hacker news with inline top comments    .. more ..    22 Oct 2016 Best
home   ask   best   3 years ago   
1
All Tesla Cars Being Produced Now Have Full Self-Driving Hardware tesla.com
1352 points by impish19  2 days ago   1063 comments top 111
1
hipshaker 1 day ago 26 replies      
Isn't this hackernews??

So many "but what if this and that and this..." & "and yeah let's see if it can handle X & Y"

This is the iPhone 1 of self-driving cars!That's akin to saying Apple should have waited to release their phone until iPhone 7 "because of this & that & this..."

Don't we have to start somewhere??Aren't there supposed to be a big user base here who understands that it's an evolutionary process - we build the plane before we build the rocket before we shoot people into space?

Oviously the perfect self-driving car is still some way off, but I for one am thrilled this race is on!

2
luma 2 days ago 13 replies      
I think what people are missing here is an understanding of how these systems are tested and deployed at scale. While I have no involvement with Tesla I do have first-hand knowledge of similar programs at tier 1 automotive suppliers.

The suppliers provide (or are looking to provide) an electronics suite to car manufacturers. The car manufacturers want the system to be safe lest they be sued out of existence. One part of that will include contractual requirements for the system to have clocked n-kilometers on the highway in full (or partial) operation. For example, one project had a requirement for car(s) with full sensor data recording and partial automation enabled for 1 million kms.

The automotive suppliers will outfit a handful of, say 2019 model year test cars with the proposed sensors in the correct place and drive them around roads and highways in the specified conditions. Outfitting the cars can be expensive with prototype hardware, collecting the resulting data is a pain, and as a result the suppliers I'm familiar with run a (relatively) small number of cars for a lot of miles to record all that data.

The point of all this is to collect sensor data for resimulation as models are developed and trained. If an exceptional event occurs, they can modify the driving model, then "replay" the new model against all prior collected data to make sure the change doesn't do something unexpected elsewhere.

This process takes a lot of time (years) to pursue in this manner. What Tesla is doing is deploying the hardware in the field, then using the deployed systems to collect data to be used for the development of the automation platform. Instead of a couple of test mules they can use every single car they sell and let you drive it around for them while they record the results. Data collection that would take years can happen in weeks. This is a brilliant shortcut to the process and it puts them a couple years in front of the competition.

3
Animats 2 days ago 7 replies      
More cameras. Better sonars (very short range). Better radar processing, but apparently the same old single radar at bumper height. Still no windshield-height radar. No radar scanning in elevation. No LIDAR.

That's a better, but still weak sensor suite. It's probably enough for freeway driving under good conditions. It's far below Google's sensor suite. Or Volvo's.

Now they just have to write software smart enough to not plow into stationary vehicles on the shoulder. There are videos of three separate Tesla crashes where the Tesla plowed into a vehicle partially blocking a lane.

There have been several announcements of low-cost solid-state LIDAR units for automotive. Quantergy announced last year, but didn't ship.[1] Innoviz announced this year to ship in 2018.[2] Advanced Scientific Concepts can't get their costs down.[3] (They have a great unit that costs $100K; the Dragon spacecraft uses it during docking.) Those are all-solid-state devices. There are also some companies trying to use MEMS mirrors, like TV projectors. Eventually somebody will get 3D LIDAR technology working at a low price point, but it hasn't happened yet.

[1] http://www.quanergy.com/products/[2] http://spectrum.ieee.org/cars-that-think/transportation/sens...[3] http://www.advancedscientificconcepts.com/applications/autom...

4
thesimon 2 days ago 11 replies      
If you go to the order page of the Model S, it says for the "Full Self-Driving Hardware":

>Please note also that using a self-driving Tesla for car sharing and ride hailing for friends and family is fine, but doing so for revenue purposes will only be permissible on the Tesla Network, details of which will be released next year.

Interesting decision.

5
scraft 1 day ago 6 replies      
Interesting for two reasons:

1. It is a self driving car, it is so clearly the future, I wish it existed now, it is going to be awesome (in my opinion).

2. Despite knowing about and following news about driverless cars for a while, there was something surprisingly (to me) compelling about watching the video. It's like you get a little taste of the full A to B that it can give you (door to door).

Who wants to speculate how long it will be until self-driving cars are common place in the UK? I need to know how long I have to save..!

6
simonsarris 2 days ago 5 replies      
How interesting. So up-coming Tesla drivers temporarily won't get fancy features.

For a time, new Tesla buyers again become early adopters. But unlike traditional early adopters, who take a trade-off (on price, or features, or polish) for being first, these adopters are promised the features when they are ready.

The nay-saying around Tesla is immense, even in these early HN comments. Obviously there's some risk here, but man. Tesla is sowing the seeds of the future.

7
spIrr 1 day ago 6 replies      
From 00:50 to 01:10, why is the car driving in the left lane, when the right lane is clearly not turning? It's strange to see this behaviour as someone living in Germany, where you are supposed to, by default, drive in the right lane if you are not overtaking another car or there is a traffic jam...

EDIT: also, did it turn into the wrong lane at 2:25-2:30? is this a security risk?

8
11thEarlOfMar 2 days ago 9 replies      
> Teslas with new hardware will temporarily lack certain features currently available on Teslas with first-generation Autopilot hardware, including some standard safety features such as automatic emergency breaking, collision warning, lane holding and active cruise control.

Not sure what to make of this. New buyers are getting less than current owners now, but expected to get much more later?

I can't think of a precedent for this as a marketing approach in modern consumer products.

9
bflesch 1 day ago 8 replies      
Truly impressive. I wonder if the Model 3 will also be fitted out with all the sensors and cameras. If yes, I'll definitely get one.

As a German citizen, it really bugs me that Volkswagen is incapable of this kind of innovation. I don't see their roadmap play out like they plan it, because Tesla might beat them to market hard. I fear German regulation will jump in (again) to help them against Tesla.

Currently, the German government gives out electric vehicle subsidies (~5k per car), but it is limited cars less expensive than 60k. At the moment there is very low demand for this subsidy, because everyone who goes EV wants to go Tesla.

10
hacker_9 1 day ago 5 replies      
> "The person in the driver seat is only there for legal reasons"

> Person gets out and let's car park itself

But seriously the tech is very impressive. The journey was rather simple though, and didn't cover more difficult areas (inner city driving, heavy stop start traffic, roadblocks, road accidents and so on). I hope that Tesla test these things thoroughly because they've already got one death under their belt, it won't take many more to put people off completely.

12
EA 1 day ago 5 replies      
Police departments around the country are going to see a loss of revenue. No more rolling through stop signs, illegal lane changes, or speeding tickets.
13
mparlane 2 days ago 2 replies      
How sure are they that this hardware revision is going to be what is required? I feel like at any point in time you can make an assumption about the hardware requirements to only discover in future that you could have actually done it with just a software update if the CPU had one more core. They'd have to be pretty sure this HW rev would meet their future demands for self-driving right ?
14
hash-set 2 days ago 9 replies      
I get that tech companies want self-driving cars really bad because they smell billions of dollars in "disruption" but no matter how good AI gets, I have a suspicion it won't actually do better than a decent human driver can do. It's not about processing speed, it's about experience and reflexes, which granted, not everyone has.

Let's see a self-driving car win a Formula 1 race--and even that controlled racetrack environment isn't the same as the real world! It's actually harder to drive on the typical American roadways than it is to be on a track.

And yes, I am aware that AI stuff is improving exponentially or whatever, but the more I think about this, the more I think it is mostly a pipe dream to grab headlines and be a "look over here" type distraction for the purposes of raising funding.

In terms of safety, people will still lose their lives, they will just die from different kinds of car accidents than the kinds we have now.

15
ahunt09 1 day ago 0 replies      
The video was too edited for me to have confidence. There was a moment at about 2:05 where I was interested to see how it handled the termination and merging of the lane -- but then we cut away before that happened. Or at 1:30 when there's no big sign post in the median, and then switching to left-rear camera, there we pass one. It's a nice narrative on the future, but it's far from proof of comprehensive functionality.
16
S_A_P 1 day ago 9 replies      
So what do these cars do when the hit a puddle of mud and it covers all the cameras. Will there be a new form of vandalism where someone puts scotch tape over/destroys the vehicles cameras and now your fancy autonomous vehicle is rendered incapacitated. Maybe this seems unlikely or ridiculous, but the dependence on cameras at points on the car that seem likely to get dirty and or damaged seems to be a risk to me.
17
Walkman 2 days ago 0 replies      
So you buy a "regular" car today which will be automagically converted to a self driving car when all the regulations and software catch up. That's pretty cool. You can buy into the future today :D
18
dyarosla 2 days ago 3 replies      
From the car purchase page, it seems that they are charging an additional $13,200 (combining the addons Enhanced Autopilot and Full Self Driving capability at $7,900 and $5,300 respectively) for the full experience:

https://www.tesla.com/en_CA/models/design

19
mentos 1 day ago 1 reply      
I had hoped to see this technology occur in my lifetime, I said to myself "I hope I live to see the day" a few years ago. Here it is in 2016, obviously its just a highly controlled demo but it has connected the dots. I'm confident the technology is there and the hardest work will be overcoming legislation and politics.

But does anyone else find this bittersweet?

I had an awesome moment of pride for what Tesla and Elon have done here. The dream is now reality.

Followed by a moment of sadness. The dream is now reality..

20
KKKKkkkk1 2 days ago 1 reply      
The former head of Google's self-driving car project has said that self-driving cars are decades into the future.* Even if that's too pessimistic, nobody today knows what a self-driving car will look like, what kind of algorithms it will run, and what kind of sensors it will need to get there. I'm afraid this pronouncement is another sign that Mr. Musk is taking his investors for a ride.

* http://spectrum.ieee.org/cars-that-think/transportation/self...

21
bitL 1 day ago 0 replies      
All German car manufacturers are now fitting their cars with hidden passive sensors for collecting data related to human driving with the intent to use these data for autonomous driving. Their main problem is the cost of transmission, i.e. they are considering buying mobile networks/towers and piggyback on mobile traffic. Then obviously feeding these data to huge datacenters with the projected flow of up to 2MB/s from a single car.
22
stefanv 1 day ago 1 reply      
I wonder who decided/approved the use of a song about death and funeral procession (Paint it Black by The Rolling Stones) in a video about "driving" without hands on public roads...
23
jsingleton 1 day ago 0 replies      
Direct link: https://player.vimeo.com/video/188105076

This is also the video embedded in the main press release (discussion: https://news.ycombinator.com/item?id=12748863) and this news article: https://www.theguardian.com/technology/2016/oct/20/tesla-rel...

24
studentrob 1 day ago 4 replies      
Is this video sped up to make it seem like the car is more capable?

It seems jumpy, and, for the speed at which the car is going and comes to a stop, there is not as much lurching as I would expect.

25
bnycum 1 day ago 1 reply      
I was thinking of this idea the other day when I came to an intersection where a stop sign had been hit. It was now bent in a way that faced the highway that did not have to stop. I was on a highway with no stop signs or lights for miles. What would the self driving car do in that situation? For both sides of the intersection.

Then I thought about another intersection by my old house. For years the cross street had to stop for traffic on the main street. One day I went to work, then I came home and it was all the sudden a 4-way stop. No database of stop signs could work either unless it was updated to the minute.

26
JonoBB 1 day ago 1 reply      
At just after 3.23, when the car is parking, it looks like that rear wheel is going to hit the curb, and then it suddenly cuts away to the next scene.

Maybe there was enough turning angle to miss it, but I dunno...it looked pretty close to me.

27
Darthy 1 day ago 0 replies      
To be safely aware of its surroundings, an autonomous vehicle must have two types of sensors in each direction - this setup is not safe enough.

I would also have proof of 10 million kilometers of simulated rides with no accident, and a third party organization not under the control of Tesla who creates some really tough repeatable challenges, both simulated and in the real world, that a vehicle manufacturer has to pass.

Challenges should include:

- thin wire tensioned over the street.

- the combination of super heavy rain with lighting, thick fog and people suddenly running onto the street

- passing by a soccer field and ball bounces over the street. Car should stop because it can be reasonably expected that a child will run blindly onto the street after the ball

- have obstacles that minimally invade into the minimum clearance outline of the current planned course. Car should plot an alternative course if it is possible or stop. Obstacles should appear in the last moment possible and car should always do the right thing.

- proof that the car can always detect street boundaries, any obstacle, and especially humans. It should be 100% correct or side on the safe side every time. At night, in a rain storm with super thick smog and hail. I'm not joking.

These are the minimum limits before any self-driving car should be able to drive on public roads, imho.

28
NegatioN 1 day ago 2 replies      
So, both Nvidia and Tesla are working on self-driving cars based on the sensory data mainly from cameras mounted on the car, which are then run through X number of RNNs to generate models to operate on? While Google pursues their LIDAR-approach?

What other players are operating in this space? And what's their approach?

29
pyb 1 day ago 5 replies      
No bad, but it still needs to be taught to keep to the right. Unless this is how people normally drive in the US ?
30
mklarmann 2 days ago 3 replies      
It was already announced before, that the hardware is included. And it was clear, that it is meant to be used for autonomous driving. And as they do not have autonomous driving yet, this is indeed just hot air... How would they know it is completed if there is no demonstration of it actually working?
31
marricks 2 days ago 2 replies      
Quite interesting that while this is happening,

> Tesla's with new hardware will temporarily lack certain features currently available on Teslas with first-generation Autopilot hardware

Which makes sense, as they'll be pulling in all that new data from the sensors. I guess people won't be too disappointed owning a car that will eventually be able to be fully autonomous!

32
mkagenius 1 day ago 2 replies      
Amazing.

It does give a feel of bus/train when the owner gets off and the car heads to its next job.

I wonder if you need to _buy_ cars when complete autonomous cars start to roll.

33
amluto 2 days ago 2 replies      
> To make sense of all of this data, a new onboard computer with more than 40 times the computing power of the previous generation runs the new Tesla-developed neural net for vision, sonar and radar processing software.

40 times the performance of a Tegra 3 is not particularly impressive.

Also, I sincerely hope that this new faster computer doesn't also run a web browser.

34
jasonallen 1 day ago 1 reply      
When this becomes real, the next question becomes "why own the car"? What's the benefit of having it sit in a parking lot for 8 hours until I'm ready to go home. Seems like the future will become more Uber-like, where I call up rides whenever I want, and don't worry about parking, maintenance, etc....
35
nateberkopec 1 day ago 0 replies      
If I was Tesla, I wouldn't have sped up the video at all. People are going to think this car drives like a maniac.
36
Element_ 2 days ago 6 replies      
Will this new neural net and hardware be capable of advanced object detection?

For instance if a plastic bag or piece of cardboard rolls across the highway a human driver knows it's safe to run over without stopping. Would a system like this just see an obstacle via radar and emergency brake?

Google has been working on this problem for longer and they have access to the largest image/video datasets in the world to train their models. I wonder how google and tesla systems would compare.

37
tzakrajs 1 day ago 0 replies      
The off-ramp scene seemed precarious like a pinball down a bumper lane.
38
ajmurmann 1 day ago 2 replies      
About self driving cars in general: I am very concerned that self driving cars and speed limits are going to be a very annoying issue. I can see them drive way slow in semi-complicated situations annoying all other drivers. There are also many places in the county where it's normal and seemingly expected to go 5-10mp/h over the speed limit. Of course self driving cars will stay under the posted speed limit. I hope that in the long run we will be able to innovate on how we deal with speed limits especially once the human driven cars are off the road and hopefully illegal. But till then I can see lots of road rage coming from this.
39
shas3 2 days ago 1 reply      
This is a sign of the utter commodification of hardware and the possibility that a majority of innovation in the future (with the exception of low-power wearables) lies in the realm of software and algorithms.
40
grondilu 1 day ago 1 reply      
I think the most impressive part is the end, when the car looks for a parking spot.
41
cs702 1 day ago 1 reply      
Very impressive...

BUT the car was driving itself in ideal conditions, with high visibility in all directions and amidst light traffic.

What I'm really hoping to see is a video of the car driving itself in more dangerous situations, such as in the middle of heavy rain or thick fog that limits visibility, or at night on a dangerous stretch of highway with lots of trailer trucks zooming by, or surrounded by tired angry drivers on a major holiday in a popular route with bumper-to-bumper traffic.

When self-driving cars can successfully navigate those and other similarly dangerous scenarios, we will know the technology is ready.

42
misiti3780 1 day ago 0 replies      
Does anyone know how many people Tesla employs that are dedicated to working on the self driving software?
43
x2f10 1 day ago 1 reply      
I'm probably too late to ask, but how do self-driving cars handle 4-way stops? How does it know when it's time to go?
44
pauljurczak 1 day ago 1 reply      
Hardware performance is not a problem for Level 5 autonomy - the software is. If Tesla insists on deploying full self-driving capability in the next couple of years, they will be litigated out of existence. We are a few decades away from autopilot to "understand" what it is doing. Right now it is just parroting the most common scenarios. This may be as good or slightly better than the average driver, but it still will result in many deaths, if deployed in hundreds of thousands of cars. Unless Tesla somehow shields itself from legal liability, it will be sued to oblivion.
45
revelation 2 days ago 1 reply      
Teslas with new hardware will temporarily lack certain features currently available on Teslas with first-generation Autopilot hardware, including some standard safety features such as automatic emergency breaking, collision warning, lane holding and active cruise control

Right, so they are actually announcing that their new cars now have less automation capabilities. I can't keep track with all the "autopilot" hardware they have deployed to date, MobilEye, BOSCH Radar, own software hacks, then this completely new one..

Not to mention that they have sold thousands of cars with the same Autopilot brand and "fully autonomous soon" messaging that will now likely never get there.

46
modeless 2 days ago 3 replies      
So self-driving will be a standard feature of Model 3, not an option? Pretty cool if they can make it work. I'm skeptical that the computer (NVIDIA Drive PX 2 perhaps?) will have enough power to do it all without LIDAR.
47
dperfect 1 day ago 1 reply      
It is quite impressive, but I'll honestly have a hard time getting excited about self-driving cars until I see a demo of driving at night in a snow storm (heck, even heavy rain would be nice to see) around road construction, poor signage and faint lines on the road. Believe it or not, those kinds of conditions are fairly common in places outside of California, and until we have self-driving cars that can do really well in those conditions, this is basically just a fun demo in my opinion.

I'm really not trying to downplay the hard work and technical merit of Tesla; sped-up video and opportune edits aside, it is very cool. But I can't help but feel that it's a bit like showing off (to the world) your shiny new web app that only works in IE with ActiveX installed, only if your name is "demo user", and only when the planets are in perfect alignment - or in other words, a functional prototype by anyone else's standards. It's a great achievement, but we're certainly not "there" yet - if that's what it's trying to communicate. And yes, the "Full Self-Driving Hardware" headline certainly seems to suggest that (at least) the hardware is "there" now, and that it's only a matter of software iteration to be done.

Before you respond with the typical "but those are just nitpicky details" or "this is only v1; v2 will be able to solve those things easily", let me say this: going from this to a system that can handle challenging road conditions is not just a matter of software iteration. Since poor road conditions threaten the reliability of sensor data itself, we're talking about a problem that gets increasingly more difficult. The most sophisticated software in the world can't do anything if cameras and sensors are frozen or obstructed, and when signage and lines are lacking, the software must rely on more and more human-like levels of AI inference - not just about driving, but about the complex world in general.

48
awqrre 1 day ago 0 replies      
Good thing the car didn't take off for a joy ride after dropping off the customer... might have became a legal issue.
49
RLN 1 day ago 4 replies      
Looks like Tesla self driving cars 'dry steer', something that my driving instructor always told me not to do.
50
shawn-butler 2 days ago 2 replies      
So, I am buying hardware I can't use solely for the purpose of providing data to a for-profit company for free to improve its product for another generation of customers?
51
notliketherest 2 days ago 0 replies      
This is awesome! Talk about a huge training data competitive advantage over Google, GM, Uber, etc
52
mrkgnao 1 day ago 0 replies      
> While this is occurring, Teslas with new hardware will temporarily lack certain features currently available on Teslas with first-generation Autopilot hardware, including some standard safety features such as automatic emergency braking, collision warning, lane holding and active cruise control.

Um.

53
JBiserkov 1 day ago 1 reply      
Video is well done, the car seems amazing.

Offtopic: There seems to be a bug, the video being uploaded twice:

https://www.tesla.com/videos/full-self-driving-hardware-all-...

https://www.tesla.com/videos/full-self-driving-hardware-all-...

The second one redirects to the first. The first contains two links to the second, below and on the right "Next video". I clicked for quite sometime until I figured what was happening.

54
codeulike 1 day ago 0 replies      
Here's the video of it in action, an autonomous drive to the Tesla factory

https://www.tesla.com/videos/full-self-driving-hardware-all-...

55
nradov 1 day ago 0 replies      
The Jalopnik review of the video was pretty critical, essentially claiming that the test was done under the best possible conditions and this doesn't demonstrate that Tesla is getting any closer to automatic driving on more typical roads. (I don't know whether that's right or wrong, just thought it was an interesting analysis.)

http://jalopnik.com/teslas-proof-video-for-their-self-drivin...

56
tn_ 1 day ago 1 reply      
This is very awesome and just one more step in moving towards a completely automated world. Everyone's commutes everyday is just a gold-mine of mostly unused data-points. There are solutions out there right now like Waze / Google Maps that'll redirect users around accidents. Can you imagine how crazy it'll be when our roads become even smarter based on individual users. For example, if there are people who "logged-in" to a road that enjoy driving faster, then this self-aware driving car can go in the lanes that avoid certain dangerous users.
57
vladimir-y 1 day ago 0 replies      
When it will be possible to use Tesla having no driving license? So I just get in the car as a passenger, like a taxi, but without a driver.
58
fareesh 1 day ago 0 replies      
1) If a self-driving car is involved in an accidental death. Is the justice system equipped to effectively hold a trial where information like logs, debugging information, etc. are discussed in court to validate whether or not there is any liability on the part of the manufacturer, considering the car is driving itself?

2) What happens in the case of bugs or system-level crashes? What is it about car software that makes it "not broken" compared to the other software we write?

59
kozak 1 day ago 0 replies      
They have a pretty interesting description of their radar images: "...because of how strange the world looks in radar. Photons of that wavelength travel easily through fog, dust, rain and snow, but anything metallic looks like a mirror. The radar can see people, but they appear partially translucent. Something made of wood or painted plastic, though opaque to a person, is almost as transparent as glass to radar".

So my question is, where can I find such images? Or can I buy such a radar and tinker with it myself? What wavelength are they speaking about?

60
achou 1 day ago 0 replies      
Compared to the autopilot I've experienced in my model S, this video shows these features (and probably some more I missed):

- following a path from a map instead of following a specific lane of traffic.

- turns

- recognition of stop signs and light signals

- highway onramp and offramp

- self-parking that finds its own parking spot and works without driver in the vehicle

- better music than I have on my playlist

62
amenghra 2 days ago 0 replies      
I wonder how they balance their development process for the algorithms with the upgraded sensors vs the code that runs with older sensors as input. Do they maintain two different teams? Back port improvements?
63
probe 2 days ago 2 replies      
Can someone speak to Tesla's approach of collecting real-world data, and Google's approach of "simulating" roads and conditions and running self-driving models on that (so technically their vehicles drive millions of miles on simulated roads).

Intuitively Tesla's approach makes more sense, but would love to hear someone with domain knowledge on how much of a difference it can actually make (after all, you need quality training data and Tesla may now have to navigate through significant more noise).

64
tonylemesmer 1 day ago 1 reply      
"The person in the driver seat is only there for legal reasons" - how do Tesla reconcile this with the "summon" feature? How can they market the summon feature and say the Tesla could find you on the other side of the country unless it has someone in the driving seat touching the steering wheel?
65
hokkos 1 day ago 1 reply      
I wonder, do they upload all the camera videos taken during driving in grayscale low-res video through 4G to be computed though their neural net at Tesla ?What hardware do they have in the car to process the video, the Jetson TX1 can use up to 6 cameras or 1400 Mpix/s, but they probably use low-res output for neural net usage.I wonder what drivers think of their privacy.
66
sssilver 1 day ago 1 reply      
Man I sure hope human-driven vehicles/internal combustion engines won't be deemed illegal in my lifetime. I still enjoy driving my motorcycle down the road, feeling the engine vibe on my fingertips, and hearing it click click rumble rumble vroom. This video made me worry.
67
tlb 2 days ago 1 reply      
*braking (not breaking). You'd think car company staff would know how to spell a word representing 1/2 of the control space of a car.

edit: fixed, never mind.

68
relics443 1 day ago 0 replies      
1. I want this!!!!2. Too much anxiety, I'll wait until they have a couple billion more miles
69
andys627 1 day ago 0 replies      
I'm curious to see when cities will start changing their zoning for this new reality. The most exciting to me is elimination of parking minimums - these add a lot to the cost of building anything and take up very valuable/well located space.
70
sixdimensional 1 day ago 1 reply      
I feel like this video would have been even more awesome if Elon himself had been the passenger!
71
Gustomaximus 1 day ago 0 replies      
Another reason we want better battery life on phones. I can imagine a scenario when your car goes and parks itself and you come looking for it without phone battery. Super cool though. Love how they are challenging such a significant and resourced industry.
72
krmboya 1 day ago 2 replies      
I wonder how this will compare against geohotz' comma.ai aftermarket self driving kit that he promises to ship by end of year.

He calls his company's technology level 3, which is more like autopilot, as opposed to level 4, which is a fully autonomous self driving car e.g. Google's.

Does Tesla aim to eventually have a fully autonomous self driving car?

73
nodesocket 2 days ago 2 replies      
Was there an event or video? Seems strange that Elon delayed this announcement from Monday if it's just a blog post (press release).
74
geertj 1 day ago 0 replies      
This does it for me. I have seen the future. Today I will register for a Model 3.
75
rbf 1 day ago 0 replies      
I wonder if our Model X that was put in production yesterday will have the new hardware..
76
Overtonwindow 1 day ago 0 replies      
WOW. SIGN. ME. UP! ...if I could only afford a Tesla. That was really impressive.
77
chx 1 day ago 1 reply      
My stance is very simple: when I can buy a car in Vancouver, BC without a driver's license I will be at the car salon door / preorder page / whatever, midnight movie release style to buy one and I won't ask about the price. Just make it happen, please.
78
jsingleton 1 day ago 0 replies      
The cameras look monochrome from the video. Or is this just editing?

If true then I'm surprised that colour data is not used. You would have to detect a red stop light from just its position rather than it also being red.

79
jdiez17 1 day ago 0 replies      
Here's a video of their full self-driving system in action: https://www.tesla.com/autopilot/
80
aerovistae 2 days ago 2 replies      
Some of what they describe sounds like it's going to take some real adjustment before it stops being annoying and starts being useful, namely the assumption of what you want when you get in and out.

> If you dont say anything, the car will look at your calendar and take you there as the assumed destination or just home if nothing is on the calendar.

Oh boy. If you get in your car, it will just assume it should start driving somewhere more or less immediately? What if you want to sit for a few minutes?

I know, I'm taking them very literally. Just saying, though.

> When you arrive at your destination, simply step out at the entrance and your car will enter park seek mode, automatically search for a spot and park itself.

Again, what if I'm unpacking things for the car, or don't want the car to go anywhere? I don't want to have to pull out my phone and tap on something to stop it rolling away, or jump in front of it or something, or open a door.

Hopefully it obeys simple voice commands directed towards it like "wait here for now."

81
dyarosla 2 days ago 2 replies      
Who's providing all this hardware? EIGHT surround cameras and TWELVE ultrasonic sensors: Are they building this in house too? If not, that's a lot of business to a supplier... all I could find about camera suppliers for Tesla was their former camera (tech?) supplier Mobileye.
82
eriknstr 1 day ago 0 replies      
Direct link to video only: https://player.vimeo.com/video/188105076
83
anindha 1 day ago 0 replies      
At 2m 25s the car on the wrong side of the road.

http://imgur.com/a/7ZOMi

84
andrewvijay 1 day ago 0 replies      
Wow. Just wow. Amazing! Hope it changes everything forever. For a while I thought it was driving way too fast then realized that it was just fast played.
85
627467 1 day ago 0 replies      
Personally I'm looking forward to how PRIVATE self-driving cars solves hunting for parking problem. It's a great social problem to solve.
86
rocky1138 1 day ago 0 replies      
What I want to see is a video compilation of all of the cool things it does when it encounters accidents and near-misses.
87
chrismealy 1 day ago 0 replies      
No pedestrians, bikes, ambulances, construction, just dead surburban roads. The perfect car for the zombie apocalypse.
88
codeulike 1 day ago 0 replies      
These cars are actually robots. In disguise.
89
GeorgeAnka 1 day ago 0 replies      
It's crazy, I can't belive that it will be works if will be only autonomous cars. It will be a lot of deadlocs.
90
niftich 2 days ago 1 reply      
Is this a formal model-year revision/refresh, or just a midyear 'minor revision' thing (despite being a major revision?) Are old models retrofittable? Will this hurt the resale value of existing Teslas that have the last generation hardware?

Is there an industry-standard (or governmental) safety test that these autonomous systems have to go through to evaluate their efficacy and performance in different scenarios?

(edit: clarified the first sentence)

91
lai 2 days ago 0 replies      
Does this mean we get self-driving capabilities without paying more for it as an add-on?
92
sharrs 1 day ago 0 replies      
Wow this is awesome!
93
xadhominemx 1 day ago 0 replies      
Fake video... Page Mill is not backed up onto 280
94
cdelsolar 1 day ago 0 replies      
Sorry but it absolutely needs LIDAR.
95
rocky1138 2 days ago 1 reply      
How does their autonomous car compare to nvidia's?
96
laktak 1 day ago 4 replies      
How to steal some cars:

 - hack into a car remotely - tell the car to drive to your parking lot - repeat

97
kordless 1 day ago 0 replies      
Shut up and take my money.
98
ghaff 2 days ago 1 reply      
Tesla may also want to consider better copyediting of press releases: "emergency breaking." Yeah, it happens. But it looks bad.
99
nsxwolf 1 day ago 0 replies      
I'm going to buy a bunch of Teslas and sit home and watch the money roll in from my own private Uber.
100
alinspired 2 days ago 1 reply      
tesla might not be comfortable releasing new software for update hardware in production
101
elchief 2 days ago 1 reply      
Wow, what a bunch of negative nellies on here. I hope you people have mildly unpleasant evenings.

Congrats Tesla! That's amazing.

102
tempestn 2 days ago 0 replies      
> features such as automatic emergency breaking

Always an amusing typo. I'll take the car without emergency breaking...

103
pyabo 1 day ago 0 replies      
KITT I need you!
104
honkhonkpants 1 day ago 1 reply      
A little skepticism is OK here. I don't think cheerleading is helpful. One possible interpretation of this video is Tesla is five years behind Google.
105
wehadfun 1 day ago 0 replies      
oh shit!
106
chillingeffect 1 day ago 4 replies      
It's sad how presenting such solid, undeniable evidence results in a downtrend in valuation:

http://finance.yahoo.com/news/tesla-shares-just-took-dive-14...

107
donohoe 1 day ago 3 replies      
So, lets be clear then, you do not truly own the car.

Am reminded of ebook and movie purchases - you're only just licensing the item. You own next to nothing.

108
thesimon 2 days ago 3 replies      
>While this is occurring, Teslas with new hardware will temporarily lack certain features currently available on Teslas with first-generation Autopilot hardware, including some standard safety features such as automatic emergency breaking, collision warning, lane holding and active cruise control.

But not software and they don't even have confidence in their current implementation?

It's not surprising considering the recent announcements by the regulators, but that's quite a step.

109
untilHellbanned 2 days ago 0 replies      
This company's self driving cars are gonna have serious problems because their business roadmap is all over the place. This is not just wordplay, I'm serious.
110
nchelluri 1 day ago 3 replies      
Did you see how close the guys hands were to gripping the steering wheel? Obvious he didn't trust it completely :)

Still, very cool. And the presence of cameras everywhere should help navigate insurance/accident stuff everywhere, I'd hope.

111
flexie 2 days ago 2 replies      
Are the cars going to look like Google's and Uber's self driving cars, then?

I never cared that much about self driving capabilities - I like to drive myself - and I certainly don't want to shell out $35,000 for a car with what looks like a food processor or a police emergency light mounted on the rooftop.

IMHO, one of the best features of Tesla has been that they actually made EVs look like traditional cars. It might seem trivial, but many of the budding competitors still fail to do just that:

http://www.autoblog.com/2016/08/17/vw-300-mile-ev-paris-auto...

https://www.mercedes-benz.com/en/mercedes-benz/design/commer...

2
DDoS Attack Against Dyn Managed DNS dynstatus.com
1468 points by owenwil  15 hours ago   631 comments top 111
1
bhauer 11 hours ago 12 replies      
Out of curiosity, why do caching DNS resolvers, such as the DNS resolver I run on my home network, not provide an option to retain last-known-good resolutions beyond the authority-provided time to live? In such a configuration, after the TTL expiration, the resolver would attempt to refresh from the authority/upstream provider, but if that attempt fails, the response would be a more graceful failure of returning a last-known-good resolution (perhaps with a flag). This behavior would continue until an administrator-specified and potentially quite generous maximum TTL expires, after which nodes would finally see resolution failing outright.

Ideally, then, the local resolvers of the nodes and/or the UIs of applications could detect the last-known-good flag on resolution and present a UI to users ("DNS authority for this domain is unresponsive; you are visiting a last-known-good IP provided by a resolution from 8 hours ago."). But that would be a nicety, and not strictly necessary.

Is there a spectacular downside to doing so? Since the last-known-good resolution would only be used if a TTL-specified refresh failed, I don't see much downside.

2
tim_armandpour 8 hours ago 8 replies      
I wanted to provide an update on the PagerDuty service. At this time we have been able to restore the service by migrating to our secondary DNS provider. If you are still experiencing issues reaching any pagerduty.com addresses, please flush your DNS cache. This should restore your access to the service. We are actively monitoring our service and are working to resolve any outstanding issues. We sincerely apologize for the inconvenience and thank our customers for their support and patience. Real-time updates on all incidents can be found on our status page and on Twitter at @pagerdutyops and @pagerduty. In case of outages with our regular communications channels, we will update you via email directly.

In addition you can reach out to our customer support team at support@pagerduty.com or +1 (844) 700-3889.

Tim Armandpour, SVP of Product Development, PagerDuty

3
scrollaway 15 hours ago 8 replies      
Relevant (or at least a-propos) post by Bruce Schneier, from a month ago: "Someone Is Learning How to Take Down the Internet"

https://www.schneier.com/blog/archives/2016/09/someone_is_le...

Edit: And to be clear: I don't mean to imply there's any connection :)

4
jssjr 14 hours ago 7 replies      
I'm a GitHub employee and want to let everyone know we're aware of the problems this incident is causing and are actively working to mitigate the impact.

"A global event is affecting an upstream DNS provider. GitHub services may be intermittently available at this time." is the content from our latest status update on Twitter (https://twitter.com/githubstatus/status/789452827269664769). Reposted here since some people are having problems resolving Twitter domains as well.

5
elwell 9 hours ago 2 replies      
To get on github you can add to your /etc/hosts:

 192.30.253.113 github.com 151.101.32.133 assets-cdn.github.com
And it seems faster than normal right (less users).

Edit; for profile pics include:

 151.101.32.133 avatars0.githubusercontent.com 151.101.32.133 avatars1.githubusercontent.com 151.101.32.133 avatars2.githubusercontent.com 151.101.32.133 avatars3.githubusercontent.com 151.101.32.133 avatars4.githubusercontent.com 151.101.32.133 avatars5.githubusercontent.com

6
Animats 8 hours ago 7 replies      
So who was prepared for this? Pornhub:

pornhub.com:

 Name Server: ns1.p44.dynect.net Name Server: ns2.p44.dynect.net Name Server: ns3.p44.dynect.net Name Server: ns4.p44.dynect.net Name Server: sdns3.ultradns.biz Name Server: sdns3.ultradns.com Name Server: sdns3.ultradns.net Name Server: sdns3.ultradns.org
ultradns.biz:

 Name Server: PDNS196.ULTRADNS.ORG Name Server: ARI.ALPHA.ARIDNS.NET.AU Name Server: ARI.BETA.ARIDNS.NET.AU Name Server: ARI.GAMMA.ARIDNS.NET.AU Name Server: ARI.DELTA.ARIDNS.NET.AU Name Server: PDNS196.ULTRADNS.NET Name Server: PDNS196.ULTRADNS.COM Name Server: PDNS196.ULTRADNS.BIZ Name Server: PDNS196.ULTRADNS.INFO Name Server: PDNS196.ULTRADNS.CO.UK

7
dEnigma 9 hours ago 1 reply      
I was not aware of the attacks going on until this happened:

1. Tried to download "Unknown Horizons" (game featured recently on Hacker News) binary, github-link doesn't work.

2. Think "Ok, might be an old link", google their github-repository, github appears down.

3. Try accessing github status website, is down.

4. Interested, try to visit github status twitter account, twitter is down.

Really weird experience, normally at least the second source of news on a downed website I try during an attack works.

8
danyork 5 hours ago 1 reply      
Journalist and security researcher Brian Krebs believes this is someone doing a DDoS as payback for research into questionable "DDoS mitigation services" that he and Dyn's Doug Madory did. Doug just presented his results yesterday at NANOG and Krebs believes this is payback. Read more: https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twit...
9
foobarbecue 13 hours ago 6 replies      
According to Fortune, Hacker News "reported" on the incident. Are we journalists now?

"Popular tech site Hacker News reported many other sites were affected including Etsy, Spotify, Github, Soundcloud, and Heroku." -- http://fortune.com/2016/10/21/internet-outages/

10
rybosome 6 hours ago 5 replies      
I'm wondering, from a regulatory perspective, what might be done to mitigate DDoS attacks in the future?

From comments made on this and other similar posts in the past, I've gathered the following:

1) Malicious traffic often uses a spoofed IP address, which is detectable by ISPs. What if ISPs were not allowed to forward such traffic?

2) There is no way for a service to exert back pressure. What if there was? e.g. send a response indicating the request was malicious (or simply unwanted due to current traffic levels), and a router along the way would refuse to send follow up requests for some time. There is HTTP status code 429, but that is entirely dependent on a well-behaved client. I'm talking about something at the packet level, enforced by every hop along the way.

3) I believe it is suspected that a substantial portion of the traffic is from compromised IoT devices. What if IoT devices were required to continually pass some sort of a health check to make other HTTP requests? This could be enforced at the hardware/firmware level (much harder to change with malware), and, say, send a signature of the currently running binary (or binaries) to a remote server which gave the thumbs up/down.

11
chromaton 11 hours ago 8 replies      
I can't currently get resolution on www.paypal.com.

$ dig @8.8.8.8 www.paypal.com

; <<>> DiG 9.8.1-P1 <<>> @8.8.8.8 www.paypal.com; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17925;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:;www.paypal.com.INA

;; Query time: 29 msec;; SERVER: 8.8.8.8#53(8.8.8.8);; WHEN: Fri Oct 21 12:35:33 2016;; MSG SIZE rcvd: 32

12
meshko 15 hours ago 5 replies      
Very funny guys, can you stop now? We have a demo in 4 minutes.
13
Animats 6 hours ago 0 replies      
Analysis of the Mirai botnet: [1]

This is worth reading. It has links to copies of the code and names the known control servers. Quite a bit is known now about how this thing works.

The bots talk to control servers and report servers.The attacker appears to communicate with the report servers over Tor.

[1] http://blog.level3.com/security/grinch-stole-iot/

14
sly010 15 hours ago 4 replies      
I am confused. Are so many big websites using Dyn, or does Dyn have some special role in the DNS chain in the US?
15
Mizza 8 hours ago 0 replies      
Although I don't like to to recommend Google products, they provide a provide a public DNS-over-HTTPS interface that should be useful for people who want to add specific entries into their /etc/hosts files: https://dns.google.com/query?name=github.com&type=A&dnssec=t...
16
jtmarmon 15 hours ago 5 replies      
I'm updating a list of confirmed outages as I see them here https://news.ycombinator.com/item?id=12759520

So far twitter, etsy, soundcloud, spotify, github, pagerduty...crazy that this can even happen

17
Animats 9 hours ago 0 replies      
"digikey.com", the big electronic part distributor, is currently inaccessible. DNS lookups are failing with SERVFAIL. Even the Google DNS server (8.8.8.8) can't resolve that domain. Their DNS servers are "ns1.p10.dynect.net" through "ns4.p10.dynect.net", so it's a Dyn problem.

This will cause supply-chain disruption for manufacturers using DigiKey for just-in-time supply.

(justdownforme.com says the site is down, but downforeveryoneorjustme.com says it's up. They're probably caching DNS locally.)

18
danyork 2 hours ago 0 replies      
There's a bit of exquisite irony in the fact that just yesterday an article on the Dyn blog was:

Recent IoT-based Attacks: What Is the Impact On Managed DNS Operators? - http://hub.dyn.com/traffic-management/recent-iot-based-attac...

It's a good piece about how IoT-based DDoS attacks are carried out. And now Dyn has the answer...

HN thread about that article at: https://news.ycombinator.com/item?id=12764650

20
newsat13 10 hours ago 4 replies      
Switch to OpenDNS servers - 208.67.222.222 and 208.67.220.220. Even google NS are down it seems. Heroku works after switching to opendns.
21
bgentry 10 hours ago 3 replies      
If you're having issues with people accessing your running Heroku apps, it's likely because you're running your DNS through herokussl.com (with their SSL endpoint product) which is hosted on Dyn.

If you can update your DNS to CNAME directly to the ELB behind it, it should at least make your site accessible.

22
cm3 11 hours ago 1 reply      
Just to be clear, this is a DDoS against Dynect's NS hosts, right?

I'm confused because of the use of "dyn dns", which to me means dns for hosts that don't have static ip addresses.

I'm actually surprised so many big-name sites rely on Dynect, which I hadn't heard of, but more importantly don't seem to use someone else's NS hosts as 2nd or 4th entries.

23
andmarios 11 hours ago 0 replies      
OpenDNS servers seem the only ones that still work. Kudos.

It may not be the proper action but this kind of soft-fail scenario (use the old DNS until you can contact the DNS servers and get new ones) is much better.

 echo "nameserver 208.67.222.222" | sudo tee -a /etc/resolv.conf

24
ohblahitsme 11 hours ago 3 replies      
Twitter and Github are still down here in LA (and confirmed on isup.me)
25
tedmiston 9 hours ago 2 replies      
Anyone else spend the morning thinking the problem was their setup? I've been flushing my system DNS cache, Chrome's DNS cache, changing DNS servers, rebooting my router, turning VPN on/off, etc.
26
nodesocket 10 hours ago 1 reply      
I've been singing the praise of AWS Route53 for a long time, they up and running. I can't believe major multi-million dollar companies (Twitter, GitHub, Soundcloud, Pagerduty) would not run a mix of multiple DNS providers.

Also what is happening is a cascade effect, where a 3rd party being down effects others.

27
Supersam654 10 hours ago 1 reply      
OpenDNS DNS Servers (208.67.222.222 and 208.67.220.220) are still resolving websites while my typical fallback to 8.8.8.8 is not.
28
anonymousjunior 2 hours ago 0 replies      
No idea if this would work, but could people theoretically just ping flood the IOT devices involved to mitigate the attack?

They run some sort of web server since most devices provide some web interface, so clearly there's a port open which could be hit if the IP is know, and with the shoddy security in these devices I'd wonder if their local (likely low performance) hardware would be susceptible to something as simple as a ping flood attack.

29
ljosa 15 hours ago 4 replies      
AWS says "We are investigating elevated errors resolving the DNS hostnames used to access some AWS services in the US-EAST-1 Region." Is that coincidental, or are they being DDoSed also?
30
pawal 5 hours ago 0 replies      
DNS was designed so that you can have multiple operators for your authoritative name servers.

Who would have thought adding a spof to your infrastructure would ever be a problem?

31
jrochkind1 10 hours ago 2 replies      
Is it time for everyone to actually start using secondary name servers/DNS resolvers too from a different provider from primary? DNS _is_ built for this, for the very purpose of handling failure of the primary resolver, isn't it? Just most people don't seem to do it -- including major players?

Or would that not actually solve this particular scenario?

32
artursapek 15 hours ago 1 reply      
Twitter, Reddit, wow. I was so confused for a moment. Thankfully HN is here to explain.
33
devy 11 hours ago 1 reply      
Is Zendesk being affected? Their status page is reporting external DNS provider is having DNS issue [1] and most of their sites are being affected.

[1] https://status.zendesk.com/

34
patmcguire 10 hours ago 2 replies      
Any quick script to see if a given domain ultimately resolves to them? My SaaS company has a lot of custom domains from whatever DNS servers pointed at us and I'd like to be able to tell people whether it's our fault or not.
35
jread 15 hours ago 1 reply      
Seems to be impacting POPs in US East most severly. We use Ripe Atlas to assess the impact of DNS outages, and in the past hour have measured about 50-60% recursive query failure from a few hundred probes in that region: https://cloudharmony.com/status-for-dyn
36
shortstuffsushi 7 hours ago 0 replies      
In (well, after) attacks like this, and really any other massive DDOS, shouldn't it be possible to identify potential botnets and try to take them out (notify their owners that they're being used, notify their hosting providers, etc) so that they can't be used again in the future?
37
wnm 15 hours ago 0 replies      
Heroku also seems to be affected. I'm getting this when I run 'heroku status':

>> We are seeing a widespread DNS issue affecting connections to our services both internally and externally.

38
39
wweiss1230 4 hours ago 1 reply      
How can I, a proficient web developer but one with little experience working directly with its underlying infrastructure, help in whatever effort is being down to thwart this and related attacks? I feel a moral obligation to help as these attacks seem a grave threat to our economy and could cause unrest given the current political climate. Thanks.
40
altyus 15 hours ago 5 replies      
For me redirecting my DNS to Google public DNS 8.8.8.8 and 8.8.4.4 did the trick.
41
CodeSheikh 13 hours ago 1 reply      
Let's assume, that foreign countries such as Russia or China would be trying to sabotage our elections on Nov 8th night. What are the severe economic and political backlash that we can deal with if we cut off the traffic coming in from those region (not in a "we control the internet" kinda way)? I am sure they already have nodes operating within the USA. A lot of major tech companies use CDNs that can still serve traffic globally to the consumers of those countries. Even better, how about we regulate and slow down all of incoming traffic for say half day on election day? Is it even possible?
42
devnull42 11 hours ago 0 replies      
Dyn reporting another attack started at 15:52 UTC.
43
LeanderK 6 hours ago 1 reply      
Can someone explain why this is so bad? I think the internet handled the downtime of Dyn pretty great, not reaching github wasn't exactly pleasing, but i added the ip temporary to /etc/hosts and the problem was solved. Isn't the best strategy to accept that attacks will continue and systems may go down and design for resilience? If so this attack can serve as a warning and as a check that we can handle these types of attacks. I am a bit exaggerating, but i would imagine that constant attacks keep the internet resilient and healthy. An unchallenged internet may be the greater risk.
44
azaydak 7 hours ago 2 replies      
Quick question for you all. Just two days ago I registered two domain names at dynu (not dyn). Early this morning I a cold call from a company in India who knew the domain names and my phone number and was calling to ask if I wanted them to help me manage my website cheaply. Also, this morning I got a spam text from someone who claimed to by godaddy offering the same thing. Now I protect my number really well so this is the first time in 5+ years that I ever got spam texts or calls to my number. Do you think Dynu was also hacked?! Or maybe Dynu sells client numbers (which is how the guy in India claimed to get my number) and it was just by random chance that this happened at the same time as the Dyn hack.
45
Legogris 15 hours ago 0 replies      
Microsoft's visualstudio.com's build servers fail to resolve Github and New Relic. So much for my Friday night deploy to staging.
46
emmet 11 hours ago 0 replies      
Is it just me or are these kind of attacks becoming way more frequent recently? This kind of widespread outage seems so new, but again, that might just be me.
47
mjpa 15 hours ago 2 replies      
Is it really an internet wide outage?

Only 2 of the points in the US are affected on https://www.whatsmydns.net/ for the domains we've got on Dyn - same for Twitter etc

48
DenisM 7 hours ago 1 reply      
The DDoS problems, at least those not related to spoofing IPs, could be curtailed if we provide a strong incentive to the ISPs to work on it.

Let's hold the ISPs financially liable for the harmful traffic that comes from their network. If a client reports a harmful IP to the ISP, every bit of subsequent traffic sent from that IP to this client carries a penalty.

Yeah, I know, routing tables are small, yada yada. If we put thumbscrews to the ISPs they will find a way to block a few thousands IPs of the typical botnet, even it requires buying new switches from Cisco & co.

Incentives drive behavior.

49
_ar7 15 hours ago 1 reply      
Almost every website I visit except HN seems to be down...
50
elmigranto 8 hours ago 1 reply      
I've managed to (seemingly) save my browsing with Yandex DNS:

 77.88.8.8 77.88.8.1
https://dns.yandex.ru

51
mmaunder 7 hours ago 0 replies      
Third attack underway: https://twitter.com/AlexJamesFitz (as of 10 mins ago)
52
mirekrusin 13 hours ago 1 reply      
They should do it once a year and call it Friday without Internet Day.
53
atsidi 11 hours ago 0 replies      
I've been having the same problem accessing github in particular. Just for fun, I opened the Opera browser and activated the built-in VPN. That got everything going again. At least for browsing, not so useful for my git pulls and pushes.
54
octoploid 10 hours ago 1 reply      
It is spreading to other DNS providers, too:https://status.fastly.com/

www.ft.com is unreachable for example.

55
paulddraper 10 hours ago 2 replies      
I thought DNS (particularly public) was basically immune to DDoS?

If one DNS server is down, use the cached result or another server.

DNS is some of the most distributable, cachable data I can imagine.

56
fatherzeus 8 hours ago 0 replies      
For people in need of the IPs for their respective services. You can find them here: ipaddress.com or any of the other similar services
57
djhworld 8 hours ago 0 replies      
At work earlier we was seeing hostname resolution errors with applications trying to contact amazon s3 from on premises infrastructure.

This was in eu-west-1, but it coincided with a bunch of other systems in the organisation having problems at the same time.

Additionally CloudWatch logs seemed to be completely broken for about 30 minutes on the Amazon Console.

58
leesalminen 10 hours ago 0 replies      
Boulder here. Can't resolve Wufoo or PayPal using 8.8.8.8
59
edgartaor 6 hours ago 1 reply      
I'm curious. What kind of infrastructure you need to make this massive attack?
60
arp 9 hours ago 0 replies      
Here's how to add static mappings temporarily to survive through the outage:

https://www.reddit.com/r/sysadmin/comments/58o5mp/dyn_dns_dd...

61
dmalvarado 7 hours ago 1 reply      
This may be dumb, but someone enlighten me:

If this kind of attacking does escalate, wouldn't it be possible to simply cut off requests from outside the United States at the points of entry? Basically, turning the US into an intranet?

62
metaverse 13 hours ago 1 reply      
While my app isn't resolved using DYN, we are relying on APIs on our EC2 backend that use their DNS. Is there a Linux DNS caching server that will serve from a local cache primarily, and do lookups in the background instead to update the local cache? During the period DYN was down, it would've continued severing from the local cache and retried the background lookups, keeping my app up. I can also see it improving performance as my servers currently do lookups to the EC2 DNS on each http request...
63
mdtancsa 14 hours ago 0 replies      
Anyone know any details of what the attack looks like ? I had a quick look in my (albeit small) network to look for odd flows going to their ASN33517, but didnt see much that looked odd on first glance...
64
x2398dh1 9 hours ago 0 replies      
Currently I am able to get into every site on the web, including GitHub, by using a VPN service based in Hong Kong.
65
jtmarmon 14 hours ago 1 reply      
Semi related: I noticed this incident right when it began, but not because I was trying to access a website. This started happening to me: http://imgur.com/PPlaY5o

Then when I went to push to github out of fear my computer was about to soil itself, that failed too, and I noticed the outage.

Does anyone know if the above errors could be related to the outage? I'm using vim inside tmux with zsh as my shell. Maybe zsh does some kind of communication with gh while running?

I restarted my computer and it's still happening

66
danyork 11 hours ago 0 replies      
https://cloudharmony.com/status-for-dyn is now (12:43pm EDT) showing Dyn's "US East" and "US West" centers as being down. Anyone know anything about this Cloudharmony service? How often does it update? and what is it monitoring?
67
foxhop 9 hours ago 1 reply      
So I had hardcoded my DNS server to googles, aka:

 dig @8.8.4.4 github.com +short
I was not getting an answer.

However using my routers/dhcp/ISP to set my DNS server, I am able to get answers:

 dig github.com +short 192.30.253.112

68
peatmoss22 7 hours ago 0 replies      
Need to get in to dyn.com to download your zone files add this to your hosts file:204.13.248.106 www.dyn.com204.13.248.106 dyn.com216.146.41.66 manage.dynect.net151.101.33.7 static.dyn.com
69
r1ch 14 hours ago 1 reply      
Surprised to see so many big names relying on a single provider. DNS is designed to be distributed, it should be possible to avoid a single point of failure.
70
adamrights 15 hours ago 0 replies      
We were affected @WSJ as well.
71
lips 7 hours ago 0 replies      
How many DNS services ala Dyn exist?Is it not still massively significant that a successful attack can be launched on even one of these?
72
Rapzid 8 hours ago 0 replies      
Looks like github and braintree both got AWS dns servers mixed in about the same time. Did they both switch over or is Dyn working with AWS on this?
73
RRRA 15 hours ago 0 replies      
Those distributed alternatives look better everyday... if only there was a working group and a transitional path.
74
kilroy123 10 hours ago 0 replies      
Interesting. Lots of sites have been down for me, here in Mexico City. Twitter. Github. Loads of other random sites. When I turned on my US based VPN. It all started working again.
75
cyberferret 14 hours ago 0 replies      
Hmm... Seems to be quite widespread. Some of our Amazon AWS services (located in the US) that rely on SQS are reporting critical errors. Intercom.io is also down at present, which we use for support for our web apps. Not looking very good from here (in Australia).
76
pmuk 15 hours ago 1 reply      
I'm getting DNS errors on my PS4 when trying to download stuff, I guess it's related!
77
Animats 8 hours ago 2 replies      
Github is currently inaccessible. Can you still compile Rust programs that depend on Github files?
78
cultavix 15 hours ago 1 reply      
Not sure if related but circleci.com is down for us do to a "DNS issue" !
79
kakarot 8 hours ago 0 replies      
Don't be a dick. I'm sure their staff has a giant collective migraine right now.
80
Kluny 9 hours ago 0 replies      
Highrise seems to be having problems, as seen by email errors when we forward email to Highrise dropboxes.
81
nbrempel 13 hours ago 0 replies      
It's a strange coincidence that Hover DNS was down for same reason a week ago.

http://hoverstatus.com

82
ifelsehow 9 hours ago 0 replies      
Reposting imglorp's comment on the root of the comment tree, as it's buried currently. This should restore service for those desperately needing to access Github etc ;)

> ....point your machine or router's DNS to use opendns resolvers instead of your regular ones: 208.67.222.222 and 208.67.220.220

83
tbarbugli 9 hours ago 0 replies      
I am very surprised this is not getting that much attention on national news.
84
llamataboot 11 hours ago 0 replies      
Heroku is still having problems as well
85
Kaedon 10 hours ago 0 replies      
What other providers would you recommend than Dyn? Route53? Cloudflare? Something else?
86
dev_1024 8 hours ago 0 replies      
How come you can access these sites from some countries? I imagine there are lots of name servers and that the attackers are specifically targeting servers for US?
87
alexmorenodev 15 hours ago 0 replies      
Here in Brazil things are pretty slow.

"Oh, maybe its our shitty ISP screwing up everything again."

No, it's in a bigger scale.

88
tbarbugli 15 hours ago 2 replies      
Github does not work for 100% the time
89
Raed667 10 hours ago 0 replies      
You can add Netflix to the list.

 GET https://art-s.nflximg.net net::ERR_NAME_RESOLUTION_FAILED GET https://assets.nflxext.com net::ERR_NAME_RESOLUTION_FAILED

90
adobrawy 11 hours ago 0 replies      
Twitter and GitHub is down on Scaleway (AS12876) and Tiktalik (Warsaw, Poland, Europe, AS198717) network too (no response from dynect.net).
91
BlackGuyCoding 10 hours ago 0 replies      
Anyone having any issues with WhatsApp? Mobile text seems to work fine but all images fail, Desktop & web browser aren't connecting at the moment (west coast)
92
dudul 15 hours ago 0 replies      
And there is no twitter to tweet about it!!!
93
dudul 15 hours ago 2 replies      
Damn, I've spent the past 30 minutes trying to update my DNS and playing with my router config! :)

No GitHub, well, it's gonna be a fun Friday...

94
im3w1l 14 hours ago 0 replies      
Fascinating weak spot!
95
d--b 14 hours ago 0 replies      
Looks like at least some of it is resolved. spotify is back
96
mirekrusin 11 hours ago 0 replies      
Github doesn't work again for me :(
97
invisiblep 9 hours ago 1 reply      
Why not use:

OpenDNS - recursive DNS

Cloudflare (DNS only) - authoritative DNS

Both services are free and distributed across the world.

98
Artemis2 9 hours ago 0 replies      
PayPal, Braintree, Spreedly down. Some companies are going to lose money today...
99
CarVac 15 hours ago 1 reply      
Using Google Public DNS fixed things for me.
100
darkmouth 11 hours ago 0 replies      
and its down again
101
zappo2938 15 hours ago 0 replies      
Explains why the Heroku API is down.
102
eredi93 11 hours ago 0 replies      
and the attacker are back. DDoS v2 is here
103
halayli 10 hours ago 0 replies      
github.com seems to be down because of this.
104
middleman90 11 hours ago 0 replies      
Shopify is down
105
transfire 10 hours ago 0 replies      
Oo oo, I know! Iran did it!
106
transfire 10 hours ago 0 replies      
Must be trying to stop the latest Julian Assange leak.
107
ilostmykeys 15 hours ago 1 reply      
The Internet is so resilient. LOLz.
108
piker 15 hours ago 0 replies      
CNN.com is knocked out by this attack as well. I could see that as a useful target.
109
chatmasta 10 hours ago 0 replies      
I'd like to see proof of this attack from an outside network observer.

Is it possible the government could force a DNS provider to pretend to fall victim to a DDoS attack, as a form of a false flag cyber attack?

110
raemike123 11 hours ago 4 replies      
USA cyber defenses are NOT up to the task of defending our critical electronic infrastructure. Letting every company that runs critical services decide their own security posture is not scalable and has left us vulnerable. While no one is getting hurt, we are taking cyber missile hits from our enemies and eventually the damage will be worse. Other countries with more central controls will be less vulnerable than we are to crippling infrastructure take downs.
111
brooklyndude 9 hours ago 0 replies      
Why does it always have to be a "Nation State", have been hanging out with 17 year old's that knew far more about DNS configs than a room of "Cyber-Security-Professisonals", they were clueless, these kids could run circles around them.

Kids.

3
Nintendo Switch New Video Game System [video] nintendo.com
926 points by ocdtrekkie  1 day ago   531 comments top 78
1
emdowling 1 day ago 8 replies      
It is so reassuring to see Nintendo create a modern gaming machine that doesn't try to be a living room hub or an iPad competitor. Going entirely by the video alone, every single design decision has been made with a clear focus on gaming. The simple docking action for transitioning it to the TV, the versatility and portability of the controllers, the reasonable size, etc all combine to make this (again, judging entirely from the video) a focused, confident release that finally embraces the changing way people play games.

Besides an original Gameboy (which I loved), I've never owned a Nintendo console. After seeing this trailer, it is an instant buy for me in March.

The only thing I want to know more about is the online store. From what I understand, Nintendo's eStore has a lot of shortcomings in a lot of weird areas. I hope they address those. I have an Xbox One and about 25 games, all of which were purchased digitally. I'm not sure I could go back to physical versions of games.

2
mratzloff 1 day ago 9 replies      
If there's a "switch" here, it's Nintendo finally taking feedback from customers and third parties seriously.

Console with graphical power that rivals Xbox One and PS4. Check.

Industry-standard architecture and tooling (Unity), allowing third parties to flood in. Check.

Blends their successful portable division with their console division (this has been a common refrain for awhile now). Check.

They already addressed multiplayer, although they could go further with that.

This is going to be a major windfall for them.

3
neals 1 day ago 9 replies      
Maybe not a popular opinion right now... but I'm so glad there's at least one brand out there that isn't jumping the 'VR'/'AR' - bandwagon.

I've tried to get into VR with the oculus and the VIVE, but no, it's just not for me. Happy to see Nintendo do what they do best: come up with a great formfactor, but let games be games.

4
6stringmerc 1 day ago 2 replies      
Very clever. Anchor for home, and again trying for the mobile area where their creativity really worked (3DS). I'll be curious in the system specs and the decisions they made - such as having that apparent card slot. Hooray for the headphone jack.

I'll never understand the marketing motivation to show a bunch of people getting together for a social gathering and togetherness, then cram together to watch / play on something with a screen the size of a hardback novel.

5
nlawalker 1 day ago 0 replies      
The most interesting thing to me is a design decision that combines an important aspect of the original NES with an important aspect of all of Nintendo's portable machines since the DS: a reduced barrier to entry for multiple people to play. In 1989, every NES sold came with two controllers out of the box. Similarly, every portable Nintendo system since the original DS has supported Download Play, which requires each player to have their own console, but only a single copy of a game.

It looks like you'll be able to use the standard Switch controller as two "half controllers." Sure, you get limited functionality, but one person with one standard (portable!) console and one multiplayer game like Mario Kart can say those all-important words to anyone, anytime: "Want to play?"

6
exelius 1 day ago 5 replies      
So this is a good usage model, but I'm not sure people want to carry yet another tablet just for gaming. The only way I can see this thing taking off is if it can fall back into an Android tablet mode for web browsing, e-mail, etc. But as a portable gaming console, it seems pretty boss. I'm curious what the hardware specs are and how they differ from other tablets on the market.

Because if it can't do everything else my current tablet can, I'm gonna have to carry a tablet AND this thing. Done right, Nintendo can make this thing the first real challenger to the iPad for mass-market adoption. But they've gotta treat it as a first-party Android device and get updates out ASAP and not muck with the interface too much. I'm willing to bet they could work out a rev-share agreement with Google on the Google Play store and Google Play Apps (and keeping their own Nintendo licensing scheme).

But let's not kid ourselves here: Nintendo is a Japanese company and it operates like one. That means they'll try to own the entire value chain and miss out on any network effects, while simultaneously moving themselves from a market with a 5-10 year refresh cycle to one with a 2-3 year refresh cycle. While it means they could sell more tablets to repeat customers, it also means that they have less time to be patient for success (as happened with the Wii and WiiU) since it also increases customer churn. Network effects and platform lock-in are a lot more important when the refresh cycle is shorter, because there are more opportunities for your customers to jump off the train.

I wish Nintendo luck, and I think that this is a good usage model. But I'm not convinced it's compelling enough to displace the tablets that people are already carrying around with them unless it can also duplicate the capability of those devices.

7
zelias 1 day ago 6 replies      
Nintendo has been trying to blend mobile and console gaming since the Gamecube (anyone else remember the GBA link??). I think they've finally succeeded in a way that can make the transition between the two seamless.

In a space currently dominated by two nearly-identical competitors (XBONE and PS4), I think Nintendo has the opportunity to capture a large portion of the market.

9
bigtunacan 1 day ago 1 reply      
This is a pretty brilliant move in concept. While phones and tablets have encroached on the handheld gaming space, the DS is still a huge success and where Nintendo has continued to dominate the market.

As a parent, I have 4 of the current gen DS systems. One for myself and one for each of my three children.

Nintendo has really struggled to stay relevant in the console space though as seen by the Wii U's underwhelming sales.

If this device is priced right and can continue on their virtual handheld monopoly then they become a sort of defacto console system for the masses. For the first time in ages I'm curious to see what is going to happen with Nintendo.

10
revjx 1 day ago 3 replies      
I'm quite excited by this. The video was a bit lengthy but it demonstrated the concept quite well.

Glimpses of Mario, what appeared to be Skyrim, too - more third party support this time perhaps?

I'm most interested to see the price and the spec of the machine. Xbox One and PS4 seem to have become more homogenised in terms of architecture than the last generation of consoles (PS3 was especially weird), if the Switch follows suit it would hopefully encourage more third party support. Assuming the power is there.

11
Bahamut 1 day ago 1 reply      
This looks amazing - nice form factor for easy use on the go (demonstrated in many ways in the video, including on airplanes), but still letting you have a classic game experience. It shows smart usage of now standard wireless tech and highly portable & fast storage.

It's amazing how slow game consoles change minus beefed up computing capabilities, and while Nintendo has had some hit or misses, this shift looks like a vastly superior improvement over the initial ideas brought forth by the Wii U.

12
captainmuon 1 day ago 2 replies      
Very promising. I like how haptic it is. Part of the magic of old Nintendo was the feeling of slotting in a cartridge, and handling a well-designed device and controller. They will not go back to cartriges obviously, but it seems like they put a lot of thought into this... like car engineers do when the have the doors make a specific sound when they close.
13
yumaikas 1 day ago 1 reply      
There are two major things that I'm curious about:

Price point: How much is this going to cost per unit? I'd imagine it's going to be much cheaper than the other current gen consoles

Battery life: If it doesn't get more than 1-2 hours, or else come with some way to extend the battery life via an accessory, it will be kinda underwhelming.

That being said, this is a very intriguing idea, and is a good focus on an easy to understand concept. Funny image: Two people playing on a Switch with the controllers snapped onto it, doing some top down game like air hockey or something.

14
pimeys 1 day ago 2 replies      
Their stock price also went up over one billion today.

http://www.polygon.com/2016/10/20/13344202/nintendo-nx-share...

15
tvanantwerp 1 day ago 4 replies      
Of the featured use cases, gaming on a plane is the only one that made a ton of sense to me. (Binging on Stardew Valley on a laptop during my last trip to China actually helped a lot with jet lag recovery.) The other featured cases, I'm not so sure. I definitely miss the days of my youth when my friends and I huddled around a TV split four ways. But I also don't see us returning to gaming together in person either. The most bizarre use case featured is for esports--I see no advantage to using the Nintendo Switch versus a more powerful console or PC in competitive gaming.

As a piece of hardware, this looks really cool and innovative. But I don't actually know if the product-market fit is there.

16
Pxtl 1 day ago 0 replies      
It's perfect. It was the obvious direction putting together the ideas that the Razer Edge and various snap-on-phone gamepads and the controllers of the Wii and the Wii-U implied, as well as Nintendo's attempts to create input-parity with the Wii-U and the DS by having them share the same "2 screens, one is touch" layout.
17
shanusmagnus 1 day ago 0 replies      
Not really relevant to anything, but I'm so grateful the movie includes the guy on the plane playing the Switch while ACTUALLY WEARING HEADPHONES. People who play videogames (or movies) on planes while piping audio through the speaker for everyone to "enjoy" should be force-ejected through some kind of special chute.
18
Tiktaalik 1 day ago 0 replies      
It looks very promising. Nintendo's strengths are in portable and local coop play, and they've managed to create a new product that excels at both.
19
dogma1138 1 day ago 3 replies      
Battery life on tegra devices is abysmal I'm really wondering if the guy can get from the gate to the plane without it running out if you run full 3D graphics games like those.
20
slavik81 1 day ago 0 replies      
You know, I always thought the idea of a hybrid console/handheld was a terrible idea. I expect that mobile considerations are going to make it graphically underwhelming compared to the next Xbox and PlayStations. I also figure that graphical considerations for TV play are going to make it eat battery. We'll see if the jack of all trades is master is any.

But, on the other hand, Nintendo's games are just plain fun. I didn't buy a Wii U because I didn't want that giant tablet controller and its charging stand taking up space on my coffee table, but every time I saw Splatoon I wished I had room for it.

Perhaps this can fit in my life.

21
sodafountan 1 day ago 3 replies      
I just don't have faith in Nintendo anymore, they have a track record now of so many failed consoles and disappointments, lack of third party support, even the new Zelda doesn't get me that excited (and I've been a die hard fan for years, playing Ocarina of Time as a kid made me want to learn how to make games). We'll see how this one turns out.
22
4minute 20 hours ago 0 replies      
Everyone is worried about graphics. Nintendo systems have never been about graphics. It's all about the games. They are combined two of the best selling consoles EVER. The 3D is the second highest selling console ever. The wii is fifth. The Switch brings both of them together. You can experience the awesome Nintendo literally anywhere at anytime. You can't get that with any other console. Now they are bring in major titles and giving us multiple good controllers for when they are needed. That's fucking awesome. I was about to buy the PS4 Pro edition, but fuck that I'm waiting for this. I'm hoping they still alway 3DS controllers to connect to the console so I can play with my 3DS friends with the portable device and the dock.
23
bitwize 1 day ago 2 replies      
For a second I wondered, is Nintendo building network hardware now?

My worry here is that Nintendo may be making the same mistake that BlackBerry made: doubling down on hardware when they should be building out their app ecosystem on dominant mobile platforms.

That said, the Switch looks cool. Really freaking cool. I just wonder if it'll be enough.

24
colinthompson 1 day ago 0 replies      
Looks really cool. Too bad its not out in time for christmas. The thing would sell like crazy this year.

What I find most notable in the video is their nod to competitive-gaming / esports, which Nintendo has such a long history of shunning/disrespecting/mis-understanding. Maybe theyre finally trying to atone for the debacle around the whole Smash scene? (Then again, maybe its just the marketing people who put this video together thought that would be fun to add and have no idea about Nintendos history here.)

25
bane 1 day ago 1 reply      
Looking at the concept video it's clear that Nintendo is doubling down again on the idea of personal, physical interaction as the concept for multiplayer activities -- the "you and a friend in the living room" idea. I applaud this, but online gaming is something that Nintendo really struggles to "get" and has cultural issues with as well.

There was a an article (gamasutra maybe?) about how the N with the Wii, fundamentally had no idea what their competition was up to or understood gaming notions that had become very commonplace by that time -- like online matchmaking for gaming, etc.

However, as a gamer, I think this is definitely setting a differentiable and right path that doesn't tie Nintendo to just selling another port target for games.

I'm reminded of this old Reddit post that presages some of what's in this video:

https://www.reddit.com/r/FutureGaming/comments/2eox69/the_un...

https://pdf.yt/d/J5nSHPu5dzdpWwvn

26
apricot13 19 hours ago 0 replies      
I'm so excited for this, I've (eventually) owned every nintendo console/handheld (I'm looking at you badly marketed WiiU).

I really hope they fix some of the issues with the eShop - it needs work, but its improved a lot!

What happens when you lose the right part of the controller? can you buy them individually or do I need a whole new pad?

If my screen gets scratched - can I just replace the screen section?

What happens to my save data - if my bag gets damaged/stolen, will I lose all my save data or is backed up in the cloud/the switch device?

will it come in different colours - I like that the 3ds is so customisable!

27
Tiktaalik 1 day ago 1 reply      
If they've switched to a capacitive touch screen instead of resistive then there's the potential for easily porting Unity based Mobile iOS/Android games to this.

This could be a great new marketplace for indies that make pay up front mobile games.

F2P mobile games monetization strategies rely on huge install bases that the Switch is unlikely to reach, so porting these games over may not make as much sense, but it could still be worthwhile to port to the device in order to provide more gameplay options to existing users.

28
Unbeliever69 1 day ago 2 replies      
I must be very out of touch with the gaming habits of millenials. The intro movie itself seemed like some nerdy wish-fulfillment. Who acts like this? Where can I meet some stunning gaming hottie like the one in the airport? Will the Switch make my life this fantastic?
29
astrostl 1 day ago 0 replies      
My family has a Wii U, and it's connected to the only TV we really use in the house. The Wii U game pad permits pad-only play on some, but not all, games and doesn't have any capacity for multiplayer on it. I think this addresses the, "someone is taking over the TV" and, "take it outdoors" kind of use cases very nicely. Surprised they didn't play up the family aspect of it for that, but I guess that's an (only?) already-captured demographic.
30
lucaspiller 1 day ago 2 replies      
Direct link to the YouTube video. It doesn't load with uBlock Origin:

https://www.youtube.com/watch?v=f5uik5fgIaI

31
jacobmischka 14 hours ago 0 replies      
This is a good idea and seems well-executed. While still essentially a gimmick, the portability is a much better and more useful gimmick than the Wii's motion controls or the Wii U's touchscreen controller. It seems to get in the way of gaming much less than those did.

Unfortunately, while it's a rather good gimmick, it seems like Nintendo is repeating its usual mistake of sacrificing gaming power for it. Releasing a device with a 720p screen in 2016 is almost as bad as releasing a device with a 400x240 screen in 2011, in my opinion.

Nintendo has a very bad habit of making devices that compete with the previous generation of its competitors' devices instead of the next one.

32
white-flame 22 hours ago 0 replies      
No touch controls or motion controls in sight! I think they'd ultimately be incompatible with this anyway.

You can't have good local portable multiplayer if one player always has their fingers on the screen, blocking the other's view.

Motion would be very haphazard, due to all the usage styles. Where would the motion sensors go? If it's part of the tablet, you can't play while docked to your TV. If it's part of the joycons, you'd probably have to remove them to play some games, which would be again annoying if it's docked. If the pro controller has motion controls as well, some games requiring both joycons wouldn't bother using it. You'd have to have at least 4 sets of motion controls across the parts for it to work ubiquitously.

All in all, it makes a lot of sense that we might not see those 2 clunky features returning, which is great.

But all the bits (dock, tablet, 2 joycons, joycon mounting stump, pro controller) is a bit too clap-trap for me. I had used Wii Fit for a while on someone else's Wii and liked it, so I got a Wii U version. The addition of the touchscreen plus wiimotes in the Wii U made it a mess of always picking up and putting down things, which was super annoying. Having fewer input schemes, and using them well, would be preferable, in my opinion.

33
sssilver 1 day ago 1 reply      
I often wonder whether it would be a good idea for Apple to acquire Nintendo, and have them focus on building phenomenal gaming experiences on the iOS platform through focusing on software and device accessories (e.g. controllers). For some reason Apple and Nintendo in my head feel like they share important DNA traits.
34
norea-armozel 1 day ago 0 replies      
I read somewhere it seems the Switch won't be region locked which is very interesting. I wonder if Nintendo is cutting the initial 3rd party devs a deal on the new cartridges then (considering they'll likely be still more expensive than your standard Bluray DVD).
35
idealpersona 1 day ago 1 reply      
Skyrim was released almost 5 years ago, yet an updated version of it is used to advertise the capabilities of a next-generation console. It's really disappointing to see the amount of recycling in entertainment in the past 10 years. More disappointing that people eat it up.

Also, the entire selling point is being mobile crossover. That seems like a great secondary feature, but alone... that's it? Where is the imagination that brought us the Wii?

I can only hope Nintendo attracts enough development to make interesting (perhaps Pokemon Go-influenced) unique crossover use cases, beyond just playing the same game the same way on a TV and at the airport.

36
calferreira 1 day ago 1 reply      
Is it just me or the console mechanism looks fragile ?If you keep pulling and putting the side remotes, it looks like it might break in the future.

Also, it will be quite the challenge for nintendo to gain momentum with the handheld part of the console. Everyone plays on phones and tablets these days, so i don't see much incentive on that part.

They should've stalled pokemon go and launched it with the new console.

That would create a massive demand for the new console.

37
FullMtlAlcoholc 1 day ago 0 replies      
This looks like a very well designed console and I appreciate that Nintendo takes chances does try to offer something different with each console release.

The crucial element that is going to determine whether I purchase this or not is will it support location-based gaming? Touchscreens, gyros, and cameras aren't necessary, but location based-gaming and the spontaneous, real-world social interactions it generates was the only reason I played Pokemon GO. I do understand that designing games with this in mind and making it fun for all players is a difficult if not impossible problem to solve for those who don't live in dense urban areas

I'm also disappointed that Nintendo isn't developing for VR yet. While I respect them for not following the herd, if any developer is going to lay the foundational design patterns for VR gaming, it's Nintendo. Mario 64 and Zelda: Ocarina of time did this for 3D.

It'll be interesting to see if this becomes more than a gimmick.

38
gwbas1c 1 day ago 0 replies      
I like how they emphasize that the Switch uses a standard headphone jack.
39
finstell 1 day ago 2 replies      
Am I the only one who found it funny that people, all dressed up, playing a basketball game on the device right in front of a basketball field?
40
candl 1 day ago 2 replies      
Hopefully the docking station provides additional CPU/GPU power, otherwise this would be no different to a PS Vita.
41
GrumpyYoungMan 1 day ago 0 replies      
Looks intriguing, although, as always, it boils down to what games will be available. I'll reserve judgement until we hear more about them.

In handheld mode, one wonders if they were able to keep parity with the battery life and the touchscreen capability that the DS/3DS had. Losing those would be a significant minus.

42
joeax 1 day ago 3 replies      
Anybody have any info on how the Switch will be backwards compatible with Wii U discs (i.e. a portable drive perhaps), and 3DS cartridges? I have a stack of Wii U games that hopefully will still be playable.
43
anotheryou 1 day ago 3 replies      
What is so big in the dock? Speakers (not really needed with hdmi TVs, no?)?

Also an interesting decision to cover the docked screen (probably to keep 100% compatibility to the single mobile screen and not waste resources while powering the big screen).

44
chenster 1 day ago 0 replies      
Is it like a Wii U flipped? It's awfully resemble Gamevice controller for iPad - https://gamevice.com - except it's also an iPad, which is as big as 12 inches! How does Switch gets its content, by download, or old-fashion cartridge (I'm totally cool with that). And lastly, the battery lasts how long??
45
wodenokoto 1 day ago 1 reply      
The way the switch controller can be used as 1 full controller or two mini controllers is brilliant.

However, it looks as big as an iPad mini. So logging it around, I might actually want it to have tablet functions too.

46
ericzawo 1 day ago 3 replies      
This looks amazing, and the fact they got Skyrim in the trailer is a great promise of its graphical prowess. I just hope they take online gaming seriously this generation.
47
okonomiyaki3000 1 day ago 2 replies      
I'm not a gamer but it looks pretty innovative. I wonder about the strategy of announcing 2 months before Christmas and launching 3 months after though.
48
nilkn 1 day ago 0 replies      
This actually looks amazing. I haven't bought a game console in a while and have in fact been actively avoiding them in favor of PC gaming and Steam, especially now that we've got the Steam Link and Steam Controller. However, this has enough value add that I could totally see myself buying this. This might just be the best thing I've seen from Nintendo in a long time.
49
Jamieee 1 day ago 4 replies      
Is this an upgrade for the 3DS, the Wii U or both? I was looking at picking up a couple of the new 3DS, doesn't seem worthwhile now.
50
beernutz 1 day ago 0 replies      
Does anyone else think the controller stick on the right looks like a problem? I can't help thinking that I will keep bumping the analog stick if I attempt to use my thumb to press the buttons at the top.
51
justicezyx 1 day ago 1 reply      
I personally feel this is going to be mediocre at best:1. Limited appealing to main stream consumers2. Awkward physical spec, tablet's down fall pretty much proved that how big a mobile device should be3. No one would want to write games for this...
52
technologia 1 day ago 2 replies      
I wonder if the Tegra X2 in here would be at all able to use any other nintendo devices as an external gpu since they no include the pascal architecture. For example possibly using the new nintendo nx with the switch somehow. Just a thought.
53
SadWebDeveloper 1 day ago 1 reply      
I didn't get it... is it a handheld or a phone/tablet device? my question whatever it would replace my phone or just be another device on my backpack like the iPad, Laptop and tons of extra chargers, i carry to almost everywhere?
54
r-w 1 day ago 0 replies      
What happens if multiple people from the same household want to use local multiplayer on different screens? That's the only case where the one-to-one relationship between console and portable screen breaks down.
55
aikah 1 day ago 0 replies      
At the end of the day it's not about the console, but the games running on it. Not going to buy this if the only thing I can play on it is Mario or Zelda. I wish Nintendo a lot of success though.
56
s3r3nity 1 day ago 1 reply      
This might be a dumb question, but can someone elaborate on how you can get such good graphics like they were showing in the Skyrim and Zelda images on such a small cartridge (i.e. not a disc?)
57
Someone 1 day ago 0 replies      
https://www.engadget.com/2016/10/20/switch-is-nintendos-next...: "The Switch will be released worldwide in March 2017."

Can I interpret that as "we missed the holiday season, and pre-announce this because we think its Osborne-effect (https://en.wikipedia.org/wiki/Osborne_effect) will be smaller than its effect on the sales numbers of our competitors?

58
chejazi 1 day ago 1 reply      
Exciting product. Criticism: the detachable controllers don't appear very ergonomic. They are small in size and the detaching mechanism look looks somewhat flimsy.
59
MollyR 1 day ago 0 replies      
This reminds me of the nvidia shield tablet but done right.
60
djhworld 1 day ago 0 replies      
Light on details, outside of the association with nvidia there's still a lot of questions that need answering

Saying that though, I am almost certainly going to get one.

61
dingo_bat 1 day ago 0 replies      
I most excited by the prospect that this supports local WLAN multiplayer. At least that's what it looks like in the video.
62
xwvvvvwx 1 day ago 1 reply      
Seems like it will be a challenge to build games that are compelling on both a large screen while seated in your living room and on a small screen when you're out and about (from both a UX and gameplay perspective).

With that said it's a smart move to use the same controller for both use cases.

Overall looks pretty slick, interested to see how this plays out.

63
sergiotapia 1 day ago 0 replies      
Day 1 purchase for me. I want one for the car so my kids can play Mario Kart in the back.
64
microcolonel 1 day ago 0 replies      
Here's the link to the video on YouTube, I tried to load the linked page about 12 times and it failed each time, turns out the video is on YouTube anyway.

https://youtu.be/f5uik5fgIaI

65
dysfunctor 1 day ago 1 reply      
Is Nintendo making a big mistake by missing Christmas with this thing?
66
fiatjaf 1 day ago 0 replies      
Multiplayer solved in all the ways possible.
67
Waterluvian 1 day ago 1 reply      
I feel like it will be mediocre at both living room and mobile gaming.

How can it possibly be powerful enough to attract third party developers?

Doesn't this compete with 3DS?

68
rebootthesystem 1 day ago 2 replies      
It's interesting to me to watch a video about a new gaming platform and have that video show me all the ways in which said platform will destroy nearly all forms of real human interaction with others, reducing us to unthinking drones looking at screens moving little virtual characters around while our brains whittle away.

This is the problem with the gaming industry. It's the equivalent of very smart engineers using their skills on the web to find ever more effective ways to make people click on ads. It's such a waste of human talent.

Gaming is different but not really. Most of the popular games have no real redeeming qualities. They are black holes into which youth can get sucked into, burn hours, days and years and, in extreme cases, ruin their lives. This, I think, is despicable.

If you want to do well in gaming you have to use your skills to find ways to create addictive games that shift a person into a Pavlovian state where they want more, they keep clicking the buttons and, eventually, they send you money. This has certainly been proven by the iOS space. Games like "Clash of Clans" is one of many examples of this.

Getting truly creative to find ways for people to engage with more intelligent and useful activities is very, very difficult. And so, to usurp part of a phrase that paints an amazing image...when they go low, we go lower.

I have long been disenchanted with what the gaming industry has done to kids. It's making money at the expense of their brains and emotions. It's selling drugs in digital form.

I didn't used to think this way until I saw the effect on my own kids. To make a long story short, my two little ones started to lie to us and play a couple of these addictive games on their iPods.

We have a simple rule at our house: On Saturday's you can play the available games for a couple of hours. The rest of the week play with legos, go outside, play with the dogs, etc.

This worked very well for many years (almost 18 to be precise). In fact, in a lot of cases they'd play less than two hours because they'd get sick of it and prefer to go for physical play.

Until a couple of games surfaced. And they, like evolved bacteria, became immune to the mechanism that made my kids decide to stop playing. Soon we would discover them playing the games in secret under their blankets at 11 at night instead of sleeping. Warnings did not work. And, after a couple of them we took the iPads and iPods away. They had become destructive devices rather than the opposite.

My kids were lying to me in a manner which I would imagine was no different than kids lying about taking drugs.

They've been off the iOS devices and these games for a year. They get their devices back in January. Cleared of all the addictive games. We'll see what happens.

So, yeah, I look at a video like the one for the Switch and immediately imagine how many lives it will destroy if used as portrayed.

69
daodedickinson 1 day ago 1 reply      
I dunno... I never play games except at home now, so there's nothing interesting here for me. It's just gonna come down to whether I want to play Smash / Mario Kart / Mario, like it pretty much has since the GameCube.
70
sebringj 1 day ago 1 reply      
Might be a good time to buy Nintendo stock.
71
cmrdporcupine 1 day ago 0 replies      
The "Switch" appears to mean many things, but also a "Switch" (for their non-gameboy/DS systems) to the ARM platform and a break from the PowerPC-based systems of the past.

Which means breaking compatibility, but certainly makes it possible for them to lower costs reduce power consumption and iterate more quickly.

72
eganist 1 day ago 1 reply      
https://youtu.be/f5uik5fgIaI

Direct link to the trailer video

73
Tiktaalik 1 day ago 0 replies      
Weird. Was the thread title edited? "Switch New Video Game System [video]." I'm pretty sure everyone knows who Nintendo is and it's more descriptive to say that in the title.
75
protoster 1 day ago 0 replies      
Oh my god, a sane name for once. It was really getting out of hand with the DS and Wii when the same name referred to several different generations of hardware in a non obvious way. (DS, DS Lite, 3DS, 2DS, New 3DS, try making heads or tails of that).
76
jmcdiesel 1 day ago 2 replies      
So instead of a portable screen/controller like the WiiU that's separate from the main machine - the main machine IS the portable part that could easily be dropped/broken, now? Or am I missing something?

Im failing to see how this design is superior to the Wii U's approach

77
shmerl 1 day ago 0 replies      
If Nintendo will support Vulkan on Switch, that would be good.

This looks more interesting though: https://www.kickstarter.com/projects/smachteam/smach-z-the-h...

And it's supposed to run Linux. Recent AMD GPU means it will work with amdgpu/radeonsi for OpenGL and radv for Vulkan eventually.

However after disastrous Jolla tablet crowdfunding, I'm not so eager to back hardware campaigns anymore. But I'll surely buy such device if they'll pull off making them in the end.

78
LargeCompanies 1 day ago 2 replies      
I don't get it... what is exciting about a GameCube/iPad hybrid?

Why not create a VR/AR console hybrid that lets you create things at home and then experience them in the real world... digitally graffiti your town at home then go out and check out your art work and or messages? Maybe that's an app already... leave your friends messages in certain locations seen via an AR app?

4
Thank HN: From Google form to $1k in revenue in one month oldgeekjobs.com
1041 points by johnwheeler  2 days ago   244 comments top 62
1
b212 1 day ago 9 replies      
Can you do another good deed and require your posters to include salary range in their job ads?

It's the norm in the UK and we successfully forced this in Poland (though posters almost NEVER post salaries here). How? The companies need IT staff so much that almost all IT job boards (at least the most popular ones - like FB groups or https://nofluffjobs.com) started requiring the salary range.

I think your idea is praiseworthy, but I'd never ever create a website like this with hidden salaries. Especially in your case - it's so cool people post jobs on your board, but what if they do so, because they're offering 10, 20, 40% less because it's a place for "old geeks that noone wants"?

I'm really super proud that if a IT ad in Poland has no salary range most of us just ignore it. And it took us maybe 2 years to get to this place. I think every other country should follow the lead and end the "competitive salary" trend. I don't want to spend 3 days on interviews just to discover that the salary offered is way too low for me. Salary missing from an ad is a big lack of respect, the sooner people realize that the better.

2
gregsadetsky 2 days ago 9 replies      
Congrats! Small note, none of the listings appear when using uBlock Origin [ https://chrome.google.com/webstore/detail/ublock-origin/cjpa... ], a popular ad blocker.

It seems related to your /js/ads-controller.js file (it gets blocked because of the "/js/ads-" portion in the path).

I would suggest fixing that (and preferably minimizing your JS into one bundle).

3
hash-set 2 days ago 3 replies      
Here's the deal: Employers will exploit your age no matter how old you are. There is no "perfect age" for a developer. When you're young, they exploit you because you are inexperienced (especially at negotiation). When you are "old" they exploit by trying to play the age card. "Not a cultural fit"--LOL--fix your stupid culture and stop exploiting people, you smug fools!

So what is there? A ten year "ripe" age range where you're good enough to code but don't have a wife and kids? Blatant exploitation of human capital.

As far as "moving up to management" that's a load of crap. There aren't enough management positions to soak up all the age 35+ developers out there. It's an extremely narrow funnel. For the winners of that race, the prize is a lifetime of quiet suffering: You'll be lucky if you retire without major depression, anxiety, heart problems, or all three. I wonder what the mortality statistics are for people who work as IT managers?

There is also this role called "architect." Do not be enticed. It is, at best, a torturous role, and at worst, it's a redundant role that people who were only so-so at coding get promoted to so they can no longer annoy the rest of the team. The effectiveness of any given architect has an exponential decay from the instant they stop coding and start attending meetings all day.

Basically, you either keep coding and stay relevant or you go do something else completely. The rest is bs. But don't for a second imagine that companies aren't exploiting you by making you uneasy about your age or whatever else can be thrown in front of you to try and confuse, diminish, and lowball you.

4
mgkimsal 2 days ago 7 replies      
I wish folks like Bray had championed this cause 20 years ago. It may not have done much, but... it feels a bit weird to hear old people complain about discriminatory impact. I can't say he was a contributing factor to the ongoing 'youth culture', but... it wasn't hard to see this coming.

My situation may be somewhat unique, in that I've had grey hair since I was 18. Not a HUGE amount at 18, but... people noticed. By the time I was in my mid 20s, it was definitely noticeable - more pepper than salt still, but noticeable. By 30... there's a fair amount of grey showing. Early 30s I've got people thinking I look good for being in my late 40s (had that more than a couple times).

But when it came to interviewing and opportunities, I was already feeling the age stigma in my late 20s. "Not a cultural fit" - not even in silicon valley mind you.

Had someone interviewing me - early 30s - said "well your resume only goes back about 12 years or so, what were you doing before that?" "High school". "Whoah..." - later found out he's assumed I was mid 40s.

Could I dye my hair? Yeah, but.. it's a pain, and... other parts of me will get old too. Not worth it - want to get hired based on ability, etc.

What's sad is to hear about the mid 30s folks wanting to get plastic surgery to look younger, which just validates and perpetuates the continuous youth culture. May not be possible to fight it at the Facebooks and Googles of the world, but it shouldn't be this bad...

5
soared 2 days ago 3 replies      
I thought I was on medium.com.. You need to add a call to action to the end of your post! Add a short line - "if you've experienced ageism checkout these job listsing at /link" or "to see what I built visit /link" or something similar. Lots of lazy people want to click a link at the end of your post to see your site rather than trying to find a link in your profile or scrolling all the way to the top. Plus when someone inevitably copies your content, you get a free link.

I should make a site with marketing tips for devs...

6
CodeWriter23 2 days ago 2 replies      
@johnwheeler: Their loss for not hiring you.

I thought I was hot shit when I had 5 years under my belt, too, just like those whipper snappers. Took another 10 to recognize how full of shit that idea was.

I think there's a certain niche that wants to hire experienced, disciplined and reliable "old" geeks like you (or actual old guys like me...still grinding code at 50). Looks like you're going to own it. Well played.

7
dbdoug 2 days ago 1 reply      
FWIW, I just turned 70 and I'm still being offered more coding work than I want. It is VBA, though :)
8
jondubois 2 days ago 0 replies      
It sounds like everything worked out perfectly for the author on that fateful day. What are the odds that a stranger saw the author's initial (unsuccessful) post in the HN 'new' section and decided to write a whole article about it, post it to HN (with a link to the original form) and that this new post made it to the front page... Then it crashed... But thankfully there was an HN moderator on that day who cared enough to edit the link to send users directly to this form.

It sounds like the author made the most of it though, so I guess it's well deserved.

9
mrlambchop 2 days ago 3 replies      
Woah - did I miss the announcement that old is now 35 and above? Given the working range of professional engineers in the SF field, it sad that its not easier to invert the problem and build a Young-Fun-and-Full-of-Recent-Academic-Course-Material-Jobs.com.
10
mathattack 2 days ago 0 replies      
One of the reasons I want to work on OldGeekJobs is because Ive experienced ageism first-hand. Im only 37 years old, but I was rejected by a startup of twenty somethings a few months back.

Ahh - that first painful moment of, "Wait a second, I'm too young to be the victim of age discrimination!"

11
sparky_ 2 days ago 1 reply      
I hadn't seen this site before, and I think it's a great idea. Though I'm young, I am certainly terrified about the trend of age discrimination in the valley - after all, we all age! I'm glad to folks trying to make a meaningful difference in the trend. Perhaps through good samaritans such as OP, those same twenty-somethings that reject so many qualified applicants on account of age will receive better treatment when they themselves reach 35 or 40.
12
rsp1984 2 days ago 5 replies      
spent an hour putting up a Google form and static site on a cheap Digital Ocean instance.

Now I feel like the Old Geek (I'm 32):

What's the deal with Digital Ocean? If the website is static and receives content by manual copy-pasting from a Google sheet (as outlined in the article), why bother with Droplets and Storage and all the other configuration? Why is good old web hosting (the kind where you just upload your html/php/js via FTP and it all just works) not good enough for this? Really curious.

13
jnevelson 2 days ago 0 replies      
I'm not even the target market (too young), and this is my favorite job board already. Very fast to navigate around - speed IS a feature! Also love how granular the locations are.
14
b_emery 2 days ago 0 replies      
Simultaneously a great story and proof of the value of an 'experienced' coder. Looking forward to seeing how far this goes!
15
econnors 2 days ago 0 replies      
I really like how the author posted the fake pricetag before spending time implementing payment processing - easy way to verify people will pay for it, low cost of experimentation. I've heard of other companies using similar strategies like a/b testing features that don't exist yet to figure out what they should build next.

Congrats!

16
RikNieu 2 days ago 2 replies      
I started a new career as a front-end developer at the age of 33(last year), so I have my age and lack of experience counting against me. I must say, I do worry about my future prospects a lot.

Hopefully sites like this can throw a bone to us old dogs out there.

17
drieddust 1 day ago 0 replies      
Thanks for sharing this. If not finest then quickest example of idea -> MVP -> Product I have seen so far. I applaud you for the brave decision of putting it out there.

On the contrary, I always end up planning endlessly. Evaluating the best framework, best UI, best architecture and actually end of doing nothing.

18
Jetroid 2 days ago 0 replies      
Shrewd, this story is just going to bring more visitors. :-)
19
pjlegato 2 days ago 1 reply      
Great, I love that this worked out!

What's the purpose of backfilling jobs from StackOverflow -- is it just to make the site look less like a ghost town? Aren't those not necessarily old-geek friendly jobs?

20
K-Wall 2 days ago 1 reply      
Awesome story! Just as a heads up with uBlock Origin in Chrome on macOS one is greeted with a header followed by a white page. Everything loaded with once I shut it off.

http://i.imgur.com/Ovbi0ic.png

21
avip 2 days ago 1 reply      
I don't get something - 37 is now considered "old"?Is this some kind of millenia neolang?
22
hyperknot 2 days ago 1 reply      
Congrats for doing this and writing so honestly about it! But why only $1000? There are 134 "green" jobs * $50 which would be $6700. Or the Stripe integration was added that much later on?
23
morganvachon 2 days ago 1 reply      
Fantastic job and a great service!

One thing: The linked article states that you started on October 15th, but the screenshots indicate you started September 15th.

24
gggggggg 2 days ago 2 replies      
Just a idea which I am sure would be easy given what you currently have, femalegeekjobs.com
25
altitudinous 22 hours ago 1 reply      
Sir, a fine website, one that I cannot take advantage of because I am in Australia. However a minor point - I do have some difficulty seeing the pale green highlight around the positions, I believe it may be to do with my red/green colourblindness, common amongst men, it is almost impossible to see against the bold blue. If you are feeling creative maybe you can change the colour of the highlight to a different less pale green or another colour. Thanks again for your site and congrats on your success. Cheers.
26
exlurker 1 day ago 0 replies      
I like the simplicity of the site! But how about some more contrast on the body text. For us old geeks, you know.
27
sparrish 2 days ago 0 replies      
If you really want us old geeks to use it, you need a command line interface.
28
nextos 2 days ago 1 reply      
It's a lovely story. I bet there are tons of similar ideas that can succeed with a quick MVP and a bit of ingenuity.
29
quaffapint 2 days ago 1 reply      
I just joined a new company and I feel a little reverse-ageism from my part. My team and most of the company employees are at a younger point in their life. After leaving a company where I could talk to people about kids the same age as mine and such, I find it all a little unnerving and uncomfortable. They've been fine and I imagine once I've been there awhile it will be ok, as I still have people outside of work to talk to, but it will take a little getting used to.

Also - When I search for 'c#' it seems to filter out the '#'.

30
Jugurtha 2 days ago 1 reply      
Awesome.. I remember reading your first post and finding the idea neat but also saying in my head, with amusement: "right, everything is easy when your name is John Wheeler".

Archibald.

31
Lxr 2 days ago 0 replies      
I love how simple and clean your site is, I would use it just because of that. Nice work!
32
drdoom 1 day ago 0 replies      
Congratulations on seeing the opportunity and quickly moving to do something about it. It is unique enough at first sight that you got early coverage in the press, which is very helpful.

Quick question: I did not see anything unique to "old geek" in the website, other than the URL of course. I guess it is an implicit assumption by both job seekers as well as job posters.

On that note, where would this concept be headed if other job sites added a simple attribute called age (or something similar but more palatable) where job posters could specify their preferred age range, and job seekers could search on it?

33
up_and_up 2 days ago 1 reply      
Awesome work! As a 34 year-old I can't believe I am faced with impending discrimination, but I guess its true. Thanks from my future self!
34
mikemikemike 2 days ago 1 reply      
I wonder if the problem is specific to ageism in individual contributor roles. I've worked at a few startups where maybe 1/3 of the product team was over 40, but I can only think of two coworkers over 40 who didn't have any direct reports. Do we find ourselves wondering why an individual hasn't "advanced" to a management position after 10+ years?
35
Lord_Zero 1 day ago 0 replies      
What I really like about this is how the interface is so dead simple. It could be the Craigslist of job postings with the $50 barrier to entry to filter out shitty posts. My advice is to not overdo it with features and KISS.
36
jxramos 2 days ago 0 replies      
Glad to see things taking off via HN community. Keep up the good work.
37
life_is_short 2 days ago 1 reply      
I found a bug.

Job postings aren't sorted by date correctly. For example https://oldgeekjobs.com/jobs/California?page=2 shows jobs posted '2 days ago' while the front page shows jobs posted '30 days ago'.

38
anotherevan 2 days ago 0 replies      
I was going to make a snarky comment regarding if this site is for old geeks, then the blog should have an RSS feed, but if you go from the article to the blog's home page the RSS feed is there. :-)

Are you planning to open this up for areas outside the USA? (Australia here.)

39
the_watcher 2 days ago 0 replies      
This is great. Great idea, and an extremely good example of building just an MVP and going from there.
40
happy-go-lucky 1 day ago 0 replies      
On one hand, I'm getting older. On the other, my skills are getting better. The younger people I work with can't keep pace with me. And, my employers aren't unaware of the fact that it indeed is a zero-sum game, so my age (early 40ies) has never been an issue so far. I believe there're and will be many employers who look at nothing but what you bring to the table. As a businessman, you wouldn't be foolish enough to hire only noobs.
41
JoblessWonder 2 days ago 0 replies      
Great site! And thanks for taking my feedback in stride about the "tell people you heard it on oldgeekjobs.com" not being appropriate for the scraped jobs! The change (along with prioritizing paid ones) looks great!
42
shostack 2 days ago 0 replies      
What are your marketing/PR plans now that you've gotten a few major press hits?

All too often people aren't ready for the buzz when it comes, and see a sharp spike that then falls off a cliff once the buzz dies down.

43
tudorconstantin 1 day ago 0 replies      
Idea to make even more money (if you get billionaire on it, please make me a millionaire also :) ): there are services that post jobs to multiple job boards. Create an API they could hook your site in easily and offer them a 20$ discount, so they can offer your service to their customers for 40$ and can also win a 10$/job posted to you.

Examples of such sites that come to mind are ziprecruiter.com and broadbean.com

44
xupybd 1 day ago 0 replies      
Any chance of opening this up to other countries?
45
encore2097 2 days ago 0 replies      
Awesome and congrats!

how'd you make those sweet gif screen caps?

46
mountaineer22 1 day ago 0 replies      
Excellent job.

It is great to see the birth of an idea and watch it grow.

Thank you for sharing with us. It is greatly appreciated.

47
JonoBB 1 day ago 0 replies      
Well done and nicely executed!

That early "Hacker News Effect" really got you off to a roll, and you made the most of it. Have you ever thought what would have happened if that Wordpress write-up was not created, or didn't get such a good response on HN?

48
adolfoabegg 1 day ago 0 replies      
Congrats John! this is perfect example of how ideas should be tested and developed. Loved the story!
49
xn 2 days ago 0 replies      
All new job listing sites should follow the lead of AngelList and StackOverflow, and include a salary field.
50
madshiva 1 day ago 0 replies      
Great! Congrats! I'm 33 and I start to feel old too when applying to some jobs and when I see what you did this boost my motivation too! don't stop!
51
alpeb 2 days ago 0 replies      
Love the concept and the site. Minor gripe though, that I also find in most job boards: searching for Scala also gets me all the entries with the word "scalable" in them :-(
52
santa_boy 2 days ago 1 reply      
Wow thats cool! How are you actually getting end user views? Is it through the PR articles or do you have a plan in mind?

What is a "faux price tag"? :-) .. how does it work?

53
ge96 2 days ago 0 replies      
Once you grew/adapted to the growth is that $1000/mo still profit or overall earnings?

Awesme btw posts like these inspire me, damn what is the next problem to solve.

54
radious 1 day ago 0 replies      
I think this a great idea but why would anyone pay for posting an ad? There're many free-to-post sites already.
55
sharemywin 1 day ago 0 replies      
I think your definitely on to something. I can't wait to see how far you take it.
56
dannylandau 1 day ago 1 reply      
Don't get it, how do you know that age discrimination is not at play with the jobs listed on your site?
57
alexdumitru 2 days ago 1 reply      
The jobs don't load with uBlock active.
58
tracker1 2 days ago 1 reply      
If there's an insistance on a fixed-width font for the site, I really wish it was something more like Consolas/Inconsolata etc... The job descriptions are nearly unreadable on my display, lighter gray, with a relatively thin font weight.
59
ebel 2 days ago 0 replies      
made my day.
60
elkhourygeorges 2 days ago 0 replies      
Awesome!
61
Annatar 1 day ago 0 replies      
What about reverse job postings, where old people could post what they can do, and where they want to work?
62
fm328 1 day ago 0 replies      
congratz and great work!
5
Image Synthesis from Yahoo's open_nsfw gitlab.io
797 points by brakmic  1 day ago   154 comments top 37
1
niftich 1 day ago 6 replies      
This is absolutely fascinating.

It's mesmerizing to see this NSFW detection applied in reverse, and it's even more interesting to observe your mind react to the generated images. You can see the sort-of-mons pubis patterns, the maybe-pubic hair, the perhaps-breasts and the suspiciously phallic appendages, complete with realistic colors.

Interestingly, all exposed skin suggests that the training dataset for the NSFW detection was skewed towards caucasians, given how the synthesized images are near-completely devoid of skin tones other than light pink. Perhaps this is a good visual indication of unintentional 'bias' in datasets?

2
WhitneyLand 1 day ago 4 replies      
Some of these images and those from similar projects could be in an art gallery. They are art; provoking original, emotional, responses.

Most people hear about self-driving cars, but not about the fact that machines have already begun to emulate human creativity in the most intimate way. For a while, this secret assault on our uniqueness will stay among us.

3
noam87 1 day ago 2 replies      
I am always blown away by how eerily similar these generated NN images are to the visuals experienced under psychedelic drugs. Moreso than any artist's depiction (and there have been plenty of those)... they just have the same "feel". Which of course leads one to the inescapable idea that there is a fundamental relationship here.
4
viraptor 1 day ago 4 replies      
Some of the more abstract images at the beginning really remind me of Beksiski's paintings. (some NSFW, but good, dark art overall) https://art.vniz.net/en/beksinski/ There's just enough of abstract ideas and randomly included genitalia.

(now I really wish someone did a Beksiski + photos mixer... there's ~240 samples just on that site)

5
kolokolo 1 day ago 1 reply      
I'll have 2 tickets to the dick concert thanks.
6
mgraczyk 1 day ago 2 replies      
We're witnessing the beginning of an entirely new form of pornography. I can easily imaging a XYZ Porn website adding an "Artificial" or "Neural Dream" porn section.
7
codingdave 1 day ago 0 replies      
They have automated the surrealist movement. Which goes pretty much directly against the philosophy underlying the surrealist movement. Which the actual people involved with it would probably approve of, as they mostly all moved on from it anyway.
8
dsl 1 day ago 1 reply      
This is one of the most disturbing things I couldn't stop reading.
9
gabrielgoh 23 hours ago 2 replies      
By popular demand, I've added more pictures!

https://open_nsfw.gitlab.io/more.html

10
MasterScrat 1 day ago 1 reply      
Could this be used to insert a "subliminal" touch to an image?

Eg you make an ad that looks innocent, but that would fool your brain into thinking it's sexual if you just scan the page containing it?

11
yoodenvranx 1 day ago 3 replies      
Has anyone ever thought about using all of reddits porn subs for machine learning? There must be 10s (or even 100s) of thousand of images (kind of) neatly organized by gender, boob size, ass size, skin color, age, ...
12
gomijacogeo 1 day ago 0 replies      
They've figured out how to synthesize OMNI magazine covers.
13
TheGorramBatman 1 day ago 0 replies      
Shoulda called it "Deep Dicks" or something.
14
shahar2k 1 day ago 1 reply      
I would LOVE to see what happens if you feed it clearly NSFW images as the source, and let the network optimize for SFW instead
15
boxcardavin 1 day ago 0 replies      
Fascinating, I'm curious to see if any of the tech press or even mainstream press pick up on this. If they do, will they pixelate the sample images??
16
ris 16 hours ago 0 replies      
So what about optimizing NSFW originals to make them appear "SFW"? What would such a thing look like? Presumably the skin tones would be the first to go.
17
bcoates 1 day ago 0 replies      
I'm seeing Roger Dean (of the Yes album covers) or maybe "Heavy Metal".

Whatever Piaget stage prog rock is, AI has reached it.

18
k_sze 1 day ago 0 replies      
I wonder if it would make it hard to find this project via Yahoo's search engine. That would be sweetly ironic.
19
whitehat2k9 1 day ago 0 replies      
"Not surprisingly, the results of the optimization are clearly pornographic."

Just about spit out my food.

20
kapitza 1 day ago 2 replies      
Georgia O'Keefe has already contacted her attorneys...
21
_wp_ 19 hours ago 0 replies      
22
lizzard 22 hours ago 0 replies      
It seems possible to put other, not-porn images of people into the hopper and spit out an endless stream of perturbing, semi-pornographic trolling. That will probably happen, despite it being an awful idea, and it could even become commodified.
23
sdfjkl 17 hours ago 0 replies      
Sometimes the amount of time and effort we waste on enforcing outdated morals on other people astonishes me.

Still, we get abstract genitals as a side effect.

24
phjesusthatguy3 14 hours ago 0 replies      
The output looks like something Harry would have run across going through the apartments in Silent Hill 2.
25
calsy 1 day ago 0 replies      
H.R Gigerish.
26
triplesec 13 hours ago 0 replies      
Perhaps predictably, Facebook is censoring the URL by refusing to let you post it.
27
eveningcoffee 1 day ago 0 replies      
Is there are a good validation set of subtle examples of something being NSFW and SFW?

Especially considering that the subject is mostly defined as I do not know to how to define it but I definitely know it when I see it.

28
dluan 1 day ago 1 reply      
OK - does anyone know, how close are we to these trained neural nets passing the turing test for human creativity? Because I feel like we're going to pass it in my lifetime.
29
pweissbrod 15 hours ago 0 replies      
Seems to have bugs. I dont understand whats NSFW about Ted Nugent at a rock concert
30
spot 14 hours ago 0 replies      
similar results using a smaller set of inputs, 20 years ago:http://draves.org/fuse/
31
wodenokoto 1 day ago 1 reply      
i don't see any pictures in the link.
32
jlebrech 21 hours ago 0 replies      
so this could be used for an automatic nudity free chatroulette
33
egypturnash 20 hours ago 0 replies      
It's... it's a robot Dali Giger.

I love living in the future.

34
sgnelson 1 day ago 0 replies      
Talk about "...You'll know it when you see it..."
35
pearjuice 17 hours ago 0 replies      
So that's what they are doing at Yahoo these days.
36
Taniwha 1 day ago 0 replies      
ah ... so it doesn't dream of doggies then .....
37
h4nkoslo 1 day ago 0 replies      
Very HR Giger esque. Somehow more horrifying than the original.
6
Adding a phone number to your Google account can make it less secure vijayp.ca
562 points by vijayp  1 day ago   289 comments top 63
1
exelius 1 day ago 9 replies      
> I'm curious [...] why Google doesnt temporarily disable accounts so impacted until a human reviews activity.

Because Google doesn't have humans reviewing anything unless there's a direct link to marginal revenue/cost avoidance attached to that interaction that can be priced in. Their business model is to achieve scale through automation and machine learning; which means not doing things that would require manual intervention unless absolutely required.

Explicitly, this means that for free services like Gmail, humans aren't involved. Ever. Try getting support for a Google product and you'll see what I mean -- there's not even a phone number to call or an e-mail address unless it's a paid product (and even then, they've got a less-than-stellar reputation for support of paying customers).

2
balls187 1 day ago 8 replies      
Recently my wife, without any identification, went to Tmobile and was able to have my account automatically canceled and added to a new joint family account.

She went with my knowledge, but TMobile never called to confirm.

After which my phone no longer had service, and I had to install a new sim card prior.

While she did this with my knowledge, I no longer have access to make changes to the account, until she adds me to the list of authorized people, and I lost all my voice mail.

It's very disturbing that she could do this, without any sort of checks and authorization.

Also, FWIW, my wife and I do not share a last name, and she did not provide anything other than my phone number to TMobile. She was a new Tmobile customer, and I was an existing customer, albeit on a very cheap pre-paid plan.

3
Sir_Cmpwn 1 day ago 1 reply      
>Eventually, with the help of Googles customer support and some ex-colleagues who still work at Google, Bob was able to get his account back.

I bet I know which one of these resources was more important.

4
x1798DE 1 day ago 5 replies      
I don't think it's possible to make a Google account without a phone number anymore. It's really unfortunate, especially because I deliberately don't set up fallback contacts for my "alternate" gmail accounts, and Google keeps locking them as suspicious when I log in from a second location, and I need to "verify" with a phone number any time that happens (at which point I abandon the account).

I understand that they want to fight spam, but I'd be willing to spend 5 minutes doing captcha type activities in exchange for not requiring a phone number, and that should pretty severely rate limit account creation.

5
nchelluri 1 day ago 2 replies      
What I recall reading over the last year is that:

- phonelines can be hijacked (this article)

- DNS can be hijacked in a similar manner

- SMS can be hijacked (for 2FA via text message)

I guess 2FA using an authenticator app is the way to go for now. Do you guys agree with the removal of backup phone numbers recommended here? Seems reasonable to me but scary; I've lost my phone(s :( ) before. I do have backup codes generated though.

6
jcoffland 1 day ago 3 replies      
> This pattern seems like something security software should be able to detect: a password reset with incomplete information, followed immediately by a change in recovery email, name, and two-factor-auth settings, coupled with a my account has been compromised help request is highly suspicious.

This series of events could easily occur in legitimate cases. Say you lose or destroy your cellphone. Since you only ever logged in via your phone you don't know the password. Your recovery email was attached to a service you don't use because you normally use gmail. I'm not saying this scenario is a good idea just that it's probably quite common.

As a software developer I often hear from well meaning users that are appalled that software didn't do-the-right-thing in some complex scenario that appears to have an obvious solution because the desired outcome in obvious. In reality, handling the corner cases is complex. Adding these obvious solutions to the code easily leads to even worse situations.

7
jsingleton 16 hours ago 0 replies      
If you are ever required to give a phone number but don't want to then you can use an official fictional one. This means no-one else will have access to it (or be annoyed by it). Same with email addresses.

If you need access then you could use https://smsprivacy.org or https://dtmf.io. I've not tried these though. Or of course you could build something yourself with https://www.twilio.com or https://www.nexmo.com.

I wrote a bit about this here: https://unop.uk/phone-numbers-for-examples-and-user-identifi...

8
Pym 1 day ago 0 replies      
It's not the first time that Verizon transfers an account like this...

Have a look at this other story from last month, "On Phone Numbers and Identity":

- https://medium.com/the-coinbase-blog/on-phone-numbers-and-id...

- https://news.ycombinator.com/item?id=12597609

"It turns out the attacker was able to impersonate the employee on a call with Verizon"

9
peterjlee 1 day ago 0 replies      
Once I had my SIM card stuck in my phone. So when I wanted to use a different phone, I bought a new SIM card kit online and brought it to a T-mobile store. I told the clerk my SIM card is stuck in this phone so I want to transfer my number to the new SIM card. He asked for my phone number then scanned the new SIM card and transferred the number. I didn't have to provide any identity or proof that I actually own the number. It's scary how easy stealing someone's phone number can be.
10
SamBam 13 hours ago 0 replies      
One thing that I don't see mentioned: The attacker doesn't need to know the victim's email address or even name, if they have a compromised phone number.

If you go to mail.google.com and say "Find My Account," you can enter a phone number directly, and then proceed with SMS-based recovery, if it's enabled.

This means that any time an attacker gains access to a phone number, they can plug it into gmail and fish to see if they can break in to an account.

11
wfunction 1 day ago 1 reply      
Kind of related, but any Googlers here? Can you please make Google send notifications whenever someone tries to log in to an account and is required to do anything other than typing in their username/password? I REALLY should know when someone is trying to respond to a 2FA prompt or answer my security questions or use SMS or email to reset my password... it's ridiculous that these don't all result in emails right now.
12
proee 1 day ago 0 replies      
Another issue with sending Google verification reset codes over SMS is that a lot of "Google Phones" allow for viewing text messages/headers while the phone is "locked." Therefore if you leave your phone (even for just a few seconds), someone could quickly gain access to the reset vectors. In looking at the DNC leaks for example, if an attacker had the phone number of a high-profile target, locates them in person, and then execute a reset "event", they're now in very serious jeopardy, assuming attacker gets physical access to the target's phone for just a few seconds. (Edit: Attacker might have the ability to also view their phone through a high-resolution camera(s) as the target pulls up the text message. Thus allowing attacker access to codes without physical access to device.)
13
throw7 1 day ago 2 replies      
Google seems to think phones are very secure:

https://support.google.com/accounts/answer/183723

Why mobile phones are more secure

Your mobile phone is a more secure identification method than your recovery email address or a security question because, unlike the other two, you have physical possession of your mobile phone.

14
FullMtlAlcoholc 1 day ago 0 replies      
>Eventually, with the help of Googles customer support

That he was able to contact someone at customer support for his Gmail account was the most amazing thing in this article!

> and some ex-colleagues who still work at Google,

:( That's why

15
cantrevealname 1 day ago 1 reply      
Using a phone as a login credential is risky from a reliability point of view. At least with passwords and security questions you can (in theory) have 100% dependable access to them anywhere in the world if you memorize them, back them up, or put them on an encrypted USB flash drive or in an encrypted cloud location.

You can't do that with a phone. You can't duplicate your SIM card. If your phone is lost, broken, stolen, or your service is cut off or unavailable for whatever reason, you're screwed. At least with passwords, security questions, or hardware tokens (of which you can have several), you maintain reliable access no matter what if you've made backups.

16
keyme 1 day ago 1 reply      
This doesn't even take into account how inherently insecure are actual mobile networks. Human factor notwithstanding.

Using GSM? Your recovery code is sent essentially plaintext over the air.

Think you're not using GSM? I'll just follow you around until you are (say, if you go out of town).

Since I'm already following you around, maybe I'll just jam your 3G/4G for a minute. Save us the waiting around.

Disabling 2G on your phone is a shitty solution. I want to be able to receive calls/SMS even if it's insecure.

TL;DR:

My account -> Sign-in and security -> Signing in to google -> Account recovery options -> Recovery phone -> Remove number

17
willvarfar 1 day ago 0 replies      
Phone diversion can also be used to confirm large bank transfers; this happened to a friend of mine in 2012 http://williamedwardscoder.tumblr.com/post/24949768311/i-kno...
18
darkhorn 1 day ago 2 replies      
In Turkey, if you apply for a new SIM card (let's say you have micro and you want nano) then you cannot access your bank account (for example Garanti Bank, probably other big banks too). Doesn't matter whether you try to access the bank via your PC or phone or via your home telephone, a massage appears saying that your SIM card has been changes and thus you need to re-validate yourself. So, this means that the banks and mobile operators share data.

Plus, if you apply for a new SIM card and you have a changed information in your ID, such as your father's has changed his name or you have corrected your birth place, then your ID is send to the government and only when the government gives a permission then they can give you a new SIM.

If you are not the owner of the SIM card no one talks to you.

If you want a new phone number then you must register with your ID.

19
cupantae 1 day ago 0 replies      
Huh. I wonder if the author had seen this video https://m.youtube.com/watch?v=Q00OZ_Xk24w which describes a similar story and recommends a solution based on the same factors (2FA on a number no one knows under a fake name).

But anyway I don't understand why he thinks it's some kind of shocker that this makes it less secure. It's another access method. Recovery options are obviously attack vectors.

20
zitterbewegung 1 day ago 6 replies      
Adding a phone number that people KNOW about can make it LESS secure. A workaround is to get a phone number that is only used for identity verification and not given out to anyone.
21
andyana 1 day ago 0 replies      
Two years ago, I added a friend on to my phone plan so that he could call his sick mother. I made it clear to Telus (my carrier) that he should not be able to modify the account or discuss account details with them, and they assured me that he wouldn't without both my PIN and express permission to add him to the account administrators list. Three months later he walked into a Telus store and got a new iPhone with a 2 year contract on my plan. When he stopped paying what he owed, guess who got stuck with the early termination fee?
22
baybal2 10 hours ago 0 replies      
This is how Russians hacked social media accounts and public emails of British MPs last year.

It is assumed that they procured IMSI IDs of MPs from open sources (databases of gaming companies (this why Google lets apps to read your IMSI) or advertising cookie brokers).

Then, they used Russian cell phone networks to announce a Roaming transfer of their phone numbers from BT to them and then used an SMS login and password recovery from their Snapchats/Twitters/Whattsups. Once they logged into them, it is believed that they downloaded past conversations and other data through synchronisation APIs.

Back then, Google only confirmed that they did sent a recovery SMS to one account, but hackers didnt manage to answer a security question. This probably deterred them from attempting to try the same trick on Google accounts of other MPs whose numbers they pwned, or maybe Googlers simply made that up to cover their asses.

Amazingly, many cell operators dont check the digital signature on roaming requests, nor require the roaming counter-parties to pass them through.

23
angry-hacker 1 day ago 2 replies      
Can Americans explain me how can you just do things like that by calling customer support? Wouldn't it make more sense to go and show your ID if you want to make changes like that?
24
abandonliberty 12 hours ago 0 replies      
These are recovery options. By definition they make your account less secure by adding additional entry points for both you and a potential attacker.

I have 2 factor enabled and did some testing.

Security optionsAccountRecovery email (phone # disabled)2 factorRecovery phone #, backup codes

All of these require you to provide them. Phone number is given as XXX-XXX-XX12. Email is userna*@domain.com.

Failing all of those options, Google asks you to provide an associated email to help with recovery. It then provides a freeform text field for you to explain the situation and expect a response in 3-5 business days. If you have a secondary less-secured email address this could be a viable vector.

tl;dr two factor seems to add an additional layer of security / accounts that an attacker would have to compromise if appropriately configured. Recovery options weaken your security and you should be cautious when configuring.

25
camupod 1 day ago 1 reply      
Does anyone know anything about the security with regard to using other providers (e.g. twilio or google voice) as a recovery number?

Let's say my recovery number is actually a google voice number that's connected to a separate google account, but not forwarded to my actual cellphone (i.e., I'd have to login to my other google account to view the recovery code). Thoughts?

26
billconan 1 day ago 1 reply      
I have this weird thing in my google account.

When I set up my 2 way authentication, I noticed my account has a phone number added, which I don't recognize at all. The phone number has a Florida area code. I have never been to Florida. I emailed google about this, asking how the number was added? I didn't get any reply.

27
metabren 1 day ago 0 replies      
I imagine adding a phone number to your Google account is more about Google having a particular phone number explicitly linked to an account for their information graph rather than for security reasons.
28
hash-set 1 day ago 1 reply      
I always thought Google was trying to tie your gmail account back to a cell phone number so they could help end anonymity on the Internet. Or else give the information to the NSA or something. I'm trusting Google less and less these days.

At the very least, Google should not have come out in favor of a particular Presidential candidate. Corporations have become incredibly powerful entities, able to affect the lives of all their employees and many others. If they can't wield this power ethically, they need to be shut down or we risk suffering under fascism.

29
bikamonki 1 day ago 0 replies      
Google fills my droid with bloatware. Even worse: all of Google apps will not work without Google Play Services which is a super abusive app: among other things, it logs ALL MY ACTIVITY 24-7. So, if Google already runs apps with such privileges, why not adding a small app that mimics Whatsapp SMS verification. After verifying that a given SIM is installed on the phone where my Google account has been authenticated, it can establish a secure tunnel to send me 2FA codes. If a hacker would clone my SIM and even have my Google password they can prevent login until I grant permission from the first install/verification. Should I lose/change my phone, Google would not allow a second verification unless a pin is entered (which I created on the first SIM verification). Another aproach that avoids the pin number would be a delay before authenticating the second install. If I get 24hrs and a notifcation that I have logged-in on a second device, I certainly have enough time to fix any possible hack.
30
leesalminen 1 day ago 0 replies      
I bought a Yubikey for $40 and now use that as my second factor for my Google Accounts. It's quite durable and fits on my keychain. Love it!
31
rohitarondekar 1 day ago 0 replies      
Would using a dedicated phone number (sim) that is not shared with any other service protect you from this? Basically nobody besides Google and you would know of this number. In India dual sim phones are very common and I've been thinking of getting a second sim (phone number) for this purpose.
32
josefresco 18 hours ago 0 replies      
"there's not even a phone number to call or an e-mail address unless it's a paid product"

Well duh. What kind of support should Google offer to almost a billion users that pay nothing for the service?

"(and even then, they've got a less-than-stellar reputation for support of paying customers)."

Not from my experience. Have had to call them a handful of times on behalf of clients. A human always picked up quickly, and resolved my issue or answered my question. Also followed up.

33
buyx 1 day ago 0 replies      
SIM swap fraud has been common in South Africa for years, and bank accounts were being cleaned out before the cell networks tightened their procedures. Yet I've started to see reports of similar scams in the developed world.

I'm surprised that anyone is surprised by this. Perhaps the time has come for a more global approach to security.

34
nfriedly 1 day ago 0 replies      
I think that for a lot of people, the added access is worth the security risk: they're more likely to forget their own password than to be hacked.

One of my moms friends had gone through the Gmail password reset process a few times, but she but she called me one day kind of frantic because she could no longer reset her password (or remember the old one).

It seems that previously Google had allowed either a phone call or an SMS to the phone number on her account, but had recently taken away the call option. Her phone was a landline that couldn't receive SMS messages.

She didn't have (or couldn't access) a backup account and couldn't remember the answers to any of her security questions, or at least not enough of them.

I think she just gave up and switched to Yahoo.

35
whyagaindavid 20 hours ago 0 replies      
@vijayp Please retitle your post to add "In North America, anyone can take anyone's phone number". BTW arent any of hackernews readers worried?
36
Spooky23 15 hours ago 0 replies      
I wonder if having having a really shitty prepaid carrier for this purpose or a commercial account is a viable strategy?

A lousy MVNO is impossible to contact in any situation. Usually with business accounts the carrier refuses to talk to anyone except the designated account manager.

37
walrus01 1 day ago 0 replies      
SS7, phone numbers and telco stuff are built on trust, with a 1970s/1980s business model when the only people messing with the system was the ILEC.

It's trivially easy to fake scanned documents proving that you're authorized to port a phone number from one service to another. In this case there was probably no SS7 messing about at all, just somebod falsifying the info or socially engineering his cellular carrier to transfer the number to a new phone. Mitnick's "Art of Deception" book is an authoritative resource on this problem.

38
johnjhayes 1 day ago 1 reply      
>Bob didnt have multi-factor authentication enabled

even if enabled, if it was set to send the code as sms it would go to ... the phone :-\

39
spiznnx 1 day ago 1 reply      
What are the security implications of using my google voice number as a backup phone number to my google account (the same account)? I've been doing this for a few years, and its been very convenient. Basically, any time I need to log in with a new browser or device, using the number for two factor SMS gives me codes on all other logged in gmail windows, and on my phone.
40
yAnonymous 20 hours ago 0 replies      
If telco providers are not taken to court for the damages caused by changing plans without any verification, why should they change their practices?

Complaining on the internet won't help in this case.

41
dragonwriter 1 day ago 0 replies      
AFAICT, and this is supported by the Google screenshot shown promoting the feature, Google doesn't say the phone makes the account more secure, it says that it makes the account more usable, since it provides a way to recover from lockouts. This is one of many cases where usability and security aren't aligned.
42
DINKDINK 1 day ago 0 replies      
Another case of an attacker using phone porting to attempt to compromise accounts:https://medium.com/the-coinbase-blog/on-phone-numbers-and-id...
43
mercora 1 day ago 0 replies      
i always failed to see why adding a phone number would be somehow more secure. However, i also knew this kind of attack was somewhat common for German online banking accounts using SMS TAN because service providers were easily convinced to send a new (second) sim card to a new address they would never heard of before.
44
ww520 1 day ago 0 replies      
The phone companies have horribly bad security practice. I once had a phone number taken over by someone. When asked, the phone company just said, oh, someone called in and wanted to take over the billing of the account, so we let him. WTF.
45
sairamkunala 22 hours ago 0 replies      
Doesn't google voice or a static number from Twilio solve the problem if one cannot get the service that is required from Google free accounts?
46
haser_au 1 day ago 0 replies      
TLDR: Telcos really are the weakest link, and you should not rely on your mobile phone number for 2FA.

Background: I have worked in IT Security at an Australian bank, and had close ties to the Internet Fraud department to help them understand fraudster's tactics.

Many banks use SMS for 2FA. Australia has a law regarding how long it should take customers to switching telco providers (called 'Porting' because your retain your phone number), and the timeframe in which this must be completed (90% within 3 hours, 99% within 2 business days). If the Telco doesn't complete in this time period, you can raise a complaint to the Telecommunications Industry Ombudsman.

Example: If you are currently with Telco A, to port your number to another company, you call Telco B and provide your details. They take care of the porting process, and you can have your service running on a new phone and SIM within 3 hours.

"All you need to have with you is your mobile number, the name of your old mobile provider, your account type (pre- or post-paid) and your account number. We'll handle the porting process from there. It can take from three hours to three days, but we try to do it as fast as we can."Source: https://www.cnet.com/au/news/switching-telcos-easier-than-yo..., 2012

To make matters worse, the fraudsters would then change the details at the new Telco B (i.e. my address is now 123 Rainbow Road, and my mother's maiden name is Smith, not Jones). When the victim called Telco B, when Telco A told them a porting request had been completed, they'd say "Sorry, we have no idea who you are and the details you're providing don't match our records". It can take days to sort the whole thing out, by which time, your Internet Banking has been compromised and funds transferred out.

This was a major problem for Australian banks, because they cover the losses for customers if you lose funds as a result of Internet Banking, as long as you weren't negligent (e.g. you left your Internet Banking logged in on a public computer in a library, or something).

If you are relying on your telephone number as a security mechanism, I would change to something else. Something you have, ideally (Google Authenticator, a physical hard token, etc.).

Sources:ACMA Porting Rules for Telcos: http://www.acma.gov.au/Industry/Telco/Numbering/Portability/...Example A: http://lifestrategies.net.au/wp-content/uploads/2015/03/Marc...Example B: http://www.itnews.com.au/news/45k-stolen-in-phone-porting-sc...Example C: http://www.news.com.au/finance/business/banking/customer-sca...

47
codedokode 1 day ago 0 replies      
This is serious problem. In some banks having access to a phone allows the attacker to login into a web client and transfer money from the account. And many web services rely on SMS as a method to restore the password.
48
shawn-butler 1 day ago 1 reply      
Is it possible to sue Verizon, TMo, ATT for their failure to to adhere to their own security practices for damages subsequent to a hack?

I think someone should try.

49
syphilis2 21 hours ago 0 replies      
Are there any startup email services that provide time-synchronized one-time-use passcode dongles with each account?
50
awqrre 1 day ago 0 replies      
And Google uses dark patterns to incite you to add a phone number and a credit card number to your account...
51
throw2016 1 day ago 0 replies      
I think with centralization comes control, arbitary rules, surveillance, potential for abuse of power and loss of end user control.

The fact that it keeps on becoming more and more difficult for individuals to run mailservers cannot be a coincidence.

The solution is decentralization at least for things like reddit, mail, search, social and other similar services. Multiple discrete 'old style' forums, search services, email providers and individual servers with dispersed control cannot be easily silenced, surveilled or subject to arbitary rules.

I think the usual response is people don't care but I think that's because they don't know and may not have stopped to consider the consequences. And perhaps more important before they didn't have to care. Now increasing creepiness from centralized providers means sooner or later users will wisen up.

If parents for instance become concerned about privacy issues they will go out of their way to protect their children and this can lead to new more privacy aware services, rules, and distributed applications. It also makes centralized unicorns based out of SV less of a desirable thing.

52
chris_wot 1 day ago 0 replies      
Two factor auth using SMS us increasingly becoming a risky option. For not I have it on my personal accounts, but I'm considering changing over to Google Authenticator.
53
nameisu 1 day ago 1 reply      
they only respond to charge backs from credit cards
54
emeidi 16 hours ago 1 reply      
I stopped reading here: "While Bob didnt have multi-factor authentication enabled"
55
bitmapbrother 1 day ago 1 reply      
>While Bob didnt have multi-factor authentication enabled, he had also heeded Googles suggestions to add a backup phone number to bolster security.

Ah, there it is. No two factor turned on.

56
hakcermani 23 hours ago 0 replies      
"He used a very strong password (which was never used elsewhere)"

Am wondering .. how was the attacker able to compromise the account ?

57
sumitgt 1 day ago 1 reply      
As a Project FI user, not an option unfortunately.
58
pm24601 1 day ago 1 reply      
I wonder if a landline is more secure from transfer?

Anyone know if the procedure for transferring landlines is more painful for fraudsters?

59
gambiting 20 hours ago 0 replies      
Ha! My telco in UK(giffgaff) does not have any phone customer support, so the only way anyone could ask for an account transfer would be through a webform....after logging in to my account. Doing which would also send a notification to my email address. Feels slightly safer now.
60
mtgx 1 day ago 0 replies      
Google does another stupid thing (or at least it used to do two years ago, but I think it's still doing it): when you pick Google Auth for 2FA, and for some reason you can't use it, you can still login to your account with an SMS code...

Like WTF Google? Any attacker could just as easily do that, too, anytime they want. As long as this remains true, Google Authenticator (or any other Google security measure that could easily by bypassed this way with SMS) has literally zero advantages over SMS, while retaining the disadvantages of being less convenient to use, etc.

61
ChoHag 19 hours ago 0 replies      
And this is a surprise because ... ?
62
esalman 1 day ago 2 replies      
How did Verizon move his services to an iPhone 4? Does it mean the attacker had physical access to his phone?
63
kibwen 1 day ago 3 replies      
I've also noticed that there's something very surprising about how Google has implemented their 2FA. When I log into Gmail from a new computer, it does not text me an authentication code and then lock me out of the account until I enter the code. Instead it lets me into my account immediately with only a password, and then sends my phone a notification that someone has logged in from a new computer. Ignoring this notification has no consequence for the logged-in computer. Convenient indeed, but this is really not how I expect 2FA to work, and does nothing to prevent an attacker from reading the contents of your emails or sending fraudulent emails with nothing but a password.
7
Samsung 'blocks' exploding Note 7 parody videos bbc.com
531 points by Lio  14 hours ago   194 comments top 37
1
nailer 14 hours ago 12 replies      
Wonder if the attention put on YouTube here will inspire Google to fix the financial and political 'infringement' takedowns.

Eg, during the takedown process, have something like:

> [ ] I understand that satire and political commentary does not in itself consititute copyright infringement, and that I am not filing this notice on the basis of the video satirizing or making commentary on my copywritten content.

> [ ] I understand that incorrectly flagging satirical or commentary videos that mention my trademarks but do not infringe upon my trademark rights may delay response to future infringement filings.

Or something similar. IANAL. Complainants must tick the boxes to be able to submit.

2
jMyles 13 hours ago 6 replies      
I love you all. :-)

Here we are again, and this thread is full of comments about whether this was afoul of DMCA or whether there's a way to adjust the system so that these claims will be more costly to the claimant.

We need to break open the head here, people! We're scientists, right? Step back from your political ideologies and your fears and tell me what the real problem is with this biological system.

Right: it's that a single actor can make the decision to censor these things. It's fundamentally a weak link problem.

Whether or not we fix DMCA, which I'm sure we will, we need to fix the problem that the weak link exists in the first place. A centralized Youtube will not do for the information age. Our organism must build immunity such that, no matter the tantrums of the state, nobody is capable of giving in and handing over the lollipop.

3
turblety 14 hours ago 6 replies      
By uploading a parody video of a Samsung Galaxy exploding, I don't understand how there is a law being broken? Can someone explain how this is a copyright issue?
4
abdias 11 hours ago 0 replies      
It's a funny story but also shows how pathetic (IMO) some companies and organizations become. They just don't realize the cat is already out the bag. "Damage control" should not be used for censorship. This is clearly fair use (satire).

And in general about YouTube and similar companies: This is what happens when the court principle of innocent until proven guilty is inverted to be guilty until proven innocent.

There is a reason why freedom of speech is the first amendment in the US constitution, and Google (and other companies) should adhere and respect the intentions behind it.

5
merb 13 hours ago 0 replies      
The good thing is, that after they blocked it. It appears EVERYWHERE in the news, so EVERYBODY see's it. Instead of some people (gamer community).

The block backfired.

6
mattnewton 12 hours ago 2 replies      
Oh boy, Streisand effect in full swing. Block a YouTube video and now get to the front page of the BBC.
8
Jabbles 13 hours ago 2 replies      
9
jnagro 14 hours ago 2 replies      
Satire is fair use. Someone should sue Samsung, Get Lawrence Lessig on this!
10
haterz187 11 minutes ago 0 replies      
I would love a note 7
11
vlunkr 12 hours ago 0 replies      
I feel like the best thing Samsung could do for themselves right now from a PR perspective is just apologize and shut up.
12
warrenmiller 14 hours ago 4 replies      
methinks this will only lead to the barbra streisand effect.
13
msh 14 hours ago 3 replies      
Is there a major mobile phone producer with lower morals than Samsung?
14
zeroer 9 hours ago 0 replies      
I never would have seen the video without the 'block'. Thanks Samsung, that was funny!
15
mooveprince 13 hours ago 0 replies      
16
technifreak 10 hours ago 0 replies      
Maybe this has nothing to do with DMCA and more to do with Samsung spending millions of dollars in advertising on Youtube (speculation). If one of your major sponsors threatens to pull back advertising dollars, that supports your platform, maybe you bow to their requests. Maybe.
17
Keverw 12 hours ago 0 replies      
I don't know what's the most abused laws are, but I'd say copyright would probably be in the top 10 list if there was such a list. I wish people who abuse copyright takedowns repeatedly would get a large fine. Then the fine should be split between the uploader and service provider. Plus the takedown abuser should have to pay all legal fees on top of the fine.
18
frostirosti 9 hours ago 0 replies      
This is the abuse of the copyright system people warned about and YouTube downplayed.
20
sidcool 12 hours ago 0 replies      
Such attempts have rarely gone successful in past. May be the Streisand effect will be known as Samsung effect
21
hyperhopper 6 hours ago 0 replies      
There seems to be a lot of people saying the government should do something about this.

Keep in mind, this is not related to DMCA or copyright at all: this is a software system in use by a private company. No laws were broken, it is just extremely scummy behavior.

22
vermontdevil 10 hours ago 0 replies      
Like it'll work?

With Halloween coming up, expect plenty of pics and videos of people wearing Samsung Note 7 wrapped around them as a suicide vest.

23
Gaelan 4 hours ago 0 replies      
Better title: Samsung sends copyright claim for exploding Note 7 parody videos
24
jmclnx 10 hours ago 0 replies      
I guess Samsung will keep a lonely Sony company on my "do not buy list", too bad. BTW, in the US, last I heard Parodies is a protected form of speech. So I think DoctorGTA has the law on his/her side (assuming he is living in the US).
25
Vaebn 6 hours ago 0 replies      
Naturally I now want to see all of them.
26
robertjwhitney 10 hours ago 0 replies      
Boy, this is really going to blow up in their face.
27
jaimehrubiks 11 hours ago 0 replies      
So this means that Samsung could ask that any video which shows their phones to be removed from the internet? Because it is a copyright claim...
28
zelon88 10 hours ago 0 replies      
Have they never heard of the Streisand effect?
29
jamesjyu 11 hours ago 0 replies      
I even heard Obama making a quip about the Note catching fire. Are they going to send him a reprimand as well? :)
30
joesmo 10 hours ago 0 replies      
This is why we need strict, very harsh penalties for abuse of copyright (and patent laws). This has NOTHING to do with copyright, yet these Samsung assholes file claims with Youtube? How about 1% net revenue fine for every wrongful copyright claim (like, but not limited to, a bad DMCA claim), increasing by 1% (with no limit other than at 100% you lose the business) for every wrongful subsequent claim? But of course, this will never happen. Personally, I see these kinds of attacks as justification for piracy and the willful disobedience of our incredibly stupid laws (in the US).
31
smegel 2 hours ago 0 replies      
How do you say Streisand Effect in Korean?
32
teekert 14 hours ago 1 reply      
I love such news, their comment threads are the best source of funny Note 7 jokes :)

I can't find it now but I saw an image of a terrorist with a Note 7 belt under his jacket. Nice.

Why can't they think of a fun way to deal with this PR disaster, how hard can it be? Jeez what are they thinking??

33
aerialcombat 8 hours ago 0 replies      
Typical Samsung
34
Pyxl101 10 hours ago 0 replies      
Here are a couple of the videos with what I believe is the content:

https://www.youtube.com/watch?v=enK5XGETCZM

https://www.youtube.com/watch?v=fQjAM94W23Q

35
andrewclunn 13 hours ago 0 replies      
Internet censorship concerns, video games, faulty technology, and a big tech firm threatening legal action... No wonder this is top ranked on Hacker News.
36
gok 12 hours ago 2 replies      
Why would Google want to leave up a video that ridicules their top hardware partner? YouTube isn't a public service.
37
siculars 10 hours ago 0 replies      
These people are so dumb and just don't get "it." Samsung is so dumb, they are very dumb, for real. So dumb, so dumb, so dumb, so.... they climbing in your windows trying to rape your GTA and youtube accounts. ([0])

All this is going to do is encourage tens of thousands of young kids to figure out what things like "DRM", "free speech", "EFF", "privacy", "copyright" and the like mean. Maybe we get a few good lawyers out of this, a lot of great parody and a lot of great art.

[0] https://www.youtube.com/watch?v=mEAKsaQOCpQ

8
LTE Has Slowed by 50% in the US This Year twinprime.com
481 points by wkoszek  2 days ago   159 comments top 31
1
franciscop 2 days ago 4 replies      
A quick reminder that 4G != LTE. The 4G specification requires a minimum speed [1] so LTE was launched to avoid exactly this minimum. It seems that the companies did it right by launching LTE instead of 4G as they could have lost their 4G status, while now they could drop as low as 3G speeds and still be called LTE (which is ironic on itself).

This wasn't commented at all in the article, using 4G and LTE interchangeably which I find troubling.

[1] 100Mbit/s for high-speed transit areas and 1GBit/s for low-speed transit areas, https://en.wikipedia.org/wiki/4G#Technical_understanding

2
josh2600 2 days ago 0 replies      
Traditionally the way that carriers deal with bandwidth congestion is to wait until people start screaming (and networks start breaking) before they invest in innovation. There are a bunch of technologies that could ease congestion and deliver significantly better wireless performance but they would require an investment that doesn't make sense for carriers (it's not like carriers can extract more money from you if the network is better...).

That is to say, subscriber ARPU does not increase with network investment, so why invest in the network until it becomes a drag on subscriber growth?

Source: I was a manager at ATT when the network in San Francisco basically died with the introduction of the iPhone 3G. It stayed that way until ATT added new towers and upgraded the software on the towers for better spectrum utilization.

3
rosser 2 days ago 4 replies      
Living in SF, I haven't really noticed this, which the article bears out. I was actually just commenting in one of our Slack channels at $work that it's still kinda weird to me that the internets are, on average, at least 4x faster (throughput, not latency) on my phone vs my home internet service (bonded DSL).

EDIT: Out of curiosity, I just checked again, first on LTE and then on WiFi:

 LTE: 30ms ping 64mbit/s down 23mbit/s up WiFi: 24ms ping 6mbit/s down 2mbit/s up

4
beamatronic 2 days ago 1 reply      
Mobile networks in a way are seemingly destined to be victims of their own success. I find that no matter what mobile bandwidth I'm getting, I can always use more. For example, considering adding a dedicated hotspot to my existing plan, just for my car. The better it works, the more I want to use it. And by "it", we are talking about a fixed physical infrastructure, otherwise known as a capital investment.
5
toomuchtodo 2 days ago 4 replies      
Excellent timing considering the HN thread [1] about T-Mobile being fined for network management.

"There is no doubt that the US will need to set up the infrastructure to keep pace with the rapid changes in usage and content expected in the future. Like any instance of supply and demand, we will continue to see a give and take in this market. As operators catch up to the current demand and LTE becomes faster, users will opt to use it over others thus creating greater demand, supply scarcity, and decreased performance. At which point the cycle will begin again."

TL;DR Expect more network management in the future due to heavy demand of a constrained resource.

[1] https://news.ycombinator.com/item?id=12745255

6
mjevans 2 days ago 1 reply      
I think that control of content is one of the major reasons for this. If users were more able to readily (and for zero cost to them) cache content when connected to local networks then we would see less content transferred over 'higher cost' networks.

Of course streaming services (I'm thinking more of Twitch than Netflix) for live content production are 'rather difficult to cache' in their prime viewing time.

7
morgante 2 days ago 2 replies      
Anecdotally, I've been incredibly disappointed in LTE speeds for NYC lately. It's almost a joke how slow LTE is. Browsing the web feels like using ancient DSL.

There's definitely a material difference between providers. I'm on Verizon now, but T-Mobile and AT&T were both much better when I had them (and I'll be switching back as soon as I can).

8
iagooar 2 days ago 0 replies      
I work at a quite large telecom company and one of the most repeated topics is that mobile traffic has been doubling every year for the last years. The trend is going to keep growing even more.

The nature of mobile networks is being a shared resource, as opposed to traditional DSL or Fiber which have a generally more dedicated bandwith.

This obviously implies quite a challenge for telcos, as expanding the network comes at a massive cost.

9
frandroid 2 days ago 1 reply      
> With the onset of functionality like 4K video streaming, this number is set to increase to as much as 22GB/month.

Oh god why would anyone want to watch 4K on a cellphone. Go for 60fps instead, you'll get some value out of that on your 5" screen.

10
timmaah 2 days ago 1 reply      
I've noticed it big time in the northeast. I live on the road and work via a Verizon connection. Over the last 6 months over 7 or 8 locations I get a full Verizon signal (with a booster) and very low speeds compared to a year ago. And speeds increasing at off peak times (it's fast in the middle of the night) point to overloaded towers.

I know people love to hate on cell companies but it must be hell to try and keep up with demand that changes so rapidly.

11
zanny 2 days ago 2 replies      
Hey look, another example of why trying to sell the rights to light sucks.

We are going to see AT&T / Verizon / etc go the way of Comcast soon. The cost to improve service will be high enough and the overhead of trying to get more spectrum when they hit physical limits annoying enough and their revenues large enough and the demand insane enough they are going to constantly try to buy each other out than actually invest anything until we have one big corrupt mess like Comcast is for physical wire service.

It seems like the inevitable outcome of having infrastructure services that should be public utilities instead be provided by private companies competing over who can exploit the state to get more unfair advantage, be it land access rights for wire carriers or FCC bribing for spectrum.

12
codazoda 2 days ago 1 reply      
"From early 2015 to early 2016 there was a 56% increase in data usage according to Cisco."

And there you see the problem with data caps (common among mobile carriers but swiftly coming to cable). We have plenty of bandwidth today and are squeezed for more money in a few years.

13
mschuster91 2 days ago 5 replies      
What I don't get is: why can't I as an app developer specify what kind of data transfer rate I need and have the phone choose which connection type it needs depending on the currently running software?

Like, if I'm doing push notifications or IRC, I'd tell the phone that I only need 2G speeds, and the phone only connects to something faster than 2G if I open the web browser.

Right now, my phone books into LTE as soon as it's in coverage mode - and it stays there, eating power like nothing else, instead of dropping into the relatively quiet and strong-signal 2G/3G/HSxPA cells and saving power.

14
givinguflac 2 days ago 1 reply      
I remember getting on VZW LTE reasonably early, with the HTC Thunderbolt (don't even get me started; that device was trash) and I consistently got 60-80Mb down. Now I'm the same location, same carrier, infinitely faster LTE modem, I get maybe 5-10Mb if I'm lucky. Such a shame, could've been transformative.
15
rcthompson 1 day ago 1 reply      
I went to a wedding in upstate New York last weekend, and I on the drive up, there were some areas where I had no 4G (or LTE, or whatever my phone gets), but anywhere that it was available, it was substantially faster than what I'm used to from the densely-populated areas where I spend most of my time. I assume this was because there were simply fewer people sharing approximately the same bandwidth.
16
acdha 1 day ago 0 replies      
Des the actual report cover whether there are any differences across carriers? I know in the 3G era there used to be fairly significant variations for the companies which installed newer base stations without upgrading their back-haul capacity to match.
17
gnicholas 2 days ago 2 replies      
This is an interesting read, but the comparisons to other countries/regions omits any mention of population density. It's much easier to roll out public utilities in dense areas than sparsely populated ones, and western Europe and Korea are more densely populated than the US.

Not that this excuses the big drop in speeds, but it makes the comparative piece a bit less relevant/accurate.

18
renegadesensei 2 days ago 0 replies      
Meanwhile here in Tokyo my mobile data connection is faster than the wifi running off of my 1 Gb/s internet connection...
19
rb808 2 days ago 1 reply      
I switched to tmobile $30 plan a year ago and regularly got 25mbps around Manhattan, now days I get around 10, often 5.
20
roflchoppa 2 days ago 1 reply      
22gb per month expected with 4K? Lawl I was doing ~40gb per month when I first got an iPhone 5s on att. Good times.
21
pmuk 2 days ago 0 replies      
Just did a test on my iPhone 7 showing 4G over EE in the UK... 18 Mbps down / 1 Mbps up
22
bjornsing 2 days ago 0 replies      
I've bet pretty big on this development (and its continuation) by building http://www.anyfinetworks.com. Gonna be very interesting how it plays out! :P
23
samfisher83 2 days ago 0 replies      
Yes the more people that use it slower it goes since people have to share the same bandwidth. However given all the datacaps the faster the speed the faster you hit the datacap so I guess you can look at the positive side.
24
mycall 23 hours ago 0 replies      
So as more people start using LTE, 3G becomes faster?
25
dekhna 1 day ago 0 replies      
It seems that the companies did it right by launching LTE instead of 4G as they could have lost their 4G status
26
jack_quack 2 days ago 1 reply      
Oh yeah! I was visiting NYC from Canada and I kept complaining to my wife that the LTE speeds were so slow in the city. I just couldn't understand it!
27
lightedman 2 days ago 1 reply      
"Network speeds are not what they advertise or what you see in the Bay Area"

So why are the companies in San Francisco not getting sued for false advertising?

28
Osiris 2 days ago 1 reply      
I have Sprint LTE in Denver and the latency and bandwidth are horrible. I often get 1mbps with really high latency.
29
merb 2 days ago 0 replies      
> Verizon has the broadest LTE coverage at 95.3%, followed by T-Mobile with 91.7%.

higher than in Germany, great!

30
CodeSheikh 2 days ago 0 replies      
"Kill the Snapchat"
31
fbreduc 2 days ago 0 replies      
gimme a good ol hard line
9
Most serious Linux privilege-escalation bug ever is under active exploit arstechnica.com
459 points by saidajigumi  1 day ago   192 comments top 19
1
the_duke 1 day ago 4 replies      
Seems to be fixed by this commit (in 4.8.3).

commit 89eeba1594ac641a30b91942961e80fae978f839Author: Linus Torvalds <torvalds@linux-foundation.org>Date: Thu Oct 13 13:07:36 2016 -0700

 mm: remove gup_flags FOLL_WRITE games from __get_user_pages() commit 19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 upstream. This is an ancient bug that was actually attempted to be fixed once (badly) by me eleven years ago in commit 4ceb5db9757a ("Fix get_user_pages() race for write access") but that was then undone due to problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug"). In the meantime, the s390 situation has long been fixed, and we can now fix it by checking the pte_dirty() bit properly (and do it better). The s390 dirty bit was implemented in abf09bed3cce ("s390/mm: implement software dirty bits") which made it into v3.9. Earlier kernels will have to look at the page state itself. Also, the VM has become more scalable, and what used a purely theoretical race back then has become easier to trigger. To fix it, we introduce a new internal FOLL_COW flag to mark the "yes, we already did a COW" rather than play racy games with FOLL_WRITE that is very fundamental, and then use the pte dirty flag to validate that the FOLL_COW flag is still valid.

2
ontoillogical 1 day ago 6 replies      
At Appcanary, we're thinking about opening up our vulnerability database to be browsable and searchable by the public. If you're not sure which version has the patch for this vulnerability in your distro, here's what we know:

Ubuntu - https://appcanary.com/vulns/45984

Debian - https://appcanary.com/vulns/45983

Amazon Linux - https://appcanary.com/vulns/45992

Centos - no patch yet

If you found this useful, please let me know!

3
tptacek 1 day ago 7 replies      
It's probably the most serious Linux local privilege escalation ever.

Look, the Azimuth people have forgotten more about reliable exploit development than I have ever known, but, no, as stated, this is clearly not true. Not long ago, pretty much all local privesc bugs were practically 100% reliable.

What I think they mean to say is that this is unusually reliable for a kernel race.

I still think, though, that the right mental model to have regarding Linux privesc bugs is:

1. If there's a local privesc bug with a published exploit, assume it's 100% reliable.

2. In almost all cases, whether or not there's a known local privesc bug, assume that code execution on your Linux systems equates to privesc; this is doubly true of machines in your prod deployment environment.

4
drieddust 1 day ago 2 replies      
>However that's hard to do when the vast majority of kernel bugs come from vendor drivers, not the upstream Linux kernel, Stoep said.

Doesn't this actually validate Andrew Tannenbaum's argument[1] over 25 years ago when he said monolithic operating systems are inherently insecure and a rethink is required.

[1] https://groups.google.com/forum/m/?fromgroups#!topic/comp.os...

5
escapologybb 14 hours ago 0 replies      
Okay, I have no idea what to do. Not a security engineer, can't follow what this thing does but I do have a couple of VPS's running my blog and a few other things. Now maybe there's an argument that I shouldn't be doing this if I don't completely understand all the ins and outs, but what the hell, I like learning about Linux.

So my question is: is simply updating and upgrading enough to protect me from this MOST DANGEROUS BUG EVER IN THE WORLD OH MY GOD YOU'RE GOING TO END UP PART OF A BOTNET AND HURT LITTLE CHILDREN!!1!!1! Which is how this reads to even a semi-technical reader, I mean I know my way around the command line but I'm at a loss as to what to do here.

Help me out HN please!

6
aexaey 1 day ago 9 replies      

 CVE-2016-5195 This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set. This is achieved by racing the madvise(MADV_DONTNEED) system call while having the page of the executable mmapped in memory.
Excellent example why mounting partition with system binaries (such as /usr) read-only is a good idea. CoreOS does this.

[EDIT] added "read-only"

7
cheiVia0 21 hours ago 1 reply      
Cool, this will be great for rooting Android phones to fix this and other security bugs!
8
saidajigumi 1 day ago 2 replies      
See also the dedicated page for this vulnerability, dubbed Dirty COW (for copy-on-write), aka CVE-2016-5195:

http://dirtycow.ninja/

9
Unklejoe 12 hours ago 0 replies      
Can someone help me better understand how this works, or perhaps point me to a decent article explaining more of the details? Most of the articles I can find just briefly explain the exploit, but not really how it works (in detail).

From looking at the example code, it seems like the general process is:

- Open some (normally un-writable) file as read-only and mmap it in to your process.

- Kick off two threads. One thread to repeatedly write to the same mmap-ed address via /proc/PID/mem and another thread to keep issuing the madvise call.

- Wait for some race condition to be (un)satisfied such that you're able to write to a cached copy of the file.

What I dont fully understand is how the /proc/PID/mem thing works.

Heres what Im curious about:

1. What would happen if you tried to write to the mmap-ed region directly? Since its been mapped in with PROT_READ, does this mean that youll get a segmentation fault or something? From the manpage, it seems like MAP_PRIVATE allows it to be a COW mapping, but I dont see how the combination of PROT_READ and MAP_PRIVATE is even valid. Unless this means that any writes to data copied from the mmap-ed region into other buffers will be COW-ed and that you cant actually write to the mmap-ed region itself? That would make sense to me.

2.How is writing to /proc/PID/mem any different than writing through the mmap-ed region directly? Assume that you werent running the madvice thread. What would happen then if you tried to write to the /proc/PID/mem file? Presumably the same thing that happens if you just tried to write to the file directly

3. Finally, how does the madvice call cause a race condition? I realize this might be a little too much to cover in a comment, but this seems like the meat of it.

10
cm3 1 day ago 1 reply      
Since for any serious bug that's published, there's very likely a dozen private or not-yet-found, and also considering on how many networked devices the linux kernel is used, I would really like to see a better upgrade story for Android devices and any other linux-inside gear which doesn't have a distro package manager to apply the fix. As little as I like obstructing tech companies with more laws, especially since most laws don't understand the tech, I feel like laws are the only pressure we can hope for. This is why the abuse of IoT devices is a good thing. It will highlight how dangerous it is to slap a random linux version in some device and never bother with updates. A fleet of smart tvs needs to be hijacked with a stalker trojan that is then used by people to record and later post online private moments of unsuspecting owners of always standby smart tv, amazon echo networked microphones, etc. It's just how the world works before it realize the risks and does something about it.

As an engineer you can argue and plead with management to not release something that you don't intend to provide timely updates with a well-communicated support time. Like a 2 year warranty that's prominently communicated, this would highlight to consumers that it's unsafe to use the device unless disconnected from the network. Just like a car that doesn't pass your local safety regulations is not allowed into public traffic.

Actually, I'm surprised modern cars do not require periodic zero-expenses-for-the-owner software updates at licensed dealerships. You can explain to a driver that tires go bad because they drove X miles and have to be paid for, but you cannot argue that software updates need to be paid for because from the time they bought it Y days have passed. Take the Samsung battery optimization that went wrong, where the separation layer was a tiny bit too shallow. It's fair to assume some regulation will follow for safety purposes. Similarly, networked devices, which are not (and cannot be?) microcontrollers with mere 500 lines of code, have to be regulated in terms of software updates.

Now you may say the industry will go broke if they're required to provide upgrades, or less devices will be made, but I think this will lead to consolidation of the software stack, which is mostly a good thing, as those who want to produce dozens of cheap IoT devices can do so without hiring kernel developers. It's like other industries where cheap toy makers source materials like plastic from vendors, knowing it's safe, or create the materials following a detailed recipe which is certified.

11
AznHisoka 12 hours ago 0 replies      
I wish someone could explain in simpler terms to us casual users what this means.

If only privileged users can SSH into my server, does this really affect me? In other words, I already allow only SSH users to become root.

12
kordless 1 day ago 2 replies      
Curious that the original commit's hash to fix this was never indexed by Google: https://www.google.com/search?q=f33ea7f404e5&ie=utf-8&oe=utf...
13
Hello71 1 day ago 3 replies      
Doesn't seem like it works on a $10 DigitalOcean droplet (1 vCPU) with grsec-patched 4.4.8. After running for quite some time (which I suspect a system administrator would notice) "cat foo" still outputs the same contents.
14
frederikvs 20 hours ago 3 replies      
The github page [0] states that "The In The Wild exploit relied on using ptrace."Now, I'm wondering what purpose ptrace serves, aside from debuggers? Why don't we just disable this by default on production systems (where you shouldn't be debugging anyhow)?

[0] https://github.com/dirtycow/dirtycow.github.io/wiki/Vulnerab...

15
winter_blue 1 day ago 1 reply      
If one's running an LTS version of Ubuntu like 14.04 or 16.04, can one can expect to get an update with the security patch for this?

I'm running Kubuntu 14.04 with the latest security updates, and I'm still on kernel version 3.13.0-98-generic.

 ~ $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.5 LTS Release: 14.04 Codename: trusty ~ $ uname -a Linux anon-pc 3.13.0-98-generic #145-Ubuntu SMP Sat Oct 8 20:13:07 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
No idea why I haven't gotten an update to 4.x. Should I just switch to a rolling release distro like Arch to have the latest updates of everything?

16
pbhjpbhj 1 day ago 1 reply      
If I'm reading this correctly it works only when there's already access to a user account on the system. So you need to have an existing vulnerability already [eg an untrusted user].

Interesting whether it will give new root exploits for Android as suggested in the comments.

17
100ideas 1 day ago 0 replies      
Go go armlinux Internet of Things bot army!
18
fulafel 22 hours ago 1 reply      
So the escalation is rw access to privileged files, are LXC and Docker container breakouts prevented then? Also does /proc access through lxcfs or Docker's handling of /proc make any difference?
19
ndesaulniers 1 day ago 0 replies      
I've filed a bug against Android Nexus/Pixel kernels. Will take a look tomorrow. I'm sure someone else already beat me to the punch.
10
Why we chose Vue.js gitlab.com
559 points by rmason  1 day ago   256 comments top 53
1
gregmac 23 hours ago 9 replies      
I do very little web these days, mostly working on backend data processing, network I/O and distributed comms.

A bit over a year ago, I wanted a real-time web UI to visualize some of the data I had on server-side, which I was trying to do using SignalR. I went back through some of the popular frameworks, with a pretty simple mindset of "Can I read the 'getting started', and get something basic working in about 15 minutes?".

I ended up choosing Vue, mainly because it used simple objects for models and I could literally just pass stuff I got from SignalR directly into it and have it show up. Almost everything else I tried had some type of wrapper/proxy around the data, which meant you had to run through some mapping exercise to get models working. I was close to deciding on Mithril, but when I found vue it just clicked with me way more. I actually really wanted to do React, but Vue was just so much more approachable that I couldn't justify spending the extra time learning React.

The real test however came months later, when I went to modify and add more functionality to my simple debug UI. I was able to pick it up nearly instantly, and even made some fairly substantial changes.

Contrast to my experience with say, Ember. We have a big app written in Ember, and every time I try to do even what I think should be a simple change (after not touching it for months), it takes me 5 times longer than I thought, and I end up spending most of the time fighting with it before realizing I forgot one of the 5 places you have to modify to reference an additional dependency, or some other equally trivial but infuriating detail.

You can learn the basics of Vue in minutes, and be quite adept within hours of it. That's something not a lot of frameworks can claim, and it's a seriously underrated benefit.

2
anonyfox 21 hours ago 6 replies      
As someone who went through the complete frontend hype-trains (jquery, backbone, angular, ember, react, all in production): Vue.js 2.0 with single file components is exactly what everyone looks for desperately.

- performance: faster than react now

- learning curve: a few hours from scratch

- getting started: cli-tool for initial scaffold & configuration

- components: simple .vue files with a <template/>, <script/> and <style/>. Super easy to get going, no need for JSX

- "official" packages for routing, ajax and state management. No wasting of days for choosing every tiny package for days

- vuex 2.0 is one of the cleanest flux implementation i've seen in the last year

... and much more. Give it a try with the full webpack template of the cli tool!

3
49531 14 hours ago 5 replies      
I actually interviewed with Jacob Schatz when he was trying to figure out which frontend framework to use for GitLab. I had been working in React for the last year or so which was apparent on my resume.

He prefaced our interview with something to the effect of "I know you do a lot of React but we are not going to ever use React at GitLab"

It was weird. I tried to ascertain his reasoning and pretty much all I got was "just because it's popular doesn't mean it's good".

Regardless I think GitLab is an awesome company, I just got the feeling Jacob wanted to use Vue.js because it wasn't the most popular choice. \_()_/

4
kentor 21 hours ago 4 replies      
After using React, I am firmly in the #nevertemplates camp. I don't ever want to learn a template DSL again when I could be using the full power of javascript.
5
linkmotif 14 hours ago 1 reply      
The thing I like about React is that I don't have to think about the DOM. As soon as I see "el: #id" it's basically over for me. I don't want to think about DOM elements, or at least minimize my exposure to them.

And it's not just that I don't like to think about the browser DOM. It's that I don't want my UI coupled to the DOM. Obviously your UI will be coupled to the DOM to some extent, but React minimizes that. What I love about React is not just `react-dom` but also, say, `react-canvas`, or that you can apply the same principles and work with React Native.

But hey, the more software libs to play with and choose from, the merrier! Cheers!

PS. Relay/GraphQL...

6
y0ghur7_xxx 18 hours ago 1 reply      
I am more and more of the opinion that you should NOT use a js framework for long term projects (that span more than a few years), but just use vanilla js with some libraries that you can easily switch when something better comes out.Vue.js is here today, and it is nice, but tomorrow gintzx.js comes out, and the community will be flabbergasted and everyone will use it and vue.js will slowly die.Making big complex webapps with just some libs is absolutely possible. Just choose them wisely and make a good directory structure.
7
agentgt 11 hours ago 1 reply      
A long time ago (7-10 years ago) Web 2.0 was the craze. It was the beginning of making interactive web applications.

There were few major players that were even backed by companies: Dojo, Prototype, GWT, (and like 4 more that I can't remember).

These libraries were complicated and were generally component based with their own flair of inheritance. You could not iteratively enhance your existing web 1.0 app. You had to throw it out and start over again (the markup and all).

Then along came jQuery and I remember distinctly saying to myself this is the library because I can progressively/iteratively add it to our existing crap (circa 2006-10). I still pat myself on the back on being right about that library being successful (I actually forced a previous employer to use jQuery over GWT and Dojo).

Progressive enhancement is a great marketing point so maybe Vue.js will pull a jQuery :)

Personally I want Elm to take off but it doesn't really reuse existing knowledge.

8
greyskull 22 hours ago 5 replies      
There's something that irks me about incorporating logic into templates. UI development is hard enough without having to bounce between js and templates to figure out how a component is actually going to behave. I haven't used Vue or React, so this is all just my gut speaking, but at least with React all the logic is there in front of you.

In my mind, if there's a loop or a conditional or whatever piece of logic that decides what will actually show up, that should happen where the underlying data/models is actually built, and whatever acts as the view just spits it into place.

I'm still a scrub when it comes to web and UI development, so I may be speaking out of inexperience.

Am I missing something?

9
megalomanu 21 hours ago 2 replies      
As a primarly backend dev, I'm very comfortable with React and I don't particularly want to switch to Vue.js. React says me : learn the HTML basics and then deal with abstractions (proof: React Native !). Vue.js says me : deal with HTML templates, everytime, everywhere. Although we even end to deal with HTML in React, I think it's easier for a backend dev with no front experience at all to grasp it. I showed React to a old java dev and he said that React reminded him some java web frameworks like Wicket or JSF. I guess Vue.js would have scared him.
10
Kiro 21 hours ago 5 replies      
Ok, so I've built stuff in Vue.js, React and Angular and I need to understand all the rage. I mean, Vue.js is just like Angular but with less features? I like that it's slimmer, don't get me wrong, but I just don't understand the "woah, Vue.js is the shit!" when we've had Angular for so long.

I put this in contrast to React where it's a completely new concept.

11
wadetandy 14 hours ago 1 reply      
I know that Gitlab is written in pretty traditional Rails' style and takes advantage of turbolinks. Did you run into any difficulties adding a framework that likes to "own the page" like most single page app frameworks do? I've found these can often end up fighting with turbolinks and similar libraries.
12
octref 21 hours ago 2 replies      
To me Vue is a great tool for side projects. In React I found myself struggling to figure out what libs to use and keep myself up to date with them. I also hated configuring webpack. With Vue, I have officially supported libraries like vuex and vue-router which work great with Vue out of the box. vue-cli also allows me to scaffold projects with these libraries very easily.

But the thing I like most about Vue is it allows me, who identifies as a front-end dev or design-coding hybrid, to quickly iterate and build prototypes. Look at the single file component:

 <template> <div id="list"> <li></li> <li></li> </div> </template> <script> export default { // Define your component } </script> <style scoped> #list { list-style: none } </style>
I can quickly edit the template to alter my component's DOM structure, style it with scoped css, and change its dynamic behavior in the script tag. Like the suite of Jade/Coffee/Stylus? Adding a lang attribute to each tag and you are good to go. Awesome stuff.

13
skc 19 hours ago 2 replies      
I hate web dev.

Yet I'm loving the experience of working with VueJS. I think alot of people feel this way. The library is just that simple and straightforward.

14
whataretensors 22 hours ago 0 replies      
Vue-cli is great too. It just works, creates a really well thought out initial project that can build to a single static html/js/css. Or, it can be turned into a typical express app easily. This makes Vue.js combine well with serverless.
15
antarrah 21 hours ago 3 replies      
> He pointed out that when a major software company releases a their secret sauce, there is going to be hype. Devs think to themselves,'That company writes JS differently than me, and they are prominent and successful. Is their way of writing JS better than mine? And therefore must I adopt it?'

Ahaha. No, believe me I'll not. That's ironic coming from GitLab. I mean I love that company but their front-end sucks big time and it's slow as a snail.

16
nodesocket 23 hours ago 4 replies      
I as well gravitate toward Vue.js for its simplicity, but I wonder if React's mind share and community size "trump" simplicity. For example, if you're hiring for a front-end position, you'll probably get more candidates familiar and experts in React over Vue.js.
17
kimshibal 23 hours ago 1 reply      
Vue.js is the most beginner friendly to write a complex web application.
18
techbubble 23 hours ago 0 replies      
Vue.js seems like a great fit between the DOM manipulation of jQuery and the opinionated approach of AngularJS. Thanks for sharing. Going to experiment with Vue.js right away.
19
Abundnce10 10 hours ago 0 replies      
I'm in the process of learning React, so I don't have any strong opinions of my own yet. I've read through the Vue.js "Getting Started" docs and it does look very intuitive/simply. However, what motivates me to learn React is the fact that I can build an app once and then use React Native to create an iOS and Android app. I'm assuming this isn't a requirement for Jacob and the Gitlab team but I'm wondering if his decision would be the same if he had to support native apps as well?
20
pjungwir 21 hours ago 1 reply      
Can anyone compare Vue with Knockout? In the early days of Angular etc I saw a lot of people saying they chose Knockout, and were much happier than with one of the heavier frameworks. I found its simplicity very appealing too, but it seems clear now that it's not a mainstream choice. It feels to me like a dead end. The last time I looked (a year ago?) the semi-official data mapping extension had lost its maintainer. So is Vue another shot at the same approach? What are the important differences?
21
ausjke 15 hours ago 1 reply      
Same here, using Vuejs, glad more people are using it.

It's amazing that a one-person-project(well, it's more than one person now but the core part is really just one guy) can develop such a beautiful system that actually feel better than angular2 and reactjs and who knows how many are behind those two projects.

22
stop1234 21 hours ago 0 replies      
So true:

' I talk to a lot of JavaScript devs and I find it really interesting that the ones who spend the most time in Angular tend to not know JavaScript nearly as well. I don't want that to be me or our devs. Why should we write "not JavaScript?" '

23
jbrooksuk 19 hours ago 0 replies      
Side-project wise, we use Vue on StyleCI (https://styleci.io) and over the next few months we'll also be using it on Cachet (https://cachethq.io).

My experience started at work where we used it on an internal project. The ease of use was insane, we had something reactive and easy to work on in no more than 10 minutes. React has always had too big of a learning curve for us, so it'd have been a vanilla JS/jQuery mess if we hadn't found Vue.

We're now using it on almost any project we start (they're all very UI driven).

I met Evan You at Laracon earlier in the year, he's an awesome dude and has put a lot of thought into everything Vue. Thanks again for making Vue! :)

24
aarpmcgee 23 hours ago 2 replies      
Are any companies switching from React to Vue? I'd be interested in hearing about that.
25
asymmetric 21 hours ago 0 replies      
> I'd say Vue.js is like socialism: you are in definitely in charge, but Vue.js is always within reach, a sturdy, but flexible safety net ready

I think he means social democracy

26
sjnsjn 21 hours ago 0 replies      
It (v2) is quite fast too http://www.stefankrause.net/wp/?p=316
27
mhd 20 hours ago 1 reply      
Just pick something, internet and build a good structure on top of it. All this jquery-level bikeshedding is nice for your ad widgets and minimalistic web apps, but it won't help me replace proper GUI toolkits. And sadly, that seems to be in demand...

I'll cope with your ill-designed template language (heck, if I can cope with HTML, I can cope with anything) or your JS async abstraction du jour (promises, async await, that * crap), just give me something on the level of Tk or Swing. I feel like all we got in the last decade beyond e.g. Seaside is a bit less flicker and some more useless animations (looking at you, Material Design buttons).

28
esafwan 16 hours ago 0 replies      
I had a look at Vue after a long time and then weex a react native alternative using Vue.js instead of Reactjs. Backed by Alibaba and actively developed it looked really good. But a look at issues made me a bit afraid to use it. The primary language used for discussion, suggestions etc is chinese. Documentation however is available in english.

https://alibaba.github.io/weex/

29
thex10 14 hours ago 0 replies      
Fun fact: There's a Vue-based HN clone: https://vue-hn.now.sh/top

I just realized that it's more dynamic than I thought when I saw two stories switch positions on the page. How cool!

30
teniutza 18 hours ago 1 reply      
The company I work for has an app built with Angular 1.x (the backend is .NET). We started sensing that Angular was not best choice, especially when working with 3rd party components. There are other factors to, but they have been already mentioned in other comments. Long story short, we had enough of wrapping everything in $timeout and started looking at alternatives.

After some consideration, we were left with choosing between Vue.js and React. Coming from Angular the biggest plus was two-way-binding, Vue.js had a slight advantage. We then converted a "module" (not in JS jargon) using both frameworks.

In our experience, when switching from Angular 1.x to Vue.js, there's a sense of not changing much (we were still "declaring" logic in the templates) but nonetheless doing things better, simpler and faster. The React version needed a bit more time investment (we had no prior experience in our team; a colleague from another project helped us a bit by showing us how he implemented a project using React). In the end we chose React due to the wonderful combination between it and TypeScript. We suddenly had no more string templates and refactoring was a breeze (there are, of course other benefits as well).

What I'm trying to say is that, if you have Angular 1.x experience it's easier to switch Vue. I had fun porting the "module" to Vue and would have happily worked with it if the team had not chosen React. I consider "mixins" to be one of its killer features (would have made a lot of things easier with our app). Having said that, I don't consider React that hard to grasp and don't regret that the team picket it over Vue. As long as you remember the lifecycle, programming with it can be fun and easy. The React/TypeScript combination compensates for the lack of mixins and two-way-binding (I know, MobX, but I'm talking about the "vanilla" versions).

31
tribby 20 hours ago 1 reply      
vue is awesome.

I wish there were an equivalent to something like ember-fastboot for out-of-the-box server side rendering, though. (server-side rendering for those who care about progressive enhancement in the browser, not isomorphism).

32
adamnemecek 14 hours ago 0 replies      
These discussions almost never mention cycle.js. I haven't done front end in a couple of years but whenever I read something from the author of the framework, I'm pretty impressed and the choices they made seem very promising.
33
jeppebemad 11 hours ago 0 replies      
We _just_ started using React, primarily for it's server side rendering support in .NET with Reactjs.net. Works really well and the React mindset feels great.

Coming from Angular 1 though, Vue has a lot of appeal. Is there any support for SSR in .Net, or anything in the pipeline? I've not been able to find anything.

34
WA 16 hours ago 2 replies      
I tried Vue.js a few months ago and liked it a lot. But now, I need to rewrite my apps and I decided to go the Cordova road with Ionic 2, because Ionic 2 is, imho, unparalleled in its quality.

Ionic 2 uses Angular 2 and I wished there was some Ionic 2 + Vue.js bindings. However, after working with it for a bit, I found that Angular 2 is actually quite simple with the benefit of using TypeScript out of the box.

Before you dismiss Angular 2, give it a try. It's fundamentally different from Angular 1: easier to learn, less complex, faster results.

35
flukus 21 hours ago 1 reply      
Is there anyone that's used Vue and knockout that would like to share the strengths/weaknesses of each? The both seem quite similar so I'd like to know if I missing out on anything by not switching.
36
jordache 13 hours ago 0 replies      
Is there a normalized performance suite that compares the popular front-end frameworks?

I understand if performance is of utter most importance, you may not want to use a framework layer. However there are tons of other benefits associated with using a framework.

37
cmpb 23 hours ago 1 reply      
My team and I are considering switching from Knockout.js to Vue.js. Has anyone here made that (or a similar) transition and do you know of some pros / cons, battle stories, etc.?
38
whatnotests 23 hours ago 0 replies      
It's great to hear a success story. Kudos to the GitLab team.
39
wasd 22 hours ago 1 reply      
It would nice if they shared the 30 -> 1 line change.
40
BinaryIdiot 22 hours ago 1 reply      
How does Vue.js handle high latency issues? With Angular 1.x I've always had issues where the GUI will "flash" while the HTML is loading and the angular.js has not yet finished loading on a slow connection (so you might briefly see all of these {{message1}} {{message2}} etc on the page). I'm curious how Vue.js handles that case or if it has the same problem.
41
haalcion3 17 hours ago 1 reply      
I'd like to discuss the following comparison in: https://vuejs.org/guide/comparison.html#Angular-2

> Vue 2.0 seems to be ahead of Angular 2 according to this 3rd party benchmark. ( http://stefankrause.net/js-frameworks-benchmark4/webdriver-t... )

The latest benchmark provided is actually:

https://rawgit.com/krausest/js-framework-benchmark/master/we...

But, Angular 2 is v2.1.1 now, released 2016-10-20. Someone should update: https://github.com/krausest/js-framework-benchmark

However, as they say, "In terms of performance, both frameworks are exceptionally fast and there isnt enough data from real world use cases to make a verdict."

And Angular 2 Hello World is easier than they make it seem in the comparison:

> starts out with an app that uses ES2015 JavaScript, NPM with 18 dependencies, 4 files, and over 3,000 words to explain it all - just to say Hello World.

It's just the following with a lot of documentation that could be simplified:

 mkdir angular-quickstart (add package.json) npm install mkdir app (add app.component.js) (add app/app.module.js) (add app/main.js) cd .. (add index.html) (add styles.css - optional step) npm start
Also, it makes the case that Angular2 is "enterprise" because many use TypeScript with it. But, TypeScript is optional in both Vue and Angular2, so people could just as easily make the argument that Vue is "enterprise" because it supports TypeScript.

Finally, it's true that Google uses/develops Angular2, so that's some significant backing. If you want to see who's using Vue:

https://github.com/vuejs/awesome-vue#projects-using-vuejs

That doesn't mean anything on its own, though. It could be just fine to use and expect to continue to be hyped.

42
dodyg 16 hours ago 0 replies      
I like Vue. I am using Ractive.js at work. They are both quite similar in terms of their prioritization of ease of use and performance.
43
asb 19 hours ago 0 replies      
Has anyone had any experience with vue.js + Dart?
44
lucaspottersky 15 hours ago 0 replies      
Why? because you're a bunch of hipsters that can't stick to the mainstream technologies =)

As an opensource project, it'd be easier to get contributors if you could just stick with Angular.js, for example.

45
breerly 21 hours ago 0 replies      
Not a single link to Vue.js
46
nidu 21 hours ago 2 replies      
I suppose Vue.js is not very TypeScript friendly?
47
iamleppert 10 hours ago 0 replies      
Why is it that the first instinct of some developers is to go out and 'choose' a framework? Even before you know the thing you're building is going to be around for awhile, people automatically think they need a framework to do anything these days.

Does it feel good to let someone else make critical decisions for you, instead of thinking for yourself? Can all projects really be distilled down into some javascript framework?

The benefits of using a framework these days are rapidly evaporating as what is trendy today likely won't be in a few years anyways. And the truth is after so many months or years or commits, the benefits of structure of the framework start to fade away as the application becomes more customized and bespoke. All the complexity is in the actual application functionality, not the tiny little savings and poor abstractions that a come with a framework.

I've worked for large tech companies and small alike. It all goes the same way. Some developer who is super opinionated and passionate props up their framework of choice, or does some kind of perfunctory analysis of the "current best" of whatever is available at the time and the rest of the other more submissive developers go along with him. It has more to do with group dynamics than has to do with actual technical merit, or what is best for the product or business.

Then, once the system has become a ball of mud, the "lead" guy leaves. Or he proudly exclaims there's a new hotness in town, and that we need to rewrite our application in this new thing because it's faster, or better, or you get to type less. Or some other such bullshit. He'll then go to give demo's of how fast you can make a simple app that has nothing to do with anything -- like a simple TODO list -- "look how fast it renders!" he'll exclaim (of course forgetting to tell everyone the first page load or stale cache hit is actually worse).

I personally hate giving up the freedom of what abstractions I get to decide on, how to structure my code, how to organize my API's, etc. for a supposed one size fits all solution created by someone I've never even met or talked to, and for code that I haven't reviewed.

If it's a library that's doing something useful and providing a great API, like some 3D graphics, drawing primitives, ML, database engine, etc. that's a different story. That is useful software that actually does stuff. But for "rendering" (I say that lightly because the browser does the rendering and layout, a framework merely is a middle-man) forms and buttons and keeping state of an application? Or telling you how and where to put source files, and name things? That's your job as a developer to come up with these conventions and to build an application that is 1:1 with the problem domain.

48
spankalee 19 hours ago 0 replies      
It's really a shame that Vue doesn't use standards like custom elements.
49
baybal2 14 hours ago 0 replies      
>Why we chose Vue.js

Why?

50
thecrow1213 15 hours ago 0 replies      
No comparison to React... Yawn.
51
ilostmykeys 21 hours ago 0 replies      
Building something fast is a radically different proposition than being able to maintain it with ease. React is mostly aimed at the latter while VueJS at the former. There is no comparison.
52
smegel 22 hours ago 2 replies      
Oh man, I just started learning React... https://vuejs.org/guide/comparison.html
53
fetbaffe 23 hours ago 1 reply      
11
Google Has Dropped Ban on Personally Identifiable Web Tracking propublica.org
470 points by scribu  15 hours ago   259 comments top 36
1
omouse 13 hours ago 14 replies      
The marketers and advertisers have finally won. Google hasn't been an engineering company for the last 5 years maybe, but this confirms it. It's like Facebook, they're beholden to the non-developers and non-software engineers who frankly don't care about other people's privacy and only see the dollar bills.

So glad I'm evaluating other email providers and use Privoxy for ad-blocking.

2
0xmohit 14 hours ago 3 replies      
Earlier:

 We will not combine DoubleClick cookie information with your personally identifiable information unless we have your opt-in consent.
Now:

 Depending on your account settings, your activity on other sites and apps may be associated with your personal information in order to improve Google's services and the ads delivered by Google.
So opt-in becomes opt-out.

3
atrilumen 14 hours ago 8 replies      
> Some new features for your Google account.

Oh, yeah, I remember that. I totally clicked "Ok, whatever."

How does one not be herded like cattle by the corporations, without making a full time job of resisting it?

4
whistlerbrk 13 hours ago 2 replies      
A recent podcast (TAL? Radiolab?) just discussed the retreats Google has made over time with respect to privacy and intrusive advertising. I tried to find it - someone have a link? This very much continues the theme. It is important to note how much Sergey and Larry hated advertising and the belief they held that any advertising based search engine would inherently corrupt itself.
5
agentgt 12 hours ago 8 replies      
I'm curious what bothers people most about the privacy issues?

Strangely I don't care that Google (and others) know about me. I probably should but I have just sorted have accepted the lack of privacy today.

What really bothers me isn't the privacy its them using that data to create a completely unfair advantage to continue the oligopoly that is quickly consuming all markets.

I used to be such a capitalist but as of the last few years watching what companies will continue to do to not just grow but grow exponentially with unfair and unethical leverage in every direction.

I'm curious if others share that feeling or is that just me. Or is it just invasion of privacy?

6
mikeleeorg 7 hours ago 0 replies      
For people who didn't read the article but want to opt out of this tracking:

To opt-out of Googles identified tracking, visit the Activity controls on Googles My Account page, and uncheck the box next to Include Chrome browsing history and activity from websites and apps that use Google services." You can also delete past activity from your account.

Links from that paragraph:

* Activity controls: https://myaccount.google.com/activitycontrols

* My account page: https://myaccount.google.com/

* Delete past activity: https://support.google.com/websearch/answer/465

7
fencepost 12 hours ago 2 replies      
Looking at the My Activity details is actually pretty creepy. Starting today working backwards, Google includes "Used Phone," "Used [my launcher]," "contacted [messaging site]," "Used [alarm clock app]," several overnight repeats of the messaging site when I received alerts, my Chrome-based website visits from yesterday, my foray into Android Settings yesterday, etc.

It all serves to make me happy that I'm using Firefox with uMatrix as my daily driver, and only use Chrome (with uBlock Origin) for the rare things that I can't get to load properly because of all the cross-site dependencies.

8
rdslw 14 hours ago 3 replies      
Cool.

Yes they deliberatly block chrome extension on mobile chrome, as then ublock usage on mobile would explode. Together with myth of mobile ads.

Do not evil. Riiiight. As long as it does not hamper our profit.

9
urda 7 hours ago 1 reply      
This is yet another reminder that it's important, especially for HN readers, to continue to give support to groups such as Mozilla and their Firefox platform. The more widespread Google and Chrome usage is, the more Google can push these changes with little to no resistance.
10
rmc 12 hours ago 0 replies      
This is why we need the Charter of Fundamental Rights of the European Union. Article 8 covers personal data, and can blocks things like this.
11
betolink 11 hours ago 0 replies      
Just to give you and idea of how big of a deal this is, go to https://myactivity.google.com/myactivity and check what third parties could learn from you, with your name on it.
12
feelix 6 hours ago 3 replies      
I use google and have chosen to give up a lot of my privacy to use their services.

One thing I was never willing to do though, and I had an instant emotional reaction to not doing, was allowing them access to all my email.

They can have my GPS coordinates at all times, my web search history, etc, but they can't get into the inner workings of my life and my thoughts.

So back before I had any real use for it I just registered myname@myfirstandlastname.com and used that for my email address. It felt like a natural move. It does bother me still that a lot of the people I email do use gmail, so google still ends up siphoning of a lot of the contents of my email.

I see a lot of people talking about FastMail instead of GMail, but I don't know why more geeks don't register their own domain name which has several advantages (including looking better and more professional). The one downside is that mail search sucks. I'd love to get some decent search without giving up privacy somehow.

13
solveforall 11 hours ago 1 reply      
[Disclaimer: shameless plug, and also previously announced as a Show HN a while back]

I would like to mention my search engine as another privacy-focused alternative: https://solveforall.com/

1) Does not track user activity. Hosted in Canada.2) Does not leak referrer to visited sites3) No ads. Will be considering affiliate links, a paid API,and/or "good" ads -- ads people want that don't compromise privacy4) Integrated feed reader which also provides search results5) Activation codes (like DDG bangs, so ?g instead of !g)5) Plugins written in JS/data to be searched can be added at any time.6) Deep search -- get results from the search results page of several sites at a time. Try https://solveforall.com/answers.do?q=rx+480&client.kind=web&...

There clearly a lot more work to be done, and I plan on open sourcing this soon, but please try it out and let me know any feedback you have!

14
barnassey 10 hours ago 1 reply      
More and more changes that do not bode well for google, first they changed it to where they can track what numbers you dial, then they tried that with your google chrome history and tabs if you synced it to your account and now this? People wondered why i stopped being a google evangelist after 2014.
15
gjolund 5 hours ago 2 replies      
What are the best alternative email services with a privacy focus?
16
Animats 9 hours ago 0 replies      
Log out of Google. Now. And delete all their cookies. Consider deleting your Google account. Put your mail on an IMAP server. Your ISP probably offers one.

(I don't use a Google account. My last login to Google was in 2015, and that was to update a browser add-on.)

17
eveningcoffee 13 hours ago 1 reply      
Like I have told under other similar discussions. Something in ToS has no relevance if data is collected. If data is collected then it will eventually be used (against you).
18
ams6110 11 hours ago 0 replies      
I've already stopped using Chrome on my computers and phone. Getting pretty close to dropping them into my hosts file.
19
awqrre 5 hours ago 0 replies      
You have to be logged-in for the opt-out to be effective... so now they know exactly who you are...
20
yuhong 10 hours ago 0 replies      
Also recommend that you read https://plus.google.com/104092656004159577193/posts/Bo88vgre... , particularly the comments.
21
CommanderData 13 hours ago 1 reply      
Is it enough to install adblock on the router level? This would in theory block all domains tracking and serving adverts.
22
pinewurst 13 hours ago 1 reply      
Isn't Google moving aggressively to fingerprint-based browser tracking instead of cookies?
23
dredmorbius 14 hours ago 1 reply      
I'd just like to draw people's attention to a little bit of conflict-of-interest research some Stanford University researchers published a few years ago:

Currently, the predominant business model for commercial search engines is advertising. The goals of the advertising business model do not always correspond to providing quality search to users. For example, in our prototype search engine one of the top results for cellular phone is "The Effect of Cellular Phone Use Upon Driver Attention", a study which explains in great detail the distractions and risk associated with conversing on a cell phone while driving. This search result came up first because of its high importance as judged by the PageRank algorithm, an approximation of citation importance on the web [Page, 98]. It is clear that a search engine which was taking money for showing cellular phone ads would have difficulty justifying the page that our system returned to its paying advertisers. For this type of reason and historical experience with other media [Bagdikian 83], we expect that advertising funded search engines will be inherently biased towards the advertisers and away from the needs of the consumers.

http://infolab.stanford.edu/~backrub/google.html

24
yason 7 hours ago 0 replies      
I sometimes wonder if why it is generally held that marketing sucks and advertisements are evil because they're so random, badly targeted and thus crappy.

I basically wouldn't mind seeing advertisements if they were relevant and spot on. And that probably hasn't been possible until all that big data is cross-indexed with user identities.

It may be that ads are considered bad because good ads happen once in a thousand.

25
JumpCrisscross 7 hours ago 0 replies      
Does this apply to paid accounts', e.g. businesses', data?
26
yuhong 13 hours ago 1 reply      
https://news.ycombinator.com/item?id=12483805

I was trying to figure out what was happening.

27
forgotpwtomain 11 hours ago 0 replies      
> If you want to permanently opt out of the DoubleClick cookie, you can install the DoubleClick opt out extension.
28
a3n 11 hours ago 0 replies      
Don't be evil. Not all at once.
29
mtgx 14 hours ago 1 reply      
Google seems no better than Facebook when it comes to privacy, and I'm not just talking about how far they're willing to go in tracking users, but also how they are willing to lie and violate their users' trust so they can collect more data.

Facebook is now getting into trouble in the EU for breaking their promise about not sharing WhatsApp data, and yet Google still goes ahead and does this. I hope the European Commission adds this as one more charge against Google.

Without real enforcement the companies will continue to do whatever the hell they want.

30
c_r_w 9 hours ago 0 replies      
That's weird. I guess they like making money.
31
rahrahrah 13 hours ago 1 reply      
That diff in the article, does anyone know where it comes from?
32
philprx 10 hours ago 0 replies      
Bait and switch?
33
vonklaus 13 hours ago 1 reply      
I expect google will experience outages >15 minutes for core services in the comung months. This is based on significant uptick in ddos sophistication, this has been referenced by Schneier-- although not in ref to Goog.

If changes like this announcement convince people to move away; I am all for it. This just proves not only their power, but the danger of a single point of failure.

34
throw2016 14 hours ago 1 reply      
I think duckduckgo often becomes an alternative that isn't an alternative, in the sense yes its there, you are frustrated with Google's behavior and you persist for a whole day and then have to revert back to Google with tail behind legs so it's more of an alternative in name.

With the sheer scope of Google properties there is always going to be a tempation for 'value searchers' within the organization to give in to dark patterns and compromise users. I have been trying Yandex search and email and its fairly decent. Email is good, search appears to be a much more serious offering compared to duckduckgo but still some way to go.

However we need diversity and decentralization to prevent concentration and inevitable abuse of power.

35
RodericDay 13 hours ago 0 replies      
When I read announcements like these I actually get a bit hopeful. These companies seem somewhat scared, and their funding bases more fragile than they let on.
36
ommunist 12 hours ago 0 replies      
As for now, there is no viable alternative to Google. There is no distributed, free independent search engine that provides such quality relevant search results as Google, and is caring for users privacy.

I do not think either it is financially possible to run such a thing, without someone's vested interest in metadata behind such possible endeavour. There is silent demand for such an effort however.

UPD: I know about DuckDuckGo, but look: https://www.netmarketshare.com/search-engine-market-share.as...

12
Tesla released video of a car driving itself tesla.com
471 points by c54  1 day ago   10 comments top 4
1
sctb 1 day ago 1 reply      
2
t0mbstone 1 day ago 0 replies      
Can we please leave the comments here? I just want to see what people have to say about what I saw in the video...
3
falcolas 1 day ago 2 replies      
I want to be optimistic, I really do.

Winter is here, however, I'm looking forward to roads covered with snow, slush, ice, and animals. I'm looking forward to winds in excess of 30mph driving snow across the highway, limiting visibility to a hundred feet or so. I'm looking forward to inexperienced folks driving on ice and snow and being a good 20mph below the rest of the traffic.

People can barely handle these roads (a two day snow storm last week put dozens of cars and semis in the ditch); I'm not sure how a Tesla will handle them. What will it look for when there are no lines on the road to be seen? How will it know the difference between slush, powdered snow, and plowed snow (which is only slightly less hard than a concrete barrier)?

I'm sure the answer is currently "don't allow automatic driving", but these kinds of conditions can reign over half the year in the mid-west; what value is a self driving car which can't half the time?

4
ChuckMcM 1 day ago 0 replies      
Great demo. Curious if there were outtakes. It occurred to me when it parked itself that cars will probably want to distinguish subtle differences in parking spaces (like handicapped, loading, etc.)
13
Angular 1.x Banned from Firefox Addons github.com
380 points by secmax  1 day ago   207 comments top 29
1
dancek 1 day ago 7 replies      
Many commenters here seem to be completely misunderstanding the situation.

Browser extensions are really dangerous; if you need to keep your machine secure, you shouldn't use any IMHO. By definition, browser extensions need to be able to access things such as page content. What would stop someone from writing a extension that captures your bank credentials? Nothing.

Obviously no security-conscious user is going to install a bank credential stealing extension. But what about bugs in extensions? If a buggy extension can be made to execute arbitrary code, it is as dangerous as a malicious extension (if the arbitrary code execution works in the same circumstances).

Angular 1.x basically runs eval on DOM content. That's how it works, it's not a vulnerability in normal use. You make a web page using Angular, and possibly the user has a way to eval arbitrary JS code through Angular, but then they have the developer console so they can run arbitrary code anyway.

With browser extensions it's different. The extension is from one source and runs with one set of privileges, and the page comes from someone else and has less privileges. Now if anything from the page can be eval'd in the extension, that's privilege escalation. Someone creating a site can run malicious content as a browser extension.

It's probably possible to sanitize all external inputs used in the browser extension such that privilege escalation isn't possible, but the Angular team has tried hard with their sandbox solution with no success. Extension developers will hardly do much better, so it makes sense for Mozilla to ban the whole library.

Angular wasn't designed for browser extensions.

WRT the security researcher and Mozilla not disclosing other known sandbox vulnerabilities, that's missing the point (but an interesting discussion in itself).

2
TheRealPomax 1 day ago 4 replies      
Note that the Angular team is working with Mozilla and the researcher on this (see https://github.com/mozilla/addons-linter/issues/1000#issueco...) and that NDAs are a real, if insane, thing still to this day, and there is literally no way to legally compel any party to admit to being under NDA except in a court of law.

Should the researcher have told the Angular team? Yes. Should they have told the entire world? Probably no. Should Mozilla tell the world? Probably even less no. As long as the parties are talking (which they are), this is an unfinished security review on lock-down to prevent exploitation in the interrim.

3
DannyBee 1 day ago 2 replies      
So, there's so many problems with this i don't know where to begin. Since folks have already noted the "not notifying google" issue, let me point out another:

Prior to banning, i can find literally no discussion or details about this being about to happen (IE no notice), pretty much ever.

You can see it was initially noted here:https://github.com/mozilla/addons-linter/commit/86f4dfb44355...

I can find no discussion around it (maybe it's there but i'm missing it? I looked in a lot of places).

You can see it fixed an issue to "warn third party developers of things we banned/don't advise", but there's nothing about initially banning anything there, and it was added with an initial ban list containing angular. I would have expected a page added, then a ban discussed, then a ban added. or something.

In fact, the details of the ban changed (https://github.com/mozilla/addons-linter/commit/2dcc2226e2ec...) repeatedly without notice either.

This seems really bad. I would have expected, at the very least, a heads up to extension developers or something or even a more public notice when it happened so that some discussion could be had about it.

Instead, it looks like the only way you would have found out about it is by trying to lint an extension and see it banned(IE after you developed it), or somehow random browsing of doc pages mozilla has.

4
Animats 1 day ago 1 reply      
Using big external libraries in Firefox add-ons used to be totally prohibited. Jquery used to be prohibited outright. It's an undesirable practice. Add-ons operate at a higher privilege level than web pages. The low-quality webcrap that can be tolerated on a web page has no place in a privileged add-on.
5
phs2501 1 day ago 5 replies      
So someone found some sort of vulnerability in Angular 1, told Mozilla about it, but told them not to tell the Angular team?

What is going on here?

6
encoderer 1 day ago 2 replies      
Bitwarden is a password manager? And their engineer is asking, after being told a hint of serious security issues in their framework, to just forget about it and let them publish?

That's an interesting approach.

7
ggregoire 1 day ago 2 replies      
The banned version is the 1.5.8. Could the following announce be related?

Angular 1.6 - Expression Sandbox Removal: https://angularjs.blogspot.mx/2016/09/angular-16-expression-...

8
gima 1 day ago 2 replies      
Ugh, this kind of thing gets my blood boiling. It was clearly said that _a security researcher_ disallowed Mozilla from reporting the vulnerability forward. It's the individual to blame, not Mozilla.

In any case Personally I wouldn't want to run a large priviledged application as a browser extension when it's interacting with random webpages AND handling my security credentials. Too much attack surface.

9
smrtinsert 1 day ago 3 replies      
> My information is that Google stopped supporting angular 1.x months ago. It is now a community driven project.

I totally missed this - was there a notice of this posted somewhere?

10
laurent123456 1 day ago 2 replies      
That doesn't make much sense. If there's a vulnerability in Angular, doesn't it mean that there's a vulnerability in the JS engine that runs the Firefox addons? And in that case, can't an attacker replicates whatever Angular is doing to make an exploit? Basically it sounds like it's something for Mozilla to fix, not the Angular team.
11
hannob 1 day ago 1 reply      
I'm not sure if this is the same case, but I assume it is: if you're wondering why the researcher doesn't want to share the vuln listen to this talk:https://www.youtube.com/watch?v=U4e0Remq1WQ

Roughly at 41:30 he explains why he doesn't want to disclose the vuln. The tl;dr is he thinks the sandbox is broken beyond repair and whatever fix they come up he can create another bypass for the sandbox. But he doesn't want to do this all the time and he needs his vuln as a poc to show to customers if they abuse the sandbox.

12
angry-hacker 1 day ago 2 replies      
Can someone explain me:

If angular can do it, so can just plain javascript? Then it's a problem with their extension architecture?

As much as I hate bundling big libraries everywhere, why ban angular?

Also, is it possible the researcher wants to get money from Google and didn't want the vulnerability to be shared?

13
yc-kraln 1 day ago 1 reply      
"we were not able to report them to angular as the security researcher who found them asked us to not share them."

Nice.

14
xxkylexx 1 day ago 0 replies      
Angular and Firefox teams are working to resolve the issue. The issue is not related to sandbox ... see https://github.com/mozilla/addons-linter/issues/1000#issueco...
15
pfooti 1 day ago 1 reply      
Let me make sure I understand this. This vulnerability is basically because the addon authors are using angular to parse webpages, and therefore because they don't have control over the DOM elements angular is being used on, they're vulnerable to all the xss escapes in [0], right?

Because as far as I can tell, all of the escapes in [0] require the attacker to write to the DOM being evaluated by the angular engine. Normally this isn't a big deal, because the developer controls the DOM. In more pedestrian situations, if you've got a wiki, cms, forum, or other situation where untrusted people are creating content, you can't give those content creators the ability to write to parts of the DOM where an xss abuse might happen, and if you do it is pretty much your fault anyway (angular isn't really to blame here, because if you're letting users write to the DOM directly you've got trust issues).

The mozilla situation is particularly problematic because the mozilla addon runs its javascript context in some elvated privilege mode, and normally that javascript just manipulates the DOM directly to generate addon-specific UI (like password fill helpers, for example). But because that angular is being run on a DOM outside of the control of the addon authors, it's also subject to all kinds of XSS escapes.

I get that, it's fair. Seems like, though, this isn't really an angularjs issue specifically. It feels like this is a broad problem with the security model for browser addons. Like: replace angular with some other view library that you rolled yourself and it could still have all kinds of issues.

Basically anything that uses the DOM to store state (instead of a one-way state -> dom transformation) is subject to manipulation by malicious DOM injections, be they from forum posters or creators of pages that will be visited by plugin users. So, again: I see why angular1 has issues here. But this is a much bigger security hole, honestly. I don't think the javascript runtime for plugins should expose anything to the js running on the page, but that's a lot more complicated, since the plugin runtime is almost always really interested in spidering the page DOM and altering it by responding to the state of that DOM.

0:http://www.slideshare.net/x00mario/an-abusive-relationship-w...

16
BHSPitMonkey 1 day ago 2 replies      
If there is some permutation of JavaScript statements (library or otherwise) that displays a security vulnerability for the user, isn't that the browser's fault and not the application's? And isn't library detection just a hacky substitute for an actual fix of said fault?
17
secmax 1 day ago 0 replies      
I am really worried about the security implications for addons like bitwarden, if mozilla is right about this. I hope that competent people will take a close look.
18
jmcdiesel 1 day ago 1 reply      
Isn't any "vulnerability" in a JS framework a vulnerability in the browser's own handling of securing it? Like, there is nothing angular is doing that someone else couldn't do, intentionally, to create said issue, right? Wouldn't the correct handling of this to be to secure the damned interpreter thats running the code to prevent it from having the effect they are trying to mitigate?

This feels like a lazy shifting of blame

19
adrin2 1 day ago 1 reply      
Uhm, wait what? Firefox extensions can execute literal code from visited a website? To me that sounds like the root cause of the problem and a glaring security hole - either the website has to be sanitized/projected into a harmless dom abstraction or extensions shouldn't be able to use any kind of dynamic evals.

Sure angular may be vulnerable by default but good luck thinking that all other extensions out there are safe and not using evals at any point.

20
supersan 1 day ago 1 reply      
Angular 1.x is still quite being actively developed and it will be many years before it will become unsupported. I'm sure if they report the vulnerability it would be fixed instantly seeing the amount of activity on github.
21
esafwan 1 day ago 1 reply      
That suddenly makes Angular look scary for some clients. vulnerability that is known to an entity/entities but unknown to the Angular developers or contributors....
22
draw_down 1 day ago 0 replies      
If they had let this through and people got owned because of it people would be screaming at Mozilla. Damned if they do...
23
mschuster91 1 day ago 3 replies      
What is justifying this?

If the vulnerable part is in Angular, there's a 100% chance that someone can write code in plain JS that is vulnerable to the same attack. E.g. if there was something in the hashbang-url-router that would lead to eval'ing the code in the hash (which I just made up, but would describe such a class of vulnerability). This means it's pointless to ban Angular.

If something Angular does triggers an issue in the Firefox JS engine, it is Firefox that should be fixed, instead of allowing essentially a 0day exploit to be alive.

24
cfvergara 1 day ago 1 reply      
Why not use Google Caja instead of a separate sandbox?
25
nathancahill 1 day ago 1 reply      
Title should by "Angular 1.x Banned from Firefox Addons"
26
water42 1 day ago 4 replies      
27
andrewvijay 1 day ago 0 replies      
Thats some solid hate right there. Not expected from Mozilla at all!
28
viach 1 day ago 0 replies      
Nice extension marketing
29
buremba 1 day ago 0 replies      
This thing makes me believe that we should not use any OSS project which released by a big companies such as Google and Microsoft. Even if they don't say that they're dropping support, when they start to work on another project, it won't be a community-driven project and slowly die.
14
Deep learning papers reading roadmap github.com
374 points by kevindeasis  1 day ago   20 comments top 8
1
leblancfg 14 hours ago 1 reply      
# This downloads all the links in that page

# Just save README.md to the folder of your choice

 sed -ne 's/.*\(http[^")]*\).*/\1/p' < README.md | xargs wget -U 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0'

2
annnnd 20 hours ago 0 replies      
Missing on the list: http://neuralnetworksanddeeplearning.com/

Great book for learning concepts and for getting a generic overview (but goes deep enough that you can jump straight into implementation if you want). I recommend it highly.

3
yalogin 11 hours ago 0 replies      
A bit off topic but what does one need to know/read before doing the Udacity course on autonomous driving?
4
zk00006 20 hours ago 1 reply      
Nice list, but there are too many papers like this and it is easy to get stuck in theory. I would suggest to grab some simple neural network (Darknet is great for that) code and read that first. If something does not make sense, find the theory from papers.
5
markovbling 12 hours ago 1 reply      
Great, thanks!

I find the problem is actually how to select what content to study given a time constraint like if you had 5 hours or 20 hours or 200 hours - what should you read?

Like an exhaustive list is great but it's an optimization problem - how do I maximise understanding subject to a time constraint - which resources do I select to maximise learning in x hours/days/years?

6
syphilis2 21 hours ago 2 replies      
Is there a link to the book mentioned in item 1 (1.0 Book) as a PDF? The closest I could find is http://www.deeplearningbook.org/ which says I cannot get a PDF of the book, though clearly one existed at some point.
7
amelius 18 hours ago 4 replies      
What are the best video lectures out there, with emphasis on theory (not coding)?
8
ilaksh 6 hours ago 0 replies      
I would skim these to select something basic and then try to experiment with a real system with those documents as a guide/reference.

Try to actually learn one level at a time.

That is my approach right now. I have read a lot but without being 100% on the fundamentals it mostly goes over my head so I am backing up. I plan to try Tensorflow examples also but I expect it will be pretty shaky until my high-level practical surface knowledge can meet in the middle with my fundamental knowledge if I can keep progressing.

15
Kodak Ektra kodak.com
355 points by qazwse_  1 day ago   199 comments top 50
1
astrocat 1 day ago 15 replies      
<armchair> There's a missed opportunity here... this is not a smartphone, because as a phone, it will suck. It's a smartcamera, because as a point-and-shoot running Android with a cellular data connection, it will probably be quite cool. As mentioned already, Nokia tried the "photography first" smartphonecamera - it didn't fly. Because, honestly, iPhones are already top of the line smartphonecameras. The cameras are ridiculously good, all things considered. Kodak should realize there's no point in attempting to get people to trade in their iPhone for one of these - they should focus on making this the other accessory you want to have in addition to your iPhone. Like a Kindle. You CAN read stuff on your phone, but there's a better experience to be had. You CAN take pictures and video on your phone but... there's a better experience to be had? Maybe. I'm not entirely convinced the same kind of value can be added at a price that's worth paying before just up and getting a DSLR. But, that's my take on this whole thing. </armchair>
2
simonsarris 1 day ago 5 replies      
Their "Specs" link at the bottom 404s! Ow.

Much more info in this blog post: http://www.kodak.com/US/en/Consumer/Press_Center/KODAK_EKTRA...

KODAK EKTRA Smartphone key features:

 * ANDROID 6.0 (Marshmallow) * Professional results from a 21MP fast focus camera sensor with F2.0, PDAF, OIS, Dual LED Flash * 13MP phase detection auto focus front-facing camera with F2.2 PDAF * Helio X20 2.3GHz Decacore processor with 3GB RAM * 32GB memory, expandable with MicroSD cards * Advanced Manual Mode adjustable on Exposure, ISO, Focal Length (Manual/Auto), White Balance, Shutter Speed, Aperture (fixed f2.0 main camera) * Familiar scene selection dial experience includes scene modes Smart Auto, Portrait, Manual, Sports, Bokeh, * Night-time, HDR, Panorama, Macro, Landscape, Film / Video * Integrated high quality printing app * Super 8 Video Recorder * Integrated social media sharing * 3000mAh, with USB 3.0 Type C fast charger
Edit: Another separate product page, this one has a WORKING "before/after" panorama example: http://www.kodakphones.com/ektra/

Edit 2: Their "super 8" is just a filter. Scroll down on the page above to see.

Their web content is really disjointed...

3
woodpanel 1 day ago 1 reply      
I think they are doing the right thing. Taking pictures is a core feature of smartphone usage and smartphones took a lot of camera-marketshare. Vacations have become much more enjoyable since people don't have to carry the international sign of gullibility around their neck, the tourist's camera, that also weighs more than a phone, costs at least as much and has a terrible OS.

I too think though that Kodak can't be superior on smartphone stuff. At least not on their first iterations. But having the stomach to pursue such a dramatic and pragmatic shift in as how to perceive their product says a lot. Either about the company's future prospects or of how much they are on their last legs.

4
OJFord 1 day ago 9 replies      

 > Edit photos anywhere with Snapseed
The "before" and "after" images [0] are completely different photographs!

[0]: http://www.kodak.com/KodakGCG/uploadedImages/Consumer/Produc...

5
unicornporn 1 day ago 2 replies      
Argh... For a second or two I thought to myself: perhaps this camera phone will have a lens with a sane focal length!

But nope, massive wide angle at 26.5mm equiv once again. How about an actual general purpose lens at 35mm (or above 35mm) equiv for once? Some of the older iPhones were around 33mm if i recall things correctly, but all the (one lens) iPhones that now supports shooting DNG are stuck with a ~28mm lens.

/Frustrated photographer

6
TheRealPomax 1 day ago 1 reply      
I don't understand... how is this different from any other large-screen Android 6+ device being built right now with a similarly high-res spec camera?
8
paulgerhardt 1 day ago 2 replies      
I absolutely love these platforms for travel.

I have a similar model (a Panasonic/Leica Android phone). It has a very large sensor and sim tray. As result I can run a local sim in WiFi hotspot mode for my primary iPhone and still get great photos with a 2-in-1 device.

The photo quality is fantastic and it beats having to carry a small mirrorless camera around. Being able to run Photoshop Lightroom right on the device is great for touching up your best shots as you are on the bus or train between destinations.

That said, I don't know how viable the platform is for the mainstream market. Panasonic revved my model to drop the sim. So I think they saw sales were weak. The introduction of the Moto Z with the Hasselblad lens and now this Kodak model gives me hope as I love, love, love these camera/hotspots.

9
exelius 1 day ago 6 replies      
Didn't Nokia try this already?

I'm pretty sure the camera world has settled into two kinds of cameras: cell phones for people who just need to take a few snaps, and DSLRs for people who need more features than can possibly fit in a cameraphone (flash hotshoe, changeable lenses, larger sensor, etc). DSLRs are cheap enough that cost isn't really an issue.

I doubt the results here will be any better than Nokia had.

10
patrickg_zill 1 day ago 1 reply      
While it may seem an irrelevant detail, the camera-like leatherette case that flips or snaps open like the old camera cases did, not only made me smile but gave me hope that they were clued in enough to their market as to make it a success.
11
unwind 18 hours ago 1 reply      
I had to look up the SoC used, it's MediaTek's Helio X20 with ten cores: http://mediatek-helio.com/x20/. The cores are:

 2x Cortex-A72 @ 2.1GHz ~ 2.3GHz 4x Cortex-A53 @ 1.85GHz 4x Cortex-A53 @ 1.4GHz
That sure is a lot of cores (and the rest of the features sound nice too, like the support for a 32 megapixel camera). Quite the impressive piece of technology to put in a phone-sized form factor, really.

12
akavel 1 day ago 1 reply      
I'm curious what exactly will the "haptic touch" technology of the dial be? Do you know of any consumer-grade products with (hopefully) non-buzzer haptic feedback on touchscreen available on the market yet?
13
matthew-wegner 23 hours ago 1 reply      
Lots of negativity here. This is a really smart move.

I take a decent amount of photographs, and shoot enough photos at events around other photographers to see the next generation coming up. A surprising amount of these photographers are using live view on DSLRs, just because they're "graduating" out of smartphone photography. (Live view generally has a number of disadvantages compared to the optical viewfinder; it's a pretty bad habit).

These photographers are used to framing their shots on a screen, and have muscle memory built around holding a device like a smartphone. Giving them better sensors--and not changing much else about their shooting experience--is a very wise decision...

14
Paul_S 1 day ago 1 reply      
The before and after pictures (mountains) are two completely different pictures. Is the trick that your photo gets substituted by a better one? That would actually be not a bad thing...

Anyway, this has got nothing to do with kodak cameras whatsoever, just licensing a brand name.

15
jake-low 1 day ago 5 replies      
Odd choice for the name, since Kodak also has a color negative film called "Ektar" [0] which is just a single transposition away from this new phone's name.

[0]: https://en.wikipedia.org/wiki/Ektar

16
icanhackit 1 day ago 0 replies      
It has phase detection at least. Something sorely missing from these camera phone/phone cameras is an internal optical zoom so that the lens barrel never protrudes from the body - like the Pentax Optio WS80 which uses a prism so that the optics/elements move along the x rather than z axis inside the camera body. Apple filed a patent for such a thing a year or so ago, but they've also filed patents for all kinds of shit that has never seen the light of day.

Calling the 56mm second lens on the iPhone 7 an "optical zoom" is taking things a bit far. I guess calling it a prime portrait lens would leave more than a few people scratching their heads.

17
michrassena 14 hours ago 0 replies      
Since I didn't see it mentioned elsewhere in the thread, anytime I see the name Kodak Ektra I think of the world-class 35mm camera that Kodak made in the 1940s.

http://camera-wiki.org/wiki/Kodak_Ektra

So the use of the name is banking on that association with those in the know. I would be writing a ream of criticism here of the use of the name to associate the new product with the original if Kodak themselves hadn't diluted it to meanlessness by releasing a line of 110 film cameras with the same name.

18
lips 12 hours ago 0 replies      
On-screen controls will always be substandard. It's confusing, because every company should know what works, based on about 30 years of iterative design changes. Yet here we are, adapting the rotating mode dial into a digital interface. You will not grok this camera.

Things that would get my attention:Hardware slider that can be mapped to ISO/aperture/shutter speed, ideally dynamically.Hardware AF/MF switch, and AE/AF lock options.Focus peaking.

19
Question1101 23 hours ago 0 replies      
Since they don't mention the sensor size I assume it will be barely bigger than that of an average smartphone. So I expect the image quality to be underwhelming. There was the Lumix CM1 and it wasn't a huge hit so I don't know why this would sell well since it doesn't look like it's doing anything better.
20
sly010 1 day ago 0 replies      
I am not sure how much "smarter" this is than a camera taped on a phone [0].

If the DSP chip itself were programmable from the phone then one could do all sorts of tricks just by downloading new "firmware" over the air.

I doubt that is the case here though. It looks like this saves me from copying files to share then on Instagram and that's about it.

Someone please make a camera that costs the same as a high-end smart phone, but the DSP chip is open and documented. Why is that not a thing?

[0] http://media.e2save.com/images/community/2013/06/tumblr_m7bf...

EDIT: link

21
kup0 1 day ago 1 reply      
This is actually an interesting product, but is there a reason they wouldn't make the aperture f/1.8 like the iPhone?

I'm not aware if there may be downsides or hardware limitations to that. If cost is the only issue, it would seem worth it if you're making a photography-focused camera just to get as much light as possible into that sensor.

Edit: Thanks for the information, fellow HNers :)

22
anentropic 13 hours ago 1 reply      
"Always. Be. Ready."

I really hate these periods. I despise them. It's stupid, please stop.

Also, under "Push what's possible"... why are the 'before' and 'after' image two different photos? What is that supposed to prove?

23
juliann 1 day ago 0 replies      
The only thing i can remember about Kodak phones is that The Verge tried the first Kodak phone last year at CES 2015 and it was a disaster. It had a horrible Android skin on that made it look like old Nokia phonesHope they upped their game with this one.

1st Kodak phone at CES 2015http://www.theverge.com/2015/1/5/7498999/ces-2015-kodak-phon...

https://www.youtube.com/watch?v=mPadMS75i48

24
danvayn 23 hours ago 0 replies      
The real potential with this lies with the photo editing and viewing suite -- even if it's camera first there's not really many 'smart cameras' are there? there's just a lot of potential in having extra buttons. imo, simplicity of UI/UX is becoming a tiresome idea now that the ability to operate a smartphone has been mainstreamed at this point. power to the new players.
25
doublerebel 1 day ago 0 replies      
Wow only a 5" screen, BUT with full HD resolution and a 3000mAh battery?? Can't get that anywhere! I know many HNers besides me appreciate a phone on the smaller side. Usually that means the screen stays at 720p (Galaxy Alpha, Galaxy * Mini, Sony Xperia Compact) and the battery suffers (Galaxy alpha has only 1800mAh.) $550 is not a mini price, though. I'll hold out for a couple good reviews.
26
gwbas1c 1 day ago 3 replies      
I understand that Kodak is probably "dipping their toe in the water with this model," but 32GB is not enough storage.

I'd like to know more about the phone, though. Is it a good phone? I mean, is it a good phone? The concept of a phone that's also a quality Kodak camera is cool, but at the end of the day, I'd like to know that it's also great at doing everything else I do with my phone.

Also, does it have a standard 3.5mm headphone jack?

27
ChuckMcM 1 day ago 0 replies      
Interesting that during their bankruptcy restructuring they were exiting the digital camera business, and now here we go another digital camera, I think it would be hilarious if you could download a "phone" app for it :-).

Seems like a lot of work for a point-and-shoot. The "interest" outside of the phone camera space seems to be in the 4/3 space. And this isn't one.

28
PascLeRasc 23 hours ago 0 replies      
As much as I like the idea, from the side profile it looks like it'd be really difficult to carry around in a back pocket and could snag on the lens bump when trying to put it back in a pocket.
29
johnatwork 1 day ago 1 reply      
My knee-jerk reaction was to want this, but the more I thought about the product, it really would be for someone wanting a good camera on the go, but not enough to warrant a better separate camera, AND willing to deal with a worse smartphone experience.

That's not me unfortunately.

30
joshmn 1 day ago 0 replies      
Talk about desperate.

Why didn't they just skip the phone part? I could see myself buying one of these. But the fact that it'd make little (financial) sense to buy one and then have it replace my phone (let's be real here, Kodak), it's a no-go.

31
dharma1 1 day ago 0 replies      
Doesn't look like it'll be able to do anything that any good Android phone with a good sensor/lens can't.

BTW some Mediatek chips were meant to be able to do 480fps 1080p video with certain Sony sensors.. did it ever work out beyond marketing promises?

32
nav 1 day ago 0 replies      
I like the subtle f*ck you to MGMT 101 classes here .... or the attempt to.
33
vladimir-y 1 day ago 0 replies      
What is the camera sensor model and manufacturer? So far based on hardware features list it doesn't look like a photo oriented smartphone, but more like a regular Androind based phone.
34
ryanbertrand 1 day ago 0 replies      
I thought the iPhone 7 camera lens bump was bad until I saw this.

They might be too late to the game with this one. I do like the 3GB of RAM though.

35
neves 1 day ago 0 replies      
How much does it cost?
36
King-Aaron 1 day ago 0 replies      
This is the smartphone I have always wanted.... they just forgot to make it a smartphone.
37
plg 1 day ago 0 replies      
It had better have superior photog specs than the newest iphones otherwise it's dead in the water
38
DocG 1 day ago 0 replies      
Seems cool. But they cant do very good mobile page. Laggy scrolling and jumpy loading on G4.
39
Florin_Andrei 1 day ago 0 replies      
What's the max frame rate for the 4k capture mode?
40
1_2__3 1 day ago 1 reply      
Specs page: Nonexistent.

Details page: Nonexistent.

Cost hint: Nonexistent.

I've seen Kickstarters more compelling.

41
mirekrusin 1 day ago 1 reply      
Scrolling is completely broken on iPhone safari
42
ams6110 1 day ago 0 replies      
I honestly thought Kodak was out of business.
43
throw2016 1 day ago 0 replies      
Kodak unfortunately self destructed and the business was sold. This seems to be an initiative by the new owners and given the positioning one would expect much more details about the sensor size, sensor type and lens.

Kodak has a wonderful history with the now out of favour CCD camera sensors. The first digital Leica's all used Kodak CCD sensors and are still highly rated. Sony is now among the leading makers of CMOS sensors for both cameras and cell phones and nearly all current cellphones use Sony sensors.

Phones of course cannot compare to larger sensor cameras but they have made great strides and at least knocked off the lower rung of camera market that sported small sensors.

The positioning has potential but this is something Samsung, Apple and other phone makers are already focussed on. The absence of details could make this more positioning and less product and completely fail to register in a market dominated by decent phone cameras in the Galaxy S7 and iPhone 7.

44
jra101 1 day ago 0 replies      
No mention of sensor size?
45
RUG3Y 1 day ago 0 replies      
I want this very badly.
46
pgnas 1 day ago 0 replies      
Looks like we may have a camera with the option of being a phone instead of a phone that has a camera..

Looks interesting and it is nice to not have to carry around multiple devices.

47
MrZongle2 1 day ago 1 reply      
If Kodak really wants to make a killer product, they should focus on battery life at the expense of size (within reason, of course).
48
serge2k 1 day ago 1 reply      
wait, this is a DSLR?

Why would they do that instead of mirrorless?

49
losteverything 1 day ago 0 replies      
A good gift

if priced ok, a disposable camera

a good way to be able to take pics and LEAVE YOUR PHONE AND CONNECTED LIFE.

50
jbarham 1 day ago 0 replies      
Fun fact: The digital camera was invented at Kodak (an American company) that has since gone bankrupt.

Here is a list of Japanese companies that currently all make excellent digital cameras:

 * Canon * Nikon * Sony (which bought Konica Minolta) * Fujifilm (Kodak's main competitor in the film market) * Olympus * Panasonic * Pentax/Ricoh
Discuss.

16
CA Comodo used broken OCR and issued certificates to the wrong people mozilla.org
320 points by longwave  12 hours ago   170 comments top 22
1
nneonneo 8 hours ago 1 reply      
Relevant mailing list post: https://www.mail-archive.com/dev-security-policy@lists.mozil...

In this email, Comodo discloses the security issue to Mozilla. The email was sent 26 days after researchers Florian Heinz and Martin Kluge of Vautron Rechenzentrum AG informed them of the bug.

Comodo clearly states that they used OCR for .eu and .be domains because the TLD registrars redacted their port 43 WHOIS data, and only provided an image of an email address on their web WHOIS pages. There was apparently no other way to obtain the email address.

Rather than flag humans to fix OCR in ambiguous situations, they had automated heuristics to correct the OCR, as determined by the security researchers. However, the heuristics chose the wrong output for the domain @a1telekom.at, producing @altelekom.at (an L instead of a one). The researchers registered altelekom.at and obtained a cert for a domain owned by A1 Telekom, a major ISP.

2
taurath 10 hours ago 2 replies      
>The OCR has a reproducible bug and has trouble differentiating small l and the number 1. It also has trouble differentiating the number 0 and the small o. Instead of fixing the bug or not using such obviously unsuitable software the software apparently evaluates the following characters - if there is a number after the small l it reads the l as the number 1. Similar issues with o/0.

So what they're saying is y0u can fo0l their servers with 1eetspeak?

3
johnwheeler 11 hours ago 5 replies      
4
codegeek 11 hours ago 1 reply      
I am usually not good with donations but one company that I gladly donated to has been letsencrypt.They have made life so simple. Please donate[0] or become a sponsor[1] if you can.

[0] https://letsencrypt.org/donate/

[1] https://letsencrypt.org/become-a-sponsor/

5
oxguy3 10 hours ago 2 replies      
For the love of God, why has Mozilla not suspended Comodo yet? Too big to fail, my ass -- give a few months of warning before the notBefore cutoff date, and everyone will have plenty of time to switch over to a competent CA.
6
asidiali 11 hours ago 4 replies      
Comodo should be put out of business. They stole $100 from me for a certificate then gave me the run around for months while I tried to get a refund for a certificate I never received. Still haven't gotten my money back.
7
longwave 12 hours ago 5 replies      
The underlying issue here is that WHOIS is still not standardised despite being around for over 30 years, and the registrars do not have any other common interface that can be used to discover domain owners and other metadata. Is there no workable solution to this problem?
8
djsumdog 11 hours ago 0 replies      
Universities that are part of InCommon paid to get unlimited Comodo SSL certs. Their API was pretty terrible and we ended up finding quite a few issues.

Every time I hear about these Comodo breaches, I'm not surprised. Supposedly, Iran was able to get them to issue fake certs for some major sites:

http://www.pcmag.com/article2/0,2817,2382518,00.asp

9
ig1 11 hours ago 0 replies      
10
cordite 12 hours ago 3 replies      
Should being part of a CA include having a red team constantly trying to breach things?
11
ungzd 11 hours ago 1 reply      
So stupid anti-spam measure email addresses as image led (indirectly) to such huge vulnerability.
12
ComodoHacker 10 hours ago 3 replies      
I'd like to know how other CAs perform domain validation for .be and .eu TLDs.

Disclaimer: not associated with Comodo in any way.

13
Johnny555 8 hours ago 1 reply      
Did Comodo admit to using OCR for this, and that it wasn't a human transcription mistake (humans mistake 1's and l's too)

It just seems odd for them to use an image of a web page to transcribe information from a web lookup when they could just scrape the text off the web page directly without using the intermediate image and OCR.

However, I could see them using a human in the chain to look up the whois information, it just seems strange to come up with a complicated OCR solution (and if they did, that they couldn't find a font that makes 1's and l's look more distinct, like http://forum.high-logic.com/viewtopic.php?t=4004)

14
orf 11 hours ago 2 replies      
Isnt this is the same company that produced a 'secure' browser that disabled CORS?

Doesn't surprise me.

15
zokier 11 hours ago 1 reply      
More worrying than some OCR silliness is that Comodo is issuing certificates based solely on WHOIS data. I don't think it is intended for such security critical use.
16
drumttocs8 10 hours ago 0 replies      
Comodo is awful. I remember loving their original products, but it's been downhill ever since they started trying to monetize so heavily.
17
bandrami 11 hours ago 3 replies      
How people still think the PKI system is actually delivering security is beyond me.

We have zero idea how many bad certs like this may be out there (the nefarious people won't publish their results, after all), and yet a browser will still treat a Comodo cert as better than a self-signed one (it's identical to a self-signed cert, since Comodo is a known bad actor now). It's better than plaintext, of course, but that's not saying much.

18
cik 12 hours ago 6 replies      
And yet somehow browsers have decided that self-signed certificates are less valuable that purchased ones. Seriously?
19
andrewmcwatters 10 hours ago 2 replies      
Have CAs always been this sloppy or are we just hearing about it more nowadays?
20
chetanahuja 10 hours ago 4 replies      
Web security based on PKI model based on 100's of "trusted" authorities is just broken. And yet, the "security industry" continues doubling down on "moar TLS" "moar green locks" model instead of coming up with a better model.

The tragedy is, that most of the internet access is now happening from mobile devices and majority of that is coming from native apps. The apps need neither the same trust model nor have any "green locks". But PKI/TLS based orthodoxy has such a death grip on the industry that people continue to use this broken model for native apps where it makes even less sense than it does for browsers.

21
retox 12 hours ago 0 replies      
Yet another in the long line of fuckups.
22
omouse 10 hours ago 0 replies      
Not surprised, they seem like a shady outfit.
17
Cuomo signs bill prohibiting Airbnb listings in NYC timesunion.com
265 points by Spooky23  8 hours ago   406 comments top 39
1
geebee 7 hours ago 12 replies      
Airbnb's response: "A majority of New Yorkers have embraced home sharing, and we will continue to fight for a smart policy solution that works for the the people, not the powerful."

I'd be more interested in knowing how New Yorkers feel about regulating short term apartment rentals than how they feel about sharing.

I don't think I'm guilty of being a broken record if airbnb keeps misusing the word "sharing." Although I understand there can be some ambiguity in the word "sharing", the arrangement "you may rent my apartment out for a week if and only if you pay me $1,000" isn't anywhere close to this zone of ambiguity.

It is commerce. It is unambiguously commerce, it is a pure quid pro quo money for services transaction.

New York has passed legislation regulating commerce - in this case, the conditions under which someone may rent out property for under 30 days. Those laws aren't obsolete just because someone wrote a rails app where you can type in an address and click a "create hotel here" button. Also, commerce doesn't become sharing just because the quid pro quo financial transactions take place over the web.

2
mamurphy 7 hours ago 9 replies      
The legislation allows you to rent a spare room in your house. What it disallows is having an apartment you rent out in full on AirBnB, either doing that exclusively as an income source or yourself staying elsewhere whenever you are renting it out.

Put in that context, the legislation seems pretty well-aimed at its goal of creating more affordable housing in the city.

If you are renting an entire apartment out on AirBnB full time, you are deciding to run an unregulated hotel rather than rent a traditional long-term lease. The city doesn't like that.

3
wcarron 7 hours ago 1 reply      
While I typically would support a tech company, and this is not to say that I'm not pro-technology and want smarter legislation to keep track with technology advances, the opposition does have some good points.

Having only recently become able to afford my own apartment, it appears to me that this legislation is, at its core, designed for the purpose of renter protection. Housing prices are literally insane in metropolitan areas across America. (LA here). Illegal sublets are already endemic, and were I to own property, or even have a year long lease, the ROI from AirBnBs/subletting would definitely be enticing. I won't assert I'm a moral paragon, but there are many landlords less scrupulous than I am.

The problem is that, with AirBnB and sublets come ever increasing rent, eventually pricing huge numbers of people out, which drives down productivity and growth. Uninhibited illegal sublets/hotels create a weird bubble at the very bottom of the housing market, which serves to exert upward pressure on prices across the board, since if one room is now worth $800-$1000/month, a studio apt jumps from $1100 to $1300, and so on and so forth.

4
RickS 7 hours ago 1 reply      
It's a shame it's come to this, but I'm sympathetic to NYC here. AirBnB had the time, resources, and advance notice to modify their policies and offerings in ways that allowed real homeowners to use the system but keep greedy land owners from running unregulated hotel chains.

AirBnB chose to keep the money hose pouring instead. They implicitly encouraged owners to operate in a way that violated the spirit of moderate, sensible couch sharing.

This is well deserved.

5
apaprocki 7 hours ago 1 reply      
Everyone usually frames this debate as compensating the little man instead of lining the rich pockets of the hotel industry. I have personally not seen this. I am a NYC condo owner and I do not know a single other condo owner that I have met that welcomes illegal short-term renters in their buildings. We enacted a $1000/day fine in our building against the owner on record if we catch someone doing this. We invested in real estate in this city and all signed contracts agreeing that only long-term subleases would be allowed (>= 12 months), and so we are upholding those contracts. Just because someone wants to visit the city and not stay in a hotel does not mean that all the other unit owners in a particular building want you there. It is not just a transaction between you and whoever hands you the keys. The last 2 Airbnb cases in our building were legal long-term subletters themselves listing the apartment on Airbnb without the owner's knowledge. There is so much straight-up illegal activity going on it's not even funny.
6
gaius 8 hours ago 2 replies      
Krueger noted that the legislation does not prohibit those who use sites like Airbnb from renting out a spare room while they are in their homes.

So if the sharing economy is REALLY about sharing, there's no problem!

7
torpfactory 7 hours ago 0 replies      
The way I see it is: you can either have a city where ALL the residents of the city can afford to live (esp. service workers, teachers, elderly folks on a fixed income, etc), or you can have one where those with the expendable capital buy up most of the available housing to use a short term rentals to increase their income further. I'd rather live in a city where many different kinds of people can find a place to live than one where only those with the most money can stay.

To be clear: I'd support density limits for AirBnBs without an outright ban and am totally fine with people renting out extra rooms on a short or long term basis. Unrestrained short term rentals seem to clearly drive up the price of property and end up benefiting mostly those who already have the means to own a place to live.

8
specialp 7 hours ago 0 replies      
If Airbnb had rules regarding non-share rentals that restricted repeated listings of them they wouldn't have this problem. Yes this law is slightly heavy-handed in that it blocks someone that goes on a trip from time to time from booking their places out, but that is not the majority of listings on Airbnb. The majority of full apartment rentals are people that are running illegal hotels basically. This is hurting real hotels that have much more regulation, and decreasing availability of housing in a city that is getting more residents every year than the entire population of most other places in the USA.

Also when you are living in Manhattan, you do not want to have someone different in the place down the hall or above you every day. These people staying short term have no onus to respect neighbors. Airbnb knows that professional illegal sub-letters are the bulk of their business and is not stopping it. Renting a ski cabin out weekly is a lot different than renting out an apartment in the most densely populated city in the USA.

9
losteverything 6 hours ago 0 replies      
Our tiny town had creative citizens stop the only ab&b house on a residential street.

Tell an&b tenants they are not wanted and to state that in their reviews

Take all their street parking spaces

Call the police nightly to say strangers are in neighbors house and she is away

Eventually the city council ruled against the homeowner due to zoning (not a business)

The situation was very ugly.

Perhaps there should be an an&b companion list where potential an&b renters can see if the property is "friendly neutral or hostile" I would have used that

10
davidf18 5 hours ago 1 reply      
I live in NYC and I can tell you that New Yorkers do not want AirBnB. We do not want transients in our apartment buildings. We want our safety. Many of us have doormen that keep people out.

There are children, there are elderly. The executives and the VC firms that fund them show absolutely no respect for New Yorkers who value our safety.

> "Cuomos signature underscores a concern from companies that operate within the sharing economy that New York remains unreceptive to newer technologies that threaten some within certain industries, such as the hospitality and taxi industries."

This quote from the article is false. We highly value Uber/Lyft/Gett. New Yorkers love high technology: we have the only 24/367 Apple Store in the nation. We have a 24 hour Best Buy. Same Day Delivery from a number of different vendors. ClassPass, MealPal, MoviePass, CUPS, the list is a long one and some of these firms were first started in NYC.

What seems clear to New Yorkers is that AirBnB executives do not value safety.

11
throwaway420 7 hours ago 1 reply      
What is the proper amount of short term rentals in a city?

Should a particular building be used for housing or rentals?

I know I don't know the exact answer, but the reality is that politicians don't either. These questions are better solved by pricing, the mechanism that actually directs resources to their most valued ends rather than political edict (which as we all know is influenced heavily by whoever is able to grease the most politicians).

Politicians can't react accurately and quickly to rapidly changing supply and demand. The market has an actual signal that does this rapidly and provides incentive to do so.

Anything that disrupts this is just another example of corrupt government benefiting their contributors to the detriment of real prosperity.

12
davidf18 3 hours ago 0 replies      
http://www.nytimes.com/2016/10/22/technology/new-york-passes...

> 'In typical fashion, Albany back-room dealing rewarded a special interest the price-gouging hotel industry and ignored the voices of tens of thousands of New Yorkers, said Josh Meltzer, head of the companys New York public policy.'

> 'New York City is the companys largest market in the United States. The citys hosts generated about $1 billion in revenue last year, and the company took a cut of that amount in fees.'

From this article, AirBnB wasted millions of dollars lobbying to go against the will of the people. Amazing.

The quote is wrong. New Yorkers value their safety. They don't want transients in their buildings. There are children, there are elderly, there are women. Perhaps AirBnB should have hired someone who lives in a NYC apartment. They would have explained the importance of safety to the AirBnB executives.

It seems impossible that executives of AirBnB do not understand that safety in apartment buildings is important. Perhaps their vision is blurred by the fees they make on the $1 billion in annual revenues.

13
epc 7 hours ago 0 replies      
AirBnb can't be surprised, NYC is one of the most contentious markets for renters and landlords. There's far more tenants than potential AirBnb landlords. While the hotel industry may well have made campaign contributions to sway the legislature & governor, the fact is that rental regulations are the third rail of NY/NYC politics and anything that screws tenants, as the rise of AirBnb has, is bound to get slapped down.
14
drusepth 2 hours ago 1 reply      
Very surprised to see all the (or any) Airbnb negativity here. I've been living in an Airbnb for about 2 months now (as a tenant, not a host) and plan to continue doing so indefinitely. The experience is infinitely better than renting from your typical rental company (and at a comparable price, with Airbnb's monthly discounts), and I don't think I could ever go back.

Unfortunately, this just sounds like NYC is making it more difficult for visitors to come check out the city, which is regrettable at best.

Hopefully this bill does not also apply to long-term Airbnb rentals also.

15
mrcactu5 1 hour ago 0 replies      
I don't see what the big deal is. AirBNB can turn normal citizens into landlords. The best hosts will actually take care of their apartment. So in theory the Free Market protects the interests of both hosts and renters.

Maybe? That's one possible way it can play out. NYC really tries to protect the landlord's interests rather than the tents. NYC would be a different place if normal people (who aren't millionaires) actually owned their places.

Free market could drive prices even higher than they are today. I don't know.

16
shawnee_ 3 hours ago 0 replies      
Airbnb profits from high volume and turnover, just as landlords and Realtors get their cut every time there's a turnover in occupancy. Interestingly, this is the root problem at both ends -- from people living in poverty (Portland's sidewalk tent campers who get shuffled around), those suburbanites affected by the housing "crisis", and those who can afford to own in any upscale hip-n-trendy neighborhoods where Airbnb rentals are desperately sought. Those rooting for turnover are usually those who profit the most from it.

Sure, people travel and need to rent rooms once in a while. People like to rent while they're young and mobile, but the two use cases need very serious and separate delineation from each other. Airbnb is pushing them more into "overlap" territory. Airbnb's expansion into "subletting" was the kicker.

So, long story made short: it's an interesting economics problem I've been working on solving in my spare time, as a very long and iterated side project with Ecosteader (ecosteader.com). Some of the details emerging need a better format for communication; however, the most clear thing to come from my research is that people need to _own_, and they need to be able to transact with each other directly. Middlemen (Airbnb is the middleman here) taking significant commissions is part of the problem.

But the middlemen problem has sort of an obvious solution: to tax rental income so aggressively that it's just not an appealing source of investment to people who invest in rentals. Use the tax generated from over-inflated rents to build properties for sale, and/or figure out a way to use that money to grant-deed land on which people can build. This last option seems the more fun opportunity to me, and is what I originally had in mind building an eco- site.

The homesteading movement needs to come back, adapted a bit for the 21st century.

17
swingbridge 6 hours ago 1 reply      
There are laws in New York City that say (with good reason) that you can't just turn your home into a hotel. New York is simply enforcing the law.

If Airbnb really has the public support they claim then it should be easy to change the law. The reality is a lot (likely vast majority) of New Yorkers really don't want the status quo to change. The politicians know this and hence why they took this path.

18
colmvp 7 hours ago 0 replies      
> For too long companies like Airbnb have encouraged illegal activity that takes housing off the market and makes our affordability crisis worse, she said. They have sat idly by while unwitting hosts are evicted for breaking their leases, unscrupulous landlords drive out tenants to profit off the short-term market, and tourists are put in danger by staying in unregulated, unaccountable, and often dangerous illegal hotels.

I think the danger is exaggerated but otherwise, I tend to agree that Airbnb is perfectly happy to profit off of tenants who break agreements set by their city or community organization and play innocent about the legality. And now, in my city at least, units that are owned and operated purely as short-term rentals which in addition to making it less affordable for people who actively want to purchase a place, also disrupt residents. One condo building for example is pretty much known as a Airbnb hotel as residents often see visitors clogging the lobby with luggage and/or endure loud parties. There's something to be said when residents are delighted when Airbnb'ers have a crap experience so that they stop coming to the building.

19
nomad_dude 6 hours ago 0 replies      
I am glad that this bill was signed because I'm tired of having people in my building who I don't know and do not trust. Everyone in my coop is vetted by the Board of Directors before living here - why should AirBnb users be any different?
20
JDiculous 6 hours ago 3 replies      
As someone who's spent the last 3 months living in AirBnB units and sublets in NYC and doesn't have any desire to commit to a year-long rental lease, this is disappointing.

AirBnB makes the market more efficient by increasing the supply of housing that otherwise wouldn't be available and provides more alternatives to signing a lease and wading through scams on Craigslist.

If NYC is serious about providing affordable housing, then this would at best be a temporary band-aid patch while they actually tackle the real problem - building more affordable housing. Of course the government isn't actually interested in solving the problem, so blaming AirBnB is more convenient.

21
herlitzj 6 hours ago 0 replies      
If anyone is interested, the Attorney General did study this and the report is freely availablehttp://www.ag.ny.gov/pdfs/Airbnb%20report.pdf
22
iamleppert 7 hours ago 0 replies      
Wasn't there a study done that shows Airbnb hosts actually account for a small fraction of the homes? I'd really like to see these politicians back up these claims with some data. Where do they get this information from?

It seems highly suspect that this could cause a decrease in units on the market that is anywhere close to affecting the housing problems in NYC.

Whenever I see a politician throw out the word "senior" and "quiet enjoyment" I smell a rat. The more obvious answer is the hotels don't like this kind of competition (staying in an Airbnb is infinitely better than a Hotel) and have bribed these politicians.

Wasn't Andrew Cuomo in the center of all the mortgage scandal stuff years back? Can this guy just go away?

23
whiddershins 6 hours ago 0 replies      
Prohibiting some Air Bnb listings. Which were already illegal.

Mine would still be just fine.

24
cheriot 7 hours ago 0 replies      
I've still not been able to figure out how in many cities I can rent a room in an apartment for less than a room in a hotel. How does the hotel industry not have huge economies of scale? Are the hotel taxes and cost of extra fire codes impacting the price that much?
25
mancerayder 6 hours ago 0 replies      
Anyone know if this applies to two-family houses?

As far as I know, the Multiple Dwelling Law applies limits to 3 and 4-family homes, limiting specifically rentals that are less than 30 days.

Now, it seems that one and two-family homes are excluded?

26
peterkshultz 6 hours ago 0 replies      
The title seems like clickbait, especially given the fact that the legislation isn't targeting those who use Airbnb to rent out a spare room.
27
marketanarchist 6 hours ago 0 replies      
Great, another government overreach. Hopefully someone finds a clever solution around it that protects this peaceful and voluntary economic activity.
28
Apofis 5 hours ago 2 replies      
How the fuck does Cuomo have the power to ban Airbnb only in NYC? isn't he a state governer?
29
yuhong 6 hours ago 0 replies      
I wonder what would happen if there was a spot and contract market for housing like there is for DRAM.
30
willholloway 6 hours ago 1 reply      
I escaped NYC and moved to a neighboring state, along the coast, in a tourist town in a relatively economically depressed area.

I grew up in this town, and it used to be vibrant and vital and full of young families. It has gotten older, as the younger generation has not been able to afford to take on the homes of their parents, as the job market is not strong.

I bought a waterfront three family house, a house that used to be one owner, and one or two tenants on the other floors.

I renovated the house, and furnished the other floors. It took me all summer, doing the work myself. I have been renting the other two floors out on airbnb and other sites. I love it.

I feel like I have reclaimed my house from other tenants. I own the whole house, yes I let in guests for a few days on the other floors, but they leave, and I can go back into the floors when they are not booked.

I can have a change of scenery, and I get income from this whole thing.

I love this. I don't want to rent to long term tenants. Its a house, but divided into apartments for each floor. I want to control it. I like taking guests but I dont want to sell a floor for a year.

It books well on these sites because its waterfront and in a tourist area. Its a lot of work. A lot of work. I have to scrub showers and toilets and make beds, and I only get a few hours in between guests many days. But the money is good and its a form of early retirment for me.

I don't see any externalities to the neighbors, in fact the neighbors are better off living next to a vacation rental than a multi family house.

In a multi family investment propery the incentives are all about putting in as little money as possible. In a vacation rental its all about making it look as nice as possible.

The extra margin of the vacation rental makes all the difference. Now I care about reviews, so now I want the outside to be professionally landscaped. Now I want the lawn to be perfectly manicured. I want the siding to be nice cedar shingles, I want it to look perfect.

Because people rate your house on the basis of whether or not its nicer than their house at home. If its nicer, they give you 5 star reviews and that helps your listing SEO, if its less nice than their house they give you 4 stars and that hurts your listing.

So if I lived in this neighborhood, I would want to live next to a vacation rental. It is a higher class of occupant. Instead of working class tenants that can afford 1000 a month, you get professionals that can put 1000 on a credit card 4 months ahead of time for their kids graduation weekend.

So its a form of gentrification. But its also a service to the community. In the spring, summer and fall months where demand is high I am doing short term vacation rentals. But in the winter months I am opening up a fully furnished place to people who may be between houses.

The working class renters have plenty of options in the less desirable, more inland parts of town. And those options will stay because the only reason I can get decent occupancy rates are because the house is waterfront and in a tourist area.

And at the end of the day this is my house! I want to be able to do what I want to do with it, and I like having short term guests. I like meeting all of these people. Its like international travel without having to go anywhere.

So I raise my middle finger to Cuomo and his lackeys, I support homeowners rights. The battle cry is My House! My House!

Punish people for bad behavior, not for uses you don't like. And maybe in a city where everyone is packed in like tuna in a can its impossible but one size fits all law is unjust.

There are plenty of communities in upstate new york where vacation rentals are completely appropriate. My cousin does cleaning and management for vacation rentals in upstate NY, and Cuomo just fucked her, a working class person running her own business in an economically depressed region.

So Fuck you Cuomo, fuck you.

31
joering2 7 hours ago 0 replies      
> This is an issue that was given careful, deliberate consideration, but ultimately these activities are already expressly prohibited by law

So basically the city/state failed to respond to AirBnB illegal activities in short period of time hence letting them thrive and built a multi-billion dollar business.

Would that be a key to successful startup? Same thing happened with Uber. So is there any other branch of industry one can try to disturb that would violate local/state laws but such violation would take decent amount of time to stop you in reasonable time before you are "worth" billions? (okay, other than selling drugs which most of us and Ulbritch know will put you in jail for a long time).

> In typical fashion, Albany back-room dealing rewarded a special interest the price-gouging hotel industry

Wow, that's pretty strong allegations. Does he have any proof of such illegal activity? If so, did AirBnB did anything to report it? In all seriousness, I frankly doubt there is such a big monopoly so that its impossible to open your own hotel and compete price-wise with others.

> and ignored the voices of tens of thousands of New YorkersOkay well I can find millions or criminals locked in jails saying it should be fine to kill people - is that a good enough reasoning?

They also claim Cuomo action infringe on 4th amendment. Can someone stretch it hard enough for me to actually see it Peter's way??

32
EGreg 6 hours ago 0 replies      
Wait a sec, can homeowners still rent out their primary residence when they are away?

I thought the law only prohibited hotel-like stuff.

33
wyager 6 hours ago 0 replies      
Airbnb is great because it allows people to circumvent stupid, expensive, and counterproductive government regulation on hotelling. Airbnbing is vastly superior to traditional hotelling per dollar spent.

This is what people are talking about when they refer to "common sense" regulation or regulation to "protect consumers"; they mean taking economic and social autonomy away from people. Even if a given bill doesn't cost much when amortized over tens of millions of people, they cost a lot to society as a whole, and they start to add up. I don't care what your political theory about regulation is; it is extremely apparent from comparing Airbnbs to hotels that, at least in this area, regulations have made society worse, not better. I hope Airbnb beats this.

34
transfire 6 hours ago 0 replies      
I hear they'll make an exception for veterans. You have to house soldiers. Says so right in the constitution. ;)
35
rednerrus 5 hours ago 1 reply      
How many posters in this thread work, in some capacity, for the hotel lobby?
36
sonar_un 7 hours ago 8 replies      
So if I have to stay in NYC for 3 weeks, I am screwed.

Thanks Cuomo, you just made me have to cough up double the price for a shitty hotel.

37
james_niro 6 hours ago 0 replies      
I love how liberals wants to control everything in your life. Soon they will decided who should stay alive and who should die wait that is Obamacare
38
YuriNiyazov 7 hours ago 5 replies      
I regularly go to NYC for a month with my partner and son so that the grandparents can interact with their grandson. I always AirBnB a place near the residential neighborhood that my parents live in.

Because we have a young child, we prefer our own apartment, rather than staying with the grandparents, nor would the three of us be able to stay in "someone's spare room".

This new bill is absolutely terrible for us, because it limits us to staying in expensive hotels, for a month!

EDIT: There's no mention of 30+ days limit anywhere in the article as far I can tell.

39
djyaz1200 7 hours ago 1 reply      
I am disgusted but not surprised. When I was commuting back and forth between SFO and PDX I had apartments in both cities. I was able to dramatically offset my costs by Airbnb'ing the apartment I wasn't in at any given time... this helped me launch my business and I'm so thankful for that! The first time this worked out it was an obvious win/win for me and the renter. Right after being excited my next thought was... "wow this really let's the little guy do a little better"... I'm sure this won't last...
18
The Neural Network Zoo asimovinstitute.org
334 points by hgarg  1 day ago   37 comments top 2
1
cs702 1 day ago 7 replies      
Good job.

Alas, the proliferation of different kinds of neural net architectures that work, over the past few years, is a sign that we lack a decent unifying theoretical framework that can explain, from fundamental principles, what works, what doesn't, and why. We're not there yet.

2
gugagore 1 day ago 0 replies      
The explanation about MC is too wrong to be useful. What on earth do the "nodes" (states) in a Markov chain have to do with the "nodes" (neurons) of a neural network?
19
I went to Nigeria to meet a man who scammed me bbc.com
299 points by CapitalistCartr  1 day ago   243 comments top 33
1
michael_h 1 day ago 16 replies      
My mother in law is currently $150,000+ deep on a Facebook romance scam. I believe she's about to send him another $200k or so when her house is sold. Instead of living out her retirement in relative comfort, she will be scraping by on social security. Adult services can't help, because moonshot-level stupidity is not a mental disorder. She can't live with us, as she can no longer be trusted. She can't live on her own, as she obviously doesn't understand how fixed income works. It's a very strange situation to be in, having a parent desperately trying to abandon you as an adult, basically dying without being dead.

I don't know how these people justify it to themselves. They have taken 100% of her money, plus a unknown amount of debt (I've found $100k in loans so far). My mother-in-law is not 'going to be okay'. To be honest, once she figures out that there isn't $3.5MM in the Bank of Israel, she's probably going to look for the quick exit.

At the moment, I'm afraid I'm unable to muster the empathy necessary to understand how you could even begin to help the scammer.

2
UnfalseDesign 1 day ago 5 replies      
There seems to be a lot of commenters here saying Johnny is playing the long con. Whereas I dont entirely disagree, I think they are missing the point of the story. The point is not just that Johnnys life improved from below average to average. The other point is that Marias life improved from average to above average. At an age where many Americans are retiring and spending their days trying to stay busy, Maria is traveling to Africa and working with aspiring artists. Maria took what could have been a financially crippling event and used it to launch herself into a new endeavor. Shes taking her passion for art and helping others pursue a similar passion in a climate where they may not normally have that luxury.

Regardless of whether Johnny is still conning her, Marias life is now better because of it. She took a situation that would normally make a person critical and suspect of others and decided to learn from it and become a better person. My take away from this story is that bad things will happen to me. Some will be my fault and some wont. However, how I react to it will make all the difference. Sometimes it is better to light a candle than to simply curse the darkness.

3
shasheene 1 day ago 1 reply      
> With her assistance, he left Nigeria shortly afterwards, to study in America.

> Although they have not met each other again since, she continued to provide him with financial assistance until he completed his degree a few years ago and got a job in the American oil sector.

Heh, maybe the 419 scam is continuing! The long con! :P

4
cpfohl 1 day ago 2 replies      
Surprised this wasn't mentioned, but it's worth noting that traveling to Nigeria to meet scammers rarely ends well for the traveler. It's not safe. It sounds like she had a unique situation with an apparently repentant scammer, but these people are criminals, and they've already demonstrated their lack of respect for you.
5
healer 1 day ago 0 replies      
I'm a Nigerian, living in Lagos Nigeria.

Internet scams are a big problem both within and outside the country. Part of the problem is that local law enforcement agents do not have the manpower and technical know-how to tackle the problem.

I'm deeply sorry for those of you whose loved ones have lost money to these scammers.

I'll be hanging around to answer any questions that may be of help.

6
joewee 1 day ago 3 replies      
Nigeria is #1 / #2 wealthiest country in Africa (GDP). It ranks amoung the highest in terms of advanced degree graduates in Africa. But it has a extremely low Human Development Index, there isn't much opportunity for the educated. Nigerians outside of Nigeria will generally be better educated than the local workforce but unable find work for various reasons. Common issue in Europe, where many 419 scams actually operate from.

This is a case of smart people taking advantage of the less intelligent / informed.

7
axonic 1 day ago 1 reply      
With a little humanity, it all worked out ok. Didn't see that coming, but awesome. Now this guy can be an unemployed American graduate lol.

I worked with a talented Nigerian radiologic technologist who abruptly left and went home to sell tires and car parts because he couldn't handle people being so cruel all the time (West Texas). I hope this guy has a better go of it than he did.

8
losteverything 1 day ago 0 replies      
I have had people come to the counter and ask to send money to Nigeria and other places. I have to make sure everyone at that money desk knows about fraud.

Never wire money to someone you don't know. Never. [0]

Have you won a prize?Once you deposit the moeny, will they send you more money?Was it a tax refund?Is there a serious medical situation you are helping with?

[0] http://corporate.moneygram.com/compliance/fraud-prevention/c...

All too often the people coming in to wire money know the fraud detection questions.. and say our answers in advance.. "Yes, I met them," for example. Plus, these are regular customers that buy and return other items.. they are friends by work-customer-association.

They know the workers who refuse their transfer..

They know the system that requires suspected fraud and how we have to report it..

They still don't know how to spell the persons name, so they take out their rabbit eared email out of their purse next to their cane and read each letter out loud..

"I think this is a scam," I say.

"Can I talk to a manager, please. Now"

"I am a manager. I will not proceed with this transaction. "

In the end if someone wants to send money to someone they don't know they will find a way...

9
n72 1 day ago 1 reply      
My father's lost (from my estimates) about $350K from a christianmingle.com scam. It's wrecked his life, both financially. He went from living in a very nice apartment in a very nice part of Munich to living in a crappy place close to the slums of Calais. I'm estranged from him, so I haven't been able to talk him out of anything, but I doubt I could have anyway. My brother's snooped on his email and IMs for the last few years. These guys are really, really good at what they do.

I wonder at what point the services which let this happen become at least in part responsible. I contacted christianmingle.com and never got any response.

10
curiousdater 1 day ago 2 replies      
Online dating can be rough if your brand new and a tech luddite.

A friend of mine just went on a POF date. Before they met up he asked if she was a prostitute because he ended up meeting a few of those who posed as sincere dates.

One thing that ticks me off especially Match.com and I can't believe I fell for it .. is that when your subscription expires they suddenly say this average to above average looking chick(ones i aim for) is interested in you. Their profiles are hard to distinguish if they are legit or not. Usually the fake ones are hot have a few pics do not say much and they are looking for a guy from 20 to 70. Also, the real fake ones ask you to send a message to their gmail. OVerall not sure how the crap Match pulls is consider legal!

11
ahmetkun 1 day ago 1 reply      
reminded me of a family guy episode where Carter Pewterschmidt gets scammed by Nigerians and flies to Nigeria to get his money back and eventually decides to donate the money as he sees the people there really need it, or something like that.
12
sickbeard 1 day ago 1 reply      
How does this help? It will just lure people into thinking scamming is a way to lead you to america
13
flerchin 1 day ago 3 replies      
Sounds like the Long Con became the Longer Con.
14
vlodiag 1 day ago 1 reply      
Basically if anyone you don't know in real life asks you money this is a huge red flag. Like red flag of all red flags. People should condition themselves that once they reach their pockets for money then something is wrong, stop immediately and reevaluate. I understand that scammers sometimes are very good and you don't need to paranoid towards people, but once real money is involved your guard must go up!
15
whack 1 day ago 5 replies      
One thing I never quite understood. These "Nigerian prince" scams can originate from any developing nation where the exchange rate makes for very lucrative prospects. Ie, Chile, Egypt, Romania, Kazakhstan, China, India, Thailand, etc etc. Why do a disproportionate number of these scams seem to originate from Nigeria?
16
FussyZeus 1 day ago 1 reply      
Can anyone explain to me why these types of scams seem to always originate in Nigeria? Is there something particularly lax about their penal code regarding fraud or what?
17
intrasight 1 day ago 0 replies      
Who here cannot say that no aspect of their own lives is not a "long con"? Not I.
18
Pica_soO 1 day ago 0 replies      
I wish we could get those texts, we could train NN on keeping the scammers busy.
19
Kiro 1 day ago 0 replies      
That was great and unexpected.
20
rahelzer 1 day ago 0 replies      
Not a good idea. Its about 100x worse than tracking down your stolen iphone using GPS to find the guy who stole it from you and demanding it bck. Do not do this. Its not worth your life.
21
hiteshaasnani 1 day ago 0 replies      
Such online scammers were recently busted in India also
22
denysonique 1 day ago 3 replies      
Reminder that most advance-fee scams do not originate from Nigeria. Such articles like this one stereotype Nigeria in a falsely negative manner.

>While Nigeria is most often the nation referred to in these scams, they may originate in other nations as well.For example, in 2006, 61% of Internet criminals were traced to locations in the United States, while 16% were traced to the United Kingdom and 6% to locations in Nigeria.[15]

23
tsylba 1 day ago 1 reply      
Somedays, A.I. could scam for us.
24
OoTheNigerian 1 day ago 0 replies      
It's practically impossible for any positive tech stories to stay on the front page of Hackenews. Be it our tech companies making or raising a lot of dough and/or having impact.

HOWEVER, when it comes to stereotypes and cliche negative stories, we usually have our day at number 1

I wonder why ;)

25
hirzel 1 day ago 0 replies      
This should be a movie. The screen play writes itself!
26
eng_monkey 1 day ago 0 replies      
> She became consumed with what she describes as "a profound need to make a difference to the people of Nigeria".

Delusions of grandeur? She should move to SV.

27
donquichotte 1 day ago 1 reply      
"Johnny: "You talk in parables. I cant wait to see you""I would never write back to somebody who uses the Idiot's Apostrophe.
28
happy-go-lucky 1 day ago 0 replies      
Most of you, including the OP and the antagonist in the story, have gone far from reality. It's all about cheat-or-get-cheated. Habitual exploitation!
29
MichaelBurge 1 day ago 1 reply      
Some people trick the scammers into traveling places, or losing money. They've managed to get them stranded for months in war-torn countries, to sell their cars for airline tickets, and gotten them thrown in prison in foreign countries for immigration violations.

I have some family who was tricked by a scammer doing "Microsoft support" once, but we convinced her it was a scammer in time for the police to trace the call. So now he's in prison.

30
mrcactu5 1 day ago 1 reply      
does anyone actually fall for these?
31
amelius 1 day ago 3 replies      
Reminds me of [1], where a scammer was scammed into sending a photo with a fish on his head.

[1] http://www.419eater.com/html/tope.htm

32
meira 1 day ago 0 replies      
BBC?
33
VertexRed 1 day ago 1 reply      
20
Fixing Python Performance with Rust sentry.io
325 points by ngoldbaum  2 days ago   101 comments top 15
1
lqdc13 1 day ago 3 replies      
I'm using Nim's Pymod https://github.com/jboy/nim-pymod for this exact purpose and I think it's much better suited.

The reason is that it can automatically generate C API code without FFI, because FFI calls are slower (https://gist.github.com/brentp/7e173302952b210aeaf3) so there is less overhead. You obviously care about overhead here.

Nim's pymod is already a python module and you can send strings and numpy arrays to Nim for fast processing.

I wish you could send bytes from python3, but that's not implemented yet.

2
jlarocco 2 days ago 2 replies      
A neat case study, but "Embedding Rust in Python" is a poor way to phrase it.

If I'm reading it correctly they're just using CFFI to load and call a shared library - it's really not embedding anything. The fact that the library was written in Rust is interesting, but as far as Python is concerned it could easily have been written in any language that can create a shared library.

3
dekhna 1 day ago 1 reply      
Not a fan of the title, you aren't fixing python performance with rust, you are avoiding python performance with it
4
bmh100 2 days ago 5 replies      
Small question: since this is improving performance on a given machine, isn't this actually an example of vertical scaling, as opposed to horizontal?
5
denfromufa 2 days ago 7 replies      
So why not Cython like PayPal?
6
jondot 1 day ago 1 reply      
I did the same thing with Go and Ruby: http://blog.paracode.com/2015/08/28/ruby-and-go-sitting-in-a...

IMHO the end result is more maintainable, readable, and accessible from FFI point of view. Regarding the performance, so Go has a GC, but I'm wondering if that would affect things dramatically at all.

Here is the Ruby side FFI code: https://github.com/jondot/scatter/blob/master/lib/scatter.rb

And here's the "native" part:https://github.com/jondot/scatter/tree/master/ext

Every now and then I keep looking at Rust and how it can integrate with higher level languages, the last time I really wanted OpenCV to work well with Rust. I think that's a big selling point. So far, to me, it's not perfect yet but it may get there.

From a pragmatic point of view, I imagine Sentry getting more bang for a buck with Go as there would be less wheels to invent from an ecosystem POV, and from a maintenance POV it would be closer to Python. But that wouldn't advance any of the Rust ecosystem at all, and we do need that as a collective.

7
giancarlostoro 2 days ago 2 replies      
Shouldn't it be said improving Python performance? Is this a bugfix of Python that can't be 'fixed' in the initial software? Maybe I'm just reading it oddly.

Sidenote: I wonder how improving Python performance with D fares considering it links up to C pretty nicely.

8
dikaiosune 2 days ago 2 replies      
Super cool!

Is there a reason the Rust-exported functions aren't marked with `extern "C"`?

9
forgottenpass 1 day ago 1 reply      
Things wrong with the title:

- It is not fixing python's performance.

- The performance improvement has very little to do with the choice of Rust.

10
ksec 1 day ago 1 reply      
I remember Skylight.io did something similar with Ruby.

Edit: http://blog.skylight.io/introducing-helix/

11
jgalt212 7 hours ago 0 replies      
How about this:

Why not just deserialize all the source maps ahead of time and just store/retrieve them as msgpack objects?

Per this python serialization speed comparison, msgpack is ~ 10X faster than json. So you get the same speed up, but no Rust.

https://gist.github.com/cactus/4073643

12
jgalt212 8 hours ago 0 replies      
Stupid Question:

Why not just deserialize all the source maps ahead of time and just store/retrieve them via cPickle? Wouldn't that get you almost the same results without having to learn and support a second language (Rust, in this case)?

[Edit]

cPickle is slower than JSON, but browsing the interwebs it seems that marshal can be 2X faster than JSON and 4X faster than cPickle.

13
tempodox 1 day ago 0 replies      
A good write-up and a great case for Rust.
14
silur 1 day ago 0 replies      
"oh my god, using native code is faster than interpreting, such exciting and revolutionary news"
15
obviouslee 2 days ago 3 replies      
To summarize: instead of improving Python's maps to consume less memory they've embedded an entirely different language, Rust, into Python to solve a particular problem.

Doesn't make Python look good.

21
Italys rarest pasta bbc.com
276 points by hwayern  1 day ago   135 comments top 22
1
ff_ 1 day ago 5 replies      
As a Sardinian this is the first time ever I hear of this pasta, and I'm truly shocked of how it's made, it really sounds like lots of work.

Now I'm super curious about it, but the preparation in sheep broth and pecorino is one of the best combinations to have with pasta IMHO, very promising.

Btw if you've never been to Sardinia make sure you visit at least once in life, you won't regret it :)

2
beat 1 day ago 1 reply      
This makes me think strongly of Matthew B. Crawford's books ("The World Beyond Your Head", "Shop Class as Soulcraft"). He focuses directly on difficult techniques like this, things that require both intellectual focus and physical technique to master - craftsmanship. He believes that this is the finest work we can do. Pure intellectual abstraction doesn't exercise our minds fully, we need to engage with the physical world and its complexities as well.

Think about it - this is so incredibly sensitive to the exact consistency of the pasta dough, it must change by temperature, humidity, time of day, barometric pressure... to make it work, she just has to feel the pasta, to know pasta in a way that can only be done with years of manual effort.

That's why they can't build a machine to do it. They can't control the conditions well enough.

3
gakada 1 day ago 5 replies      
Blocked in the UK. Can someone help us read our own website?

Edit: why is this at -3? You guys are assholes.

4
chewxy 1 day ago 3 replies      
have they tried getting chinese la mien chefs to duplicate her work?

Also relevant: https://www.researchgate.net/publication/299605105_The_Compu...

5
davidw 1 day ago 4 replies      
If you've never had handmade pasta in Italy, you're missing out.

My mother in law makes ravioli by hand for special occasions:

* She mixes the flour, water and salt* That is then spread out into sheets with the help of a hand-cranked machine.* She then uses a cutting roller to cut those into the right shapes.* Then the filling (mix of greens) goes into each one by hand and it's closed up.* They get cooked.* At the end they get a healthy bunch of rag (bolognese meat sauce, if you must) on them.

I feel guilty eating them, because it takes hours and hours to do all that, and then it's gone in a few minutes it seems like.

6
znpy 1 day ago 3 replies      
What I am about to say is no solution, but: I can't quite understand why don't people don't begin by trying and make a basic YouTube video about this subject.

Don't want the tradition to fade? Spread it as much as possible.

7
rjdevereux 1 day ago 1 reply      
8
gotofritz 1 day ago 0 replies      
A lot of embellishments in the article.

The pasta can be found at the San Francesco di Lula festival, which can be comfortably reached by car. Only a few pilgrims may do it on foot, some barefoot, as a form of devotion, but these days it's increasingly rarer

9
maxpolun 1 day ago 0 replies      
Sounds like a similar process to hand-pulled cotton candy, just with pasta instead of sugar.

here's how to make that:https://www.youtube.com/watch?v=auRNHI2nkIU

10
gondo 1 day ago 0 replies      
The name of the pasta in the article is: Su Filindeu
11
namaemuta 1 day ago 2 replies      
Do you think the process could be automatized? from my naive perspective, that doesn't seem a tremendously difficult task.
12
kolokolo 1 day ago 2 replies      
And all I can think of is stupid greentext about Pepe.
13
FireBeyond 1 day ago 2 replies      
[deleted] I'm guilty of only reading half the article.
14
microcolonel 1 day ago 1 reply      
>Last year, a team of engineers from Barilla pasta came to see if they could reproduce her technique with a machine. They couldnt.

You can tell that Eliot is a pessimist; because if they couldn't design a mechanism to make this pasta on the first visit, it must be impossible!

Admittedly though, it does seem like a lot of work.

15
emodendroket 1 day ago 0 replies      
Bit out of the way for me in Massachusetts but looks delicious.
16
scythe 1 day ago 2 replies      
If I wanted to replicate this, I'd try to get a machine to make the strands and then lay them by hand. Laying pasta that thin in an accurate way with a robotic arm requires amazing computer vision and such, but pulling dough in exactly this certain way is machineworthy.
17
longwave 1 day ago 1 reply      
18
longwave 1 day ago 0 replies      
As this is a link to the BBC, I thought this might be talking about the spaghetti tree incident of 1957: https://en.wikipedia.org/wiki/Spaghetti-tree_hoax
19
antouank 1 day ago 1 reply      
Didn't know there are BBC pages that you cannot see in the UK! http://i.imgur.com/rUaBZPy.jpg
20
ChoHag 1 day ago 0 replies      
http://pastebin.com/AZ2kda1e

Because the BBC can kiss my arse if it thinks anything it produces isn't mine.

21
andy_ppp 1 day ago 2 replies      
I find it reprehensible that the article is blocked to UK users. BBC worldwide wouldn't exist without license fee payers, yet they feel like they can block content from us.
22
sua_3000 1 day ago 3 replies      
why is this in HN
22
Radar A new set of integrated tools to help prevent fraud stripe.com
289 points by sinak  2 days ago   112 comments top 23
1
compumike 2 days ago 3 replies      
Just checked our Stripe dashboard and it looks like this has quietly been doing good work for us for many months now blocking suspicious charges. It took me a few clicks to find https://dashboard.stripe.com/search/rules?rule_token=block_i... and after going through a few of them, the per-charge risk factor descriptions are really helpful too. The high-risk reasons are messages like: "This card has been used from an unusually large number of IP addresses across the Stripe network over the last 24 hours." and "This email has been linked to an unusually large number of cards across the Stripe network over the last hour."

Thanks to Stripe for making it not-a-black-box! I hope others who build machine learning systems also find a way to make its decisions understandable by humans (when possible).

2
bflesch 2 days ago 4 replies      
I like the rotating 3D model in the landing page very much. Are they using some sort of pre-baked library which lets you create such an visualization with 30 lines of Javascript, or is it 100% custom? Maybe someone can point me to a good resource for such elegant WebGL renderings.
3
rwmurrayVT 2 days ago 3 replies      
I think the "golden age" of online fraud is coming to an end quickly. I've posted quite heavily on Stripe and fraud threads on HN previously if you want to read my comment history.

This is a big step for Stripe. I've often asked why they didn't have an integration with MaxMind or SiftScience already set up. They've been building their own behind-the-scenes the entire time! This feature is fantastic if you are a merchant and want to avoid fraud.

To me, the more interesting side of online credit card fraud is the merchant/payment processor side. Stripe has a cult-like following in the fraud world because it's known as the the easiest target. They make it so easy to sign up and process transactions compared to other services like Authorize.net/BrainTree/etc. They've shed this label recently, in part because the biggest forum thread discussing it was closed. The other reason was because it became so much more difficult. With this release, I think it's simply because they could identify accounts with high numbers of suspected fraudulent transactions. All the fraudsters were used to just signing up, running charges on their webstore with sock5, and waiting 2 days for bank transfers. Now Stripe can identify those transactions well in advance and assign each account a risk score. Previously, Stripe had to identify the account risk by sales volume, chargebacks, bank account provider, sign up IP, and every one's favourite privacy invader IESnare.

Fraudster's have one last shining hope against Stripe. Passing their card data to Stripe via API, instead of Stripe.JS/Checkout. Radar only works with Stripe.JS/Checkout. Setting up your own web server to pass card information prevents them from ever seeing any IP address except the web server. All you have to do to get them to be okay with this is to turn over a PCI self-compliance form. Rumour on the internet has it that there's a pre-built web application specifically for charging Stripe accounts via API.

I'm still looking for a job in fraud prevention friends at Stripe :D

4
joe-stanton 2 days ago 1 reply      
This looks good, and is sorely needed.

It seems one of Stripe's biggest risks is the impending PSD2/XS2A changes within the EU/UK. This means banks/merchants/retailers will ditch traditional card networks (and their fees) to instruct P2P payments directly. This probably opens up a host of very effective anti-fraud measures too (eg. 2FA with mobile devices).

I wonder how Stripe will react to this major change in the market?

For example: https://developer.americanexpress.com/products/accept-amex

5
Cyph0n 2 days ago 0 replies      
This is why Stripe is my favorite startup out of the so-called unicorns. They are really good at finding ways to make more money, while at the same time improving customer experience.
6
robotnoises 2 days ago 2 replies      
Stripe consistently produces some of the best-looking web design out there.
7
hisyam 2 days ago 1 reply      
The webpage automatically loads a 206MB video http://imgur.com/a/Xyie6

That's insane.

8
Liron 2 days ago 0 replies      
> On its own, a bimodal distribution does not tell you that a model is good. (A vacuous model that randomly assigns probabilities of just 0.0 and 1.0 would also have a bimodal score distribution.) However, in the presence of evidence that transactions with a low score are not fraudulent and transactions with a high score are fraudulent, an increasingly bimodal distribution is a sign of improved efficacy for a model.

To do this more precisely, a scoring rule (https://wiki.lesswrong.com/wiki/Scoring_rule) gives a system credit for both (1) making accurate predictions and (2) being confident at the right times.

9
aantix 2 days ago 1 reply      
It's a bit unclear to me; these rules appear to be automated but then they show a rule builder interface?

How would I ever know if the rule I've built is too constraining, or too loose in accepting payments?

Payment is not exactly an area of my business that I want to do a lot of trial and error..

10
eps 2 days ago 2 replies      
Is there support for whitelisting transactions?

E.g. if we are executing a charge for a known-good customer, but using acompletely new card - we'd like to suppress all automated fraud checks and, ideally, indicate to the client's bank that this is a legit charge.

11
maratc 2 days ago 3 replies      
Most merchants don't want a rule engine, or rules. Most merchants want either a declined transaction (possibly with explanation -- possibly), or an accepted one with a guarantee against chargebacks.

If Stripe is sure that their models work, they should offload the chargebacks from the merchants.

A friend of mine worked for a startup that did exactly that. They were sold to an online payments behemoth in about 2009.

12
dorianm 2 days ago 0 replies      
The video (from Teespring) is 206M, easily explains why it's so slow to load.

(Congrats, we were using a separate fraud detection company that was quite intrusive and this seems much better)

13
brightball 2 days ago 0 replies      
I love having this built in, but if you're NOT using Stripe and you want similar protections I'd strongly urge you to check out MaxMind's minFraud.

https://www.maxmind.com/en/minfraud-services

14
Silhouette 2 days ago 4 replies      
This looks very promising. Stripe seems to have sometimes let surprising payments through up to now, even with all the card details security checks they provided activated, and they've never supported 3-D Secure. They've also suffered from surprisingly high rates of unexpected declined charges in our experience. Hopefully if they're now rolling out more comprehensive fraud protection, that will go some way to addressing all of those concerns, so best of luck to them with this new development.

Edit: It appears there's a small per-transaction charge for their enterprise customers on custom plans but it's now included for free with the standard pricing. Can anyone confirm this?

15
patmcguire 2 days ago 7 replies      
I work at a company with a fairly large number of transactions and we don't really have a problem with fraud. I don't know anyone else who's really battled it either. Is it much more prevalent for certain industries and products?
16
mgkimsal 2 days ago 1 reply      
Doesn't seem to be a way to use this without using stripe. Would be handier to send them info, have them give a pass/fail or score, and return that info. And charge for the service, vs having to migrate to them.

Thanks to uladzislau - wasn't aware of SiftScience - will have to check them out...

17
rtcoms 2 days ago 0 replies      
I hope stripe open source some of their UI related stuff.
18
jamies888888 1 day ago 0 replies      
Cool feature. Stripe are pretty awesome at creating marketing pages for these things too. Although it's a shame they messed up the green HTTPS padlock on that page by serving mixed content. (The Teespring video on AWS S3 simply needs the protocol changing from http to https to rectify this.)
19
uladzislau 2 days ago 4 replies      
What is the advantage of this vs SiftScience or other tools?
20
_RPM 2 days ago 0 replies      
Stripe is really the next Google with their innovative technology. They really are solving hard Computer Science problems.
21
ctdean 2 days ago 0 replies      
Pretty neat. Anyone know how this compares to the WePay offering?
22
FabioFleitas 2 days ago 3 replies      
Always gotta hand it to Stripe to build a killer looking landing page
23
joshmn 2 days ago 1 reply      
Yeah, I still wouldn't trust it.

Nothing beats manual verification. People aren't sharing credit card numbers on public forums and mashing them against Stripe. People are paying for fulls, and grabbing a socks5 that's piped within a few miles of the address of the cardholder.

Never trust your processor to protect you against your (potential) customers. Stripe has very little incentive to do so. They'd rather you pay that fat $15 fee when you get hit with a chargeback. They really would.

I'm coming out with a book about Stripe (and a few other processors) and fraud. Trust me it will be good, and this is already a part of it.

Sincerely,

Someone who was once your enemy

PS my favorite part of this? Telling the carder how to defeat their algos:

* "This card has been used from an unusually large number of IP addresses across the Stripe network over the last 24 hours."

* "This email has been linked to an unusually large number of cards across the Stripe network over the last hour."

Thanks for not saying the card was declined. If you wouldn't mind, please hold while I switch socks and make a new email.

Sorry if this is crass, but whoever decided on telling the end-user why a card was declined... complete fucking idiot and should never work in fraud protection or payment processing again.

23
T-Mobile will pay a $48M fine for throttling unlimited data plans theverge.com
228 points by lobster_johnson  2 days ago   122 comments top 14
1
derekp7 2 days ago 4 replies      
Here's the thing, I would much rather have reasonable throttling with unlimited data, then either $10.00 per GB, or worse yet, multiple times that as an overage penalty. Especially with a family plan when the non-bill-payers on the plan don't understand overage fees.

So the way I understood it (at least under the plan that I signed up for before "binge-on" was added), T-Mobile would charge $20 (on top of the regular voice/text plan) for 'unlimited' data. Then, after something like 25GB, they would prioritize data from users that were under that limit if there was congestion. So to me that is entirely reasonable in light of the fact that radio waves have physical limits on how many people can consume high bandwidth at the same time.

Of course, it would be nice if they spelled out all of this in their advertising and product literature (and if this was still the case with their current plans).

2
SteveNuts 2 days ago 1 reply      
It's bullshit that they can offer consumers an option to buy accessories at a discount (which they probably still make a profit on) as a reparation for this.

I want direct monetary compensation.

3
drbawb 2 days ago 5 replies      
I'm a little saddened to see the direction T-Mobile is headed with their plans. When I switched to Project Fi last year my T-Mobile unlimited plan was $70/mo. That included actual HD video, and LTE tethering.

Now the equivalent plan (T-Mobile One+) is $90/mo, and that just gets you "unlimited HD day passes" which you have to remember to toggle every day if you want video that isn't 480p.

What's even scarier to me is that they're not alone. Sprint has opted for a nearly identical pricing structure w/ "Unlimited Freedom" and "Unlimited Freedom Premium." As an aside: the idea of "premium" freedom makes me giggle, I'd love to have a beer with the marketing exec that came up with that mouthful.

4
davesque 2 days ago 4 replies      
$48 million seems like a slap on the wrist. T-Mobile made $32 billion in revenue in 2015 and just posted $479 million in profit. I wish I could feel like these fines actually acted as a deterrent.
5
mc32 2 days ago 1 reply      
I feel the problem is that marketing terminology is ill-regulated, so companies can make "natural", "unlimited", "fresh", "home-made", "organic", "life-time", "guaranteed", "green", etc. mean whatever they want them to mean and allows enough cover that consumers assume it means one thing while to industry if means quite another or very narrow interpretation.
6
JoshTriplett 2 days ago 0 replies      
For anyone finding this ruling confusing as I initially did: this isn't about T-Mobile unlimited plans that slow down from LTE to EDGE speeds after a certain amount of data; that was well-advertised, and not apparently at issue. This is about a different, entirely unadvertised process by T-Mobile on unlimited plans of de-prioritizing traffic entirely after a certain point (~17GB), making it appear as though the network is simply more congested for the user after they've used a large amount of data.
7
syphilis2 2 days ago 1 reply      
What is the status on T-Mobile offering unlimited data usage from select sources (Binge On program)? I can stream as much (well, I guess up to 17Gb) data as I want so long as it's from their list of approved sources which allow throttling at 480 resolution. It feels absurd that this is how they operate, rather than just allowing unlimited data at say 3G speeds (rather than the throttled data rate which is at most 2G but in practice is unusable).

http://i2.cdn.turner.com/cnn/2009/images/10/28/net.neutralit...

8
bdavisx 2 days ago 3 replies      
It's great that the FCC does this for cell carriers, but they still are letting the data caps apply on home connections, which is going to do nothing except increase profits and decrease innovation.
9
jasonjayr 2 days ago 2 replies      
I ..... thought T-Mobile's policy was generally well known? Especially in the face of a few years ago, At&t hitting up folks for astronomical bills when iPhones were new, and folks were blasting past their data limits? I've had data with them since they were VoiceStream, and knew what each data plan offered.

Anyone who asked, I told them that T-Mobile's policy was WAY more consumer friendly than the other carriers, especially for someone who absolutely needs a data connection (and doesn't wander outside their relatively weak coverage)

What if the FCC mandated some kind of 'nutrition label' for ISP plans, that specified the technical points of their service offering? Spell out limits, min/max latency, best-effort/guaranteed, fair/shaped and what happens when limits are exceeded? Wouldn't be clearly in their realm of power to regulate how the these plans are marketed, rather than let the ISP's confuses folks with ambiguous language?

10
kyledrake 2 days ago 5 replies      
I see the word "unlimited" on a lot of hosting providers. Give me access to the dd command and we'll see how long that theory lasts.

I honestly find it, always and everywhere, to be deceptive marketing. There is no such thing as unlimited resources.

11
DigitalJack 2 days ago 1 reply      
When the government sues for stuff like that, where does the money go? I mean, it's a punishment to have to pay, sure, but why does the government get the money? Shouldn't the people being screwed be the ones getting that?
12
erikb 2 days ago 0 replies      
Instead of paying fines they should refund their customers for things like that.
13
StillBored 2 days ago 0 replies      
Which was known to people a couple years ago. Also for at least the last couple years their plans have actually said something to the effect "unlimited data, only the first X GBs at full LTE/4G data speeds". So if you didn't know this then you were probably living under a rock.

Of course, given that my wife is the one who has to deal with the kids watching neflix on her phone, when you hit the limit, the result is frequently the same as just getting cut off if you have to wait 30 seconds to load google.com or much worse for sites with a lot of content.

14
gingerlime 2 days ago 2 replies      
I'm still confused why the largest data plan in Germany is 5gb (with some options to top-up). And all data plans are bandwidth throttled after you use your quota. There's no unlimited options at all.
24
The McMansion Scale, Explained mcmansionhell.com
279 points by OrwellianChild  1 day ago   259 comments top 26
1
dietrichepp 1 day ago 5 replies      
This article is best juxtaposed with articles about image synthesis:

* Wave Function Collapse image generator https://github.com/mxgmn/WaveFunctionCollapse

* Image Synthesis from Yahoo's open_nsfw: https://open_nsfw.gitlab.io

* Generative Adversarial Text to Image Synthesis: https://arxiv.org/abs/1605.05396

Put another way, when I look at the McMansions at 10 on the scale, it looks to me like the kind of output you get when you just feed a bunch of pictures of houses into a neural network without feeding in any of the cultural or aesthetic context. Things like the large garages and roofs look like the efforts of constraint solvers working with inputs that are out of bounds.

In a sense, that is exactly what happened.

2
carsongross 1 day ago 17 replies      
I was recently struck by this house, offered by Sears in 1921:

https://oklahomahousesbymail.files.wordpress.com/2012/10/sea...

What's crazy is the price: $47,085.20 in todays dollars. This is with all finishing materials (including stained glass) & delivered (no cement or bricks).

It's an amazing house, and any old schlub could order it from good ol' Sears.

Something very bad happened in architecture around world war 2.

3
rayiner 15 hours ago 3 replies      
I love this article as social commentary. I grew up in McMansion hell--the DC suburbs. My parents live in a McMansion. The architectural critiques capture not only what I hate about these houses, but about the attitudes of many people here. They have a general air of being better than the rest of the country by virtue of education and an upper middle class income. They're intensely image conscious but don't have exposure to real wealth, so they buy and build houses with features like fake windows. They're bad with money: Median household income in Great Fall VA is about $200k, while the median house price is about $1 million. The owners of most of these McMansions are extremely leveraged.
4
bertiewhykovich 1 day ago 4 replies      
I'm not sold on this. Some of the criticisms levied seem valid, and there's /some/ sensibility to the scale -- but the whole thing smacks of a post-hoc attempt to define why McMansions are in poor taste in non-socioeconomic terms. It's sufficient to just say "McMansions are tremendously wasteful symptoms of American decadence" -- but that might be psychologically hard if you've spent years in architecture school learning how to design status symbols for the upper classes.
5
fuqted 20 hours ago 2 replies      
Thanks for sharing this blog.

She is funny, and this is putting words to feelings I've had. That said, what she constitutes as negative, 'McMansion' traits largely seem to be based on how she feels about the house as a whole.

http://www.mcmansionhell.com/post/149284377161/mansionvsmcma...

>Mansion vs McMansion

Immediately you'll notice the 'mansion' has a faux balcony, useless pillars and void throwup; all traits she claims to despise.

Scroll down to the example of a New Traditional house (which is a beautiful house) and it's clearly a house that, in her terms, has no concept of mass; it's all roof!

I get what she's saying, but still. She should at least be consistent with the individual traits she dislikes.

6
Animats 22 hours ago 2 replies      
There's a long history of this problem. Bletchley Park Manor House[1] meets most of the criteria listed for a 9th or 10th level McMansion. Three or more window styles. Turrets. Bad columns. Faux balcony. Patchwork masonry. Roofline soup. Oversized pediments. Oversized transoms. House is out of scale.

They avoided the two-story entrance. It's not big enough for one.

(I visited before it became a big-time museum, and had a guide who was more into the architecture than the cryptanalysis.)

[1] https://upload.wikimedia.org/wikipedia/commons/8/82/Bletchle...

7
bbarn 1 day ago 6 replies      
The hate for attached garages.. Doesn't the author realize how incredibly useful, and unsightly, they are at the same time? I have a rented garage a half block away in the city, and a basement full of all my random projects, that I would only dream of being able to stick in a garage next to my house.
8
zuminator 21 hours ago 2 replies      
Fun, but I'd find this information more useful if juxtaposed with an analysis of the livability and practicality of the various McMansion species. After all, a person spends a lot more time inhabiting the home as opposed to looking at it, so ultimately the inside is a lot more important than the outside. As a few people already noted, attached garages may be generally ugly but they're useful. Can one say the same about multistorey windows and entryways, lots of dormers, large columns, random multiple window styles, etc.? Do these things add aesthetic or practical value to the house for the people actually residing in them? Or are they mere eyecandy for tasteless consumers but in the end add nothing to the enjoyment of daily living.
9
pjc50 17 hours ago 3 replies      
As a Brit, I'm struck by the size of almost all of those houses; so much money deployed in the service of so little taste. Of course, we're not safe from it either in the UK, but usually on a smaller scale of cheap apartments and faux-Tudor suburbs.
10
Dowwie 17 hours ago 2 replies      
This is architectural trollery unleashed on the innocent masses, the kind of information that just makes homeowners feel bad about their property but does little to change things. The mcmansionshell crusade is analogous to developers publically complaining (trolling) about perfectly functional, stable source code that isn't as idiomatic as it could be. Unlike real property, source code is a hell of a lot easier and more likely to be improved when the criticism is compelling. Homeowners, on the other hand, won't upgrade. They literally have to just "live with it".
11
pkamb 1 day ago 2 replies      
I'd like to see a similar blog for the terrible "modern" homes currently being built.

Count the exterior materials! Cinder blocks, fake artisanal barnwood, neon-green door, neon-orange corrugated metal, exposed concrete, yellow windows, reclaimed shipping container...

12
martythemaniak 14 hours ago 1 reply      
Perhaps this is a good thread to ask: Does anyone have book recommendations about how and why houses are built? For example, this blog talks about siding (EIFS, vinyl, stucco), but I'd like to learn how these are made, relative costs, how they respond to different climates, how they're actually constructed etc. I'd like to learn about all different aspects of houses, for example, why are foundations just poured concrete, vs using stone? What are the advantages of brick vs stone, etc.
13
bkjelden 1 day ago 4 replies      
Any valid critiques the author may have are completely lost in the contempt and pretentiousness of her writing style.

Additionally, I am incredibly skeptical of her ability to judge the quality of a house's construction based on a single exterior photo.

14
ssharp 15 hours ago 2 replies      
A lot of this McMansion stuff has trickled down into smaller homes, in the 2000-3000 square foot range. I think the term is neo-eclectic. Multiple roof lines, no two windows looking the same, lacking symmetry, front-facing three car garages, three or four different types of materials on the outside (siding, shake shingle, brick, etc.). These houses also suffer the same fate as many McMansions, where the house takes up a massive amount of the lot and you get houses stacked on top of each other with very small backyards[1].

Almost all of the new houses I see being built are using this style. I'm looking into building a house and in my area and it's impossible to find a builder advertising their plans online who don't use this style. So if you want to deviate from this style of house, you have to start working with an architect to draw something up or try and find your own house plans. I'm not saying this is a terrible burden, just that it's hard to get something more traditional "off the shelf", so to speak, and many people building a house don't want to go through that much of a process.

I'm looking to build my house a rural lot in the 5-10 acre range, so fitting into neighborhood aesthetics isn't that crucial to me, but many places people build, it's going to look ridiculous to place a traditional cape cod amongst all the neo-eclectic stuff.

[1] Small backyards and closely built houses work well in city neighborhoods but seem to be in conflict with why many people move to the suburbs -- to have more space. I'm not sure the desire to live in such compact lots. Certainly the developers like the small lots because they can squeeze more houses onto the acres their developing on. However, I'm probably an exception because people build these types houses on these types of lots in troves.

15
ars 1 day ago 4 replies      
Interestingly the higher the number the more I like the house.

The low number ones are boring and plain. The high number ones are interesting to live in.

16
omegote 21 hours ago 5 replies      
As an european who has never visited the US, I'm totally unfamiliar with this kind of buildings, other than seeing them in TV Shows like Family Matters or Full House. Also, almost every single american woodworking YouTube channel is recorded in a garage of one this kind of houses. I find them huge, yet their popularity makes me think they're pretty common, maybe even affordable?
17
kzahel 20 hours ago 0 replies      
There is a great podcast released a few days ago by 99% invisible interviewing the creator of the site: http://99percentinvisible.org/episode/mcmansion-hell-devil-d...
18
jessaustin 5 hours ago 0 replies      
I'm not surprised to see the higher end of the scale feature lots of oversized eave returns. I am surprised TFA doesn't mention this everyday horror of ostentatious suburban living. A classical eave return is only appropriate when of classical dimensions.
19
owenversteeg 13 hours ago 0 replies      
The author rightfully hates on pre-lawsuit EIFS, but I know it's improved quite a bit.

Does anyone know how good EIFS is these days? As far as a quick Google tells me, post-lawsuit EIFS is a magical building material from the gods that can quite literally withstand hurricanes and missiles [0] but I imagine reality is a bit more nuanced than that.

[0] http://www.architectmagazine.com/technology/products/revisit...

20
jessaustin 10 hours ago 0 replies      
Incidentally, I find TFA to exemplify a "McWebsite". The interesting primary content is totally dominated by the massive "More You Might Like" footer with four more entire McMansion articles sandwiched in together, including all original images and graphics. Meanwhile Chrome is pegging at 500k for this one page. Lose the four-car garage please!
22
hogrammer 1 day ago 1 reply      
23
hueving 1 day ago 2 replies      
Reminds me of Yelp reviews that slam a restaurant for its decor and don't mention the quality of the food.
24
mschaef 15 hours ago 0 replies      
Every time this site come up on yc, I I always have the same impression... I like what the guy is trying to do to improve architecture, but it just seems so mean spirited in execution.
25
flukus 1 day ago 1 reply      
So tiny houses and large mansions are the same on this scale? What does the author think mansion means?
26
tomcam 1 day ago 1 reply      
It's really bad when people idiotically think they should be able to put the house they want on their own property. What a bunch of tools.
25
Wait continues for European Schiaparelli Mars lander bbc.co.uk
210 points by warrenmiller  2 days ago   89 comments top 27
1
david-given 2 days ago 2 replies      
My understanding is that there are three spacecraft involved:

Schiaparelli, the lander; really just a technology demonstrator. The signal was lost at about landing. It was always intended to go into low power mode after landing to wake up later, so it's possible that the signal just didn't make it all the way to Earth, but it may also have crashed.

The ExoMars orbiter, the Trace Gas Orbiter, which carried Schiaparelli to Mars; it's just braked into orbit but has gone behind Mars and is uncontactable, but at last report everything was fine. It has (hopefully) recorded Schiaparelli's telemetry for downlinking to Earth later.

Mars Express, an existing probe in orbit around Mars; it has also been recording Schiaparelli's telemetry; it can't decode the packets, but it can be used for doppler analysis.

Right now Mars Express is downloading its data. They say it'll take about 10 minutes. I don't know whether that data will be enough to say whether Schiaparelli landed safely or not. I do know that it'll be a while until all the data from both orbiters is downloaded and analysed, and by then Schiaparelli may have woken up and called home (I don't have the schedule to hand), so it's not a writeoff yet.

Edit for clarification: Turns out that TGO was actually doing its engine burn while out of contact from Earth (very small engine burning for a very long time), so when it comes out from behind Mars we'll know whether it made it into orbit or not. I should have actually guessed that from playing KSP.

2
kevinbowman 2 days ago 1 reply      
https://twitter.com/esaoperations/status/788779693700968448

"#MarsExpress recording of @ESA_EDM descent is now processed and is being analysed by experts at #ESOC #ExoMars"

...then...

https://twitter.com/esaoperations/status/788780512089432064

"ACQUISITION OF ORBITER SIGNAL! #ESOC hears @ESA_TGO's signal loud & clear after it emerges from behind #Mars #ExoMars"

Also a photo of some very happy space people.

Edit: another tweet saying they'll need around 2 hours of data to confirm that they've reached orbit, confirmation at 20:30 CEST (https://twitter.com/esaoperations/status/788781863687036928). Space is somewhat of an emotional rollercoaster.

3
netinstructions 2 days ago 1 reply      
While you're all waiting for a signal from the lander you may be interested in the aerothermodynamics testing of the the module at a ballistic range - http://i.imgur.com/Xs6NdMC.gifv

Some more reading can be found at ESA's website http://exploration.esa.int/mars/49139-aerothermodynamic-test...

EDL (Entry Descent and Landing) on Mars is such a tricky thing because it has a thin enough atmosphere parachutes don't work well, but enough atmosphere that you have to take it into account when controlling/designing the landing module (hence Schiaparelli's complex aerothermodynamics testing).

This is also why NASA's Curiosity rover had such a complex "sky crane" system and why NASA is willing to provide SpaceX communications support in exchange for the EDL data of SpaceX's landing module (the Red Dragon mission).

5
trothamel 2 days ago 0 replies      
Unfortunately, this reminds me a bit of the wait for the Mars Polar Lander, which crashed on mars in 1999. If the initial communication fails, we have to start hoping for automatic recovery from progressively more and more unlikely failures.

For example, if the initial communication at the end of the landing fails, you hope that it's just the direct-to-Earth antenna. But since it doesn't look like Mars Express could confirm the landing, we have to hope that something prevented it from contacting that - a bad angle or something. Well, perhaps another orbiter will pick it up, or a watchdog timer will time out and fix the problem (for example, by switching to another radio, if they have one).

There's no point in the flight controllers giving up hope, for the few days the batteries would last. But at the same time, the list of things that could cause the failure without destroying the lander totally grows smaller.

(That being said, we now have orbiters that should be able to image the landing site, which could help diagnose the problem more quickly.)

6
jessriedel 2 days ago 0 replies      
Most up to date info is here:

https://twitter.com/esaoperations

7
wlesieutre 2 days ago 0 replies      
Summary for the day posted on ESA's website. The highlights:

> The Trace Gas Orbiter (TGO) of ESAs ExoMars 2016 has successfully performed the long 139-minute burn required to be captured by Mars and entered an elliptical orbit around the Red Planet, while contact has not yet been confirmed with the missions test lander from the surface.

> Media briefing tomorrow at 10:00 CEST for more information. The briefing will be streamed online.

http://www.esa.int/Our_Activities/Space_Science/ExoMars/ExoM...

8
yellowapple 2 days ago 4 replies      
The map makes it look like it was supposed to land right on top of Opportunity. Seeing as how Opportunity is (last I checked) still operational, would it be possible to send it out to investigate what might've happened if Schiaparelli did indeed fail?
9
andreapaiola 2 days ago 0 replies      
18:53 CEST: The ExoMars/TGO spacecraft completed its critical orbit-insertion manoeuvre at Mars today and its signals were received by ground stations at 18:34 CEST, just as expected. The timely re-acquisition indicates the engine burn went as planned, and mission controllers are waiting for a detailed assessment from the flight dynamics specialists at ESOC to confirm it.

Teams monitoring the Schiaparelli lander continue waiting for indication of the landers progress. Engineers are waiting for the next signal receipt slot, which will be provided by NASAs Mars Reconnaissance Orbiter, which will overfly the Schiaparelli landing site between about 18:49 and 19:03 CEST, and downlink any received signals at around 20:00 CEST.

10
russdill 1 day ago 2 replies      
Briefing in approx 30 minutes:

http://livestream.com/ESA/marsarrival

A press conference is scheduled for 20 October at 08:00 GMT / 10:00 CEST, when a mission status update is expected, along with the first images from the Schiaparelli descent camera. This will also be streamed live via the player above.

11
bd 2 days ago 1 reply      
Schiaparelli lander status update from ESA TV live stream (20:35 CEST):

- already two sources confirmed losing signal during landing sequence (GMRT radio telescope in India [1] + Mars Express orbiter [2])

- still more data coming around midnight CEST (Mars Reconnaissance Orbiter [3])

- processing new data will take some time (ESA team will work on it through the night)

- press conference with hopefully more news about lander's fate tomorrow at 10:00 CEST

------

[1] https://en.wikipedia.org/wiki/Giant_Metrewave_Radio_Telescop...

[2] https://en.wikipedia.org/wiki/Mars_Express

[3] https://en.wikipedia.org/wiki/Mars_Reconnaissance_Orbiter

12
baq 2 days ago 0 replies      
>End of planned @ESA_EDM transmission - still no signal at #GMRT - this is not unexpected due to very faint signal at #GMRT #ExoMars

https://twitter.com/esaoperations/status/788759668940210176

13
flashman 2 days ago 1 reply      
Beagle 2: solar panels didn't deploy. Philae: didn't anchor to surface, bounced into a crevice. Schiaparelli: missing in action. If this is another loss, ESA is continuing its bad run with landers.
14
cyberpunk 2 days ago 1 reply      
Yeehaa!! Well done humanity!

ESA Operations @esaoperations 40s 40 seconds ago

#MarsExpress signal acquired! The ESA Deep Space Antenna #Cebreros reports a clear signal from @ESA's veteran Mars mission. #ExoMars

15
the_duke 2 days ago 1 reply      
> MarsExpress has started transmitting the @ESA_EDM landing recording. Even at light speed it will take 9m47s to reach Earth #ExoMars (seconds ago)
16
andreapaiola 1 day ago 0 replies      
events diverging from what was expected after the ejection of the back heat shield and parachute. This ejection itself appears to have occurred earlier than expected, but analysis is not yet complete.

The thrusters were confirmed to have been briefly activated although it seems likely that they switched off sooner than expected, at an altitude that is still to be determined.

http://www.esa.int/Our_Activities/Space_Science/ExoMars/Schi...

17
andreapaiola 2 days ago 0 replies      
All good for the orbiters!

No news for the lander.

See you tomorrow morning.

18
jcoffland 2 days ago 0 replies      
This will be devastating to the ESA's funding which is why they are spinning it so hard. This really sucks.
19
Overtonwindow 2 days ago 1 reply      
I watched the animation and I saw that the lander would land with a hard thud on the surface, with a system to collapse underneath and cushion it's fall. Why didn't they use the sky-crane method that NASA and JPL came up with?
20
pitiburi 2 days ago 0 replies      
"#FlightDynamics reported to the #FlightDirector that "We are captured in Mars orbit...all within expected tolerances" #ExoMars" .....TGO is in Mars Orbit!!!!
21
joeyspn 2 days ago 0 replies      
Live video stream from ESA HQ:

http://livestream.com/ESA/marsarrival

22
walkingolof 2 days ago 1 reply      
Beagle 2 comes to mind ...

https://en.wikipedia.org/wiki/Beagle_2

23
warrenmiller 2 days ago 2 replies      
"ESA Flight Operations Director Michel Denis has confirmed that they have lost contact with the probe.

The team is now hoping to pick up a signal from the Mars Orbiter, but it's not looking hopeful"

http://www.telegraph.co.uk/science/2016/10/19/exomars-space-...

24
DavidWanjiru 2 days ago 0 replies      
I saw this headline and went "SHIT!" No, I'm not emotionally invested, in fact I only learnt about it a few hours ago here on HN. Good to hear they have signal.
25
mirekrusin 2 days ago 0 replies      
Maybe windows update kicked in?
26
ts330 2 days ago 3 replies      
totally misleading title... there was no signal at the time because they were still waiting for it.
27
MrZongle2 2 days ago 1 reply      
Just now:

#MarsExpress signal acquired! The ESA Deep Space Antenna #Cebreros reports a clear signal from @ESA's veteran Mars mission. #ExoMars

https://twitter.com/esaoperations

26
Django REST framework 3.5 django-rest-framework.org
240 points by cdnsteve  1 day ago   64 comments top 13
1
alexbecker 1 day ago 2 replies      
I like DRF, but I think its allow-by-default mentality is a security risk. If you use it, keep in mind that:

* ModelViewSet is read/write, you should use the more verbose ReadOnlyModelViewSet until you know you want to allow writing.

* Fields specified in the "fields" member are read/write by default. You have to explicitly declare the field on the ViewSet and pass "readonly=true" to make it read-only. This is especially dangerous for ForeignKey fields, which can be used to change object ownership if you aren't careful.

When I was responsible for a DRF-based API I wrote some custom Fields and ViewSets to use safer defaults, and I recommend others do the same.

2
dopeboy 1 day ago 1 reply      
One metric that I'll measure a framework by is the likelihood of finding an answer to a query that is not articulated in the concepts and terms used by the framework. This is especially useful when starting out.

DRF scores well here. It's designed in an intuitive way. The healthy community around it is a big plus as well. Can't count the number of times I've come across a SO article that had updated answers for the latest versions.

I only wish there was a way to make one time donations. Currently you have to sign up for a recurring plan.

3
ralmidani 1 day ago 2 replies      
When I started flirting with Ruby and Rails for building a web app backed by a JSON API, DRF is what convinced me to stick with Django. It has a ridiculous amount of built-in functionality, but without making it hard to customize your API. If you haven't used DRF, you really owe it to yourself to give it a try.

I can't wait to see support for real-time views. Is that in the cards for DRF 3.6?

4
ralmidani 1 day ago 1 reply      
I use Django + DRF along with Ember, and love the combination.

All the new schema generation functionality is interesting. It's probably just a matter of time before someone builds a tool that reads the schema generated by Django, and syncs the Ember models with it. That's currently one of the drawbacks of using separate frameworks (and languages) for the client and server.

5
elcct 1 day ago 3 replies      
I have a question about http://www.django-rest-framework.org/tutorial/2-requests-and...

Is it a good practice to handle all verbs in the function dealing with the particular request as shown in the example?

I think for a real world scenario that would be a mess to read, but for a less experienced developer this could hint that such approach is alright and result in a less readable code base in the future.

6
tschellenbach 1 day ago 2 replies      
I always miss DJRF when using languages other than Python
7
tbarbugli 1 day ago 0 replies      
I can only say nice things about Django REST framework, super simple to use and comes with lot of extras. Very interesting the shift towards schemas and RAML; I am quite curious to see how usable that is.
8
Illniyar 1 day ago 5 replies      
For people who are unfamiliar, there is also Tastypie.

I find it's Model centric approach a whole lot nicer to work with then Django-Rest .

9
theptip 22 hours ago 1 reply      
Anyone been using the new(ish) schema generation features? Sounds useful to be able to generate client libraries from the API spec (e.g. DRF => swagger => JS library), but I haven't felt compelled to do so. Any other use-cases that are paying dividends?
10
jtchang 1 day ago 1 reply      
DRF is super nice to work with. It can be a bit slow when you start piling on the serializers and such but dev time wise it gives you a significant boost in productivity.
11
navyad 16 hours ago 0 replies      
DRF with django its deadly combination.
12
lcnmrn 1 day ago 4 replies      
Theres no need for a framework since you can do:

values = User.objects.all().values('id', 'username')

results = json.dumps(values)

or use the builtin JSON serializer. You can also use Paginator to paginate the results.

13
snippet22 1 day ago 1 reply      
I just stopped from the js community to the Python one cause of js fatigue and the first thing I learned is Django restful APIs and now this happens....
27
Internet Attack Spreads, Disrupting Major Websites nytimes.com
194 points by pouwerkerk  5 hours ago   169 comments top 26
1
seanharr11 1 minute ago 0 replies      
Harold Martin held without bail (high risk of flight) accused of theft of 20 years worth of government (NSA) tools/data, Trump stating he will not concede the election, tens of millions of IoT devices used in DDOS attack, Assange (wikileaks originator) cut off from internet, DNC hacked and exposed.

A conspiracy theorists dream.

2
gamegod 4 hours ago 7 replies      
Irony alert:

> "But technology providers in the United States could suffer blowback. As Dyn fell under recurring attacks on Friday, Mr. York, the chief strategist, said such assaults were the reason so many companies are pushing at least parts of their infrastructure to cloud computing networks, to decentralize their systems and make them harder to attack."

Pushing your infrastructure to cloud computing is not decentralization - it's centralization, and we're all doing it. Imagine if an attack like this was against AWS... we'd all be screwed.

3
csallen 4 hours ago 3 replies      
Schneier wrote about related attacks just over a month ago in a post titled "Someone Is Learning How to Take Down the Internet" (https://www.schneier.com/blog/archives/2016/09/someone_is_le...)
4
mancerayder 3 hours ago 1 reply      
Is it confirmed yet that so-called IoT devices were the bots?

Bruce was on point if so, arguing a couple weeks ago that accountability needs to happen on the manufacturers:

"What was new about the Krebs attack was both the massive scale and the particular devices the attackers recruited. Instead of using traditional computers for their botnet, they used CCTV cameras, digital video recorders, home routers, and other embedded computers attached to the Internet as part of the Internet of Things.

Much has been written about how the IoT is wildly insecure. In fact, the software used to attack Krebs was simple and amateurish. What this attack demonstrates is that the economics of the IoT mean that it will remain insecure unless government steps in to fix the problem. This is a market failure that can't get fixed on its own.

"

https://www.schneier.com/blog/archives/2016/10/security_econ... ("Security Economics of the Internet of Things")

5
dsr12 29 minutes ago 0 replies      
Wikileaks tweeted:

"Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point. "

Link: https://twitter.com/wikileaks/status/789574436219449345

If their claim is true, does anyone think, it will turn many sympathizers against them? I don't think attacking normal bushiness is a good thing to do.

6
adamiscool8 4 hours ago 3 replies      
It's fashionable to blame Russia these days, but what country manufactures the most IoT devices, and has the type of government that could mandate backdoor access?
7
tedmiston 4 hours ago 2 replies      
> It is too early to determine who was behind Fridays attacks, but it is this type of DDoS attack that has election officials concerned. They are worried that an attack could keep citizens from submitting votes.

> Thirty-one states and the District of Columbia allow internet voting for overseas military and civilians. Alaska allows any Alaskan citizens to do so.

I had no idea any states allowed voting online. I wonder if the general population will ever get access to that.

8
peterwwillis 2 minutes ago 0 replies      
So. Can we start talking about changing internet protocols to strengthen the integrity of internet network services against DoS attack?

Currently, the internet is very very open (as long as you don't live in certain countries). A baby monitor in Kansas can send arbitrary traffic to a router connecting a major financial services company in Hong Kong to an internet backbone. The idea, in a very hippy, world peace kinda way, is nice. But... probably not something we need to happen, much less should want to happen or allow, if good sense prevailed.

We have hacks in place that can prevent that particular situation from becoming too much trouble, but if you have enough baby monitors, something somewhere is going to choke. And really this is the point to me: you [as the network service provider] should not have to have carrier-grade infrastructure to avoid this scenario. If Casey Brogrammer wants to prop up a start-up on her DSL line (do people still have DSL?) she should be able to without fear of DoS. How do we do that?

I have no idea. But i'm betting it would require some rearchitecting of the internet and heavily modified protocols. Personally, I think the global BGP tables are gross (and, let's face it people, depending on RAM to perpetually increase in size while simultaneously decreasing in cost ad infinitum is not a realistic scaling mechanism), I think the many flaws in modern tcp/ip protocols are not designed with specific enough use cases in mind, and that the generalist design of the modern Internet has become more of a hindrance to efficiency and progress than a benefit. There is absolutely no requirement that we keep engineering ourselves into a corner, and IPv6 sure as shit isn't going to solve it.

9
tedmiston 4 hours ago 0 replies      
Extensive commentary on this topic is in the update from Dyn - https://news.ycombinator.com/item?id=12759697
10
codecamper 4 hours ago 2 replies      
Is this the end of the Internet that news.com predicted back in 1995?
11
nodesocket 3 hours ago 0 replies      
"And in a troubling development, the attack appears to have relied on hundreds of thousands of internet-connected devices like cameras, baby monitors and home routers that have been infected..."

Is that really confirmed or just the reporter writing gossip.

12
cognivore 3 hours ago 1 reply      
Kind of makes me wonder - why let up? Can it be mitigated at all? Wouldn't they have done so by now. Be interesting if they just kept piling it on until they've got the whole internet on it's knees.
13
deepsun 4 hours ago 1 reply      
I wonder, how much electricity do these attacks spend on average? Is it significant for economy?
14
codecamper 4 hours ago 1 reply      
If these sites hosted with google cloud, would they be less susceptible to ddos attacks?
15
lifeisstillgood 4 hours ago 5 replies      
We seem to be needing more concerted action on what is a consumer minimum standard for an internet connected device.

Consumer devices have to be more secure because if the low user skill level - and interest.

I am always reluctant to say "there should be a law against it" but frankly if we cannot mandate minimum standards of uogradbility and security for devices we will just keep handing over our devices to the first person to scan them.

16
cerved 4 hours ago 0 replies      
Typical Dark Army
17
hellogoodbyeeee 4 hours ago 2 replies      
How long could this go on for?
18
netcommentator 3 hours ago 1 reply      
Given national security interests, we need new laws: 1. IOT devices should not ship with default passwords. 2. Internet infrastructure companies should not be allowed to get "too big to fail".
19
kylelibra 4 hours ago 4 replies      
Can't recall ever seeing the NY Times embed tweets in a story, is this a first?

edit: apparently it's because I mostly read the site within the app.

20
misrab 3 hours ago 1 reply      
could we just move along with ipfs and a distributed web please guys, it's about time!
21
owaislone 4 hours ago 1 reply      
or Jen just dropped the internet.
22
throw2016 4 hours ago 1 reply      
This seems so out of the blue, the last attack was targeting krebs for exposing extortionists. Who is being attacked this time and why?

There is a lot of talk of iot botnets but little to no evidence. This seems too vague and up in the air.

If all it takes is script kiddies and random extortionists to generate such large 1 Tbps scale attacks then we appear to be reliant on an unbelievably fragile base.

There is a growing realization of the need for more decentralization of services but these kind of attacks is going to drive more centralization if only Google scale companies can manage to stay up. I think this is drop everything and fix time for the IT profession.

23
e_e_e 4 hours ago 1 reply      
Brainstorming: We should make DNS mines like for Bitcoins
24
orthoganol 3 hours ago 2 replies      
WL's Twitter has claimed it was WL supporters. Although no one can really confirm what's going on with them since the Ecuadorian embassy events the other day.
25
fowlerpower 4 hours ago 6 replies      
The U.S. has changed the rules of engagment to state that any cyber attack can be met with real military counterattack.

If the Russians are behind it, after being emboldened by Ukraine and Syria, the United States has to respond. I'm not saying all out war but I am saying we have to show the Russians that this affects everything we are about. It affects our businesses, our elections, and our way of life.

I am saying there should be military action and if that leads to war then so be it, everyone will think twice about this sort of thing again and we will all be safer because of it.

26
codedokode 3 hours ago 0 replies      
I think the main problem is that the Internet is decentralized. As it has no single owner nobody is responsible for mitigating the attacks and noone wants to pay for developing and implementing new protocols, installing new hardware.
28
Microsoft Shares Soar to Record on Earnings Boost From Cloud bloomberg.com
176 points by matco11  15 hours ago   126 comments top 16
1
hollerith 11 hours ago 5 replies      
>The shares surged as much as 5.6 percent to a record $60.45. The last time Microsoft was trading near that level was in 1999.

Using share price is suboptimal because the number of shares outstanding has decreased significantly since 1999. Better to use market cap (which is share price times the number of shares outstanding).

(According to wikipedia) Microsoft reached a market cap of $618.9 billion in December 1999, which is $879 billion in 2015 dollars. In contrast, Microsoft's market cap today is significantly less, namely, $447.5 billion.

BTW, in Feb 2015, Apple reached a market cap of $775 billion. Since the computing industry's share of the economy was significantly lower in 1999 than it was in 2015, the data on market caps suggests that the 1999 version of Microsoft was significantly more dominant over the industry than the 2015 version of Apple was.

2
Bud 11 hours ago 5 replies      
Even as a longtime Apple fan and inveterate Microsoft-hater, I have to hand it to Satya Nadella and Microsoft as a whole. Their success is deserved. I work with basically the full range of Microsoft products in my job and what I see is that everything has improved lately. Windows is better, Office is better, their cloud offerings are better, and even the Surface is better.

Now, if they would only improve the licensing process for Windows so that it doesn't drive people insane, that would be amazing.

3
apapli 6 hours ago 1 reply      
There are a few comments on this thread about people disputing microsofts cloud revenues. I've got no extra intel or inside knowledge, however what I am seeing in the market suggests to me MSFTs cloud numbers are probably near to what they claim.

I lead sales and marketing at a small Microsoft partner. Even though we are an edge case we haven't lost a deal against salesforce.com for quite a while, and I am hearing similar reports from other established Microsoft partners here in Australia.

The combination of Dynamics CRM Online / Dynamics365 with the broader stack (BI, office365, azure) is extremely compelling to businesses.

And at a third of the price of salesforce licensing all we needed to have done was equal them to win the deals.

As Microsoft goes up look out for salesforce going down. They did a great job and set the gold standard, but the market has caught up and overtaken them now.

4
fnbr 10 hours ago 0 replies      
Microsoft has been doing an incredible job lately. With the announcement of native support for Ubuntu binaries, I've been excited to try Microsoft products for the first time.

Additionally, as someone who writes a lot of bash scripts, I'm excited that I'll be able to use them across platforms. The two main reasons I use Apple computers instead of Windows are build quality & the UNIXy background of macOS, and with their recent moves, they remove the last reason as a differentiating factor.

Even their cloud offerings are exciting. I use R to do a lot of statistics work, and now Excel has support for integrating R scripts hosted on Azure. This makes it much, much, much easier to get R code working in an enterprise setting, which has been a major hurdle for me previously.

5
samfisher83 13 hours ago 5 replies      
If you look at the numbers their cash over the past few years have been relatively stable about ~24 billion in FCF. Now if we model that as a Perpetuity with 10% rate which has been historical rate of the market we get 24/.1=240 (not including inflation) if we add Net Tang Assets and some tax benefits if we write down goodwill we we end up with 56billion. However MSFT is trading for 450 billion. Where is this extra 150 billion coming from? Cloud has about 10% margin I don't see how the numbers add up.
6
tonyedgecombe 13 hours ago 5 replies      
Is it a real increase in revenue or just smoke and mirrors from shifting Office revenue again?
7
cerved 5 hours ago 0 replies      
A lot of people seem confused at why an earnings boost in cloud revenues at the expense of traditional licensing revenues would result in positive market response. But you have to remember, there's a whole lot more to an earnings report than the sum of all the numbers in the balance sheet. Even more important is the story they tell.

In the last few years, IT has seen growth in new business lines such as SaaS, cloud etc. and a growth stall n traditional revenue (HW, on-prem & licenses etc.)

Older companies like Microsoft, IBM, Oracle have been making their bread and butter for decades in traditional technologies whilst new upstart companies like Salesforce, Amazon & Google have all established themselves as leaders within newer fields.

In a sector where being an early winner within new technologies is key for future revenue (like Microsoft & Windows in the 90's) the market is judging these older giants not at the revenue they bring in, but in their ability to retain market share and beat new players in the innovation game.

The boost in share price should be seen as a recovery from previous depreciation of share price (Nokia & Windows phone anyone?) and a belief the company has finally woken up to reality and is moving in the right direction.

8
anon987 10 hours ago 0 replies      
Friendly reminder: Less than a year ago Steve Balmer himself called Microsoft's cloud numbers "bullshit"

http://www.computerworld.com/article/3011662/cloud-computing...

9
erikpukinskis 7 hours ago 3 replies      
Just took a look at MSFT. I was surprised to see that the stock has been climbing basically linearly for a solid 5 years now. I wanted to revisit the CEO/stock price graph now that we've seen a bit of Nadella's performance:

http://i.imgur.com/lr9j2KS.png

I was expect to see a nice perfect correlation of Ballmer = flat stock price, but it actually looks like the upturn began during his tenure. Speaks well for him, although overall it's not a pretty picture of his tenure.

10
thedangler 11 hours ago 2 replies      
It's funny that I didn't take my own advice 4 years ago.A colleague asked me what stocks she should buy and I said Microsoft. She bought in at around $20 something.

I don't know how many she bought.

11
grandalf 10 hours ago 0 replies      
Microsoft has hired a large team of economists, econometricians, etc. to help drive strategy in Cloud. Looks like it's paying off nicely.

Preston McAfee is a very clever guy and has seemingly been able to recruit top tier econometricians out of academic positions:

http://vita.mcafee.cc/

12
sunstone 9 hours ago 1 reply      
Would would ever have bet that Microsoft would kick Google's butt in the cloud? Not me.
13
lokeshk 12 hours ago 3 replies      
But, I thought pg said Microsoft was dead.
14
Zigurd 3 hours ago 0 replies      
I would expect this, and I would expect this trend to continue for several years. Almost every Windows server running in a corporate machine room or departmental closet should be an instance in the Azure Cloud.

Microsoft will be delivering extra value by providing the hardware and taking responsibility for running these systems, and will generate recurring revenue for as long as the customer needs what's on those servers. This is a gold mine Microsoft can dig for many years.

15
JustSomeNobody 10 hours ago 0 replies      
Let's all celebrate "The Cloud" as half[0] the East coast internet is blacked out by a DDoS attack.

[0] I love exaggerating for drama.

16
meira 12 hours ago 0 replies      
This is not a bubble. Let's not talk about a bubble.
29
Herman Miller Launches New Aeron Chair hermanmiller.com
189 points by petemill  23 hours ago   155 comments top 32
1
paddy_m 17 hours ago 3 replies      
I bought two Aeron chairs, $10 each at separate times.

The first chair was being pushed down the street by a guy who looked borderline homeless. He was about to go into the Bowling Green subway station. I said "Are you selling that chair", he said "How much would you offer?". I offered $10, he said "great, I didn't really want to carry this all the way home". I had a pang of regret and thought I had possibly walked into some type of high design sting operation. I asked "Do you own this chair?", he replied "My office was renovating and they were throwing it out." Good enough for me.

The second chair came a couple of weeks later. I was walking down Broadway by the bull, about 100 yards from the first place. One of the street vendors was sitting on an Aeron. I asked if he would sell me the chair, he said sure, $20. As I was inspecting it, a woman walked by and said "That's a nice chair, it's not a real Aeron like they have at my office, but it's a nice chair". The hydraulic cylinder was broken on this one, the chair only sat at the lowest position, when you would pick it up, the cylinder extended. I offered him $10 and he accepted. It was a genuine Aeron. I ordered a new cylinder for this chair and it is like new, the cylinder was around $90.

Both of these sales happened within my first 3 months of moving downtown. I have never seen another Aeron chair for sale on that street or any other. I looked.

2
grogenaut 20 hours ago 5 replies      
Wow, this is just full of people who don't like the aeron. I agree it's expensive. I just buy used ones on craigslist for $375. I just wait till there is one. I've got 3. I've had a work aeron since 2002. Love the things they work for me. I know plenty of people they don't work for. I used several other ergonomic chairs and they pinched the nerves at the back of my knees and caused the outsides of my feet to go numb. Aeron works great for me.

Now what is missing from the comments is a good summary of the differences. I read the comments to I don't have to think for myself and so I don't have to digest the article. I think of the comments as the mturk version of AI article summaries. GET ON IT PEOPLE! :)

3
thisjustinm 12 hours ago 1 reply      
I've sat in Aerons for a few years across various jobs and they were always just OK - I felt like they could have been great if I could just adjust a few more things to fit my body better.

When it came time to get a "real" office chair for the home office I decided to go with the Steelcase Leap[1] and I have not regretted it. I had no idea a chair could fit me this well. Everything is adjustable and actually labeled - it's like they actually thought about how people use chairs.

The biggest problem with having a chair as good as the Leap to sit in 90% of the time is the other 10% of the time where I'm somewhere with a terrible generic office chair - I can feel it in my back and legs within a few hours.

Everyone is different but I really can't recommend enough at least trying out the leap.

[1]https://www.steelcase.com/products/office-chairs/leap/

4
Freak_NL 20 hours ago 7 replies      
Ironically, a couple of articles below this one this headline shows up:

> The Tech Bubble Didnt Burst This Year. Just Wait (bloomberg.com)

Do others have this strong association with the first internet tech bubble and Aeron chairs? For me there is a strong visual link between the floundering tech companies of that era and the images of the seemingly ubiquitous Aeron chair in the offices being cleared.

Not to belittle the notion of good ergonomics on the contrary, I love my Steelcase chair and hight adjustable desk it's just that the brand seems tainted. I wonder if their market research took this into account and came up with a strategy for this association?

5
caminante 20 hours ago 0 replies      
For perspective, the original was a radical departure from convention.

Quote from Blink by Gladwell:

 "In late 1993, as they prepared to launch the chair, Herman Miller put together a series of focus groups around the country. They wanted to get some ideas about pricing and marketing and make sure there was general support for the concept. They started with panels of architects and designers, and they were generally receptive. They understood how radical the chair was, Dowell said. Even if they didnt see it as a thing of beauty, they understood that it had to look the way it did. Then they presented the chair to groups of facility managers and ergonomic expertsthe kinds of people who would ultimately be responsible for making the chair a commercial success. This time the reception was downright chilly. [...] Before long, however, the chair started to attract the attention of some of the very cutting-edge elements of the design community. It won a design of the decade award from the Industrial Designers Society of America. In California and New York, in the advertising world and in Silicon Valley, it became a kind of cult object that matched the stripped-down aesthetic of the new economy. It began to appear in films and television commercials, and from there its profile built and grew and blossomed. By the end of the 1990s, sales were growing 50 to 70 percent annually, and the people at Herman Miller suddenly realized that what they had on their hands was the best-selling chair in the history of the company."

6
bcrescimanno 12 hours ago 3 replies      
A question before my own story: What does everyone do as far as trying out chairs? It's crazy to me to base my buying decision on 10 minutes of sitting in a store. Are there stores out there that allow for in-home trials of these products?

One of the thing that always amuses me about "best chair" recommendations is that it's an entirely personal choice.

I am 6' 2" and 200lbs. Understanding even more than that about the size of a person is critical to understanding their needs in a chair. No matter how adjustable a chair is, it's simply not going to be best for everyone.

At home, I own a size-C Aeron chair that I purchased in 2007. I love it and the only thing I've ever considered is upgrading to one with the highest-end back support rather than the standard lumbar cushion.

At work, I sit in a Steelcase Leap. It's certainly a fine chair and I have no real problems with it. I find it very comfortable and I'm able to sit for much of the day in this chair without any issues.

My gut tells me that I prefer my Aeron; that said, the more I think about it, the more I realize that I've never questioned that assumption. The one thing I know is that I do prefer the breathable material on the Aeron.

7
nikcub 21 hours ago 4 replies      
I know the Aeron is extremely popular, but IMO the Embody is a better chair:

http://www.hermanmiller.com/products/seating/performance-wor...

8
flyinglizard 17 hours ago 0 replies      
I have an Aeron, like many others, but I tried their new stuff (like the Embody and Mira) and they just felt plasticky and cheap (obviously they're expensive as all HM products). The Embody, their flagship chair, is complete trash in my eyes. It's absurdly uncomfortable during long periods, to the point a friend of mine bought one and sold it few months later at 50% off because he had back aches, and another friend just brought his to the company's office where it's left deserted among the cheap conference room seating, and bought something else to use at home.

It seems like HM haven't managed to top the original Aeron, and all they did since is making new stuff that's cheaper to manufacture. I suspect this new Aeron is yet another attempt at reducing manufacturing costs (replacing metals with plastics etc) but we'll see. If it's really better than the original, I'll pick one when my 12-years warranty ends in couple of years.

9
idlewords 16 hours ago 1 reply      
Set aside the chair and just read this through as an amazing work of prose.

"The tilt mechanism delivers an even more seamless experience of movement (and stasis)"

"from intense upright focus to relaxed contemplative recline"

"a health-positive, more comfortable sit."

10
cantrevealname 19 hours ago 1 reply      
Several people here mentioned that they hate the mesh fabric of the Aeron chairs because it tears over time, because it feels "like sitting in a hammock and putting pressure in unwanted areas causing numbness", and because the hard plastic rim under the mesh presses into your thigh.

For everyone who likes the basic Herman Miller shape but not the mesh, I recommend the older Herman Miller Equa and Equa 2 chairs:

https://www.google.com/search?q=herman+miller+equa+chair&sou...

These pre-date the Aeron chairs, and IMO are much more comfortable. The downsides are that they are slightly less adjustable in general (e.g., on my particular model, the armrests don't go up and down) and obviously don't offer the ventilation of the mesh (which I personally don't like anyway).

11
Mao_Zedang 22 hours ago 4 replies      
I used to buy a $100 chair every year because it would break, I have had my miller for almost 11 years now.
12
SwellJoe 20 hours ago 1 reply      
I bought an Aeron from the Arthur Andersen bankruptcy auction, and kept it for about a decade until I moved into an RV and didn't have room for it. I loved it, and miss it every time I have a twinge of back pain because of sitting too long on the sofa or at the dinette. I have frequently considered getting a bigger RV just so I'd have room for a new Aeron. I'm sure there are other great chairs, but the Aeron was the first great chair I ever owned (I'd gone through a half dozen or so cheapo office chairs before getting the Aeron).

In short, a chair is one of those things that it is well worth spending some money on. The nice thing about Aerons after so long on the market is how common they are on the used market now.

13
SloopJon 20 hours ago 2 replies      
I've had an Aeron at home for ten years or so. Both of the arms have broken off. It actually seemed like an improvement, so I never got around to a warranty replacement.

Arms aside, I'm not crazy about the chair. It's not really comfortable for anything besides sitting straight up at a desk. The Steelcase chairs I've had at work are more versatile, although I've broken one of those too.

14
tristor 14 hours ago 1 reply      
When I switched to working from home full-time I went through a collection of chairs and finally settled on the Herman Miller Mirra2. It's a derivative design of the Aeron, but on the Aeron I had problems with the front lip cutting off circulation in my lower legs and putting too much pressure. The adjustable front lip on the Mirra2 was a godsend and after getting it adjusted professionally to fit me, I feel like the chair cradles me.

Now that I'm on the road traveling while I work, other than air conditioning on hot days the biggest thing I miss from the US is my Herman Miller Mirra2. Skip the Aeron, get a Mirra2 or an Embody. Both are amazing.

15
pieterhg 13 hours ago 0 replies      
Bought the Aeron this year. It cut off blood flow to my legs at the thigh area.
16
npezolano 16 hours ago 1 reply      
Not sure why people don't like this chair. I've worked for a large company where everyone had Aerons and I absolutely loved the chair. I've even bought the higher end Embody from Herman Miller and I love that as well.
17
dh12345 8 hours ago 2 replies      
Shameless plug. At Autonomous, we just launched the $179 ErgoChair yesterday to compliment our SmartDesk.

$179 ErgoChair by Autonomoushttps://www.autonomous.ai/office-chair

18
sshumaker 13 hours ago 0 replies      
The cynic in me thinks they are releasing a new chair so they can recapture revenue in this market. Aeron is somewhat a victim of its own succcess - they are incredibly well-made so there is a thriving secondary market that Herman Miller doesn't capture. This could be like a drug company subtly making changes to a drug once generics show up on the market. I suppose that's better than building in planned obsolescence.
19
jdmoreira 15 hours ago 0 replies      
I've been looking at buying an aeron for quite a while, they are not so common in Europe. They might be more common in London but I've never seen one or sat on one.

I can get them refurbished for around 350 for the standard and 500 for the executive model plus shipping to Sweden from either the UK or Germany.

If anyone knows a better way of getting one in Europe / Sweden let me know!

20
eddyg 15 hours ago 0 replies      
Not sure why I don't hear more about Knoll's ergonomic chairs: http://www.knoll.com/shop/by-category/ergonomic-desk-chairs

Please comment if you've used a Knoll chair and can compare it to an Aeron or Leap.

21
mixedbit 20 hours ago 2 replies      
I was considering Aeron but I've read reviews that its adjustments are not very flexible, especially taller people were complaining that is is hard for them to adjust Aeron in a way that the chair is comfortable. Aeron has larger size, but it seems to be intended for taller and thicker, not for taller and thin. I ended up buying Hag H05. It isn't as popular, but I'm very satisfied with it (Using it for about 5 years now).
22
elcct 20 hours ago 1 reply      
Is it only me who thinks the design of this chair is aesthetically awful? It looks like it belongs to something like hospital not an office...
23
_Codemonkeyism 20 hours ago 1 reply      
Shouldn't they have done this at the beginning of the bubble? ;-)
24
forrestthewoods 21 hours ago 9 replies      
I've switched my recommended chair from Aeron to Steelcase Leap.

The problem with Aerons is the mesh seat. Because you sit on mesh there is a hard plastic rim. The front of that rim press up into your leg on your thigh. It restricts circulations which can cause outright pain.

The severity depends on your body and how you fit in the chair exactly. But it's bad enough for enough people that I recommend people avoid Aeron; with the Steelcase Leap being my current chair of choice.

https://www.steelcase.com/products/office-chairs/leap/

25
earlyriser 15 hours ago 2 replies      
I have drunk the cool-aid about expensive chairs and cheap tables. For years I wanted to buy an Aeron for my home office but I didn't want to do it until I test one (I live in a small town, so no opportunity). Finally this year I tested an Aeron during a business trip, for 10 days. Maybe it's my own body, but it wasn't as comfortable as I thought it was going to be, I was very disappointed.

The best chair I've been on was one during an EA interview (Montreal studio). I still wonder which kind of chair it was.

26
uptown 17 hours ago 0 replies      
Used to have one at an old job but never liked them. I found the plastic leading-edge of the seat gouged into my legs uncomfortably. I did find one with a torn mesh seat on the street once -- repaired it and gave it to a family member.

For me - I've been sitting on a Humanscale Freedom for about a decade. The company replaced the gel seat once due to wear and tear - but otherwise it's been a great seat if you're okay using something that doesn't have a million knobs and levers to customize your sitting experience.

27
nsxwolf 12 hours ago 0 replies      
I've had mine for 11 years now. The lowest end model with no lumbar support and nothing but the height is adjustable. The left arm rest now has a huge crack in the vinyl which digs into my forearms sometimes but overall it's better than all the other chairs I have access to.
28
petemill 20 hours ago 0 replies      
I wonder if the new mesh material is actually the same as Mirra 2's mesh material, which was always different from the (now classic) Aeron.

I've been trying both chairs out, and found some of the Mirra 2's features a lot better than the Aeron (notably it's forward tilt and it's more adjustable arm rests), but hated the softness of the seat mesh which felt like I was sitting in a hammock and put pressure in unwanted areas, causing numbness.

29
zwieback 12 hours ago 0 replies      
Where I work cast-off Aerons bunch up in abandoned cubicle tracts. Some people like them but others seem to move back to traditional ones. Personally, I don't like the hammock-feel very much.
30
bryanmgreen 7 hours ago 0 replies      
Can anyone tell me why chairs are so expensive though?
31
runnr_az 11 hours ago 0 replies      
Can I get it in True Black?
32
Randgalt 14 hours ago 0 replies      
How can you improve on perfection? I'm dubious. I've had mine for over 15 years and will never part with it. I had it refurbished 3 years ago and it's still great. It made a huge difference in my life. I had back problems and severe repetitive stress problems. The chair makes a huge difference for me. In particular, it allows me to have a tilting-forward position. Also, the mesh is extremely comfortable without trapping heat. It's pure genius.
30
Mars Reconnaissance Orbiter views Schiaparelli landing site esa.int
202 points by okket  10 hours ago   95 comments top 12
1
beamatronic 9 hours ago 1 reply      
It is so bad ass that when we have a question about something that happened on another planet we can just point one of our other robots' cameras at the site!
2
BurningFrog 9 hours ago 0 replies      
The main mission of this expedition is the Trace Gas Orbiter: http://exploration.esa.int/mars/46475-trace-gas-orbiter/

"the Trace Gas Orbiter will be deployed to detect a wide range of atmospheric trace gases (such as methane, water vapour, nitrogen oxides, acetylene), with an improved accuracy of three orders of magnitude compared to previous measurements."

3
Aqua_Geek 10 hours ago 2 replies      
> Estimates are that Schiaparelli dropped from a height of between 2 and 4 kilometres, therefore impacting at a considerable speed, greater than 300 km/h.

Ouch. It will be interesting to read the results of the investigation as to why the landing thrusters turned off prematurely.

4
ramgorur 1 hour ago 2 replies      
Should we say that the space programs in the 60s and the 70s were more successful? specially, if we consider the communication and the control technologies available at that time. For example, vikings had Honeywell 24 bit cpu with 18K memory. What about those Argon computers used in the soviet venera programs?

Or may be, a very fast/accurate computation is not that necessary?

5
mturmon 9 hours ago 0 replies      
Questions have come up about the landing strategy of the Schiaparelli lander. It uses a Doppler radar to get position and velocity, time deployment of parachute, and calibrate thrust for retro-rockets. The best references I was able to find are these:

http://exploration.esa.int/mars/47852-entry-descent-and-land...

http://solarsystem.nasa.gov/docs/Bayle_ExoMars_EDM_Overview-... (solid, is undated, seems old and nonspecific in some cases)

https://solarsystem.nasa.gov/docs/7B.1_Lorenzoni_ExoMars%202... (from 2013, more detail)

6
tangue 7 hours ago 2 replies      
In Rob Manning's book [0] : He explained how hard it is to land on Mars. It's nicely sum up in those two sentences :

Theres too much atmosphere on Mars to land heavy vehicles like we do on the moon, using propulsive technology completely, said Manning, and theres too little atmosphere to land like we do on Earth. So, its in this ugly, grey zone. [1]

The recent success of Curiosity, Spirit and Opportunity must not shadow the fact that most Mars missions have failed.

[0] "Mars Rover Curiosity: An Inside Account from Curiosity's Chief Engineer

[1] http://www.universetoday.com/7024/the-mars-landing-approach-...

7
yummybear 10 hours ago 5 replies      
What a shame. The only consolation, if any, is that they are not the first ones to crash on Mars. If I remember correctly the historic chances of landing successfully on Mars is about 50/50.
8
altechcode 6 hours ago 0 replies      
That 600MB of telemetry should provide extremely valuable in making that rover they are planning to land less likely to fail.

Sadly you really don't get that many attempts...

9
animex 7 hours ago 0 replies      
Splat. Not sure if that is a landing site or a crash site.
10
jcoffland 10 hours ago 5 replies      
11
pmoriarty 8 hours ago 0 replies      
Now imagine there being 100 people onboard that spacecraft, as Elon Musk plans for.
12
LunaSea 9 hours ago 7 replies      
Once again, billions of euros are put into use for what is essentially scientific curiosity instead of trying to solve the very real problems Europe is facing. I love astronomy and space exploration but the amounts of money wasted into it rather than other problems with a high priority is staggering.
       cached 22 October 2016 04:11:02 GMT