butcher block counters, fridge, electricity via solar, bed, etc. etc.

I knew nothing about insulation, wiring, woodwork, power tools, etc. and learned everything as I built it.

Was not cheap, because I didn't want to give up any luxuries, so breakeven is in a matter of years, not months. However, its been treating me well. I have spots that I prefer in South Bay and in San Francisco depending where I'm working out of.

kylixz 2 ago 1 reply      
I am about to embark on a similar journey. I started off buying a 1993 33' Diesel pusher motorhome with the intent to travel the US fulltime while working remotely. It was awesome fixing it up and making it livable, modern, beautiful, and adding solar. Working with my hands was extremely rewarding! That said I soon learned that 33' is a huge vehicle which I did not feel comfortable driving regularly over mountains and severely hindered locations I could camp at. Now that big rig is for sale... instead I've founded a really cool travel trailer with loads of solar ready to go! I plan to pull that behind my 4runner equiped for overland adventures and cannot wait to get started! Great article and I hope others can try this lifestyle. I hope to share some of my experiences with others as well.
mcone 2 ago 4 replies      
I love the idea of doing something like this, but I'm wondering about how to get dependable, high-speed internet access. Anybody have any ideas?
markbao 2 ago 1 reply      
For another absolutely stunning van build, check out this one: https://imgur.com/a/RijZM

If you see only one photo, it should be this one: https://i.imgur.com/kTtWZ3f.jpg

mherrmann 1 ago 0 replies      
Great writeup and awesome use of "lean" principles to verify his ideas. I don't know why he didn't apply it to his game programming though:

> My focus for the first 6 months was creating a programming language, which I call Kong

Why on earth would you do that - especially as a sole developer in a niche as hard as indie game development?

overcast 2 ago 0 replies      
My school loans are paid off in less than a year, and the thought of this has certainly crossed my mind. I've got the house, and I'm sick of all the shit in it.
Dowwie 2 ago 0 replies      
Come on, voidqk. We all know your dad built this camper van while you took the selfies. His work shop says it all.
ars 2 ago 3 replies      
He needs a diode between the two batteries in parallel. Otherwise slight differences in voltage between them causes them to cyclically charge and discharge each other, wearing them out and wasting energy.
tdobson 2 ago 1 reply      
I do something similar in the UK.

Stealth Digital Nomad Sysadmin/Sales Engineer in a converted Mercedes Sprinter LWB


If you're interested in this kind of thing, /r/vandwellers is the place to be!

Happy to answer any questions. :)

Noos 1 ago 0 replies      
This life really isn't sustainable as he gets older, and he's very vulnerable to risk, accident, or loss. Oh, it seems romantic as hell, but the first time the flu hits you, you suddenly realize you've chosen to stick yourself into a tiny box with no indoor plumbing, no quiet, and that has to move every few days or the police will start rapping on your windows.

Or when the van breaks down, and you have zero choice but to fix it right away, and you have to pray to god you budgeted enough to cover it. Plus the van itself wears out much faster than a vehicle most people use because it has to move so much. RV lifestyle in general is far more expensive than people realize, and provides zero equity. If he ever wishes to expand his game business, he's going to have a rough time.

It's romantic, but it's very much a young person's game and he'll probably discover the joys of home ownership when he's 35 and trying to sleep in his van in 90 degree weather.

luckydude 1 ago 0 replies      
I liked the 6 month writeup, I've seen a ton of these builds but always wondered how things went when reality set in. He did an honest job of stating the pros and cons (I've lived out of a van myself, 2 in fact, mostly in Sun's parking lot).

Hey van dude, if you read this and you get to the Bay Area I've got a guest house attached to a shop like your dads. Be fun to chat and we can fix up whatever needs fixing.

serge2k 2 ago 0 replies      
> Does anyone actually enjoy being in a cubicle, all day

No. But trading it for a van doesn't sound more pleasant.

kqr2 2 ago 0 replies      
One of my favorite conversions is this two-story camper built by Japanese students:


Hondor 2 ago 2 replies      
Having a campervan without a toilet might bite you in some places. New Zealand used to be a great place for this but a couple of years ago they made it illegal to sleep in such a vehicle just about everywhere except designated pay-per-night campgrounds and certain districts each with their own special rules. Even then you're usually not allowed to linger more than a few days at a time in one place.

I doubt America will go that way with so many independent states and so much wilderness though. I'm amazed he can sleep in Wal-mart's carpark.

kzisme 2 ago 0 replies      
I ended up reading the whole post - awesome story! Not something I could see myself doing, but damn does he look happy.
fixxer 2 ago 0 replies      
This is an awesome idea assuming one does not want kids or expect to have sex with anything too discerning.
SwellJoe 2 ago 1 reply      
I've spent 6 of the past 7 years living in an RV (motorhome first, now an old Avion travel trailer with a big old truck to tow it). I recommend it for anyone who is unencumbered enough of other people and responsibilities to do so (i.e., it may not be the right thing for a family with kids, though I know some families with kids who do it and seem happy).

The freedom to travel is magnificent. It precludes many kinds of opportunities, but if you can work remotely, why not do it at the beach or in the mountains or in the desert or wherever you like? It's not dramatically less expensive than living in fixed housing (though that depends on where you were living in the house and where you're parking your RV; when I first started I moved out of a tiny rental house in Mountain View, CA, which cost $2145/month, so I'm not spending anywhere near that now), or at least it hasn't been for me, but there are many benefits outside of cost.

jonah 2 ago 0 replies      
My officemate is a cyclist and photographer and built out a Sprinter van as a mobile production/adventure mobile. It's got a couch that converts to a bed, fold-out tables, water tank, sink, electric chest fridge, PV panel and battery, inverter, and roof platform. Super functional. All hand built and I can't imagine he spent more than a couple grand outfitting it.
prawn 2 ago 0 replies      
I remember reading of someone else doing something like this. They went to huge amounts of effort with a custom timber interior, fan, lighting, cooktop, water pump, etc. In the end, they said it probably would've been better to just have a blank-slate truck with portable cooking and water.
nickhalfasleep 2 ago 1 reply      
I think this is the cusp of a big change in America. As the physical industrial base evaporates, in return, many people may not buy into the classic "buy property" plan for their lives.

This is good for them. This may not be so great for all the people who bought property and expect it to always increase in value as there may not be as great a demand for it.

musesum 2 ago 0 replies      
Inspiring! Have been wondering when I can tweak a Tesla Van: https://electrek.co/2016/07/31/tesla-all-electric-cargo-van-...
WhitneyLand 2 ago 2 replies      
How do you date, have a relationship, significant otther? The bed doesn't look big enough for two...
wallace_f 2 ago 0 replies      
These are amazing, and incrdedibly underrated

In the US these are not as seen as romantic and adventurous as they are in Australia, New Zealand and Europe

One thing I'll say: a pop up conversion can be done while maintaining the possibility of incognito mode, and it is really lovely when you are in proper campgrounds to have the pop up!

So happy to see this post on HN, but also kind of sad because if this because a thing it will no longer be as unique, and they will start drawing more attention. Also, people in these campers are the coolest, nicest, most down to earth, happiest, most respectful, adventurous, amazing people (in my experience), and if this becomes 'cool,' then we'll start having the cool kids driving around in these.

20yrs_no_equity 2 ago 0 replies      
I've spent 11 of the past 20 years "homeless" by choice following various practices from living on a boat, to living in a truck camper, to traveling the world living in AirBnBs, to occasionally renting apartments but never really living there. But I'll come back to that.

I want to address several peoples concerns about this guys lifestyle and the presumed limitations:

0. First off Loved that he was using Soylent. That solves a big problem of needing dried food but not liking freeze dried food. If I were to go back to vehicle living I would use a combo of Soylent and Sous Vide. Sous Vide cookers like the Anova are very small, and you can do it just with boiled water, zip lock bags and a thermometer if you want. The results are really fantasic. 30 seconds searing steaks on the grill then 40 minutes in the bath and you have better steaks than you can get at any restaurant for less than $50-- and you can do that on top of am mountain if you wanted! So the food situation is much better than the days of crates of raman.

1. Sex. Sex is totally possible, and it's not creepy at all. When you get on the road and you're traveling you will run into people who are going the same route multiple times. In this way there's a virtual community. This varies regionally of course, travel by train in europe or in alaska for the summer and it becomes pretty tight nit. The women and men you meet there are not exactly going to turn their nose up at your van because that's how they are traveling to. There's a whole vagabond subculture in the USA that ranges from kids hoping trains to techies in vans like this guy to Oldsters in RVs. And there's nothing sexier than a guy who will break with convention and go do interesting things. FTR, my partner and I picked up a woman in the UK who then travelled with us and lived with us for a couple years in poly triad. IT only lasted three years but I don't think the definition of a successful relationship should only be ones that end in death!

2. Cost- you really can save a lot of money. IT's amazing that you can live around the world traveling full time for less than the cost of living in a major west coast city. If you're doing a startup, that's really nice- be in berlin, then go to london, etc. We ran a three person startup (the triad above) going form england to Romania to Chile. While we didn't live as cheaply as we should have or could have (it's a skill) we didn't live more expensively than we would have if we stayed in Seattle (and we never would have met the woman in the UK). When it costs less or doesn't cost more but you have a better experience, isn't that a much better value?

3. The major factor is movement. When you're still- say at a campground or an AirBnB, or anchored at a dock, you save your movement energy, and thus cost, and you spend time working and enjoying. When you're underway- sailing requires attention as does driving, taking trains and planes costs money, boats and cars take gas. The ideal situation is one where you can stay places for a period of time (we used to stay in a country 90 days- the visa limit) to maximize your productivity on the road. This is a lifestyle, not a vacation from life. You earn money when you go, but you earn less money on tavel days.

4. Settling in- another part of the cost of travel is the settling in time. I need to have a good work chair and in each country we would spend the first week or so getting our spot set up to be productive on our startup.

5. The best thing about traveling is meeting the locals- especially outside the USA. This is the reason for the 90 day visa too. You can build real relationships. 4 countries in a year is much better than 9 countries in 4 days! And it's cheaper per-day, because you can be working during the day, and thus it's sustainable.

6. There are many ways to do it. I like the boat the best- it was only 30 feet but it was center cockpit and huge. If I had the balls of a blue water sailor I never would have left and would be traveling around the world in it. But it takes a rare breed to cross an ocean in a 30 foot cruiser!

This van is very much like my experience in the Truck Camper. The truck camper cost me $5,500 all in- an old Toyota Pickup and a $3,500 SKAMPER. You have to crank it to raise the roof. I travelled all the way to Prudhoe Bay in that truck- spending a couple weeks north of the arctic circle.

You can never forget an experience like that!

7. Eventually I vowed to never stop. I decided this was a philosophy and whatever methodology it doesn't really matter. Am I still traveling full time? I'm on a lease, so many of you would say no, but I think I am. You could be too.

What's the difference in lifestyle between crashing in a French student's flat in Romania for 3 months and being on a lease in the USA for 6? In romania 90 days is the max visa and maximizing productive time was ideal. a 6 month lease in the USA isn't that different from the 6 months we lived in the UK (they have a longer visa for US residents).

I now think in terms of the GPWR - Gross Personal Weight Rating. That is the total weight of me and all my possessions. When I was on the boat it was around 13,000 pounds - most of it boat. For the truck it was about 7,000 pounds, most of it truck.

When we were backpacking it was all in the pack- about 60 pounds. Now I am staying in apartments but restrict myself to only what can fit in my car (so I can move across country at a moments notice if I want.) I don't live in the car so it's a tradeoff, I have to rent a sleeping space.

But I'm still mobile. I don't have a bed frame, for instance, I bought a bunch of Akro Mils plastic crates. Turn them upside down and they make a really damn solid bed frame (best one I've ever had, actually) The mattress fits in the back of my car with the seats folded down. I have a mid sized SUV and camping is easy- just put the mattress in the car. Better than a tent (stays warmer). But when I need to move, I can turn the crates right side up and all my possessions go into them.

So, where should I live next? Once my lease is up, I'm going. (and knowing that also puts the kibosh on silly buying.)

Start thinking of every possession as weight added to your GPWR. Do you want to live in backpack? Pare down. Do you want to live in a van? You don't have to be as careful but you should think about how many TVs you buy.

kowdermeister 2 ago 0 replies      
Nice story, I could relate with a beach bamboo tent, but there's a level up :)

Action Mobil Desert Challenger motor home



toomanybeersies 2 ago 1 reply      
Speaking of minimal living, I've just recently moved to a new city for work, and I've shacked myself up in a backpackers, and plan on staying at the backpackers probably until the end of the year.

It has a lot going for it. It's cheaper than rent (by a significant amount), and it's literally 3 minutes from work. I also get to meet lots of interesting people.

I have my backpack and a laundry bag of kit, and that's it. It's about as minimal as you can get, which has been an interesting experience for me as I usually have stacks and stacks of stuff.

It does have some disadvantages, such as being rather noisy, and the fact that you have to carry all your valuables around with you wherever you go, since things tend to go missing.

matt_wulfeck 1 ago 1 reply      
> If you work 40 hours, 9-5, then Monday and Tuesday are dedicated to paying for your house. Every week. If your housing was paid off, your weekend would be longer than your work week.

Isn't this only true if you don't have a fixed rate mortgage? If you bought a house in the 90s then I'm almost sure you're paying less than the average of rent your house might fetch. I've never amortized the cost over the lifetime of the house though.

factotum 2 ago 0 replies      
Kudos to this guy. I'm in my early 30s. My wife and I sold our house almost 2 years ago, bought an RV, and we've been traveling debt-free ever since. Feels good, man. But it's not without its drawbacks. Loneliness can be a constant battle when you're away from family, friends and coworkers. It took about a year to get comfortable with the travel routine. And then there's the maintenance. If I knew all of this ahead of time, I'd still do it.
gambiting 2 ago 1 reply      
I'm genuinely curious - why did he do all the repairs in his house before selling it? Was the market for housing that bad that he couldn't sell it as-is for the new owner to do repairs?
cylinder 2 ago 3 replies      
Did you consider buying a camper van? They are quite common as a lifestyle traveling around Australia, in the US people use giant RVs but these are not practical at all and not a conscientious selection.
hobo_mark 1 ago 0 replies      
I've wanted to do this for a long time, but I need a shower (and a toilet!). With a lot of care one could install them in the same place (and shower sitting, Japanese style, with the toilet shut close of course), and with even more care, one could try to filter and recover some of the water, but I have not found anyone trying to do this, is that just too much work?
mavdi 2 ago 0 replies      
I can really relate to him throwing most of his precious stuff out. My life turned upside down a few months ago. Now all I have is a backpack with a laptop and some essentials and Airbnb life as it comes. I've never been happier.

Owning things obeys something similar to Newton's 3rd law. They also end up owning you. They need constant care, attention and maintenance. I'm not saying this the right way to live, but do give it a try if you've been thinking about it.

kazinator 2 ago 0 replies      
In the 1970's TV series Trapper John, M.D. (https://en.wikipedia.org/wiki/Trapper_John,_M.D.) one of the characters, "Gonzo", is a doctor working alongside Trapper John, while living in a motoro home ("The Titanic") in the hospital's parking lot.

Man, think of all the money you can save if you have a good income, and live in a motor home virtually for free.

Gonzo legitimized the whole concept. :)

syntex 2 ago 0 replies      
I am really jealous, it's my not fulfilled dream. But right now is kind of difficult with wife and little kid to carry such life.. offtopicThe guy would like to write games. Then the first 6 months he spent to write his own programming language, then some time to write own scripting language "sink" ( why not LUA ). I would love to hear from the author what are the motives to write all these tools.
sofaofthedamned 2 ago 1 reply      
I would love to do this.

Last year after getting made redundant from Cisco I was looking for work but there was nothing for 4 months as a Devops guy near where I live but there was plenty in London. I was actually considering either getting a van to sleep in, or a narrowboat, and working in London with London rates, then coming home at the weekend.

I'd love to know a cheap way of converting something liveable, bearing in mind most offices have showers so I don't need that, just to provide for my family.

virtuexru 2 ago 1 reply      
What about getting laid?
ocdtrekkie 2 ago 0 replies      
I am "happy" in my mortgage-limited slave life, but I've always wanted to extend my vehicle a bit. My car is essentially like a little piece of my home I take with me from place to place. I feel as comfortable in my car as I feel at home.

I've been looking into a second battery and solar setup just for the main goal of running a computer in my crossover. But I'll admit, that job does take up a lot of time I might otherwise use for doing it.

thatwebdude 1 ago 0 replies      
Kudos to him for wanting to be "free". Whatever that means. Although my main take-away from it: if you're going to live in a van you should learn to fix a van. Having his dad do all the heavy lifting here really pusses this article out.
Yhippa 2 ago 0 replies      
This is my favorite thing I've read on HN so far this year. I loved his pictures (especially of the plains) and the descriptions. I probably enjoyed those pictures more than highly edited photos taken on a full-frame DSLR.

I hope it works out for him. The main thing I would miss would be having a companion and pets. Not sure I could do without those right now. He's in an excellent time and place for this.

jameslk 2 ago 2 replies      
I've been curious about living out of a camper or RV in the Bay Area just to arbitrage the higher salaries that are needed to offset the cost of housing. I've heard of some Google employees doing this for a couple years to save up enough to buy a house. The hard part is finding a place to park the camper. Anyone have any experience or knowledge about doing this in the Bay Area?
gameofdrones 2 ago 0 replies      
While the website is down, these are also neat:

Hank bought a bus: http://hankboughtabus.com/

Castle truck: http://www.doityourselfrv.com/house-truck-castle/

justin_vanw 1 ago 1 reply      
Awesome story, loved the pictures of building out the van.

One concern I have is that if you are idling the engine and have the fantastic fan on, wouldn't you be sucking exhaust fumes into the vehicle? Or is the hole at the back meant for exhaust with the fan pushing air in?

binarray2000 2 ago 0 replies      
Great writeup! Very enjoyable read but, at least for me, the last part "Thoughts on the Van Life" was the best. All the best!
KeatonDunsford 1 ago 0 replies      
This is amazing. Instead of getting an apartment with my cofounder and office space for our engineers, I'm just going to have us get a fleet of these things. Would be so dope. Be anywhere -- SF, South Bay, Berkeley, LA, New York. Live the dream now.
balabaster 1 ago 0 replies      
This is an awesome write up. Very inspiring. But my favourite bit is the closing to the blog how as smart as we are we spend our time fighting futile battles with nature for naught.
donmb 1 ago 1 reply      
Super cool. I have a VW T3 and would love to have your talent. Travelled 8 weeks through Scandinavia with it. Now I got inspired to build more stuff in it.Q: Is it allowed in the US to park and sleep where you want? Heard different stories.
nxzero 2 ago 0 replies      
>> "I thought the idea was genius. Not for me, I said, but genius."

Always find it interesting when people say this to me. I mean you can see the awe in their eyes, the longing to "just do it" - and then, reality settles back in and the resign to living the same life over and over until the end of time.

Jemaclus 2 ago 1 reply      
I love this idea in theory, but my wife would never go for it. Ah well... Maybe get an RV for longer camping trips...
KennyCason 1 ago 0 replies      
I have always been so tempted to do this, the one thing stopping me has always been that I lovvveee my living space. I think I just need an RV to "detach" once in a while! Awesome post, and incredible detail!
ErikAugust 2 ago 1 reply      
I did something similar a couple years back - but much simpler. I just bought a cap for my truck and stuck my sleeper futon mattress in it:


anoplus 2 ago 0 replies      
Beautiful and inspiring read about exploring one's individual freedom. May society find it's freedom by collaboration and sense of community.

We as a society have the resources and technology to achieve much more freedom. Freedom enables the creation of even more freedom.

misterbishop 2 ago 0 replies      
I like this guy's spirit an ingenuity, but his attitude is not much different from the Infowars bunker people. There's no room in his van for society. You can tell because he only built a bed for 1.

I'd rather live on a hippie commune than this.

oxryly1 2 ago 1 reply      
I love stories like this. Well documented, well thought out, and with a 6 month update... excellent.

Now I'd love to read one about someone who's done this with a family...

johngalt 2 ago 1 reply      
I guess what I don't understand is why not use one of the ready made builds already out there? Something like a class B RV, or truck camper?
jordache 2 ago 1 reply      
meh.. his dad is skilled for sure, but the insides looks like the stale interior of a house. Not a fan of the build
clarry 1 ago 0 replies      
Nice to see someone live my dream. Wish I could afford it.
mudil 2 ago 2 replies      
I send my son emails with links to different interesting projects. He is ten. Too bad I can't send this one out. Why do people use foul language everywhere and in between? It's like a disease.
andyidsinga 2 ago 0 replies      
wow - dad is really good with the angle grinder. I would have used a jigsaw. Cheers to those skills!
dschiptsov 1 ago 0 replies      
I prefer a motorcycle and sleeping homestays in Himalayas.

Just finished my first 10,000 km ride from Sikkim to Kathmandu to Uttarakhand, Himachal, Kashmir, Zanskar, Ladakh, etc.

It is cheaper, but sometimes a bit tough, when you have to cross a cold stream a half of meter deep..)

puppetmaster3 2 ago 1 reply      
why not get a rv - pre made thing?
estrabd 2 ago 0 replies      
1. sell house

2. buy van

3. get someone to customize your van

4. ???

5. profit

bronz 1 ago 0 replies      
wow, what a treat. love the writing and layout of this blog post.

van life is basically not viable right now. people dont like taking their shits in mcdonalds. vans get super cold and moisture can be a huge problem. showers have to be in gyms unless you want to carry tons of water with you. most areas are very hostile to van dwellers from what i can tell. but there are interesting solutions to these problems.

- van dwellers are not received well in most places. you have to park on the side of the street somewhere a lot of the time. so the obvious solution is to create some kind of business that does lot rentals. you can pay a very low fee and have a nice place to park for the night. this could be really great -- images of all kinds of different people meeting and connecting come to mind. but there is the problem that these businesses would be overrun by poor people for lack of a better word. they would become ghettos and attract a lot of crime. so perhaps a better solution is to create an app where anyone can rent out their driveway and vet each van dweller on their own based on their social media, past reviews and other information provided on the app. also vans are physically dispersed and criminals dont have a one stop shop for vulnerable vans.

- taking shits in gas stations, taking showers in gyms and moisture and cold can all be solved by the same thing: making vans from the ground up that are meant for living. i think in the end, if you want a van that is nice to live in then you need to put down real money just like any other dwelling. the van meant for living would look like this: has EV drive train and a huge battery. in the near future this will be complemented by a sophisticated generator (with huge fuel reserve) that can operate at low wattage when demand is low or operate at high wattage when demand is high such as when driving with a low battery. in the far future batteries alone will be enough. solar should be included but only to prevent the battery from losing charge completely when sitting around for a long time. showering is done with recycled water. water is stored in the floor pan and passed through a filter between showers. ozone is easily generated and mixed with the shower water regularly to kill bacteria. the filter used could be very sophisticated if hundreds of showers without refilling were desired. the toilet would need to be a revolution in toilets. there has been a lot of work by the likes of the gates foundation to create toilets that are less resource intensive and clean for use in the third world. the best products of these efforts are desiccation toilets that essentially desiccate the feces though various means. one version drys the feces and burns it to dry more and also drive water purification. the toilet in the van would do something similar. the toilet would disinfect thoroughly with chlorine or ozone and then desiccate. the water left over would be put back into the top chamber of the toilet so to speak and used for the next flush. the desiccated feces could then be stored in much less volume than non desiccated feces and with less hassle. disposing of it would be pretty easy. other issues such as temperature and moister could be taken care of with heavy duty insulation, de-humidification and other things that are built into the van by design rather than added in as an after-thought if added at all. anyway, overall what you have is an extremely sophisticated, several hundred thousand dollar vehicle. thats what it would take to make van life a viable option for more than a year or two imo.

shitgoose 2 ago 0 replies      
thank you.
Qantourisc 2 ago 1 reply      
The fact that one (in a lot of countries) has to do this in a van, because of regulations, is kind of tyranny: Either you get in-prisoned in debt/rent, or you get to live in a van or on the streets.
Victory for Net Neutrality in Europe juliareda.eu
532 points by jrepin  1 ago   168 comments top 15
soci 1 ago 5 replies      
As always, devil is in the details.

If you look at the fine print in the published "Guidelines for implementing Net Neutratily" [1] linked in the article you will see that there are 3 exceptions to the rule (a,b,c). Being "c" the one that should fear us most:


 a) "comply with Union legislative acts (...)
-> meaning that a court order can change Net Neutrality, hmmm ok.

 b) preserve the integrity and security of the network, of services provided via that network, and of the terminal equipment of end-users;
-> meaning that in order to guarantee the security of the network Net Neutrality may be avoided. I'm so-so on this one.

 c) prevent impending network congestion and mitigate the effects of exceptional or temporary network congestion, provided that equivalent categories of traffic are treated equally.
-> Meaning that ISPs can throttle specific categories of traffic at their own will.

This last one ruins the whole law. And this is not what me as European wanted. ISPs won :(


[EDIT] typos

tajen 1 ago 7 replies      
Next fight : That ISPs advertise the minimum guaranteed bandwidth and are banned from advertising the maximum theoretical number.

Then only we could measure that they do offer the same bandwidth with Netflix and Vimeo as they advertise. Net neutrality at its best.

Edit: Of course the number will be very low because they have to (God forbid!) provision their network to serve this bandwidth to all customers during peak hours. But what we're looking for is not a huge number - we're looking for a number that allows meaningful comparison with competitors.

smb06 1 ago 0 replies      
Facebook tried to introduce "Free Basics" in Angola after its failed attempts at doing so in India. Good to see similar efforts being made in Angola to educate about Net Neutrality as well. Maybe they can use some takeaway from the above ruling.

Source: http://motherboard.vice.com/read/wikipedia-zero-facebook-fre...

kleiba 1 ago 0 replies      
"It has to be noted with regret that it was not our digital Commissioner Gnther Oettinger who listened to the people and defended an internet not biased towards big corporate interests [...]"

That would hardly have been expected: in the first six months of being a Commissioner, Oettinger met with two NGO representatives but with 44 corporate lobbyists [1].

[1] http://www.spiegel.de/wirtschaft/soziales/guenther-oettinger...

headmelted 1 ago 7 replies      
It encourages me to see that the European court at least has some people on it that seem to understand that net neutrality is in fact a human rights issue.

And this is why Brexit is so heart-breaking. I'm surrounded by people in my personal life who think it's a fantastic idea, but they're not the most... informed? Likewise for local politicians.

(Side note to my rant: I have this theory that the rise of the iPhone, and the fact that it is such a big part of people's lives now, has fooled regular folks into believing that they're experts on technology. I have no more than anecdotal evidence for this).

I strongly suspect that local legislators will see no conflict whatsoever with scrapping these laws when the exit finally comes, and it saddens me that I'm surrounded by a lot of people that will be cheering when it happens.

This is from a real conversation I had this week:

"What it boils down to is do you want to have us control our own laws and decisions and borders, or have to take orders from some bureaucrat in Brussels that doesn't understand us?"

Yes, I would rather have decisions made by people in Brussels that understand what they're doing.

nothis 1 ago 5 replies      
Disappointingly little concrete information of what's in now, anyone knows how to read these things and skimmed the original text? I heard that EU "net neutrality" is disappointlngly vague. I see providers offering free data for things like Spotify, which, in my understanding, is exactly what net neutrality should prevent.
thr0waway1239 1 ago 6 replies      
I once heard an interview with the Economist digital editor Tom Standage where he claims (at 5:45 into the interview) that net neutrality is the wrong thing to focus on, and the important thing is just making sure there is more competition between the telcos. Can someone more familiar with this issue tell me if this argument is correct?


jkingsbery 1 ago 5 replies      
I don't understand how it's "progress" to move decisions from a small number of bureaucracies to a single, less accountable bureaucracy.
gourou 1 ago 1 reply      
These were the guidelines from November 2015


vegabook 1 ago 0 replies      
Bravo EU! Sure I see that there are plenty of commented caveats, but coming within 24 hours of a 14 billion dollar retroactive tax bill for one of the world's most opportunistic tax dodgers, I cannot help but have good faith towards this announcement. Here is the only bloc, globally, that actually seems to care about individuals versus corporations, with unequivocal and demonstrated evidence of said motivations. I've been fed a diet of "useless, corrupt, 'Brussels' bureaucrats" ever since I moved to Britain (which, as an aside, today disgracefully tried to woo AAPL with the anti-tax red carpet). But all I actually see, is a bunch of people, bureaucrats perhaps, but who are trying to look out for me . Today I say, Hurrah EU! Thank you Julia Reda.
IMRelentless1 1 ago 0 replies      
Any thoughts on Obama handing over the DNS directory to the UN?
daveloyall 1 ago 0 replies      
For your convenience, here's just the text "in the boxes" (the Recitals), from http://berec.europa.eu/eng/document_register/subject_matter/...

These are the first 9, the other 10 are here: https://gist.github.com/daveloyall/a1112bb70412d77bebc809090...

Recital 1=========

This Regulation aims to establish common rules to safeguard equal andnon-discriminatory treatment of traffic in the provision of internetaccess services and related end-users rights. It aims to protectend-users and simultaneously to guarantee the continued functioning ofthe internet ecosystem as an engine of innovation.

Recital 2=========

The measures provided for in this Regulation respect the principle oftechnological neutrality, that is to say they neither impose nordiscriminate in favour of the use of a particular type of technology.

Recital 3=========

The internet has developed over the past decades as an open platformfor innovation with low access barriers for end-users, providers ofcontent, applications and services and providers of internet accessservices. The existing regulatory framework aims to promote theability of end-users to access and distribute information or runapplications and services of their choice. However, a significantnumber of end-users are affected by traffic management practices whichblock or slow down specific applications or services. Those tendenciesrequire common rules at the Union level to ensure the openness of theinternet and to avoid fragmentation of the internal market resultingfrom measures adopted by individual Member States.

Recital 4=========

An internet access service provides access to the internet, and inprinciple to all the end-points thereof, irrespective of the networktechnology and terminal equipment used by end-users. However, forreasons outside the control of providers of internet access services,certain end points of the internet may not always beaccessible. Therefore, such providers should be deemed to havecomplied with their obligations related to the provision of aninternet access service within the meaning of this Regulation whenthat service provides connectivity to virtually all end points of theinternet. Providers of internet access services should therefore notrestrict connectivity to any accessible end-points of the internet.

Recital 5=========

When accessing the internet, end-users should be free to choosebetween various types of terminal equipment as defined in CommissionDirective 2008/63/EC (1). Providers of internet access services shouldnot impose restrictions on the use of terminal equipment connecting tothe network in addition to those imposed by manufacturers ordistributors of terminal equipment in accordance with Union law.

Recital 6=========

End-users should have the right to access and distribute informationand content, and to use and provide applications and services withoutdiscrimination, via their internet access service. The exercise ofthis right should be without prejudice to Union law, or national lawthat complies with Union law, regarding the lawfulness of content,applications or services. This Regulation does not seek to regulatethe lawfulness of the content, applications or services, nor does itseek to regulate the procedures, requirements and safeguards relatedthereto. Those matters therefore remain subject to Union law, ornational law that complies with Union law.

Recital 7=========

In order to exercise their rights to access and distribute informationand content and to use and provide applications and services of theirchoice, end-users should be free to agree with providers of internetaccess services on tariffs for specific data volumes and speeds of theinternet access service. Such agreements, as well as any commercialpractices of providers of internet access services, should not limitthe exercise of those rights and thus circumvent provisions of thisRegulation safeguarding open internet access. National regulatory andother competent authorities should be empowered to intervene againstagreements or commercial practices which, by reason of their scale,lead to situations where end-users choice is materially reduced inpractice. To this end, the assessment of agreements and commercialpractices should, inter alia, take into account the respective marketpositions of those providers of internet access services, and of theproviders of content, applications and services, that areinvolved. National regulatory and other competent authorities shouldbe required, as part of their monitoring and enforcement function, tointervene when agreements or commercial practices would result in theundermining of the essence of the end-users rights.

Recital 8=========

When providing internet access services, providers of those servicesshould treat all traffic equally, without discrimination, restrictionor interference, independently of its sender or receiver, content,application or service, or terminal equipment. According to generalprinciples of Union law and settled case-law, comparable situationsshould not be treated differently and different situations should notbe treated in the same way unless such treatment is objectivelyjustified.

Recital 9=========

The objective of reasonable traffic management is to contribute to anefficient use of network resources and to an optimisation of overalltransmission quality responding to the objectively different technicalquality of service requirements of specific categories of traffic, andthus of the content, applications and services transmitted. Reasonabletraffic management measures applied by providers of internet accessservices should be transparent, non-discriminatory and proportionate,and should not be based on commercial considerations. The requirementfor traffic management measures to be non-discriminatory does notpreclude providers of internet access services from implementing, inorder to optimise the overall transmission quality, traffic managementmeasures which differentiate between objectively different categoriesof traffic. Any such differentiation should, in order to optimiseoverall quality and user experience, be permitted only on the basis ofobjectively different technical quality of service requirements (forexample, in terms of latency, jitter, packet loss, and bandwidth) ofthe specific categories of traffic, and not on the basis of commercialconsiderations. Such differentiating measures should be proportionatein relation to the purpose of overall quality optimisation and shouldtreat equivalent traffic equally. Such measures should not bemaintained for longer than necessary.

IMRelentless1 1 ago 0 replies      
any thoughts on Obama handing over the DNS directory to the UN?
libman 1 ago 1 reply      
Smaller and faster data compression with Zstandard facebook.com
595 points by jamesgpearce  11 ago   109 comments top 34
morecoffee 22 ago 0 replies      
A recent compression discussion I saw involved how do compressors fare on uncompressible input? For example, suppose you wanted to add compression to all your outbound network traffic. What would happen if there was mixed compressible traffic along with the uncomressible kind? A common case would be sending HTML along with JPEG.

Good compressors can't squeeze any more out of a JPEG, but they can back off fast and go faster. Snappy was designed to do this, and even implementations of gzip do it too. It greatly reduces the fear of CPU overhead to always on compression. I wonder how Zstd handles such cases?

*Ignoring security altogether

tmd83 9 ago 3 replies      
I have been waiting for this to hit 1.0 and more importantly get popular so that I can use it everywhere. I am really a fan of Yann Collet's work. These are extremely impressive work specially when you consider that lz4 seems to be better than snappy (by google) and zstandard from LZFSE (from apple). I think he is the first one to write a practical fast arithmetic coder using ANS. And look at how his huffman implementation blazes past zlib huffman though compresses less than FSE [0]. I also like reading his blog posts. While a lot of them goes over my head I can generally make a sense of what he is trying and why something's working despite the complexity.

[0] https://github.com/Cyan4973/FiniteStateEntropy

levbrie 10 ago 2 replies      
There is just so much awesome stuff in this article. Finite State Entropy and Asymmetric Numeral System are completely new concepts to me (I've got 7 open tabs just from references FB supplied in the article), as is repcode modeling. I love that they've already built in granular control over the compression tradeoffs you can make, and I can't wait to look into Huff0. If anyone outside of Facebook has started playing with it or is planning to put it into production right away I'd love to hear about it.
cbr 9 ago 5 replies      
The plot of compression ratio against speed for the various compression levels is pretty helpful for understanding its performance: https://scontent.fsnc1-3.fna.fbcdn.net/t39.2365-6/14146892_9...

"The x-axis is a decreasing logarithmic scale in megabytes per second; the y-axis is the compression ratio achieved."

I'd love to see a version of this chart that also included Brotli. (And I'm somewhat surprised Brotli isn't mentioned at all.)

(Disclaimer: I work at Google, which made Brotli)

AceJohnny2 10 ago 0 replies      
Note: this is from the same guy who created the popular lz4 compressor, Yann Collet: http://cyan4973.github.io/lz4/


ctur 9 ago 1 reply      
Yann will be giving a talk on Zstandard at today's @Scale 2016 conference, and the video will be posted. He can answer the most technical questions about Zstandard, but I may be able to answer some as well; we both work on compression at Facebook.
ktta 10 ago 4 replies      
Some more benchmarks on this[0] page

Also, I actually discovered something very interesting (to me at least). At the bottom of the link mentioned below, the link attached says https://github.com/Cyan4973/zstd but then redirects to https://github.com/facebook/zstd . Anyone know why?

[0]: http://facebook.github.io/zstd/

EDIT: After a little bit of sleuthing, it looks like the author of zstd (github.com/Cyan4973) is now contributing[1] to github.com/facebook/zstd

And the page layout for lz4[2] looks the same as zstd[0]

Anyone know if Yann Collet works for/with facebook on things other than zstd?

EDIT 2: In the time it took me to google a couple things, looks like the children comments have already answered my questions.

Also, previous discussions on zstd (not that its completely relevant) -https://news.ycombinator.com/item?id=8941955https://www.reddit.com/r/programming/comments/2tibrh/zstd_a_...

[1]:https://github.com/facebook/zstd/pull/312[2]: http://cyan4973.github.io/lz4/

ohitsdom 9 ago 1 reply      
I'm a complete dunce when it comes to compression and how it fits in the industry, so help me out here. Say that everyone accepts that Zstandard is amazing and we should start using it. What would the adoption process look like? I understand individual programs could implement it since they would handle both compression and decompression, but what about the web?

Would HTTP servers first have to add support, then browser vendors would follow?

AceJohnny2 9 ago 7 replies      
The modern trend of compressors is to use more memory to achieve speed. This is good if you're using big-iron cloud computers...

"Zstandard has no inherent limit and can address terabytes of memory (although it rarely does). For example, the lower of the 22 levels use 1 MB or less. For compatibility with a broad range of receiving systems, where memory may be limited, it is recommended to limit memory usage to 8 MB. This is a tuning recommendation, though, not a compression format limitation."

8MB for the smallest preset? Back in the mid-2000s, I was attending a Jabber/XMPP discussion, about the viability of using libz for compressing the stream. It turned out that even just a 32kb window is huge when your connection server is handling thousands of connections at a time, and they were investigating the effect of using a modified libz with an even smaller window (it was hard-coded, back then).

I know Moore's law is in ZStandard's favor w.r.t. memory usage (what's 8MB when your server's got 64GB or more?), but I think it's useful to note that this is squarely aimed at web traffic backed by beefy servers.

markonen 10 ago 2 replies      
The goals sound similar to Apple's LZFSE (see https://github.com/lzfse/lzfse for more). Any comparison out there?
ryao 7 ago 1 reply      
This is an awesome blog post that is very well written, but the lack of incompressible performance analysis prevents It from providing a complete overview of zstd.

Incompressible performance measurements are important for interactive/realtime workloads and the numbers are extremely interesting because they can differ dramatically from the average case measurements. LZ4 for instance has been measured at doing 10GB/sec on incompressible data on a single core of a modern Intel Xeon processor. At the other end of the spectrum is the worst case scenario for incompressible data where performance slows to a crawl. I do not recall any examples in this area, but the point is that it is possible for algorithms to have great average case performance and terrible worst case performance. Quick sort is probably the most famous example of that concept.

I have no reason to suspect that zstd has bad incompressible performance, but the omission of incompressible performance numbers is unfortunate.

cromwellian 7 ago 1 reply      
I think for typical JS/CSS/HTML sizes, and decompression times, probably maximum compression ratio, followed by decompression speed is what I'd look for. I don't care too much about compression speed, in the sense that if I have to spend 1 minute compressing JS to crunch it by 10%, but I serve that file a million times, then as long as decompression doesn't negate the gain in network time saved, it's a win.

I guess the other factor for mobile is, besides memory and decompression speed, how do various compression schemes fare battery wise?

esaym 8 ago 0 replies      
>> "It is written in highly portable C, making it suitable for practically every platform used today"

I love C, it is not the enemy everyone makes it out to be.

It's already in debian: https://packages.debian.org/stretch/zstd and judging by the small requirements,it is portable indeed.

tambourine_man 8 ago 1 reply      
Isn't it a bit presumptuous to call your own thing "standard"?
xrstf 6 ago 0 replies      
Quick benchmark on a 194MiB SQL dump:

 gzip -9: 27.574s, 48MiB output zstd -9: 14.182s, 41MiB output
Thanks, I'll gladly use zstd as a drop-in replacement for my daily backups. :)

mrmrben 9 ago 1 reply      
Really nice work compared to what I consider to be the quite bad Brotli -- an incredibly slow compression standard that only ended up in browsers because it was created by Google.
erichocean 7 ago 0 replies      
For this to become anything like a standard, Facebook would have to remove its patent poison pill.
nemo1618 9 ago 2 replies      
How difficult is this new standard going to be to implement in another language? It seems highly sophisticated -- which is great, of course -- but the cost of that is relying on giants like Facebook to maintain their One True Implementation. For software this is (usually) fine; for a nee standard, it's a problem.
espadrine 8 ago 1 reply      
The following link points to a fairly good benchmark / tool that showcases the tradeoffs in real life: since (de)compression takes time, what is the fastest way to transmit data at a given transfer speed?


Spoilers: zstd wins at ethernet and wifi (and is among the best in 4G), lz4 wins at hard drive encryption both were designed by the same author.

yread 8 ago 0 replies      
If anyone wants to try it on windows there is a 7-zip install with support for ZSTD


kstrauser 8 ago 0 replies      
That's truly beautiful. Thanks, Facebook! I particularly love that you can pre-compute and reuse dictionaries, say if you're regularly compressing similar JSON objects.
z3t4 7 ago 0 replies      
Tables should be in HTML.
partycoder 2 ago 0 replies      
Unless they integrate it into software like web servers and web browsers it will be hard to see it really flourish as a "standard".

But at least within the perimeter of your own systems you can totally profit from this technology now.

lasryaric 8 ago 1 reply      
Whats their weissman score?
mozumder 9 ago 1 reply      
Is this being pushed as being standard as part of the HTTP spec, seeing that it comes from Facebook?
faragon 5 ago 0 replies      
cristiandan 6 ago 0 replies      
Grishnakh 10 ago 4 replies      
Looks very interesting, however I'm not impressed by the name. "Zstandard"??? With ".zstd" as the extension? I don't like it.

They should have named it letter-zip, along the lines of gzip, bzip, and xzip, with the extension letterz. "fz" would have been a good one since they work at Facebook.

bananaoomarang 6 ago 0 replies      
Best middle-out in the game.
ilostmykeys 8 ago 1 reply      
How does this compete with PiedPiper?
f137 9 ago 0 replies      
Probably nictpicking but "Smaller data compression" makes no sense really
kaushalp88 6 ago 1 reply      
Should we start with the pied piper jokes now or later?
DJ_Icebear 7 ago 0 replies      
They should've named it "Pied Piper".
DJ_Icebear 7 ago 0 replies      
Should've named it "Pied Piper"
The Myth of RAM (2014) ilikebigbits.com
582 points by ddlatham  2 ago   276 comments top 51
reikonomusha 2 ago 2 replies      
I think there's some good info in this article covered by various degrees of misinformation. For some reason, the article starts off with this totally wrong definition of big-O, and proceeds to make conclusions with this wrong definition. Let me provide the accurate definition:

The statement "f is O(g)" means there exists some input, call it t, such that for every x >= t, it only takes some constant multiplier M (i.e., constant in x) to always have g absolutely no smaller than f. In notation:

|f(x)| <= M * |g(x)|, where x is at least t.

This bit about "x is at least t" is very important and notifies us that this is "asymptotic behavior".

It does not make a difference how wacky or weird f is compared to g below t. It can contain all these crazy memory hierarchy artifacts, it could contain a short burst of exponential slowdown, it could contain anything.

Furthermore, according to the above definition, big-O has nothing to do with any tangible quantity whatsoever. It's a method for comparing functions. The functions may represent whatever is of tangible or intangible interest: memory, time, money, instructions, ...

Big-O analysis usually posits that the details below t aren't the details that matter. (Of course, there are situations where they do, but in such you would not use big-O.) If you want to have some analysis that is global, you don't need asymptotic analysis (though it might help as a start). You can just talk about functions that are strictly greater than or less than your function of interest everywhere. But these analyses are difficult because a much higher level of understanding of your function of interest is required.

Tojot 2 ago 1 reply      
It so happens that a large part of my PhD was on this very subject. The result I've got N log(N), this is more visible when you get to larger RAM (I had 0,5 TB RAM at the time).We have an empirical result, a justification and a rigorous predictive model.

The reason has to do with hashing, but a different type: TLB.

I posted more details as https://news.ycombinator.com/item?id=12385458

aaronbwebber 2 ago 10 replies      
The problem with this analysis is that in the graph in the very first part he shows that memory access IS O(1) for pretty substantial scaling factors, and then when you hit some limit(e.g. size of cache, size of RAM) access times increase very rapidly. Sure, if you draw a line across 6 orders of magnitude, it ends up looking like O(n^1/2), but how often do you scale something through 6 orders of magnitude?

The "memory access is O(1)" approximation is pretty good, certainly good enough for almost all every day use. The median size of a hash table I allocate definitely fits in L1 cache, so why shouldn't I think of it as O(1)? If you are reading off of disk, the O(1) approximation holds as long as your dataset stays between 1 MB and 1 GB. That's quite a bit of room to play around in.

Yes, you need to be aware of access times and the changes in them if you are really scaling something way up. But I'm not convinced that I shouldn't just keep thinking of "hash access is O(1)" as a convenient, generally accurate shortcut.

ChuckMcM 2 ago 6 replies      
Since it is a topic I'm interested in I took the time to read all 4 parts, the author manages to summarize it in a paragraph which would have been helpful at the beginning:

When somebody says Iterating through a linked list is a O(N) operation what they mean to say is The number of instructions needed to be executed grows linearly with the size of the list.. That is a correct statement. The argument Im trying to make is that it would be a mistake to also assume that the amount of time needed would grow linearly with the size of the list as well. This is an important distinction. If you only care about the number of instructions executed thats fine, you can use Big-O for that! If you care about the time taken, thats fine too, and you can use Big-O for that too!

Sadly, he doesn't take this knowledge to its conclusion. Let's introduce the notation Oi() for the Big-O notation in instructions, and Ot() for the Big-O notation for time.

Lemma: For all f(N), if Oi(f(N)) > Oi(g(N)), Ot(f(N) will be > Ot(g(N)).

Or put another way, it's important not to confuse complexity scaling with time scaling, but the more complex the computation, the longer it will take.

wscott 2 ago 0 replies      
Great series of articles and the lessons are very important to someone writing performance system's programs.

Here is another chart I like you show people:https://dl.dropboxusercontent.com/u/4893/mem_lat3.jpg

This is a circular linked list walk where the elements of the list are in order in memory. So in C the list walk looks like this: while (1) p = *p;

Then the time per access was measured as the total length of the array was increased and the stride across that array was increased. The linked-list walk prevents out of order processors from getting ahead. (BTW another huge reason why vectors are better than lists)

(This is from an old processor that didn't have a memory prefetcher with stride detection in the memory controller. A modern x86 will magically go fast.)

From that chart you can read, L1 size, L2 size, cache line size, cache associativly, page size, TLB size. (It also exposed an internal port scheduling bug on the L2. A 16-byte stride should have been faster than a 32-byte stride.)

jcoffland 2 ago 1 reply      
Math is pure and not constrained by the real world. Big O analysis begins with the assumption that you have unlimited uniform memory. The author points out that memory is not uniform in the real world. It's equally untrue that we have infinite memory at our disposal. The limits of the real world are good to remember but that does not invalidate Big O analysis.
corysama 2 ago 0 replies      
A lot of people are pointing out that BigO is a purely theoretical, mathematical model that should be understood and used properly without regard to silly details like physics.

That is theoretically correct. But, the difference between theory and practice is that in practice there exists a large percentage of programmers writing code for the real world without understanding and using BigO properly. Their mental model of performance begins and ends with BigO. As far as they are aware, its model is reality.

Source: I've been giving a large number of programmer job interviews lately. It's a rare day when I encounter an engineer (even a senior one) who is aware of any of the issues brought up in this series. And, I work in games!

MaulingMonkey 2 ago 1 reply      
The article is still wrong - iterating through a linked list is O(N log(N) sqrt(N)). You can't have infinite nodes in a 16-bit, 32-bit, or even a 64-bit address space - to deal truly with N, one must consider the more generic case of a variable address encoding, which has a variable size (log(N)) and associated lookup etc. costs as the number of nodes grows.

This is the motivation behind e.g. the "x32 ABI" in Linux: All the power of x86-64 instructions, with none of the additional cache pressure/overhead of 64-bit pointers - log(32) being cheaper than log(64).

...ahh, being this explicit in your Big-O notation is probably not that useful, usually, although I've seen it occasionally in papers (where they're quite explicit about also counting the number of bits involved). Maybe they're dealing with BigNum s, which would make it a practical concern? The key takeaway is this:

> That I use Big O to analyze time and not operations is important.

Time depends on compiler settings, allocation strategy, and a whole host of other factors that are outside the purview of your algorithm. Operations is a lot easier to contrast and compare between different algorithms, the meat of what you're trying to do most of the time. Both are valid choices, just know which one you're dealing with.

The time factors are good to be aware of, to be sure - the performance pitfalls of (potentially) highly fragmented, hard-to-prefetch linked lists over unfragmented flat arrays should be well known to anyone charged with optimizing code - but it's probably easier to think of them as some nebulous large time constant (as even array iteration is going to hit the same worse-than-O(N) behavior, although with proper prefetching the bottleneck may become memory bandwidth rather than memory latency) and deal with those differences with profiling and other measurements, instead of Big-O notation.

michaf 2 ago 0 replies      
Interesting read. Researchers in the HPC community have developed a number of performance models to predict real-world performance in more detail than possibe through simple Big-Oh of number of operations, e.g. while OP concentrates on latency, the Roofline model ( https://en.wikipedia.org/wiki/Roofline_model ) mainly considers limited memory bandwidth.
DanWaterworth 2 ago 1 reply      
> You'll know that iterating through a linked list is O(N), binary search is O(log(N)) and a hash table lookup is O(1). What if I told you that all of the above is wrong?

It's not wrong, it doesn't have enough contextual information to be right or wrong.

kenjackson 2 ago 0 replies      
There's been a fair bit written on the topic. One of the better papers that has a parameterized model is here: https://www.computer.org/web/csdl/index/-/csdl/proceedings/f...

I should note that this paper is more than 25 years old. :-)

StillBored 2 ago 1 reply      
I guess the author is trying to simplify, but its way more complex than that. Simply assuming a few layers of cache completely misses all the other layers that have effects starting with.

Cache lines, RAM Read vs write turnaround, dram pages, number of open dram pages, other CPU's interfering with the same RAM channel, remote NUMA nodes, and probably some I'm forgetting. All this is very similar to secondary storage access rules (even for SSDs)...

maker1138 1 ago 0 replies      
It's amazing how many people didn't actually read all 4 parts of the article.

His argument has nothing to do with caching or prefetching, etc.

First, it's about random access. You can't prefetch a random fetch!

Second, he's measuring time, a perfectly valid thing to do. And the reality is when you lay your memory cells out in 2 dimensions it takes order of sqrt(n) time to fetch a random memory cell value, where n is the number of memory cells you're using.

Third, it turns out order of sqrt(n) time is the best you can do even if you had the best technology in the universe.

scott_s 2 ago 1 reply      
> For the purpose of this series of articles I'll be using the O(f(N)) to mean that f(N) is an upper bound (worst case) of the time it takes to accomplish a task accessing N bytes of memory (or, equivalently, N number of equally sized elements).

That's not really valid; it's not how algorithmic analysis works. The author's conclusion for what is happening and why is correct, but I believe he is confused about how to get there.

Simply, when doing complexity analysis on an algorithm, one must always count an operation. It's not okay to point to the time taken for an implementation and say "That's our function." It is a function, but it's a function of time, not a count of how many operations are performed at given sizes of N.

However, he is correct that naive analysis of arrays and linked lists will result in this odd behavior: arrays will tend to outperform lists on real systems. The problem with the naive analysis is in what it counts. For example, on an insert, a naive analysis will count the number of elements accessed in the structure. That's naive because it assume all accesses are the same - which is what he's getting at with the "myth of RAM". Because of the memory hierarchy, they are not all equal.

But the correct response is not to give up counting operations and look at time, the correct response is to find the right thing to count. And the right thing to count is basically going to be last level cache misses - the operations that force one to go to memory. If you do that, then you will find that the operations you are counting will correlate much better to the actual time spent.

In some places, the author gets this mostly correct: "You can also use Big-O to analyze the time it takes to access a piece of memory as a function of the amount of memory you are regularly accessing." That's fine, as you're counting memory accesses.

In other places, it's not correct: "That I use Big O to analyze time and not operations is important." You can't count time, only operations. You want to count the operations that correlate with your actual running time, but the entire point of good analysis is to find those operations. You can't just shortcut it, only measure time, and then call it algorithmic analysis.

The author gets a lot right, but despite the lengthy discussion, I think he still has some confusions about algorithm complexity analysis.

For the record, these lessons should be familiar to anyone who has done serious performance analysis of computer systems, either on their own, or in the context of a course that focused on systems or architecture.

jlarocco 2 ago 1 reply      
The article is conflating theoretical algorithm analysis and low level implementation details.

Big O analysis is a theoretical measurement of algorithm performance. By definition it ignores details like memory access speed, the exact instructions used, and other details of specific hardware architectures.

Real life algorithm implementations obviously need to deal with those low level implementation details, but that doesn't change the theoretical analysis. It's easy enough to find (or design) machines without cache where this difference in memory speed doesn't exist.

falcolas 2 ago 2 replies      
I'm not sure the cost of accessing the storage medium belongs in the complexity of the algorithm, since that cost will change based on the storage medium, not the algorithm itself. It strikes me as more of a constant, (even though it isn't constant).

Still, interesting read, nontheless.

jimminy 2 ago 2 replies      
I find this really odd, it's not wrong, but it doesn't invalidate O(1). It's mashing two-things together that are unneccessary and can cause misunderstanding.

Big-O provides a decent tool for generic analysis and an understanding of access times of memory hierarchies. Since memory hierarchies can vary, they shouldn't be considered while doing generic analysis, much anyways.

Both are important to understand. The key thing is setting your Big-O access expectations to the slowest level of your heirarchy. In that way, your expectation remains generic and still proximally accurate across the average cases.

When you consider them together, think of the heirarchy as a series of piecewise functions that modify the value of the constant time based on the speed of the bounds that fit your data.

This square of N notation falls apart in other cases. 128GB's of RAM would have roughly the same access speed as the 8GB's he had available, if he had that much in his system. But having 128GB of RAM would completely destroy the squaring by flattening an entire magnitude from his hypothesis.

But it is a nice display of memory heirarchies, IMO.

hacknat 2 ago 2 replies      
Nah. Sorry cache-misses don't count as part of a theoretical analysis on complexity. Why? Because you're getting into specific access pattern performance. Complexity is about "all things being equal". Is it the only thing you should consider? At first it should be, then if you run into a problem with a specific structure that has remarkable scale or access then go ahead and consider what the underlying hardware might be doing with the specific access patterns your structure is encountering.

It's interesting to see linked-list as his example, because it is the most likely to have cache-misses as you move through it as the allocations are very fragmented. I'd be very curious to see the same chart on a warmed-up hash-table.

Also, if we're considering the hardware, can we take into account pre-fetching and branch prediction? What are your numbers then? Yeah RAM is farther out then the local caches, but the CPU is also not completely ignorant of what it has to do next.

geophile 2 ago 0 replies      
Why is this wrong-headed discussion top-rated on HN?

And why is there so much misunderstanding on HN of big-O notation wrt cache misses lately?

All you kids, get off my lawn.

jandrewrogers 2 ago 1 reply      
Closely related but unfamiliar to most software geeks, Bldy's work in the 1960s and later on the theoretical limits of operation throughput when using cache hierarchies is very relevant to high-performance software design. The theory generalizes nicely to any topology where you can control how access latencies are distributed, and carefully designed software can get relatively close to the throughput limits (though it is somewhat incompatible with the way most software engineers design systems these days e.g. multithreaded concurrency is a non-starter).
lorenzhs 2 ago 1 reply      
> At this point some of you may argue that the whole idea of Big-O analysis is to abstract architectural details such as memory latency. This is correct - but I argue that O(1) is the wrong abstraction.

No, your model is wrong. Others have already pointed out some issues with the author's understanding of Big-O notation. However, this is a fundamental misunderstanding. Big-O is a tool to analyse some function's asymptotic behaviour, i.e., how it behaves when the input parameter grows versus infinity. You have to put your model of cost into that function. If your measure is time, and memory access doesn't take constant time in your model, then you have to account for that in your cost function. You can just as well use Big-O notation to describe the asymptotic space complexity of an algorithm (how much memory does it need?). O(1) has no special meaning - it's just the set of all unary functions whose value stays below a constant, no matter how large their input parameter gets.

The author is literally blaming his tools for his own misunderstandings.

Symmetry 2 ago 0 replies      
Thanks to the prefetcher a low-entropy access to memory, like reading the next value in an array, will tend to happen in constant time. For a linked list, tree, or other data structure where the location of the next access can't be predicted easily by something like stride analysis then the author is correct.
tailrecursion 2 ago 0 replies      
The author argues that a random access to memory is not O(1) but instead O(root N) because of distance.

The easy reactive response is that with respect to algorithm design the size of RAM, N, is a constant.

On the other hand for very high scaling factors, as input size rises the size of RAM must also rise. In this way N can be thought of as a variable and that seems to be what the author is thinking. Different algorithms will behave differently as they are scaled to infinity and beyond.

I think the author's argument is interesting but maybe it's better to make new models for time complexity analysis. I think Bob Harper's students have done good work on this.

In addition to distance there is also the cost of selection, namely the muxes and decoders, which would multiply the cost of access by log N.

truantbuick 2 ago 0 replies      
What the graph really seems to indicate is that time is only linear when working within a cache size on the author's computer (remember that iterating a linked list accounts for the gradual increase in between the cache jumps). If the theoretical upper bound of RAM access was really the important factor at this scale, I wouldn't expect it to be almost flat and to suddenly jerk up every time we have to go to the next cache.

Assuming the author's O(sqrt(n)) is correct, it seems only relevant on much, much larger scales.

In light of that, it really doesn't make sense to pollute the typical use of Big O notation. It should always be understood to be just one metric to understand an algorithm.

justAlittleCom 2 ago 7 replies      
I am sorry... but no, the article is interesting and well written, but it has nothing to do with big O notation.Random access in memory is still in O(1), it doesn't depend on the size of the data structure (I am assuming that is the "n" the author talk about by pretending that a memory access is O(sqrt(n)).Even if you have a very complex memory architecture with 15 caching levels, spread all over the world, if you have a maximum of 5 day delay for accessing your memory through the mail, it will still be O(1), because 5 day is constant, it does not depend on the size of the data structure.

The "n" the author is really talking about may be the depth of the cache hierarchy.

vvanders 2 ago 0 replies      
Related, Herb Sutter's fantastic talk about arrays:

https://channel9.msdn.com/Events/Build/2014/2-661 @ 23:30

donrodriguez 1 ago 1 reply      
Let me quote Einstein: "Everything should be made as simple as possible, but NOT simpler!"

And that's IMHO exactly where the original author erred. But i find his musings so incredibly funny and enlightening, that i will use them as a future reference of how NOT to do an analysis.

He didn't just do an apple vs oranges comparison, but he essentially threw eggs, potatoes and ham in the mix and tried to deduce an universal law from his concoction by sprinkling some quantum mechanics fairy dust into the mix! Hilarious!

Just by simply looking at his sloppy graph (Typical origin-shenanigans are often a dead give away for the quality of an examination.) one should be able to recognize the form of an underlying step function, as expected from a multi-layered memory system (L1,L2,L3,RAM, ...) .

But NO, he envisions a Square-Root function, just by arbitrarly placing a line in a logarithmic coordinate system. WTF?! Where is the fitting? And how does he defend his conclusion? drum-roll QUANTUM MECHANICS .... Muhahahaha! Great show!

So essentially it's not cost that prohibits our brave engineers of increasing L1 cache size ad infinitum, but because of quantum mechanics! Muhahahaha! Stop it, my stomach hurts.....

chris_va 2 ago 1 reply      
The black hole piece in part II was amusing, if you keep reading.
captainmuon 2 ago 0 replies      
I think this way of looking at the problem is misleading. O(1) or O(N) always stays O(1) or O(N), just the constant changes. You can always access any element in RAM (on a SSD, HDD) in a bounded amount of time. Use that pessimistic time as the time of one step.

Viewed in this way, O(N) is still O(N), and a processor with caches is a magic device that somehow computes faster than O(N)... or for O(1) computes in sub-constant time (if that can be even well-defined).

fengwick3 1 ago 0 replies      
If anybody is curious about the physics, the principle he described is pretty similar to the Holographic Principle.


faragon 2 ago 1 reply      
If I understood it correctly, the author links cache miss from memory subsystem hierarchy to asymptotic complexity (big O), so if an operation for fixing a cache miss takes higher time complexity, he takes that instead of O(1).

Similar happens when you write an O(1) algorithm while relying on malloc(), which is usually O(n log n), thus your algorithm is not really O(1), but O(n log n).

Double_Cast 2 ago 0 replies      
Why is information within a sphere bound by m * r? Naively, I'd expect it to be bound by r^3 or m * r^3.
greggyb 2 ago 1 reply      
I think there is a key point in the FAQ (article four, all linked through the series):

> You are conflating Big-O with memory hierarchies

> No, Im applying Big-O to memory hierarchies. Big-O is a tool, and I am applying it to analyze the latency of memory accesses based on the amount of memory you are using.

As some others have pointed out, the line is crossing hierarchies of cache, and that he is not looking at the big O of instructions. Both of these are accurate, and the author is aware of this.

He is using the tool of big O analysis to measure a performance characteristic. That characteristic is not the traditional number of instructions or amount of memory utilized in the computation of an algorithm. It is the latency for access to a random piece of data stored on a system.

There are two cases considered, the practical, and the theoretical.

At the practical level, we do not have a unified physical implementation of the address space in a modern computer. This means that accessing a random address in memory is an action that will most likely cross levels of the cache hierarchy. It is well known that there are order of magnitude jumps crossing these levels. Perhaps it is uninteresting to you, and the importance of cache locality in an algorithm is something that you already have a very strong handle on. That makes his observation of time-to-access a random address trivial, but not wrong.

Big O tells us that a binary search is the most efficient search algorithm for an array (constraint - the array must be sorted), but in practice a linear search with a sentinel value across an unsorted array will be faster if the array fits in cache. Keeping in mind the big O latency of random memory access across cache hierarchy levels would be the theoretical analysis to tell us this. The traditional big O looks at number of instructions. These are both valid tools in choosing an optimal algorithm.

The second point the author makes is the theoretical limit. Assume the ideal storage medium with minimum access latency and maximum information density. This storage medium is matter. The limit of packing is the point at which you would create a black hole.

With this ideal storage medium, you cannot pack an infinite amount of data within a distance that can be traversed at the speed of light within one clock cycle. For this colossal storage array, there are some addresses which cannot be physically reached by a signal moving at the speed of light within the amount of time that a single clock cycle (or single instruction) takes. Accessing a random address is not a constant time operation, though the instruction can be dispatched in a constant time. There is a variable time for the result of that instruction to return to the processor.

At this theoretical limit, we would still end up with a cache hierarchy, though it would be 100% logical. With a single storage medium and unified address space, the cache hierarchy would be determined by physical distance from CPU to physical memory location. Those storage cells (whatever form they take) that can be round-tripped by a speed of light signal in one clock cycle are the first level of cache, and so on. You could have very granular, number-of-clock-cycles cache levels stepping by one at each concentric layer of the sphere, or you could bucket the number of clock cycles. Either would effectively act as a cache.

This theoretical exercise is an extreme limit, but bears out the practical implications that our current physical implementations of cache hierarchy exhibits in practice.

Again, perhaps these observations are trivial, but I believe they do stand up to scrutiny. The key insight is that the performance characteristic being described by big O is time, not the more traditional space or number of instructions.

I think time is a valuable metric in terms of algorithm selection. If we think about end users - they don't care that one instruction or 1,000,000,000 are being executed. They care about how quickly work is done for them by the computer. Instruction-based analysis can be a huge help in this consideration, but so can time-based analysis.

Neither should be ignored, and neither invalidates the other.

bastijn 2 ago 0 replies      
Only after reading the last article of the series I checked the link to share it. Only then noticed that I misread the heading on the blog. I read "I like big tits" and though is this page hacked or something? The url corrected my dirty mind :).

Great series. Even if you don't agree with the notation it has still valuable information. Thanks author!

whack 2 ago 0 replies      
It's a very interesting experiment/conclusion, but it rests upon one assumption: The assumption that the entire dataset has been preloaded into the L1/L2/L3 caches.

This assumption is a shaky one to make, and is easily violated. Imagine if you have a hashmap that is small enough to fit entirely in L3 cache. However, most of it has been evicted from the L1/L2 caches, by other data that the core has been reading/writing to as well. Eventually, the thread returns to the hashmap and performs a single lookup on it. In this scenario, the time required will indeed be O(1).

So what you really have is a best-case-complexity of O(sqrt(N)), if your data has been preloaded in the closest possible caches, and a worst-case-complexity of O(1) if your data is stuck in an outer level cache/DRAM. Given that we usually care more about the worst-case-scenarios, not the best-case-scenario, using the O(1) time complexity seems like a reasonable choice.

Going back to the author's premise that the time-complexity of a single memory access is O(sqrt(N)), not O(1), this is true only where N represents all/most of the dataset being processed. If N represents only a small fraction of the dataset being processed, and your caches are going to be mostly filled with other unrelated data, then the time complexity is closer to O(1).

Clearly the O(sqrt(N)) is more accurate than O(1) under some circumstances, but even so, it's not clear what benefit this accuracy confers. All models are inaccurate simplifications of reality, but simple-inaccurate models can still be useful if they can help in decision-making. Big-O analysis isn't used to estimate the practical running-time of an application. For that, you'd be better off just running the thing. Big-O analysis is more used to compare and decide between different competing algorithms/data-structures. And in that sense, whether you choose to model linked-lists/binary-search/hash-maps as O(Nsqrt(N))/O(log(N)sqrt(N))/O(sqrt(N)), or O(N)/O(logN)/O(1), the recommendation you end up with is the same.

caf 1 ago 0 replies      
If you instead iterate through an array of size K you will only pay O(N + K) since it's only the first memory access that's random. Re-iterating over it will cost O(K). This teaches us an even more important lesson: If you plan to iterate through it, use an array.

This is rubbish. Re-iterating it is the same as iterating it the first time: if you array doesn't fit into cache, you're going to pay for pulling it from further out into the memory hierarchy.

To anyone who doubts me: try it. Try iterating an array that fits entirely in L1 many times, then do the same with an array that has to be pushed out to swap. The slowdown will be considerably worse than linear.

lsh123 2 ago 0 replies      
The graph in the article shows the impact of L1, L2, and L3 cashes. If array fits into L1 cache the access will be the fastest and then it degrades with L2 cache, then L3, then generic memory.
rdiddly 2 ago 1 reply      
The library example is a bad one, since it leads to O(N) and not O(N), a conclusion that contradicts the thesis.

"In general, the amount of books N that fits in a library is proportional to the square of the radius r of the library, and we write N r."

No, the number of books N is proportional to the area of the front face of the shelving, not the area enclosed within the circle. Assuming all libraries are the same height, that means N is proportional to the circumference of the circle, which is proportional to r, not r. Meanwhile, assuming that all books are reachable in the same amount of time by the librarian no matter their height on the shelf, that means T r (as before). Since T r and N r, that means T N or T=O(N).

bryanlarsen 2 ago 0 replies      
Great article. It gets better, too, so make sure you read all 4 parts.
chongkong 1 ago 1 reply      
Isn't it log(N) instead of sqrt(N)?
joseraul 2 ago 0 replies      
The theoretical discussion is interesting, especially the circular library that gives some intuition of the square root law.

But in practice, you usually know the order of magnitude of your data, so access is rather O(1), for some constant that depends on the size of the data. Jeff Dean's "Numbers Everyone Should Know" quantifies this constant.


grabcocque 2 ago 2 replies      
The Myth of RAM is that you need to have lots of it, but it's bad to use it. Because that's 'bloat'.
haddr 2 ago 1 reply      
I think that at some point this O(n * sqrt(n)) is actualy not precise. Maybe it works for the first few GB, but then other mechanisms come into play.

For example processing 100GB of data actually don't have to be O(nsqrt(n)) because if you process it on cluster, then other machines are also using L1, L2, L3 caches and RAM. Then the whole process can be streamlined which means that some operations can be faster than the pessimistic nsqrt(n).

bjd2385 2 ago 0 replies      
Now I wonder what would happen to our time complexities if we were near a black hole...
wyager 2 ago 2 replies      
"I can vaguely fit a line to this graph that's clearly nonlinear, so that line describes the asymptotic complexity of the system."

Huh? Am I taking crazy pills, or is this a horrible analysis? It looks like the behavior is O(whatever it's supposed to be) times a constant multiplier at a few different regions. The OP conveniently cuts off the graph so you can't see it level off.

Skunkleton 2 ago 0 replies      
To me, all this article has show is that depending on the size of a data structure, you will need slower and slower memory. We already know that. The article shows that within the bounds of a particular type of memory the access time is mostly constant, which is exactly what O(1) means.
otterley 2 ago 0 replies      
Editors, can you please date this submission? It's from 2014.
known 1 ago 0 replies      
"You'll know that iterating through a linked list is O(N), binary search is O(log(N)) and a hash table lookup is O(1)"

Apples and Oranges? You'll select the relevant data structure depending on your application needs.

dingo_bat 2 ago 0 replies      
My laptop has been frozen for half an hour now after running the benchmark from the article :(
fractal618 2 ago 0 replies      
> And so we come to the conclusion that the amount of information contained in a sphere is bounded by the area of that sphere - not the volume!


solarexplorer 2 ago 3 replies      
Something that the author seems to be missing is that traditional complexity analysis (with mathematical proofs etc) is done for Turing Machines which have one-dimensional memory (an abstract tape), and reachable memory is linear with time. Current microchips are two-dimensional, so reachable memory increases square with time. If we had three dimensional memory (stacked chips?), then reachable memory would increase cube with time.

It all depends on what kind of machine you are talking about...

Commission says Ireland granted undue tax benefits of up to 13B to Apple rte.ie
414 points by Oletros  1 ago   414 comments top 45
shaqbert 1 ago 10 replies      
What Apple, Amazon, Google, Microsoft, and most other big US company do is the so called "double Irish"[1]. Essentially is a clever way of using two quirks of some EU countries loopholes in tax laws, from treating IP licensing fees (of course the brand and intellectual IP is owned by a British virgin island tax haven, where else could this stuff be created/invented), and the net result is that Apple et al end up paying single digit cents on the dollar in EU profits.

And with another quirk - this time in US tax laws - the do not even have to pay taxed in the US on those earnings, as they have not repatriated the funds.

How to pay dividends/fund buybacks, without repatriating those funds? Easy: Just issue debt (which your own subsidiary in the British Virgin islands making a killing on IP licensing might want to buy) or have your BVI IP trust fund buy those shares.

Now why would other EU countries let Ireland and the Netherlands get away with these accepted loopholes is a mystery to me, especially since Ireland had to ask for a bailout lifeline, and was in no position to negotiate firmly.

Why the US would allow their truffle pigs to not pay taxes on oversea earnings is clearly the result of expert lobbying.

[1]: https://en.wikipedia.org/wiki/Double_Irish_arrangement

noir-york 1 ago 2 replies      
Apple engage(ds) in aggressive tax planning - and they, along with FBK, Google, etc - deserve to be smacked down with a heavy bill.

An effective tax rate of 0.005% - when your next door business neighbour is paying 20% - is morally wrong and damaging to society and the common good.

kharms 1 ago 1 reply      
If you're American, don't celebrate.

The US government came out against this ruling, suggesting that US corporations are disproportionately targeted by the EC tax rulings.

>The commission has initiated investigations into tax rulings that Apple, Starbucks Corp., Amazon.com Inc. and Fiat Chrysler Automobiles NV. received in separate EU nations. U.S. Treasury Secretary Jacob J. Lew has written previously that the investigations appear to be targeting U.S. companies disproportionately.

>There is a possibility that any repayments ordered by the Commission will be considered foreign income taxes that are creditable against U.S. taxes owed by the companies in the United States, the paper said. If so, the companies U.S. tax liability would be reduced dollar for dollar by these recoveries when their offshore earnings are repatriated or treated as repatriated as part of possible U.S. tax reform.


Luc 1 ago 1 reply      
Every country in Europe has some sort of wacky tax exception for multinationals. Every state is locked in this race to the bottom with its neighbouring countries.

It's great that there is a supra-national authority forcing the states to cooperate on getting multinationals to pay reasonable taxes, because it wouldn't happen otherwise.

noir-york 1 ago 4 replies      
People here are commenting on Ireland (and other jurisdictions) engaging in tax arbitrage to attract companies and jobs.

Competing on tax rates and negotiating tax deals were a huge MNC like Apple pays a ridiculous 0.005% is bad: morally wrong, cuts to public services, increases unjustifiable economic inequality and is just not fair on other much smaller firms who have to pay full whack on the tax.

Apple, FBK, etc don't see it like that - they will engage in aggressive tax planning to minimise their tax, hoarding billions of dollars. And its not like they do anything productive with their cash pile; its not like it goes to higher pay checks for their Asian workers. Instead, its spent on share buybacks to prop up sagging share prices and keep Wall St happy.

Here's a better approach: tax companies on their profits and remove or reduce income tax and capital gains tax. This aligns incentives to:

1. encourage and reward founders to start new business

2. the most valuable employees tend to be mobile ones - a core EU principle is free movement so compete for the best employees by lowering taxes and giving them great public services. Companies will follow.

3. tax company profits and everyone is on the same level playing field: provides an incentive for companies to reinvest their profits into growth (and indirectly jobs).

beilabs 1 ago 3 replies      
6% of total Irish national debt...

I wonder how much Irelands payroll taxes would have been were the corporations not to have set up shop in Ireland, they would have just gone somewhere with a decent tax arrangement.

Unemployment in the 70's and 80's was brutal in Ireland, personally, I think the government at the time made the right choice, however, this "selective treatment" allowed Apple to pay tax rate of 1% on European Union profits in 2003 down to 0.005% in 2014, FFS.

astaunton 1 ago 0 replies      
It seems a lot of people think this ruling has something to do with 1) the "double irish" which is doees not or 2) Irelands 12.5% corporate tax, which it doesnt either.

The ruling, as far as the EU are concerned, is that Ireland gave Apple a deal more beneficial than anyone else. But the basis for this claim is how the tax was charged. Instead of charging Irish tax for all income for the company, they charged what was reported in Ireland. The issue that needs to be resolved is did they pay tax anywhere else on the remaining profits. The US said they did but the EU say they dont think so.

alphadevx 1 ago 3 replies      
All of that will go back to Ireland's national debt repayments under EU rules from what I understand, which includes large repayments due to the EU for the recent loans provided to Ireland for propping up banks, so really EU is collecting this money by proxy of Ireland. Interesting play.
jcrei 1 ago 3 replies      
I only wish that countries would compete for people the same way they compete for businesses. If they were to provide the best services, quality of life, in exchange for the lowest income taxes. That way people would move there and companies would follow. Wishful thinking?
philoye 1 ago 0 replies      
Apple responds with an open letter:http://www.apple.com/ie/customer-letter/
nradov 1 ago 0 replies      
We should cut corporate income taxes to 0%, and increase income taxes on investors and highly-paid employees to make the change revenue neutral. This will eliminate the incentive to waste resources on corporate tax avoidance and allow businesses to focus on creating customer value.
pulse7 1 ago 1 reply      
Companies try to pay the taxes by the "legal minimum" principle: pay what is required, but not more. If you have 2 parking slots in the downtown next to each other and one of them is cheaper, you will park where is cheaper... Why pay more if not required?

Question is: Did politicians, who created such laws, received bribes?

estel 1 ago 0 replies      
From the press release:

> The amount of unpaid taxes to be recovered by the Irish authorities would also be reduced if the US authorities were to require Apple to pay larger amounts of money to their US parent company for this period to finance research and development efforts.

I wonder how much of the 14B could be offset by this? I suppose there's a chance that it all might be.

kagamine 1 ago 0 replies      
Most of you should probably read the EU press release which is full of juicy details before commenting.


chrisacky 1 ago 2 replies      
Can someone clarify where this money will eventually end up (assuming it's paid)?

The article says that it will be paid back to Ireland, yet it looks like Ireland was somewhat complicit in allowing this fraud to continue for so long?'Is this just how it works, money goes to Ireland, and then recovered by Europe?

dekhn 1 ago 0 replies      
So, if I understand correctly, EC's argument hinges on the idea that Ireland gave "special favors" to Apple in terms of the tax deal. In particular, that Ireland offered things which nearly all other companies were not. If that is not the case (IE, if it can be proved apple received no special treatment), then the conclusions of the case, and the penalty, are false.
andmarios 1 ago 1 reply      
In 2014 Apple's effective tax rate was 0.005%. That is 5 cents for every $1000 in profits.

Even a patent troll could do better than Ireland...

cs702 1 ago 0 replies      
US corporate profits as a percent of GDP are near their all-time highs. Take a look at this historical plot:


I wonder how much of that is due to tax avoidance, whether legal or "unexpectedly illegal" (as in Apple's case).

If governments around the world follow the lead of the EC, I would expect a noticeable decline in corporate profitability over the next five to 10 years.

Note: I just generated the plot above as a png at the St. Louis Fed's FRED website, and I don't know how long the image will remain available. To recreate it, plot the "Corporate Profits, Adjusted" series divided by the "Gross Domestic Product" series, using the same units for both series (e.g., nominal billions).

rdslw 1 ago 6 replies      
Good. Read how Tim Cook publicly considers Nobel economist Joeseph Stiglitz as a one who do not know what he (Stiglitz) is talking about. Eye opening.

Excerpts from: http://www.washingtonpost.com/sf/business/wp/2016/08/13/2016...

Q: What do you say in response to Nobel economist Joseph Stiglitzs comments on Bloomberg [television], where he called Apples profit reporting in Ireland a fraud?

Tim Cooks answer: I didnt hear it. But if anybody said that, they dont know what theyre talking about. [...]

Apple evaded taxes and consider it right :(

nodamage 1 ago 0 replies      
The more I read about this the more likely I think this decision could be appealed and overturned.

The initial implication is that Apple specially negotiated a lower tax rate for itself in Ireland. But if you read through the European Commission press release[1], it's not that a special rate was negotiated, but rather Apple Sales International (the Irish Subsidiary) only pays Irish income tax on the portion of its income that comes from within Ireland, which is correct according to Irish tax law. But there's nothing particularly special about this setup that applies only to Apple, and from what I can tell, any other corporation operating in Ireland could have also set up this arrangement and is subject to the same rules.

It doesn't make sense to me that the EU can compel Ireland to collect more taxes from Apple, if according to Irish tax law, they've already paid what they owe for Irish sales, and they don't owe taxes for non-Irish sales. Now, there is a separate question, which is can/should every other EU country go after Apple's local subsidiaries for failing to pay sufficient income tax in their own countries (by transferring the profits over to Ireland)? The answer to that is probably yes. If Apple sells an iPhone in Italy for a profit, it should pay Italian taxes on those profits, and should not be able to avoid Italian taxes by booking the profit in Ireland. This is touched upon in the press release:

> The amount of unpaid taxes to be recovered by the Irish authorities would be reduced if other countries were to require Apple to pay more taxes on the profits recorded by Apple Sales International and Apple Operations Europe for this period. This could be the case if they consider, in view of the information revealed through the Commissions investigation, that Apple's commercial risks, sales and other activities should have been recorded in their jurisdictions. This is because the taxable profits of Apple Sales International in Ireland would be reduced if profits were recorded and taxed in other countries instead of being recorded in Ireland.

It seems more logical to me to conclude that that Apple doesn't owe more taxes to Ireland, instead they owe more taxes to all the other countries in the world where they operate but have avoided taxes by transferring their profits into Ireland.

[1] http://europa.eu/rapid/press-release_IP-16-2923_en.htm

johnnyhillbilly 1 ago 0 replies      
Here's how to fix this:

1. Foreign deductions are taxed based on the difference between the locale where the earnings are made and the locale the service/product is provided from. Where the sales division is located has no relevance to taxability, and deductions for sales costs are treated as any other internal service.

2. IP is enforced on the national level, and should not be eligible as a foreign deduction. Good-will also follows the local market.

3. Documentation should be provided that foreign costs are real, and that they are actually taxed. Tax agreements should be null and void if systematic abuse is uncovered.

The problem right now is that no company can compete against these cheats.

Personally, I think Ireland has scammed the rest of Europe for long enough by now.

Likewise, I wouldn't be surprised if a large part of India's competitiveness in asses-in-seats outsourcing is created by artificial tax rule phenomena - and various constructs to exploit these.

meira 1 ago 1 reply      
So Ireland, the tech hub that would replace London, isn't going anymore?
everydaypanos 1 ago 0 replies      
I live in Europe and I can certainly see how this seems like a mess and how can a company obey the laws in one country and at the same time being illegal...

I just want to point out something that is often neglected. EU Commission is basically a referee entity. It all starts with someone making a formal complaint about Apple or Google or Amazon and then they check into it. And in MOST cases the complainers are other US companies that feel that their complaints are being neglected in their own country(ex Yelp)

jernfrost 20 ago 0 replies      
I don't get how the US government can so strongly advocate in favor of Apple in this case. I am a big Apple fan, but clearly the law was broken. This seems like a slam dunk case. And Apple isn't fined, they just have to pay normal low Irish taxes like everybody else.
omarforgotpwd 1 ago 0 replies      
If both Apple and Ireland are opposed to this I see little chance Apple actually pays this. Ireland's government obviously setup this tax structure intentionally to bring capital into Ireland and will want to preserve this.
satysin 1 ago 3 replies      
I am not too sure how I feel about this. On the one hand I do think Apple (and many other companies) should pay more taxes.

However on the other hand Ireland enticed many big companies to their country on the promise of lower tax. You can't blame Apple for taking advantage of such an offer. They followed the letter of the [Irish] law as far as I can tell (unless someone can correct me?).

I think this could end up being terrible for Ireland in the longer term. Then again perhaps the EU knows that they can't really go anywhere else now so will just have to put up with the new rates or not do business?

It is far from a cut and dry situation IMHO.

allendoerfer 1 ago 1 reply      
Even with these baby steps, I like to see that the EU is unifying its corporate tax code. Of course, we do not need to worry about Ireland, Great Britain already made sure their position as English entrance to the EU will stay strong regardless of tax-breaks.

The Netherlands are naughty, too, due to a strange coincidence Ikea Germany has to pay fees of exactly its profits to Ikea Netherlands each year. I think the bigger countries should use their power to end this ruthlessly, since in the end also the smaller countries would benefit if the race to the bottom stops.

justinv 1 ago 3 replies      
$14.5bn to be recovered.
300bps 1 ago 2 replies      
I don't think this was planned but it could become a great bait and switch scam for countries.

1. Negotiate special tax privileges for a company

2. Have them set up shop in your country

3. Allow them to pay little tax for several years

4. Have federal authority sue saying that the deal in #1 is illegal

5. Collect back taxes based on normal tax rate and not the special deal in #1

fulldecent 1 ago 0 replies      
Maybe Apple spent $10M or whatever in taxes in Ireland over the past 10 years. And of course corporate profits are imaginary so you can imagine them happening anywhere on the globe.

If I owned a small country on an island, I would be more than happy to allow Apple to imagine its profits were on my island and I would only charge $5M for the privilege. And I would be grateful for the $5M.

What would you do with your small island?

gjolund 1 ago 0 replies      
This is all over the news like something is actually going to come of this.

What can Ireland/EU actually do? Apple is a bigger player in the world economy than Ireland.

c0g 1 ago 1 reply      
Given Ireland broke the law, not Apple, shouldn't they get the punishment?
singularity2001 1 ago 0 replies      
One might wonder whether multinationals paying 0.005% tax contributes to the horrible proliferation of oligo/monopolies.
jdimov10 1 ago 1 reply      
Time for Ireland to leave the EU too, I think.
nepthar 1 ago 0 replies      
"European Commission tells Apple to spend 13B arguing against them"
DanielBMarkham 1 ago 1 reply      
"...The findings are a result of the culmination of a three-year investigation by Competition Commissioner Margrethe Vestager into tax arrangements for Apple, dating back 25 years..."

I have no love in my heart for Apple.

At the same time, it's not like they don't have enough lawyers. So I have to assume that anything involving billions of dollars would be strenuously vetted. I might be wrong, but I'm starting from there.

And if they were supposed to pay taxes, they were supposed to pay them. Purposefully evading taxes is wrong. Avoiding taxes is another matter. Complex tax codes to change society work because we assume that people will be actively avoiding them. So good for them. They're playing the carrot and stick game that governments like us all to play.

If true, this means that they did the right thing that the best-informed legal minds could offer in order to legally avoid taxes. It worked for a while then suddenly the rules changed. And they changed not just for the future, but retroactively.

What occurred to cause a rules change? It wasn't the law. It wasn't Apple's behavior. It became a story in the U.S. about how companies are getting away without paying their "fair share". The EC was the one that acted, and the only thing that makes sense to me is that the EC saw an opportunity and appointed a commission. Not arbitration, not a criminal or civil trial. A commission.

Quite frankly, this looks like a stick-up. Apple's a big company and can take care of itself. I really hope that the same kind of thing doesn't happen to mid-sized and smaller companies trying to eek it out in the EU. It's not just bad for the companies involved: it's bad for the reputation of the union as a whole. You can't keep changing the rules up if you're trying to tweak regulatory issues to promote long-term growth. Nobody with any sense is going to trust you.

Oletros 1 ago 1 reply      
And here the press release from the European Commission


retube 1 ago 0 replies      
Mess with our banks, and we'll mess with your tech firms!
throw2016 1 ago 1 reply      
I don't see why commentators here are so divided, presuming they are not beneficiaries of this system.

The government gets revenue from taxes to provide services. If everyone were to do what Ireland is doing then goverments either have to raise money by increasing other taxes or reducing services.

Either way individuals and society lose. Nobody wins from this race to the bottom.

The bigger question is the presence of these convenient loopholes in the global financial system that benefit the wealthy and privileged but leave everyone else facing clear cut laws that cannot be evaded without serious consequences.

Questioning the legitimacy of taxes, or even society, and getting pedantic about laws in this context seems little more than a self serving tactic to avoid admitting this is obviously wrong. Especially when everyone else without exception is paying their fair share. Here is a better idea, pay your share and then start a debate about taxes and society if you want.

nxzero 1 ago 5 replies      
Given the stakes, unclear to me why multinationals don't find a way to create there own country, that would be free of any non-member decent.
chvid 1 ago 0 replies      
The US smacks Volkswagen - the EU smacks Apple.
known 1 ago 0 replies      
Tax Apple revenues, not profits;
Shivetya 1 ago 1 reply      
Okay, the EC is wrong in that lower tax burdens are a form of state aid. Higher corporate taxes also tend to cause all sorts of new ways to lower tax burdens which can mean even less tax revenue, let alone simply up and moving to a more tax friendly environment. The EU needs to worry about Africa soon scarfing up companies looking for a way out.

Then last of all, they are fooling themselves if they don't think EU based companies aren't receiving similar deals. This seems concentrated only on US based companies for the time being.

Finally consider this, countries which lowered their corporate rates found increases in wages and taxes. This includes Canada and Japan

tmaly 1 ago 1 reply      
Ireland uses lower taxes to attract companies to create jobs.

This has worked, but I wonder if the EU is going to cause another country to exit with this ruling?

Seriously, what does Ireland gain if it loses a ton a jobs due to this?

Gene Wilder Has Died bbc.com
378 points by cpymchn  2 ago   118 comments top 29
simonsarris 2 ago 8 replies      
Willy Wonka (screenplay by the genius Roald Dahl) has one of my favorite scenes in film and I invite you all to watch it: https://www.youtube.com/watch?v=sz9jc5blzRM

> In 1970, when originally offered the lead role in Willy Wonka & the Chocolate Factory by director Mel Stuart, the great Gene Wilder accepted on one condition. "When I make my first entrance, he explained, I'd like to come out of the door carrying a cane and then walk toward the crowd with a limp. After the crowd sees Willy Wonka is a cripple, they all whisper to themselves and then become deathly quiet. As I walk toward them, my cane sinks into one of the cobblestones I'm walking on and stands straight up, by itself; but I keep on walking, until I realize that I no longer have my cane. I start to fall forward, and just before I hit the ground, I do a beautiful forward somersault and bounce back up, to great applause." Asked why, Wilder said, "Because from that time on, no one will know if I'm lying or telling the truth."

Quote from: http://www.lettersofnote.com/2012/06/part-of-this-world-part...

fitzwatermellow 2 ago 4 replies      
My favorite scene, and it's an absolute masterclass in comedic technique, is from Woody Allen's Everything You Always Wanted to Know About Sex. The moment his Greek patient confesses: "Doctor, I'm in love with a sheep!" Without saying a single word, Wilder's expression goes from jesting to confusion to amusement to fright to intrigue and back again through the entire gamut of possible human response. He sputters and strains. It's all right there on his face! We feel the tortured struggle occurring within his mind, grasping for any semblance of assessing the situation and formulating the appropriate thing to say. It's truth is it's genius!
rdtsc 2 ago 1 reply      
Young Frankenstein is my all time favorite comedy


It just has the right mix situational and sarcastic humor. I usually re-watch it every couple of years. Gene Wilder is just so good in that role.

woodruffw 2 ago 2 replies      
Very sad. Young Frankenstein was probably my favorite movie as a kid - the Frau Blucher scene[1] always made me laugh. He'll be remembered (and watched) for a very long time, which I suppose is the greatest honor an actor can receive.

[1]: https://www.youtube.com/watch?v=zdIID_TGwhM

dmd 2 ago 1 reply      
https://www.youtube.com/watch?v=kRb3u0PtEZE is how I always think of him.
greggman 2 ago 1 reply      
As a Gene Wilder fan I was once digging for things to watch on Amazon and stumbled on a documentary narrated by Gene Wilder. I wouldn't have even noticed it but when I saw his name He'd been out of the limelight for so long I thought "wow, what could have made him agree to do this?" So I watched it.

I can't recommend it enough. It's called "EXPO - Magic of the White City" and is as about the 1893 Chicago Exposition. It takes about 10 minutes to really get started and it's got some cheesy stuff but it was fascinating. I've shown it to several people and they all got sucked in.

Not sure if this is a legit upload but it's on YouTubehttps://m.youtube.com/watch?v=cpOQE5KJJds Or Amazon https://www.amazon.com/Expo-Magic-White-Gene-Wilder/dp/B004S...

If it weren't for Gene I'd never had known about such an amazing topic. Thanks Gene!

bitwize 2 ago 0 replies      
Is the grisly Reaper mowing...? :(


Do you know what happened to the man who suddenly got everything he ever wanted? He lived happily ever after.

1024core 2 ago 1 reply      
I'll always remember him from Blazing Saddles.
milge 2 ago 0 replies      
"A little nonsense now and then is relished by the wisest men." One of my favorite quotes from Willy Wonka.
jv22222 2 ago 0 replies      
Young Frankenstien is one of the funniest movies of all time. Every scene a classic. If you haven't watched it, I highly recomend it.

RIP Mr Wilder

mattezell 2 ago 0 replies      
"From that fateful day when stinking bits of slime first crawled from the sea and shouted to the cold stars, "I am man.", our greatest dread has always been the knowledge of our mortality. But tonight, we shall hurl the gauntlet of science into the frightful face of death itself. Tonight, we shall ascend into the heavens. We shall mock the earthquake. We shall command the thunders, and penetrate into the very womb of impervious nature herself." -Dr. Frederick Frankenstein, Young Frankenstein.
amyjess 2 ago 0 replies      
The Producers will always be one of my all-time favorite movies. Gene Wilder was a fantastic actor.
Imagenuity 2 ago 1 reply      
Good night, Herr Doktor.
Salijerr 12 ago 0 replies      
Rest in Piece Gene WilderThis quote and other ones will never forgotten"You get nothing! You lose! Good day,sir!
rmason 2 ago 1 reply      
How many people remember that Gene Wilder was in Bonnie and Clyde?

Or maybe I should ask how many people here have even seen that movie with Warren Beatty and Faye Dunaway?


gm-conspiracy 2 ago 0 replies      
Also, a great buddy comedy w/ Gene Wilder and Richard Pryor:

See No Evil, Hear No Evil


gm-conspiracy 2 ago 0 replies      
Also a good comedy, Haunted Honeymoon:


...with Dom DeLuise in drag.

petergatsby 2 ago 0 replies      
Still my all-time favorite song in a musical: Pure Imagination https://www.youtube.com/watch?v=RZ-uV72pQKI
btgeekboy 2 ago 0 replies      
He lived a long and accomplished life. I can only hope to be as as successful as him.

Good day!

ArkyBeagle 2 ago 0 replies      
Wilder combined with Mel Brooks... that's a high-water mark.

It's nearly criminal that he wouldn't make any more movies after Gilda died, but I admire the gesture.

syngrog66 2 ago 0 replies      
huge fan of him and especially Young Frankenstein. so much so that I created a character in a comedy story named Heinrich von Hexenhammer as a homage to Gene's definitive mad scientist:


mikeryan 2 ago 0 replies      
dammit 2016.
sverige 2 ago 0 replies      
Love his acting and the great romance he had with Gilda Radner.
madengr 2 ago 0 replies      
Wilder and Pryor were the dynamic duo. Loved those movies.
BatFastard 2 ago 0 replies      
May you rest peacefully in the land of your imagination.
davesque 1 ago 0 replies      
Probably the nicest man who ever lived.
dredmorbius 1 ago 1 reply      
Metacomment: As I've gradually shifted from reading, listening, or watching news, which I increasingly find almost wholly irrelevant, if not downright insulting, to expose myself to, I'm relying on curated sources, and HN in particular, to a larger degree.

So this is the first I'd heard the news, some 13 hours after posting as I write.

One thought that occurs is that HN has something rather good going on, in its incentives, audience, financing (HN isn't a revenue center, but does feed awareness of YC), and resulting informational production. Developing it further might be of interest, or finding a way to tap into it to produce a higher-quality "what's happening of significance in the world" product (feeds and filters off of HN already exist, e.g., the HN subreddit, basRSS).

And a substantial part of that is the culture that's been specifically cultivated. Researching the issue of trolling online, I happened across a post from nearly two weeks ago (which I'd missed in first appearance) on Time magazine's "how trolls are ruining the Internet" article. HN admin and mod dang offered a rebuke to an uncharitably rude comment, in this thread: https://news.ycombinator.com/item?id=12322114

The context for that was my experiences in the past week in a new community which turns out to be quite centrally founded on the principle of pervasive anonymity. An interesting premise, but difficult to get right. My venture there didn't go well: https://www.reddit.com/r/dredmorbius/comments/500ysb/the_imz...

There's also the premise that news itself is often simply unproductive and unhealthy, and its different formats, particularly television/video, but also radio and print, have some fairly deep psychological influences, despite the fact that individual stories often have little personal impact -- we can neither do much about them, nor they to us. This isn't always the case, but the factors that do make news matter, relevance, context, background, and an exposing of the powers and reasons behind events, is rarely part of the modern product, which emphasises shock, reaction, outrage, and distraction. Not only mainstream commercial television, but the "better" sources -- BBC, CBC, NPR, PBS, The New York Times, Telegraph, and Guardian.


I receive a local paper. I'll listen briefly to headlines. I occasionally read news sites directly online. But whether it's me or the media, something seems changed, and relevance is largely missing.

Just to give an example, the local paper where I'm visiting carried a story this morning about an "artificial leaf" development by a university research team. The story ran a half page, from a news service billing itself as ecological news -- one of the many wire-service pieces that fills what's left of the business section of the paper on Mondays. Hoping for an explanation of the design, mechansim, or product, in that half page, there was one sentence revealing anyof this, and I quote:

Heres how it works: The energy of the sun rearranges the chemical bonds of the carbon dioxide.

Read it for yourself: http://www.chicagotribune.com/bluesky/originals/ct-uic-artif...

Literally the entire remainder of the article was noninformational filler. A paragraph or two of which on why synfuels-based energy storage is useful, I can understand. But ... this isn't even pretending to inform.

(There's a Science article which reveals slightly more: http://science.sciencemag.org/content/353/6298/467)

The remainder of the paper is similarly loaded with anti-information. A brief news roundup buried in the back of the first section contains what little actual news is present, again largely wire articles. There's perhaps a well-written article every week or two. Op-eds are occasionally, though rarely, considered. A friend characterises the columnists as largely writing about themselves or to each other. And yes, this is the same Tronc product John Oliver lampooned, with absolute justification, consummate skill, and delightful effect, on HBO a few weeks back.

Oliver's right: the media business environment stinks. But Tronc have stopped even trying.

So: HN, an intelligent audience, a diversity of views, a fostering of civility, even in disagreement, principled readership, and quite frankly a really boring design asthetic, are all soft-power influences shaping a quite useful information stream.

Thoughts kicked up by seeing this headline in the story list.

And yes, beyond that, I'll miss Wilder, a gentle but brave comic genius of our age.

AncoraImparo 2 ago 6 replies      
How is this relatable to Technology?
mdevere 2 ago 1 reply      
i enjoyed his portrayal of steve jobs
AWS S3 open source alternative written in Go minio.io
392 points by krishnasrinivas  1 ago   127 comments top 23
Ixiaus 1 ago 7 replies      
Or, run Riak with their S3 compatibility layer. Riak is extremely stable and the work Basho has done to make a truly robust distributed database is significant.


davidu 1 ago 2 replies      
Theory here is that people will build apps that talk to S3. But sometimes those apps might need to run inside the perimeter and can't talk to the cloud. So rather than rewrite an app to talk to a new internal datastore, you just point it at a locally hosted Minio and you're up and running.


hhandoko 1 ago 0 replies      
I switched from Fake S3 [1] to Minio for local development. Fast and lightweight, good experience so far :)

Easy to setup with Vagrant, and linking / sharing the Minio shared folder to the host makes it quite convenient to quickly check the files without going to the UI [2].

[1] - https://github.com/jubos/fake-s3

[2] - It stores the files as-is in the local filesystem (files in folders, unchanged), as opposed to having it 'wrapped' like Fake S3 does.

krishnasrinivas 1 ago 1 reply      
Minio will always be 100% free software / open source. We have no plans to add any proprietary extensions or hold back on features for paying customers only. -- Minio Team
bjoerns 1 ago 1 reply      
After evaluating a couple of options mentioned in the other comments here, we recently replaced our in-house built s3 clone with minio for our on-prem version of our app. Very robust and stable.
fizzbatter 1 ago 3 replies      
Does this have the ability to mirror to an encrypted remote? I'm looking for something like this for a simple home storage server, but emphasis on being able to replicate to something like B2 Storage for cheap backup.

Currently Infinit.sh has my attention the most, but it's quite young still.

edit: https://news.ycombinator.com/item?id=12125344 this thread seems to be talking about what i want. With that said, i'm not yet sure if `mc mirror` supports Backblaze, as that (per price point) is my prime need

cdnsteve 1 ago 3 replies      
Practical use case:

- Spin up a bunch of droplets on DigitalOcean, because I want reliability, etc.

- What's the best way to share drive space across these to create a single Minio storage volume, so if one DO node goes away I don't lose my stuff?

bryanlarsen 1 ago 1 reply      
minio works awesome for dev & test deployments. It's dead simple to set up, just a single executable. Hopefully it doesn't lose that simplicity as it grows up and gains features.
zx2c4 1 ago 0 replies      
Their CLI client is called `mc`. This is an unfortunate conflict with the venerable Midnight Commander.
andrewchambers 1 ago 1 reply      
I love the website. I'm a lone developer who doesn't know any HTML, how would I go about getting such a nice design for my own projects? (Or how much would it cost)
Keyframe 1 ago 3 replies      
Sorry for two posts (the other one was unrelated). If anyone has experience with this I have a few questions regarding a particular use case.

How does something like this behave with really large files. Video files in 100s of gigabytes, for example. I'm asking because if one could set up a resilient online (online as in available) storage with fat pipes like this it could be used as a platform to build a centralized video hub for editing. It's another question how much sense would it make over a filesystem though.

jedisct1 17 ago 0 replies      
Keyframe 1 ago 1 reply      
Unrelated question. What's the point of fullscreen button on those term session players (or whatever they are) if it doesn't stretch the playback to fullscreen? You only get a same-sized screen with black around it. It's not even centered to the screen.
nulagrithom 1 ago 1 reply      
Is this just meant to emulate S3 for the sake of dev/test environments? Without clustering/HA I don't really see the point of using this over the plain old file system. Or am I missing something?
helper 1 ago 2 replies      
How easy is it to embed this into go tests? Right now I use goamz/s3test for that, but it has a lot of limitations.
frugalmail 1 ago 5 replies      
The canonical open source alternative to S3 https://wiki.openstack.org/wiki/Swift
scoopr 1 ago 0 replies      
So, I can use midnight commander as the client? ;)(half joking, half serious)
unboxed_type 20 ago 0 replies      
Why is it so important what language it is written in? :-)
muminoff 1 ago 0 replies      
Do you guys have plans with multi-tenancy feature?
LoSboccacc 1 ago 0 replies      
couldn't find at a glance wheter it has the same read after write issue of s3, or in general what the consistency is.

also, failure and backup modes.

anonymous7777 1 ago 1 reply      
ok tired of people bragging about "Go". It underperforms than many GC based languages that are out there.
beastman82 1 ago 1 reply      
written in Go - Does this matter?
Rclone: rsync for cloud storage rclone.org
382 points by dcu  14 ago   104 comments top 26
planetjones 12 ago 2 replies      
Looks really good. I am pleased more projects are adding Google Cloud Drive support now. What I really want to do is:

- create documents on my Mac which autosync to Cloud Drive in encrypted format (this should tick that box)

- be able to access said documents on any device including iOS, which transparently handles the encryption

The use case is I now scan all my documents into PDF format, but keeping them secure and accessing them on iOS seem to be almost mutually exclusive.

I looked at some other solutions for this which had their own iOS app and security mechanism (Boxcryptor mainly) and I didn't like it - I just didn't feel in control. And I got nervous about what happens if Boxcryptor goes under; I don't want to rely on them keeping their app up-to-date to read my documents.

I know Apple will never allow it but wouldn't it be nice to be able to mount your own network drive which all apps could access.

kgtm 10 ago 3 replies      
Unfortunately, it appears that binary diffs are not supported.

This is a really important aspect for many workflows dealing with large files (like TrueCrypt containers). Contrary to what is stated by the rclone developer [1], at least Dropbox supports binary diffs [2].

This should be looked into, at least for Dropbox.

[1] http://rclone.org/faq/#why-doesn-t-rclone-support-partial-tr...

[2] https://www.dropbox.com/en/help/8

SEJeff 11 ago 5 replies      
FWIW: tarsnap is also rsync for cloud storage and Colin (guy who founded and runs tarsnap) also has won a putnam award for his work in mathematics and crypto.


niftich 12 ago 0 replies      
This fills a real need for me. It does nearly everything I want.

Aside from the program itself, your documentation is really good, and special +1 for documenting the crypto thoroughly (and another +1 for using NaCl's building blocks in a safe way).

As a related point, I recently bought a Chromebook (still unopened), which pushes you heavily towards storing your files in Google Drive. It makes me uneasy to store certain things unencrypted, so I'll investigate writing a compatible implementation for ChromeOS.

NikolaeVarius 2 ago 0 replies      
Does anyone else work mainly with Linux but use Google Drive?

95% of stuff I work with is Linux but that last 5% is done in Windows for work. I use Google Drive but the lack of syncing is really annoying. I also have a NAS that runs Linux that I would love to use to sync my GDrive/Amazon Drive to.

I've been brainstorming ideas including but not limiting to seeing if I could use W10 IOT for the RPi and install Drive on there (Pretty sure its impossible).

It boggles my mind there isn't a elegant solution to this that doesn't require me to pay for a service.

DanielDent 9 ago 2 replies      
Rclone is great. I wrote an integration to use it with git-annex (https://github.com/DanielDent/git-annex-remote-rclone).

Some of the supported providers (e.g. Amazon Cloud Drive) have a reputation for days-long service outages. Some users of Amazon Cloud Drive have even reported files going missing on occasion.

But the great thing with git-annex is you can have your data on multiple clouds (in addition to being on your own equipment), so partial or complete loss of a cloud provider does not need to result in availability or durability issues.

cobbzilla 11 ago 1 reply      
Very cool program.

s3s3mirror [0] is another tool for copying data between S3 buckets or the local filesystem. full disclosure: I am the author.

At the time I wrote it, I only needed to work with AWS, and needed something very fast to copy huge amounts of data. It works like a champ, but I do think about what it would take to make it cloud-independent; it wouldn't be easy to maintain the performance that's for sure.

[0] https://github.com/cobbzilla/s3s3mirror

estefan 13 ago 5 replies      
This looks awesome. I've made several attempts at something that could write encrypted files with obfuscated file names to several backends but never ended up with something I was happy with.

I'll definitely give this a try.

Edit: One feature I would like would be to split files into n chunks to obfuscate the length of files (assuming it wasn't obvious which chunks go together to make up a file), so instead of a 1:1 relationship there was a 1:n for large files. I suspect this is a lot more work though...

forgotpwtomain 13 ago 1 reply      
How does this compare to duplicity ( http://duplicity.nongnu.org/ ) ?
schlowmo 13 ago 2 replies      
Looks promising, but I'm not sure about the crypto-part. Can someone give some notes about the security of NaCl Secretbox using Poly1305 as authenticator and XSalsa20 for encryption?

Is it justified to assume that this is adequate crypto as long as the nonces are choosen correctly (= as random as possible) and the keysize is bigger than 128bit (rclone uses 256bit key derived from user password)?

Documentation of the crypto part can be found here: http://rclone.org/crypt/

EDIT: added constraint regarding keysize.

ashayh 5 ago 0 replies      
If you use Amazon Prime, you also get unlimited AWS cloud drive storage for photos. rclone works well backing up all your photos to Prime.
mafro 13 ago 0 replies      
Neat. I wrote my own hacky little Python app to upload to dropbox, but they recently broke that with changes to the dropbox python library. I hadn't bothered to fix it :)

I'll check this out instead - thanks for sharing OP.

rsync 12 ago 1 reply      
Will this work with any remote host over SSH ? All of the example targets (S3, google cloud, etc.) are things that you can't rsync to.

That is, can you point it at rsync.net (or your own server that is only running ssh) ?

If the author is here, please email us (info@rsync.net) if you'd like a free account to test with.

schlowmo 12 ago 1 reply      
Does anyone know if rclone preserves Linux File Permissions regardless of the cloud storage?

It's not in the feature list and my guess is that this would be hard to implement if you can't take assumptions of the underlying file system.

alpb 11 ago 1 reply      
kolp 13 ago 1 reply      
I have this running on a Raspberry Pi and it's working 24/7, uploading media files from my NAS to my Amazon Cloud Drive.

I use Kodi on a separate pi to stream the content from Amazon, thereby freeing up space on my NAS.

HalfwayToDice 11 ago 0 replies      
Another thumbs-up. I've been using it to mirror to Amazon Cloud Photos (now called Amazon Drive I think) and it's rock solid.
swinglock 11 ago 2 replies      
Has anyone had success with Amazon Drive? 60 USD for unlimited storage or just 12 USD unlimited storage using stenography is hard to beat. If it works better for backup than Backblaze or Crashplans terrible clients and horrid performance it would be a good alternative.
sengork 3 ago 0 replies      
It would be interesting to set this up on FreeNAS. Developers should look into providing this as a plugin to FreeNAS users.
bsg75 13 ago 1 reply      
I have been using this successfully with Google Cloud Storage and our own internal Swift object store.

For the latter, it uploads much faster than the shell scripts I had been using, and it has similar utility as an "rsync for the cloud".

tgarma1234 10 ago 2 replies      
I genuinely don't understand the use case for this since, for example, Dropbox already just syncs the changes you make to a file and not the whole file, automatically and does so bidirectionally, which this tool does not. So, if anyone can help state more clearly what this is adding over and above the features that the various cloud storage vendors already provide I would benefit from the explanation.
anfroid555 59 ago 0 replies      
No softlayer?
nypar 13 ago 1 reply      
I have used it with a cheap VPS (Ovh. I will test it soon with Scaleway) and it worked fine transferring data between Google Drive and Amazon drive. ;)ps: I did not tested it with encrypted files as it is a few weeks ago option.pps: see also reddit datahoader board for examples. ;)
topranks 10 ago 1 reply      
Been backing my music up to Google Drive with this in a cronjob for past year.

Works a treat.... highly reccomended!

allstate 13 ago 2 replies      
Will this work with two different s3 buckets (2 different regions)?
blackfede 12 ago 1 reply      
use this in production since one year, installed on a synology nas to backup on ovh storage. please get the github version as the download on the website is quite different
Dropbox employees password reuse led to theft of 60M+ user credentials techcrunch.com
293 points by prostoalex  23 ago   100 comments top 21
skyrw 22 ago 3 replies      
Its [Current Year] and [Semi-Respectable Tech Blog] still doesn't know the difference between encryption and hashing.
rjbwork 22 ago 6 replies      
This is a really good reason to be careful about what you log to log analytics platforms. I just recently implemented an ETL system that has the credentials (along with other stuff about the job) for data access passed into it from a PaaS framework. While I want to log the information, I don't want to log my DB connection strings! It's very easy to overlook such things and produce them as part of application logging/exhaust without realizing it, especially now that we have mass adoption of things like Splunk, Logg.ly, CloudFront, Cortana Analytics, Elmah.IO, LogEntries, Seq, and a dozen others.
franciscop 21 ago 1 reply      
> "it does not appear that the encryption protecting them has been cracked"

Please Techcrunch, you are making it sound like you are talking about actual encryption while you are really talking about hashing. From that sentence people would believe that it takes a single "crack" to get them all.

The magic of bcrypt (and hashing in general) is that probably some low-hanging fruits have been picked already while any non-trivial password remains secure.

nextstep 20 ago 0 replies      
Not at all surprising. Maybe things have improved, but Dropbox's security was a total joke in 2011-2012. Remember "no password day"? https://techcrunch.com/2011/06/20/dropbox-security-bug-made-...
corv 21 ago 2 replies      
Glad I deleted my account a while back.

Hopefully all these clouds will pass over and we can get back to personal computing.

mkj 22 ago 7 replies      
Are there any decent technical measures to discourage password reuse across sites? Server generates the password?
jpalomaki 16 ago 0 replies      
If two-factor authentication or single sign-on is not an option, should you force at least partly random passwords for employees to prevent password re-use?

In the past this would have been considered as bad practise, since nobody can remember that kind of passwords but nowadays it is pretty clear that everybody (in IT) is either using some password manager or reusing their passwords between systems.

(And to clarify, I'm not talking about end users of service like Dropbox, but people who are working with security sensitive stuff on the backend)

koolba 15 ago 0 replies      
> Some of the stolen passwords were encrypted with SHA-1, while 32 million were encrypted with bcrypt, Motherboard reports. The passwords were also secured with a salt, a random data string added to strengthen the encryption. Even though these passwords have now been dumped online, it does not appear that the encryption protecting them has been cracked.

Whenever I've seen passwords stored without a salt it's either because there is no salt or the salt is derived from the username. If it's the latter, it's only a matter of time till the specifics are figured out.

I'd be very surprised if there is a random salt for each of the SHA-1 passwords that's stored separately from the hashes themselves.

matt_wulfeck 22 ago 5 replies      
I really wish HIBH would actually send me the data related to my email. I currently have no way of know the current password except by going on to some shady website and downloading a dump. Why not provide the option to send it to the user's email address?
0xmohit 22 ago 0 replies      
The report doesn't contain much details, but 2-factor auth might have helped.

What is also not apparent is whether the stolen credentials were utilized to pull off data from the accounts? Users might have had sensitive documents stored!

themihai 22 ago 1 reply      
You would think Dropbox doesn't behave like a startup anymore...Proves again that simply passing the responsibilities to a "cloud" provider doesn't fix the security issues.
beilabs 21 ago 0 replies      
Changed the email on dropbox about 2 years ago; seems like i've been pawned on the old email with the same password.

Incredibly poor response from Dropbox on this issue.

pilif 22 ago 1 reply      
>is an evolution of the companys stance on the 2012 incident

what a nice way to say that they lied before and that they are now finally coming clean - three years too late.

iagooar 15 ago 0 replies      
The email Dropbox sent me was talking about a preventive measure. Did they lie?
CiPHPerCoder 15 ago 0 replies      
SHA1 isn't encryption, it's a hash function.
bandrami 17 ago 0 replies      
Somebody remind me what's justifying those six-figure tech salaries that are pricing everybody else out of the Bay Area?
impe83 15 ago 0 replies      
ok thats why I just got a dropbox pop up to change my password :P
toodlebunions 22 ago 0 replies      
nullc 22 ago 0 replies      
Title should say that Dropbox's security procedure provided inadequate security when confronted with well known user behavior.
alanh 22 ago 1 reply      
I've been waiting for light to be shed on this incident for a long time, as I have known for years and with zero doubt that invented email addresses used only for Dropbox must have been stolen from Dropbox. I have said so, publicly, too, but I never heard Dropbox admit to a serious incident like this.
SEC awards $22M to Monsanto whistleblower reuters.com
275 points by rch  1 ago   109 comments top 10
josho 1 ago 6 replies      
A corporate whistleblower gets a payday (a good thing). While whistleblowers like Snowden that reveal illegal government programs risk the death penalty if they ever sit foot in US soil again.

This is progress, but we've got farther to go.

MereKatMoves 1 ago 2 replies      
"The SEC had said that Monsanto lacked sufficient internal controls to account for millions of dollars in rebates that it offered to retailers and distributors. It ultimately booked a sizeable amount of revenue, but then failed to recognize the costs of the rebate programs on its books."

This is what happens when you take glyphosate and multiply the cost/production price by well over 50x and package it as some miracle product. If your marketing strategy is to mislead every single purchaser then it is no surprise that you lose sight of how many strands of bullshit marketing you are running.

Roundup is a great example of one of those products that are cash cows for companies that market themselves as "the best solution"

Every.Single.One of the roundup products is glyphosate, and that stuff will kill anything and is very very cheap.

Dear readers be aware - glyphosate is a chemical that is present in all weedkillers (except the really shitty ones) so buying the brand name is a total waste of your money, and the amazing people at Roundup HQ know it. Buy the no-name, unbranded stuff.

I can understand Coca Cola etc selling sugar water for huge margins, but I pull my hair out when it comes to something like glyphosate. That's how I get my roots under control.

randyrand 1 ago 4 replies      
I have nothing against Monsanto and think they are a great company, but I'm glad to hear this. Whistleblower programs are important.
kiba 1 ago 6 replies      
So the shareholders in that company got screwed, along with the whistle-blower getting part of that settlement?

Doesn't that create bad incentive for whistleblowers not to do anything until it's too late?

pjc50 18 ago 0 replies      
Don't worry, I'm sure a company that misstates its earnings will be completely honest about any possible negative side effects of GMO organisms.
arca_vorago 12 ago 0 replies      
I worked in bigag for a while, quit on principle when I understood what Monsanto really was. They are super shady, and honestly they are very damage-control aggressive, so I'm surprised this actually happened, but it's a start. Now can we get SCOTUS to force Thomas to recuse himself from Monsanto cases? Can we also get the FDA to purge it's ranks of Monsanto formers that are subverting the FDA's mandate? How about we use some anti-trust laws to take care of the backdoor deals between them and Dupont?

Don't beleive for one second any of the people claiming Monsanto is a force for good in the world.

ccvannorman 14 ago 0 replies      
>A former Monsanto Co (MON.N) executive who tipped the U.S. Securities and Exchange Commission to accounting improprieties involving the company's top-selling Roundup product has been awarded more than $22 million from the agency's whistleblower program, the executive's lawyer said on Tuesday.

Yes, please -- Let this be the default way it works at the high executive levels of big corporations. The corp should be terrified of committing fraud because they should know that a whistleblower has every incentive to rat them out and walk away a millionaire.

tempodox 19 ago 1 reply      
... as opposed to Obama, who just wants to put them in jail.
curiousgal 1 ago 0 replies      
Excuse my language but holy shit!

This is more than enticing!

atjoslin 1 ago 1 reply      
Cool, he got paid and all, but keep in mind that's $22M of yours and my tax money.

EDIT: Nevermind, I did not read the article before commenting. My mistake.

Facebook recommended that a psychiatrists patients friend each other fusion.net
331 points by deep_attention  1 ago   213 comments top 36
grandalf 1 ago 8 replies      
This is one of the many dark patterns that Facebook uses. It simply does not respect any boundaries the user might wish to have in place...

Install it on your phone? Anyone you have in your phone's address book gets to see your picture under "people you may know".

Someone in your family joins Facebook and friends you? Now everyone you are friends with gets prompted about whether or not they know your family member.

Want to delete some pictures you uploaded to Facebook? It's extremely difficult and they must be deleted one by one.

Other than LinkedIn, I'd say FB is the prime innovator of UI dark patterns that exploit users' unwitting behavior for profit.

The youngest generation of internet users gets this which is why they largely do not use Facebook. Soon they will realize that IG and Whatsapp are connected, and will avoid those too.

What's interesting to me is that the recommendations are fundamentally not useful. It's easy to look someone up by searching for their name without the privacy-invading helpful suggestions.

huehehue 1 ago 4 replies      
So, I deactivated my account maybe 6 months ago, and uninstalled the app long ago. Since then, I moved halfway across the country and, using a brand new laptop, a fake name and number, and a throwaway email address, created another profile so I could use their API.

People You May Know still had old high school friends, my old real estate broker (??), and someone I starred on GitHub. I have absolutely no idea how they connected that account to my old one, considering Google Mail is the only other service I've used on that laptop.

thr0waway1239 1 ago 5 replies      
TLDR#1: The investigation still didn't reveal exactly how this happened.

TLDR#2: The recommendation to "prevent" these issues on the individuals side is, "Lisas medical community has started recommending that patients concerned about privacy not log into Facebook or other social media accounts at medical offices, or even leave their phones in their cars during appointments. "

This is about as practical as recommending people just figure out how to fly and occasionally levitate into the upper atmosphere to go out of the cell tower's range, move a few kilometers west, and then fly back down to earth to scramble all these tracking algorithms.

kendallpark 14 ago 1 reply      
I uninstalled the Facebook app from my phone when it kept trying to push Messenger on me. I only use the webclient these days.

This bolsters my resolve to keep that app off my phone. You know, it doesn't bother me too much to have companies like Google analyzing my email to send targeted ads because I assume that information is not going to get out to the public. Facebook is a different case because there's a bidirectional flow of private information. It is a HUGE privacy concern (especially as someone that will be a physician in a few years).

dunkelheit 1 ago 4 replies      
The phonebook hypothesis seems most plausible to me (especially considering that WhatsApp is owned by facebook). All those apps gaining access to a phonebook is a privacy disaster.
wtbob 1 ago 2 replies      
Note that everyone's favourite privacy-respecting app (mine too!), Signal, also does contacts-sharing, although it doesn't do friends discovery (so the server knows one's contacts, but one's contacts don't). If Open Whisper Systems wanted to be evil, though, they could do this form of analysis.

Back in March I laid out how they could use a private set intersection protocol to enable any pair of users to privately share their contacts: https://news.ycombinator.com/item?id=11289223 (I'm not posting this to shame them or something: March wasn't that long ago for developing a feature like this, and of course it's open source; I could develop it myself and submit it to them).

I think it's something they care about; they've just not found a solution they're comfortable with yet.

tacostakohashi 1 ago 2 replies      
Amazed that this 'feature' hasn't been killed yet. At this stage of Facebook's maturity, everybody finished adding their real friends about five years ago, and suggesting non-friends with tenuous connections to the user serves only to remind everyone what a privacy disaster Facebook is and generate bad press.
throwanem 1 ago 3 replies      
"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

Granted, that's Schmidt, rather than Zuckerberg. The attitude seems to be the same, though.

0xmohit 1 ago 0 replies      
WhatsApp (now) shares data with Facebook. Now imagine if Facebook, Google, LinkedIn were also to share data with each other.

Imagine the possibilities [0]. What a wonderful world!

[0] If this were to come true, then the word "possibilities" would be replaced by "synergies" :)

tptacek 1 ago 0 replies      
This is a real problem. My sister is a legal clinic domestic violence attorney, and apparently there are concerns about DV clients unwittingly friending their legal clinic advisors, not realizing that by doing so they're outing themselves to their abusive partners.
woliveirajr 1 ago 1 reply      
> Facebook and the other companies in the Facebook family also may use information from us to improve your experiences within their services such as making product suggestions (for example, of friends or connections, or of interesting content) and showing relevant offers and ads.[whatsaap privacy policy]

Many possibilities here:

1 - whatsapp connection with messages exchanged

2 - contact list loaded by whatsapp

3 - psychiatrist secretary number in whatsapp

4 - friends in common

5 - places in common

webosdude 1 ago 1 reply      
I think it's also quite likely that the psychiatrist's patients are searching for her profile just to checkout how's her personal life on FB which might give FB some clue as these people might know each other hence a friend suggestion. I do that sometimes to see some of my not-so-close friends.
WhitneyLand 1 ago 1 reply      
There should be a way to turn off "Peole you may know". I actually hate this feature.
maxxxxx 1 ago 0 replies      
That's why I am getting more and more reluctant to share anything. It's starting to be impossible to predict how your data will be used and what is private and what isn't.
jordigh 14 ago 0 replies      
> Its a massive privacy fail,

I can't believe "fail" has become the standard noun instead of failure. It started as a lolcatism and now is standard.

zxcvgm 1 ago 0 replies      
Actually wayyy before WhatsApp announced [0] that they were going to share data with Facebook, Facebook had already started suggesting me to add friends. These are people whom I have no mutual friends with, but after more suggestions popped up, I realized they were all people I added to my address book and contacted before on WhatsApp.

I definitely did not consent to sharing my address book contacts with Facebook, and frankly nor would I want to. Now WhatsApp is offering an "opt-out" option, but I'm not sure how that will help. Isn't it a little too late for that now?

[0]: https://blog.whatsapp.com/10000627/Looking-ahead-for-WhatsAp...

kej 1 ago 1 reply      
I wonder if there is an open WiFi access point in the vicinity. I noticed that I had several coworkers suggested as friends shortly after I connected my phone to the office WiFi.

It makes sense that people using the same access point or connecting to Facebook from the same external IP would likely know each other.

adw7677 9 ago 0 replies      
I know for a fact that Facebook uses my phone contacts to suggest friends. When I started at a new job and was exchanging numbers with coworkers, they would appear as a suggested friend within 24 hours.

My doctor also showed up as a suggestion. I figured either the office phone number was linked to his FB page, or FB was scanning my calendar events and linked me to him that way.

anonu 10 ago 0 replies      
"Unfortunately, due to health privacy reasons, Lisa was not able to put me in touch with her patients directly"

You mean: "Fortunately..."

dcw303 1 ago 0 replies      
The funny thing is that this would be very easy for Facebook to fix - just a line of text under each friend request explaining the suggestion:

 * "You're both friends of Duffman McPartyDude" * "We found Psycho Ex Boss's phone number in your contacts" * "Location Services confirms you were both frequenting a dubious drinking establishment at 4am three Saturdays ago"
Would they do it though? Of course not. It would scare the hell out of their users if they knew how this algo actually worked.

tapatio 1 ago 0 replies      
And that's one of the reasons I stopped using Facebook. Fuck'em.
watmough 1 ago 3 replies      
"People You May Know is based on a variety of factors, including mutual friends, work and education information, networks youre part of, contacts youve imported and many other factors, said the spokesperson by email. Without additional information from the people involved, were not able to explain why one person was recommended as a friend to another."

Facebook is full of shit. Of course they are using locations, why else would I get suggestion to friend the guy that cuts my Mother in Law's yard - he stops by for a check from my wife.

justinlardinois 1 ago 0 replies      
I regularly have people show up on my "People You May Know" that have no mutual friends with me, and I don't know them so they certainly don't have my email address or phone number. Oftentimes it's people who went to the same university as me, so I wonder if they base it on friends of friends of friends and other less direct connections.
blackflame7000 1 ago 0 replies      
Facebook is probably using geo-location to determine if two people are in the same vicinity for extended periods of time over time.
gjolund 1 ago 0 replies      
This happened to me after attending NA.

I got friend recommendations from FB for other members of the support group.

malz 1 ago 0 replies      
Ironically, before it lets me read this story the site pops up a "LIKE US ON FACEBOOK!" prompt. I'm pretty sure once I do that all you fellow article-readers will be my next friends.
iamben 1 ago 2 replies      
I assume the connector is the doctor - why doesn't she have a work phone with the patient's numbers that she doesn't use Facebook on? Then the chance of patients being connected to one another is dramatically lower.
econnors 1 ago 0 replies      
After three accidental ad-clicks and a scrolling ad on mobile, I gave up on reading the article.
wslh 14 ago 0 replies      
Hopefully it was no Tinder.
S_Daedalus 1 ago 1 reply      
But I'm still a paranoid lunatic because I don't want to smear my picture all over the web and give my every scrap of data away for the dubious benefits of Facebook or Twitter...
ensignavenger 1 ago 1 reply      
She lives in a small town, she specializes in treating a small subset of that population. It is quite possible the patients were recommended as friends as coincidence, not having anything to do with her.
EGreg 1 ago 0 replies      

"When Lisa looked at her Facebook profile, she was surprised to see that she had, at some point, given Facebook her cell phone number. Its a number that her patients could also have in their phones."

cbsmith 1 ago 0 replies      
LinkedIn has had similar issues. Not news.
amaks 1 ago 0 replies      
Sounds like a solid ground for a class action suite.
untilHellbanned 1 ago 3 replies      
> Without additional information from the people involved, were not able to explain why one person was recommended as a friend to another.

Such a terrible excuse. FB you only have one job! Fail.

phn 1 ago 1 reply      
Talk about blowing something simple out of proportion.

All these people have one friend in common with this person, maybe they know each other as well? Being a psychiatrist or whatever has nothing to do with it.

EDIT: I stand corrected. Not so simple regarding where they get the "potential friendship" data from. Diagonal reading mistake on my part.

How a Japanese cucumber farmer is using deep learning and TensorFlow cloud.google.com
277 points by karmel  10 ago   106 comments top 17
Animats 5 ago 3 replies      
Cucumber grading has been automated for years. Look on YouTube for automated cucumber grading systems.[1][2] There are many competing vendors. The commercial machines process their video locally and don't need "the cloud". They're also much faster.

Fruit and vegetable sorting using computer vision is routine. That's why commercial produce is so consistent - it's been pre-sorted. The existing technologies are so fast that it's routine to inspect and sort peas, and possible to sort grains of rice.

Most of the cost and complexity in the commercial machines is in the material handling. There are conveyors and devices to get the individual items lined up.Cleaning and washing stations are usually part of the line. Commercial machines have to be built sturdily so they survive continuous use, and have to be cleanable with high-pressure soapy water. The little unit that does machine vision is a minor part of the processing line.

AI techniques are routinely used. Support vector machines are popular. One Indian system uses fuzzy logic. ANNs have been tried but are not yet popular.

The systems generally measure user-defined features - length, width, curvature, color, flaws - which then go into a simple grading algorithm. They're not trying to match human decisions.

[1] https://www.youtube.com/watch?v=5DCpOx-q_yo[2] http://www.aweta.nl/en/produce/cucumber.html

ktamura 8 ago 15 replies      
While it's a cool concept and agriculture is ripe for technology disruption, the enterprise software product marketer in me finds it to be a calculated marketing stunt, if not an disingenuous one.

TensorFlow is, in no way shape or form, ready to be used by anyone but very technical people with a solid knowledge of both software engineering and machine learning. In fact, it's probably unfair to single out TensorFlow because every deep learning toolkit I have seen is still in the same "extremely early adopter" phase. Yet, this article makes it seem like a line of business user (farmer) with some background in technology (former embedded systems engineer) can use deep learning to transform his/her business -when, in reality, much expert help is needed to make it work. In other words, it would have been a lot more plausible/genuine if the article read like:

1. A progressive farmer got in touch with Google.

2. Google dispatched their solutions architect to work with them.

3. Hey, a cool, early prototype is working!

I am not trying to be a hater. Deep learning has huge potential, and Google, among others, is doing a lot to make it accessible. That said, this type of over-promising ahead of market reality is what gives cutting edge technology a bad name.

contingencies 36 ago 0 replies      
If anyone is interested to work in the food tech / image processing area, we are an early stage startup[0] building small scale automated food preparation robotics and have an image-processing focused industry-experienced Mechatronics PhD as an advisor. We are based in the most natural / pleasant part of China, Yunnan.

[0] http://8-food.com/

dangerlibrary 9 ago 2 replies      
tl;dr: With a training dataset of over 7000 images, the system is incapable of performing the cucumber sorting task on live data with greater than 70% accuracy - likely do to over fitting on the "small" training set (where it shows 95% accuracy). Also, it is currently incapable of taking into account a number of the existing variables used for sorting.

If one were to leverage the power of a supercomputer trained with tens of thousands more observations - all meticulously hand categorized - it would probably get better.

Truly, we are only limited by our imaginations.

blazespin 23 ago 0 replies      
What I like best about this is he uploaded his dataset: https://github.com/workpiles/CUCUMBER-9
mamon 8 ago 2 replies      
Am I the only one that thinks this is grossly overengineered solution? Wouldn't the simple machine with differently shaped and sized holes do equaly good or better? Existing industrial machines are usually pretty good at mechanical sorting (think of things like shelled sunflower seeds, etc.).
dividuum 6 ago 1 reply      
As someone who is using the Raspberry Pi professionally, I'm nervous when I see that rainbow square in the top right corner in both their screen snapshot and the video (0:16 in). It's a sign that the Pi doesn't get enough power which might results in an unstable operation or even SD card corruption. I hope there's still a human backup sorter should the system fail :-)
clickok 6 ago 1 reply      
At first the headline made me skeptical because I expected it to be one of those clickbait articles where someone deploys excessive firepower solving a trivial problem.However! It turns out that cucumber sorting is well-suited to deep learning: a) there is enough interest to generate a reasonably-sized data set, and b) It is one of those difficult "I'll know it when I see it" classification/evaluation problems.

However, as soon as they described the actual solution I felt somewhat let down.

1. Reducing the input to 80x80 images is likely unnecessary; it removes some of the most important features (number of thorns, blemishes) from contention.If the issue is computational cost (and therefore training time) you might consider using cloud GPUs.However, a network with multiple "towers" (like Google's Inception model) could conceivably allow for evaluating the sorts of aspects that require higher resolution relatively cheaply (one-or-two convolutional layers with pooling and then a fully connected layer) along one pathway, while a different tower (with more layers or more units per layer) processes the resized images.

2. If the network used was just a modification of the MNIST one, then it seems like it ignores the ordinal nature of the problem. If cucumber quality can be ordered, why not use a regression model instead (or maybe regression along multiple criteria, like straightness, bumpiness, thickness, etc.) instead of treating each class as if they were completely separate?

3. Why not release the dataset? I have GPUs, the necessary background, and a few hours to try out some models. I also have a heretofore unrecognized yen to use my models to generate images of the ideal Japanese cucumber, so I'd be willing to do it for free.

zerop 2 ago 0 replies      
Similar one.. This AI bot from Spanish start-up removes plastic from garbage... http://www.sadako.es/?page_id=33&lang=en
TYPE_FASTER 1 ago 0 replies      
Produce sorting machines are fascinating.


eva1984 8 ago 3 replies      
While it is very cool...I cannot help thinking how many sorters are going to lose their jobs because of this. Scary.
coldtea 7 ago 0 replies      
>How a Japanese cucumber farmer is using deep learning and TensorFlow

Let me guess: shallowly and for marketing purposes...

quikoa 8 ago 0 replies      
Any chance that the dataset could be released? It could be interesting to take a look at.
omarforgotpwd 5 ago 0 replies      
What an eye opening blog post. I never thought about a production line / manufacturing as a software process.
ars 3 ago 0 replies      
Completely off topic, but why is having lots a prickles a positive thing in a cucumber?

Would that just meant they have to be cut off before you can eat it?

benten10 8 ago 3 replies      
"...First they came for the Cucumbers, and I did not speak out

Because I was not a Cucumber ..."

-Song of those Tensorflow'd out of their jobs.

[Edit: Changed Cucumber sorters to cucumbers to clarify the sarcasm]

kafkaesq 7 ago 1 reply      
TensorFlow democratizes the power of deep learning

I won't say this kind of innovation is bad, per se, or should be stopped. But the blitheness with which the article sidesteps the collateral damage that will necessarily come of this brave new era of efficiency and progress -- as if there was nothing more to this story than an unemployed engineer helping out Mom and Pop -- really is quite breathtaking.

"Democratized unemployment, and for many older blue-collar workers in years to come, a nearly inescapable sense of hopelessness and despair" is what we might want to call it.

Talk of a Split from Docker thenewstack.io
320 points by iamthemuffinman  1 ago   201 comments top 27
csears 1 ago 7 replies      
I doubt they would ever consider it, but I think Docker Inc's best move would be to push reset for Docker 2.0:

- Fully embrace Kubernetes for orchestration

- Drop Swarm

- Roll Docker Engine back to its pre-1.12 scope

- Get on board with standardizing the image format, now

- Stop fighting Google and instead let them help you succeed

A Docker distro of Kubernetes would do very well in enterprise on-prem or private cloud environments. They already have a great developer experience. Companies will pay for support on both.

Continuing to oppose Kubernetes risks damaging the significant brand equity they've accrued as containers in production become mainstream.

brudgers 1 ago 7 replies      
I'm not saying those looking to fork Docker are wrong. I don't think that they are. But I think Docker's approach to Swarm is more useful than the roadmap that those organizations considering a fork wish to pursue.

Kubernetes, Mesos, etc. appear to be great orchestration tools for an organization with a few [or many] engineers dedicated to operations. Their not so great for a small team [or individuals] who are just trying to deploy some software.

As I see it, Swarm seeks to solve orchestration analogously to the way Docker seeks to solve containers. Before Docker, LXC was around and the Google's of the world had the engineer-years on staff to make containers work. Docker came along and improved deployment for the ordinary CRUD on Rails developer who just wants to go home at night without worrying about the pager going off.

To put it another way, it looks to me like the intent of Swarm is to provide container orchestration for people who don't run a data center. Like Docker, it is an improvement for those scaling up toward clusters not down from the cloud.

None of which is to say that moving fast with Swarm isn't a business strategy at Docker. There's a whole lotta' hole in the container market and part of that is because the other organizations currently supporting development of container orchestration tools has business interests at a much larger scale...Google doesn't see a business case for pushing Kubernetes toward the Gmail end of the ease of use spectrum.

The desire to fork is based on the needs of the cathedral not those in the bazaar.

valarauca1 1 ago 1 reply      
Makes sense.

Since the late 90's early 00's when Linux won the data center. Most people became really enjoyed the we don't break user land motto.

Once a kernel interface went live, it stayed that way. Ugly spots and all. Containers are starting to become a fairly important part of IT/Cloud infrastructure. Easily compariable to the OS itself. Logically those involved with maintainence would demand the same.

Yes I'm aware Docker is more a control program for interacting with Cgroups, setting quotas, installing packages, and isolating processes. Not the OS itself. It is an abstraction over the OS, hence for most developers it feels like part of the OS. So logically they'd demand it be as robust as the OS.

raesene6 1 ago 4 replies      
I'm not really sure why the proponents of this split don't just put their efforts into improving one of the alternatives which are already available (e.g. rkt). A split would seem to be a bad outcome allround (confusion in the market, divided resources, duplicated features), whereas competing products might bring out the best in each other.

Also it does seem a little odd to me to see people suggesting that Docker needs to be more stable and "boring" (from this article https://medium.com/@bob_48171/an-ode-to-boring-creating-open... referenced in the main link) to fit in with other projects in this space like Kubernetes, when it seems that most/all of these projects including Kubernetes are moving as fast as each other...

CSDude 1 ago 1 reply      
Docker's mistake is bundling swarm and throwing away regular docker-compose with services. The bigger mistake was presenting them as they worked perfectly, just because in the sake of a badly timed DockerCon (seriously why the hell do we need 6-month spaced dockercons) they released something that was not complete and fundementally different from previous way of running containers. I feel their urge to monetize but events like this really leaves bad memories. By the way, does anyone remember the service command that was introduced in ~1.8 or 1.9 and just vanished? It was a similar mess.
jondubois 1 ago 2 replies      
That sounds like a bad idea to me. I do agree that Docker rushed things a bit with Swarm (on the orchestration front) but I think that they're doing an excellent job with the containers themselves.

I don't think a fork will help - I think a fork would make sense if there were concerns about Docker's level of 'openness' but I think that's not the problem here.

Forking/duplicating a technology whose main premise is being "a single consistent environment for running apps" sounds like a contradiction to me.

Philipp__ 1 ago 0 replies      
Every time I think of Docker recently, the image of huge container ship accident shows up in my head. This thing needs to be standardized, and things are not going that way at the moment.
kharms 1 ago 1 reply      
This seems rather manufactured. In the span of days, we've seen article after article coming out and condemning docker, advising kubernetes, and now this fork. Who benefits?
kozikow 1 ago 0 replies      
Imagine there would be "docker engine for running in production" outside of control of docker inc, with backing from the rest of orchestration industry. It may be considered as a tool for compelling docker inc. to play more nicely, rather than the total fork.

- Developers interested only in the docker engine would consider using it for higher reliability, less breaking and rushed changes or force-bundling of things they don't want.

- If enough developers are using it, docker inc. would be compelled to maintain compatibility to avoid "mainstream" docker ending up as the tool only for dev/CI.

awinder 1 ago 3 replies      
Beyond API flux, one thing docker could really focus on to alleviate a lot of pain would be to have some more stable / sane version management. If you need to break the API to bring in new features so be it, but maybe a former API client should be able to still interface with newer versions through backwards API support. When docker was new there was maybe a case to be made for stricter version matching, but it's just a sign of immaturity at this point that new versions of dockers upset the rest of the ecosystem so greatly.
ThePhysicist 1 ago 1 reply      
While Docker is probably not the last word in containerization technology (which is a good thing), the idea behind it is quite powerful: Small, lightweight, self-contained objects that perform a given function and that we can plug together in many ways. I think the impact of having something like this will not be limited to traditional DevOps but will permeate many other areas as well, like data analysis and the delivery of end-user applications.
Mizza 1 ago 1 reply      
I feel bad for shykes. This can't have been a very fun release. He tries really hard, and I get the feeling he takes a lot of the feedback to heart.
syshum 1 ago 1 reply      
Didnt this happen like 2 years ago when CoreOS created the Rocket Project?


Halienja 1 ago 2 replies      
I hope rkt, runc and similar get donated to the CNC Foundation and get a direction there
madmax96 1 ago 0 replies      
> The Docker orchestration capabilities are opt-in; they must be activated by the user. Though not opting in may lead to backward compatibility issues down the road.

Whoa, citation needed! Not activating swarm features has the same probability of causing problems as relying on fork() to create a process. Maybe not, but I don't see Docker suddenly forcing everyone into using swarm. It seems unreasonable to even suggest this, and a bit of a scare tactic.

bootload 1 ago 1 reply      
"Whats happening right now, if we are not careful, will fragment the container ecosystem, and it make it impossible for single containers to target multiple runtimes,"

UNIX had this problem and look how long it took before things settled. Linux was the result. Maybe this is a good thing?

joostdevries 1 ago 1 reply      
Sounds like the Docker container format should be split of into an independent foundation. Because everybody wants to use it but there's no money to be made of it.Then companies can compete on how to run Docker in production.
leetrout 1 ago 0 replies      
Support for legacy OSes in newer releases would be wonderful but I don't know how hard that is... There's a lot of talk about how the older kernel makes it really difficult.

If you're using CentOS 6 you're stuck with Docker 1.7. There are a lot of enterprise companies out there (I'm looking at you big banking) that aren't ready to move to CentOS / RHEL 7 and trying to get stable usage out of Docker 1.7 doesn't "Just Work" in my experience.

Anyone here use rkt with CentOS 6??

falcolas 1 ago 0 replies      
I'm not developing anything against Docker except for automation tooling, and I would kill for a stable Docker Engine; stable disk drivers, stable CLI arguments, stable configuration file formats, a stable daemon, and so on.

That said, it's a hard problem, and I certainly don't have the time to work on it myself; nor can my employer spare me to work on them either.

geggam 1 ago 0 replies      
I am sort of curious.

1. Who is running docker in production.

2. If you are running docker in production what sort of money are you making with it ?

hosh 1 ago 1 reply      
I think a lot of these issues were already nascent when CoreOS decided to fork Docker. People are asking for 'boring container infrastructure' -- and it's called rkt. I remember the bruhaha at the time, with the Docker folks pissed at the CoreOS folks for doing so. That was Dec 2014. It looks like the way Docker handled the 1.12 release is shifting the sentiment.

For example: I ended up writing this to ask the Docker team for more transparency on this issue: https://forums.docker.com/t/file-access-in-mounted-volumes-e...

And they responded with an awesome reply addressing it: https://forums.docker.com/t/file-access-in-mounted-volumes-e... and it went a long way towards helping the community understand the issue what to do about helping.

However, there are also threads like these that asks for the same issue:


They kinda left the community in a limbo here, and quietly added a line in the documentation saying it won't happen. But without the transparency, we don't really know what's going on here.

Back then with the rkt split, the Docker design was to gear towards users so that there is as little friction as possible. It worked all right when it was just Docker Engine on Linux. Over time, due to differences in distros, you can see the container abstraction leaking here and there. Generally manageable.

In the 18 months since, it's becoming clearer that Docker is drunk on their story. Seems like more and more of the leaks from the abstraction are getting swept under the rug while they are trying to make a land grab for the orchestration. Yet Docker is doing it in a way that is sacrificing the goodwill from the community. It first starts with the third-party vendor relationships, but as you can see from these forum posts, it is starting to leak into the relationship with end-users as well -- the developers.

There's still time to turn the (ahem) ship around. But a big part of what is driving Kubernetes success isn't that their abstractions are brilliant, but rather, that project is very transparent and communicative of what they are doing and what they are intending with the community. I get Docker is trying to do that with Docker Swarm, yet I think they missed a critical part of why and how Kubernetes gained so much traction so quickly.

twblalock 1 ago 0 replies      
Maybe Docker should do what Ubuntu does: periodic LTS releases with a guaranteed support timeframe. They can experiment with the newer releases, and the LTS releases will be there for people who need stability and don't need bleeding-edge, unproven features.
dmourati 1 ago 0 replies      
This sounds like a bluff to me. "Oh, you want fast moving changes, mobility up the stack, and centralized control? We want none of those things. Either you soften your stance and start listening or we'll fork."
jaboutboul 1 ago 0 replies      
I think this is all a push by Docker's management to get the company acquired
coding123 1 ago 2 replies      
The real reason everyone is upset is that I can now say.. goodbye kub, goodbye mesos, goodbye coreos, your are all complicated. I'm thrilled about docker 1.12 and swarm mode.
Annatar 1 ago 0 replies      
So instead of going to working, stable alternatives to Docker like SmartOS, people still cling on to it and try everything and anything to save it!

I'll be damned if I understand why someone would continue to cling on to broken software[1] when there is a working alternative. Can someone explain this irrationality in terms which I can understand?

[1] https://news.ycombinator.com/item?id=12377457

Google's login page accepts a vulnerable GET parameter aidanwoods.com
316 points by ivank  1 ago   127 comments top 17
f- 20 ago 2 replies      
One important consideration here is that the phishing attack as described here could be pulled off even if the targeted site did not support redirects - and in general, it would be exploitable without any identifiable fault on the part of the "vulnerable" web app.

This property is an artifact of how browsers work, and it's not something that's likely to change soon. Basically, if you visit evil.com, evil.com can always load accounts.some-trusted-domain.com in a new window, give you enough time to examine the address bar and confirm that it's legit - and then sneakily navigate that window to a phishy location that looks the same as our legit login prompt, but is controlled by the attacker.

(The evil site can also detect certain events, such as navigation, and deliver the payload only at that point.)

For my whimsical demo for Chrome and Firefox (dating back to 2011!), see: http://lcamtuf.coredump.cx/switch/

(Disclaimer: I kinda wrote a book about this stuff. Also, I work for Google.)

mangeletti 1 ago 4 replies      

 1. Send email that looks like it's from AdWords, claiming the user's CC needs to be updated 2. User logs into Google after verifying URL is in fact google.com 3. Google literally sends trusting user to attack site... to enter their credit card number
How is this not a serious vulnerability?

belovedeagle 1 ago 7 replies      
Frankly, I don't see any reason why Google isn't right here. This "vulnerability" can only be exploited by appending another one, fishing. It's reasonable to say, "If AB is a vulnerability only if B is a vulnerability, then A is not a vulnerability". That you can't solve fishing [as a service owner, without also owning the browser] is unfortunate but irrelevant.
Manishearth 1 ago 1 reply      
Google seems to consider such issues about security UX being severely affected, where expectations are involved, to not be vulnerabilities.

This is one of them. "theoretically", it is not a vulnerability, since the actual integrity of the security model is not compromised. However, the UX changes. A user who checks for the green lock in https urls may not check that a "wrong password" page reached via the google login page is on a different domain because they don't expect it to be. Given the existence of google oauth login, I do agree that this isn't really a good expectation, but I suspect that many folks have it (and it's easy to add "login successful, redirecting to <site>" for non-whitelisted endpoints). It's certainly something to improve upon, even if you don't give out a bounty or w/e.

I reported a vulnerability of a similar kind months ago, which was similarly classified as not a vulnerability. When Chrome receives an invalid certificate which is invalid due to multiple reasons, it does not show all the reasons or prioritize. This means that if I have a self-signed certificate that also expired half an hour ago, chrome just tells me that it is an expired certificate. The integrity of the security model hasn't been affected here -- the warning is still shown, the user still has to manually click through. But the user may be much more likely to. Recently-expired certificates are relatively common, and seem like a reasonable thing to bypass. Of course, you should always check the cert details and cert tree before bypassing (unless you don't want to login or don't care about things being MITMd on that site), but not everyone understands the cert trees, and not everyone will do this.

Of course, it's up to them to not consider security UX fails as vulnerabilities, and UX is pretty hard to get right anyway (Google has some awesome folks working on security ux though!).

pwinnski 1 ago 2 replies      
Since Google has decided that https://www.google.com/amp/[any_domain_here] isn't a vulnerability, then I don't see how combining that with a google login is a vulnerability.

OP talks about having the continue page prompt for password, but how is that any different from creating a fake Google password prompt page now? That page would not be on https://accounts.google.com/, and it would not have my personal info displayed, so why would I enter my password? Just because the last thing I did was log into Google? Is that supposed to "put me in the mood"?

If I'm on page A, and I click a link that prompts me for my google credentials, I've either expected that, so I check to make sure it's Google, or I haven't, so I close that tab. If I enter my username and password, or just my password, and then end up at page B, and it prompts me for my password again, it certainly doesn't know my username like the real Google password prompt page did. It looks different, and raises all sorts of flags.

Alternatively, if I'm on page A, and I click on a link that sends me to page B directly, where I'm prompted to enter my username and password, I don't. Why would I? It's not google.com, etc.

There's just no way that this seems like any more of a vulnerability than the open redirector already is.

cstrat 1 ago 1 reply      
The simple fix would be for google to show their own page after successfully logging in. On this page they would tell the user they are about to be forwarded to another page external to google.
flashman 1 ago 0 replies      
Signing in on this page will download PuTTY, for example: https://accounts.google.com/ServiceLogin?service=mail&contin...
libber 1 ago 2 replies      
A non-vulnerability like this is a good example of how easy it is to get press for $important_company + security.

Top of hackernews at the moment and fingers crossed there wont be a wave of articles about this in the coming days from tech press who don't fully understand the issue but know clicks when they see them.

PuffinBlue 1 ago 3 replies      
I can appreciate their stance on phishing but being able to automatically execute an arbitrary file download that appears to come from Google as part of the login process strikes me as a bad thing, no?
grrowl 23 ago 0 replies      
It feels like you should phish one of the Google Security Team to really get the point home.
TomAnthony 19 ago 1 reply      
This has been this way for several years now.

I have notes on a Google attack I discovered ~2 years ago that includes an open redirect as a critical part. It allows running arbitrary JS on authenticated users on the click of a link.

However, there is one small part of the attack (one character!) which prevents it working so I've never reported it. Interesting that there is such a debate here, as I thought open redirects were generally accepted as out of scope for most bug bounties.

amq 20 ago 0 replies      
If any URL can be passed, and this is not a vulnerability, why validate the argument at all for google.com.*?
milankragujevic 20 ago 0 replies      
Couldn't they just sign the URL with a hash and call it a day? For example, have a parameter continue be "something" and hash be sha256("something"+someRandomStringThatOnlyGoogleKnows)... And on the server check if sha256(continue+random) == hash.
gyey 1 ago 0 replies      
I have noticed that a redirect to any site on sites.google.com also works seamlessly on mobile. The amp pages are not working for me and I get an error page, but as someone mentioned they probably don't work on mobile and only on desktop.
tamana 1 ago 0 replies      
The boilerplate FOAD email they send when they decide to end the conversation is dripping with smart.

Exclamation points! Bummer!

cyberferret 1 ago 1 reply      
That is quite an incredible security flaw. I also appreciate the irony of using a Google service to exploit Google's login itself.

It's akin to that scene in "Terminator 2" when the T-800 walks into a gun shop, asks to see all the top shelf guns, then loads up and shoots the shop owner before walking out...

sigjuice 1 ago 1 reply      
I guess this should not matter to someone like me who never logs on to google in a web browser? I just use gmail via IMAP.
California bans ITT tech from accepting new students latimes.com
293 points by emeraldd  2 ago   310 comments top 32
crazy1van 2 ago 5 replies      
I agree with a lot of the complaints I've heard about ITT. They seem to broadly fall into three camps:

1) They are expensive and rely on their students getting gov't loans,

2) They don't adequately prepare students for the work place, and

3) The teachers aren't very good.

I think those are all great reasons to not go to ITT. But, I think those reasons could also apply to a whole lot of other schools, profit, non-profit, private, and public.

Certainly, I think #1 applies to a whole lot of schools and student #2 applies to any school that has majors with poor job prospects. And I think nearly every college student has experienced #3 with at least some of their professors -- sometimes because they dont know the material well and other times because they are completely uninterested in the teaching aspect of their job.

bane 1 ago 3 replies      
One of the things that's very interesting to me is how information asymmetry helps drive people to these kinds of companies. I don't know everybody's story, but when I was just out of high school, there was no chance (I believed at the time) that I'd be able to go to a traditional school. I had bad grades, my family was poor and nobody in my family had gone to university except for my father, who had quickly abandoned his post-University career for more blue collar work.

Wanting to try to make over minimum wage, I went to an ITT-like trade school to talk with an "admissions counselor" seeing if they would accept me (of course they would, for a price). I took a fairly simple "placement exam" (which of course I passed). I told the counselor I didn't have any money (no problem!) I was then shown a variety of ultra high-interest loan options which would guarantee I could get through the "program" (just sign here!). I remember getting odd, cagey, answers about the accreditation of the trade school, and couldn't imagine how I'd pay back a loan that large if I took it on.

I had the presence of mind to "let me think about it" instead of giving in to the hard pressure sale the guidance counselor was offering, went on to work my crappy jobs for a couple more years before accidentally running into an old friend who grew up in a similar situation as me and ended up going the community college route.

It was "real" college (for some value of "real" and "college"), was a tiny fraction of the cost of the trade school, and graduation guaranteed placement in a state school of my choice. That sounded too good to be true, at least the trade school had some kind of real cost associated with it. But I went and checked it out, it was all true. A.S.->B.S.->M.S. and now I have a career, no student debt and choice of great high-paying jobs.

Later, while I was attending community college, a coworker was going to that same trade school, hemorrhaging money and then one monday came in and told a story where they had gone out of business, didn't tell anybody, and just padlocked the doors over the weekend.

Of course he still owed all the money for his loans.

headmelted 1 ago 6 replies      
Reading the comments here has been really eye opening to me.

I always knew that tuition was orders-of-magnitude more expensive across the Atlantic but now it's a bit clearer why.

Here (Northern Ireland, but it applies to the UK as a whole), students don't start to repay their loans until their earnings are over a certain threshold, then repayments are proportional to how much they earn over that level. If their annual earnings ever fall below it again, payments stop until they're back on their feet.

I can't remember exactly what my interest rate was but I know it was fixed BELOW the central bank rate at the time.

Standard financial advice here is to max the loan out even if you weren't in need of it and just put it in a savings account for the interest (probably not worth it these days).

Lastly, if the loans aren't fully repaid by retirement age, they're written off.

So yeah, you folks are really getting screwed over there.

rdtsc 2 ago 8 replies      
Are there any good ITT / University of Phoenix type schools? They all seem like scams.

I don't count community colleges here, I know those can be very good. My wife went to one, got great education, was able to pay it by just budgeting money every month out of her part time work. Then switched to a 4 years univeristy, transfered credits and graduated with honors after 2 more years (with minimal loans).

Would it be hard for any of these for-profit school to also do a good job?

jorts 2 ago 2 replies      
At my last company we had a slew of ITT graduates apply for a role one time. I talked to probably 10 or so of them. They seemed to have received little to no educational value from their time at ITT. I assume they were all promised great jobs, but all of them were not remotely qualified to get even a basic entry level technical role. I felt terrible for them paying money for the "education" that they received.
electic 2 ago 9 replies      
What about coding bootcamps? Aren't they worse? They try to make you a "coder" in a couple of months and promise people jobs if they finish the course. It sounds eerily the same thing as ITT...
imh 2 ago 1 reply      
I think this is a fantastic step in the right direction, but what is the legal justification here? ITT is in no way alone in being evil and predatory, so I'm surprised I keep hearing about crackdowns for them but not for anyone else. I'd love to see some new rules to keep all of these predatory places from operating instead of what kinda seems like a picking out a scapegoat. (Or is all this recent news more general and everyone just mentions ITT?)
gdwatson 2 ago 7 replies      
Does anyone have references to more specific accusations against ITT? There are lots of vague claims in the article, but the only semi-specific ones -- misleading students about program quality and pushing them into irresponsible loans -- could just as easily be laid at the feet of public and private nonprofit colleges.

I have no particular reason to trust or distrust ITT. But it strikes me as a trade school that presents itself as a college, and that seems like one viable approach to our credentialism issues, so I want to know if it's being attacked for legitimate or political reasons.

ghshephard 2 ago 2 replies      
"Last year, it enrolled 45,000 students and reported $850 million in revenue". That's about $19k/year/student. Just to put that in perspective, a 10 day Cisco Network Engineering course from Unitek in the Bay area (last time I took one, great school, at least in network engineering) costs $8,200. The issue isn't the cost, honestly, $19k/year isn't that expensive, the issue is whether they are delivering value for money.
joshmn 1 ago 1 reply      
Are they preying on desperate students, or people who are considered "unfavorable" to learning otherwise?

I know a few people who considered ITT. They all have one thing alike: they're not the smartest or most driven of people by any means. (that's two, sorry)

I'm curious... What are their student's standardized test scores, as well as high school records? I'm sure there's a pattern there that can describe some their default rates.

rayiner 1 ago 0 replies      
Not a bad thing, but I feel like many public institutions at the bottom end of the scale aren't much better, just a little cheaper. There is a whole rung of public 4-year universities where the modal outcome is working a job that doesn't require the degree you paid a lot of money for.
WhitneyLand 2 ago 1 reply      
Btw to avoid confusion I've seen happen when a new guy shows up in the workplace: ITT != IIT

ITT = ~University of Phoenix, everyone gets in

IIT = Elite programs in a variety of sciences, almost no one gets in

nsxwolf 1 ago 3 replies      
Why can't there be such thing as a good for-profit school? We buy the highest quality smartphones from Apple and Samsung after all - I don't see a lot of non-profit phones or government phones.
ne01 1 ago 0 replies      
I don't like our current educational system and really hate for-profit schools like ITT, so I'm kind of happy to see them fail.

Unless you really add value to the learning process, it is ugly to charge someone to teach them something they can easily learn on their own and most of the time ruin their curiosity!

In the future more people will learn on their own and just take a free test to get a certificate! Oh and books will be free (or very cheap) with government subsidies.

serg_chernata 2 ago 3 replies      
Does anyone know which other national institutions something like this may affect?
tomohawk 1 ago 0 replies      
Maybe they should have done what Laureate did.


pkaye 1 ago 0 replies      
This caption pretty much captures what is wrong with ITT tech.

"Jorge Villalba, shown in 2015 in front of the ITT Technical Institute in Encinco, left the school owing about $150,000 in student loans."

How the heck does someone end up owing $150K for a basic education?

yamike 1 ago 0 replies      
I went to ITT Tech and had mixed experiences in different classes. All in all it would have been cheaper and much better for me to have attended the state university and gotten a BS rather than the two years at ITT for an associates degree.

In terms of the classes, I had some taught by really great instructors, local professionals who were great about teaching skills that companies would actually care about. I also had some totally worthless instructors. In one instance I ended up standing up in front of the class and teaching everyone - instructor included - what polymorphism is.

h4nkoslo 2 ago 2 replies      
One aspect of ITT and its ilk is that the students often only sign up so they can take out "education" loans for living expenses, with the class work as a very secondary concern.
roymurdock 2 ago 0 replies      
For those interested you can find reactions from students, teachers, trolls, and the peanut gallery here:


On the front page of the website you'll notice that Education Management Corp, University of Phoenix, Corinthian, Zenith Education, etc. are receiving an increased amount of attention.

wallace_f 2 ago 0 replies      
This is just the tip of the iceberg with problems in education, though. Let's not act like higher education in the US is exemplary.
grej 2 ago 1 reply      
ITT seems like an easy first place to go because of their shady rep, but I think the risk here is that well entrenched interests in will ultimately give bootcamps and other online training courses the same treatment if they start eating into the educational establishment's pie too much. We have to be careful of a slippery slope.
yuhong 1 ago 1 reply      
Just "ordered to engrossing and enrolling": http://leginfo.legislature.ca.gov/faces/billStatusClient.xht...
beenfired 2 ago 0 replies      
According to the ITT Tech Website they have now stopped accepting new enrollments nationwide.
twblalock 2 ago 2 replies      
I hope DeVry is next.
electriclove 2 ago 0 replies      
Bravo, now let's ban the rest of the fake schools!
WhatIsThisIm12 1 ago 1 reply      
As someone who graduated from an Ivy Leage school, and boarding school before that, all on full financial aid with zero loans, I count myself incredibly lucky. I also see the student loan system as incredibly fucked up.

The worst aspect of it to me is that the most predatory loans go to the lowest qualified students, who are the ones who get the lower paying jobs. Top universities are the only ones with loan-free, need-blind financial aid programs. Yet they're the ones with students who would be most qualified to pay any loans back. Meanwhile lower tier universities charge tuitions almost as large as the top tier ones, yet send students to $40k/yr jobs.

The students who need the money most don't get it.

SFJulie 1 ago 0 replies      
Education is a small tulip: try to compensate unfairness of life by subsidizing a flower to wed, an housing, health or education ... and here comes the bubbles fueled by the greed of a few who have had the luck of being born lucky.

In the case of tulip, it has still not be proven that wedding a girl that had an obsession for a foreign expensive flower was a good idea. And for coding neither the diploma, nor the idea of ruining yourself before either beginning to work has proven to be useful.

Overvalued diploma are a scam. Education is partly made of a financial bubble that takes its non-productive toll on economy. I hope Europa will begin to fire its teachers in public shcools and stop the privatization of education alike. I hate to fuel bubble with my taxes like a Dutch in the XVIIIth century.

known 1 ago 1 reply      
I believe many ITT students are from India.
beedogs 2 ago 0 replies      
Great. Now how will I learn TV/VCR repair?
trengrj 2 ago 1 reply      
This site is absolutely unusable without an ad blocker..
cloudjacker 2 ago 0 replies      
wow thats horrible news for all those motivated people that "were the first in their family to go to college"
Chinese CA WoSign faces revocation after possibly issuing fake certificates percya.com
263 points by tombrossman  1 ago   110 comments top 9
michaelt 1 ago 6 replies      
Traditionally it's difficult for browser vendors to revoke a root CA as they want to grandfather in old certificates, so existing sites don't have the rug pulled out from under their feet when their only crime is using a crap CA.

Partial solutions include blocking the CA's certs based on the issuance date or insisting they hand over a list of the certs they've issued - but if the CA is going down in flames anyway, they have no incentive to cooperate; they can backdate certs and destroy their own customer list.

My theory is [1] this is one of the side benefits of Certificate Transparency - CT will give browser vendors a list of certs to grandfather in if they decide to shut down a CA against its will.

[1] https://www.mjt.me.uk/posts/certificate-transparency/

jaas 1 ago 1 reply      
This is a pretty misleading title for a couple of reasons:

1) WoSign may face revocation (I doubt it but I don't know), but there is no evidence of that in this article. This is just one person not affiliated with a root program "calling for" it. People on the internet call for revocation of major CA roots all the time.

2) I don't really know what a "fake" cert is, it's a very strange choice of words. I would think a fake cert is not a real cert, and in that case issuing fake certs is fine because browsers won't trust them. It seems the problem here is that real certs were issued when they shouldn't have been. That's called "mis-issuance", not "fake certs."

koolba 1 ago 1 reply      
Too big to fail my ass. There's no such thing when it comes to security. If anything, that's more reason to cut them loose.

If a CA pulls shit like this they need to be revoked immediately and let the wrath of 1000s of businesses that are impacted by cert warnings rain down upon them. That will 1) Solve the security problem immediately and 2) Publicize what it means to get a cert from a crap CA that doesn't care about security.

Sure it will suck for the "little guy" who didn't know but, if you don't do this, he'll never know and never learn.

guelo 1 ago 3 replies      
I just went to delete these roots from my Windows system but it's not listed. It was in Firefox's list but not in Window's. Anyone know why?
0x0 1 ago 4 replies      
So what's the relation to StartCom/StartSSL? I remember reading some comments about half a year ago mentioning that the startssl website suddenly was hosted on Chinese IP addresses, just around the time they redesigned the web page. This seemed fishy enough back then that I finally switched from startssl to letsencrypt for non-wildcard certs and actually started paying a different CA for wildcart certs...

Did the StartSSL root CA change hands / was it sold to a Chinese company (Wosign?)

I seem to remember the CEO used to be vocal in various ssl and ca forums and on bugzilla earlier.... But no comments lately?

mtgx 1 ago 5 replies      
> Possible fake cert for Githubhttps://crt.sh/?id=29647048https://crt.sh/?id=29805567

> Possible fake cert for Alibaba, the largest commercial site in Chinahttps://crt.sh/?id=29884704

> Possible fake cert for Microsofthttps://crt.sh/?id=29805555

Yikes. If all of that is true, surely Google will permanently ban WoSign from Chrome? And I would hope Mozilla and Microsoft, too, but Google is usually the one to "play tough" with rogue CAs (and I hope they will strive to develop and maintain that reputation).

amluto 1 ago 0 replies      
Can't browsers at least restrict CAs like WoSign so that their roots are only accepted for .cn domains?

I realize that X.509 name constraints are utterly broken, but that doesn't mean that browsers can't manually restrict the domains that a given root is accepted for.

marcoperaza 1 ago 1 reply      
Is there an easy way for me to revoke trust from all Chinese CAs? Anyone in China is ultimately subject to being forced to do the dirty work of the Chinese Communist Party. Why are browser and OS vendors even trusting them in the first place?
Infrastructure for Deep Learning openai.com
264 points by yigitdemirag  1 ago   65 comments top 8
programnature 1 ago 5 replies      
While its useful to have this kind of info, IMHO its still far from 'infrastructure for deep learning'. What about model versioning? What about deployment environments? We need to address the whole lifecycle, not just the 'training' bit. This is a huge and underserved part of the problem bc people tend to be satisfied with having 1 model thats good enough to publish.
thr0waway1239 1 ago 4 replies      
I don't know much about deep learning. Just noticed that there are 40+ upvotes and 0 comments. I propose the HN Bikeshedding effect theory. Take the number of comments and divide it by the number of upvotes.

<0.1 = Too technical for even HN audience0.1-1.0 = At the right level for the HN audience>1 = The topic is similar to painting the bike shed.

ymt123 1 ago 0 replies      
It's great to see people talking about the infrastructure they use to manage their deep learning workloads.

One area where we've had trouble with other orchestration tools (e.g. Docker Swarm) was in managing resources at anything beyond whole boxes. They are all good at managing CPU/RAM/Disk but we've had trouble with give this task GPU2. We had planned to try Mesos (given that we already run it for other things) but it sounds like maybe we should take a harder look at Kubernetes first.

freyr 1 ago 1 reply      
> Like much of the deep learning community, we use Python 2.7

It's unfortunate that so much effort has been spent on bringing tools up to speed with Python 3, but some groups still insist on dragging their feet. I understand the motivation when we're talking about an established company with a huge legacy code base, but within the research community it's kind of embarrassing.

vonnik 1 ago 4 replies      
Tensorflow is actually pretty slow and problematic on large clusters outside the Google Cloud. Probably because that's not what it was designed for.

For Java/Scala people, Deeplearning4j has a pretty sophisticated Spark + GPUs setup:




[Disclosure: I help create DL4J, and it's supported by my startup, Skymind.]

josh_carterPDX 1 ago 1 reply      
"Top performance thus requires top-of-the-line GPUs."

Would be curious to see the data around the economics of the different options.

mitbal 23 ago 0 replies      
Very interesting article but I guess the scale is not for everyone. 1600 AWS GPU? I'll be lucky if my infra request for g2.8xlarge is approved.
cs702 1 ago 0 replies      
On a related note, I'm running a poll on deep learning frameworks: https://news.ycombinator.com/item?id=12391744
Grateful Dead Fan Timothy Tyler Has Been Granted Clemency liveforlivemusic.com
218 points by WhitneyLand  1 ago   200 comments top 20
wvrvwwwe 1 ago 5 replies      
This is only related in that it's another person incarcerated over LSD, but I've always found this individual and his story pretty fascinating:



The second link discusses Gordon Todd Skinner, who was the informant that facilitated the arrest of Pickard. I don't know how much of that information is accurate, but it's an engrossing read and it paints a horrible picture of what a government informant can get away with.

thowar2 23 ago 2 replies      
The bigger story here, Obama has granted clemency to 111 inmates. It looks like they are mostly drug related. https://www.justice.gov/opa/pr/president-obama-grants-commut...
Natsu 1 ago 4 replies      
The downside of this, sadly, is that he appears to have mental health issues. Unless he has some outside support, which may be difficult with his dad being dead and having been incarcerated since something like 1994, he would be rather likely to end up on the street, alone :(

Here's hoping there are people on the outside to help him out.

JohnTHaller 1 ago 3 replies      
Those infamous 'carrier weight' LSD laws where the weight of what the single drop of LSD is on counts as part of the drug in calculating the sentencing. And it's not even the dumbest 'war on drugs' law in our arsenal of dumb 'war on drugs' laws.
eggy 21 ago 3 replies      
It's crazy to spend that much time in jail for a nonviolent offense, and such a small amount of substance in the US.

The war on drugs is a big waste of many things. But to put it in perspective, I am currently living in SE Asia where you are informed by airline announcements and signs that drug trafficking is punishable by death in several of the countries here!

I'm from Brooklyn, but I live in Indonesia now. I'm currently in Kuala Lumpur, Malaysia. 138 Nigerians are awaiting death penalties in China, Malaysia, Indonesia and Singapore at this time.

fnj 18 ago 4 replies      
I get that the right to consume any substance one wants into one's own body is a basic human right, but outlawing LSD and cannabis are two cases of outrageous, striking dumbness and pointlessness. Neither one is addictive, and the LD50 of each is an incredible number of orders of magnitude higher than a normal dose. It is virtually impossible to harm yourself.
toodlebunions 22 ago 0 replies      
Mandatory minimums are terrible.
hasbroslasher 22 ago 4 replies      
Always amazes me that LSD is illegal while alcohol is legal, the latter causing all host of metal and physical ailments, the former causing mostly hilarious navel-gazing
sova 23 ago 0 replies      
May he feel safe and at home where-ever he stands.
GrinningFool 10 ago 0 replies      
> This story is extremely sad, but now seems to be heading towards a happy ending.

Two lives (plus unknown others that they touched on) destroyed, and 20+ years later getting set free - with no acknowledgement of anything wrong with doing that to them in the first place - that fixes everything. /s

iconjack 1 ago 6 replies      
I will never, ever vote for anyone who supported the drug war. Yes, that includes you, Hillary.
ImTalking 20 ago 0 replies      
Laws should only be there for harm, not morality.
Cozumel 1 ago 1 reply      
Link actually mentioning the clemency: http://liveforlivemusic.com/news/grateful-dead-fan-timothy-t...

How would you even start putting your life back together after been in jail so long? It's unimaginable.

dharness 1 ago 0 replies      
I'm not sure where this title came from - this article seems to indicate there has been no clemency?
SwellJoe 1 ago 1 reply      
I don't see any mention of clemency on that page. Perhaps there was a mod-edit to point to a "better" source, which doesn't actually cover the clemency?
jonathanstrange 19 ago 1 reply      
ievahanordah 15 ago 1 reply      
ievahanordah 15 ago 1 reply      
ievahanordah 14 ago 3 replies      
ievahanordah 15 ago 2 replies      
Jessica Livingston: How to Build the Future ycombinator.com
273 points by sama  1 ago   78 comments top 17
noodles23 1 ago 2 replies      
This is how you do great content marketing and branding.

This entire video series is about inspiring people with a side benefit of illustrating what makes YC special.

Compare this to content by other accelerators (of which there are many). It's not a lecture nor a recital of advice. It's a series of relatable and personable stories with a consistent theme. Start with "Why" you do something, not how or what.

bobbylox 1 ago 5 replies      
I think there needs to be a moratorium on that AirBnB political cereal box story. "The most important thing to do is to focus on your business, but also it's cool if you spend time on a random side business," is a big mixed message.
haberdasher 9 ago 1 reply      
So...this page has a YouTube embed, a SoundCloud embed and then also a Scribd embed. I got lazy with the timings / formatting of the transcript, but would be people rather a single link to something like this? https://presentio.us/t/610902

Note: You can click the text in the first few paragraphs to jump to the correct part of the video.


elmar 1 ago 2 replies      
Great interview, I think Jessica was the secret sauce that made YC so good.
SmellyGeekBoy 17 ago 0 replies      
Maybe slightly off topic, but I'm subscribed to YC on Soundcloud and had a notification pop up last night to tell me that this interview was available. Hit "play" on the driveway this morning while still connected to wifi and started my commute. 5 minutes later and it cuts out - mobile data dropped out (I live in a rural area).

Does the Soundcloud app not support buffering at all? I'd have thought that 20 minutes of speech would be a couple of MB at most. I see I can "upgrade" to allow offline listening for 9.99 per month, which seems pointless as this is all I'd use the service for.

I suppose I'll have to go down the route of using a legally dubious third party service to download the interview like I did for the Zuckerberg one a few weeks back. Shame they don't offer a more convenient way to listen, as this is shaping up to be a really interesting series.

demircancelebi 1 ago 0 replies      
Jessica Livingston sounds very authentic. Even listening to her inspires me to work more.
HiroshiSan 1 ago 1 reply      
The way she looks at Sam is the way a mother would look at their child. Jessica seems very endearing.
berpasan 18 ago 1 reply      
What Jessica has done in YC is an amazing example of how to build great culture in a Startup (and YC was and still is, in several ways, a startup!).

It's a challenge, but I believe YC can be an organization that can outlive its founders by the force of its strong, enduring culture. As a YC founder I didn't have the pleasure to meet Jessica (or Paul) yet (they are in a Sabbatical in London). But just spending those 3 months in YC and all the amazing people they put there made me feel as if I had.

ioda 21 ago 0 replies      
The best I have read from her so far is this- http://www.foundersatwork.com/1/post/2012/10/what-goes-wrong...
cdupiton 1 ago 1 reply      
But how did they have the money to even invest in startups?
greggman 1 ago 2 replies      
AirBnB is an evil company and YC should be ashamed to be apart of it.

AirBnB has the official policy that it's okay to lie about where listings are. I booked one that turned out to about about half a kilometer away from where is was marked on the map. I would never have rented it had it been correctly marked. When I complained I was told it's their policy. It's buried in their privacy policy in a paragraph aimed at hosts, not guests. Also, the law appears to say burying stuff in a policy is not a defense excusing deceptive practices.

I can list more AirBnB deceptive practices. I don't think the idea of AirBnB is bad but YC should not be associated with the kind of management that thinks deceptive practices are ok.

nickpsecurity 1 ago 1 reply      
It was a great interview. The story about how Airbnb started is interesting. I'd have laughed at renting air beds during conferences, too. I'd see potential in it but not billions. The pivot and cereal gimmicks were excellent examples of her advice that determination is most important. Also, remember that most politicians or Fortune 100 CEO's didn't get there by being the smartest. They also got there with a combo of understanding people, focus and determination. Ruthlessly so in many cases.

So, the goal was increasing innovation across the board rather than making money. Hmm. I've previously brought up that I'm anti-VC innovation because many just get acquired by big companies that shelve it, esp if patents are involved. I also know they're interested in exporting or improving Y Combinator. I think it would be interesting if they modified the model so the software had to be GPL, the business had anti-lockin tooling like data importers, and/or patent suit immunity for non-profits or free software doing compatible offerings. These kept true even after an IPO or acquisition by legal means. A combo of techniques like these would allow continuous stream of competition while preserving most of worth of company due to its brand and first-mover advantage.

What you all think about that or another modification of YC model to discourage monopolistic practices, lock-in or shelving post-acquisition?

throwaway991199 1 ago 4 replies      
I have to agree with you there.

I'm in Europe and I just polled a whole bunch of friends, anyone using these companies and got a resounding NOPE.

I just polled a bunch of US friends too and they say the same. Sure, purely anecdotal.

But for me, none of these have changed the world.

Maybe if you worship at the alter of YC or a wannabe Paul/Jessica groupie or liberal/progressive fantasist then I guess you totally buy into that.

Transformed is really a total stretch.

I'm still laughing after listening to that interview.

Waiting for the down-votes and I'm sure this will be flagged as it will upset some thin-skinned people who live in a (tech) bubble.

enraged_camel 1 ago 7 replies      
Jessica is awesome. That said, this part near the beginning, where Sam says...

>>Sometimes they create a small success, and sometimes they create these companies that really transform the world, and YC has been very fortunate to be involved in a lot of these, Airbnb, Dropbox, Stripe, the list goes on.

I mean... really? OK, I'll grant you Airbnb, but Dropbox "transformed" the world?

ulkram 22 ago 0 replies      
scribd is such a piece of shit
jedc 1 ago 1 reply      
"Y Combinator has funded 1,500 startups"


 http://www.ycombinator.com/press/ quotes 1297 startups http://www.seed-db.com/accelerators/view?acceleratorid=1011 has 1069 companies (+ ~100 from the S16 class) for ~1200 in total
Where do the extra companies come from?

Gonorrhea Is Becoming Untreatable, U.N. Health Officials Warn npr.org
205 points by bootload  1 ago   169 comments top 11
zackmorris 1 ago 13 replies      
Keep in mind that media outlets are unlikely to point out the fact that antibiotic resistance is mainly caused by antibiotic overuse on farms for livestock (due to the conflict of interest when so many ad dollars come from food).

Yes, humans failing to finish their run for the time prescribed for them, and use of antibiotics for viral infections have been a problem too. But those are completely dwarfed by farm use.

Funding for new antibiotic research should come from taxes on big agribusiness and there should be more regulation on antibiotic use for livestock.

ChuckMcM 1 ago 7 replies      
And then there are these stories : http://www.medicalnewstoday.com/articles/287745.php talking about how there are all sorts of Antibiotics we don't even know about (yet). Or drugs that also kill bacteria (http://phys.org/news/2016-02-major-breakthrough-antibiotic-r...) or even this (https://www.theguardian.com/commentisfree/2015/nov/20/antibi...)

Basically as we get to understand exactly how cells work and how bacteria do what they do, and how they change. We won't need to scrounge around in the dirt to find something, hopefully, that will kill bacteria. We'll engineer what ever we need to kill what ever cells we want to kill.

DavidWilkinson 5 ago 0 replies      
Super-gonorrhoea due to antibiotic over-use and treatment non-adherence.

Drug-resistant HIV due to natural mutation and an increase in infection vectors (courtesy PrEP).

Killer venereal diseases: we missed you, but not that much.

carsongross 1 ago 1 reply      
As surely as Water will wet us,

as surely as Fire will burn,

The Gods of the Copybook Headings

with terror and slaughter return


memracom 1 ago 5 replies      
Rather than weakening the attacker (killing the bacteria) we could look for ways to strengthen the organism (boost the body's own defense mechanisms). The health industry as a whole, has been weakened by the discovery of antibiotics and designer molecules, and as a result now spends too many resources on looking for killer chemicals (antibiotics and other drugs).

But there are other ways. One way is to follow the thread of research opened up by William B. Coley who developed Coley's Toxins, a cocktail of bacterial toxins that sparked the body's own defense mechanisms and in many cases, caused cancer tumors to turn to jelly within days and start being reabsorbed by the body. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1888599/ has more about him.

Or the way of genome therapy where researchers are studying the active genomes in both healthy and sick (or cancerous) cells to understand what knobs and buttons exist in the human organism that we might be able to adjust by means of various therapies, sometimes even benign ones. There is evidence that one of the many hundred subtypes of cancer will respond to everyday blood pressure medication. This is a relatively benign drug that, in the right conditions, will kill cancer cells. Of course, the right conditions include that the patient has certain specific genes. But genomic techniques ca discover these genomic markers and help us sort out the mechanisms by which cells resist attacks from hostile bacteria. The ultimate outcome for cancer would be that your doctor takes a biopsy of the cancer cells, their active genomes are analyzed and this information is used to build a molecular machine that manufacture a custom drug that will cure your cancer.

Look at the molecular machinery of the Polymerase Chain Reaction which makes copies of DNA molecules https://en.wikipedia.org/wiki/Polymerase_chain_reaction

And there is Reverse Transcription which converts RNA molecules to DNA molecules https://en.wikipedia.org/wiki/Reverse_transcription_polymera...

Not to mention the Ribosome which is the molecular machine in your cells which manufactures protein molecules https://en.wikipedia.org/wiki/Ribosome

lostlogin 20 ago 0 replies      
Someone I know described visiting a small rural pharmacy in Nepal and talking to the pharmacist. Many locals can't afford courses of antibiotics for sick family members so they buy just a dose or two. This was allowed on even fairly hardcore, last line antibiotics which required special government ministry approval back home. If different countries have such different practices, things are not going to go well.
siscia 17 ago 2 replies      
Maybe I am saying something completely out of the world.

But when bacteria become too dangerous why we don't simply vaccinate against them?

hackaflocka 1 ago 2 replies      
Does oral sex transmit Gonorrhea?

Are there any sex acts that are immune to it?

Is there anything safe (sex-wise) that one can do to prevent it?

alanh 1 ago 0 replies      
And there are still those who deny evolution
Kenji 1 ago 2 replies      
If officials from the U.N. or from the WHO warn about something, I sleep particularly well at night, knowing that it's probably blown out of proportion by several orders or magnitude. Remember the bird flu? My employer at the time bought truckloads of sanitizers, plastic bins and related stuff. A complete waste of money. These people have lost every last shred of credibility for me.
milesf 1 ago 13 replies      
Here's a novel thought: Monogamy. Wait to have sex until you're married, then have only one sexual partner your entire life. That'll deal with the problem, and every other sexually transmitted disease out there.

It's almost too simple to work, but I've heard that over time - thousands of years in fact - it is a strategy humans have used to build not just safe sex, but many other benefits as well http://www.theglobeandmail.com/life/relationships/the-power-...

Amazon Launchpad for Startups amazon.com
226 points by ankit84  13 ago   77 comments top 22
jasode 12 ago 4 replies      
Here's my take on it and someone can chime in if I'm wrong on the details...

Imagine you're a startup/inventor that manufactures a widget that you'd like to sell to the mass market, you could either (1) try to sell direct from your website (2) get on the shelves of national stores like Best Buy, Target, Walmart, etc. The "shelves" include the real ones at their brick & mortar stores and the virtual shelves on their online websites.

(1) is hard to attract shoppers since nobody knows about your low-traffic website. Also, you'd have to handle the hassle of fulfillment yourself. Amazon Launchpad leverages their competency in global logistics to do this for you.

(2) is difficult to get meetings with corporate retail buyers and convince them to carry your product. Sometimes, there are also "slotting fees" (sometimes aka "bribes") to get prime shelf locations (eye level vs the floor.)

What Amazon is doing is opening up their "shelves" which includes the prime pixels real estate on their front page to promote startups' products. They are actively marketing your product. This is a different initiative from passively showing the 3rd-party marketplace sellers on amazon product pages.

However, to filter out the low quality junk and avoid every garage warrior trying to sell their flavor of homemade barbeque sauce, the products have to come from "the approved network"[1] that includes firms such as a16z, Accel Partners, etc. If we scan that list of affiliates, we'd expect the products vetted by them to be "cutting edge" and "innovative".

What's not specified in all the press releases and FAQ about Amazon Launchpad is the type of payment structure Amazon expects. Is it negiotiated on a product-by-product basis? Is it flat percentage?



kristianc 9 ago 4 replies      
My take on this is that it sounds an awful lot like a sensing network for Amazon to discover which products are taking off and if it's viable to produce a low cost clone. At which point Amazon will not only have cloned your product, but also own your main distribution channel. Approach with caution?
gortok 10 ago 0 replies      
Some notes:

1. Amazon Launchpad will ask for a few sample units to test. What they actually mean is that they sell these units. So, don't send Amazon units until you're ready to part with them and put them in your customer's hands.

Here's Vendor Express (their vendor management system) on that topic:

> We'll sometimes request a minimum sample of free units of your product so that we can evaluate the demand from our customers before placing an initial purchase order. After your product sells, we may start issuing purchase orders.

So, if you're a Kickstarter or Indie-go-go project and you want to sell your product on Amazon as well, you'll likely be going through Launchpad. This can get... uncomfortable for you if you send them test units before your Kickstarter backers get theirs.

2. Amazon's ToS for Vendor Express specifically states that they can rescind/change their Purchase Order at any moment before the product physically arrives at their fulfillment center. I've heard stories of startups having their P.O. reduced by half and having to eat that cost. When you're a young startup, capital is everything.

Other resources for understanding more about manufacturing costs: https://www.quora.com/How-do-I-go-about-budgeting-manufactur...http://www.andrewjdupree.com/blog/2016/8/3/how-long-does-it-...

bobsky 12 ago 2 replies      
It's not evident what's new, but this initiative was announced a year ago, here's the article: "Amazon Takes On Product Hunt, Shopify With Launchpad, An All-In-One Marketing And Sales Portal" [1]


josu 11 ago 3 replies      
kdamken 11 ago 1 reply      
This looks like a site that someone in a foreign country who was trying to pretend to be amazon would make to trick people.

Did they fire all of their designers or something?

billyshih 9 ago 1 reply      
I've been using this for my dog toy that I launched on Kickstarter and it has worked out amazing. The only downside is you don't have control over what they price at since you're selling products wholesale to them. But for the amount of work that it takes (very little), it's a great trade off.
Animats 2 ago 0 replies      
Blackbox.cool [1] just got run over by a tank.

[1] https://news.ycombinator.com/item?id=12356218

Negative1 11 ago 1 reply      
This is an interesting idea in that it basically becomes the store for post-kickstarter projects that had traction but not enough to negotiate a contract with major retailers. Great idea -- I hope it takes off (no pun intended).
webtechgal 12 ago 2 replies      
A quick question here while I check some more:

Are pure-play software (SaaS etc.) and/or digital goods startups eligible for this?

Mahn 8 ago 1 reply      
Your product has to be absolutely extraordinary to pass such an extensive list of vetting partners [1], in which case there's a good chance you would do fine selling on your own and generating your own word of mouth buzz if you ask me. If you invent the next iPhone you are probably going to do well even if don't sell on Amazon.

[1] https://www.amazon.com/gp/launchpad/network

blairanderson 8 ago 0 replies      
I used to sell hardware to amazon. Here's my take on this.

This boils down to a whitelist which allows companies to skip the traditional sales/retail-contract process required for a manufacturer to become a vendor.

This is not a service that Amazon will sell, essentially a loss leader to get vendors into the network.

Normally for brands that are new, Amazon requires a unique product line or price or some differentiator. A well established rep can easily get them in the door.

I typically recommend that brands:1. Start selling online ASAP 2. Start selling on Amazon ASAP3. As sales grow, become an Amazon vendor

bignis 6 ago 1 reply      
I'm interested in the flip side of this. How, as a consumer, can I discover cool new products from startups that Amazon thinks are noteworthy? I wish the also announced an section of the website like amazon.com/launchpadproducts where I could see a list of qualified products.
mandeepj 10 ago 0 replies      
Although, amazon is saying they welcome all startups but looks like this launchpad is only for companies having a physical product. I think you can't apply if you have an app to launch.
dmritard96 8 ago 0 replies      
One thing to note - they started out taking pre-orders but decided they didn't like this as they realized the startups have no control over their shipping schedule...
rexreed 7 ago 0 replies      
This looks like it's only for physical products? I was hoping to see something for digital services built on AWS
CodeSheikh 8 ago 0 replies      
A potentially decent platform for hardware products. I would like to see something similar for software products to.
estefan 12 ago 1 reply      
Interesting. I've just been reading about using alibaba with freight forwarders and shopify to create online shops where you can sell on Amazon. This might make it even easier.
rm_-rf_slash 12 ago 4 replies      
I'm sure I'm not alone in having concerns about how ruthlessly centralizing Amazon is making the shopping experience for just about everything but groceries (because I will never trust anyone to pick my meats and produce for me), but if Amazon Launchpad works as well as this advertisement claims it will, then I cannot for the life of me think of a better means and marketplace to trial new products.

Maybe if your product does really well they'll set you up with a Dash button.

threepipeproblm 8 ago 0 replies      
Featuring Lieutenant Wesley Crusher
vonklaus 9 ago 0 replies      
Stripe Atlas for retail.
A Message to the Apple Community in Europe apple.com
313 points by epaga  1 ago   412 comments top 66
sixhobbits 1 ago 4 replies      
People filing their own tax returns: "This is pretty complicated. Maybe I should hire an accountant or something"

People commenting on a case involving international tax law and how it applies to a mega corporation: "I got this - I'm gonna tell everyone else what the fair and legal result of this case should be"

OTOH, I'm getting a bit tired of these PR pieces that pretend that their company is all about uplifting communities and helping people. I've got nothing against free-market capitalism -- it seems to be working out more or less OK compared to some other economic systems we've tried -- but it seems pointless to have to always pretend that you're not playing the game in order to make profits. A "yes, this was a loophole that we found that allowed us to not pay much tax, but that doesn't give anyone the right to close it retrospectively, and we'll be seeing the EU in court" would have been a nicer statement to read from them.

madeofpalk 1 ago 7 replies      
The most specific and IMHO damming allegation was how they avoided paying tax.

From the EU press release:

 [Ireland] endorsed a split of the profits for tax purposes in Ireland: Under the agreed method, most profits were internally allocated away from Ireland to a "head office" within Apple Sales International. This "head office" was not based in any country and did not have any employees or own premises. [...] The remaining vast majority of profits were allocated to the "head office", where they remained untaxed [...] an effective tax rate of about 0.05% on its overall annual profits.
So, at the advice of Ireland, Apple was able to attribute sales to 'Apple Sales International', which was not based in any country and thus was not subject to tax.

ar0 1 ago 3 replies      
I don't really get what Apple is trying to achieve with this letter. Looking at my (continental) European colleagues, it comes across as aggressive bullying by a U.S. company and clearly harms public opinion of Apple, which cannot be a good thing for a company that sells consumer products. Maybe it looks differently from the Irish perspective, but obviously Ireland is a tiny market compared to France / Germany / etc., which are all countries where U.S. companies' (legal!) tax maneuvers aren't looked kindly at and where such a letter can only do more harm than good. People don't like the European Commission, but they like "lecturing from the Americans" even less.

In the end, this matter is a very complex legal question (1. were the Irish tax deals actually "deals" or just the day-to-day application of the Irish tax code?; 2. if they were "deals", were they illegal deals under EU rules against state support?). It is going to be answered by the European Court, which I guess (or at least hope) will not make its decision based on an "open letter" posted on the Internet.

sz4kerto 1 ago 6 replies      
This is getting interesting. One of the world's biggest companies is playing the emotions of the citizens of a country, and essentially telling them to distance themselves from the EU.

"This would strike a devastating blow to the sovereignty of EU member states over their own tax matters"

Maybe this doesn't look _that_ serious to non-EU citizens but given what's happening in Europe in general (nationalist parties on the rise, etc.), I'd be very careful with this approach.

bertil 1 ago 1 reply      
I lost a very large amount of respect for Tim Cook reading that message. The statement:

> A companys profits should be taxed in the country where the value is created. Apple, Ireland and the United States all agree on this principle.

is patently false given the Double Dutch Irish Sandwich structure of Apple tax reporting. This is not a coy avoidance the truth, this is a blatant lie.

No response, short of a link to an album of photos from the large and gleaming worldwide R&D centre that Apple presumably operates in Curaao is acceptable.

k-mcgrady 1 ago 1 reply      
I think generally Apple has been a pretty socially responsible company, more so than a lot of other tech companies. I also really admire their stance on privacy. They get no sympathy from me here though and this 'message' makes them look worse. When you have $200bn in cash reserves - literally $200bn you have no idea what to do with - and you're complaining about paying $14bn in back taxes you just make yourself look bad. The excuse that you brought jobs to a struggling economy also doesn't help you. You didn't look at Ireland and say 'those poor unemployed people, lets open an office there', you said 'they really need jobs, we can probably negotiate a good deal'.
arbuge 1 ago 1 reply      
"Taxes for multinational companies are complex, yet a fundamental principle is recognized around the world: A companys profits should be taxed in the country where the value is created. Apple, Ireland and the United States all agree on this principle. In Apples case, nearly all of our research and development takes place in California, so the vast majority of our profits are taxed in the United States."

So is R&D the only part of the company they believe creates any value? Why operate in Ireland at all if so? Should just outsource it all...

Of course they know better. The value is right there in the first paragraph:

"Thirty-six years ago, long before introducing iPhone, iPod or even the Mac, Steve Jobs established Apples first operations in Europe. At the time, the company knew that in order to serve customers in Europe, it would need a base there."

d_t_w 1 ago 8 replies      
A message to Apple from anyone who doesn't have rocks in their head:

You shift profits to avoid tax, don't play coy.

The era of tax being optional for multinationals is drawing to a close. You make your profit, you pay for access to the market, no exceptions.

jacknews 1 ago 0 replies      
Oh dear this is pretty mendacious:

" A companys profits should be taxed in the country where the value is created. ... In Apples case, nearly all of our research and development takes place in California, so the vast majority of our profits are taxed in the United States."

No, I don't think the agreed principle is at all to tax research and development - it is to apply taxes at the point where the transactions take place.

In this case, in Europe. And the European UNION is named that way for a reason; the states have to abide by rules that are designed to protect and enhance the European collective-bargaining position, just as for workers in a labor union.Even so, some states still try to use lax corporate legislation as a competitive edge.

Now they've been caught out.

I'm no fan of retroactive taxation, but there it is - if the tax arrangements are deemed illegal, then the beneficiaries of that are going to be on the hook. Apple's claim that they followed the law may be true to an extent, but the full 'legal tax' situation must obviously include not only the Irish tax rules, but also the European ones, so they appear to have failed in due diligence.

BenoitP 1 ago 4 replies      
> a devastating blow to the sovereignty of EU member states

This is bad, bad PR. Maybe let the EU citizens be the judge of that?

IMHO, it is a huge no-no for a company to make a political statement, especially in a troubled time like now (does Apple have any comments on Brexit, too?).

I think this will deeply hurt the fanboyism.

Scirra_Tom 1 ago 4 replies      
Yuck. Old black and white photos, emotional appeal to some sort of corporate heritage. Posturing as some sort of victim. Only thing missing is a tiny violin playing on that webpage.

Apple's been paying virtually no tax for years because it's argued it's legal to do so. Now the EC deems it was illegal. GG WP - you lose. Time to pay up now.

I'm sure due to the amounts involved that this potential event was in someone's "risks" column and hasn't come completely out of the blue for Apple.

afarrell 1 ago 0 replies      
Here is the European Commission's word on the issue: http://europa.eu/rapid/press-release_IP-16-2923_en.htm
leoc 1 ago 1 reply      
True story: in the mid-2000s I was in the audience at an Apple recruiting talk for H1Bs at a European university (including one fairly-well-known then-Apple dev/manager). It didn't go very well: the audience was oblivious and largely uninterested, the Appleers were tetchy, I asked an impertinent question involving HyperCard. At one stage the rambling audience Q&A turned to a long discussion of the hypothetical possibility of Apple opening a European office at some point in the future. Now granted these were SW dev types rather than QAs or whatever, but ... I didn't quite have the heart to tell them about Cork.

I'm not so sure about this bit, but IIRC at this time (and a long time afterwards) Apple wasn't investing much effort in the pretence that Cork was a serious operation, to the extent that the access road to the site wasn't in good repair and hadn't seen attention in ages, possibly since it was built. [EDIT: I am duly corrected on this, see https://news.ycombinator.com/item?id=12390072 below.]

ronjouch 1 ago 1 reply      
> "As responsible corporate citizens, we are also proud of our contributions to local economies across Europe, and to communities everywhere. As our business has grown over the years, we have become the largest taxpayer in Ireland, the largest taxpayer in the United States, and the largest taxpayer in the world."

Nice logical fallacy here, positively reframing / dumbing down a company's obligation to pay taxes in ${countries_of_activity} as "we have become the largest taxpayer in Ireland". That's precisely what Apple is condemned for: for consolidating fiscal activity in a tax haven, Ireland, in order to pay ridiculously-small taxes for Euro zone Apple activity, rather than paying (bigger) taxes in each EU country.

Also, Cook mentions "6,000 people across Ireland [...] performing a wide variety of functions as part of Apples global footprint.". I have no idea what that number represents, scaled to a multinational like Apple. I'd be curious to know what you think of this number.

PedroBatista 1 ago 0 replies      
This "message" is almost as bad as dodging taxes through loopholes.

It reads as the Apple Head of State trying to rally the troops, trying the "foreign aggression because they're so jealous" angle.

morphle 1 ago 0 replies      
We had a similar case in the Netherlands with Starbucks.The European Commission has the argument that if a company has a treaty with a countries tax office that results in them paying less tax than other companies without such a treaty would, then the EC regards that as a state subsidie of a company by that government.A European government is prohibited to subsidise companies in a free market (there are exemption under law), they declare this an illegal subsidie and the government must get the illegal subsidie back.As fare as I am aware, Apple is not being fined in this case, the Irish government is. Its up to the Irish government to continue this subsidy, they just will be fined again if they do.Apple seems to say here that they might withdraw from Ireland because of the uncertainties around their tax evasion strategies, not because they will actually be taxed more.
duiker101 1 ago 3 replies      
I read two things in this:

- We bring work and employ a lot of people so we are good.

- Be careful because if we don't get it our way we are going to go away and you are the one that will suffer.

kabes 1 ago 0 replies      
Saying that "It (Apple) has helped create and sustain more than 1.5 million jobs across Europe" is a far stretch if the majority of that number are app developers for who it makes no difference where Apple is located.
OliverJones 1 ago 0 replies      
Hmm. I'm not sure whether Ireland owes any money to bondholders. If they do, this EU ruling will make it harder for them to negotiate with those bondholders, who can say "collect your taxes and pay up."

But, some bondholders are probably the same people who compel American companies with vast cash piles to stash them offshore.

Is this an issue for Irish voters? Their government made a deal that cost them money. If it's OK with the voters, their government can fight the EU on this. Or, if the voters prefer, the Irish government can try to collect from Apple.

After all the posturing is done, they'll probably settle quietly.

bencollier49 1 ago 1 reply      
Interesting. Does this imply that the UK deal with Google to let them pay less tax is now de jure illegal as well?
khoury 1 ago 1 reply      
Didn't even know "The Apple Community in Europe" was a thing.
tuna-piano 1 ago 0 replies      
One side note I haven't seen covered yet:

The court ordered Apple to pay the penalty of 13 billion euros, plus interest. For the last couple years, many bonds in Europe have been sold at negative interest rates. Does that mean Apple could potentially be paying less than 13B back?

MollyR 1 ago 0 replies      
I can't say I approve of corporate or tax inversion, and I'm not sure what to think of this article. I've read countless articles saying the opposite http://www.theverge.com/2016/5/5/11604704/apple-tax-evasion-...
alphadevx 1 ago 0 replies      
"The European Commission has launched an effort to rewrite Apples history in Europe, ignore Irelands tax laws and upend the international tax system in the process."

Wow, strong stuff.

clarkmoody 1 ago 0 replies      
The real issue here is that a multinational tax-avoidance scheme is only available to large corporations. This means that their smaller competitors who do not have millions to spend on lawyers each year are taxed at the insane rates of their local jurisdictions. The larger competitors shield their incomes from those same rates, making them more competitive than the smaller companies.

This pay-to-play scheme, coupled with other regulations tailored specifically for large corporations, keeps them shielded from upstart competition. The best thing for consumers and business alike would be to slash the taxes and regulations, instead of going after what the companies "owe" the government -- as if a group of bureaucrats in some capital city have any justified prior claim on the fruits of someone else's labor.

zyngaro 1 ago 0 replies      
Given the current political context in Europe (Brexit, fears of populations across the continent of loosing their sovereignty to Brussels (i.e the EC), the message of Tim Cook is very political and bold: -"We believe these changes should come about through the proper legislative process, in which proposals are discussed among the leaders and citizens of the affected countries"- "This would strike a devastating blow to the sovereignty of EU member states over their own tax matters"I am not sure this is the way to go. Apple should fight this decision on a legal basis: laws cannot be retroactive - and not a political (borderline populist) one.
sudhirj 1 ago 5 replies      
Is this really that simple? Is the EC actually trying to apply a retroactive law?
jensC 1 ago 0 replies      
I am sorry Apple, but that message made you look like you are excusing yourself for paying no tax.
ctvo 1 ago 0 replies      
It bothers me that Apple has probably done the market research and identified that they have such a strong brand among some people that these messages work. First the FBI one and now this. Both misrepresented facts to make Apple look flawless.

The truth is already debatable in the US ('I don't believe the media / government agencies / research from the educated elite'), having corporations jump in to directly muddle the waters doesn't help.

lstroud 1 ago 0 replies      
Seems like it boils down to determining who gets to make tax law in the EU. Is the EU able to levy taxes on citizens of their member nations directly? Or, are the nations themselves responsible? I'm not sure the legal structure of the EU gives Brussels tax authority. This will be an interesting question to see resolved. It will tell us a lot about the future of the EU.
gavanwoolery 1 ago 0 replies      
I see a battle between two sides here in the comments which basically winds down to capitalism vs big government.

There is an incredible amount of corruption in both areas, and even between them (we call this "crony capitalism"). Both within the government, and within the private sector, corruption can be used to squeeze money out of the general population. Both have necessary roles, and their benefits usually outweigh their level of corruption. But to take the side of one or the other is a rather fruitless exercise.

Instead, effort should be focused on how to improve the laws so that we can make them work well for all parties involved, especially the general population. And sadly, its beyond the level of conspiracy at this point that the people who control the laws are the people who benefit most from them.

gerty 1 ago 0 replies      
State aid has been forbidden or at least heavily regulated in the EU since the Treaty of Rome in 1957, although Ireland joined later in 1973. No need to play the victim here and stoke anti-EU feelings. Apple got caught, and rightfully so. Time to pay up what is due. Hopefully, others will follow.
kaoD 1 ago 1 reply      
A Message to the Apple Company in the US: sorry, we can see through your shabby PR piece.


Twisell 1 ago 0 replies      
I totally get that Apple should pay more tax. However I also understand that it must not be pleasant to be caught between two hammers.

UE want them to pay more taxes to them because of this wrongful loophole...USA want them to pay more taxes because of this wrongful loophole...

Maybe it's only common sense for Apple to wait that USA and UE define exactly what is actually the lawful taxes process that must replace this no longer existing loophole.

Also the very notion of retroactive "crimes" is usually not compatible with a healthy democracy. How can you be condamned for following instruction a sovereign state (Irland) gave you?

lochlainn 1 ago 0 replies      
Does anyone feel like Apple might start abusing the "open letter" format whenever they're in hot water? Since they're so famous for ubiquitous brand representation, it automatically grabs your attention when a letter written by the CEO himself is posted. Even if it's subconscious, I'm sure some people (me included) read the letter and think that if it's important enough for Tim Cook to write passionately about, on the main site of his company, then Apple's probably in the right.

I wonder how many more open letters we'll be seeing in the next few years.

saynsedit 1 ago 0 replies      
At the time, the company knew that in order to serve customers in Europe, it would need a base there.

Are you sure this had nothing to do with avoiding US tax and keeping a cash stronghold in Europe?

mgkimsal 1 ago 0 replies      
Interesting and seemingly overdue.

What effect might this have on Apple (and others) repatriating overseas monies back to the US now. If it's going to be taxed overseas anyway, the argument for holding large amounts outside the US seems to be reduced.

Granted, there will still be other non-US tax havens, and I'm guessing the lower rates may still be a factor. But might this have any impact at all? Or will this just be seen as a small fine and companies will carry on as before?

pzh 1 ago 2 replies      
It seems the EU didn't learn their lesson with the UK and Brexit, and they continue meddling in the affairs of sovereign states by interpreting the rules however and whenever they see fit. I wonder what percentage of this tax Brussels expects to appropriate for itself. It's high time to put an end to this failed experiment and especially to the corrupt EC...
sjwright 1 ago 1 reply      
Apple got a sweetheart tax deal from Ireland.

Tesla got a sweetheart tax deal from Nevada.

Pfizer got a sweetheart tax deal from the United States.

I don't see the difference.

WayneBro 1 ago 0 replies      
I love to see Apple get hit with the kind of taxes that they themselves put on the marketplace with their over-priced hardware and the 30% cut that they take from the captive/locked-in audience of developers and users.

Down with Apple. They are a drain on society and they deserve everything they're getting right here.

ranit 1 ago 0 replies      
> Countless multinational companies followed Apple by investing in Cork, and today the local economy is stronger than ever.

Is the local economy in Cork much better than the rest of Ireland? I tried to search data that supports the Apples statement and couldnt find any.

d3ckard 1 ago 1 reply      
This actually the worst piece of public opinion I have ever read from Tim Cook. It hurts their brand, it exemplifies American ego when it comes to dealing with other countries (please, don't tell me that you not paying taxes is some kind of sovereignty crisis for f*'s sake) and worst of all, it's poorly targeted. It's Europe - on average we do not like big corporations and we laugh on 'liberties', which are in fact money extortion by big players. I do not know who in Apple PR greenlighted this, but he/she might not survive the consequences.
anotherhacker 1 ago 1 reply      
Don't blame Apple, blame the tax laws.

i.e. don't hate tha playa, hate da game.

bluecalm 1 ago 0 replies      
EU should consider this hypothetical:

Imagine that aliens from a remote galaxy came to Earth to trade. They sell alPads and alPhones. They don't have any papers about how those were created and what kind of costs they paid in their galaxy. It was so long ago no one remembers and why would it matter anyway, maybe alPads and alPhones grow on trees in their world.

Now consider how we would like to tax those. Is VAT enough? If not maybe tax for land where they open their office? Whatever you decide do the same with foreign companies in Europe. It's the only way as digging into costs/deals in other countries which may not even be friendly with EU in the future doesn't make much sense.

yyyuuu 1 ago 0 replies      
Forgive my ignorance, but what would happen if Apple chooses to ignore this ruling and doesn't pay any retroactive tax at all?

Could it still be business as usual?

apple_fanboi 1 ago 0 replies      
Thank you my fellow apple fanbois and apple employees for flagging this thread. Has it been on the internal company slack?
sydney6 1 ago 1 reply      
Could someone please explain why this isn't on the top of the front page anymore?
julianozen 1 ago 0 replies      
Designed by Apple in Ireland
cheriot 1 ago 0 replies      
Well, at least they used a bit of those billions to hire a good PR team. I'm always surprised how often press releases are tone deaf.
lifeisstillgood 1 ago 0 replies      
I think the most important question is how often does the US Federal government overturn special deals arranged by State governments for favoured companies?

Europe is in the midst of deciding if it wants to Federalise - and it's unprecedented to do this without war or the expectation of war.

Additionally most countries are in a race to the bottom in collecting MNC taxes.

The two issues are heavily intertwined and this is just the first "battle" that has risen to attention

It's going to be interesting to see what artillery both sides have.

chinathrow 1 ago 0 replies      
Why did this fall off of the startpage?
draw_down 1 ago 0 replies      
The letter is gross but I don't understand why all this is specifically about Apple? Aren't they using the same kind of tax accounting other multinational companies do?
gadders 1 ago 1 reply      
With a bit of luck this will trigger an Irexit.
flexie 1 ago 1 reply      
What a load of corporate BS. How does it make first place on HN?

"The European Commission has launched an effort to rewrite Apples history in Europe, ignore Irelands tax laws and upend the international tax system in the process."

Please. They got caught not paying any tax in Europe. Ireland's tax laws are not ignored (EU simple asks Ireland to tax Apple according to usual Irish rules) and there is in effect no agreed upon international tax system anymore (if there ever were).

"The opinion issued on August 30th alleges that Ireland gave Apple a special deal on our taxes. This claim has no basis in fact or in law. We never asked for, nor did we receive, any special deals."

This is irrelevant. There was an understanding that Apple could channel all European profits through Ireland and that the Irish government wouldn't tax them on it.

"We now find ourselves in the unusual position of being ordered to retroactively pay additional taxes to a government that says we don't owe them any more than we've already paid."

First of all, it isn't retroactively. The obligation not to receive subsidies was there all the time. Second, it isn't at all unusual. Numerous companies in Europe have had to pay back subsidies, including tax subsidies, to governments that didn't want them back.

"The Commissions move is unprecedented and it has serious, wide-reaching implications."

If by wide-reaching implications they mean that corporations can't hide behind phony company structures and will have to pay tax, then yes.

"It is effectively proposing to replace Irish tax laws with a view of what the Commission thinks the law should have been. This would strike a devastating blow to the sovereignty of EU member states over their own tax matters, and to the principle of certainty of law in Europe."

The EU commission is proposing no such thing. It is merely calling a spade a spade. Ireland joined the EU openly, and signed the EU treaty that bans state aid.

"At its root, the Commissions case is not about how much Apple pays in taxes. It is about which government collects the money."

As in no government, apparently.

"Taxes for multinational companies are complex, yet a fundamental principle is recognized around the world: A companys profits should be taxed in the country where the value is created. Apple, Ireland and the United States all agree on this principle."

Yes, it's complex, and much more complex than a company having to be taxed where the value is created. There is no such agreed upon fundamental principle, not even with United States, and even if there were, I would argue that most of the value is created where the products are either produced or sold, not where the R&D department happened to be located or where a company had placed its IPR.

somenomadicguy 1 ago 1 reply      
After they pay their taxes, I imagine they will post some billboards like this:

Dear EU,

Please use some of the 13 Billion in taxes to keep art in schools.

Love, Apple.

NicoJuicy 1 ago 1 reply      
I wonder how much this has to do with the Brexit :)
mrmarquo 1 ago 1 reply      
bobsmoot 1 ago 1 reply      
okket 1 ago 1 reply      
tdubhro1 1 ago 3 replies      
jbmorgado 1 ago 0 replies      
Funny the total brainwashing that is going on in this statement by Apple.

Look, Apple failed to pay SALES taxes. And now they are trying to mix SALES taxes with the LABOR taxes of those 60 (sixty) people they actually employ in their operation in Ireland.

Apple is the most valuable company in the world, has a huge bank account just sitting there, and yet, they think they shouldn't have to pay taxes.

perseusprime11 1 ago 2 replies      
It's time to bring the money back and create jobs in U.S. Apple cannot expect the U.S to cover it's ass from EU. Tim's answer 'well the taxes are high here, so we cannot bring the money back' is not valid because guess what - my taxes are high too and I end up paying them.
PhilipA 1 ago 0 replies      
Am I missing something, last time I looked they barely payed taxes in the US, so the argument is a bit of a moot point.
mattmanser 1 ago 2 replies      
Assuming the main story has tripped some sort of flame war trigger?


223 votes in 3 hours and it's half way down page 2?

It's incredibly important news, shouldn't dang et al intervene and reinstate it?

Google Cast is now built-in to Chrome googleblog.com
237 points by jdimov10  2 ago   147 comments top 39
kelnos 2 ago 4 replies      
I'm still really disappointed that the Cast protocol is effectively closed, and Google only supports casting from Chrome, Android, and iOS.

I think Google is really shooting themselves in the foot regarding adoption. I'd love to have a command-line Cast client for Linux, integration into pulseaudio, a Firefox Cast extension, a native UI (non-browser) video player, etc. Sure, some people have reverse-engineered the newer protocol, but I've never gotten any of the unofficial clients to work reliably (and some just flat-out don't work at all).

niftich 2 ago 0 replies      
There was formerly a Google-made addon for this. Now it's integrated into Chrome. There are two features here:

- Chrome can stream its renderer output to a 'Google Cast'-supporting stream sink, like a Chromecast. This option is buried in the hamburger menu.

- websites can be coded against a JS library that's implemented by Chrome [1][2]. Then the 'stream to...' menu is shown as the 'cast' icon near the address bar.

[1] https://developers.google.com/cast/docs/reference/chrome/

[2] https://developers.google.com/cast/docs/chrome_sender

realityking 2 ago 1 reply      
I love Chromecasts and brining Google Cast into Chrome made me quite happy since the integration with Hangouts (you can cast a tab into a hangout if the meeting is part of your Google Calendar) is terrific.

However as someone who helps out with the company's network, they are infuriating:

- They ignore the DHCP given DNS Servers instead using Google's. I'm sure the same is true for NTP though I haven't bothered testing that.

- They use mDNS and DNS-SD but not DNS-SD Wide Area Discovery. This makes subnetting more difficult and increases broadcast traffic quite a bit.

- Not a complaint, more a wish, but a PoE version of the Ethernet adapter would be immensely helpful.

vertis 2 ago 0 replies      
Recently I moved house. I had to wait 6 weeks for the internet to be connected (first world problem).While I was waiting for the connection I inevitably tried to fall back on local content and discovered, much to my discontent, that my Chromecast wouldn't work at all without internet, even when I was trying to play local content.

I've been less happy with it ever since.

rektide 2 ago 0 replies      
Looking forward to some standardization/interop coming out of this. There's Presentation API[1], which spec's a web API, but that still leaves open the question of coordination between a controller (browser) and display. Chrome's working on it[2], and I'd guess would target Cast, so web pages might be able to request their own casting, but it doesn't seem like anything other browsers could compete/cooperate openly with atm.

[1] https://www.w3.org/TR/presentation-api/

[2] https://bugs.chromium.org/p/chromium/issues/list?q=component...

gscott 2 ago 1 reply      
Looking at WireShark last night Google Cast was reaching out to Google every 30 seconds. I narrowed it down to my web browser, removing it from the toolbar stopped it.
joemccall86 2 ago 1 reply      
Assuming they drop support for the Chromecast add-on, doesn't this effectively eliminate the ability for other browsers that can use chrome extensions to cast to a Chromecast? (e.g., Opera, Vivaldi, maybe Chromium)?
jeffdubin 2 ago 1 reply      
Nice job, thank you! Now... how can I disable it? Next time I'm on a public wifi network, this is going to be sending out probes for Chromecast devices, and it's only a matter of time before someone finds an exploit.
chatmasta 2 ago 2 replies      
For anyone who hasn't seen it, check out the "peerflix" project on github. It's an amazing way to stream torrents, and you can easily cast them from chrome.

Basically you just do:

 peerflix 'magnetUrl'
And then navigate to http://localhost:8888 and cast the tab.

Unfortunately it only works with MP4. There may be some workarounds with an ffmpeg command in the middle, but I haven't experimented with it much.

israrkhan 2 ago 2 replies      
Few months ago, I bought a Nexus 5x assuming that it will support Miracast (like Nexus 5 did). I was very disappointed to know that Google dropped support for Miracast. re-enabling Miracast support was just a matter of changing a line in a config file. However that required rooting the device.

Dropping support for standard protocols and forcing users to use their proprietary stuff? what happened to their corporate moto "Don't be evil".

greggman 2 ago 3 replies      
Chromecast if left on (using the included power adapter) will use about 14gig of bandwidth downloading images for its background that you can not turn off. As someone on a metered MiFi that's a no go.
spike021 2 ago 1 reply      
Not sure how related this is, but my parents have a one or two year old Samsung "Smart" HDTV. It doesn't have Chromecast built in, but it does have Youtube, Netflix, and a few other "apps".

I thought it was really cool one time when I was visiting during a SpaceX launch and experimental sea landing because I was able to swap from watching live via Youtube on my laptop to casting it to their HDTV. That was just by pressing the cast button and selecting their TV, which was automatically in the list without me doing anything.

It's awesome that Google's made this more convenient and I think it'll be something useful for a lot of people.

biot 2 ago 2 replies      

 "people have casted more than 38 million times from Chrome, watching and listening to more than 50 million hours of content."
So Google is monitoring your watching habits. What other information do they collect as part of this? Are these details documented in a privacy policy somewhere?

The setting chrome://flags/#disable-cast-streaming-hw-encoding only appears to toggle hardware encoding or not. Can it be disabled altogether?

Nullabillity 2 ago 0 replies      
> and partnered with other manufacturers to make Cast-enabled TVs and speakers.

WTF? Just publish the damn API already.

skrowl 2 ago 1 reply      
I wish I could easily cast from Firefox or another privacy-respecting browser
eof 2 ago 0 replies      
Since this has happened my (gen 1) chromecast experience has gone almost totally to crap.

The built in functionality is supposed to be smart about down scaling for wifi speed, and thus has removed all options to do it manually; unfortunately it utterly fails (I believe because wifi speed is fine but the bitrate is too high for the hardware).

Lots of people don't like this update. https://productforums.google.com/forum/#!msg/chromecast/5IG1...

Streaming from my android is also much worse, with high bitrate streams that I used to consume regularly no longer working at all (e.g <1 fps).

I have been extremely happy with my chromecast until the last few months, and it honestly has become something I really dislike now.

flavor8 2 ago 1 reply      
Any chance for "reverse cast"? I would love to be able to cast from supported apps in my phone to a tab in my browser.
microcolonel 2 ago 1 reply      
If this means it's in the Chromium source tree, I'm very happy. Then there is an open source Google Cast client maintained by Google proper.

And it looks like that's exactly what they've done. https://cs.chromium.org/chromium/src/media/cast/?q=cast&sq=p...

No more needing to guess how to implement non-deprecated versions of the API when integrating with other players.

obilgic 2 ago 3 replies      
So now its called Google Cast, not Chromecast?
RevBooyah 2 ago 1 reply      
All in an effort to reduce its memory footprint...
surlyadopter 2 ago 1 reply      
" In the past month alone, people have casted more than 38 million times from Chrome, watching and listening to more than 50 million hours of content."

Apologies for the stupid question, but how exactly does Google know this? Is there some "send statistics home" function in the browser?

askvictor 1 ago 1 reply      
And yet, despite Google making a strong play for the education and corporate markets, Chromecast still doesn't work on enterprise wireless networks, effectively cutting out any use in those spaces.
johnnyo 2 ago 0 replies      
I hope Amazon FireTV supports this soon, or supplies a client. I've already got several of these sticks, and I'd love to be able to cast a tab up from somewhere on my network.
chrissnell 2 ago 3 replies      
It seems like Cast would be an inferior way to stream HD content to a TV for many users. If the source host is wifi-connected, you're tripling the amount of traffic that's passed through your access points: once from the content source (e.g. Netflix) to the laptop via the AP, then presumably from the laptop to the AP and back out to the Chromecast device.
leeoniya 2 ago 0 replies      
remembering my wtf from debugging phantom console errors:


dvcrn 2 ago 0 replies      
I was surprised to hear that not many people knew that Safari does something similar (kind of) with AirPlay. A lot of videos and content (on YouTube for example) can be Airplayed when using Safari, but not when using Chrome or Firefox.
a_thro_away 2 ago 1 reply      
It appears that Google will eliminate Chrome "packaged apps" in the next year; do I understand these to be locally installed apps? (I don't know Chrome). All apps after that must be on (a service?) the web. What could be the reason behind this?
tiles 2 ago 0 replies      
Since Google Cast has been open-sourced (upstreamed to Chromium), does this make it the de-facto alternative to Miracast? My Roku supports screen mirroring, but the fact that apps and companies are more keen on supporting ChromeCast has been frustrating.
mashlol 2 ago 1 reply      
I really want a feature that would allow me to cast from my phone to my desktop. I have a big TV plugged into my desktop but I can't cast to it from my phone, I have to remote in and manually control the desktop, it's painful.
balls187 2 ago 2 replies      
Thank you for the extra and unnecessary bloat on the main browser I use for work.
sfifs 2 ago 1 reply      
So will it work on Chrome for Android? It's not been available there yet.
breakingcups 1 ago 0 replies      
Yet for some reason the ability to cast HTML5 video's from my Nexus 5 has silently disappeared for months without a fix?
dingo_bat 2 ago 0 replies      
The time is coming for me to switch back to Firefox.
Vexs 2 ago 0 replies      
Can't say I'm surprised. It's built into android now too, and the cast extension has been showing a lot of change recently.
rblatz 2 ago 1 reply      
I'm hoping that the Sonos event tomorrow includes an announcement about supporting the audio portion Google Cast.
agumonkey 2 ago 2 replies      
I don't know if it's related but chromecast was a bit buggy. Reboot level buggy.
ForFreedom 1 ago 1 reply      
Can I cast a video playing on vlc or is it only from the browser?
Angostura 2 ago 1 reply      
Anyone know if this includes the iOS version?
denzil_correa 2 ago 1 reply      
I am unable to mirror Chromecast from my Mac. Basically, it mirrors the video but does not mirror the audio.
Baffling signal from HD 164595 is probably none of the above berkeley.edu
231 points by dak1  1 ago   41 comments top 12
lotharbot 1 ago 0 replies      
The comment I found most useful:

We believe a signal when

It is persistent. It appears at the same spot in the sky in multiple observations.

It only comes from one spot in the sky.

If we reobserve the target, the signal is still there.

Things that add to believability

Its frequency/period/delay does not correspond to known interference.

Its Doppler Drift rate indicates that it is exactly frequency stable in the frame of the center of mass of the solar system

Its properties (bandwidth, chirp rate, encoding) indicate intelligent origin.

Unfortunately the observing method used by the Russian team does not permit many of these things to be determine. 1. The signal was not persistent. 2. The signal was gone when the target was reobserved. 3. The signal frequency/period/delay cannot be determined. 4. The signal Doppler drift rate is unknown. 5. Many sources of interference, including satellites, are present in the observing band.

RileyKyeden 1 ago 5 replies      
[decoded alien signal from HD 164595]"...must be willing to relocate to San Francisco."
gp7 1 ago 6 replies      
I find myself frustrated at researchers who get frustrated at non-researchers being interested at all in their work. It's the same as the hypothetical megastructure; all the news is quite clear: no satisfying explanation is available. That's the news! That's interesting, even to people who decided not to devote their lives to astronomy!

People jump to the alien angle because it's interesting. The few left with that impression that aliens really are involved are likely not going to be dissuaded by more technical reporting

drmpeg 1 ago 1 reply      
bladedtoys 1 ago 0 replies      
> There's also nothing that could distinguish it from a satellite passing through the telescope field of view

There is no tool that automatically rules this in or out as a possibility? I would have thought it would be nearly trivial to build such a thing. Am I missing something?

erelde 1 ago 2 replies      
What is the user "bluestar" writing about in this thread?

I don't even understand the intent of the message.


maaaats 1 ago 2 replies      
What is the table with numbers they have in their signatures?
test6554 1 ago 0 replies      
okket 1 ago 1 reply      

 ... decoding, please wait ... ... analysing ... ... complete ... ... message content follows ... +++ U N S U B S C R I B E +++

redsummer 1 ago 0 replies      
Assuming there is really a signal.... The sum of the numbers 164595 is 30. The traditional 30th wedding anniversary gift is a pearl. I hereby name this planet Pearl.
alabamamike 1 ago 1 reply      

Nothing to see here, move along.

skc 1 ago 0 replies      
I somehow hate that he used the word "probably"

Takes the sting out of the piece.

SES-10 Launching to Orbit on SpaceX's Flight-Proven Falcon 9 Rocket ses.com
199 points by loourr  1 ago   79 comments top 6
walrus01 1 ago 2 replies      
It is really interesting to see that this is a very 'ordinary' commercial geostationary launch customer, and not a government funded research satellite. This is oversimplified, but traditionally, rockets that are in beta test mode are tested like:

1) static pad tests/firings of engines

2) all-up launch of the full rocket, carrying a boilerplate satellite with some instrumentation, maybe some cubesats or low cost small R&D satellites tagging along

3) one or two launches of government science payloads, or government-funded weather satellites, something like that

4) commercial launches begin

IgorPartola 16 ago 7 replies      
So knowing nothing about this subject, why do they pursue landing rockets, or at least landing them vertically? It seems like the hardest possible way to handle this problem, as opposed to for example what the shuttles did. Can anyone explain the reasoning behind this?
kilroy123 1 ago 8 replies      
I wonder if they'll really save money right away doing this. I imagine they'll spend a lot on inspections and getting things 100% right.

Either way, it's an amazing achievement.

johnm1019 19 ago 2 replies      
Hopefully someone can support/refute this: my off the cuff guess why this happened is because the discount on the launch price is about equal to the cost of building the satellite. So if it works, everyone is happy. If it explodes, they can build another one and aren't out any money (but are out time), and the launch costs for the next one are covered by SpaceX or insurance - however they have it set up.
Ffaine 16 ago 0 replies      
Whenever see a news about SpaceX it gives me goosbumps. I hope it will land successfully again.
castratikron 1 ago 6 replies      
Just wanted to say that the phrase "flight-proven" is genius marketing.
Paddle: Baidu's open source deep learning framework github.com
224 points by thinxer  1 ago   18 comments top 5
blackkettle 1 ago 1 reply      
Looks well put together, well documented. Quickstart tutorial was easy to follow.

Why should I think about using this instead of (or in combination with?) the plethora of other similar offerings out there?

ya3r 1 ago 1 reply      
One thing which is missing is a "model zoo", a place where people share models (usually well-known) pre-trained, which is very useful for starting to use a framework.

Although this repo https://github.com/baidu/paddle_paddle_model_zoo, suggests they might be working on one.

cs702 1 ago 6 replies      
Another deep learning framework, this time from Baidu.

Given TensorFlow's rising dominance with AI researchers and practitioners and the existence of other frameworks with large installed bases like Theano, Torch, and Caffe, I don't think this new framework has much chance of gaining wide adoption in the US or other markets in the West. In my opinion, TensorFlow's network effects are too large to overcome at this point.

However, Paddle could gain significant adoption in China, Baidu's home market.

EDIT: My opinion could be wrong. To find out, I've created an HN POLL so we can all see which deep learning frameworks the HN community would use to build new products and services today. Link to HN POLL: https://news.ycombinator.com/item?id=12391744

yalogin 1 ago 2 replies      
hansjorg 1 ago 0 replies      
Interesting project name. The authors seem to be telling us something about their philosophy of education :)
SRL Simple Regex Language simple-regex.com
273 points by maxpert  2 ago   132 comments top 46
Drup 2 ago 4 replies      
Regex combinators are a much better solution to that problem, for which I gave various arguments here[1]:

- You don't need to remember which regex syntax the library is using. Is it using the emacs one ? The perl one ? The javascript one ? that new "real language" one ?

- It's "self documenting". Your combinators are just functions, so you just expose them and give them type signatures, and the usual documentation/autocompletion/whatevertooling works.

- It composes better. You don't have to mash string together to compose your regex, you can name intermediary regexs with normal variables, etc.

- Related to the point above: No string quoting hell.

- You stay in your home language. No sublanguage involved, just function calls.

- Capturing is much cleaner. You don't need to conflate "parenthesis for capture" and "parenthesis for grouping" (since you can use the host's languages parens).

[1]: https://news.ycombinator.com/item?id=12293687

draegtun 1 ago 2 replies      
Barely touch regexes these days because for last few years I've been using Rebol / Red parse more and more.

Here's a translation of the first SRL example in the parse dialect:

 [ some [number | letter | symbol] "@" some [number | letter | "-" ] some ["." copy tld some [number | letter | "-" ]] if (parse tld [letter some letter]) ]
And here's a full matching example:

 number: charset "0123456789" letter: charset [#"a" - #"z"] symbol: charset "._%+-" s: {Message me at you@example.com. Business email: business@awesome.email} parse s [ any [ copy local some [number | letter | symbol] "@" copy domain [ some [number | letter | "-" ] some ["." copy tld some [number | letter | "-" ]] ] if (parse tld [letter some letter]) (print ["local:" local "domain:" domain]) | skip ] ]
Some parse links:

* http://blog.hostilefork.com/why-rebol-red-parse-cool/

* https://en.wikibooks.org/wiki/REBOL_Programming/Language_Fea...

* http://www.codeconscious.com/rebol/parse-tutorial.html

* http://www.red-lang.org/2013/11/041-introducing-parse.html

grondilu 1 ago 1 reply      
My attempt at the Perl 6 version of the example:

 rx:i/^^ [ <+ alpha + digit + [._%+-] >+ ] ** 2 % '@' '.' <alpha>** 2..* $$/
Notice that this avoids the repetition of a pattern.

Of course, it'd make much more sense to write a grammar:

 grammar Email { token TOP { <name> '@' <domain> } token name { <valid_char>+ } token domain { <valid_char>+ '.' <alpha>** 2..* } token valid_char { <alpha> | <digit> | <[._%+-]> } }

adamjcooper 2 ago 1 reply      
Consider changing "either of" to "any of".

The word "either" implies only two choices, making your opening example confusing when the first "either of" was really picking from three possibilities.

throwanem 2 ago 4 replies      
I like how the marquee example is of how to do something you shouldn't be trying to do [1] anyway.

In more general terms, if a regex is complicated enough that something like this seems to make sense, the problem is that your regex is too complicated, and you should fix that.

[1] https://news.ycombinator.com/item?id=12312574

parenthephobia 2 ago 2 replies      
I'm not absolutely sure this isn't a joke that got out-of-hand. This is the COBOL of regular expressions. :)

Whilst the conventional regular expression syntax is arguably overly compact, this is just too far in the opposite direction!

Something more PEG-like, or even Perl 6 regex-like, would make more more readable regular expressions whilst not completely throwing out everything we think things mean. Hell, even /x -- ignore whitespace and comments -- can make things much clearer:

 / ^ [0-9a-z._%+-]+ # The local part. Mailbox/user name. Can't contain ~, amongst other valid characters. \@ [0-9a-z.-]+ \. [a-z]{2,} # The domain name. We've decided a TLD can never contain a digit, apparently. $ /x
Tangentally, there's no point validating email addresses with anything more complicated than /@/. If people want to enter an email address that doesn't work, they can and will. If you want to be sure that the address is valid, send it an email!

glangdale 2 ago 2 replies      
We (the Hyperscan team) have spent a lot of time staring at regular expressions over the years (shameless plug: https://github.com/01org/hyperscan).

I think a better format for regex is long overdue, but this isn't it. It's way too verbose (other commentators also noticed the resemblance to COBOL). I'm picturing a Snort/Suricata rule with this format regex, and you've now doubled the amount of screen real estate per rule.

The real problems with regex readability are (1) the lack of easily grasped structure, so it's almost impossible to spot the level at which a sequence or alternation operates (PCRE's extended format and creative tabbing can help) and (2) the total lack of abstraction - so if you have a favorite character class or subregex you write it approximately a bazillion times.

kazinator 2 ago 1 reply      
Sane middle ground:

 $ txr This is the TXR Lisp interactive listener of TXR 147. Use the :quit command or type Ctrl-D on empty line to exit. 1> (regex-parse ".*a(b|c)?") (compound (0+ wild) #\a (? (or #\b #\c))) 2> (regex-compile *1) #/.*a[bc]?/

chubot 2 ago 0 replies      
I designed a similar but terser language in 2012:

The examples give the gist:http://chubot.org/annex/cre-examples.html

More justification: http://chubot.org/annex/intro.html

doc index: http://chubot.org/annex/ (incomplete)

I showed it to some coworkers in 2013 and got some pretty good feedback. Then I got distracted by other things. One of the issues is that I learned Perl regex syntax so well by designing this language that I never needed to use it again :)

I plan on coming back to it since I'm writing a shell now, and I can't remember grep -E / sed -r syntax in addition to Perl/Python syntax.

SRL is the same idea, but I think it is way too verbose, which it appears a lot of others agree with.

If anyone is interested in the source code let me know! It was also bootstrapped with a parsing system, which worked well but perhaps wasn't "production quality". So I think I will reimplement CRE with a more traditional parsing implementation (probably write it by hand).

PieterH 2 ago 0 replies      
What's missing in regexps IMO is composability so you can build larger patterns out of smaller ones, giving each a clear name. Replacing '[0-9]' with 'digit' doesn't really help much.
kazinator 2 ago 2 replies      
COBORE: common business-oriented regex.

Bonus: COBORE -> (Japanese) kobore -> -> /("spillage").

"Overflowing spillage of verbosity."

SonOfLilit 1 ago 0 replies      
I have a (mostly abandoned) side project with the same aim. I spent a lot of time thinking about language design, from the perspective of enabling adoption of a new language when an existing one has so much network effect:


If people like my direction, I may continue to work on it.

PieterH 2 ago 0 replies      
Looks like the COBOL of pattern matching, and frankly I like it.
keithnz 2 ago 0 replies      
Maybe this as a learning tool? I think it's much better to learn regex as is, no matter how ugly or terse you may or may not find it. It's pretty universal across languages ( with some annoying variations ). There's lots of online tools and programs that can help you decode or create regex, after a while it's not so hard to read/create. But also worth knowing a more comprehensive parsing tool or parsing techniques so you don't get too ambitious with regex :)
WhitneyLand 1 ago 1 reply      
I fully appreciate the problems with regex, but I don't think this is the right approach.

If you have fantastic tooling regex can actually be a pleasure

Unfortunately the best regex helper ever made seems to still be an old Windows app. But wow is it good: https://www.regexbuddy.com

I've seen online tools but they never seem to measure up.

nnq 1 ago 0 replies      
Side note on the API of the PHP lib implementing this: could we please stop using the fluent/query-builder pattern with closures?

It's the most disgraceful code style I've seen, and misleading: makes you mind think smth. async could be happening. I know Laravel popularized this, along with other ugly patterns, but let's stop cargo-culting this.

slantedview 2 ago 0 replies      
0xCMP 2 ago 0 replies      
I think this is really valuable. Just today I had a non-tech co-worker who needed to understand Regex for some tool we were using. I did the regex for him and (very briefly) explained it. Now this might be something he can more easily grok and use a translator (+ regex101.com to verify) to create more complex regex's he might end up needing.
junke 1 ago 0 replies      
See also:

Is there a specific reason for the poor readability of regular expression syntax design?


Grue3 1 ago 0 replies      
Reminds me of regex parse trees in CL-PPCRE. S-expressions are the simplest language of all! [1]

[1] http://weitz.de/cl-ppcre/#create-scanner2

buckbova 2 ago 0 replies      
Sometimes it's difficult to reason out an involved regex. I doubt I'd ever use something like this from code but I might use the translator.

Example based on their example.


ajarmst 2 ago 0 replies      
Demonstrative "that" adjective-connective-subjective "seems" infinitive-marker "to" verb-existential "be" verb-passive-gerund "missing" article-definite "the" noun-subject "point".
matt_wulfeck 2 ago 0 replies      
The author pits his project against POSIX regular expressions, but personally I feel that it's PCRE that rules the day. I find pcre regex significantly less verbose and easier to read.
edtechdev 2 ago 0 replies      
Very nice. Would love to see versions in other programming languages.

I'm very interested in examples that extrapolate this idea to other areas of programming and even math. And also work in the reverse direction.

Most of the examples I've found are old or not open source.

another example of english to regex:https://people.csail.mit.edu/regina/my_papers/reg13.pdfhttps://arxiv.org/abs/1608.03000

English to dateshttps://github.com/neilgupta/sherlock

English to a graph (network representation)https://github.com/incrediblesound/MindGraph

C to English and vice versahttp://www.mit.edu/~ocschwar/C_English.html

English to python:http://alumni.media.mit.edu/~hugo/publications/papers/IUI200...

English to database querieshttp://kueri.me/

onetwotree 2 ago 1 reply      
Hmm, perhaps useful for a teaching tool.

If used as such, it'd be really nice to be able to go the other way - a regex explainer if you will.

qwertyuiop924 2 ago 5 replies      
So we're replacing a universally understood syntax for a new one that was just invented, and is painfully verbose? I understood what the first regex was doing just fine.

This is a major step up in readability, so it's nice, and you have to invent a new syntax to do that, so I'll chalk that up as unavoidable. But did it have to be so verbose? SCSH/irregex's SRE had similar readability wins, with way less verbosity. You still have to learn a new syntax, though.

colanderman 2 ago 6 replies      
The first example:

is a total strawman, needlessly obfuscated. How about writing it like this:

which, while "scary looking", is at least immediately readable by anyone who knows even the basics about REs. If the argument for "verbose REs" is valid, it ought to stand up at least a typical standard RE.

Also, it's not clear that "letter" and "[a-z]" mean the same thing. Does "letter" include uppercase? Does it include non-ASCII letters like "[[:alpha:]]" does? Don't forget the weird collation behavior "[a-z]" sometimes encounters.

DonaldFisk 2 ago 1 reply      
If you're dissatisfied with the terseness of regular expressions, it's worth looking at SNOBOL4: http://www.snobol4.org/which has been around for decades.
lucio 1 ago 0 replies      
great work, nice site!There's a huge amount of programmer's time lost worldwide reading Regex expressions and trying to determine what the expression do. This a way better option for readability.
koytch 1 ago 0 replies      
Zounds, now that programming languages basically scrapped the idea to sound like English, regular expressions pick it up from the trash. And emulate Applescript of all, if I am any judge.
yegortimoshenko 2 ago 0 replies      
AppleScript, SQL, COBOL and others have all made the same mistake.
antiquark 1 ago 0 replies      
Cool, it's like COBOL for regexes. Now even managers can write them!
soci 1 ago 0 replies      
Looks like applescript, easy to read, impossible to write
malkia 2 ago 0 replies      
Anyone remembers: South. South. West. Look. Pick axe.

for the same reasons I'm having mixed feeling about cucumber and similar testing frameworks (BDB), that also rely on semi-english language to do things. It looks cool, and enticing, but hard to sell (to others), even If I myself am super-excited to see it in action (just because how crazy it looked the first time I saw it).

VMG 1 ago 0 replies      
This is really cool. I'm sure it can be improved, but a nicer high-level DSL for regex is something I have been looking for a long time now. Combinator libraries are nice but language-dependent.
crdoconnor 2 ago 0 replies      
My attempt at simplifying (a subset of) regexes:


EdiX 1 ago 0 replies      
Because if there was one thing regexp needed it was COBOL.
_pferreir_ 1 ago 0 replies      
Don't take me wrong, but I think that if anything this makes regular expressions harder to understand. The syntax is super verbose.
Eridrus 2 ago 1 reply      
I'm no fan of regexes, but I'm not a huge fan of this either; I would be interested in seeing existing convoluted regexes expressed like this for me in an IDE, but I don't like it as an input format.

I do wonder if having an EBNF compiler like ANTLR being more accessible would solve the readability & maintainability issues.

Cozumel 2 ago 1 reply      
'Regular Expressions Made Simple'

Regular expressions are simple. It's just a matter of putting a bit of time in to learning them.

coroutines 2 ago 0 replies      
Hey, remember that time we gave up regular expressions and went back to writing grammars? Right tool for the job..
kabes 1 ago 0 replies      
I hate languages that try to be like natural language, for the simple reason that I can't actually use natural language.I can't type: "I want something that has at least some letters at the beginning followed by an @ ..." or any other variation except the exact syntax they require. Maybe in 10 years if NLP has come far enough, but not when it's a simple parser like now. I think it's much harder to remember than a syntax that is completely different from anything else you know.

On the other hand, it did work for SQL...

tempodox 1 ago 0 replies      
This definitely has some entertainment value. However, if you want to make your code verbose, there is only one way to go. Use a language that needs just the following statement to produce a valid program:

Any other program statements are redundant.

rosalinekarr 2 ago 2 replies      
This is really cool, but my brain keeps getting stuck on the word choice. Every time I see the `literally` keyword, I hear a teenage, valley girl accent in my head.

"Literally, at sign."

"Like, literally, hashtag, guys."

I can't even.

Faaak 1 ago 0 replies      
For the sake of pedanticity, the regex he proposed as an example doesn't validate all possible email addresses (particularly ones that are simply @tld).
Google+ Redesigned plus.google.com
190 points by uptown  1 ago   266 comments top 47
ChuckMcM 1 ago 10 replies      
And now we have come full circle. The new Google+ looks like crap in my web browser because literally over 50% of the page is useless grey pixels.

The reason is that the page design assumes its on a mobile phone which its somewhat unique tall portrait orientation. And sure enough, looking at the page on my phone it looks a bit flat but it works well.

So now we are in a place in the web where browser users get the crappy UX experience because someone spent all their time focused on the other community and really didn't bother to make their pages responsive to both.

cromwellian 1 ago 4 replies      
Lots of posts in this thread are trying to find a "reason" for why G+ isn't beating FB. I think they're overlooking the obvious: Good Enuf + Path Dependency = Inertia. Simply put, the most amazing social network the world has ever seen, that executed perfectly on every front, is not going to suddenly displace FB. It's like asking why no one disrupted Windows pre-Web/pre-Mobile. Was it because alternative operating systems sucked?

IMHO, the big chance anyone had to disrupt FB was a paradigm shift away from social news feeds. That paradigm shift arrived with photo sharing and messaging on mobile, where increasingly people were just sharing pictures and text messages privately. However, Zuckerberg saw that one coming and acquired Instagram and WhatsApp to head off any disruption.

That shouldn't stop people from trying to innovate. But we should not regard being smaller than the leader as a failure. I use G+, Twitter, and FB, but I have the best conversations on G+. Twitter discussions are an exercise in frustration, and I find the signal/noise on FB to be worse.

There's a benefit sometimes to having a smaller audience.

awesomerobot 1 ago 7 replies      
What's it like to work on the Google+ team? are they all kind of blindly into it, or is there any sort of "yeah yeah, we know" there? I guess it's an exciting challenge maybe?
probably_wrong 1 ago 6 replies      
I wish Google had stuck to their guns, called Google+ a social network, and earned users over time.

Instead, they decided that 2nd place was not enough, said "just kidding, it was actually an identity service, no, wait, a content discovery platform, yes!", and turned into... whatever it is they are doing today.

They could have been the Facebook that is not Facebook, or in Randall Munroe's words, "all I really wanted"[1]. Too bad.

[1] https://www.xkcd.com/918/

whatever_dude 1 ago 3 replies      
"Redesigned", and yet, this is what I see on my desktop:


Seems like an awful waste of space.

Queue29 1 ago 8 replies      
This looks absolutely horrible on a 4k monitor http://i.imgur.com/jSlw0St.png
znpy 1 ago 2 replies      
Google+ shows "hot on google+ right now", and it's basically stuff that has gone very famous in south korea but makes no sense to me. And it comes from a guy (i think, because the name is written in hangul characters) that I am NOT following.

I am writing some feedback hoping that some googler will read this and improve something..

dleslie 1 ago 5 replies      
Fullscreen on my 16x9 display wastes the clear majority of screen space. Is having a single, centered column considered superior to alternatives?
Rygu 1 ago 1 reply      
The goo.gl short URLs in (parentheses) are really annoying. They totally hide the content behind the links.
HelloNurse 1 ago 0 replies      
I enabled two-column mode and I keep the menu open for company, so my screen is "only" about 1/3 to 1/4 empty and wasted. But this is the best case: if I click the post age (obvious...) I can switch to a single-post page. More exactly, I can make everything else disappear; on my 1600x900 screen the width of the post DIV increases from 475 to 530 pixels and text and comments are generously expanded.

But there's more! If I click inside the search bar, i get a 2 seconds pause to load "featured collections", "featured communities", "Suggested People & Pages" and "Suggested Posts" REPLACING THE PAGE I'M ON because Google clearly knows better.

rdslw 20 ago 0 replies      
Not many noticing that this redesign removed Events functionality and Google confirmed they have NO plans to reintroduce it. And is playing with addictive while not needed 'content discovery'.

In summary:* yet another redesign* mobile centric (looks like p on desktop)* removes important features (events, hangouts tight integration)* forces users into addictive content-discovery* works only now, the moment masses join it, lolcats will ruin it

Sorry, content discovery has NO value for humans at the level we have it currently. Content is everywhere. It's easy to find valuable content. Whole this content discovery concept is riding on the addictive behaviour of humans: I'm losing everything I dont know about, so I need to scroll newstream every 5 minutes. While it serves one purpose: page impressions stimulated by habbit/addiction.

It harms us. We don't need content discovery. Corpos need our eyeballs.

makecheck 1 ago 0 replies      
Hmmmmtheyve changed something so that if I log into Google+ in one tab, I must remain logged into Google in all other tabs. If not, when returning to the Google+ tab, it does the obnoxious Facebook thing of You must log in to continue.. And its not like I logged out of Google+; I logged out of some completely unrelated Google page (or at least, it sure should have been unrelated).

I want my context to be preserved in the tab that Im in. I didnt log out of Google+ so I should be logged-in still.

These are the basics. Before they Material-Design-the-hell-out-of everything, maybe they should create a foundation that works properly.

jeffehobbs 1 ago 0 replies      
LOL at all the janky looking shortened links (http://goo.gl/this) scattered throughout (http://goo.gl/that) the announcement. If theyre looking for a place to improve (http://goo.gl/othrthng), thats maybe a place to consider?
kin 1 ago 0 replies      
Home is like my Facebook feed, except with even less of my friends and even more ads (only because I follow companies).

Collections is like following random Pinterest boards created by other people. I don't know about others, but I like to follow official things, or things that have the most followers but none of that info seems to be surfaced. Featured really means nothing to me. Is it hand-picked? Randomly generated featured? Are they paid to be featured?

Communities are cool but it's really hard nowadays to beat the communities in subreddits. Anonymous users seem to give a lot more to the community in an unselfish manner vs. Google+ users seem to post in communities in a self-promoting manner. This could just be anecdotal and my subjective viewpoint but that's what I see.

I honestly don't know how Google can do social, but I'm glad they're trying different things. Hopefully they try something new.

Random thought: I find Slack very similar to Google Wave.

newscracker 1 ago 1 reply      
Several years on and we still have to deal with the fact that we cannot have good names for our URLs ("vanity URL" or "custom URL" or whatever else you'd want to call it). Want to share your profile with others? Here's a Google+ link with a long string of digits at the end. Want to share your Google+ community's link with others? Here's another Google+ link with a long string of digits at the end. Want to share your Google+ page's link? Here's yet another Google+ link with a long string of digits at the end. Want to shorten these links? Use the built-in shortener and get a shortened-yet-gibberish-like-link. Want to simplify these links for sharing using meaningful names in the URL so people can actually remember it? Oh, then just use bit.ly (or another better URL shortener) and create a custom one with whatever name you like (assuming it's available on bit.ly)! How hard is it to provide custom URLs? Does it cost Google millions of dollars to do this? Does it make maintenance of Google+ a lot more expensive? Facebook provides custom names to be used in URLs for one's profile, for pages, and for groups (first come first served and all that, of course). On Google+ you can do this for your profile (?) after you meet some primitive pre-conditions.

For something that's supposedly social, I'm deeply disappointed with how Google+ has been developed (read neglected) over time. I like some aspects of G+ (like the layout, font, font sizes, etc.), but two things that are grating are the lack of custom URLs and the unintuitive navigation scheme (compared to Facebook). I still post to G+ once in a while (although, there's really no audience there) and look for improvements with the hope that I can start nudging people away from Facebook and get more traction on an alternative platform (another walled garden, but at least not as evil, IMO). It's sad, for me, that even long wait times don't show much for progress. If the strategy seemed convoluted while Vic Gundotra was managing it, his departure left the platform languishing as if it were a part time project.

Anyone from the Google+ team reading this - firstly, please bring in basic stuff to the platform that's important for people to share, and secondly, please copy Facebook shamelessly in whatever it's doing well for user experience.

Lastly, thanks a lot for (reverting to and) retaining the freedom of users to use pseudonyms on the platform!

katpas 1 ago 10 replies      
I've always wondered why Google+ did so badly. I love google apps for everything but social. Seems like a missed opportunity to make something that moves away from Facebook as the norm.
dvh 21 ago 0 replies      
Whenever someone posts goo.gl shortened links, I look who reads it (it's public data): https://goo.gl/#analytics/goo.gl/Yn6mjA/all_time
ElijahLynn 8 ago 0 replies      
After having actually used the new G+ for a couple hours, the speed is amazing, especially on the Brave browser (probably because I don't have extensions slowing it down). Plus the ability to put links and images in comments finally brings that part on par with Twitter.

I think the people who do use G+ are going to use it a hell of a lot more now that it is so much faster. Plus the people who get frustrated by Twitter's 140 character limit from time to time may be easily swayed.

msl09 1 ago 0 replies      
Am I the only one that's afraid of getting emotionally invested on any Google product(or product update) because of the fear that shortly after Google will announce that will discontinue development of that service?

By the way, the new design looks great I just wished the performance could be better for Firefox.

[Edited for clarification]

runn1ng 1 ago 0 replies      
I literally cannot scroll the post itself down. It's stuck no matter what I do, so I will forever see just the first half of the article.

I usually hate one-note comments about the web platform of the postings, but since this is a blogpost about Google Plus webdesign, hosted on Google Plus... I guess it's telling.

No, I will not start using it again.

fiveoak 1 ago 2 replies      
It's too bad that Google+ never really caught on, but I'm not sure if redesigning it is enough to fix that.
millstone 1 ago 0 replies      
When I click on the Search field to type something, it loads a completely different page. Very unexpected and confusing.
neximo64 1 ago 0 replies      
Odd to see Google using a brute force strategy for this. They kill off their wonderful products and keep the bogus ones.
chrsstrm 1 ago 1 reply      
If anyone from Google is listening, this is probably a better place to vent than submitting a support ticket. I don't care what it looks like, +'s functionality has been broken for me for almost a year and it has killed how my entire family uses it. I went through great pains to teach my family to not send photos and videos over email. We all had Gmail accounts and we all used the Google Photos camera sync so it seemed like a great idea to teach them to share content within a Circle in +. It worked great for a while until out of nowhere I could no longer see any of my sister's posts. I went through both her and my account many times looking for permissions issues or errant blocks and found nothing. I submitted multiple support issues from both her account and mine and nothing. (And on a side note, I like the support feature that allows you to screenshot and annotate the issue you are having, but 90% of all issues I have in + are inside a modal window, which cannot be screenshot. You literally cannot report issues that happen inside a modal window, WTF?). My sister generated the majority of the content my family Circle consumed and now that she can't be seen, our entire usage of + has all but stopped. People have reverted back to emailing photos and videos and we're right back where we started...

I don't care what it looks like, if it doesn't work, I won't use it.

I also used the Hangouts on Air feature extensively and never understood why it had to be originated in + and why you _had_ to invite people. The best use case for this tool was to do screen recording that was automatically imported into YouTube but getting the right combination of + account and YouTube account and making sure you were authorized to use Hangouts on Air with YouTube was incredibly frustrating. Hopefully the new flow using YouTube Live will allow going on-air without forcing you to invite an audience.

And while I'm at it - suggesting people join Communities but hiding the fact that there are sub-topics in these communities was a huge dark pattern I hated. I joined the Linux community thinking I would see some interesting packages or hacks or discussions and all I found was perpetual posting of Wind0w$ is teh Suck memes and obvious spam. The _majority_ of my interactions on + was marking posts as spam and blocking users hoping content would improve, and it never did. It wasn't until much later that I figured out I could unsubscribe from sub-topics, if I could only find where they were listed.

zatkin 1 ago 0 replies      
>Last year we completely re-wrote the Google+ Web app from scratch. Rather than rebuild every nook and cranny that developed over the five year history of Google+, we started with a clean slate of the features people used the most (based on our data & research). We then released this preview version to collect feedback and find out what people missed the most of what we left out.

Proof that Google+ 1.0 was an enormous flop.


nilved 1 ago 1 reply      
I'm disappointed to see that Google is still pushing +. I almost left the platform when they tried to jam it down my throat last time, and it seemed as though they'd come to their senses and shuttered that misguided project. I'm genuinely surprised to see that people are still working on it.
HelloNurse 20 ago 0 replies      
The Google+ team appears scrambling to address user feedback: clicking the search bar I got the obnoxious page of featured content replacing the page I was reading, but it had a blocking popup that, when clicked, bounced me to the featured collections page.

Not only Google+ knows what I should be reading better than me, but their left hand knows better than their right hand!

leshow 1 ago 1 reply      
Why is it only using 20% of my screen? the vast majority of the page is a grey background
slackoverflower 1 ago 1 reply      
The Apps for Work integration is going to be interesting. Google should just clone Slack and make Slack Plus tier features free on their service. That would literally steal thousands of communities and companies.
electic 1 ago 1 reply      
Mobile and web aside, the amount of dead space in each of these pages is absurd. A lot of the pixels on the screen are just white or grey. One would argue, this is one of the major drawbacks of material design.
AStellersSeaCow 1 ago 4 replies      
There was this super weird club in my high school who went out to hospitals and gave long-term patients (mostly vegetables who were on indefinite life support) ghoulishly gaudy makeovers. They seemed to have no motivation in doing this "community service" beyond their own weird self-satisfaction. Didn't really seem worth challenging them over the utility/sanity of their efforts, but damned if anyone thought it was a good use of their time.

Anyhow, what's this thread about?

wickedlogic 1 ago 0 replies      
/me loads page in full browser tab, notices google still limiting single column width to less than 1/4 of my screen, closed page. Still missing the basics.
balls187 1 ago 0 replies      
What the heck. This looks terrible in firefox.


Raphmedia 1 ago 0 replies      
My main issue with G+ is that every time I get back on it (few time a year) the layout is so different that I get tired and leave after scratching the surface...
jonobird1 1 ago 0 replies      
They'd be better off pivoting rather than wasting time on redesigning something no one wants. /end brutality
thr0waway1239 1 ago 0 replies      
Is it just me, or do other people feel like the press release was translated into English from a different language? As if it wasn't already hard enough to use Google Plus, even their press release is hard to read.
pbarnes_1 1 ago 1 reply      
If anyone from Google+ is reading this:

Please allow me to remove shit from my 'recommendations'.

In between Android developer things which I like, I'm getting weird-ass pro-Trump BS that looks like Stormfront. I guess this stuff is all that's left on G+, but still. Not interested.

appleflaxen 1 ago 0 replies      
It makes me so sad that products like picasa, sketchup, wave, and google labs projects like google sets got decomissioned, but google plus lives on.

Meanwhile, they are trying to make the guber car service.

It's hard to understand from the outside.

ElijahLynn 1 ago 2 replies      
As a daily user of G+, this is great news! I am so tired of micromanaging characters on Twitter. I just want to express an idea sometimes without using extra CPU cycles. I only have so many of those available each day and I don't want to use them on Twitter.

It just needs more users. It is great to follow developers on.

Here is a seed list of active G+ users that may be relevant to you (remember how empty it was when you first signed up for Twitter? You had to follow some seed people...):

https://plus.google.com/+ElijahLynn (Elijah Lynn, myself, web developer)https://plus.google.com/110558071969009568835 (Koushik Dutta, Android dev)https://plus.google.com/+JonoBaconProfile (Jono Bacon, former community manager for Ubuntu)https://plus.google.com/+ChrisWeber (web developer)https://plus.google.com/110043970153071176315 (Chad McCullough, Linux/BSD guy)https://plus.google.com/+UrsHlzle (Sr. VP of Tech Infrastructure @ Google)https://plus.google.com/+DerekRoss (Phandroid)https://plus.google.com/+KirillGrouchnikov (User interface engineer on the Android project at Google)https://plus.google.com/+LukeWroblewski (Author of Mobile First, Product Director @ Google)https://plus.google.com/+BensonLeung (USB cable guy, Google)https://plus.google.com/+DaedTech (Software Engineer, Writer)https://plus.google.com/+IlyaGrigorik (Performance Engineer at Google)https://plus.google.com/+DanielleBuckley (G+ Team at Google)https://plus.google.com/+ChetHaase (Sr. Software Engineer at Google)https://plus.google.com/+GoogleChromeDevelopershttps://plus.google.com/+googlehttps://plus.google.com/+GoogleMapshttps://plus.google.com/+JonathanZacsh (Software Engineer)https://plus.google.com/+AddyOsmani (Engineer at Google)https://plus.google.com/+DonnaPeplinskie (Front end developer)https://plus.google.com/+NityaNarasimhan (Engineer, Consultant)https://plus.google.com/+IanHickson (author and maintainer of the Acid2 and Acid3 tests, Google)https://plus.google.com/+JeffreyZeldman (A List Apart)

Not active but still:https://plus.google.com/+LarryPagehttps://plus.google.com/+SergeyBrinhttps://plus.google.com/+EricSchmidt (former CEO at Google)https://plus.google.com/+SundarPichai (CEO at Google)

iza 1 ago 0 replies      
At least the navigation is sane now which is a huge improvement.
wazoox 1 ago 0 replies      
The only social network I'm using is Google+. As long as the new version doesn't allow me to have 3 columns display on my PC, I'll stick with the old version.
TheHippo 17 ago 0 replies      
No events anymore. This was one of the most useful features that G+ had.
hackuser 1 ago 2 replies      
To use it, do I still need to share my real identity with Google? With the world? If so, is that just policy or is it enforced somehow?
edwinyzh 20 ago 0 replies      
Hello G+ team, please give me code syntax highlighting. Thanks.
XzetaU8 1 ago 1 reply      
"Rearranging the deck chairs on the Titanic" was never more apt than now.
balls187 1 ago 0 replies      
What the heck. This looks terrible in firefox.
lolive 13 ago 0 replies      
What is Google+?
       cached 1 September 2016 04:11:02 GMT