hacker news with inline top comments    .. more ..    25 Oct 2016 Best
home   ask   best   3 years ago   
All Tesla Cars Being Produced Now Have Full Self-Driving Hardware tesla.com
1481 points by impish19  5 days ago   1087 comments top 112
hipshaker 5 days ago 26 replies      
Isn't this hackernews??

So many "but what if this and that and this..." & "and yeah let's see if it can handle X & Y"

This is the iPhone 1 of self-driving cars!That's akin to saying Apple should have waited to release their phone until iPhone 7 "because of this & that & this..."

Don't we have to start somewhere??Aren't there supposed to be a big user base here who understands that it's an evolutionary process - we build the plane before we build the rocket before we shoot people into space?

Oviously the perfect self-driving car is still some way off, but I for one am thrilled this race is on!

luma 5 days ago 13 replies      
I think what people are missing here is an understanding of how these systems are tested and deployed at scale. While I have no involvement with Tesla I do have first-hand knowledge of similar programs at tier 1 automotive suppliers.

The suppliers provide (or are looking to provide) an electronics suite to car manufacturers. The car manufacturers want the system to be safe lest they be sued out of existence. One part of that will include contractual requirements for the system to have clocked n-kilometers on the highway in full (or partial) operation. For example, one project had a requirement for car(s) with full sensor data recording and partial automation enabled for 1 million kms.

The automotive suppliers will outfit a handful of, say 2019 model year test cars with the proposed sensors in the correct place and drive them around roads and highways in the specified conditions. Outfitting the cars can be expensive with prototype hardware, collecting the resulting data is a pain, and as a result the suppliers I'm familiar with run a (relatively) small number of cars for a lot of miles to record all that data.

The point of all this is to collect sensor data for resimulation as models are developed and trained. If an exceptional event occurs, they can modify the driving model, then "replay" the new model against all prior collected data to make sure the change doesn't do something unexpected elsewhere.

This process takes a lot of time (years) to pursue in this manner. What Tesla is doing is deploying the hardware in the field, then using the deployed systems to collect data to be used for the development of the automation platform. Instead of a couple of test mules they can use every single car they sell and let you drive it around for them while they record the results. Data collection that would take years can happen in weeks. This is a brilliant shortcut to the process and it puts them a couple years in front of the competition.

Animats 5 days ago 7 replies      
More cameras. Better sonars (very short range). Better radar processing, but apparently the same old single radar at bumper height. Still no windshield-height radar. No radar scanning in elevation. No LIDAR.

That's a better, but still weak sensor suite. It's probably enough for freeway driving under good conditions. It's far below Google's sensor suite. Or Volvo's.

Now they just have to write software smart enough to not plow into stationary vehicles on the shoulder. There are videos of three separate Tesla crashes where the Tesla plowed into a vehicle partially blocking a lane.

There have been several announcements of low-cost solid-state LIDAR units for automotive. Quantergy announced last year, but didn't ship.[1] Innoviz announced this year to ship in 2018.[2] Advanced Scientific Concepts can't get their costs down.[3] (They have a great unit that costs $100K; the Dragon spacecraft uses it during docking.) Those are all-solid-state devices. There are also some companies trying to use MEMS mirrors, like TV projectors. Eventually somebody will get 3D LIDAR technology working at a low price point, but it hasn't happened yet.

[1] http://www.quanergy.com/products/[2] http://spectrum.ieee.org/cars-that-think/transportation/sens...[3] http://www.advancedscientificconcepts.com/applications/autom...

thesimon 5 days ago 11 replies      
If you go to the order page of the Model S, it says for the "Full Self-Driving Hardware":

>Please note also that using a self-driving Tesla for car sharing and ride hailing for friends and family is fine, but doing so for revenue purposes will only be permissible on the Tesla Network, details of which will be released next year.

Interesting decision.

simonsarris 5 days ago 5 replies      
How interesting. So up-coming Tesla drivers temporarily won't get fancy features.

For a time, new Tesla buyers again become early adopters. But unlike traditional early adopters, who take a trade-off (on price, or features, or polish) for being first, these adopters are promised the features when they are ready.

The nay-saying around Tesla is immense, even in these early HN comments. Obviously there's some risk here, but man. Tesla is sowing the seeds of the future.

scraft 5 days ago 6 replies      
Interesting for two reasons:

1. It is a self driving car, it is so clearly the future, I wish it existed now, it is going to be awesome (in my opinion).

2. Despite knowing about and following news about driverless cars for a while, there was something surprisingly (to me) compelling about watching the video. It's like you get a little taste of the full A to B that it can give you (door to door).

Who wants to speculate how long it will be until self-driving cars are common place in the UK? I need to know how long I have to save..!

spIrr 5 days ago 6 replies      
From 00:50 to 01:10, why is the car driving in the left lane, when the right lane is clearly not turning? It's strange to see this behaviour as someone living in Germany, where you are supposed to, by default, drive in the right lane if you are not overtaking another car or there is a traffic jam...

EDIT: also, did it turn into the wrong lane at 2:25-2:30? is this a security risk?

11thEarlOfMar 5 days ago 9 replies      
> Teslas with new hardware will temporarily lack certain features currently available on Teslas with first-generation Autopilot hardware, including some standard safety features such as automatic emergency breaking, collision warning, lane holding and active cruise control.

Not sure what to make of this. New buyers are getting less than current owners now, but expected to get much more later?

I can't think of a precedent for this as a marketing approach in modern consumer products.

bflesch 5 days ago 8 replies      
Truly impressive. I wonder if the Model 3 will also be fitted out with all the sensors and cameras. If yes, I'll definitely get one.

As a German citizen, it really bugs me that Volkswagen is incapable of this kind of innovation. I don't see their roadmap play out like they plan it, because Tesla might beat them to market hard. I fear German regulation will jump in (again) to help them against Tesla.

Currently, the German government gives out electric vehicle subsidies (~5k per car), but it is limited cars less expensive than 60k. At the moment there is very low demand for this subsidy, because everyone who goes EV wants to go Tesla.

hacker_9 5 days ago 5 replies      
> "The person in the driver seat is only there for legal reasons"

> Person gets out and let's car park itself

But seriously the tech is very impressive. The journey was rather simple though, and didn't cover more difficult areas (inner city driving, heavy stop start traffic, roadblocks, road accidents and so on). I hope that Tesla test these things thoroughly because they've already got one death under their belt, it won't take many more to put people off completely.

mparlane 5 days ago 2 replies      
How sure are they that this hardware revision is going to be what is required? I feel like at any point in time you can make an assumption about the hardware requirements to only discover in future that you could have actually done it with just a software update if the CPU had one more core. They'd have to be pretty sure this HW rev would meet their future demands for self-driving right ?
hash-set 5 days ago 9 replies      
I get that tech companies want self-driving cars really bad because they smell billions of dollars in "disruption" but no matter how good AI gets, I have a suspicion it won't actually do better than a decent human driver can do. It's not about processing speed, it's about experience and reflexes, which granted, not everyone has.

Let's see a self-driving car win a Formula 1 race--and even that controlled racetrack environment isn't the same as the real world! It's actually harder to drive on the typical American roadways than it is to be on a track.

And yes, I am aware that AI stuff is improving exponentially or whatever, but the more I think about this, the more I think it is mostly a pipe dream to grab headlines and be a "look over here" type distraction for the purposes of raising funding.

In terms of safety, people will still lose their lives, they will just die from different kinds of car accidents than the kinds we have now.

KKKKkkkk1 5 days ago 1 reply      
The former head of Google's self-driving car project has said that self-driving cars are decades into the future.* Even if that's too pessimistic, nobody today knows what a self-driving car will look like, what kind of algorithms it will run, and what kind of sensors it will need to get there. I'm afraid this pronouncement is another sign that Mr. Musk is taking his investors for a ride.

* http://spectrum.ieee.org/cars-that-think/transportation/self...

EA 5 days ago 5 replies      
Police departments around the country are going to see a loss of revenue. No more rolling through stop signs, illegal lane changes, or speeding tickets.
Walkman 5 days ago 0 replies      
So you buy a "regular" car today which will be automagically converted to a self driving car when all the regulations and software catch up. That's pretty cool. You can buy into the future today :D
dyarosla 5 days ago 3 replies      
From the car purchase page, it seems that they are charging an additional $13,200 (combining the addons Enhanced Autopilot and Full Self Driving capability at $7,900 and $5,300 respectively) for the full experience:


ahunt09 5 days ago 0 replies      
The video was too edited for me to have confidence. There was a moment at about 2:05 where I was interested to see how it handled the termination and merging of the lane -- but then we cut away before that happened. Or at 1:30 when there's no big sign post in the median, and then switching to left-rear camera, there we pass one. It's a nice narrative on the future, but it's far from proof of comprehensive functionality.
S_A_P 5 days ago 9 replies      
So what do these cars do when the hit a puddle of mud and it covers all the cameras. Will there be a new form of vandalism where someone puts scotch tape over/destroys the vehicles cameras and now your fancy autonomous vehicle is rendered incapacitated. Maybe this seems unlikely or ridiculous, but the dependence on cameras at points on the car that seem likely to get dirty and or damaged seems to be a risk to me.
mentos 4 days ago 1 reply      
I had hoped to see this technology occur in my lifetime, I said to myself "I hope I live to see the day" a few years ago. Here it is in 2016, obviously its just a highly controlled demo but it has connected the dots. I'm confident the technology is there and the hardest work will be overcoming legislation and politics.

But does anyone else find this bittersweet?

I had an awesome moment of pride for what Tesla and Elon have done here. The dream is now reality.

Followed by a moment of sadness. The dream is now reality..

bitL 5 days ago 0 replies      
All German car manufacturers are now fitting their cars with hidden passive sensors for collecting data related to human driving with the intent to use these data for autonomous driving. Their main problem is the cost of transmission, i.e. they are considering buying mobile networks/towers and piggyback on mobile traffic. Then obviously feeding these data to huge datacenters with the projected flow of up to 2MB/s from a single car.
WhiteOwlLion 16 hours ago 0 replies      
Seems like Tesla is moving forward with much regard for safety nor technical advancement. Disappointed Tesla could back up and park in one motion. It also went too far forward to back up. You don't need to that much room. How is it going to handle itself on Market St when it finds a spot but the bus behind it has to go around?
stefanv 4 days ago 1 reply      
I wonder who decided/approved the use of a song about death and funeral procession (Paint it Black by The Rolling Stones) in a video about "driving" without hands on public roads...
mklarmann 5 days ago 3 replies      
It was already announced before, that the hardware is included. And it was clear, that it is meant to be used for autonomous driving. And as they do not have autonomous driving yet, this is indeed just hot air... How would they know it is completed if there is no demonstration of it actually working?
jsingleton 5 days ago 0 replies      
Direct link: https://player.vimeo.com/video/188105076

This is also the video embedded in the main press release (discussion: https://news.ycombinator.com/item?id=12748863) and this news article: https://www.theguardian.com/technology/2016/oct/20/tesla-rel...

studentrob 5 days ago 4 replies      
Is this video sped up to make it seem like the car is more capable?

It seems jumpy, and, for the speed at which the car is going and comes to a stop, there is not as much lurching as I would expect.

bnycum 4 days ago 1 reply      
I was thinking of this idea the other day when I came to an intersection where a stop sign had been hit. It was now bent in a way that faced the highway that did not have to stop. I was on a highway with no stop signs or lights for miles. What would the self driving car do in that situation? For both sides of the intersection.

Then I thought about another intersection by my old house. For years the cross street had to stop for traffic on the main street. One day I went to work, then I came home and it was all the sudden a 4-way stop. No database of stop signs could work either unless it was updated to the minute.

JonoBB 5 days ago 1 reply      
At just after 3.23, when the car is parking, it looks like that rear wheel is going to hit the curb, and then it suddenly cuts away to the next scene.

Maybe there was enough turning angle to miss it, but I dunno...it looked pretty close to me.

NegatioN 5 days ago 3 replies      
So, both Nvidia and Tesla are working on self-driving cars based on the sensory data mainly from cameras mounted on the car, which are then run through X number of RNNs to generate models to operate on? While Google pursues their LIDAR-approach?

What other players are operating in this space? And what's their approach?

pyb 5 days ago 5 replies      
No bad, but it still needs to be taught to keep to the right. Unless this is how people normally drive in the US ?
marricks 5 days ago 2 replies      
Quite interesting that while this is happening,

> Tesla's with new hardware will temporarily lack certain features currently available on Teslas with first-generation Autopilot hardware

Which makes sense, as they'll be pulling in all that new data from the sensors. I guess people won't be too disappointed owning a car that will eventually be able to be fully autonomous!

amluto 5 days ago 2 replies      
> To make sense of all of this data, a new onboard computer with more than 40 times the computing power of the previous generation runs the new Tesla-developed neural net for vision, sonar and radar processing software.

40 times the performance of a Tegra 3 is not particularly impressive.

Also, I sincerely hope that this new faster computer doesn't also run a web browser.

Darthy 4 days ago 0 replies      
To be safely aware of its surroundings, an autonomous vehicle must have two types of sensors in each direction - this setup is not safe enough.

I would also have proof of 10 million kilometers of simulated rides with no accident, and a third party organization not under the control of Tesla who creates some really tough repeatable challenges, both simulated and in the real world, that a vehicle manufacturer has to pass.

Challenges should include:

- thin wire tensioned over the street.

- the combination of super heavy rain with lighting, thick fog and people suddenly running onto the street

- passing by a soccer field and ball bounces over the street. Car should stop because it can be reasonably expected that a child will run blindly onto the street after the ball

- have obstacles that minimally invade into the minimum clearance outline of the current planned course. Car should plot an alternative course if it is possible or stop. Obstacles should appear in the last moment possible and car should always do the right thing.

- proof that the car can always detect street boundaries, any obstacle, and especially humans. It should be 100% correct or side on the safe side every time. At night, in a rain storm with super thick smog and hail. I'm not joking.

These are the minimum limits before any self-driving car should be able to drive on public roads, imho.

mkagenius 5 days ago 2 replies      

It does give a feel of bus/train when the owner gets off and the car heads to its next job.

I wonder if you need to _buy_ cars when complete autonomous cars start to roll.

Element_ 5 days ago 6 replies      
Will this new neural net and hardware be capable of advanced object detection?

For instance if a plastic bag or piece of cardboard rolls across the highway a human driver knows it's safe to run over without stopping. Would a system like this just see an obstacle via radar and emergency brake?

Google has been working on this problem for longer and they have access to the largest image/video datasets in the world to train their models. I wonder how google and tesla systems would compare.

dperfect 4 days ago 1 reply      
It is quite impressive, but I'll honestly have a hard time getting excited about self-driving cars until I see a demo of driving at night in a snow storm (heck, even heavy rain would be nice to see) around road construction, poor signage and faint lines on the road. Believe it or not, those kinds of conditions are fairly common in places outside of California, and until we have self-driving cars that can do really well in those conditions, this is basically just a fun demo in my opinion.

I'm really not trying to downplay the hard work and technical merit of Tesla; sped-up video and opportune edits aside, it is very cool. But I can't help but feel that it's a bit like showing off (to the world) your shiny new web app that only works in IE with ActiveX installed, only if your name is "demo user", and only when the planets are in perfect alignment - or in other words, a functional prototype by anyone else's standards. It's a great achievement, but we're certainly not "there" yet - if that's what it's trying to communicate. And yes, the "Full Self-Driving Hardware" headline certainly seems to suggest that (at least) the hardware is "there" now, and that it's only a matter of software iteration to be done.

Before you respond with the typical "but those are just nitpicky details" or "this is only v1; v2 will be able to solve those things easily", let me say this: going from this to a system that can handle challenging road conditions is not just a matter of software iteration. Since poor road conditions threaten the reliability of sensor data itself, we're talking about a problem that gets increasingly more difficult. The most sophisticated software in the world can't do anything if cameras and sensors are frozen or obstructed, and when signage and lines are lacking, the software must rely on more and more human-like levels of AI inference - not just about driving, but about the complex world in general.

jasonallen 4 days ago 1 reply      
When this becomes real, the next question becomes "why own the car"? What's the benefit of having it sit in a parking lot for 8 hours until I'm ready to go home. Seems like the future will become more Uber-like, where I call up rides whenever I want, and don't worry about parking, maintenance, etc....
nateberkopec 4 days ago 0 replies      
If I was Tesla, I wouldn't have sped up the video at all. People are going to think this car drives like a maniac.
shas3 5 days ago 1 reply      
This is a sign of the utter commodification of hardware and the possibility that a majority of innovation in the future (with the exception of low-power wearables) lies in the realm of software and algorithms.
tzakrajs 5 days ago 0 replies      
The off-ramp scene seemed precarious like a pinball down a bumper lane.
ajmurmann 5 days ago 2 replies      
About self driving cars in general: I am very concerned that self driving cars and speed limits are going to be a very annoying issue. I can see them drive way slow in semi-complicated situations annoying all other drivers. There are also many places in the county where it's normal and seemingly expected to go 5-10mp/h over the speed limit. Of course self driving cars will stay under the posted speed limit. I hope that in the long run we will be able to innovate on how we deal with speed limits especially once the human driven cars are off the road and hopefully illegal. But till then I can see lots of road rage coming from this.
grondilu 4 days ago 1 reply      
I think the most impressive part is the end, when the car looks for a parking spot.
cs702 5 days ago 1 reply      
Very impressive...

BUT the car was driving itself in ideal conditions, with high visibility in all directions and amidst light traffic.

What I'm really hoping to see is a video of the car driving itself in more dangerous situations, such as in the middle of heavy rain or thick fog that limits visibility, or at night on a dangerous stretch of highway with lots of trailer trucks zooming by, or surrounded by tired angry drivers on a major holiday in a popular route with bumper-to-bumper traffic.

When self-driving cars can successfully navigate those and other similarly dangerous scenarios, we will know the technology is ready.

revelation 5 days ago 1 reply      
Teslas with new hardware will temporarily lack certain features currently available on Teslas with first-generation Autopilot hardware, including some standard safety features such as automatic emergency breaking, collision warning, lane holding and active cruise control

Right, so they are actually announcing that their new cars now have less automation capabilities. I can't keep track with all the "autopilot" hardware they have deployed to date, MobilEye, BOSCH Radar, own software hacks, then this completely new one..

Not to mention that they have sold thousands of cars with the same Autopilot brand and "fully autonomous soon" messaging that will now likely never get there.

pauljurczak 5 days ago 1 reply      
Hardware performance is not a problem for Level 5 autonomy - the software is. If Tesla insists on deploying full self-driving capability in the next couple of years, they will be litigated out of existence. We are a few decades away from autopilot to "understand" what it is doing. Right now it is just parroting the most common scenarios. This may be as good or slightly better than the average driver, but it still will result in many deaths, if deployed in hundreds of thousands of cars. Unless Tesla somehow shields itself from legal liability, it will be sued to oblivion.
modeless 5 days ago 3 replies      
So self-driving will be a standard feature of Model 3, not an option? Pretty cool if they can make it work. I'm skeptical that the computer (NVIDIA Drive PX 2 perhaps?) will have enough power to do it all without LIDAR.
misiti3780 5 days ago 0 replies      
Does anyone know how many people Tesla employs that are dedicated to working on the self driving software?
shawn-butler 5 days ago 2 replies      
So, I am buying hardware I can't use solely for the purpose of providing data to a for-profit company for free to improve its product for another generation of customers?
notliketherest 5 days ago 0 replies      
This is awesome! Talk about a huge training data competitive advantage over Google, GM, Uber, etc
x2f10 4 days ago 1 reply      
I'm probably too late to ask, but how do self-driving cars handle 4-way stops? How does it know when it's time to go?
awqrre 5 days ago 0 replies      
Good thing the car didn't take off for a joy ride after dropping off the customer... might have became a legal issue.
RLN 5 days ago 4 replies      
Looks like Tesla self driving cars 'dry steer', something that my driving instructor always told me not to do.
mrkgnao 5 days ago 0 replies      
> While this is occurring, Teslas with new hardware will temporarily lack certain features currently available on Teslas with first-generation Autopilot hardware, including some standard safety features such as automatic emergency braking, collision warning, lane holding and active cruise control.


sixdimensional 5 days ago 1 reply      
I feel like this video would have been even more awesome if Elon himself had been the passenger!
codeulike 5 days ago 0 replies      
Here's the video of it in action, an autonomous drive to the Tesla factory


JBiserkov 5 days ago 1 reply      
Video is well done, the car seems amazing.

Offtopic: There seems to be a bug, the video being uploaded twice:



The second one redirects to the first. The first contains two links to the second, below and on the right "Next video". I clicked for quite sometime until I figured what was happening.

tn_ 5 days ago 1 reply      
This is very awesome and just one more step in moving towards a completely automated world. Everyone's commutes everyday is just a gold-mine of mostly unused data-points. There are solutions out there right now like Waze / Google Maps that'll redirect users around accidents. Can you imagine how crazy it'll be when our roads become even smarter based on individual users. For example, if there are people who "logged-in" to a road that enjoy driving faster, then this self-aware driving car can go in the lanes that avoid certain dangerous users.
nradov 4 days ago 0 replies      
The Jalopnik review of the video was pretty critical, essentially claiming that the test was done under the best possible conditions and this doesn't demonstrate that Tesla is getting any closer to automatic driving on more typical roads. (I don't know whether that's right or wrong, just thought it was an interesting analysis.)


kozak 5 days ago 0 replies      
They have a pretty interesting description of their radar images: "...because of how strange the world looks in radar. Photons of that wavelength travel easily through fog, dust, rain and snow, but anything metallic looks like a mirror. The radar can see people, but they appear partially translucent. Something made of wood or painted plastic, though opaque to a person, is almost as transparent as glass to radar".

So my question is, where can I find such images? Or can I buy such a radar and tinker with it myself? What wavelength are they speaking about?

amenghra 5 days ago 0 replies      
I wonder how they balance their development process for the algorithms with the upgraded sensors vs the code that runs with older sensors as input. Do they maintain two different teams? Back port improvements?
fareesh 5 days ago 0 replies      
1) If a self-driving car is involved in an accidental death. Is the justice system equipped to effectively hold a trial where information like logs, debugging information, etc. are discussed in court to validate whether or not there is any liability on the part of the manufacturer, considering the car is driving itself?

2) What happens in the case of bugs or system-level crashes? What is it about car software that makes it "not broken" compared to the other software we write?

probe 5 days ago 2 replies      
Can someone speak to Tesla's approach of collecting real-world data, and Google's approach of "simulating" roads and conditions and running self-driving models on that (so technically their vehicles drive millions of miles on simulated roads).

Intuitively Tesla's approach makes more sense, but would love to hear someone with domain knowledge on how much of a difference it can actually make (after all, you need quality training data and Tesla may now have to navigate through significant more noise).

vladimir-y 4 days ago 0 replies      
When it will be possible to use Tesla having no driving license? So I just get in the car as a passenger, like a taxi, but without a driver.
tlb 5 days ago 1 reply      
*braking (not breaking). You'd think car company staff would know how to spell a word representing 1/2 of the control space of a car.

edit: fixed, never mind.

hokkos 5 days ago 1 reply      
I wonder, do they upload all the camera videos taken during driving in grayscale low-res video through 4G to be computed though their neural net at Tesla ?What hardware do they have in the car to process the video, the Jetson TX1 can use up to 6 cameras or 1400 Mpix/s, but they probably use low-res output for neural net usage.I wonder what drivers think of their privacy.
achou 4 days ago 0 replies      
Compared to the autopilot I've experienced in my model S, this video shows these features (and probably some more I missed):

- following a path from a map instead of following a specific lane of traffic.

- turns

- recognition of stop signs and light signals

- highway onramp and offramp

- self-parking that finds its own parking spot and works without driver in the vehicle

- better music than I have on my playlist

tonylemesmer 5 days ago 1 reply      
"The person in the driver seat is only there for legal reasons" - how do Tesla reconcile this with the "summon" feature? How can they market the summon feature and say the Tesla could find you on the other side of the country unless it has someone in the driving seat touching the steering wheel?
nodesocket 5 days ago 2 replies      
Was there an event or video? Seems strange that Elon delayed this announcement from Monday if it's just a blog post (press release).
krmboya 5 days ago 2 replies      
I wonder how this will compare against geohotz' comma.ai aftermarket self driving kit that he promises to ship by end of year.

He calls his company's technology level 3, which is more like autopilot, as opposed to level 4, which is a fully autonomous self driving car e.g. Google's.

Does Tesla aim to eventually have a fully autonomous self driving car?

sssilver 4 days ago 1 reply      
Man I sure hope human-driven vehicles/internal combustion engines won't be deemed illegal in my lifetime. I still enjoy driving my motorcycle down the road, feeling the engine vibe on my fingertips, and hearing it click click rumble rumble vroom. This video made me worry.
chillingeffect 5 days ago 4 replies      
It's sad how presenting such solid, undeniable evidence results in a downtrend in valuation:


relics443 4 days ago 0 replies      
1. I want this!!!!2. Too much anxiety, I'll wait until they have a couple billion more miles
Gustomaximus 5 days ago 0 replies      
Another reason we want better battery life on phones. I can imagine a scenario when your car goes and parks itself and you come looking for it without phone battery. Super cool though. Love how they are challenging such a significant and resourced industry.
andys627 4 days ago 0 replies      
I'm curious to see when cities will start changing their zoning for this new reality. The most exciting to me is elimination of parking minimums - these add a lot to the cost of building anything and take up very valuable/well located space.
dyarosla 5 days ago 2 replies      
Who's providing all this hardware? EIGHT surround cameras and TWELVE ultrasonic sensors: Are they building this in house too? If not, that's a lot of business to a supplier... all I could find about camera suppliers for Tesla was their former camera (tech?) supplier Mobileye.
chx 5 days ago 1 reply      
My stance is very simple: when I can buy a car in Vancouver, BC without a driver's license I will be at the car salon door / preorder page / whatever, midnight movie release style to buy one and I won't ask about the price. Just make it happen, please.
aerovistae 5 days ago 2 replies      
Some of what they describe sounds like it's going to take some real adjustment before it stops being annoying and starts being useful, namely the assumption of what you want when you get in and out.

> If you dont say anything, the car will look at your calendar and take you there as the assumed destination or just home if nothing is on the calendar.

Oh boy. If you get in your car, it will just assume it should start driving somewhere more or less immediately? What if you want to sit for a few minutes?

I know, I'm taking them very literally. Just saying, though.

> When you arrive at your destination, simply step out at the entrance and your car will enter park seek mode, automatically search for a spot and park itself.

Again, what if I'm unpacking things for the car, or don't want the car to go anywhere? I don't want to have to pull out my phone and tap on something to stop it rolling away, or jump in front of it or something, or open a door.

Hopefully it obeys simple voice commands directed towards it like "wait here for now."

rbf 5 days ago 0 replies      
I wonder if our Model X that was put in production yesterday will have the new hardware..
geertj 5 days ago 0 replies      
This does it for me. I have seen the future. Today I will register for a Model 3.
Overtonwindow 5 days ago 0 replies      
WOW. SIGN. ME. UP! ...if I could only afford a Tesla. That was really impressive.
jsingleton 5 days ago 0 replies      
The cameras look monochrome from the video. Or is this just editing?

If true then I'm surprised that colour data is not used. You would have to detect a red stop light from just its position rather than it also being red.

jdiez17 5 days ago 0 replies      
Here's a video of their full self-driving system in action: https://www.tesla.com/autopilot/
eriknstr 5 days ago 0 replies      
Direct link to video only: https://player.vimeo.com/video/188105076
honkhonkpants 4 days ago 1 reply      
A little skepticism is OK here. I don't think cheerleading is helpful. One possible interpretation of this video is Tesla is five years behind Google.
andrewvijay 4 days ago 0 replies      
Wow. Just wow. Amazing! Hope it changes everything forever. For a while I thought it was driving way too fast then realized that it was just fast played.
anindha 4 days ago 0 replies      
At 2m 25s the car on the wrong side of the road.


627467 4 days ago 0 replies      
Personally I'm looking forward to how PRIVATE self-driving cars solves hunting for parking problem. It's a great social problem to solve.
rocky1138 4 days ago 0 replies      
What I want to see is a video compilation of all of the cool things it does when it encounters accidents and near-misses.
GeorgeAnka 5 days ago 0 replies      
It's crazy, I can't belive that it will be works if will be only autonomous cars. It will be a lot of deadlocs.
chrismealy 4 days ago 0 replies      
No pedestrians, bikes, ambulances, construction, just dead surburban roads. The perfect car for the zombie apocalypse.
codeulike 4 days ago 0 replies      
These cars are actually robots. In disguise.
niftich 5 days ago 1 reply      
Is this a formal model-year revision/refresh, or just a midyear 'minor revision' thing (despite being a major revision?) Are old models retrofittable? Will this hurt the resale value of existing Teslas that have the last generation hardware?

Is there an industry-standard (or governmental) safety test that these autonomous systems have to go through to evaluate their efficacy and performance in different scenarios?

(edit: clarified the first sentence)

lai 5 days ago 0 replies      
Does this mean we get self-driving capabilities without paying more for it as an add-on?
sharrs 5 days ago 0 replies      
Wow this is awesome!
xadhominemx 5 days ago 0 replies      
Fake video... Page Mill is not backed up onto 280
rocky1138 5 days ago 1 reply      
How does their autonomous car compare to nvidia's?
cdelsolar 4 days ago 0 replies      
Sorry but it absolutely needs LIDAR.
ghaff 5 days ago 1 reply      
Tesla may also want to consider better copyediting of press releases: "emergency breaking." Yeah, it happens. But it looks bad.
laktak 5 days ago 4 replies      
How to steal some cars:

 - hack into a car remotely - tell the car to drive to your parking lot - repeat

alinspired 5 days ago 1 reply      
tesla might not be comfortable releasing new software for update hardware in production
elchief 5 days ago 1 reply      
Wow, what a bunch of negative nellies on here. I hope you people have mildly unpleasant evenings.

Congrats Tesla! That's amazing.

kordless 4 days ago 0 replies      
Shut up and take my money.
nsxwolf 5 days ago 0 replies      
I'm going to buy a bunch of Teslas and sit home and watch the money roll in from my own private Uber.
tempestn 5 days ago 0 replies      
> features such as automatic emergency breaking

Always an amusing typo. I'll take the car without emergency breaking...

pyabo 4 days ago 0 replies      
KITT I need you!
wehadfun 4 days ago 0 replies      
oh shit!
donohoe 5 days ago 3 replies      
So, lets be clear then, you do not truly own the car.

Am reminded of ebook and movie purchases - you're only just licensing the item. You own next to nothing.

thesimon 5 days ago 3 replies      
>While this is occurring, Teslas with new hardware will temporarily lack certain features currently available on Teslas with first-generation Autopilot hardware, including some standard safety features such as automatic emergency breaking, collision warning, lane holding and active cruise control.

But not software and they don't even have confidence in their current implementation?

It's not surprising considering the recent announcements by the regulators, but that's quite a step.

untilHellbanned 5 days ago 0 replies      
This company's self driving cars are gonna have serious problems because their business roadmap is all over the place. This is not just wordplay, I'm serious.
nchelluri 5 days ago 3 replies      
Did you see how close the guys hands were to gripping the steering wheel? Obvious he didn't trust it completely :)

Still, very cool. And the presence of cameras everywhere should help navigate insurance/accident stuff everywhere, I'd hope.

flexie 5 days ago 2 replies      
Are the cars going to look like Google's and Uber's self driving cars, then?

I never cared that much about self driving capabilities - I like to drive myself - and I certainly don't want to shell out $35,000 for a car with what looks like a food processor or a police emergency light mounted on the rooftop.

IMHO, one of the best features of Tesla has been that they actually made EVs look like traditional cars. It might seem trivial, but many of the budding competitors still fail to do just that:



DDoS Attack Against Dyn Managed DNS dynstatus.com
1559 points by owenwil  4 days ago   673 comments top 113
bhauer 3 days ago 12 replies      
Out of curiosity, why do caching DNS resolvers, such as the DNS resolver I run on my home network, not provide an option to retain last-known-good resolutions beyond the authority-provided time to live? In such a configuration, after the TTL expiration, the resolver would attempt to refresh from the authority/upstream provider, but if that attempt fails, the response would be a more graceful failure of returning a last-known-good resolution (perhaps with a flag). This behavior would continue until an administrator-specified and potentially quite generous maximum TTL expires, after which nodes would finally see resolution failing outright.

Ideally, then, the local resolvers of the nodes and/or the UIs of applications could detect the last-known-good flag on resolution and present a UI to users ("DNS authority for this domain is unresponsive; you are visiting a last-known-good IP provided by a resolution from 8 hours ago."). But that would be a nicety, and not strictly necessary.

Is there a spectacular downside to doing so? Since the last-known-good resolution would only be used if a TTL-specified refresh failed, I don't see much downside.

scrollaway 4 days ago 9 replies      
Relevant (or at least a-propos) post by Bruce Schneier, from a month ago: "Someone Is Learning How to Take Down the Internet"


Edit: And to be clear: I don't mean to imply there's any connection :)

tim_armandpour 3 days ago 8 replies      
I wanted to provide an update on the PagerDuty service. At this time we have been able to restore the service by migrating to our secondary DNS provider. If you are still experiencing issues reaching any pagerduty.com addresses, please flush your DNS cache. This should restore your access to the service. We are actively monitoring our service and are working to resolve any outstanding issues. We sincerely apologize for the inconvenience and thank our customers for their support and patience. Real-time updates on all incidents can be found on our status page and on Twitter at @pagerdutyops and @pagerduty. In case of outages with our regular communications channels, we will update you via email directly.

In addition you can reach out to our customer support team at support@pagerduty.com or +1 (844) 700-3889.

Tim Armandpour, SVP of Product Development, PagerDuty

jssjr 4 days ago 7 replies      
I'm a GitHub employee and want to let everyone know we're aware of the problems this incident is causing and are actively working to mitigate the impact.

"A global event is affecting an upstream DNS provider. GitHub services may be intermittently available at this time." is the content from our latest status update on Twitter (https://twitter.com/githubstatus/status/789452827269664769). Reposted here since some people are having problems resolving Twitter domains as well.

elwell 3 days ago 2 replies      
To get on github you can add to your /etc/hosts: github.com assets-cdn.github.com
And it seems faster than normal right (less users).

Edit; for profile pics include: avatars0.githubusercontent.com avatars1.githubusercontent.com avatars2.githubusercontent.com avatars3.githubusercontent.com avatars4.githubusercontent.com avatars5.githubusercontent.com

Animats 3 days ago 7 replies      
So who was prepared for this? Pornhub:


 Name Server: ns1.p44.dynect.net Name Server: ns2.p44.dynect.net Name Server: ns3.p44.dynect.net Name Server: ns4.p44.dynect.net Name Server: sdns3.ultradns.biz Name Server: sdns3.ultradns.com Name Server: sdns3.ultradns.net Name Server: sdns3.ultradns.org


dEnigma 3 days ago 1 reply      
I was not aware of the attacks going on until this happened:

1. Tried to download "Unknown Horizons" (game featured recently on Hacker News) binary, github-link doesn't work.

2. Think "Ok, might be an old link", google their github-repository, github appears down.

3. Try accessing github status website, is down.

4. Interested, try to visit github status twitter account, twitter is down.

Really weird experience, normally at least the second source of news on a downed website I try during an attack works.

foobarbecue 4 days ago 6 replies      
According to Fortune, Hacker News "reported" on the incident. Are we journalists now?

"Popular tech site Hacker News reported many other sites were affected including Etsy, Spotify, Github, Soundcloud, and Heroku." -- http://fortune.com/2016/10/21/internet-outages/

meshko 4 days ago 5 replies      
Very funny guys, can you stop now? We have a demo in 4 minutes.
chromaton 3 days ago 8 replies      
I can't currently get resolution on www.paypal.com.

$ dig @ www.paypal.com

; <<>> DiG 9.8.1-P1 <<>> @ www.paypal.com; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17925;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:;www.paypal.com.INA

;; Query time: 29 msec;; SERVER:;; WHEN: Fri Oct 21 12:35:33 2016;; MSG SIZE rcvd: 32

sly010 4 days ago 4 replies      
I am confused. Are so many big websites using Dyn, or does Dyn have some special role in the DNS chain in the US?
jtmarmon 4 days ago 5 replies      
I'm updating a list of confirmed outages as I see them here https://news.ycombinator.com/item?id=12759520

So far twitter, etsy, soundcloud, spotify, github, pagerduty...crazy that this can even happen

danyork 3 days ago 1 reply      
Journalist and security researcher Brian Krebs believes this is someone doing a DDoS as payback for research into questionable "DDoS mitigation services" that he and Dyn's Doug Madory did. Doug just presented his results yesterday at NANOG and Krebs believes this is payback. Read more: https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twit...
rybosome 3 days ago 5 replies      
I'm wondering, from a regulatory perspective, what might be done to mitigate DDoS attacks in the future?

From comments made on this and other similar posts in the past, I've gathered the following:

1) Malicious traffic often uses a spoofed IP address, which is detectable by ISPs. What if ISPs were not allowed to forward such traffic?

2) There is no way for a service to exert back pressure. What if there was? e.g. send a response indicating the request was malicious (or simply unwanted due to current traffic levels), and a router along the way would refuse to send follow up requests for some time. There is HTTP status code 429, but that is entirely dependent on a well-behaved client. I'm talking about something at the packet level, enforced by every hop along the way.

3) I believe it is suspected that a substantial portion of the traffic is from compromised IoT devices. What if IoT devices were required to continually pass some sort of a health check to make other HTTP requests? This could be enforced at the hardware/firmware level (much harder to change with malware), and, say, send a signature of the currently running binary (or binaries) to a remote server which gave the thumbs up/down.

Animats 3 days ago 0 replies      
Analysis of the Mirai botnet: [1]

This is worth reading. It has links to copies of the code and names the known control servers. Quite a bit is known now about how this thing works.

The bots talk to control servers and report servers.The attacker appears to communicate with the report servers over Tor.

[1] http://blog.level3.com/security/grinch-stole-iot/

Mizza 3 days ago 0 replies      
Although I don't like to to recommend Google products, they provide a provide a public DNS-over-HTTPS interface that should be useful for people who want to add specific entries into their /etc/hosts files: https://dns.google.com/query?name=github.com&type=A&dnssec=t...
Animats 3 days ago 0 replies      
"digikey.com", the big electronic part distributor, is currently inaccessible. DNS lookups are failing with SERVFAIL. Even the Google DNS server ( can't resolve that domain. Their DNS servers are "ns1.p10.dynect.net" through "ns4.p10.dynect.net", so it's a Dyn problem.

This will cause supply-chain disruption for manufacturers using DigiKey for just-in-time supply.

(justdownforme.com says the site is down, but downforeveryoneorjustme.com says it's up. They're probably caching DNS locally.)

newsat13 3 days ago 4 replies      
Switch to OpenDNS servers - and Even google NS are down it seems. Heroku works after switching to opendns.
bgentry 3 days ago 3 replies      
If you're having issues with people accessing your running Heroku apps, it's likely because you're running your DNS through herokussl.com (with their SSL endpoint product) which is hosted on Dyn.

If you can update your DNS to CNAME directly to the ELB behind it, it should at least make your site accessible.

cm3 3 days ago 1 reply      
Just to be clear, this is a DDoS against Dynect's NS hosts, right?

I'm confused because of the use of "dyn dns", which to me means dns for hosts that don't have static ip addresses.

I'm actually surprised so many big-name sites rely on Dynect, which I hadn't heard of, but more importantly don't seem to use someone else's NS hosts as 2nd or 4th entries.

ohblahitsme 3 days ago 3 replies      
Twitter and Github are still down here in LA (and confirmed on isup.me)
andmarios 3 days ago 0 replies      
OpenDNS servers seem the only ones that still work. Kudos.

It may not be the proper action but this kind of soft-fail scenario (use the old DNS until you can contact the DNS servers and get new ones) is much better.

 echo "nameserver" | sudo tee -a /etc/resolv.conf

ljosa 4 days ago 4 replies      
AWS says "We are investigating elevated errors resolving the DNS hostnames used to access some AWS services in the US-EAST-1 Region." Is that coincidental, or are they being DDoSed also?
tedmiston 3 days ago 2 replies      
Anyone else spend the morning thinking the problem was their setup? I've been flushing my system DNS cache, Chrome's DNS cache, changing DNS servers, rebooting my router, turning VPN on/off, etc.
nodesocket 3 days ago 1 reply      
I've been singing the praise of AWS Route53 for a long time, they up and running. I can't believe major multi-million dollar companies (Twitter, GitHub, Soundcloud, Pagerduty) would not run a mix of multiple DNS providers.

Also what is happening is a cascade effect, where a 3rd party being down effects others.

Supersam654 3 days ago 1 reply      
OpenDNS DNS Servers ( and are still resolving websites while my typical fallback to is not.
artursapek 4 days ago 1 reply      
Twitter, Reddit, wow. I was so confused for a moment. Thankfully HN is here to explain.
jrochkind1 3 days ago 2 replies      
Is it time for everyone to actually start using secondary name servers/DNS resolvers too from a different provider from primary? DNS _is_ built for this, for the very purpose of handling failure of the primary resolver, isn't it? Just most people don't seem to do it -- including major players?

Or would that not actually solve this particular scenario?

jread 4 days ago 1 reply      
Seems to be impacting POPs in US East most severly. We use Ripe Atlas to assess the impact of DNS outages, and in the past hour have measured about 50-60% recursive query failure from a few hundred probes in that region: https://cloudharmony.com/status-for-dyn
wnm 4 days ago 0 replies      
Heroku also seems to be affected. I'm getting this when I run 'heroku status':

>> We are seeing a widespread DNS issue affecting connections to our services both internally and externally.

altyus 4 days ago 5 replies      
For me redirecting my DNS to Google public DNS and did the trick.
danyork 3 days ago 0 replies      
There's a bit of exquisite irony in the fact that just yesterday an article on the Dyn blog was:

Recent IoT-based Attacks: What Is the Impact On Managed DNS Operators? - http://hub.dyn.com/traffic-management/recent-iot-based-attac...

It's a good piece about how IoT-based DDoS attacks are carried out. And now Dyn has the answer...

HN thread about that article at: https://news.ycombinator.com/item?id=12764650

devy 3 days ago 1 reply      
Is Zendesk being affected? Their status page is reporting external DNS provider is having DNS issue [1] and most of their sites are being affected.

[1] https://status.zendesk.com/

patmcguire 3 days ago 2 replies      
Any quick script to see if a given domain ultimately resolves to them? My SaaS company has a lot of custom domains from whatever DNS servers pointed at us and I'd like to be able to tell people whether it's our fault or not.
Legogris 4 days ago 0 replies      
Microsoft's visualstudio.com's build servers fail to resolve Github and New Relic. So much for my Friday night deploy to staging.
mjpa 4 days ago 2 replies      
Is it really an internet wide outage?

Only 2 of the points in the US are affected on https://www.whatsmydns.net/ for the domains we've got on Dyn - same for Twitter etc

CodeSheikh 4 days ago 1 reply      
Let's assume, that foreign countries such as Russia or China would be trying to sabotage our elections on Nov 8th night. What are the severe economic and political backlash that we can deal with if we cut off the traffic coming in from those region (not in a "we control the internet" kinda way)? I am sure they already have nodes operating within the USA. A lot of major tech companies use CDNs that can still serve traffic globally to the consumers of those countries. Even better, how about we regulate and slow down all of incoming traffic for say half day on election day? Is it even possible?
_ar7 4 days ago 1 reply      
Almost every website I visit except HN seems to be down...
devnull42 3 days ago 0 replies      
Dyn reporting another attack started at 15:52 UTC.
pawal 3 days ago 0 replies      
DNS was designed so that you can have multiple operators for your authoritative name servers.

Who would have thought adding a spof to your infrastructure would ever be a problem?

emmet 3 days ago 0 replies      
Is it just me or are these kind of attacks becoming way more frequent recently? This kind of widespread outage seems so new, but again, that might just be me.
dudul 4 days ago 2 replies      
Damn, I've spent the past 30 minutes trying to update my DNS and playing with my router config! :)

No GitHub, well, it's gonna be a fun Friday...

mirekrusin 4 days ago 1 reply      
They should do it once a year and call it Friday without Internet Day.
shortstuffsushi 3 days ago 0 replies      
In (well, after) attacks like this, and really any other massive DDOS, shouldn't it be possible to identify potential botnets and try to take them out (notify their owners that they're being used, notify their hosting providers, etc) so that they can't be used again in the future?
azaydak 3 days ago 2 replies      
Quick question for you all. Just two days ago I registered two domain names at dynu (not dyn). Early this morning I a cold call from a company in India who knew the domain names and my phone number and was calling to ask if I wanted them to help me manage my website cheaply. Also, this morning I got a spam text from someone who claimed to by godaddy offering the same thing. Now I protect my number really well so this is the first time in 5+ years that I ever got spam texts or calls to my number. Do you think Dynu was also hacked?! Or maybe Dynu sells client numbers (which is how the guy in India claimed to get my number) and it was just by random chance that this happened at the same time as the Dyn hack.
atsidi 3 days ago 0 replies      
I've been having the same problem accessing github in particular. Just for fun, I opened the Opera browser and activated the built-in VPN. That got everything going again. At least for browsing, not so useful for my git pulls and pushes.
LeanderK 3 days ago 1 reply      
Can someone explain why this is so bad? I think the internet handled the downtime of Dyn pretty great, not reaching github wasn't exactly pleasing, but i added the ip temporary to /etc/hosts and the problem was solved. Isn't the best strategy to accept that attacks will continue and systems may go down and design for resilience? If so this attack can serve as a warning and as a check that we can handle these types of attacks. I am a bit exaggerating, but i would imagine that constant attacks keep the internet resilient and healthy. An unchallenged internet may be the greater risk.
DenisM 3 days ago 1 reply      
The DDoS problems, at least those not related to spoofing IPs, could be curtailed if we provide a strong incentive to the ISPs to work on it.

Let's hold the ISPs financially liable for the harmful traffic that comes from their network. If a client reports a harmful IP to the ISP, every bit of subsequent traffic sent from that IP to this client carries a penalty.

Yeah, I know, routing tables are small, yada yada. If we put thumbscrews to the ISPs they will find a way to block a few thousands IPs of the typical botnet, even it requires buying new switches from Cisco & co.

Incentives drive behavior.

adamrights 4 days ago 0 replies      
We were affected @WSJ as well.
elmigranto 3 days ago 1 reply      
I've managed to (seemingly) save my browsing with Yandex DNS:

peatmoss22 3 days ago 0 replies      
Need to get in to dyn.com to download your zone files add this to your hosts file: www.dyn.com204.13.248.106 dyn.com216.146.41.66 manage.dynect.net151.101.33.7 static.dyn.com
jtmarmon 4 days ago 1 reply      
Semi related: I noticed this incident right when it began, but not because I was trying to access a website. This started happening to me: http://imgur.com/PPlaY5o

Then when I went to push to github out of fear my computer was about to soil itself, that failed too, and I noticed the outage.

Does anyone know if the above errors could be related to the outage? I'm using vim inside tmux with zsh as my shell. Maybe zsh does some kind of communication with gh while running?

I restarted my computer and it's still happening

mdtancsa 4 days ago 0 replies      
Anyone know any details of what the attack looks like ? I had a quick look in my (albeit small) network to look for odd flows going to their ASN33517, but didnt see much that looked odd on first glance...
anonymousjunior 3 days ago 0 replies      
No idea if this would work, but could people theoretically just ping flood the IOT devices involved to mitigate the attack?

They run some sort of web server since most devices provide some web interface, so clearly there's a port open which could be hit if the IP is know, and with the shoddy security in these devices I'd wonder if their local (likely low performance) hardware would be susceptible to something as simple as a ping flood attack.

metaverse 4 days ago 1 reply      
While my app isn't resolved using DYN, we are relying on APIs on our EC2 backend that use their DNS. Is there a Linux DNS caching server that will serve from a local cache primarily, and do lookups in the background instead to update the local cache? During the period DYN was down, it would've continued severing from the local cache and retried the background lookups, keeping my app up. I can also see it improving performance as my servers currently do lookups to the EC2 DNS on each http request...
octoploid 3 days ago 1 reply      
It is spreading to other DNS providers, too:https://status.fastly.com/

www.ft.com is unreachable for example.

mmaunder 3 days ago 0 replies      
Third attack underway: https://twitter.com/AlexJamesFitz (as of 10 mins ago)
paulddraper 3 days ago 2 replies      
I thought DNS (particularly public) was basically immune to DDoS?

If one DNS server is down, use the cached result or another server.

DNS is some of the most distributable, cachable data I can imagine.

leesalminen 3 days ago 0 replies      
Boulder here. Can't resolve Wufoo or PayPal using
r1ch 4 days ago 1 reply      
Surprised to see so many big names relying on a single provider. DNS is designed to be distributed, it should be possible to avoid a single point of failure.
wweiss1230 3 days ago 1 reply      
How can I, a proficient web developer but one with little experience working directly with its underlying infrastructure, help in whatever effort is being down to thwart this and related attacks? I feel a moral obligation to help as these attacks seem a grave threat to our economy and could cause unrest given the current political climate. Thanks.
fatherzeus 3 days ago 0 replies      
For people in need of the IPs for their respective services. You can find them here: ipaddress.com or any of the other similar services
danyork 3 days ago 0 replies      
https://cloudharmony.com/status-for-dyn is now (12:43pm EDT) showing Dyn's "US East" and "US West" centers as being down. Anyone know anything about this Cloudharmony service? How often does it update? and what is it monitoring?
djhworld 3 days ago 0 replies      
At work earlier we was seeing hostname resolution errors with applications trying to contact amazon s3 from on premises infrastructure.

This was in eu-west-1, but it coincided with a bunch of other systems in the organisation having problems at the same time.

Additionally CloudWatch logs seemed to be completely broken for about 30 minutes on the Amazon Console.

arp 3 days ago 0 replies      
Here's how to add static mappings temporarily to survive through the outage:


x2398dh1 3 days ago 0 replies      
Currently I am able to get into every site on the web, including GitHub, by using a VPN service based in Hong Kong.
dboreham 2 days ago 0 replies      
What this event shows is that using DNS as a load routing/balancing mechanism is a bad idea (because that's why folks have low TTL and an inability to specify truly redundant secondaries).
dudul 4 days ago 0 replies      
And there is no twitter to tweet about it!!!
RRRA 4 days ago 0 replies      
Those distributed alternatives look better everyday... if only there was a working group and a transitional path.
cyberferret 4 days ago 0 replies      
Hmm... Seems to be quite widespread. Some of our Amazon AWS services (located in the US) that rely on SQS are reporting critical errors. Intercom.io is also down at present, which we use for support for our web apps. Not looking very good from here (in Australia).
foxhop 3 days ago 1 reply      
So I had hardcoded my DNS server to googles, aka:

 dig @ github.com +short
I was not getting an answer.

However using my routers/dhcp/ISP to set my DNS server, I am able to get answers:

 dig github.com +short

pmuk 4 days ago 1 reply      
I'm getting DNS errors on my PS4 when trying to download stuff, I guess it's related!
edgartaor 3 days ago 1 reply      
I'm curious. What kind of infrastructure you need to make this massive attack?
dmalvarado 3 days ago 1 reply      
This may be dumb, but someone enlighten me:

If this kind of attacking does escalate, wouldn't it be possible to simply cut off requests from outside the United States at the points of entry? Basically, turning the US into an intranet?

wav-part 3 days ago 0 replies      
Why is there even a concept of managed DNS ? Arnt we already paying >$1M/yr so that we can get 32 bit integer from a string ? This does not make sense.
cultavix 4 days ago 1 reply      
Not sure if related but circleci.com is down for us do to a "DNS issue" !
kilroy123 3 days ago 0 replies      
Interesting. Lots of sites have been down for me, here in Mexico City. Twitter. Github. Loads of other random sites. When I turned on my US based VPN. It all started working again.
dev_1024 3 days ago 0 replies      
How come you can access these sites from some countries? I imagine there are lots of name servers and that the attackers are specifically targeting servers for US?
nbrempel 4 days ago 0 replies      
It's a strange coincidence that Hover DNS was down for same reason a week ago.


Rapzid 3 days ago 0 replies      
Looks like github and braintree both got AWS dns servers mixed in about the same time. Did they both switch over or is Dyn working with AWS on this?
lips 3 days ago 0 replies      
How many DNS services ala Dyn exist?Is it not still massively significant that a successful attack can be launched on even one of these?
adobrawy 3 days ago 0 replies      
Twitter and GitHub is down on Scaleway (AS12876) and Tiktalik (Warsaw, Poland, Europe, AS198717) network too (no response from dynect.net).
Kluny 3 days ago 0 replies      
Highrise seems to be having problems, as seen by email errors when we forward email to Highrise dropboxes.
llamataboot 3 days ago 0 replies      
Heroku is still having problems as well
Animats 3 days ago 2 replies      
Github is currently inaccessible. Can you still compile Rust programs that depend on Github files?
alexmorenodev 4 days ago 0 replies      
Here in Brazil things are pretty slow.

"Oh, maybe its our shitty ISP screwing up everything again."

No, it's in a bigger scale.

tbarbugli 4 days ago 2 replies      
Github does not work for 100% the time
kakarot 3 days ago 0 replies      
Don't be a dick. I'm sure their staff has a giant collective migraine right now.
zappo2938 4 days ago 0 replies      
Explains why the Heroku API is down.
Kaedon 3 days ago 0 replies      
What other providers would you recommend than Dyn? Route53? Cloudflare? Something else?
ifelsehow 3 days ago 0 replies      
Reposting imglorp's comment on the root of the comment tree, as it's buried currently. This should restore service for those desperately needing to access Github etc ;)

> ....point your machine or router's DNS to use opendns resolvers instead of your regular ones: and

tbarbugli 3 days ago 0 replies      
I am very surprised this is not getting that much attention on national news.
im3w1l 4 days ago 0 replies      
Fascinating weak spot!
d--b 4 days ago 0 replies      
Looks like at least some of it is resolved. spotify is back
Raed667 3 days ago 0 replies      
You can add Netflix to the list.

 GET https://art-s.nflximg.net net::ERR_NAME_RESOLUTION_FAILED GET https://assets.nflxext.com net::ERR_NAME_RESOLUTION_FAILED

BlackGuyCoding 3 days ago 0 replies      
Anyone having any issues with WhatsApp? Mobile text seems to work fine but all images fail, Desktop & web browser aren't connecting at the moment (west coast)
CarVac 4 days ago 1 reply      
Using Google Public DNS fixed things for me.
mirekrusin 3 days ago 0 replies      
Github doesn't work again for me :(
invisiblep 3 days ago 1 reply      
Why not use:

OpenDNS - recursive DNS

Cloudflare (DNS only) - authoritative DNS

Both services are free and distributed across the world.

Artemis2 3 days ago 0 replies      
PayPal, Braintree, Spreedly down. Some companies are going to lose money today...
darkmouth 3 days ago 0 replies      
and its down again
eredi93 3 days ago 0 replies      
and the attacker are back. DDoS v2 is here
halayli 3 days ago 0 replies      
github.com seems to be down because of this.
middleman90 3 days ago 0 replies      
Shopify is down
transfire 3 days ago 0 replies      
Oo oo, I know! Iran did it!
piker 4 days ago 0 replies      
CNN.com is knocked out by this attack as well. I could see that as a useful target.
transfire 3 days ago 1 reply      
Must be trying to stop the latest Julian Assange leak.
ilostmykeys 4 days ago 1 reply      
The Internet is so resilient. LOLz.
chatmasta 3 days ago 0 replies      
I'd like to see proof of this attack from an outside network observer.

Is it possible the government could force a DNS provider to pretend to fall victim to a DDoS attack, as a form of a false flag cyber attack?

brooklyndude 3 days ago 0 replies      
Why does it always have to be a "Nation State", have been hanging out with 17 year old's that knew far more about DNS configs than a room of "Cyber-Security-Professisonals", they were clueless, these kids could run circles around them.


raemike123 3 days ago 4 replies      
USA cyber defenses are NOT up to the task of defending our critical electronic infrastructure. Letting every company that runs critical services decide their own security posture is not scalable and has left us vulnerable. While no one is getting hurt, we are taking cyber missile hits from our enemies and eventually the damage will be worse. Other countries with more central controls will be less vulnerable than we are to crippling infrastructure take downs.
Nintendo Switch New Video Game System [video] nintendo.com
940 points by ocdtrekkie  5 days ago   534 comments top 79
emdowling 5 days ago 8 replies      
It is so reassuring to see Nintendo create a modern gaming machine that doesn't try to be a living room hub or an iPad competitor. Going entirely by the video alone, every single design decision has been made with a clear focus on gaming. The simple docking action for transitioning it to the TV, the versatility and portability of the controllers, the reasonable size, etc all combine to make this (again, judging entirely from the video) a focused, confident release that finally embraces the changing way people play games.

Besides an original Gameboy (which I loved), I've never owned a Nintendo console. After seeing this trailer, it is an instant buy for me in March.

The only thing I want to know more about is the online store. From what I understand, Nintendo's eStore has a lot of shortcomings in a lot of weird areas. I hope they address those. I have an Xbox One and about 25 games, all of which were purchased digitally. I'm not sure I could go back to physical versions of games.

mratzloff 5 days ago 9 replies      
If there's a "switch" here, it's Nintendo finally taking feedback from customers and third parties seriously.

Console with graphical power that rivals Xbox One and PS4. Check.

Industry-standard architecture and tooling (Unity), allowing third parties to flood in. Check.

Blends their successful portable division with their console division (this has been a common refrain for awhile now). Check.

They already addressed multiplayer, although they could go further with that.

This is going to be a major windfall for them.

neals 4 days ago 9 replies      
Maybe not a popular opinion right now... but I'm so glad there's at least one brand out there that isn't jumping the 'VR'/'AR' - bandwagon.

I've tried to get into VR with the oculus and the VIVE, but no, it's just not for me. Happy to see Nintendo do what they do best: come up with a great formfactor, but let games be games.

6stringmerc 5 days ago 2 replies      
Very clever. Anchor for home, and again trying for the mobile area where their creativity really worked (3DS). I'll be curious in the system specs and the decisions they made - such as having that apparent card slot. Hooray for the headphone jack.

I'll never understand the marketing motivation to show a bunch of people getting together for a social gathering and togetherness, then cram together to watch / play on something with a screen the size of a hardback novel.

nlawalker 4 days ago 0 replies      
The most interesting thing to me is a design decision that combines an important aspect of the original NES with an important aspect of all of Nintendo's portable machines since the DS: a reduced barrier to entry for multiple people to play. In 1989, every NES sold came with two controllers out of the box. Similarly, every portable Nintendo system since the original DS has supported Download Play, which requires each player to have their own console, but only a single copy of a game.

It looks like you'll be able to use the standard Switch controller as two "half controllers." Sure, you get limited functionality, but one person with one standard (portable!) console and one multiplayer game like Mario Kart can say those all-important words to anyone, anytime: "Want to play?"

exelius 4 days ago 5 replies      
So this is a good usage model, but I'm not sure people want to carry yet another tablet just for gaming. The only way I can see this thing taking off is if it can fall back into an Android tablet mode for web browsing, e-mail, etc. But as a portable gaming console, it seems pretty boss. I'm curious what the hardware specs are and how they differ from other tablets on the market.

Because if it can't do everything else my current tablet can, I'm gonna have to carry a tablet AND this thing. Done right, Nintendo can make this thing the first real challenger to the iPad for mass-market adoption. But they've gotta treat it as a first-party Android device and get updates out ASAP and not muck with the interface too much. I'm willing to bet they could work out a rev-share agreement with Google on the Google Play store and Google Play Apps (and keeping their own Nintendo licensing scheme).

But let's not kid ourselves here: Nintendo is a Japanese company and it operates like one. That means they'll try to own the entire value chain and miss out on any network effects, while simultaneously moving themselves from a market with a 5-10 year refresh cycle to one with a 2-3 year refresh cycle. While it means they could sell more tablets to repeat customers, it also means that they have less time to be patient for success (as happened with the Wii and WiiU) since it also increases customer churn. Network effects and platform lock-in are a lot more important when the refresh cycle is shorter, because there are more opportunities for your customers to jump off the train.

I wish Nintendo luck, and I think that this is a good usage model. But I'm not convinced it's compelling enough to displace the tablets that people are already carrying around with them unless it can also duplicate the capability of those devices.

zelias 5 days ago 6 replies      
Nintendo has been trying to blend mobile and console gaming since the Gamecube (anyone else remember the GBA link??). I think they've finally succeeded in a way that can make the transition between the two seamless.

In a space currently dominated by two nearly-identical competitors (XBONE and PS4), I think Nintendo has the opportunity to capture a large portion of the market.

bigtunacan 5 days ago 1 reply      
This is a pretty brilliant move in concept. While phones and tablets have encroached on the handheld gaming space, the DS is still a huge success and where Nintendo has continued to dominate the market.

As a parent, I have 4 of the current gen DS systems. One for myself and one for each of my three children.

Nintendo has really struggled to stay relevant in the console space though as seen by the Wii U's underwhelming sales.

If this device is priced right and can continue on their virtual handheld monopoly then they become a sort of defacto console system for the masses. For the first time in ages I'm curious to see what is going to happen with Nintendo.

revjx 5 days ago 3 replies      
I'm quite excited by this. The video was a bit lengthy but it demonstrated the concept quite well.

Glimpses of Mario, what appeared to be Skyrim, too - more third party support this time perhaps?

I'm most interested to see the price and the spec of the machine. Xbox One and PS4 seem to have become more homogenised in terms of architecture than the last generation of consoles (PS3 was especially weird), if the Switch follows suit it would hopefully encourage more third party support. Assuming the power is there.

Bahamut 5 days ago 1 reply      
This looks amazing - nice form factor for easy use on the go (demonstrated in many ways in the video, including on airplanes), but still letting you have a classic game experience. It shows smart usage of now standard wireless tech and highly portable & fast storage.

It's amazing how slow game consoles change minus beefed up computing capabilities, and while Nintendo has had some hit or misses, this shift looks like a vastly superior improvement over the initial ideas brought forth by the Wii U.

captainmuon 4 days ago 2 replies      
Very promising. I like how haptic it is. Part of the magic of old Nintendo was the feeling of slotting in a cartridge, and handling a well-designed device and controller. They will not go back to cartriges obviously, but it seems like they put a lot of thought into this... like car engineers do when the have the doors make a specific sound when they close.
yumaikas 4 days ago 1 reply      
There are two major things that I'm curious about:

Price point: How much is this going to cost per unit? I'd imagine it's going to be much cheaper than the other current gen consoles

Battery life: If it doesn't get more than 1-2 hours, or else come with some way to extend the battery life via an accessory, it will be kinda underwhelming.

That being said, this is a very intriguing idea, and is a good focus on an easy to understand concept. Funny image: Two people playing on a Switch with the controllers snapped onto it, doing some top down game like air hockey or something.

pimeys 5 days ago 2 replies      
Their stock price also went up over one billion today.


tvanantwerp 5 days ago 4 replies      
Of the featured use cases, gaming on a plane is the only one that made a ton of sense to me. (Binging on Stardew Valley on a laptop during my last trip to China actually helped a lot with jet lag recovery.) The other featured cases, I'm not so sure. I definitely miss the days of my youth when my friends and I huddled around a TV split four ways. But I also don't see us returning to gaming together in person either. The most bizarre use case featured is for esports--I see no advantage to using the Nintendo Switch versus a more powerful console or PC in competitive gaming.

As a piece of hardware, this looks really cool and innovative. But I don't actually know if the product-market fit is there.

Pxtl 5 days ago 0 replies      
It's perfect. It was the obvious direction putting together the ideas that the Razer Edge and various snap-on-phone gamepads and the controllers of the Wii and the Wii-U implied, as well as Nintendo's attempts to create input-parity with the Wii-U and the DS by having them share the same "2 screens, one is touch" layout.
Tiktaalik 5 days ago 0 replies      
It looks very promising. Nintendo's strengths are in portable and local coop play, and they've managed to create a new product that excels at both.
dogma1138 5 days ago 3 replies      
Battery life on tegra devices is abysmal I'm really wondering if the guy can get from the gate to the plane without it running out if you run full 3D graphics games like those.
shanusmagnus 4 days ago 0 replies      
Not really relevant to anything, but I'm so grateful the movie includes the guy on the plane playing the Switch while ACTUALLY WEARING HEADPHONES. People who play videogames (or movies) on planes while piping audio through the speaker for everyone to "enjoy" should be force-ejected through some kind of special chute.
slavik81 4 days ago 0 replies      
You know, I always thought the idea of a hybrid console/handheld was a terrible idea. I expect that mobile considerations are going to make it graphically underwhelming compared to the next Xbox and PlayStations. I also figure that graphical considerations for TV play are going to make it eat battery. We'll see if the jack of all trades is master is any.

But, on the other hand, Nintendo's games are just plain fun. I didn't buy a Wii U because I didn't want that giant tablet controller and its charging stand taking up space on my coffee table, but every time I saw Splatoon I wished I had room for it.

Perhaps this can fit in my life.

sodafountan 4 days ago 3 replies      
I just don't have faith in Nintendo anymore, they have a track record now of so many failed consoles and disappointments, lack of third party support, even the new Zelda doesn't get me that excited (and I've been a die hard fan for years, playing Ocarina of Time as a kid made me want to learn how to make games). We'll see how this one turns out.
bitwize 5 days ago 2 replies      
For a second I wondered, is Nintendo building network hardware now?

My worry here is that Nintendo may be making the same mistake that BlackBerry made: doubling down on hardware when they should be building out their app ecosystem on dominant mobile platforms.

That said, the Switch looks cool. Really freaking cool. I just wonder if it'll be enough.

colinthompson 4 days ago 0 replies      
Looks really cool. Too bad its not out in time for christmas. The thing would sell like crazy this year.

What I find most notable in the video is their nod to competitive-gaming / esports, which Nintendo has such a long history of shunning/disrespecting/mis-understanding. Maybe theyre finally trying to atone for the debacle around the whole Smash scene? (Then again, maybe its just the marketing people who put this video together thought that would be fun to add and have no idea about Nintendos history here.)

Tiktaalik 4 days ago 1 reply      
If they've switched to a capacitive touch screen instead of resistive then there's the potential for easily porting Unity based Mobile iOS/Android games to this.

This could be a great new marketplace for indies that make pay up front mobile games.

F2P mobile games monetization strategies rely on huge install bases that the Switch is unlikely to reach, so porting these games over may not make as much sense, but it could still be worthwhile to port to the device in order to provide more gameplay options to existing users.

Unbeliever69 4 days ago 2 replies      
I must be very out of touch with the gaming habits of millenials. The intro movie itself seemed like some nerdy wish-fulfillment. Who acts like this? Where can I meet some stunning gaming hottie like the one in the airport? Will the Switch make my life this fantastic?
astrostl 5 days ago 0 replies      
My family has a Wii U, and it's connected to the only TV we really use in the house. The Wii U game pad permits pad-only play on some, but not all, games and doesn't have any capacity for multiplayer on it. I think this addresses the, "someone is taking over the TV" and, "take it outdoors" kind of use cases very nicely. Surprised they didn't play up the family aspect of it for that, but I guess that's an (only?) already-captured demographic.
bane 4 days ago 1 reply      
Looking at the concept video it's clear that Nintendo is doubling down again on the idea of personal, physical interaction as the concept for multiplayer activities -- the "you and a friend in the living room" idea. I applaud this, but online gaming is something that Nintendo really struggles to "get" and has cultural issues with as well.

There was a an article (gamasutra maybe?) about how the N with the Wii, fundamentally had no idea what their competition was up to or understood gaming notions that had become very commonplace by that time -- like online matchmaking for gaming, etc.

However, as a gamer, I think this is definitely setting a differentiable and right path that doesn't tie Nintendo to just selling another port target for games.

I'm reminded of this old Reddit post that presages some of what's in this video:



lucaspiller 4 days ago 2 replies      
Direct link to the YouTube video. It doesn't load with uBlock Origin:


4minute 4 days ago 0 replies      
Everyone is worried about graphics. Nintendo systems have never been about graphics. It's all about the games. They are combined two of the best selling consoles EVER. The 3D is the second highest selling console ever. The wii is fifth. The Switch brings both of them together. You can experience the awesome Nintendo literally anywhere at anytime. You can't get that with any other console. Now they are bring in major titles and giving us multiple good controllers for when they are needed. That's fucking awesome. I was about to buy the PS4 Pro edition, but fuck that I'm waiting for this. I'm hoping they still alway 3DS controllers to connect to the console so I can play with my 3DS friends with the portable device and the dock.
sssilver 4 days ago 1 reply      
I often wonder whether it would be a good idea for Apple to acquire Nintendo, and have them focus on building phenomenal gaming experiences on the iOS platform through focusing on software and device accessories (e.g. controllers). For some reason Apple and Nintendo in my head feel like they share important DNA traits.
norea-armozel 5 days ago 0 replies      
I read somewhere it seems the Switch won't be region locked which is very interesting. I wonder if Nintendo is cutting the initial 3rd party devs a deal on the new cartridges then (considering they'll likely be still more expensive than your standard Bluray DVD).
microcolonel 4 days ago 0 replies      
Here's the link to the video on YouTube, I tried to load the linked page about 12 times and it failed each time, turns out the video is on YouTube anyway.


apricot13 4 days ago 0 replies      
I'm so excited for this, I've (eventually) owned every nintendo console/handheld (I'm looking at you badly marketed WiiU).

I really hope they fix some of the issues with the eShop - it needs work, but its improved a lot!

What happens when you lose the right part of the controller? can you buy them individually or do I need a whole new pad?

If my screen gets scratched - can I just replace the screen section?

What happens to my save data - if my bag gets damaged/stolen, will I lose all my save data or is backed up in the cloud/the switch device?

will it come in different colours - I like that the 3ds is so customisable!

idealpersona 4 days ago 1 reply      
Skyrim was released almost 5 years ago, yet an updated version of it is used to advertise the capabilities of a next-generation console. It's really disappointing to see the amount of recycling in entertainment in the past 10 years. More disappointing that people eat it up.

Also, the entire selling point is being mobile crossover. That seems like a great secondary feature, but alone... that's it? Where is the imagination that brought us the Wii?

I can only hope Nintendo attracts enough development to make interesting (perhaps Pokemon Go-influenced) unique crossover use cases, beyond just playing the same game the same way on a TV and at the airport.

white-flame 4 days ago 0 replies      
No touch controls or motion controls in sight! I think they'd ultimately be incompatible with this anyway.

You can't have good local portable multiplayer if one player always has their fingers on the screen, blocking the other's view.

Motion would be very haphazard, due to all the usage styles. Where would the motion sensors go? If it's part of the tablet, you can't play while docked to your TV. If it's part of the joycons, you'd probably have to remove them to play some games, which would be again annoying if it's docked. If the pro controller has motion controls as well, some games requiring both joycons wouldn't bother using it. You'd have to have at least 4 sets of motion controls across the parts for it to work ubiquitously.

All in all, it makes a lot of sense that we might not see those 2 clunky features returning, which is great.

But all the bits (dock, tablet, 2 joycons, joycon mounting stump, pro controller) is a bit too clap-trap for me. I had used Wii Fit for a while on someone else's Wii and liked it, so I got a Wii U version. The addition of the touchscreen plus wiimotes in the Wii U made it a mess of always picking up and putting down things, which was super annoying. Having fewer input schemes, and using them well, would be preferable, in my opinion.

calferreira 4 days ago 1 reply      
Is it just me or the console mechanism looks fragile ?If you keep pulling and putting the side remotes, it looks like it might break in the future.

Also, it will be quite the challenge for nintendo to gain momentum with the handheld part of the console. Everyone plays on phones and tablets these days, so i don't see much incentive on that part.

They should've stalled pokemon go and launched it with the new console.

That would create a massive demand for the new console.

finstell 4 days ago 2 replies      
Am I the only one who found it funny that people, all dressed up, playing a basketball game on the device right in front of a basketball field?
FullMtlAlcoholc 4 days ago 0 replies      
This looks like a very well designed console and I appreciate that Nintendo takes chances does try to offer something different with each console release.

The crucial element that is going to determine whether I purchase this or not is will it support location-based gaming? Touchscreens, gyros, and cameras aren't necessary, but location based-gaming and the spontaneous, real-world social interactions it generates was the only reason I played Pokemon GO. I do understand that designing games with this in mind and making it fun for all players is a difficult if not impossible problem to solve for those who don't live in dense urban areas

I'm also disappointed that Nintendo isn't developing for VR yet. While I respect them for not following the herd, if any developer is going to lay the foundational design patterns for VR gaming, it's Nintendo. Mario 64 and Zelda: Ocarina of time did this for 3D.

It'll be interesting to see if this becomes more than a gimmick.

gwbas1c 4 days ago 0 replies      
I like how they emphasize that the Switch uses a standard headphone jack.
jacobmischka 4 days ago 0 replies      
This is a good idea and seems well-executed. While still essentially a gimmick, the portability is a much better and more useful gimmick than the Wii's motion controls or the Wii U's touchscreen controller. It seems to get in the way of gaming much less than those did.

Unfortunately, while it's a rather good gimmick, it seems like Nintendo is repeating its usual mistake of sacrificing gaming power for it. Releasing a device with a 720p screen in 2016 is almost as bad as releasing a device with a 400x240 screen in 2011, in my opinion.

Nintendo has a very bad habit of making devices that compete with the previous generation of its competitors' devices instead of the next one.

candl 5 days ago 2 replies      
Hopefully the docking station provides additional CPU/GPU power, otherwise this would be no different to a PS Vita.
GrumpyYoungMan 5 days ago 0 replies      
Looks intriguing, although, as always, it boils down to what games will be available. I'll reserve judgement until we hear more about them.

In handheld mode, one wonders if they were able to keep parity with the battery life and the touchscreen capability that the DS/3DS had. Losing those would be a significant minus.

SZJX 2 days ago 0 replies      
I pretty much doubt the graphics quality could be that nice as shown in the demo while maintaining excellent battery power. Guess the final graphics won't be that much better than PS Vita. Still, looks like a really exciting concept so am really looking forward to the release and would like to see how it goes.
daodedickinson 4 days ago 1 reply      
I dunno... I never play games except at home now, so there's nothing interesting here for me. It's just gonna come down to whether I want to play Smash / Mario Kart / Mario, like it pretty much has since the GameCube.
anotheryou 5 days ago 3 replies      
What is so big in the dock? Speakers (not really needed with hdmi TVs, no?)?

Also an interesting decision to cover the docked screen (probably to keep 100% compatibility to the single mobile screen and not waste resources while powering the big screen).

joeax 4 days ago 3 replies      
Anybody have any info on how the Switch will be backwards compatible with Wii U discs (i.e. a portable drive perhaps), and 3DS cartridges? I have a stack of Wii U games that hopefully will still be playable.
wodenokoto 5 days ago 1 reply      
The way the switch controller can be used as 1 full controller or two mini controllers is brilliant.

However, it looks as big as an iPad mini. So logging it around, I might actually want it to have tablet functions too.

ericzawo 5 days ago 3 replies      
This looks amazing, and the fact they got Skyrim in the trailer is a great promise of its graphical prowess. I just hope they take online gaming seriously this generation.
chenster 4 days ago 0 replies      
Is it like a Wii U flipped? It's awfully resemble Gamevice controller for iPad - https://gamevice.com - except it's also an iPad, which is as big as 12 inches! How does Switch gets its content, by download, or old-fashion cartridge (I'm totally cool with that). And lastly, the battery lasts how long??
okonomiyaki3000 4 days ago 2 replies      
I'm not a gamer but it looks pretty innovative. I wonder about the strategy of announcing 2 months before Christmas and launching 3 months after though.
nilkn 4 days ago 0 replies      
This actually looks amazing. I haven't bought a game console in a while and have in fact been actively avoiding them in favor of PC gaming and Steam, especially now that we've got the Steam Link and Steam Controller. However, this has enough value add that I could totally see myself buying this. This might just be the best thing I've seen from Nintendo in a long time.
Jamieee 5 days ago 4 replies      
Is this an upgrade for the 3DS, the Wii U or both? I was looking at picking up a couple of the new 3DS, doesn't seem worthwhile now.
dingo_bat 4 days ago 0 replies      
I most excited by the prospect that this supports local WLAN multiplayer. At least that's what it looks like in the video.
cmrdporcupine 4 days ago 0 replies      
The "Switch" appears to mean many things, but also a "Switch" (for their non-gameboy/DS systems) to the ARM platform and a break from the PowerPC-based systems of the past.

Which means breaking compatibility, but certainly makes it possible for them to lower costs reduce power consumption and iterate more quickly.

justicezyx 4 days ago 1 reply      
I personally feel this is going to be mediocre at best:1. Limited appealing to main stream consumers2. Awkward physical spec, tablet's down fall pretty much proved that how big a mobile device should be3. No one would want to write games for this...
technologia 4 days ago 2 replies      
I wonder if the Tegra X2 in here would be at all able to use any other nintendo devices as an external gpu since they no include the pascal architecture. For example possibly using the new nintendo nx with the switch somehow. Just a thought.
SadWebDeveloper 5 days ago 1 reply      
I didn't get it... is it a handheld or a phone/tablet device? my question whatever it would replace my phone or just be another device on my backpack like the iPad, Laptop and tons of extra chargers, i carry to almost everywhere?
beernutz 4 days ago 0 replies      
Does anyone else think the controller stick on the right looks like a problem? I can't help thinking that I will keep bumping the analog stick if I attempt to use my thumb to press the buttons at the top.
r-w 4 days ago 0 replies      
What happens if multiple people from the same household want to use local multiplayer on different screens? That's the only case where the one-to-one relationship between console and portable screen breaks down.
aikah 4 days ago 0 replies      
At the end of the day it's not about the console, but the games running on it. Not going to buy this if the only thing I can play on it is Mario or Zelda. I wish Nintendo a lot of success though.
s3r3nity 4 days ago 1 reply      
This might be a dumb question, but can someone elaborate on how you can get such good graphics like they were showing in the Skyrim and Zelda images on such a small cartridge (i.e. not a disc?)
Someone 4 days ago 0 replies      
https://www.engadget.com/2016/10/20/switch-is-nintendos-next...: "The Switch will be released worldwide in March 2017."

Can I interpret that as "we missed the holiday season, and pre-announce this because we think its Osborne-effect (https://en.wikipedia.org/wiki/Osborne_effect) will be smaller than its effect on the sales numbers of our competitors?

chejazi 4 days ago 1 reply      
Exciting product. Criticism: the detachable controllers don't appear very ergonomic. They are small in size and the detaching mechanism look looks somewhat flimsy.
MollyR 4 days ago 0 replies      
This reminds me of the nvidia shield tablet but done right.
djhworld 4 days ago 0 replies      
Light on details, outside of the association with nvidia there's still a lot of questions that need answering

Saying that though, I am almost certainly going to get one.

xwvvvvwx 4 days ago 1 reply      
Seems like it will be a challenge to build games that are compelling on both a large screen while seated in your living room and on a small screen when you're out and about (from both a UX and gameplay perspective).

With that said it's a smart move to use the same controller for both use cases.

Overall looks pretty slick, interested to see how this plays out.

sergiotapia 4 days ago 0 replies      
Day 1 purchase for me. I want one for the car so my kids can play Mario Kart in the back.
rebootthesystem 4 days ago 2 replies      
It's interesting to me to watch a video about a new gaming platform and have that video show me all the ways in which said platform will destroy nearly all forms of real human interaction with others, reducing us to unthinking drones looking at screens moving little virtual characters around while our brains whittle away.

This is the problem with the gaming industry. It's the equivalent of very smart engineers using their skills on the web to find ever more effective ways to make people click on ads. It's such a waste of human talent.

Gaming is different but not really. Most of the popular games have no real redeeming qualities. They are black holes into which youth can get sucked into, burn hours, days and years and, in extreme cases, ruin their lives. This, I think, is despicable.

If you want to do well in gaming you have to use your skills to find ways to create addictive games that shift a person into a Pavlovian state where they want more, they keep clicking the buttons and, eventually, they send you money. This has certainly been proven by the iOS space. Games like "Clash of Clans" is one of many examples of this.

Getting truly creative to find ways for people to engage with more intelligent and useful activities is very, very difficult. And so, to usurp part of a phrase that paints an amazing image...when they go low, we go lower.

I have long been disenchanted with what the gaming industry has done to kids. It's making money at the expense of their brains and emotions. It's selling drugs in digital form.

I didn't used to think this way until I saw the effect on my own kids. To make a long story short, my two little ones started to lie to us and play a couple of these addictive games on their iPods.

We have a simple rule at our house: On Saturday's you can play the available games for a couple of hours. The rest of the week play with legos, go outside, play with the dogs, etc.

This worked very well for many years (almost 18 to be precise). In fact, in a lot of cases they'd play less than two hours because they'd get sick of it and prefer to go for physical play.

Until a couple of games surfaced. And they, like evolved bacteria, became immune to the mechanism that made my kids decide to stop playing. Soon we would discover them playing the games in secret under their blankets at 11 at night instead of sleeping. Warnings did not work. And, after a couple of them we took the iPads and iPods away. They had become destructive devices rather than the opposite.

My kids were lying to me in a manner which I would imagine was no different than kids lying about taking drugs.

They've been off the iOS devices and these games for a year. They get their devices back in January. Cleared of all the addictive games. We'll see what happens.

So, yeah, I look at a video like the one for the Switch and immediately imagine how many lives it will destroy if used as portrayed.

dysfunctor 4 days ago 1 reply      
Is Nintendo making a big mistake by missing Christmas with this thing?
fiatjaf 4 days ago 0 replies      
Multiplayer solved in all the ways possible.
Waterluvian 4 days ago 1 reply      
I feel like it will be mediocre at both living room and mobile gaming.

How can it possibly be powerful enough to attract third party developers?

Doesn't this compete with 3DS?

sebringj 4 days ago 1 reply      
Might be a good time to buy Nintendo stock.
eganist 5 days ago 1 reply      

Direct link to the trailer video

Tiktaalik 4 days ago 0 replies      
Weird. Was the thread title edited? "Switch New Video Game System [video]." I'm pretty sure everyone knows who Nintendo is and it's more descriptive to say that in the title.
protoster 4 days ago 0 replies      
Oh my god, a sane name for once. It was really getting out of hand with the DS and Wii when the same name referred to several different generations of hardware in a non obvious way. (DS, DS Lite, 3DS, 2DS, New 3DS, try making heads or tails of that).
jmcdiesel 5 days ago 2 replies      
So instead of a portable screen/controller like the WiiU that's separate from the main machine - the main machine IS the portable part that could easily be dropped/broken, now? Or am I missing something?

Im failing to see how this design is superior to the Wii U's approach

shmerl 4 days ago 0 replies      
If Nintendo will support Vulkan on Switch, that would be good.

This looks more interesting though: https://www.kickstarter.com/projects/smachteam/smach-z-the-h...

And it's supposed to run Linux. Recent AMD GPU means it will work with amdgpu/radeonsi for OpenGL and radv for Vulkan eventually.

However after disastrous Jolla tablet crowdfunding, I'm not so eager to back hardware campaigns anymore. But I'll surely buy such device if they'll pull off making them in the end.

LargeCompanies 4 days ago 2 replies      
I don't get it... what is exciting about a GameCube/iPad hybrid?

Why not create a VR/AR console hybrid that lets you create things at home and then experience them in the real world... digitally graffiti your town at home then go out and check out your art work and or messages? Maybe that's an app already... leave your friends messages in certain locations seen via an AR app?

Thank HN: From Google form to $1k in revenue in one month oldgeekjobs.com
1064 points by johnwheeler  5 days ago   246 comments top 63
b212 5 days ago 9 replies      
Can you do another good deed and require your posters to include salary range in their job ads?

It's the norm in the UK and we successfully forced this in Poland (though posters almost NEVER post salaries here). How? The companies need IT staff so much that almost all IT job boards (at least the most popular ones - like FB groups or https://nofluffjobs.com) started requiring the salary range.

I think your idea is praiseworthy, but I'd never ever create a website like this with hidden salaries. Especially in your case - it's so cool people post jobs on your board, but what if they do so, because they're offering 10, 20, 40% less because it's a place for "old geeks that noone wants"?

I'm really super proud that if a IT ad in Poland has no salary range most of us just ignore it. And it took us maybe 2 years to get to this place. I think every other country should follow the lead and end the "competitive salary" trend. I don't want to spend 3 days on interviews just to discover that the salary offered is way too low for me. Salary missing from an ad is a big lack of respect, the sooner people realize that the better.

gregsadetsky 5 days ago 9 replies      
Congrats! Small note, none of the listings appear when using uBlock Origin [ https://chrome.google.com/webstore/detail/ublock-origin/cjpa... ], a popular ad blocker.

It seems related to your /js/ads-controller.js file (it gets blocked because of the "/js/ads-" portion in the path).

I would suggest fixing that (and preferably minimizing your JS into one bundle).

hash-set 5 days ago 3 replies      
Here's the deal: Employers will exploit your age no matter how old you are. There is no "perfect age" for a developer. When you're young, they exploit you because you are inexperienced (especially at negotiation). When you are "old" they exploit by trying to play the age card. "Not a cultural fit"--LOL--fix your stupid culture and stop exploiting people, you smug fools!

So what is there? A ten year "ripe" age range where you're good enough to code but don't have a wife and kids? Blatant exploitation of human capital.

As far as "moving up to management" that's a load of crap. There aren't enough management positions to soak up all the age 35+ developers out there. It's an extremely narrow funnel. For the winners of that race, the prize is a lifetime of quiet suffering: You'll be lucky if you retire without major depression, anxiety, heart problems, or all three. I wonder what the mortality statistics are for people who work as IT managers?

There is also this role called "architect." Do not be enticed. It is, at best, a torturous role, and at worst, it's a redundant role that people who were only so-so at coding get promoted to so they can no longer annoy the rest of the team. The effectiveness of any given architect has an exponential decay from the instant they stop coding and start attending meetings all day.

Basically, you either keep coding and stay relevant or you go do something else completely. The rest is bs. But don't for a second imagine that companies aren't exploiting you by making you uneasy about your age or whatever else can be thrown in front of you to try and confuse, diminish, and lowball you.

mgkimsal 5 days ago 7 replies      
I wish folks like Bray had championed this cause 20 years ago. It may not have done much, but... it feels a bit weird to hear old people complain about discriminatory impact. I can't say he was a contributing factor to the ongoing 'youth culture', but... it wasn't hard to see this coming.

My situation may be somewhat unique, in that I've had grey hair since I was 18. Not a HUGE amount at 18, but... people noticed. By the time I was in my mid 20s, it was definitely noticeable - more pepper than salt still, but noticeable. By 30... there's a fair amount of grey showing. Early 30s I've got people thinking I look good for being in my late 40s (had that more than a couple times).

But when it came to interviewing and opportunities, I was already feeling the age stigma in my late 20s. "Not a cultural fit" - not even in silicon valley mind you.

Had someone interviewing me - early 30s - said "well your resume only goes back about 12 years or so, what were you doing before that?" "High school". "Whoah..." - later found out he's assumed I was mid 40s.

Could I dye my hair? Yeah, but.. it's a pain, and... other parts of me will get old too. Not worth it - want to get hired based on ability, etc.

What's sad is to hear about the mid 30s folks wanting to get plastic surgery to look younger, which just validates and perpetuates the continuous youth culture. May not be possible to fight it at the Facebooks and Googles of the world, but it shouldn't be this bad...

soared 5 days ago 3 replies      
I thought I was on medium.com.. You need to add a call to action to the end of your post! Add a short line - "if you've experienced ageism checkout these job listsing at /link" or "to see what I built visit /link" or something similar. Lots of lazy people want to click a link at the end of your post to see your site rather than trying to find a link in your profile or scrolling all the way to the top. Plus when someone inevitably copies your content, you get a free link.

I should make a site with marketing tips for devs...

CodeWriter23 5 days ago 2 replies      
@johnwheeler: Their loss for not hiring you.

I thought I was hot shit when I had 5 years under my belt, too, just like those whipper snappers. Took another 10 to recognize how full of shit that idea was.

I think there's a certain niche that wants to hire experienced, disciplined and reliable "old" geeks like you (or actual old guys like me...still grinding code at 50). Looks like you're going to own it. Well played.

dbdoug 5 days ago 1 reply      
FWIW, I just turned 70 and I'm still being offered more coding work than I want. It is VBA, though :)
jondubois 5 days ago 0 replies      
It sounds like everything worked out perfectly for the author on that fateful day. What are the odds that a stranger saw the author's initial (unsuccessful) post in the HN 'new' section and decided to write a whole article about it, post it to HN (with a link to the original form) and that this new post made it to the front page... Then it crashed... But thankfully there was an HN moderator on that day who cared enough to edit the link to send users directly to this form.

It sounds like the author made the most of it though, so I guess it's well deserved.

mrlambchop 5 days ago 3 replies      
Woah - did I miss the announcement that old is now 35 and above? Given the working range of professional engineers in the SF field, it sad that its not easier to invert the problem and build a Young-Fun-and-Full-of-Recent-Academic-Course-Material-Jobs.com.
mathattack 5 days ago 0 replies      
One of the reasons I want to work on OldGeekJobs is because Ive experienced ageism first-hand. Im only 37 years old, but I was rejected by a startup of twenty somethings a few months back.

Ahh - that first painful moment of, "Wait a second, I'm too young to be the victim of age discrimination!"

sparky_ 5 days ago 1 reply      
I hadn't seen this site before, and I think it's a great idea. Though I'm young, I am certainly terrified about the trend of age discrimination in the valley - after all, we all age! I'm glad to folks trying to make a meaningful difference in the trend. Perhaps through good samaritans such as OP, those same twenty-somethings that reject so many qualified applicants on account of age will receive better treatment when they themselves reach 35 or 40.
rsp1984 5 days ago 5 replies      
spent an hour putting up a Google form and static site on a cheap Digital Ocean instance.

Now I feel like the Old Geek (I'm 32):

What's the deal with Digital Ocean? If the website is static and receives content by manual copy-pasting from a Google sheet (as outlined in the article), why bother with Droplets and Storage and all the other configuration? Why is good old web hosting (the kind where you just upload your html/php/js via FTP and it all just works) not good enough for this? Really curious.

jnevelson 5 days ago 0 replies      
I'm not even the target market (too young), and this is my favorite job board already. Very fast to navigate around - speed IS a feature! Also love how granular the locations are.
b_emery 5 days ago 0 replies      
Simultaneously a great story and proof of the value of an 'experienced' coder. Looking forward to seeing how far this goes!
econnors 5 days ago 0 replies      
I really like how the author posted the fake pricetag before spending time implementing payment processing - easy way to verify people will pay for it, low cost of experimentation. I've heard of other companies using similar strategies like a/b testing features that don't exist yet to figure out what they should build next.


RikNieu 5 days ago 2 replies      
I started a new career as a front-end developer at the age of 33(last year), so I have my age and lack of experience counting against me. I must say, I do worry about my future prospects a lot.

Hopefully sites like this can throw a bone to us old dogs out there.

Jetroid 5 days ago 0 replies      
Shrewd, this story is just going to bring more visitors. :-)
drieddust 5 days ago 0 replies      
Thanks for sharing this. If not finest then quickest example of idea -> MVP -> Product I have seen so far. I applaud you for the brave decision of putting it out there.

On the contrary, I always end up planning endlessly. Evaluating the best framework, best UI, best architecture and actually end of doing nothing.

pjlegato 5 days ago 1 reply      
Great, I love that this worked out!

What's the purpose of backfilling jobs from StackOverflow -- is it just to make the site look less like a ghost town? Aren't those not necessarily old-geek friendly jobs?

K-Wall 5 days ago 1 reply      
Awesome story! Just as a heads up with uBlock Origin in Chrome on macOS one is greeted with a header followed by a white page. Everything loaded with once I shut it off.


avip 5 days ago 1 reply      
I don't get something - 37 is now considered "old"?Is this some kind of millenia neolang?
hyperknot 5 days ago 1 reply      
Congrats for doing this and writing so honestly about it! But why only $1000? There are 134 "green" jobs * $50 which would be $6700. Or the Stripe integration was added that much later on?
morganvachon 5 days ago 1 reply      
Fantastic job and a great service!

One thing: The linked article states that you started on October 15th, but the screenshots indicate you started September 15th.

gggggggg 5 days ago 2 replies      
Just a idea which I am sure would be easy given what you currently have, femalegeekjobs.com
sparrish 5 days ago 0 replies      
If you really want us old geeks to use it, you need a command line interface.
exlurker 5 days ago 0 replies      
I like the simplicity of the site! But how about some more contrast on the body text. For us old geeks, you know.
nextos 5 days ago 1 reply      
It's a lovely story. I bet there are tons of similar ideas that can succeed with a quick MVP and a bit of ingenuity.
quaffapint 5 days ago 1 reply      
I just joined a new company and I feel a little reverse-ageism from my part. My team and most of the company employees are at a younger point in their life. After leaving a company where I could talk to people about kids the same age as mine and such, I find it all a little unnerving and uncomfortable. They've been fine and I imagine once I've been there awhile it will be ok, as I still have people outside of work to talk to, but it will take a little getting used to.

Also - When I search for 'c#' it seems to filter out the '#'.

Jugurtha 5 days ago 1 reply      
Awesome.. I remember reading your first post and finding the idea neat but also saying in my head, with amusement: "right, everything is easy when your name is John Wheeler".


Lxr 5 days ago 0 replies      
I love how simple and clean your site is, I would use it just because of that. Nice work!
up_and_up 5 days ago 1 reply      
Awesome work! As a 34 year-old I can't believe I am faced with impending discrimination, but I guess its true. Thanks from my future self!
mikemikemike 5 days ago 1 reply      
I wonder if the problem is specific to ageism in individual contributor roles. I've worked at a few startups where maybe 1/3 of the product team was over 40, but I can only think of two coworkers over 40 who didn't have any direct reports. Do we find ourselves wondering why an individual hasn't "advanced" to a management position after 10+ years?
jxramos 5 days ago 0 replies      
Glad to see things taking off via HN community. Keep up the good work.
life_is_short 5 days ago 1 reply      
I found a bug.

Job postings aren't sorted by date correctly. For example https://oldgeekjobs.com/jobs/California?page=2 shows jobs posted '2 days ago' while the front page shows jobs posted '30 days ago'.

altitudinous 4 days ago 1 reply      
Sir, a fine website, one that I cannot take advantage of because I am in Australia. However a minor point - I do have some difficulty seeing the pale green highlight around the positions, I believe it may be to do with my red/green colourblindness, common amongst men, it is almost impossible to see against the bold blue. If you are feeling creative maybe you can change the colour of the highlight to a different less pale green or another colour. Thanks again for your site and congrats on your success. Cheers.
the_watcher 5 days ago 0 replies      
This is great. Great idea, and an extremely good example of building just an MVP and going from there.
anotherevan 5 days ago 0 replies      
I was going to make a snarky comment regarding if this site is for old geeks, then the blog should have an RSS feed, but if you go from the article to the blog's home page the RSS feed is there. :-)

Are you planning to open this up for areas outside the USA? (Australia here.)

drdoom 4 days ago 0 replies      
Congratulations on seeing the opportunity and quickly moving to do something about it. It is unique enough at first sight that you got early coverage in the press, which is very helpful.

Quick question: I did not see anything unique to "old geek" in the website, other than the URL of course. I guess it is an implicit assumption by both job seekers as well as job posters.

On that note, where would this concept be headed if other job sites added a simple attribute called age (or something similar but more palatable) where job posters could specify their preferred age range, and job seekers could search on it?

Lord_Zero 5 days ago 0 replies      
What I really like about this is how the interface is so dead simple. It could be the Craigslist of job postings with the $50 barrier to entry to filter out shitty posts. My advice is to not overdo it with features and KISS.
JoblessWonder 5 days ago 0 replies      
Great site! And thanks for taking my feedback in stride about the "tell people you heard it on oldgeekjobs.com" not being appropriate for the scraped jobs! The change (along with prioritizing paid ones) looks great!
shostack 5 days ago 0 replies      
What are your marketing/PR plans now that you've gotten a few major press hits?

All too often people aren't ready for the buzz when it comes, and see a sharp spike that then falls off a cliff once the buzz dies down.

happy-go-lucky 5 days ago 0 replies      
On one hand, I'm getting older. On the other, my skills are getting better. The younger people I work with can't keep pace with me. And, my employers aren't unaware of the fact that it indeed is a zero-sum game, so my age (early 40ies) has never been an issue so far. I believe there're and will be many employers who look at nothing but what you bring to the table. As a businessman, you wouldn't be foolish enough to hire only noobs.
tudorconstantin 5 days ago 0 replies      
Idea to make even more money (if you get billionaire on it, please make me a millionaire also :) ): there are services that post jobs to multiple job boards. Create an API they could hook your site in easily and offer them a 20$ discount, so they can offer your service to their customers for 40$ and can also win a 10$/job posted to you.

Examples of such sites that come to mind are ziprecruiter.com and broadbean.com

encore2097 5 days ago 0 replies      
Awesome and congrats!

how'd you make those sweet gif screen caps?

xupybd 5 days ago 0 replies      
Any chance of opening this up to other countries?
mountaineer22 5 days ago 0 replies      
Excellent job.

It is great to see the birth of an idea and watch it grow.

Thank you for sharing with us. It is greatly appreciated.

adolfoabegg 5 days ago 0 replies      
Congrats John! this is perfect example of how ideas should be tested and developed. Loved the story!
JonoBB 5 days ago 0 replies      
Well done and nicely executed!

That early "Hacker News Effect" really got you off to a roll, and you made the most of it. Have you ever thought what would have happened if that Wordpress write-up was not created, or didn't get such a good response on HN?

xn 5 days ago 0 replies      
All new job listing sites should follow the lead of AngelList and StackOverflow, and include a salary field.
alpeb 5 days ago 0 replies      
Love the concept and the site. Minor gripe though, that I also find in most job boards: searching for Scala also gets me all the entries with the word "scalable" in them :-(
madshiva 5 days ago 0 replies      
Great! Congrats! I'm 33 and I start to feel old too when applying to some jobs and when I see what you did this boost my motivation too! don't stop!
santa_boy 5 days ago 1 reply      
Wow thats cool! How are you actually getting end user views? Is it through the PR articles or do you have a plan in mind?

What is a "faux price tag"? :-) .. how does it work?

ge96 5 days ago 0 replies      
Once you grew/adapted to the growth is that $1000/mo still profit or overall earnings?

Awesme btw posts like these inspire me, damn what is the next problem to solve.

betimd 3 days ago 0 replies      
Have you planned to share app source code? Or can you share it?
radious 5 days ago 0 replies      
I think this a great idea but why would anyone pay for posting an ad? There're many free-to-post sites already.
alexdumitru 5 days ago 1 reply      
The jobs don't load with uBlock active.
dannylandau 5 days ago 1 reply      
Don't get it, how do you know that age discrimination is not at play with the jobs listed on your site?
Annatar 5 days ago 0 replies      
What about reverse job postings, where old people could post what they can do, and where they want to work?
sharemywin 5 days ago 0 replies      
I think your definitely on to something. I can't wait to see how far you take it.
tracker1 5 days ago 1 reply      
If there's an insistance on a fixed-width font for the site, I really wish it was something more like Consolas/Inconsolata etc... The job descriptions are nearly unreadable on my display, lighter gray, with a relatively thin font weight.
ebel 5 days ago 0 replies      
made my day.
elkhourygeorges 5 days ago 0 replies      
fm328 5 days ago 0 replies      
congratz and great work!
Image Synthesis from Yahoo's open_nsfw gitlab.io
840 points by brakmic  4 days ago   168 comments top 38
niftich 4 days ago 6 replies      
This is absolutely fascinating.

It's mesmerizing to see this NSFW detection applied in reverse, and it's even more interesting to observe your mind react to the generated images. You can see the sort-of-mons pubis patterns, the maybe-pubic hair, the perhaps-breasts and the suspiciously phallic appendages, complete with realistic colors.

Interestingly, all exposed skin suggests that the training dataset for the NSFW detection was skewed towards caucasians, given how the synthesized images are near-completely devoid of skin tones other than light pink. Perhaps this is a good visual indication of unintentional 'bias' in datasets?

WhitneyLand 4 days ago 4 replies      
Some of these images and those from similar projects could be in an art gallery. They are art; provoking original, emotional, responses.

Most people hear about self-driving cars, but not about the fact that machines have already begun to emulate human creativity in the most intimate way. For a while, this secret assault on our uniqueness will stay among us.

noam87 4 days ago 2 replies      
I am always blown away by how eerily similar these generated NN images are to the visuals experienced under psychedelic drugs. Moreso than any artist's depiction (and there have been plenty of those)... they just have the same "feel". Which of course leads one to the inescapable idea that there is a fundamental relationship here.
viraptor 4 days ago 4 replies      
Some of the more abstract images at the beginning really remind me of Beksiski's paintings. (some NSFW, but good, dark art overall) https://art.vniz.net/en/beksinski/ There's just enough of abstract ideas and randomly included genitalia.

(now I really wish someone did a Beksiski + photos mixer... there's ~240 samples just on that site)

kolokolo 4 days ago 1 reply      
I'll have 2 tickets to the dick concert thanks.
mgraczyk 4 days ago 2 replies      
We're witnessing the beginning of an entirely new form of pornography. I can easily imaging a XYZ Porn website adding an "Artificial" or "Neural Dream" porn section.
codingdave 4 days ago 0 replies      
They have automated the surrealist movement. Which goes pretty much directly against the philosophy underlying the surrealist movement. Which the actual people involved with it would probably approve of, as they mostly all moved on from it anyway.
dsl 4 days ago 1 reply      
This is one of the most disturbing things I couldn't stop reading.
gabrielgoh 4 days ago 2 replies      
By popular demand, I've added more pictures!


MasterScrat 4 days ago 1 reply      
Could this be used to insert a "subliminal" touch to an image?

Eg you make an ad that looks innocent, but that would fool your brain into thinking it's sexual if you just scan the page containing it?

yoodenvranx 4 days ago 3 replies      
Has anyone ever thought about using all of reddits porn subs for machine learning? There must be 10s (or even 100s) of thousand of images (kind of) neatly organized by gender, boob size, ass size, skin color, age, ...
gomijacogeo 4 days ago 0 replies      
They've figured out how to synthesize OMNI magazine covers.
TheGorramBatman 4 days ago 0 replies      
Shoulda called it "Deep Dicks" or something.
shahar2k 4 days ago 1 reply      
I would LOVE to see what happens if you feed it clearly NSFW images as the source, and let the network optimize for SFW instead
posterboy 2 days ago 0 replies      
If the author is reading this, per se means by itself, on its own. I'm not reading per say in its stead for the first time today.

It shouldn't be surprising that many misheard words survived in a time when there was no widespread frequent exchange of written language and no writing standards or before that, when hardly anyone could even read. I feel this severely complicated our languages.

This is slightly on topic as well, because Natural Language processing has to deal with that now.

going one step further with the nitpicking, just because I am at it, the per-say (or indeed, per se) is only a filler in that sentence, like really or very often are, really though.

boxcardavin 4 days ago 0 replies      
Fascinating, I'm curious to see if any of the tech press or even mainstream press pick up on this. If they do, will they pixelate the sample images??
bcoates 4 days ago 0 replies      
I'm seeing Roger Dean (of the Yes album covers) or maybe "Heavy Metal".

Whatever Piaget stage prog rock is, AI has reached it.

k_sze 4 days ago 0 replies      
I wonder if it would make it hard to find this project via Yahoo's search engine. That would be sweetly ironic.
whitehat2k9 4 days ago 0 replies      
"Not surprisingly, the results of the optimization are clearly pornographic."

Just about spit out my food.

ris 4 days ago 1 reply      
So what about optimizing NSFW originals to make them appear "SFW"? What would such a thing look like? Presumably the skin tones would be the first to go.
kapitza 4 days ago 2 replies      
Georgia O'Keefe has already contacted her attorneys...
lizzard 4 days ago 0 replies      
It seems possible to put other, not-porn images of people into the hopper and spit out an endless stream of perturbing, semi-pornographic trolling. That will probably happen, despite it being an awful idea, and it could even become commodified.
_wp_ 4 days ago 0 replies      
calsy 4 days ago 0 replies      
H.R Gigerish.
eveningcoffee 4 days ago 0 replies      
Is there are a good validation set of subtle examples of something being NSFW and SFW?

Especially considering that the subject is mostly defined as I do not know to how to define it but I definitely know it when I see it.

dluan 4 days ago 1 reply      
OK - does anyone know, how close are we to these trained neural nets passing the turing test for human creativity? Because I feel like we're going to pass it in my lifetime.
sdfjkl 4 days ago 0 replies      
Sometimes the amount of time and effort we waste on enforcing outdated morals on other people astonishes me.

Still, we get abstract genitals as a side effect.

phjesusthatguy3 4 days ago 0 replies      
The output looks like something Harry would have run across going through the apartments in Silent Hill 2.
wodenokoto 4 days ago 1 reply      
i don't see any pictures in the link.
triplesec 4 days ago 0 replies      
Perhaps predictably, Facebook is censoring the URL by refusing to let you post it.
pweissbrod 4 days ago 0 replies      
Seems to have bugs. I dont understand whats NSFW about Ted Nugent at a rock concert
spot 4 days ago 0 replies      
similar results using a smaller set of inputs, 20 years ago:http://draves.org/fuse/
jlebrech 4 days ago 0 replies      
so this could be used for an automatic nudity free chatroulette
sgnelson 4 days ago 0 replies      
Talk about "...You'll know it when you see it..."
h4nkoslo 4 days ago 0 replies      
Very HR Giger esque. Somehow more horrifying than the original.
pearjuice 4 days ago 0 replies      
So that's what they are doing at Yahoo these days.
egypturnash 4 days ago 0 replies      
It's... it's a robot Dali Giger.

I love living in the future.

Taniwha 4 days ago 0 replies      
ah ... so it doesn't dream of doggies then .....
HN comments are underrated danluu.com
718 points by ingve  2 days ago   353 comments top 48
pavlov 1 day ago 5 replies      
I second Dan's advice of blogging more.

I'm a very average HN commenter. I do put in effort in writing here, trying to be civil above all and sharing my experience where it could be of interest. But I'm not Alan Kay, I've never rewritten a distributed deep learning system in Haskell using a genetically optimized Paxos consensus protocol, and my entrepreneurial experience is a loose string of "don't do this" case studies at best... So my comments certainly won't make anyone's "Best of HN" list.

Last week, after the news broke that Salesforce walked away from buying Twitter, I was about to write a HN comment about what Twitter could do. The text got long enough that I decided to expand it into a Medium post instead: https://medium.com/swlh/twitter-could-be-the-next-mozilla-e7...

To my surprise, the post has 28,000 views and 755 recommends so far. If I had written it as a HN comment, it would have got maybe 5-10 upvotes and perhaps spawned a short discussion thread about how unrealistic my idea was. (Please don't bother to criticize the content of the blog post in replies here -- I'm just using it as an example of blog vs. comment.)

I love reading HN discussions... But maybe there could be a site that slots between the HN and Medium formats, and lets you expand your comment into a blog post with minimal friction? Call it "HN Long-Form" or whatever. Ideally it would interface with the HN comment system so that you could mark your comment with something like "Promote to long-form" after you've written it. That would create an editable post on the long-form site. You could then later expand your comment there, and publish it on the long-form comment aggregator site. (Maybe I should just build this myself and see if it feels right.)

pavlov 1 day ago 2 replies      
On second read, I'm not sure I agree with the first paragraphs of Dan's post at all. He seems to be saying that HN is terrible, but a handful of comments from star posters rise above the muck. I just don't think that's fair.

Yes, the clich is that HN is a place full of mean, entitled semi-autists who will criticize your site's CSS whitespace formatting when you ask for business feedback... And of course there's a grain of truth to that (persistent stereotypes usually don't come out of thin air), but it misses the mark on two dimensions.

The first is that the criticism you get on HN is no worse than what other aspiring creative professionals suffer. I went to an art and design college, and the critique you'd get from students and even teachers was 99% of the time harsher than the HN style, yet no more guaranteed to be useful.

Consider a first-time novelist who spent years on a book. One day it gets critiqued in a newspaper. The professional critic might find that the author has a clumsy style, poor research, paper-thin characters, and seems to lack the life experience to even write about the topic. What do you do after that kind of criticism? You suck it up and go back to work on the next novel.

Making use of feedback is all about filtering and reducing multiple sources into something actionable. Nobody is right all the time. Your parents were wrong. Your teachers were wrong. Your peers were wrong. Your professors were wrong. Your boss was wrong. Your cofounders were wrong. Your investors were wrong. HN commenters were wrong. Still it's worth taking in all these inputs as much as you can.

The other dimension of HN comments is that they can be surprisingly deep. When an arts or culture topic makes it to the front page, it seems like someone comes out of the woods with the perfect personal anecdote. Whether it's Mondrian, Messiaen or Modiano, there's always someone on HN who happens to have a passion for it.

HN comments are underrated, but it's not just because of star power: it's everyone's contributions that make it consistently worthwhile for me.

anton_tarasenko 2 days ago 5 replies      
When I worked with the HN post data, I noticed that some years ago HN users had correctly predicted the "Show HN" projects that later got funding. Those projects had more upvotes.

The more recent data has no such connection. It seems that the influx of users reduced the quality of judgement.

So one way to improve HN submissions and comments is to weight points by the user's tenure on HN.

I also suspect that early comments dominate late comments by the time factor alone. The sorting algo gives a brief advantage to new comments, but old comments are more visible. A post on the front page gets 30+ comments in the first hour, and latecomers can only post into the void. To address that, long branches could be collapsed by default, leaving only 2-4 visible messages per branch.

anexprogrammer 2 days ago 9 replies      
HN comments are full of naive political opinion, groupthink, and a tendency to blind optimism on all things technology or new. Often older ways have merit too.

It's also probably the only place left on the net where, from comments, I'll find out rapidly, and bluntly with citations, when I'm wrong (and, yes I'm often wrong on the Internet!), usually learn something new on the topic, and sometimes talk with the guy who invented it. My ADHD brain loves the depth that side topics can get explored and being surrounded by people far cleverer than me.

I wouldn't have it any other way.

latch 2 days ago 4 replies      
Removing the vote count was a step back.

You end up with highly positioned comments that are factually wrong and no way to weigh the corrections made in replies.

If you saw that a comment had 20 votes, but a reply had 500, you'd have something to go by. If nothing else, they could show the relative score of a reply to its parent.

tedmiston 1 day ago 1 reply      
I really think the author is onto something here.

Recently I've been thinking about doing a couple blog posts that summarize the HN thread for a given article* in perhaps ~1500 words. I think of it like the approach that r/tabled uses for AMAs on Reddit (example: [1]).

Would others find this interesting, or would you rather just read the comments yourself?

A second idea is a daily / weekly update of comments from all of the people you're interested in "following" on HN. You can do this very manually right now. I think it could be an interesting proof of concept.

*When I say one article, I really mean the aggregate of recent links around that topic as discussions are often merged or commenters bring information from other sources into the commentary for whichever link takes off on that topic. Often that is the most original source, but not always.

[1]: https://www.reddit.com/r/tabled/comments/4lh4t1/table_iama_i...

dancek 2 days ago 3 replies      
I think HN needs a way to easily find the top comments. There are absolute gems deep in discussion threads, but you'll need to spend a lot of time reading to find them. Hence, it's very nice of Dan Luu to list some of his favorites.

The top root-level comment for each comment page is obviously easy to see, but good comments deeper in the comment tree are easily lost. Would be great if e.g. the top 5% voted comments on a page were highlighted in some way.

Perhaps a workable solution would be to just follow the comments listing of smart people. Guess I'll at least try that.

sideproject 1 day ago 2 replies      
I absolutely love comments on HN and they are probably the main reason I read this site a lot. Some times, the posts themselves are quite self-explanatory from the title and I just go straight to the discussions.

I created a little site called HackerNews Club


Where you can easily search for user's submissions and comments. FYI, here's Dan's comments :)


And HN users ordered by the number of comments they have made.


qwertyuiop924 2 days ago 3 replies      
You post a list of the best comments on HN without putting The Wisdom of Bane on the list?

Seriously, how did The Wisdom of Bane not make it one here? That is one of the best comments on all of HN.

For the uninitiated: https://news.ycombinator.com/item?id=8902739

acabal 1 day ago 2 replies      
These criticisms, when phrased in the manner of the post ("HN is full of mean and rude people"), suggest by omission that there's some kind of internet forum Nirvana out there where everyone's nice all the time and nobody every says mean things or is rude. ("HN is full of mean and rude people [... unlike place X, which is always great all the time]")

But the thing is, once a community reaches a mid-to-large size, certain kinds of people will always going to think it's full of jerks and trolls, and that its golden age has long passed--regardless of the community's age or actual composition.

I run one of the largest online writing communities online, Scribophile. We've been around going on 9 years and I personally pride myself on the reputation we've earned as being a friendly and supportive community. By and large people seem to agree. And yet every now and then we still get people complaining that Scrib members are out to get them, that everyone is mean, that Scrib's golden age has passed. (I started hearing that same golden age comment about 6 months in, by the way).

I think the truth is more like the faceless, voiceless, anonymous internet makes it really easy for people to both a) be jerks, and b) misinterpret harmless posts as people being jerks. I think this phenomenon happens in every mid-to-large sized community, ever. And I don't think it's really helpful to criticize any community of that size as having nothing but mean people, or trending towards meanness.

blt 2 days ago 4 replies      
I think the culture of rejecting joke-only comments is significant. I love a good joke, but so does everybody else. Rewarding jokes would have a major effect on the signal/noise ratio.
shubhamjain 2 days ago 5 replies      
I prefer cynicism over unthoughtful, inconsequential comments that floods several discussion forums that I have come across. "Nice article", "Great write-up" and the next thing you know, you have created a place where people are only interested in submitting their articles and getting it upvoted rather than make meaningful contributions.

People want to make good contributions here and that's something that differentiates HN from other news aggregators.

oskarth 2 days ago 1 reply      
I often find my self searching through old HN comments for all kinds of things. Just off the top of my head I've searched for comments on: Redis, ZFS, Raft, SQS, ZMQ, message queue, RDS, connection pools, ECS in the last few days. I've learned quite a lot of things from reading comments by people with way more experience in these matters than I have. And that's probably less than half of my searches. A google search might give me some good stuff, and Stack Exchange too, but HN comments are indeed underrated.
angry_octet 2 days ago 3 replies      
I greatly miss Usenet newsgroups -- NNTP ones, not yahoo or google groups, or any of the pale http immitations. The best were usually moderated of course, but even unmoderated ones often had high signal to noise. I imagine how they might be now with rich text rendering, e.g. embedded TeX and images.

Good newsreaders (MT-Newswatcher on MacOS springs to mind, but also fast console programs like tin) really helped. There were no 'likes' or 'vote' buttons. But there was the ability to whitelist or blacklist certain authors by adding them to a user's 'killfile', leading to the wonderfully pithy permanent downvote reply:


mooreds 2 days ago 3 replies      
I have often thought it's be great to do a "best comments of the week" email list the same way "Kernel Traffic" did for a number of years with Linux kernel development: http://www.kerneltraffic.org/kernel-traffic/archives.html

Condensing comments down to the 5-10 gems would be very interesting. And, perhaps with the voting system, not that difficult.

libeclipse 2 days ago 4 replies      
Another thing I've noticed about HN comments is that everything is hyped beyond what it deserves.

For example, the recent DDoS attacks were just a bunch of skids with Mirai, but it was discussed as if it was the end of the internet.

There's also the issue of self-censorship, where users will refrain from posting their opinion in case they get downvotes and negative karma.

The things people post here are fascinating, but the comments, in my honest opinion, aren't.

cyanbane 2 days ago 2 replies      
Reading this article and thinking back on the users on HN that I do enjoy reading comments from I think that a neat feature may be the ability for a logged in user to "favorite/mark" specific authors. Those authors only get some particular character in front of their name (or a different color) so that they stand out more. I do agree with this post about seeing certain names and knowing that the signal ratio will be higher is nice. May just need a better way to discern those when scanning a comments section.
amelius 2 days ago 3 replies      
I wish there was more research in moderation systems. I think it is a fascinating topic, because it can make or break an online forum. And perhaps it even has applications in political decision making.
bambax 2 days ago 1 reply      
> 1838 days ago

Trivial improvement to HN: after more than 30 days, render time in number of years and months instead of just days.

dilemma 2 days ago 2 replies      
The first and second paragraphs seem to contradict each other.

Comments (and previously blogs, but not so much anymore) can have more insight than news articles because they're based on first hand experience. Journalists don't have that, and the organization they work for often has problematic incentives which they push onto the writer.

HN comments are indeed very terse, to the point of being unfriendly. It bothered me at first but now I'm used to the style and sort of like it.

netsec_burn 1 day ago 0 replies      
This article and its comments are surprisingly negative. I've long held the opinion that HN is the best aggregator out there, and the comments are top notch as well. Far better than Reddit, subreddits like /r/programming+sysadmin+netsec etc, /g/, Slashdot, and the list goes on.
lorenzhs 2 days ago 1 reply      
The comments on that "Lenovo is blocking Linux on some new laptops" story a while back were truly abysmal. I think that's the only time where I was really disappointed by HN comments. Now obviously (and as many of the more thoughtful commenters pointed out) this was just a case of missing support in the Linux kernel. There was no "secret deal" between Lenovo and Microsoft that the customer service rep on that forum revealed. Intel posted some patches to fix this a few days ago: http://marc.info/?l=linux-ide&m=147709610621480&w=2

The thread I question, with over 1000 points and 500 comments: https://news.ycombinator.com/item?id=12545878

return0 2 days ago 2 replies      
HN comments need a vertical bar on the left side to indicate indent level. i find it hard to skim conversations in narrow screens.
lmm 1 day ago 0 replies      
> For the last couple years (ish?), the moderation regime has been really active in trying to get a good mix of stories on the front page and in tamping down on gratuitously mean comments. But there was a period of years where the moderation could be described as sparse, arbitrary, and capricious, and while there are fewer bad comments now, it doesnt seem like good moderation actually generates more good comments.

I agree that there was a major change in moderation 1-2 years ago. But I think it's worse rather than better. The moderation is more arbitrary and capricious now (in particular it's a lot more active during the hours when the US is awake), and there are a lot of positive-but-contentless fluff comments and even humour, both of which are inimical to what made HN great.

franciscop 2 days ago 0 replies      
My feeling is that a large enough part of Hacker News has been any time within the last 10 years actively contributing in Stack Overflow. From my own experience, I learned how to ask/answer technical questions and participate in a technical discussion there while trying not to keep it political, and I totally feel that has helped me to provide good comments in HN from time to time.

So I would challenge the sentences:

> And yet, I havent found a public internet forum with better technical commentary.

I have, it's StackOverflow. Even though it is not a public internet forum properly, I've found there some awesome technical commentaries there and I think it might have helped HN a lot on that side.

spectrum1234 1 day ago 0 replies      
This article and the (currently) highest rated comment with the Medium article is making me want to write more.

I've always considered a simple blog where I just write short commentary on articles I've read that I feel are incorrect or incomplete. One thing that has held me back is knowing I'm not a brilliant writer. However am going to try and keep in mind the great blog post by Paul Graham that stresses to always write in short sentences. Good luck me!

sharpercoder 2 days ago 1 reply      
Coming from a certain frame, context and worldview given to someone by his/her parents, many comments are not ill-intendend but come off as unhelpful or negative. A problem with moderation on the web is that for willing people it is hard to grasp why you have been given the mdoeration you got.

An idea I'm toying with is to allow meta-comment reactions to comments. They would extend horizontally (as opposed to vertically for non-meta comments) and allow medium-to-high experienced users to provde meta-comments (feedback).

hellofunk 2 days ago 2 replies      
> comments are often gratuitously mean, and people will often defend gratuitously mean comments by claiming that its either impossible or inefficient to convey information without being mean.

> Most of the negative things you hear about HN comments are true.

I think it is interesting how the relatively anonymised nature of the internet has a similar effect on people of all stripes. HN readers, I believe, are among the more intelligent, or at least curious, in our species. The same is true of another popular internet forum, Stackoverflow. Yet there exists an air of negativity that is of much higher ubiquity than in "real" life where people are not anonymous. And this is true of most other internet forums as well where more of the general popular participates. I think it shows in a strange way that people just have a lot of negativity to vent, and the internet has made that really easy and without consequence to the rest of one's life, and that this remains true regardless of one's interests and general intelligence.

renke1 2 days ago 0 replies      
I admit that I usually read the comments first and then go to article.
zyngaro 2 days ago 0 replies      
So true. I often jump to the comments before I read the linked article. The comments a very often of better quality and more informed than the article it self. HN is unique in today's internet it's a great community and I hope it stays that way.
bashexporting 1 day ago 0 replies      
HN comments are moderated (not the moderators which are completely fine and, in my case, always clear of what was off-topic and in need of flagging, but the community that flags) by the hive-mind that is like any hive-mind against diversity.

Of the dozens of accounts I had, some have reached karma levels of awe, and some were met with extreme flagging and disapproval.

The most pleasant and interesting discussions are mostly in the technical, scientific themes.

When it comes to diet, lifestyle issues, comments are overflooded with bunch of anecdotal claims, unscientific babbling and extreme boasting.

I stay away from these threads after I've realized this was the case.

ericolo 1 day ago 0 replies      
I come here for the content. Before I started frequently coming here, I used solely reddit. I didn't "get" HN at the time.But at some point it started growing on me, I started coming here more and more often, and right now it's my primary source of random information. I still reddit, but more for leisure and time wasting than anything else.

I don't check comment much, thought.

As a side effect, it had also changed my browsing customs; before it wasn't difficult for me to go down to the 10th page on reddit.

Nowadays I'm barely past the 2nd page.

cronjobber 2 days ago 1 reply      
> when people make comments that arent just reasonable sounding but are actually correct, those comments tend to get upvoted

For a while, I found that on pages with lots of comments the most interesting ones were to be found at the topand, buried between actual dross, at the bottom.

That might have changed, I don't see it that much anymore. But that could be a side effect of something even less desirable. I think some people may have started flagging whole articles when the discussion has "too many" comments they dislike. I can't prove this, of course.

karussell 1 day ago 0 replies      
> HN comments are terrible.

The truth is that more articles than comments are waste of time (as comments are often a lot shorter or simpler to grasp) so I have to disagree here: I often find myself reading the comments before clicking on the article to save me time. And I'm not the only one.

Jaruzel 1 day ago 1 reply      
Zero criticism here - I love danluu.com posts[1], but ...

Who is he? And why does all of his posts get massively up-voted?

Thanks in advance, from an ignorant chimp. :)


[1] However, a little bit of CSS sprinkled on them wouldn't go amiss - even just 'max-width' would help a lot.

soufron 2 days ago 0 replies      
I feel the same. Most often, the comments are way more interesting than the links they're commenting. This led me to calm down on commenting all the time, coz I felt like I needed to try to make good quality comments in order to compare favorably to the rest of the discussion, and to contribute to the community. I wonder if others feel like this and decided to restrain on commenting?
egeozcan 1 day ago 0 replies      
Of course the top comment can sometimes be positive. For example when the article is about HN itself.

On a more serious note, I guess most people in the tech crowd can make a 5-item list of why HN comments suck and that is exactly the power of HN comments.

anythingbot 1 day ago 0 replies      
I would like to propose wikipedia edit history and comment deletion milestones for the hn comment system, and in addition, a comment redaction facility that works like redaction of classified documents.
yanjuk 2 days ago 2 replies      
A way to reduce disruptive comments might be to make one downvote cost one karma point.

Down-voting should be for disruption, not ignorance. Ignorant comments are fine. Get them out there so they can be aired and corrected. Laymen get to know what they think. Experts get to know what laymen think. Occasionally there's a good idea.

Talk is cheap and we should do more of it. The alternative is people being far more ignorant than they already are. But silently, in private, with more potential for harm.

jordanpg 2 days ago 1 reply      
The bellwether of a bad but possibly technically interesting HN comment is one that begins with a humblebrag: "One time a Fortune 500 company hired me to re-write their entire web tier using Django" or "last year, for fun, I wrote a fully-functioning TLS implementation in node".

Such nonsense (or at best, unneeded information) is intended to provide credentials so that the reader will take what follows more seriously. But ironically it only serves to erode confidence.

throw2016 1 day ago 0 replies      
I miss the deep expertise often on display on forums like slashdot in the past which is conspicious by its absence here.

In many ways this is more of a professional board than a personal board. A lot of folks here are in the profession and don't seem to speak their mind, lest they lose career opportunities. This also seems to promote an affection of expertise and authoritative tone even on subjects commentators may not know much about.

There is offhand dismissal of dissent as 'resistant to change' and a serious lack of scrutiny that often allows broken technologies and services to be hyped endlessly untill people come back months or years later to report deficiencies but by then the train has left the station.

And any forum that promotes downvotes to signal dissent cannot by design promote diverse discussion and will naturally coalesce around a 'socially acceptable' consensus.

jasonkostempski 1 day ago 0 replies      
"Some downsides of immutability"...
Mz 1 day ago 1 reply      
Yet another humanbemoaning the fact thatwhen myriad humansrandomly get together onthe internet, some folksare clueless, some folksare not nice, some folkswrite poorly, etc.There are things that canbe done to improveonline discussion. Butexpecting everyone to beequally knowledgeable,savvy, etc is simply not areasonable expectation.
emblem21 1 day ago 0 replies      
Honestly, I come here just for the comments. I rarely read the articles unless a comment is excited about something arcane.
wfeui3 2 days ago 7 replies      
I lost faith in HN crowd when hyperloop started. California can not even replicate 40 years old TGV, but somehow it will build space-like technology for fraction of price.

And than there are politics. Entire world should accept millions of refugees. But SF is different, and should not even host 400 homeless who arrive every year.

internaut 2 days ago 4 replies      
kimshibal 2 days ago 1 reply      
k__ 2 days ago 4 replies      
I follow many people on twitter who dislike HN. Reason for this is opinions here are alsmost entirely from white males with money.
Samsung 'blocks' exploding Note 7 parody videos bbc.com
605 points by Lio  4 days ago   215 comments top 38
nailer 4 days ago 12 replies      
Wonder if the attention put on YouTube here will inspire Google to fix the financial and political 'infringement' takedowns.

Eg, during the takedown process, have something like:

> [ ] I understand that satire and political commentary does not in itself consititute copyright infringement, and that I am not filing this notice on the basis of the video satirizing or making commentary on my copywritten content.

> [ ] I understand that incorrectly flagging satirical or commentary videos that mention my trademarks but do not infringe upon my trademark rights may delay response to future infringement filings.

Or something similar. IANAL. Complainants must tick the boxes to be able to submit.

jMyles 4 days ago 6 replies      
I love you all. :-)

Here we are again, and this thread is full of comments about whether this was afoul of DMCA or whether there's a way to adjust the system so that these claims will be more costly to the claimant.

We need to break open the head here, people! We're scientists, right? Step back from your political ideologies and your fears and tell me what the real problem is with this biological system.

Right: it's that a single actor can make the decision to censor these things. It's fundamentally a weak link problem.

Whether or not we fix DMCA, which I'm sure we will, we need to fix the problem that the weak link exists in the first place. A centralized Youtube will not do for the information age. Our organism must build immunity such that, no matter the tantrums of the state, nobody is capable of giving in and handing over the lollipop.

turblety 4 days ago 7 replies      
By uploading a parody video of a Samsung Galaxy exploding, I don't understand how there is a law being broken? Can someone explain how this is a copyright issue?
abdias 3 days ago 0 replies      
It's a funny story but also shows how pathetic (IMO) some companies and organizations become. They just don't realize the cat is already out the bag. "Damage control" should not be used for censorship. This is clearly fair use (satire).

And in general about YouTube and similar companies: This is what happens when the court principle of innocent until proven guilty is inverted to be guilty until proven innocent.

There is a reason why freedom of speech is the first amendment in the US constitution, and Google (and other companies) should adhere and respect the intentions behind it.

mattnewton 3 days ago 2 replies      
Oh boy, Streisand effect in full swing. Block a YouTube video and now get to the front page of the BBC.
merb 4 days ago 0 replies      
The good thing is, that after they blocked it. It appears EVERYWHERE in the news, so EVERYBODY see's it. Instead of some people (gamer community).

The block backfired.

Jabbles 4 days ago 2 replies      
jnagro 4 days ago 2 replies      
Satire is fair use. Someone should sue Samsung, Get Lawrence Lessig on this!
vlunkr 3 days ago 0 replies      
I feel like the best thing Samsung could do for themselves right now from a PR perspective is just apologize and shut up.
warrenmiller 4 days ago 4 replies      
methinks this will only lead to the barbra streisand effect.
joesmo 3 days ago 0 replies      
This is why we need strict, very harsh penalties for abuse of copyright (and patent laws). This has NOTHING to do with copyright, yet these Samsung assholes file claims with Youtube? How about 1% net revenue fine for every wrongful copyright claim (like, but not limited to, a bad DMCA claim), increasing by 1% (with no limit other than at 100% you lose the business) for every wrongful subsequent claim? But of course, this will never happen. Personally, I see these kinds of attacks as justification for piracy and the willful disobedience of our incredibly stupid laws (in the US).
msh 4 days ago 4 replies      
Is there a major mobile phone producer with lower morals than Samsung?
mooveprince 4 days ago 0 replies      
zeroer 3 days ago 0 replies      
I never would have seen the video without the 'block'. Thanks Samsung, that was funny!
Keverw 3 days ago 0 replies      
I don't know what's the most abused laws are, but I'd say copyright would probably be in the top 10 list if there was such a list. I wish people who abuse copyright takedowns repeatedly would get a large fine. Then the fine should be split between the uploader and service provider. Plus the takedown abuser should have to pay all legal fees on top of the fine.
sidcool 3 days ago 0 replies      
Such attempts have rarely gone successful in past. May be the Streisand effect will be known as Samsung effect
technifreak 3 days ago 0 replies      
Maybe this has nothing to do with DMCA and more to do with Samsung spending millions of dollars in advertising on Youtube (speculation). If one of your major sponsors threatens to pull back advertising dollars, that supports your platform, maybe you bow to their requests. Maybe.
robertjwhitney 3 days ago 0 replies      
Boy, this is really going to blow up in their face.
frostirosti 3 days ago 0 replies      
This is the abuse of the copyright system people warned about and YouTube downplayed.
beedogs 3 days ago 0 replies      
Samsung must really not want to be in the mobile phone business anymore. The dim-witted actions they're taking in regards to these videos will only turn more people off. I for one will never consider a Samsung product now, and not just their mobile phones. They're set to join Sony on my relatively short "do not buy" list.
jaimehrubiks 3 days ago 0 replies      
So this means that Samsung could ask that any video which shows their phones to be removed from the internet? Because it is a copyright claim...
vermontdevil 3 days ago 0 replies      
Like it'll work?

With Halloween coming up, expect plenty of pics and videos of people wearing Samsung Note 7 wrapped around them as a suicide vest.

Pyxl101 3 days ago 0 replies      
Here are a couple of the videos with what I believe is the content:



Vaebn 3 days ago 0 replies      
Naturally I now want to see all of them.
hyperhopper 3 days ago 0 replies      
There seems to be a lot of people saying the government should do something about this.

Keep in mind, this is not related to DMCA or copyright at all: this is a software system in use by a private company. No laws were broken, it is just extremely scummy behavior.

jmclnx 3 days ago 0 replies      
I guess Samsung will keep a lonely Sony company on my "do not buy list", too bad. BTW, in the US, last I heard Parodies is a protected form of speech. So I think DoctorGTA has the law on his/her side (assuming he is living in the US).
smegel 3 days ago 0 replies      
How do you say Streisand Effect in Korean?
zelon88 3 days ago 0 replies      
Have they never heard of the Streisand effect?
jamesjyu 3 days ago 0 replies      
I even heard Obama making a quip about the Note catching fire. Are they going to send him a reprimand as well? :)
Gaelan 3 days ago 0 replies      
Better title: Samsung sends copyright claim for exploding Note 7 parody videos
teekert 4 days ago 1 reply      
I love such news, their comment threads are the best source of funny Note 7 jokes :)

I can't find it now but I saw an image of a terrorist with a Note 7 belt under his jacket. Nice.

Why can't they think of a fun way to deal with this PR disaster, how hard can it be? Jeez what are they thinking??

aerialcombat 3 days ago 0 replies      
Typical Samsung
haterz187 3 days ago 0 replies      
I would love a note 7
andrewclunn 4 days ago 0 replies      
Internet censorship concerns, video games, faulty technology, and a big tech firm threatening legal action... No wonder this is top ranked on Hacker News.
gok 3 days ago 2 replies      
Why would Google want to leave up a video that ridicules their top hardware partner? YouTube isn't a public service.
siculars 3 days ago 0 replies      
These people are so dumb and just don't get "it." Samsung is so dumb, they are very dumb, for real. So dumb, so dumb, so dumb, so.... they climbing in your windows trying to rape your GTA and youtube accounts. ([0])

All this is going to do is encourage tens of thousands of young kids to figure out what things like "DRM", "free speech", "EFF", "privacy", "copyright" and the like mean. Maybe we get a few good lawyers out of this, a lot of great parody and a lot of great art.

[0] https://www.youtube.com/watch?v=mEAKsaQOCpQ

Adding a phone number to your Google account can make it less secure vijayp.ca
587 points by vijayp  4 days ago   291 comments top 64
exelius 4 days ago 9 replies      
> I'm curious [...] why Google doesnt temporarily disable accounts so impacted until a human reviews activity.

Because Google doesn't have humans reviewing anything unless there's a direct link to marginal revenue/cost avoidance attached to that interaction that can be priced in. Their business model is to achieve scale through automation and machine learning; which means not doing things that would require manual intervention unless absolutely required.

Explicitly, this means that for free services like Gmail, humans aren't involved. Ever. Try getting support for a Google product and you'll see what I mean -- there's not even a phone number to call or an e-mail address unless it's a paid product (and even then, they've got a less-than-stellar reputation for support of paying customers).

balls187 4 days ago 8 replies      
Recently my wife, without any identification, went to Tmobile and was able to have my account automatically canceled and added to a new joint family account.

She went with my knowledge, but TMobile never called to confirm.

After which my phone no longer had service, and I had to install a new sim card prior.

While she did this with my knowledge, I no longer have access to make changes to the account, until she adds me to the list of authorized people, and I lost all my voice mail.

It's very disturbing that she could do this, without any sort of checks and authorization.

Also, FWIW, my wife and I do not share a last name, and she did not provide anything other than my phone number to TMobile. She was a new Tmobile customer, and I was an existing customer, albeit on a very cheap pre-paid plan.

Sir_Cmpwn 4 days ago 1 reply      
>Eventually, with the help of Googles customer support and some ex-colleagues who still work at Google, Bob was able to get his account back.

I bet I know which one of these resources was more important.

x1798DE 4 days ago 5 replies      
I don't think it's possible to make a Google account without a phone number anymore. It's really unfortunate, especially because I deliberately don't set up fallback contacts for my "alternate" gmail accounts, and Google keeps locking them as suspicious when I log in from a second location, and I need to "verify" with a phone number any time that happens (at which point I abandon the account).

I understand that they want to fight spam, but I'd be willing to spend 5 minutes doing captcha type activities in exchange for not requiring a phone number, and that should pretty severely rate limit account creation.

jcoffland 4 days ago 3 replies      
> This pattern seems like something security software should be able to detect: a password reset with incomplete information, followed immediately by a change in recovery email, name, and two-factor-auth settings, coupled with a my account has been compromised help request is highly suspicious.

This series of events could easily occur in legitimate cases. Say you lose or destroy your cellphone. Since you only ever logged in via your phone you don't know the password. Your recovery email was attached to a service you don't use because you normally use gmail. I'm not saying this scenario is a good idea just that it's probably quite common.

As a software developer I often hear from well meaning users that are appalled that software didn't do-the-right-thing in some complex scenario that appears to have an obvious solution because the desired outcome in obvious. In reality, handling the corner cases is complex. Adding these obvious solutions to the code easily leads to even worse situations.

nchelluri 4 days ago 2 replies      
What I recall reading over the last year is that:

- phonelines can be hijacked (this article)

- DNS can be hijacked in a similar manner

- SMS can be hijacked (for 2FA via text message)

I guess 2FA using an authenticator app is the way to go for now. Do you guys agree with the removal of backup phone numbers recommended here? Seems reasonable to me but scary; I've lost my phone(s :( ) before. I do have backup codes generated though.

Pym 4 days ago 0 replies      
It's not the first time that Verizon transfers an account like this...

Have a look at this other story from last month, "On Phone Numbers and Identity":

- https://medium.com/the-coinbase-blog/on-phone-numbers-and-id...

- https://news.ycombinator.com/item?id=12597609

"It turns out the attacker was able to impersonate the employee on a call with Verizon"

peterjlee 4 days ago 0 replies      
Once I had my SIM card stuck in my phone. So when I wanted to use a different phone, I bought a new SIM card kit online and brought it to a T-mobile store. I told the clerk my SIM card is stuck in this phone so I want to transfer my number to the new SIM card. He asked for my phone number then scanned the new SIM card and transferred the number. I didn't have to provide any identity or proof that I actually own the number. It's scary how easy stealing someone's phone number can be.
wfunction 4 days ago 1 reply      
Kind of related, but any Googlers here? Can you please make Google send notifications whenever someone tries to log in to an account and is required to do anything other than typing in their username/password? I REALLY should know when someone is trying to respond to a 2FA prompt or answer my security questions or use SMS or email to reset my password... it's ridiculous that these don't all result in emails right now.
proee 4 days ago 0 replies      
Another issue with sending Google verification reset codes over SMS is that a lot of "Google Phones" allow for viewing text messages/headers while the phone is "locked." Therefore if you leave your phone (even for just a few seconds), someone could quickly gain access to the reset vectors. In looking at the DNC leaks for example, if an attacker had the phone number of a high-profile target, locates them in person, and then execute a reset "event", they're now in very serious jeopardy, assuming attacker gets physical access to the target's phone for just a few seconds. (Edit: Attacker might have the ability to also view their phone through a high-resolution camera(s) as the target pulls up the text message. Thus allowing attacker access to codes without physical access to device.)
jsingleton 4 days ago 0 replies      
If you are ever required to give a phone number but don't want to then you can use an official fictional one. This means no-one else will have access to it (or be annoyed by it). Same with email addresses.

If you need access then you could use https://smsprivacy.org or https://dtmf.io. I've not tried these though. Or of course you could build something yourself with https://www.twilio.com or https://www.nexmo.com.

I wrote a bit about this here: https://unop.uk/phone-numbers-for-examples-and-user-identifi...

throw7 4 days ago 2 replies      
Google seems to think phones are very secure:


Why mobile phones are more secure

Your mobile phone is a more secure identification method than your recovery email address or a security question because, unlike the other two, you have physical possession of your mobile phone.

FullMtlAlcoholc 4 days ago 0 replies      
>Eventually, with the help of Googles customer support

That he was able to contact someone at customer support for his Gmail account was the most amazing thing in this article!

> and some ex-colleagues who still work at Google,

:( That's why

cantrevealname 4 days ago 1 reply      
Using a phone as a login credential is risky from a reliability point of view. At least with passwords and security questions you can (in theory) have 100% dependable access to them anywhere in the world if you memorize them, back them up, or put them on an encrypted USB flash drive or in an encrypted cloud location.

You can't do that with a phone. You can't duplicate your SIM card. If your phone is lost, broken, stolen, or your service is cut off or unavailable for whatever reason, you're screwed. At least with passwords, security questions, or hardware tokens (of which you can have several), you maintain reliable access no matter what if you've made backups.

throw2016 4 days ago 0 replies      
I think with centralization comes control, arbitary rules, surveillance, potential for abuse of power and loss of end user control.

The fact that it keeps on becoming more and more difficult for individuals to run mailservers cannot be a coincidence.

The solution is decentralization at least for things like reddit, mail, search, social and other similar services. Multiple discrete 'old style' forums, search services, email providers and individual servers with dispersed control cannot be easily silenced, surveilled or subject to arbitary rules.

I think the usual response is people don't care but I think that's because they don't know and may not have stopped to consider the consequences. And perhaps more important before they didn't have to care. Now increasing creepiness from centralized providers means sooner or later users will wisen up.

If parents for instance become concerned about privacy issues they will go out of their way to protect their children and this can lead to new more privacy aware services, rules, and distributed applications. It also makes centralized unicorns based out of SV less of a desirable thing.

keyme 4 days ago 1 reply      
This doesn't even take into account how inherently insecure are actual mobile networks. Human factor notwithstanding.

Using GSM? Your recovery code is sent essentially plaintext over the air.

Think you're not using GSM? I'll just follow you around until you are (say, if you go out of town).

Since I'm already following you around, maybe I'll just jam your 3G/4G for a minute. Save us the waiting around.

Disabling 2G on your phone is a shitty solution. I want to be able to receive calls/SMS even if it's insecure.


My account -> Sign-in and security -> Signing in to google -> Account recovery options -> Recovery phone -> Remove number

SamBam 4 days ago 0 replies      
One thing that I don't see mentioned: The attacker doesn't need to know the victim's email address or even name, if they have a compromised phone number.

If you go to mail.google.com and say "Find My Account," you can enter a phone number directly, and then proceed with SMS-based recovery, if it's enabled.

This means that any time an attacker gains access to a phone number, they can plug it into gmail and fish to see if they can break in to an account.

willvarfar 4 days ago 0 replies      
Phone diversion can also be used to confirm large bank transfers; this happened to a friend of mine in 2012 http://williamedwardscoder.tumblr.com/post/24949768311/i-kno...
cupantae 4 days ago 0 replies      
Huh. I wonder if the author had seen this video https://m.youtube.com/watch?v=Q00OZ_Xk24w which describes a similar story and recommends a solution based on the same factors (2FA on a number no one knows under a fake name).

But anyway I don't understand why he thinks it's some kind of shocker that this makes it less secure. It's another access method. Recovery options are obviously attack vectors.

zitterbewegung 4 days ago 6 replies      
Adding a phone number that people KNOW about can make it LESS secure. A workaround is to get a phone number that is only used for identity verification and not given out to anyone.
darkhorn 4 days ago 2 replies      
In Turkey, if you apply for a new SIM card (let's say you have micro and you want nano) then you cannot access your bank account (for example Garanti Bank, probably other big banks too). Doesn't matter whether you try to access the bank via your PC or phone or via your home telephone, a massage appears saying that your SIM card has been changes and thus you need to re-validate yourself. So, this means that the banks and mobile operators share data.

Plus, if you apply for a new SIM card and you have a changed information in your ID, such as your father's has changed his name or you have corrected your birth place, then your ID is send to the government and only when the government gives a permission then they can give you a new SIM.

If you are not the owner of the SIM card no one talks to you.

If you want a new phone number then you must register with your ID.

andyana 4 days ago 0 replies      
Two years ago, I added a friend on to my phone plan so that he could call his sick mother. I made it clear to Telus (my carrier) that he should not be able to modify the account or discuss account details with them, and they assured me that he wouldn't without both my PIN and express permission to add him to the account administrators list. Three months later he walked into a Telus store and got a new iPhone with a 2 year contract on my plan. When he stopped paying what he owed, guess who got stuck with the early termination fee?
angry-hacker 4 days ago 2 replies      
Can Americans explain me how can you just do things like that by calling customer support? Wouldn't it make more sense to go and show your ID if you want to make changes like that?
abandonliberty 3 days ago 0 replies      
These are recovery options. By definition they make your account less secure by adding additional entry points for both you and a potential attacker.

I have 2 factor enabled and did some testing.

Security optionsAccountRecovery email (phone # disabled)2 factorRecovery phone #, backup codes

All of these require you to provide them. Phone number is given as XXX-XXX-XX12. Email is userna*@domain.com.

Failing all of those options, Google asks you to provide an associated email to help with recovery. It then provides a freeform text field for you to explain the situation and expect a response in 3-5 business days. If you have a secondary less-secured email address this could be a viable vector.

tl;dr two factor seems to add an additional layer of security / accounts that an attacker would have to compromise if appropriately configured. Recovery options weaken your security and you should be cautious when configuring.

camupod 4 days ago 1 reply      
Does anyone know anything about the security with regard to using other providers (e.g. twilio or google voice) as a recovery number?

Let's say my recovery number is actually a google voice number that's connected to a separate google account, but not forwarded to my actual cellphone (i.e., I'd have to login to my other google account to view the recovery code). Thoughts?

billconan 4 days ago 1 reply      
I have this weird thing in my google account.

When I set up my 2 way authentication, I noticed my account has a phone number added, which I don't recognize at all. The phone number has a Florida area code. I have never been to Florida. I emailed google about this, asking how the number was added? I didn't get any reply.

nfriedly 4 days ago 0 replies      
I think that for a lot of people, the added access is worth the security risk: they're more likely to forget their own password than to be hacked.

One of my moms friends had gone through the Gmail password reset process a few times, but she but she called me one day kind of frantic because she could no longer reset her password (or remember the old one).

It seems that previously Google had allowed either a phone call or an SMS to the phone number on her account, but had recently taken away the call option. Her phone was a landline that couldn't receive SMS messages.

She didn't have (or couldn't access) a backup account and couldn't remember the answers to any of her security questions, or at least not enough of them.

I think she just gave up and switched to Yahoo.

leesalminen 4 days ago 0 replies      
I bought a Yubikey for $40 and now use that as my second factor for my Google Accounts. It's quite durable and fits on my keychain. Love it!
iconjack 1 day ago 0 replies      
Well of course it makes your account less secure. It's another attack vector. As shown in the post, Google doesn't say add a phone number "to make your account more secure", it says "so you don't get locked out". Intuitively, making it more difficult to get locked out of your own account would likely make it easier for someone else "not to be locked out" of your account.
hash-set 4 days ago 1 reply      
I always thought Google was trying to tie your gmail account back to a cell phone number so they could help end anonymity on the Internet. Or else give the information to the NSA or something. I'm trusting Google less and less these days.

At the very least, Google should not have come out in favor of a particular Presidential candidate. Corporations have become incredibly powerful entities, able to affect the lives of all their employees and many others. If they can't wield this power ethically, they need to be shut down or we risk suffering under fascism.

metabren 4 days ago 0 replies      
I imagine adding a phone number to your Google account is more about Google having a particular phone number explicitly linked to an account for their information graph rather than for security reasons.
baybal2 3 days ago 0 replies      
This is how Russians hacked social media accounts and public emails of British MPs last year.

It is assumed that they procured IMSI IDs of MPs from open sources (databases of gaming companies (this why Google lets apps to read your IMSI) or advertising cookie brokers).

Then, they used Russian cell phone networks to announce a Roaming transfer of their phone numbers from BT to them and then used an SMS login and password recovery from their Snapchats/Twitters/Whattsups. Once they logged into them, it is believed that they downloaded past conversations and other data through synchronisation APIs.

Back then, Google only confirmed that they did sent a recovery SMS to one account, but hackers didnt manage to answer a security question. This probably deterred them from attempting to try the same trick on Google accounts of other MPs whose numbers they pwned, or maybe Googlers simply made that up to cover their asses.

Amazingly, many cell operators dont check the digital signature on roaming requests, nor require the roaming counter-parties to pass them through.

chris_wot 4 days ago 0 replies      
Two factor auth using SMS us increasingly becoming a risky option. For not I have it on my personal accounts, but I'm considering changing over to Google Authenticator.
bikamonki 4 days ago 0 replies      
Google fills my droid with bloatware. Even worse: all of Google apps will not work without Google Play Services which is a super abusive app: among other things, it logs ALL MY ACTIVITY 24-7. So, if Google already runs apps with such privileges, why not adding a small app that mimics Whatsapp SMS verification. After verifying that a given SIM is installed on the phone where my Google account has been authenticated, it can establish a secure tunnel to send me 2FA codes. If a hacker would clone my SIM and even have my Google password they can prevent login until I grant permission from the first install/verification. Should I lose/change my phone, Google would not allow a second verification unless a pin is entered (which I created on the first SIM verification). Another aproach that avoids the pin number would be a delay before authenticating the second install. If I get 24hrs and a notifcation that I have logged-in on a second device, I certainly have enough time to fix any possible hack.
buyx 4 days ago 0 replies      
SIM swap fraud has been common in South Africa for years, and bank accounts were being cleaned out before the cell networks tightened their procedures. Yet I've started to see reports of similar scams in the developed world.

I'm surprised that anyone is surprised by this. Perhaps the time has come for a more global approach to security.

rohitarondekar 4 days ago 0 replies      
Would using a dedicated phone number (sim) that is not shared with any other service protect you from this? Basically nobody besides Google and you would know of this number. In India dual sim phones are very common and I've been thinking of getting a second sim (phone number) for this purpose.
mtgx 4 days ago 0 replies      
Google does another stupid thing (or at least it used to do two years ago, but I think it's still doing it): when you pick Google Auth for 2FA, and for some reason you can't use it, you can still login to your account with an SMS code...

Like WTF Google? Any attacker could just as easily do that, too, anytime they want. As long as this remains true, Google Authenticator (or any other Google security measure that could easily by bypassed this way with SMS) has literally zero advantages over SMS, while retaining the disadvantages of being less convenient to use, etc.

walrus01 4 days ago 0 replies      
SS7, phone numbers and telco stuff are built on trust, with a 1970s/1980s business model when the only people messing with the system was the ILEC.

It's trivially easy to fake scanned documents proving that you're authorized to port a phone number from one service to another. In this case there was probably no SS7 messing about at all, just somebod falsifying the info or socially engineering his cellular carrier to transfer the number to a new phone. Mitnick's "Art of Deception" book is an authoritative resource on this problem.

josefresco 4 days ago 0 replies      
"there's not even a phone number to call or an e-mail address unless it's a paid product"

Well duh. What kind of support should Google offer to almost a billion users that pay nothing for the service?

"(and even then, they've got a less-than-stellar reputation for support of paying customers)."

Not from my experience. Have had to call them a handful of times on behalf of clients. A human always picked up quickly, and resolved my issue or answered my question. Also followed up.

whyagaindavid 4 days ago 0 replies      
@vijayp Please retitle your post to add "In North America, anyone can take anyone's phone number". BTW arent any of hackernews readers worried?
spiznnx 4 days ago 1 reply      
What are the security implications of using my google voice number as a backup phone number to my google account (the same account)? I've been doing this for a few years, and its been very convenient. Basically, any time I need to log in with a new browser or device, using the number for two factor SMS gives me codes on all other logged in gmail windows, and on my phone.
johnjhayes 4 days ago 1 reply      
>Bob didnt have multi-factor authentication enabled

even if enabled, if it was set to send the code as sms it would go to ... the phone :-\

pm24601 4 days ago 1 reply      
I wonder if a landline is more secure from transfer?

Anyone know if the procedure for transferring landlines is more painful for fraudsters?

Spooky23 4 days ago 0 replies      
I wonder if having having a really shitty prepaid carrier for this purpose or a commercial account is a viable strategy?

A lousy MVNO is impossible to contact in any situation. Usually with business accounts the carrier refuses to talk to anyone except the designated account manager.

dragonwriter 4 days ago 0 replies      
AFAICT, and this is supported by the Google screenshot shown promoting the feature, Google doesn't say the phone makes the account more secure, it says that it makes the account more usable, since it provides a way to recover from lockouts. This is one of many cases where usability and security aren't aligned.
gambiting 4 days ago 0 replies      
Ha! My telco in UK(giffgaff) does not have any phone customer support, so the only way anyone could ask for an account transfer would be through a webform....after logging in to my account. Doing which would also send a notification to my email address. Feels slightly safer now.
mercora 4 days ago 0 replies      
i always failed to see why adding a phone number would be somehow more secure. However, i also knew this kind of attack was somewhat common for German online banking accounts using SMS TAN because service providers were easily convinced to send a new (second) sim card to a new address they would never heard of before.
DINKDINK 4 days ago 0 replies      
Another case of an attacker using phone porting to attempt to compromise accounts:https://medium.com/the-coinbase-blog/on-phone-numbers-and-id...
haser_au 4 days ago 0 replies      
TLDR: Telcos really are the weakest link, and you should not rely on your mobile phone number for 2FA.

Background: I have worked in IT Security at an Australian bank, and had close ties to the Internet Fraud department to help them understand fraudster's tactics.

Many banks use SMS for 2FA. Australia has a law regarding how long it should take customers to switching telco providers (called 'Porting' because your retain your phone number), and the timeframe in which this must be completed (90% within 3 hours, 99% within 2 business days). If the Telco doesn't complete in this time period, you can raise a complaint to the Telecommunications Industry Ombudsman.

Example: If you are currently with Telco A, to port your number to another company, you call Telco B and provide your details. They take care of the porting process, and you can have your service running on a new phone and SIM within 3 hours.

"All you need to have with you is your mobile number, the name of your old mobile provider, your account type (pre- or post-paid) and your account number. We'll handle the porting process from there. It can take from three hours to three days, but we try to do it as fast as we can."Source: https://www.cnet.com/au/news/switching-telcos-easier-than-yo..., 2012

To make matters worse, the fraudsters would then change the details at the new Telco B (i.e. my address is now 123 Rainbow Road, and my mother's maiden name is Smith, not Jones). When the victim called Telco B, when Telco A told them a porting request had been completed, they'd say "Sorry, we have no idea who you are and the details you're providing don't match our records". It can take days to sort the whole thing out, by which time, your Internet Banking has been compromised and funds transferred out.

This was a major problem for Australian banks, because they cover the losses for customers if you lose funds as a result of Internet Banking, as long as you weren't negligent (e.g. you left your Internet Banking logged in on a public computer in a library, or something).

If you are relying on your telephone number as a security mechanism, I would change to something else. Something you have, ideally (Google Authenticator, a physical hard token, etc.).

Sources:ACMA Porting Rules for Telcos: http://www.acma.gov.au/Industry/Telco/Numbering/Portability/...Example A: http://lifestrategies.net.au/wp-content/uploads/2015/03/Marc...Example B: http://www.itnews.com.au/news/45k-stolen-in-phone-porting-sc...Example C: http://www.news.com.au/finance/business/banking/customer-sca...

ww520 4 days ago 0 replies      
The phone companies have horribly bad security practice. I once had a phone number taken over by someone. When asked, the phone company just said, oh, someone called in and wanted to take over the billing of the account, so we let him. WTF.
codedokode 4 days ago 0 replies      
This is serious problem. In some banks having access to a phone allows the attacker to login into a web client and transfer money from the account. And many web services rely on SMS as a method to restore the password.
yAnonymous 4 days ago 0 replies      
If telco providers are not taken to court for the damages caused by changing plans without any verification, why should they change their practices?

Complaining on the internet won't help in this case.

sairamkunala 4 days ago 0 replies      
Doesn't google voice or a static number from Twilio solve the problem if one cannot get the service that is required from Google free accounts?
shawn-butler 4 days ago 1 reply      
Is it possible to sue Verizon, TMo, ATT for their failure to to adhere to their own security practices for damages subsequent to a hack?

I think someone should try.

syphilis2 4 days ago 0 replies      
Are there any startup email services that provide time-synchronized one-time-use passcode dongles with each account?
awqrre 4 days ago 0 replies      
And Google uses dark patterns to incite you to add a phone number and a credit card number to your account...
nameisu 4 days ago 1 reply      
they only respond to charge backs from credit cards
sumitgt 4 days ago 1 reply      
As a Project FI user, not an option unfortunately.
bitmapbrother 4 days ago 1 reply      
>While Bob didnt have multi-factor authentication enabled, he had also heeded Googles suggestions to add a backup phone number to bolster security.

Ah, there it is. No two factor turned on.

hakcermani 4 days ago 0 replies      
"He used a very strong password (which was never used elsewhere)"

Am wondering .. how was the attacker able to compromise the account ?

emeidi 4 days ago 1 reply      
I stopped reading here: "While Bob didnt have multi-factor authentication enabled"
ChoHag 4 days ago 0 replies      
And this is a surprise because ... ?
esalman 4 days ago 2 replies      
How did Verizon move his services to an iPhone 4? Does it mean the attacker had physical access to his phone?
kibwen 4 days ago 3 replies      
I've also noticed that there's something very surprising about how Google has implemented their 2FA. When I log into Gmail from a new computer, it does not text me an authentication code and then lock me out of the account until I enter the code. Instead it lets me into my account immediately with only a password, and then sends my phone a notification that someone has logged in from a new computer. Ignoring this notification has no consequence for the logged-in computer. Convenient indeed, but this is really not how I expect 2FA to work, and does nothing to prevent an attacker from reading the contents of your emails or sending fraudulent emails with nothing but a password.
Ask HN: What is your favorite internet rabbit hole?
918 points by karim  1 day ago   430 comments top 182
IsaacL 22 hours ago 8 replies      
I posted a list of them a while ago. For several years I was interested in alternative worldviews -- grand sweeping theories of reality. Here's my list:








Enjoy :)

r0m4n0 21 hours ago 24 replies      
Browsing medical diagnosis codes... https://www.cms.gov/Medicare/Coding/ICD10/2016-ICD-10-CM-and...

Some of the most mildly interesting:

V9543XD Spacecraft collision injuring occupant, subsequent encounter

W5602XD Struck by dolphin, subsequent encounter

X35XXXD Volcanic eruption, subsequent encounter

X52XXXD Prolonged stay in weightless environment, subsequent encounter

Y0881XD Assault by crashing of aircraft, subsequent encounter

analogwzrd 1 day ago 3 replies      
For me, it's definitely Ribbonfarm:http://www.ribbonfarm.com/

I stumbled into Venkat's blog about two and half years ago and I'm still trying to find my way out. The rabbit hole gets even deeper when you look at his list of recommended reading. The material on John Boyd and OODA loops in particular has been bouncing around my head for about a year. Ribbonfarm quickly turns into a choose-your-own-adventure type of experience as it's very easy to bounce between articles and start looking everything that you don't know.

If you're interested in getting below the surface level of how organizations, teams, and business cultures work Ribbonfarm is the best place I know of that really digs into the details. If you're expecting the typical "be a leader, not a manager" platitudes, then you'll be disappointed.

octo_t 1 day ago 1 reply      
My current rabbit hole has been the world building stack exchange (http://worldbuilding.stackexchange.com/) which is (ostensibly) for writers working out scientific or historical justifications for the worlds they invent.

Some of the thought that goes into answers is really cool. Good ones from recently are:

- http://worldbuilding.stackexchange.com/questions/59175/what-...

- http://worldbuilding.stackexchange.com/questions/59171/is-th...

- http://worldbuilding.stackexchange.com/questions/58745/stand...

WCityMike 19 hours ago 2 replies      
TV Tropes is the definitive rabbit hole: http://www.tvtropes.org

For me, a close follow-up is the SCP Foundation:http://www.scp-wiki.net/

brightball 21 hours ago 2 replies      
The US Civil War has been mine for the last couple of years. The sheer volume of history and contributing factors, decades of build up, aftermath, affects on the US today, etc. My goodness, the economics of the whole thing are just fascinating.

All the internet debates I saw when the confederate flag came down got me really interested in how so many people could know TOTALLY different things about the most historically significant event in the country.

Now I've got about 12 books covering things in different ways (and there are so many more). Thanks to the Library of Congress and Google's efforts to scan books it's really easy to check citations as you read when you're having those "There is no way that's real" moments followed by "Holy crap! That's real?!?!"

The whole thing has sparked an overzealous interest in history, which is the subject that interested me the least when I was younger. Now I give serious consideration to pursuing a doctorate one day with the aim of being a History professor when I get closer to 50 (which is still a decade or so off).

msluyter 1 day ago 6 replies      
Slate Star Codex: http://slatestarcodex.com/, for a lot of interesting socio-philosophical discussion on a variety of topics.

Meditations on Moloch is one of my favorites:


hexane360 22 hours ago 1 reply      
Things I won't work with: http://blogs.sciencemag.org/pipeline/archives/2011/11/11/thi...

Accident reconstruction/investigation videos. NTSB, CSB, and OSHA have some really in-depth ones:https://youtu.be/tMsjJWJFBbAhttps://youtu.be/gDTqrRpa_ac?list=PLUXYDid45duP-lg8Kh_hSw841...

Also, +1 for TV Tropes

Edit: Also, http://www.scp-wiki.net/ has some classics.

tartuffe78 1 day ago 4 replies      
TV Tropes is always good: http://tvtropes.org/
yoloswagins 20 hours ago 2 replies      
I'm partial to everything2.com. Back in the early 00's, everything2 tried to be a Wikipeida, where people could post multiple entries on a topic. The best part is reading 16 year old, long form essays about places. The recent stuff is short stories, but the essays of the bay area from the peak of the bubble are fascinating.


* http://everything2.com/title/The+NoCal+Super+Layoff+Unemploy...

* http://everything2.com/title/San+Mateo+bridge

rdtsc 20 hours ago 3 replies      

Discover new command line utilities or combinations of them to solve various things. Learned all kinds of useful stuff. Things like I know but always forget about:

 python -m SimpleHTTPServer
To server the current directory on port :8000

Then there is silly stuff like:

 dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp
To output your microphone to a remote computer's speaker [note: you probably shouldn't be using arcfour in general for ssh, and it might be disabled on your site].

bsandert 23 hours ago 4 replies      

Which contains (apart from the obvious Murphy's law and Occam's razor) such pearls as the Peter Principle, the Dunning-Kruger effect, and Hofstadter's Law. 20+ tabs guaranteed!

qwertyuiop924 22 hours ago 1 reply      
TVTropes is the big one, the vortex from which all other rabbit holes stem.

The SCP foundation is also excellent, and The Digital Antiquarian is my new favorite.

Fallen London is a browser MMOCYOA on steroids, and it's glorious.

The Jargon File (before ESR ruined it with the latest round of updates) was amazing, and still is great fun.

Bash.org is another classic rabbit hole, although far from the best for that purpose.

And Youtube contains many rabbit holes, but my favorite by far is Tom Scott's youtube channel. Also of note is Tom & Matt's Park Bench, where he vlogs with Matt Grey on a semi-regular basis, Yahtzee Crowshaw's channel, where he used to play games with Gabriel Morton in his "Let's Drown Out" series, and Channel Awesome. Just, all of Channel Awesome.

rpeden 19 hours ago 0 replies      
I enjoy listening to simulated activations of the EAS (Emergency Alert System) on YouTube. A few interesting ones:

Nuclear Attack: https://www.youtube.com/watch?v=JZIynuYDRVA

Alien Invasion: https://www.youtube.com/watch?v=FKre_8rufrw

Russian Invasion:https://www.youtube.com/watch?v=lYOlnuxZzNQ

Clown Sightings: https://www.youtube.com/watch?v=ZUugY4VfgZc

I always find the EAS activation tone to be kind of bone chilling (which I suppose is its intention). I hear it so infrequently here in Canada that it really grabs my attention immediately.

Listening to the fake ones online probably makes it worse, though. When I heard the emergency alert tone come on the radio while driving from Toronto to Ottawa, I checked the skies for UFOs. Ended up just being a tornado warning. :)

adrianN 1 day ago 3 replies      
Secure Contain Protecthttp://www.scp-wiki.net/
diyseguy 44 minutes ago 0 replies      
Back when the web was younger and sillier, I used to spend many enjoyable hours reading toastpoints (now defunct). But you can find archives of the limerick and bad fiction writing contests: e.g.: http://toastpoint.wordandpicture.com/limerick/limerick.html.
dopeboy 18 hours ago 0 replies      
https://en.wikipedia.org/wiki/World_War_II easily.

I grew up when the History Channel was nicknamed the "Hitler channel". I've read Manchester's the Last Lion, Shirer's The Rise and Fall of the Third Reich, and will soon be ordering Ullrich's Hitler - Ascent. Saving Private Ryan is in my top 5 favorite movies of all time.

This is currently my wallpaper: https://upload.wikimedia.org/wikipedia/en/thumb/5/59/US_Army...

comboy 18 hours ago 1 reply      
https://urbit.org/ - deep and exciting one

This article [1] is a good start even though it's 6 years old. It's not vaporware anymore, I haven't checked it in a while, but it seems to be actively developed.

If you feel that you've learned enough programming languages that you have a problem finding anything new this may give you some dopamine.

1. http://moronlab.blogspot.com/2010/01/urbit-functional-progra...

jttam 21 hours ago 1 reply      
The Bureau of Labor Statistics (http://www.bls.gov/) is just fascinating enough and just badly organized enough that I never seem to be able to get to the same useful piece of information twice. And thus I constantly find myself looking at other interesting facts about the US labor force.
tghw 17 hours ago 0 replies      
Reading medical study meta-analysis published by The Cochrane Collaboration[0]. There's some fascinating results that run counter to current medical advice.

For example, "Vaccines to prevent influenza in healthy adults" concluded, in part: "Vaccination shows no appreciable effect on working days lost or hospitalisation."[1]

[0] http://www.cochrane.org/evidence[1] http://www.cochrane.org/CD001269/ARI_vaccines-to-prevent-inf...

roberthahn 13 hours ago 0 replies      
Back in the mid 90's there were 2 rabbit holes I loved to visit. One of them was the Monty Python website :-)

The other one I haven't been able to track down. I'm hoping someone here can tell me what happened to it. It was an art site called "The Place" hosted by a university in Canada. It was a mixed media site with art, poetry and short stories. Does that ring a bell for anyone? I loved that site and wanted to visit it again many times. But "The Place" is a difficult term to search with these days.

jackhack 23 hours ago 2 replies      
Atlas Obscura - a collection of the world's most interesting/peculiar, and downright strange places. It's like a marriage of a world map + Ripley's Believe it Or Not.


cessor 17 hours ago 2 replies      
I enjoy rabbit holes with much less meaning, such as:


The last one is great. I once discovered this gem:


visarga 9 hours ago 0 replies      
I listen to Robert Greenberg's classical music appreciation audio courses. He has published courses on Bach, Mozart, Beethoven, Liszt, Schumann, Mahler, Verdi, Wagner, Stravinsky, Tchaikovsky and also on horizontal subjects such as orchestral, piano, opera, baroque music, romantic music, symphony and quartets (and much more).

Sample: https://youtu.be/whgu7nX0sZc?t=522 (debunking some Shostakovich myths)

Greenberg is a gifted speaker, a composer and and music professor himself. He's sharing with us a burning passion for everything classical. If not for the informational content, then at the very least it's worth listening to him in order to infuse with his passion.

After taking some basic notions about composers and music genres, I started a YouTube safari for unknown music and composers, I am 7 years into my search already. I listened to hours of classical every day since I started. YT is a treasure trove of historical recordings, you can do comparative listening and refine your listening abilities.

There are so many composers almost nobody heard about, even professional musicians, that it's mind boggling. After all, there is a long history of classical music, hundreds of years in the making, and the level attained by Bach 300 years ago was already (and still remained to this day) cutting edge.

Imagine how interesting it would be to browse videos and papers from 300 years history of computer programming. We are overwhelmed even with the production of the last decade. Classical music has such a wonderful deep history that is endlessly entertaining.

A list of Robert Greenberg's courses is here: http://www.thegreatcourses.com/professors/robert-greenberg/

zichy 22 hours ago 0 replies      
* C3TV, the Chaos Computer Club media library with hundreds of conference talks: https://media.ccc.de

* Art of the Title, in-depth analyses of movie title sequences: http://www.artofthetitle.com

* Damn Interesting, it's damn interesting: https://www.damninteresting.com

* LEGO subreddit, do I need to say more? https://www.reddit.com/r/lego/

iamleppert 20 hours ago 0 replies      
Sam's Laser FAQ by far: http://www.repairfaq.org/sam/lasersam.htm

I could read that thing all day. It's been around forever, and it reminds me of what the Internet used to be...lots of useful content, simple layout, "hypertext". LINKS!

He's been maintaining it for years and my go-to source for anything laser related.

hawski 23 hours ago 1 reply      
List of unusual articles on Wikipedia: https://en.wikipedia.org/wiki/Wikipedia:Unusual_articles
luos 1 day ago 4 replies      
Currently my favourite time wasters are learning channels on youtube. Especially not the "weird" ones like VSauce because I think those are pretty unwatchable. I like SciShow / SciShow space even though that's borderline weird :)

My current fav is Sixty Symbols, endless very interesting videos: https://www.youtube.com/channel/UCvBqzzvUBLCs8Y7Axb-jZew

Also PBS Space Time, MinutePhysics, MinuteEarth.

heleph 23 hours ago 1 reply      
It's a little bit dated now, but the C2 wiki is a fun place to read about software development. There are quite a lot of patterns, anti-patterns, practices, rambling debates and just generally interesting ideas:http://wiki.c2.com/?DesignByCommittee
ashmud 22 hours ago 3 replies      
One of the earliest www rabbit holes I remember visiting:https://www.chroniclesofgeorge.com/

Surprised MF has not been mentioned, yet.http://www.metafilter.com/

cousin_it 2 hours ago 0 replies      
I love online fiction. Each of the following is very good and will take you many days full-time to get through.

Homestuck: http://www.mspaintadventures.com/?s=6

Worm: https://parahumans.wordpress.com/

Freeman's Mind: http://www.accursedfarms.com/movies/fm/

VLM 23 hours ago 0 replies      
I enjoy watching conference videos.


Also search youtube for conference video playlists.

I have my mythtv set up so downloaded conference videos show up as a channel just like a recording on my mythtv system, so I can just sit on the couch and watch a clojure conf or whatever just as if it were a recorded PBS program. Very convenient.

As a side issue I raided archive.org for hilarious black and white silent films of Buster Keaton who was quite a comedian about a century ago.

pinewurst 1 day ago 0 replies      

The Digital Antiquarian - a very well written running history of computer games, especially adventure-y ones from the beginning to about 1989 now.

trelliscoded 20 hours ago 1 reply      
Orion's Arm is a collaborative world building project for the far future. The articles on monopole physics and wormholes are quite detailed, and the implications of higher levels of sentience are very interesting. http://www.orionsarm.com

The SCP foundation has been mentioned, but a lot of people don't know they have a sister site. http://wanderers-library.wikidot.com

The wikipedia articles about unsolved problems in physics and emerging technologies are huge click holes for most nerds:



Reading about neolithic archaeology is way more fun than you might think. 10,000 years ago people built these huge sites with literally stone age technology, and the nature of their rituals and beliefs are mostly unknown.


Shodan is a search engine for devices on the Internet. Looking at other people's queries is a good way to get started. Every time you think, there's no way someone would connect one of those to the Internet, you find out that at least 10 people have gone and done just that. https://www.shodan.io/explore

Running an NTP server in the public pool gives you the IPv6 addresses of all kinds of whacko IoT stuff. Every once in a while p0f can't figure out a TCP/IP stack that's connecting to my server, so I connect back and there's sometimes a really weird device with an open telnet or HTTP port or something. About once a month I have to call someone to tell them that they misconfigured their firewall when they turned on NTP and I'm logged into an air conditioner on a cruise ship or another bizarre combination of thing and place that I never thought I'd ever say out loud. Browsing the logs is a never-ending source of amazement.

PSA: connecting to public NTP servers exposes you to people like me, don't do it unless you have to.

runj__ 1 day ago 2 replies      

It has links to architects and those pages in turn have links to beautiful buildings. Also the wikipedia pages of art museums tend to be awesome timesinks as well, you can click through every artist and all of their famous artworks.

livatlantis 1 day ago 0 replies      
Great question! YouTube.

I don't use YouTube at all for music recommendations/discovery but every once in a while, I'll chance upon something amazing.

A comment on an upload of Seventh Wonder's The Great Escape[0] led me my discovering Shadow Gallery's First Light[1], which I enjoyed almost as much. (Almost. SW's track, based on Henry Martinson's 'Aniara' poetic cycle is, in my opinion, at another level. Martison was awarded a Nobel prize for his work but unfortuntely commited suicide as a result of fierce criticism against this decision).

0: https://www.youtube.com/watch?v=UMjO7y-98Ak

1: https://www.youtube.com/watch?v=1-Qt1eqJ26s

daxorid 19 hours ago 1 reply      
This will not be at all well-received here, but in the interest of answering the question earnestly:


snake117 19 hours ago 0 replies      
Recently I have taken it upon myself to gain a basic understanding of philosophy and linear algebra. I found this primer book (http://www.qcc.cuny.edu/SocialSciences/ppecorino/INTRO_TEXT/...) and I try to read it when I have some free time.

For linear algebra, I have been watching this MIT OpenCourseWare lecture series taught by Gilbert Strang: https://ocw.mit.edu/courses/mathematics/18-06sc-linear-algeb...

MITOCW is a great place for anyone looking to expand on their current knowledge base and an alternative for those seeking to take a course that they did not have the opportunity to take in college.

nicklaf 18 hours ago 0 replies      
Encyclopedic, opinionated, humorous, and even quantitative guide to 20th century pop and rock, from the point of view of a Russian Linguist [1] who thinks The Beatles, The Who, The Rolling Stones, and Bob Dylan have never been topped:


[1] https://en.wikipedia.org/wiki/Georgiy_Starostin

Even if you disagree with him on details, if you have similar taste, you can basically look up any album and see which songs might be hidden gems. It's also amusing to read his take on just when a particular band began to decline in quality.

agentgt 22 hours ago 0 replies      
* Unusual religions on wikipedia particularly Scientology.

* Rogue waves (it is not that deep of a hole but for some reason I find it interesting).

* Knot theory and category theory (again not sure why).

* Social Psychology on wikipedia

* Ben Thompson's Badass blog (more for humor and a little old now. not sure if it is updated) [1]

* If you are an older mid to late 30 something like me X-Entertainment [2] used to be an awesome rabbit hole (no it is not a porn site). Sadly it is very very broken rabbit hole with collapsed tunnels all over. The author's penchant (Matt) for 80's crap ultimately succumbed to complete utter disorganization and proper backups. It is a 404 wasteland. I recommend googling "x-entertainment and he-man" (yes it is scary to google such terms but trust me)

[1]: http://www.badassoftheweek.com/list.html

[2]: http://www.x-entertainment.com/index1.html

jclem 23 hours ago 1 reply      
Ulillillia: http://www.ulillillia.us/sitemap.shtml

Useful sections include the one on tips to speed up mowing the lawn. Less useful ones focus on things like how to open soda bottles.

mathgenius 11 hours ago 0 replies      
John Baez, this weeks finds in mathematical physics [1]. He started blogging this in 1993! there's so much stuff there now. I keep finding amazing things in the TWF's, and not wanting to close my browser tabs because it's so precious. And you wouldn't believe what he can do with a bit of ascii art. Truly he is one of the heroes of the internet. (He doesn't do TWF's anymore, but there's a bunch of other places where he posts stuff.)

Try this one for starters [2]. The earlier ones are much more hardcore.

[1] http://math.ucr.edu/home/baez/twfcontents.html[2] http://math.ucr.edu/home/baez/week236.html

mpeg 23 hours ago 1 reply      
http://everything2.com is (kinda) still going strong.
genjipress 1 day ago 0 replies      
hkt 21 hours ago 0 replies      

There is always something stimulating and new in the archives, which go back years for some programmes.

Also, every episode of "Short Cuts" (available above) is usually something amazing that you've never heard of. "Resistance" and "Rivals" are both great starts.

o0-0o 1 day ago 0 replies      
WOW: http://drunkmenworkhere.org/archive

This is the rabbit hole you've been waiting for. Be warned!

tunap 1 day ago 1 reply      
damninteresting.com is where I 1st read about the Great Molasses Flood, amongst a slew of other bizarre non-fictional events & people. The wordsmiths make the bizarre accounts even more damn intetesting.

edit: link


davesque 18 hours ago 1 reply      
Reading about any mathematical topic on Wikipedia. For example,

https://en.wikipedia.org/wiki/Limit_superior_and_limit_infer...--> https://en.wikipedia.org/wiki/Partially_ordered_set--> https://en.wikipedia.org/wiki/Binary_relation--> https://en.wikipedia.org/wiki/Real_number--> https://en.wikipedia.org/wiki/Cauchy_sequence...

Even if I think I know what's being discussed in the article, there's always some interesting extra detail or alternative way of explaining things that's worth reading.

yoodenvranx 22 hours ago 3 replies      
1) There is a Wiki for almost everything you can imagine. I am pretty sure you can spend whole weekens just clicking around in some random GoT, LotR or Harry Potter wiki

1.1) My current favorite is reading about the Warhammer 40k universe: (http://warhammer40k.wikia.com/wiki/Warhammer_40k_Wiki and http://wh40k.lexicanum.com/wiki/Main_Page)

2) reddit.com is a never ending source of entertainment if you know how to use it:

2.1) Go to any sub which kind of interests you and sort either by "top" or "controversial" for "all time". "controversial of all time" is especially interesting if you apply it to subs like /r/relationships (if you are into that kind of thing).

2.2) Start with this post on interesting subs: https://www.reddit.com/r/AskReddit/comments/28il5s/what_is_a...

/r/UnsolvedMysteries and /r/AskHistorians are by far my favorite subs at the moment

2.3) /r/ThreadKillers/, /r/DepthHub/, /r/goodlongposts/ are also a good sources of interesting posts

3) If you are into DIY, building boats, woodworking, metal lathes, surface grinding, scraping, and stuff like that, then you will and endless supply of videos on YouTube.

/r/ArtisanVideos is a good source for interesting videos. If you want to find your own content you should have a look at this list: https://www.reddit.com/r/ArtisanVideos/comments/3v264a/meta_...

My favorite channels are This Old Tony (his newer videos are incredibly well made and very funny if you like dry humor. Check out his video on how to cut threads on a lathe https://www.youtube.com/watch?v=Lb_BURLuI70), Abom79, Clickspring, Keith Rucker, Keith Fenner, Stefan Gotteswinter, Walter Sorrells, ...

4) Reading trip reports on https://www.erowid.org/ is also a good way to waste a lot of time

pault 23 hours ago 1 reply      
Atomic Rockets by a wide margin: http://www.projectrho.com/public_html/rocket/
zerognowl 23 hours ago 1 reply      
Permanently opened: https://pinboard.in/recent/
mcfrankline 21 hours ago 0 replies      
All of this http://www.bofh.net/

Bastard Operator from Hell

twic 16 hours ago 0 replies      
http://unicode.org/charts/ - leads you off into reading about languages, writing systems, the history of civilisation, obscure technical fields, medieval typesetting, that sort of thing
stygiansonic 9 hours ago 0 replies      
I know it's weird, but I enjoy reading the court motions from bankruptcy proceedings. You can actually learn a lot about corporate structure this way.

Of particular interest was the bankruptcy of Target Canada:https://www.alvarezandmarsal.com/target-canada-co-et-al/moti...

The affidavit of Mark Wong, then General Counsel for Target Canada, in support of the filing, provides a lot of insight into how a large corporation would structure their business endeavour into another country:https://www.alvarezandmarsal.com/sites/default/files/Affidav...

tsunamifury 20 hours ago 1 reply      

This is a very under-the-radar organization funded by the whos-who of Silicon Valley. See the "Billionares Dinner" they host yearly in Napa.

They have great resources such as Philip Tetlock x Daniel Khanmen Superforcasting mini-course and thorough discussions by great thinkings around tech and ethics.

b34r 11 hours ago 0 replies      
http://www.exitmundi.nl/ - a collection of end-of-world scenarios
manoj_venkat92 23 hours ago 1 reply      

The title truly says "A meaningful inventory of Life".

I get lost in the labryinths in that blog covering science, philosophy, literature & art.

k_vi 2 hours ago 0 replies      
This is deep, never gets boring - http://textfiles.com/
jamez 5 hours ago 0 replies      
Like many others, my productivity has suffered since Wikipedia became a thing. You may consider me a wiki-binger. I even made a simple webapp to curb my addiction: http://www.wikibinge.com/Still haven't come out of the rabbit hole.
ckozlowski 19 hours ago 0 replies      
AirVectors is one of my favorite reads; containing well researched, highly detailed articles on aircraft. He updates once a month. The list is immense.


Gmo 22 hours ago 0 replies      
I lost countless hours reading the archives of The Internet Oracle : https://en.wikipedia.org/wiki/Internet_Oracle

I'm actually wary of woodchucks because of that now :D

mindcrime 22 hours ago 0 replies      
Very recently I've spent a lot of time on ai.stackexchange.com and electronics.stackexchange.com, so I guess both of those are in contention.

Even more recently, I've been indulging some nostalgia related to my time as a firefighter by spending a lot of time on Youtube looking at videos of structure fires from around the world. It's kind of addictive to play "arm chair incident commander" and sit there going "why'd they stretch a 1-3/4" line instead of a 2-1/2?" or "why didn't the first in engine lay their own supply line" or "why aren't they using elevated master streams here", etc., etc., etc.

niftich 21 hours ago 0 replies      
Scrolling to random places on Google Earth


hazeii 1 day ago 0 replies      
The one I'm currently in.
carole1 1 day ago 1 reply      
What is a rabbit hole? Is it just an interesting site to waste time on?
Natsu 13 hours ago 0 replies      

There's a lot of stuff going around and some of it seems like wild conspiracy nonsense, but the more you dig into it, the more entertaining it gets.

Broken_Hippo 16 hours ago 0 replies      
I think I can safely pack myself away at home for a good, long while after reading this list.. and I'm gonna add to it.

First off: No Such Thing as a Fish: https://www.youtube.com/watch?v=TO6_PRaY3aY Or the podcast: http://qi.com/podcast

I have an interest in historical cooking. This one I've spent hours watching, despite the occasional advertising:https://www.youtube.com/user/jastownsendandson/featured

World of Batshit - and other stuff by the same author - got me through a bit and I occasionally pass it onto others. https://www.youtube.com/playlist?list=PLmWeueTF8l819bt3sC72s...

alyandon 23 hours ago 0 replies      
For me, it's any page related to astronomy on Wikipedia.
unimpressive 17 hours ago 0 replies      
Pokemon glitches are an incredibly interesting rabbit hole. They provide a good mix of video games and low level programming goodness:



These two channels together will give you everything you need to get started and document close to every known glitch in the pokemon games. Well that and perhaps TRRoses old website for background on what exactly is going on in these videos, but that got taken down. Bulbapedia probably still has what you need though:


A favorite example of mine:


MrBra 10 hours ago 0 replies      
Ok, now I have +20 tabs open and I'm only halfway through the comments.We know how most of the times we are compelled to read everything in a page until the end, but we also know how much does this attitude costs to us.

So from now on I will stop reading and only take in consideration those links who will be posted in response of this comment, if any. Let's see if magic, or coincidence, works!

I advise you to do the same! (If only we could come up with an acronym for this thing!)

isomorph 17 hours ago 0 replies      
This website of Death Row information, including chilling last words...


Similar: http://www.goodbyewarden.com/#214

fenchurchh 20 hours ago 0 replies      
gwern. He hits the sweet spot and all topics are worth reading.http://www.gwern.net/
agumonkey 20 hours ago 1 reply      
Used to be c2.com. Oh it's been back up, a bit different though.


unhammer 7 hours ago 0 replies      
Github is the new Wikipedia for me. I recently ended up reading about https://github.com/maandree/ponypipe via the repo of some obscure window manager that I've already forgotten about etc.
subjectsigma 20 hours ago 0 replies      
Something in a much different vein than other sites posted:

http://drtenge.com (NSFW)

This is a Tumblr blog going back years of extremely disturbing medical imagery and art of the same style. Oftentimes there's almost no context given to the pictures other than a name of the author or a title which makes them that much weirder. The images also tend to be associated with fascism or BSDM. I've spent at least a few hours trying to find more about some of the pictures because they were just too weird to go without explanation. The guy has one post about how he really values quality and obscurity in his images and nothing else; no explanation as to who he is or why he collects such horrible and terrifying art. I've always wanted to email him and ask what the hell is going on but I'm kind of scared to know.

Obviously don't click on the link if you do not like gore.

ed_blackburn 19 hours ago 1 reply      
Wards' Wiki: http://wiki.c2.com/
failrate 23 hours ago 0 replies      
Pagat.com: someone attempting an exhaustive list of card game rules and variants (typically played with traditional decks, so no Magic the Gathering).
arethuza 18 hours ago 0 replies      
"The Geograph Britain and Ireland project aims to collect geographically representative photographs and information for every square kilometre of Great Britain and Ireland"


crisnoble 18 hours ago 0 replies      
MixesDB: A crude but detailed wiki of (mostly electronic music) live mixes and radio show archives: http://www.mixesdb.com/w/Main_Page, what sets it apart is the track listings.
topspin 16 hours ago 0 replies      
Sometimes I read a few months worth of NRC (Nuclear Regulatory Commission) event reports.


Patients given excessive doses of radiation. Lost and stolen troxler gauges and their recovery (or not.) Reactor SCRAMS and their various causes, artfully downplayed with technical jargon. Drunken contractors escorted off reactor sites. 30 year old flaws discovered in power reactors.

Someone's got to read this stuff...

azaydak 21 hours ago 0 replies      
I spent lots of time reading this and following the linked pages while in graduate school. I learned a lot but it didn't help graduation to come any quicker. https://en.wikipedia.org/wiki/List_of_paradoxes
mr_pink 17 hours ago 0 replies      
Discovering new human and bot algorithmic artists on twitter by searching for #generated:


tomphoolery 13 hours ago 1 reply      
The start of World War II, how Adolf Hitler came to power in the Weimar Republic, why the Nazis gained power and what motivated them to do what they did. I'm especially interested in the "unknowing participants" of the Nazi regime, like Wernher von Braun and Albert Speer. People who basically bought in to the ideal of a better German world and didn't really consider what that might cost in money, lives, and culture.
msnangersme 12 hours ago 0 replies      

Reddit, Hacker News and more in one readable page.

donretag 22 hours ago 0 replies      
Russian dash cams on Youtube.

Simple. Effective.

jimmaswell 23 hours ago 0 replies      

Some games have a ton of unused content left in them

gelstudios 17 hours ago 0 replies      

Stories about the development of the original Macintosh.

So many gems in this collection, they get submitted to HN from time to time.

adrinavarro 16 hours ago 0 replies      
I do enjoy spending long amounts of time browsing the archive of WBW: http://waitbutwhy.com/
maverick_iceman 7 hours ago 0 replies      
I have been spending way too much time learning about nuclear propulsion of spaceships. Reading a lot about Project Orion, Dedalus, fission fragment rockets etc.
Tiktaalik 19 hours ago 0 replies      
If you want to peek into some obscure video games and history HardcoreGaming101 is a good entry point. http://www.hardcoregaming101.net
gnarbarian 18 hours ago 0 replies      
Mythology on wikipedia. Pick a category and you can get lost for days:


I also love watching philosophy videos on youtube.


I also highly recommend BBCs "In Our Time" series. Quality broadcasting covering innumerable subjects about history and philosophy.

salzig 19 hours ago 0 replies      
Starting today -> this post on hackernews: https://news.ycombinator.com/item?id=12778836
manigandham 10 hours ago 0 replies      
Quora - start with something interesting on the newsfeed and just follow recommended articles from there.

UI/UX is terrible now compared to early days but I can still get lost with hours of learning from some incredible writers.

maartennn 5 hours ago 0 replies      
One of my golden nuggets from ~15 years ago:60x 1.comhttp://11111111111111111111111111111111111111111111111111111...

You can click thru 60 times!

nicklaf 15 hours ago 0 replies      
"How the brain wires itself up during development, how the end result can vary in different people and what happens when it goes wrong": http://www.wiringthebrain.com/

Very good at exploding conflations and weakly argued conclusions by those who would popularize and construe results in neuroscience.

zby 21 hours ago 0 replies      
I have a feeling that it will be this thread!
edem 8 hours ago 0 replies      
I'm surprised that no one mentioned wait but why yet: http://waitbutwhy.com
kasperset 12 hours ago 0 replies      
Browsing http://www.espncricinfo.com to read player profiles and then clicking on their first played games and then clicking on different player profiles and repeat.
zgniatacz 1 day ago 0 replies      
deutronium 19 hours ago 0 replies      
http://www.halfbakery.com/ -- Awesome collection of people's ideas
narrator 16 hours ago 0 replies      
http://www.pubmed.com .

Search anything medical. Don't know what a word means? Look it up on wikipedia... recursively. Read cited studies. Read studies that cite studies. You could spend the rest of your life reading this stuff. I've been doing it for years.

pvitz 19 hours ago 0 replies      

Many old things, but most ideas are timeless.

b3b0p 20 hours ago 0 replies      
The Giant Bomb [0] and if you are a premium member [1] it's even better. There are hours of timeless premium only videos and podcasts. If you like video games at all or have any interest in video games it's worth every penny and second invested.

[0] http://www.giantbomb.com

[1] http://www.giantbomb.com/upgrade/

shp0ngle 21 hours ago 0 replies      
mikevp 16 hours ago 0 replies      
The Lawdog Files http://thelawdogfiles.blogspot.com/

Some's opinion, for which YMMV, but some of the stories... Like the one where he served a warrant on a meth lab while wearing a pink gorilla suit. I nearly suffocated laughing.

dates 17 hours ago 0 replies      
Wikipedia goes on and on and on and on. Here is a good facebook group with pointers to interesting pages I may not have found otherwise:https://www.facebook.com/groups/coolfreakswikipediaclub/
zynthax 3 hours ago 0 replies      
earleybird 18 hours ago 0 replies      
Olegs tarpit: http://okmij.org/ftp/
numeromancer 19 hours ago 0 replies      
paradite 22 hours ago 1 reply      
unoti 22 hours ago 0 replies      
My favorite from an information perspective is The Great Leap Forward (https://en.m.wikipedia.org/wiki/Great_Leap_Forward).

Another honorable mention is that I've been having a great time learning about AI techniques competing at codingame.com. It's something that's easy to get into, and hard to leave, for me.

stinkytaco 21 hours ago 0 replies      
http://www.edge.org is up and down, but mostly up.

Reddit can be, depending on your community.

But I miss Kuro5hin.

djfryer 19 hours ago 0 replies      
Data Elixir - Definitely! http://dataelixir.com
tjbarbour 20 hours ago 0 replies      

The most remote inhabited island with a strange history with a few founding families, an exodus because of a volcano, an isolated economy/society and research into asthma as a genetic condition

anigbrowl 20 hours ago 0 replies      
p4rsec 14 hours ago 0 replies      
I have a favorite subreddit: www.reddit.com/r/talesfromtechsupport

Fun to just peruse the stories and spend an hour or two reading. Some of them leave you shaking your head, others leave you feeling warm and fuzzy. And yet others make you want to defenestrate printers... Who knew how much fun* people had in tech support and IT?

*sarcasm for effect

Also enjoy reading the Bastard Operator from Hell stories: http://bofh.bjash.com/

VonGuard 17 hours ago 0 replies      
Gallery of US Nuclear tests. Lots of info at this site, beyond just American tests.


draw_down 23 hours ago 0 replies      
The Last Psychiatrist, http://thelastpsychiatrist.com . Excellent insights into the ways we lie to ourselves, how we react to the media, and how society operates.

I also love ribbonfarm, previously mentioned in the thread.

personlurking 1 day ago 0 replies      
I don't have a favorite rabbit hole but rather I've developed a link-hopping habit that pretty consistently leads down the rabbit hole. Basically, while looking at a site/article that interests me, I usually end up doing a separate search for any concepts or organizations mentioned, then seeing what they have to offer. Rinse and repeat.
seizethecheese 21 hours ago 0 replies      
AskReddit's top all time threads. Less intellectual, but very entertaining. Some of these have incredible human stories.


drewlanenga 17 hours ago 0 replies      
wbhart 20 hours ago 1 reply      

It's a puzzle solving website. It isn't updated very regularly nowadays, but all the old "Theorems" are still there.

minimaxir 22 hours ago 0 replies      
donaldihunter 16 hours ago 0 replies      
stephenhandley 14 hours ago 1 reply      
stephenhandley 14 hours ago 0 replies      
larvaetron 23 hours ago 0 replies      
The Cutting Room Floor: http://tcrf.net
danharaj 23 hours ago 0 replies      

The nlab is a remarkable mathematical resource open to everyone. I've been using it to contextualize my mathematical learning since I was an undergraduate.

sidthekidder 20 hours ago 0 replies      
Always good to keep the endgame of humanity in mind: https://en.wikipedia.org/wiki/Kardashev_scale
jmspring 20 hours ago 0 replies      
This is one of mine. I'm into history, in particular local and western history.


bluebeard 21 hours ago 0 replies      
Speaking of alternative world views and world building... I recently fell into a Wikipedia hole reading about the Islamic view of Angels, King Solomon and how he bent 72 demons to his will, Renaissance magic, and Hoodoo.

It gets weird.

Dowwie 14 hours ago 0 replies      
Social science research Network: http://www.ssrn.com
fosco 21 hours ago 0 replies      
Did not want to duplicate others but here is one I did not see on anyones list.

https://mindhacks.com/ -- Neuroscience and psychology news and views.

arcaster 17 hours ago 0 replies      
/r/datahoarder and /r/controllablewebcams
hossbeast 19 hours ago 0 replies      
The (very long) Wikipedia article, "The Universe".


rhapsodic 18 hours ago 0 replies      
http://www.shorpy.com - Old B&W photographs from the Library of Congress research archive.
DanBC 21 hours ago 0 replies      
Here's a database of children's books that have won awards. http://www.dawcl.com/

It's an amazing compilation.

lexhaynes 20 hours ago 0 replies      
I'm very interested in health and fitness and often lose hours at Mark's Daily Apple (primal lifestyle and health blog): http://www.marksdailyapple.com/tag/dear-mark/

The Getting Stronger blog is another wonderful health and fitness blog which focuses on training the mind to thrive in difficult conditions, though it has really amazing insights on diet and training as well: http://gettingstronger.org/about-this-blog/

acdanger 21 hours ago 0 replies      
https://gcaptain.com/ A maritime news site. Fascinating subject matter and the occasional naval disaster video.
vincentbarr 1 day ago 0 replies      
keithpeter 18 hours ago 0 replies      

Quite nice now and again.

jturolla 22 hours ago 0 replies      
http://www.yhchang.com/ I recommend "Subject Hello" and "AH"
backtoyoujim 20 hours ago 1 reply      
do not venture into the contemporary board game landscape without several rooms to dedicated to humidity controlled shelf-space.
erickhill 23 hours ago 0 replies      

It's not high-brow by any stretch, but is's a great time waster.

mathw 1 day ago 0 replies      
TV Tropes.

Just don't go there.

exolymph 1 day ago 0 replies      
slatestarcodex.com, I haven't nearly read all the archives and I'm always running into links to Scott's work
b34r 11 hours ago 0 replies      
The Wikipedia random article button.
easymuffin 20 hours ago 1 reply      
edem 18 hours ago 0 replies      
Dwarf Fortress Reddit.
ktkization 9 hours ago 0 replies      
Being obsessed with the MBTI personality theory for months
ktkization 9 hours ago 0 replies      
Being obsessed by the MBTI personality theory for months
mmaunder 12 hours ago 0 replies      
spy.org. Nothing there. Never has been since the 90s. It's intriguing.
sahoo 20 hours ago 0 replies      
Youtube, till I end in the weird side of youtube.
rabboRubble 18 hours ago 0 replies      
Hacker News?
int0x80 16 hours ago 0 replies      
Right now, this thread!!
Mandarinas 17 hours ago 0 replies      
I'm sorry but it tempted me, my rabbit hole is: xvideos.com
chanandler_bong 20 hours ago 0 replies      
oh god... why did I come here? Like I needed to find more rabbit holes.
ap22213 21 hours ago 0 replies      
For me, it's the History of Mathematics archive:


gprasanth 20 hours ago 1 reply      
scythe 19 hours ago 0 replies      
If you start looking up everything you eat on http://ndb.nal.usda.gov/, you know it's gone too far.
agumonkey 19 hours ago 1 reply      

ps: sci-hub too

cooper12 20 hours ago 0 replies      
I'd add https://publicdomainreview.org/ which I've found to have a large variety of topics covered. I could also spend ages looking through http://www.textfiles.com. Lastly, https://monoskop.org/Monoskop, "a wiki for collaborative studies of the arts, media and humanities."
Kenji 23 hours ago 1 reply      
a wave of molasses rushed through the streets at an estimated 35 miles per hour (56 kilometers per hour)

Now, you wouldn't call that slow as molasses.

msldiarra 19 hours ago 0 replies      
Exposing high-end poker cheating devices elie.net
630 points by revicon  2 days ago   140 comments top 25
Animats 2 days ago 1 reply      
The casino industry knew all about this in 2014.[1]

"Right now there is some scary technology coming out of China that incorporates IR marked cards, concealed cameras and computer analyzers. Combined to create a high-tech card marking system, I must say that this device could do for cheats what silicon did for the cosmetic surgery business. The devices are being marketed as poker analyzers."

"The technology works like this. The long edge of every card in the deck is marked with an invisible IR marking. Each mark identifies an individual card. In collusion with a poker dealer, the special marked deck is swapped into play. The player sits opposite the dealer on the table. He positions a concealed camera on the table (usually disguised as a cell phone). The camera has an IR lens that is used to transmit an image of the edge of the deck of cards to a small computer located in a smart phone (the poker analyzer) in his pocket. The image is transmitted during the period after the dealer has shuffled the cards and the deck is resting in front of the dealer before cards are dealt to the players. The IR snapshot of the cards looks like a barcode. The poker analyzer identifies every card in the order that they will be dealt to the players in less than a second. A computer-generated voice message is sent to the player via a Bluetooth mini earpiece communicating the rankings of all the hands on the table."

And the countermeasures:

"Most surveillance cameras, in their natural state, actually have infrared viewing capabilities. The problem is the picture is not so good, so manufacturers add a cut filter over the CCD chip to block out infrared light.... A number of major surveillance camera systems provide end users the ability to remotely change the IR status of the camera via the operators keyboard. This allows the operator who suspects someone is marking cards at a table to use a PTZ camera assigned to the table to switch to IR mode so the cards can be checked live on the game. If you currently dont have this feature, speak to your manufacturer."

[1] http://ggbmagazine.com/issue/vol-13-no-2-february-2014/artic...

drited 2 days ago 2 replies      
An interesting bit of computer history trivia is that Claude Shannon co-invented the first wearable computer with Ed Thorp to beat roulette in Vegas in 1961. It used a button in the shoe as an input device for the user to record the speed and location of the ball which was used to infer the likely ending location using orbital decay algorithms. An auditory signal was then sent by wire to an earpiece to let the user know where to place bets (it wasn't pinpoint accurate - the user would bet on 8 numbers which still gave him a positive expected value).

The story around that is really fun, recounted in this paper: https://www.cs.virginia.edu/~evans/thorp.pdf

Versions of the same device from this century use lasers to get a more accurate read on the ball's location, with one group using the system to net 1m from London's Casinos: http://news.bbc.co.uk/2/hi/uk_news/4069629.stm

Thorp was also involved in developing the Blackjack system that was showcased in the film 21 and later ran a hedge fund, details on which were recounted in his interview for this book https://www.amazon.com/Hedge-Fund-Market-Wizards-Winning/dp/.... Very interesting guy.

ctvo 2 days ago 4 replies      
I haven't been to a casino that allows a phone on the table in ages, especially in Asia. Not only that, but most decks are tightly controlled in reputable casinos.

This is more for backroom games (which are still lucrative), but get caught cheating in those and you'll regret it quickly.

daenz 2 days ago 1 reply      
If I bought a device like this, with the clear amount of skill and effort that went into its functions, I would never plug it into a computer, ever.
paulsutter 2 days ago 1 reply      
TL/DR: phone-like device for reading specially marked cards using infrared
dasil003 2 days ago 5 replies      
The article says this device is used to cheat in Vegas, but I don't see how that would be possible since you have to bring your own cards. It's hard to imagine casinos colluding on this, so I guess they're talking about private games that happen to be in Vegas?
Luc 2 days ago 0 replies      
The technique with the markings on the edge of the card is also used in a well known card magic routine - but using wax instead of infrared ink, so you can feel the slight differences in texture when you handle the card (though only if you're paying attention to it).

Takes quite a bit of practice, though.

asdf_jkl 2 days ago 0 replies      
This is an impressive breakdown of an even more impressive device. Realtime(ish) cheating software running on custom concealed hardware in a lookalike device? Used for scamming high rollers in private games? Color me fascinated.

I wonder how long this has been around. I would be very interested to hear from anyone who knows how long these have been available/prevalent. My apologies if this is somewhere in the video, I have not been able to watch it yet.

breitling 2 days ago 1 reply      
You could never take this into a real casino. The cameras would pickup the infrared signals. The security guys would know something is up since a regular phone doesn't do that.
pjc50 2 days ago 3 replies      
Previously, decades ago, the state of the art in roulette cheating: https://www.amazon.co.uk/Newtonian-Casino-Penguin-Press-Scie...
fencepost 2 days ago 1 reply      
This seems like it'd be mostly used in private games, of which I'm sure there are a huge number. Many of those are probably also going to be pretty high stakes, and if someone loses a bunch they may not be inclined to go to authorities and claim cheating - if said authorities would do anything anyways. ("Awww, you lost your money in an off the books backroom private game? Perhaps next time you'd like to try one of our fine professionally run casinos.").

I suspect that most casinos are set up with surveillance designed to catch point source IR LED illumination these days.

soheil 2 days ago 0 replies      
Before reading this entire post (fairly long) a quick note, this only works with specially marked decks not just any deck of cards.
daodedickinson 2 days ago 3 replies      
Hmm with an incredible enough camera you theoretically ought to be able to see and then memorize idiosyncracies per card with any deck and then take it to Vegas at any table. I'd say its possible now, although too slow and expensive and obviously seeing the same card as the same card from every side is the hardest part. The camera and light would probably be a fair amount larger, too.
blhack 2 days ago 1 reply      
How do people find these "underground forums" and things like that? This fascinates me so much.
Vexs 2 days ago 1 reply      
I heard something some time ago about casinos marking their cards with rfid chips to avoid cheating. I wonder if you could make something to read those RFID chips.
exabrial 2 days ago 1 reply      
I can't believe the manufacturer agreed to send them the device! Pretty amazing technology.
at-fates-hands 2 days ago 1 reply      
I think it would be easier to count cards then to rely on something like this. Sure, you're still working with odds, but then you don't have a device and marked cards which limits your exposure to having something horrible happen to you in some back room game.
netman21 2 days ago 0 replies      
Why not just OCR the faces of any deck with a side reading camera like the ones used for archival purposes to digitize really old books?
Magnets 2 days ago 0 replies      
What's the range on that camera? I can't imagine it's more than 20-30 cm
majortennis 1 day ago 0 replies      
TL;DR tampered deck.
harigov 2 days ago 2 replies      
Why would you specifically mention "Chinese made" in the title? The actual article has a different title. Also, why does the fact that this device is made in China says anything about the device itself?
georgiecasey 2 days ago 0 replies      
i presume this would be about the online poker bots taking over the low level stake tables
daodedickinson 2 days ago 0 replies      
I'd wager the engineers behind this have thought a lot about voting machines, except I'd bet they'd find a way to cheat me out of both of these gambles.
manav 2 days ago 7 replies      
This is pretty silly. No casinos or card rooms let you have a phone/device at the table.

That aside, you need to have a special marked deck. People have tried something similar with flourescent ink and special glasses. I think professional shuffling devices have some kind of built in blacklight check now for this. IR is a bit better since its harder to detect without a camera. You would still need to have a tub of ink and manually mark the cards though.

You'd basically need to have the dealer in on it, and if that is the case you don't really need the device at all.

A more interesting method from a few decades ago that actually worked was "edge sorting". Because of printing/cutting one could determine certain cards. http://deadspin.com/how-phil-ivey-beat-or-maybe-cheated-a-ca...

midgetjones 2 days ago 2 replies      
Why is everyone treating this like it's real?

Isn't this sort of overly-long, overly-detailed, yet still totally vague blog post just a clever way to get people to transfer $2000 via Western Union to a stranger?

Why we chose Vue.js gitlab.com
630 points by rmason  4 days ago   271 comments top 55
gregmac 4 days ago 9 replies      
I do very little web these days, mostly working on backend data processing, network I/O and distributed comms.

A bit over a year ago, I wanted a real-time web UI to visualize some of the data I had on server-side, which I was trying to do using SignalR. I went back through some of the popular frameworks, with a pretty simple mindset of "Can I read the 'getting started', and get something basic working in about 15 minutes?".

I ended up choosing Vue, mainly because it used simple objects for models and I could literally just pass stuff I got from SignalR directly into it and have it show up. Almost everything else I tried had some type of wrapper/proxy around the data, which meant you had to run through some mapping exercise to get models working. I was close to deciding on Mithril, but when I found vue it just clicked with me way more. I actually really wanted to do React, but Vue was just so much more approachable that I couldn't justify spending the extra time learning React.

The real test however came months later, when I went to modify and add more functionality to my simple debug UI. I was able to pick it up nearly instantly, and even made some fairly substantial changes.

Contrast to my experience with say, Ember. We have a big app written in Ember, and every time I try to do even what I think should be a simple change (after not touching it for months), it takes me 5 times longer than I thought, and I end up spending most of the time fighting with it before realizing I forgot one of the 5 places you have to modify to reference an additional dependency, or some other equally trivial but infuriating detail.

You can learn the basics of Vue in minutes, and be quite adept within hours of it. That's something not a lot of frameworks can claim, and it's a seriously underrated benefit.

anonyfox 4 days ago 6 replies      
As someone who went through the complete frontend hype-trains (jquery, backbone, angular, ember, react, all in production): Vue.js 2.0 with single file components is exactly what everyone looks for desperately.

- performance: faster than react now

- learning curve: a few hours from scratch

- getting started: cli-tool for initial scaffold & configuration

- components: simple .vue files with a <template/>, <script/> and <style/>. Super easy to get going, no need for JSX

- "official" packages for routing, ajax and state management. No wasting of days for choosing every tiny package for days

- vuex 2.0 is one of the cleanest flux implementation i've seen in the last year

... and much more. Give it a try with the full webpack template of the cli tool!

49531 4 days ago 5 replies      
I actually interviewed with Jacob Schatz when he was trying to figure out which frontend framework to use for GitLab. I had been working in React for the last year or so which was apparent on my resume.

He prefaced our interview with something to the effect of "I know you do a lot of React but we are not going to ever use React at GitLab"

It was weird. I tried to ascertain his reasoning and pretty much all I got was "just because it's popular doesn't mean it's good".

Regardless I think GitLab is an awesome company, I just got the feeling Jacob wanted to use Vue.js because it wasn't the most popular choice. \_()_/

kentor 4 days ago 4 replies      
After using React, I am firmly in the #nevertemplates camp. I don't ever want to learn a template DSL again when I could be using the full power of javascript.
linkmotif 4 days ago 1 reply      
The thing I like about React is that I don't have to think about the DOM. As soon as I see "el: #id" it's basically over for me. I don't want to think about DOM elements, or at least minimize my exposure to them.

And it's not just that I don't like to think about the browser DOM. It's that I don't want my UI coupled to the DOM. Obviously your UI will be coupled to the DOM to some extent, but React minimizes that. What I love about React is not just `react-dom` but also, say, `react-canvas`, or that you can apply the same principles and work with React Native.

But hey, the more software libs to play with and choose from, the merrier! Cheers!

PS. Relay/GraphQL...

y0ghur7_xxx 4 days ago 2 replies      
I am more and more of the opinion that you should NOT use a js framework for long term projects (that span more than a few years), but just use vanilla js with some libraries that you can easily switch when something better comes out.Vue.js is here today, and it is nice, but tomorrow gintzx.js comes out, and the community will be flabbergasted and everyone will use it and vue.js will slowly die.Making big complex webapps with just some libs is absolutely possible. Just choose them wisely and make a good directory structure.
megalomanu 4 days ago 2 replies      
As a primarly backend dev, I'm very comfortable with React and I don't particularly want to switch to Vue.js. React says me : learn the HTML basics and then deal with abstractions (proof: React Native !). Vue.js says me : deal with HTML templates, everytime, everywhere. Although we even end to deal with HTML in React, I think it's easier for a backend dev with no front experience at all to grasp it. I showed React to a old java dev and he said that React reminded him some java web frameworks like Wicket or JSF. I guess Vue.js would have scared him.
Kiro 4 days ago 5 replies      
Ok, so I've built stuff in Vue.js, React and Angular and I need to understand all the rage. I mean, Vue.js is just like Angular but with less features? I like that it's slimmer, don't get me wrong, but I just don't understand the "woah, Vue.js is the shit!" when we've had Angular for so long.

I put this in contrast to React where it's a completely new concept.

greyskull 4 days ago 6 replies      
There's something that irks me about incorporating logic into templates. UI development is hard enough without having to bounce between js and templates to figure out how a component is actually going to behave. I haven't used Vue or React, so this is all just my gut speaking, but at least with React all the logic is there in front of you.

In my mind, if there's a loop or a conditional or whatever piece of logic that decides what will actually show up, that should happen where the underlying data/models is actually built, and whatever acts as the view just spits it into place.

I'm still a scrub when it comes to web and UI development, so I may be speaking out of inexperience.

Am I missing something?

agentgt 3 days ago 1 reply      
A long time ago (7-10 years ago) Web 2.0 was the craze. It was the beginning of making interactive web applications.

There were few major players that were even backed by companies: Dojo, Prototype, GWT, (and like 4 more that I can't remember).

These libraries were complicated and were generally component based with their own flair of inheritance. You could not iteratively enhance your existing web 1.0 app. You had to throw it out and start over again (the markup and all).

Then along came jQuery and I remember distinctly saying to myself this is the library because I can progressively/iteratively add it to our existing crap (circa 2006-10). I still pat myself on the back on being right about that library being successful (I actually forced a previous employer to use jQuery over GWT and Dojo).

Progressive enhancement is a great marketing point so maybe Vue.js will pull a jQuery :)

Personally I want Elm to take off but it doesn't really reuse existing knowledge.

wadetandy 4 days ago 1 reply      
I know that Gitlab is written in pretty traditional Rails' style and takes advantage of turbolinks. Did you run into any difficulties adding a framework that likes to "own the page" like most single page app frameworks do? I've found these can often end up fighting with turbolinks and similar libraries.
octref 4 days ago 2 replies      
To me Vue is a great tool for side projects. In React I found myself struggling to figure out what libs to use and keep myself up to date with them. I also hated configuring webpack. With Vue, I have officially supported libraries like vuex and vue-router which work great with Vue out of the box. vue-cli also allows me to scaffold projects with these libraries very easily.

But the thing I like most about Vue is it allows me, who identifies as a front-end dev or design-coding hybrid, to quickly iterate and build prototypes. Look at the single file component:

 <template> <div id="list"> <li></li> <li></li> </div> </template> <script> export default { // Define your component } </script> <style scoped> #list { list-style: none } </style>
I can quickly edit the template to alter my component's DOM structure, style it with scoped css, and change its dynamic behavior in the script tag. Like the suite of Jade/Coffee/Stylus? Adding a lang attribute to each tag and you are good to go. Awesome stuff.

teniutza 4 days ago 2 replies      
The company I work for has an app built with Angular 1.x (the backend is .NET). We started sensing that Angular was not best choice, especially when working with 3rd party components. There are other factors to, but they have been already mentioned in other comments. Long story short, we had enough of wrapping everything in $timeout and started looking at alternatives.

After some consideration, we were left with choosing between Vue.js and React. Coming from Angular the biggest plus was two-way-binding, Vue.js had a slight advantage. We then converted a "module" (not in JS jargon) using both frameworks.

In our experience, when switching from Angular 1.x to Vue.js, there's a sense of not changing much (we were still "declaring" logic in the templates) but nonetheless doing things better, simpler and faster. The React version needed a bit more time investment (we had no prior experience in our team; a colleague from another project helped us a bit by showing us how he implemented a project using React). In the end we chose React due to the wonderful combination between it and TypeScript. We suddenly had no more string templates and refactoring was a breeze (there are, of course other benefits as well).

What I'm trying to say is that, if you have Angular 1.x experience it's easier to switch Vue. I had fun porting the "module" to Vue and would have happily worked with it if the team had not chosen React. I consider "mixins" to be one of its killer features (would have made a lot of things easier with our app). Having said that, I don't consider React that hard to grasp and don't regret that the team picket it over Vue. As long as you remember the lifecycle, programming with it can be fun and easy. The React/TypeScript combination compensates for the lack of mixins and two-way-binding (I know, MobX, but I'm talking about the "vanilla" versions).

skc 4 days ago 2 replies      
I hate web dev.

Yet I'm loving the experience of working with VueJS. I think alot of people feel this way. The library is just that simple and straightforward.

whataretensors 4 days ago 0 replies      
Vue-cli is great too. It just works, creates a really well thought out initial project that can build to a single static html/js/css. Or, it can be turned into a typical express app easily. This makes Vue.js combine well with serverless.
antarrah 4 days ago 3 replies      
> He pointed out that when a major software company releases a their secret sauce, there is going to be hype. Devs think to themselves,'That company writes JS differently than me, and they are prominent and successful. Is their way of writing JS better than mine? And therefore must I adopt it?'

Ahaha. No, believe me I'll not. That's ironic coming from GitLab. I mean I love that company but their front-end sucks big time and it's slow as a snail.

nodesocket 4 days ago 4 replies      
I as well gravitate toward Vue.js for its simplicity, but I wonder if React's mind share and community size "trump" simplicity. For example, if you're hiring for a front-end position, you'll probably get more candidates familiar and experts in React over Vue.js.
kimshibal 4 days ago 1 reply      
Vue.js is the most beginner friendly to write a complex web application.
stop1234 4 days ago 0 replies      
So true:

' I talk to a lot of JavaScript devs and I find it really interesting that the ones who spend the most time in Angular tend to not know JavaScript nearly as well. I don't want that to be me or our devs. Why should we write "not JavaScript?" '

mhd 4 days ago 1 reply      
Just pick something, internet and build a good structure on top of it. All this jquery-level bikeshedding is nice for your ad widgets and minimalistic web apps, but it won't help me replace proper GUI toolkits. And sadly, that seems to be in demand...

I'll cope with your ill-designed template language (heck, if I can cope with HTML, I can cope with anything) or your JS async abstraction du jour (promises, async await, that * crap), just give me something on the level of Tk or Swing. I feel like all we got in the last decade beyond e.g. Seaside is a bit less flicker and some more useless animations (looking at you, Material Design buttons).

techbubble 4 days ago 0 replies      
Vue.js seems like a great fit between the DOM manipulation of jQuery and the opinionated approach of AngularJS. Thanks for sharing. Going to experiment with Vue.js right away.
Abundnce10 3 days ago 0 replies      
I'm in the process of learning React, so I don't have any strong opinions of my own yet. I've read through the Vue.js "Getting Started" docs and it does look very intuitive/simply. However, what motivates me to learn React is the fact that I can build an app once and then use React Native to create an iOS and Android app. I'm assuming this isn't a requirement for Jacob and the Gitlab team but I'm wondering if his decision would be the same if he had to support native apps as well?
pjungwir 4 days ago 1 reply      
Can anyone compare Vue with Knockout? In the early days of Angular etc I saw a lot of people saying they chose Knockout, and were much happier than with one of the heavier frameworks. I found its simplicity very appealing too, but it seems clear now that it's not a mainstream choice. It feels to me like a dead end. The last time I looked (a year ago?) the semi-official data mapping extension had lost its maintainer. So is Vue another shot at the same approach? What are the important differences?
aarpmcgee 4 days ago 2 replies      
Are any companies switching from React to Vue? I'd be interested in hearing about that.
ausjke 4 days ago 1 reply      
Same here, using Vuejs, glad more people are using it.

It's amazing that a one-person-project(well, it's more than one person now but the core part is really just one guy) can develop such a beautiful system that actually feel better than angular2 and reactjs and who knows how many are behind those two projects.

fczuardi 1 day ago 0 replies      
I like the ideas of the choo framework https://github.com/yoshuawuyts/choo it's very close to vanilla js, which makes it less of a lock-in, while still bringing lessons learned and practices from redux/elm-architecture.

I am currently using it (the 4.0 branch) in a project and enjoying it.

jbrooksuk 4 days ago 0 replies      
Side-project wise, we use Vue on StyleCI (https://styleci.io) and over the next few months we'll also be using it on Cachet (https://cachethq.io).

My experience started at work where we used it on an internal project. The ease of use was insane, we had something reactive and easy to work on in no more than 10 minutes. React has always had too big of a learning curve for us, so it'd have been a vanilla JS/jQuery mess if we hadn't found Vue.

We're now using it on almost any project we start (they're all very UI driven).

I met Evan You at Laracon earlier in the year, he's an awesome dude and has put a lot of thought into everything Vue. Thanks again for making Vue! :)

sjnsjn 4 days ago 0 replies      
It (v2) is quite fast too http://www.stefankrause.net/wp/?p=316
asymmetric 4 days ago 0 replies      
> I'd say Vue.js is like socialism: you are in definitely in charge, but Vue.js is always within reach, a sturdy, but flexible safety net ready

I think he means social democracy

esafwan 4 days ago 0 replies      
I had a look at Vue after a long time and then weex a react native alternative using Vue.js instead of Reactjs. Backed by Alibaba and actively developed it looked really good. But a look at issues made me a bit afraid to use it. The primary language used for discussion, suggestions etc is chinese. Documentation however is available in english.


tribby 4 days ago 1 reply      
vue is awesome.

I wish there were an equivalent to something like ember-fastboot for out-of-the-box server side rendering, though. (server-side rendering for those who care about progressive enhancement in the browser, not isomorphism).

thex10 4 days ago 0 replies      
Fun fact: There's a Vue-based HN clone: https://vue-hn.now.sh/top

I just realized that it's more dynamic than I thought when I saw two stories switch positions on the page. How cool!

adamnemecek 4 days ago 0 replies      
These discussions almost never mention cycle.js. I haven't done front end in a couple of years but whenever I read something from the author of the framework, I'm pretty impressed and the choices they made seem very promising.
flukus 4 days ago 1 reply      
Is there anyone that's used Vue and knockout that would like to share the strengths/weaknesses of each? The both seem quite similar so I'd like to know if I missing out on anything by not switching.
WA 4 days ago 2 replies      
I tried Vue.js a few months ago and liked it a lot. But now, I need to rewrite my apps and I decided to go the Cordova road with Ionic 2, because Ionic 2 is, imho, unparalleled in its quality.

Ionic 2 uses Angular 2 and I wished there was some Ionic 2 + Vue.js bindings. However, after working with it for a bit, I found that Angular 2 is actually quite simple with the benefit of using TypeScript out of the box.

Before you dismiss Angular 2, give it a try. It's fundamentally different from Angular 1: easier to learn, less complex, faster results.

cmpb 4 days ago 1 reply      
My team and I are considering switching from Knockout.js to Vue.js. Has anyone here made that (or a similar) transition and do you know of some pros / cons, battle stories, etc.?
jvanveen 1 day ago 0 replies      
Nice readup. There are fine alternatives to react. Another vdom lib that's pretty good and not often mentioned is ractivejs.
whatnotests 4 days ago 0 replies      
It's great to hear a success story. Kudos to the GitLab team.
wasd 4 days ago 1 reply      
It would nice if they shared the 30 -> 1 line change.
BinaryIdiot 4 days ago 1 reply      
How does Vue.js handle high latency issues? With Angular 1.x I've always had issues where the GUI will "flash" while the HTML is loading and the angular.js has not yet finished loading on a slow connection (so you might briefly see all of these {{message1}} {{message2}} etc on the page). I'm curious how Vue.js handles that case or if it has the same problem.
jeppebemad 3 days ago 0 replies      
We _just_ started using React, primarily for it's server side rendering support in .NET with Reactjs.net. Works really well and the React mindset feels great.

Coming from Angular 1 though, Vue has a lot of appeal. Is there any support for SSR in .Net, or anything in the pipeline? I've not been able to find anything.

jordache 4 days ago 0 replies      
Is there a normalized performance suite that compares the popular front-end frameworks?

I understand if performance is of utter most importance, you may not want to use a framework layer. However there are tons of other benefits associated with using a framework.

haalcion3 4 days ago 1 reply      
I'd like to discuss the following comparison in: https://vuejs.org/guide/comparison.html#Angular-2

> Vue 2.0 seems to be ahead of Angular 2 according to this 3rd party benchmark. ( http://stefankrause.net/js-frameworks-benchmark4/webdriver-t... )

The latest benchmark provided is actually:


But, Angular 2 is v2.1.1 now, released 2016-10-20. Someone should update: https://github.com/krausest/js-framework-benchmark

However, as they say, "In terms of performance, both frameworks are exceptionally fast and there isnt enough data from real world use cases to make a verdict."

And Angular 2 Hello World is easier than they make it seem in the comparison:

> starts out with an app that uses ES2015 JavaScript, NPM with 18 dependencies, 4 files, and over 3,000 words to explain it all - just to say Hello World.

It's just the following with a lot of documentation that could be simplified:

 mkdir angular-quickstart (add package.json) npm install mkdir app (add app.component.js) (add app/app.module.js) (add app/main.js) cd .. (add index.html) (add styles.css - optional step) npm start
Also, it makes the case that Angular2 is "enterprise" because many use TypeScript with it. But, TypeScript is optional in both Vue and Angular2, so people could just as easily make the argument that Vue is "enterprise" because it supports TypeScript.

Finally, it's true that Google uses/develops Angular2, so that's some significant backing. If you want to see who's using Vue:


That doesn't mean anything on its own, though. It could be just fine to use and expect to continue to be hyped.

ilostmykeys 4 days ago 0 replies      
Building something fast is a radically different proposition than being able to maintain it with ease. React is mostly aimed at the latter while VueJS at the former. There is no comparison.
smegel 4 days ago 2 replies      
Oh man, I just started learning React... https://vuejs.org/guide/comparison.html
dodyg 4 days ago 0 replies      
I like Vue. I am using Ractive.js at work. They are both quite similar in terms of their prioritization of ease of use and performance.
asb 4 days ago 0 replies      
Has anyone had any experience with vue.js + Dart?
breerly 4 days ago 0 replies      
Not a single link to Vue.js
lucaspottersky 4 days ago 0 replies      
Why? because you're a bunch of hipsters that can't stick to the mainstream technologies =)

As an opensource project, it'd be easier to get contributors if you could just stick with Angular.js, for example.

nidu 4 days ago 2 replies      
I suppose Vue.js is not very TypeScript friendly?
iamleppert 3 days ago 0 replies      
Why is it that the first instinct of some developers is to go out and 'choose' a framework? Even before you know the thing you're building is going to be around for awhile, people automatically think they need a framework to do anything these days.

Does it feel good to let someone else make critical decisions for you, instead of thinking for yourself? Can all projects really be distilled down into some javascript framework?

The benefits of using a framework these days are rapidly evaporating as what is trendy today likely won't be in a few years anyways. And the truth is after so many months or years or commits, the benefits of structure of the framework start to fade away as the application becomes more customized and bespoke. All the complexity is in the actual application functionality, not the tiny little savings and poor abstractions that a come with a framework.

I've worked for large tech companies and small alike. It all goes the same way. Some developer who is super opinionated and passionate props up their framework of choice, or does some kind of perfunctory analysis of the "current best" of whatever is available at the time and the rest of the other more submissive developers go along with him. It has more to do with group dynamics than has to do with actual technical merit, or what is best for the product or business.

Then, once the system has become a ball of mud, the "lead" guy leaves. Or he proudly exclaims there's a new hotness in town, and that we need to rewrite our application in this new thing because it's faster, or better, or you get to type less. Or some other such bullshit. He'll then go to give demo's of how fast you can make a simple app that has nothing to do with anything -- like a simple TODO list -- "look how fast it renders!" he'll exclaim (of course forgetting to tell everyone the first page load or stale cache hit is actually worse).

I personally hate giving up the freedom of what abstractions I get to decide on, how to structure my code, how to organize my API's, etc. for a supposed one size fits all solution created by someone I've never even met or talked to, and for code that I haven't reviewed.

If it's a library that's doing something useful and providing a great API, like some 3D graphics, drawing primitives, ML, database engine, etc. that's a different story. That is useful software that actually does stuff. But for "rendering" (I say that lightly because the browser does the rendering and layout, a framework merely is a middle-man) forms and buttons and keeping state of an application? Or telling you how and where to put source files, and name things? That's your job as a developer to come up with these conventions and to build an application that is 1:1 with the problem domain.

spankalee 4 days ago 0 replies      
It's really a shame that Vue doesn't use standards like custom elements.
baybal2 4 days ago 0 replies      
>Why we chose Vue.js


thecrow1213 4 days ago 0 replies      
No comparison to React... Yawn.
fetbaffe 4 days ago 1 reply      
Why you should never use Upwork medium.com
1142 points by shadlovesgrowth  2 days ago   251 comments top 66
delegate 1 day ago 1 reply      
I once interviewed for Upwork pro. They sent me an Xcode project and I had to make some changes to it.

However, the required changes referenced features and files which weren't in the project and made absolutely no sense.

Even worse, the project they sent me was the "Photomania" project from Stanford's CS193p class: http://web.stanford.edu/class/cs193p/cgi-bin/drupal/node/289

But the copyright information (Copyright by Stanford University) has been ripped off from all the files and replaced with "Copyright (c) 2015 Upwork". No reference to stanford CS or anything like that, just copy and paste.

Which is very wrong in my book.

I wrote them a message and after some fruitless exchanges with 4 or 5 different support people, I've decided to just let it go.

The incompetence of the interview assignment, coupled with robotic support answers quickly convinced me not to waste any more time with this bunch.

asoskm 2 days ago 4 replies      
Totally agree with the article, and I am more than certain that such acts and extortionate behaviour are widespread on the platform.

It seems it is part of their business model to allow clients in developed countries to find people in developing countries (all with weak legal systems and corruption) to commit illegal acts (both violations of public and private law). Just look at how many jobs involve rewriting, scraping, penetration testing (really a guise for hacking others sites) modifying existing copyrighted content to circumvent laws.

Upwork as middleman profits -- and takes a blind eye to all this corruption - since cross border police investigations are so difficult to manage when dealing with corrupt countries.

In my case, I had my competitors procuring hackers off Upwork to take down my site. We found out because one person who was contacted on Upwork to bring my site down actually contacted me via my site and provided screenshots and other evidence. There was literally a job posted requesting contractors to take my site down.

We raised this with Upwork. They did nothing.

Guess what they said?

Their customer support asked if I had proof that my site had been hacked by the specific person who posted the job on Upwork and that if had suffered financial loss as a result of the hacking! It wasn't merely enough for their client to procure contractors on the platform to commit an illegal act. They wanted proof that I suffered financial loss!!

However, I can say that we are considering a civil suit against them. It would be interesting to see how this impacts their brand.

Note: Please forgive the messy and unstructured writing. I've been writing it while walking the streets of Central London shopping for X-mas gifts.

shadlovesgrowth 1 day ago 1 reply      

Apologies for the capitals, ladies and gentlemen. Please can I remind all of you to be Civil.

I've just received an email from the man himself, suggesting that I'm getting people to give his FB page 1* reviews and to spam his email. He's threatened (implied) legal action directly against me.

Publicly let me say, for the record (Hopefully it doesn't get wiped), that I do not encourage any of the aforementioned behavior, nor do I condone it.

He's currently posting on reddit and generally acting like a massive douche over email to me, still. After all of this. So the above was quite hard for me to write, but remember there may well be a lot of people working at said company, that have families and lives beyond this.

So please refrain yourselves.

Appreciate all of the support and input, from everyone.

traviswingo 1 day ago 5 replies      
I think the worst part about this is that I wasn't even surprised throughout the entire story. Anyone who has been a freelancer has dealt with the random, uncalled for threats from clients to give you a bad review or try to suspend your account. It's the reason I gave up on working on platforms like Upwork and Freelancer almost immediately.

Building a personal network is way easier to find contract work and you'll make more money in the end while creating real relationships that will help you foster your career.

I'm sorry this happened to you, and I'm super glad you revealed this persons name publicly. Good form.

almata 1 day ago 6 replies      
From the Upwork FAQ: "You'll need to download and use the Upwork Team Appthis tool includes the Work Diary, which ensures you are guaranteed payment. By taking work-in-progress screenshots every 10 minutes, it provides proof to your clients that you are hard at work."

Screenshots every 10 minutes? You mean... screenshots of MY SCREEN every 10 minutes? That was what made me close their website and totally forget it until I've seen this submission on HN today.

phonon 1 day ago 0 replies      
Some new developments (in comments of the original post)

Rich Pearson

1 hr ago

Shadi, I work at Upwork and your post about your experience makes us feel terrible. Weve reopened your case and are investigating it much more thoroughly. We hope to have a response to you quicklyif you have any questions or want to provide more details, please email me at rpearson(at)upwork.com. We care very much about our freelancer community and want to make this right.Rich

1 response

Shadi Al'lababidi

16 mins ago

Rich, it shouldnt take a post like this for you (Upwork) to give someone special treatment. I know there are thousands of others like me that rely on your platform (most, far more than myself, for much larger %s of their income). In some cases this can very literally mean the difference between putting food on the table and not.They may not be able to spread the message like I, or speak English in such a manner. They may not be able to drum up enough attention, so they go unnoticed. Its no skin of Upworks back, until it turns into a PR mess. Hence why youre commenting.Lets cut the shit, Rich. Ive got 2 tickets open and have been messaging everyday for the last 11 days. Nothing, nada. Just, Weve banned you and you cant know why. (For those reading this, yes, they do say you cannot know why.So as to not to let on to why they ban you).Ive tweeted at you, nothing.Now, I have roughly 75% of a months worth of Upwork money stuck on there. If I were someone else, or someone without other income streams, what would I do? What could I possibly tell my incumbent clients? Shit, what am I even going to tell my incumbent clients? youve just left me without a months worth of wages and a big fuck you, theres nothing you can do.So, I do not want any special treatment. I will not contact you via email. This is an integral problem with Upwork itself and I will highlight it as much as I possibly can, even if that means losing the money and my reputation on there that Ive been building up over the last year.And please Rich, Im a bloody marketer for Christs sake. Dont come at me with that standard company mumbo jumbo it makes us feel terrible. Youre just being patronising.

rikkipitt 1 day ago 1 reply      
Here's the link to close your account if anyone is interested:


milankragujevic 2 days ago 2 replies      
Absolutely disgusting behavior by Kevin. I'm kinda hoping that it's just incompetence at UpWork that caused this, and not that Kevin actually knows someone at UpWork, but in all cases that's why I stopped freelancing through UpWork and similar, and started building a solid client base which know that I'm always there to help, for the right price of course. Plus I write somewhat technical and topical blog posts about the technologies I work with (mainly video encoding, processing, P2P CDNs, etc.) and that seems to pull clients in easier than it would be using UpWork.
jeffmould 2 days ago 4 replies      
Looking at some of their responses to reviews on Facebook (https://www.facebook.com/wiperecord/reviews/) it would appear the attitude is part of their company culture. Amazing, for a company that bills itself as trying to help people overcome their past, it appears they are simply in the business of taking advantage of a vulnerable group.
ftrflyr 1 day ago 3 replies      
Long time user of Elance and then Upwork here. I can attest, what occurred in this story is common.

The problem that Upwork doesn't realize is that without an active and happy freelancing demographic, clients will go elsewhere. Historically, Upwork has made it a priority of catering to the client. This is evident given their JSS. For those of you who are not familiar with JSS, it is a score that companies / clients use to hire freelancers. Now, one would assume the score is based on past work with clients. This is not all the score accounts for. Timeliness is responding to invites, the number of long-term clients you maintain, the number of clients you hassle (yes, Upwork actively goes out and tells it's freelancers to hassle their clients to leave them feedback - the responsibility falls on the freelancer and only the freelancer), etc.

Thus, when clients don't leave feedback (for whatever reason), you are dinged. Upwork won't tell you by how much exactly so let me give you an example.

12 months ago, my score was 92% (Top Rated). A client hired me. We went over the terms of the contract (# of revisions, not working on the weekends, etc.). 2 weeks into the project, the client started to deviate from the terms of the contract. I let them know and they began to get pissy. This happens all the time as Upwork has created a platform where the clients hold all of the power, and they know this.

A week later the contract wrapped up, and I managed to make the client happy as they left me a 4.7/5 on my profile and a positive review. Clients are able to leave private feedback the freelancer can never see. When the JSS score updated (every two weeks I believe-mind you, I had not worked any other jobs since that job) my score went from 92% to 71%! A 21% drop.

Suffice to say, for the past 12 months, dozens and dozens of clients later (most with positive reviews); I am now only sitting in the low 80's for my JSS.

In conclusion, Upwork is the worst example of an online marketplace for freelancers who have a backbone and are not afraid to tell a client how it is. After all, we are hired for our expertise and when a client proceeds to tell us how to do our job, it poisons the freelancing community.

edit: spelling errors.

zachruss92 2 days ago 1 reply      
I think that the freelance marketplace is not good for the freelance economy as a whole. A lot of the time, it creates a race to the bottom as far as pricing, and you have to compete with workers overseas undercutting you at every corner.

When I first got started freelancing, I used eLance (which is now UpWork). I had a similar experience with a client, they suspended my account for 2+ months, and I won the dispute at the end. If I didn't have my own clients outside of eLance, I would have been screwed and not even able to pay my rent. After that, I stopped using the service and haven't looked back 4 years later.

I have a friend who actually does know someone on the executive leadership team at UpWork, I just emailed him with your article - hopefully something positive can come of that. I really hate it when all around bad human beings go around and try to make people's lives harder.

Down_n_Out 1 day ago 1 reply      
Hmmm, interesting:

"Thank you for using Upwork.

At this time we are unable to close your account. Please call our concierge team at 1-866-676-3375, select option 3, and we will help you close your account.

Please note: For security purposes, you will not be able to change your username, or open a new account with the same email address.

If you need help, please contact Support Services."

marcell 1 day ago 4 replies      
Shameless plug: I run a new company, CodeGophers, that competes with Upwork. We get a lot of unhappy Upwork customers.

Unlike Upwork our service has a quality guarantee, so clients aren't forced to manage freelancers, and deal with low quality work. It's kind of like a product manager and freelancer combo, and overall it's much easier for the client.

If you're unhappy with Upwork, please give us a shot. You can see our site at https://codegophers.com, or start a task by writing in at:

We're able to handle most small tasks in a matter of a few days.

dvcrn 2 days ago 1 reply      
Damn, that's rough. Hard to believe customer support is this ignorant, but if it really directly comes from the CEO, I doubt they can do anything.

I hope this gets some traction through HN to bring it to the attention of the right people.

I am currently looking for a Freelancing platform and also looked at upwork. Thanks for that, will avoid them!

didgeoridoo 2 days ago 1 reply      
Never, ever give a price break without a scope change. Apart from the obvious $/hr benefits, it's great way to figure out if the person on the other end of the line is an abusive psychopath. A professional will understand that you're trying to help them achieve a realistic value for their budget. A psychopath will take it as a personal affront and become transparently manipulative and/or abusive. This is a great time to cut off contact before it escalates to the level shown here.
desaiguddu 1 day ago 2 replies      
Brave of you to put a write-up ! Fuck you Upwork !!

When I started my consulting company, I decided I will not rely on this Upwork - Freelancer.com shit!

I use various aggregator services -

1.) StackOverFlow Jobs

2.) No Mad Jobs

3.) PDX Startups

4.) Slack Groups

5.) Domino Slack

6.) Meet, demonstrate your services

Everyone can teach WipeRecord service a lesson - I will be giving them 1 Rating on Facebook, Yelp and all other places with a write-up.

prmph 1 day ago 0 replies      
UpWork is simply a joke now. They were a bit better when they were oDesk, but now the sheer incompetence is hard to understand.

They keep inviting me to jobs that have no relationship to my declared skill-set.

They keep inviting me to apply to jobs for clients who have no intention of actually hiring.

They invite me to apply to work for them, and then fail to show up at the agreed upon interview time, several times

Whenever I reach out to support about an issue, they invariably, without fail, make the issue worse.

I'm seriously thinking of just deleting my account so I can focus my efforts on local freelancing

erklik 2 days ago 1 reply      
Sorry to hear about this Shadi. Kevin is one hell of a asshole. I try to refrain from using profanity but this man utterly deserved it. Will do my best to let every other freelancer know of this and recommend them to stay away as they can from Upwork.
infodroid 2 days ago 1 reply      
What I learned from this is not to ignore the warning signs of a psychopath client. Because you can easily get sucked in to a bad situation regardless of your good intentions, and you can't rely on the marketplace to resolve these disputes in your favor. This scenario can also play out on other freelancing sites, and it can also happen if you solicit clients directly and they turn out to be well-connected.
tptacek 2 days ago 3 replies      
Apropos nothing:

"$100 an hour is more than our CEO makes so I'm not sure we can budget $1500 for this".

Don't bill hourly! I know this sounds like a very silly example (it's not even logically coherent) but reasoning like this gets deployed all the time, even with sophisticated clients. People have anchoring price points for hourly rates that they don't have for other billing structures. Fixing this to make more money is literally as simple as "switch to daily billing".

pearjuice 2 days ago 1 reply      
A freelance marketplace is very much against the idea of freelancing. You are basically working for the marketplace with little freedom to design the actual work processes your way. Everything is geared towards getting positive reviews and thus getting more work through the marketplace. A vicious, underpaid circle.

Sure it works great for building contacts when you are not really visible yet. After you land a few gigs and have work, references and talent to show for, you should really abandon it asap. Better even, not start with it because the gamified nature will lure you in to do more gigs.

seirim 2 days ago 1 reply      
Very sorry to hear it. I've employed many on oDesk then Upwork over the years and almost always have great experiences with freelancers. In a rare case when I did have an issue, customer support wasn't very good from the hiring side either, fyi.

Also I think they shot themselves in the foot with the big price hike. Previously freelancers and I would just keep using their platform throughout working relationships. Now we use it like a dating app, meet a freelancer, work a project or two to build trust, and then leave the platform to handle payments on our own.

dewyatt 2 days ago 1 reply      
Convinced me, just closed my upwork account.
rrggrr 1 day ago 2 replies      
I use Upwork for projects and after reading this I wouldn't mind moving away from them. What are the best alternatives to Upwork for python and data science assistance?
webtechgal 1 day ago 0 replies      
As another freelancer who has been there, done that (not quite at Upwork, but at three other platforms namely Freelancer.com, PeoplePerHour and Fiverr [yes, Fiverr - and unlikely as it may sound, I found individual clients who placed thousands of dollars worth of work with me there,]) I can only and totally identify + sympathize with the OP here.

Of the three platforms above, I've found PPH to be the best in terms of overall mix/quality of clients as well as the platform's fairness (such as it may be) towards me (the freelancer).

After over two years of doing this almost full time, here is my takeaway:

The platforms have no love lost for the freelancers. Their first and foremost loyalty is (almost exclusively) reserved for the buyers, even to the point of being downright unreasonable in terms of favoring the buyers.

While I've been fortunate enough not to end up with the terminal outcome (yet), I have come close a few times and every time that happens, it is such an emotionally upsetting and disappointing experience that I feel I could write a whole book about it, but then lose the inclination after a while.

Such then, is the state of affairs and I guess there's little anyone (well at least I, at any rate) can do about it.

joelennon 2 days ago 1 reply      
Just so you know, you inadvertently included Kevin's email address in one of the screenshots. You blurred it out from the "from" section, but it's also showing in a "flagged as spam" yellow box. I'm sure this wasn't your intention.
atrilumen 2 days ago 0 replies      
Shadi, please also post this on https://reddit.com/r/freelance.
coolgoose 1 day ago 0 replies      
It's so sad to see that.

1. People that try to hire freelancers don't have the decency of considering that freelances have to pay: fees, taxes and other markups (transfer fees for eg).

2. The usual you quote me X but my budget is X/2 tops, and the failure to realize that an Z for hour = x, or i can give you z/2 and double the number of hours and still get X.

When an experienced developer in his field gives you a 15 hour quote, it doesn't mean that it's an easy job that can be done by anybody in that time frame, since if that's the case you would have done it yourself already.

base1996 2 days ago 1 reply      
Thank you for sharing your experience, I am closing my account. But do you have any similar (or not) service you recommend me to use ? As a student I work with a company through this platform. Thanks by advance
stanislavb 2 days ago 2 replies      
I think UpWork deserves the negative PR now... They will be more careful from now on..
imjustsaying 1 day ago 1 reply      
Closed my account.

Interestingly there's very few reasons for closing you can select from the closure page. You can't even choose an 'other' category to write in the reason.

kapauldo 2 days ago 0 replies      
I've heard this complaint many times about upwork. They step all over freelancers and you are presumed guilty. Thanks for taking the time to write this up and I hope people will heed your warning.
graeme 22 hours ago 0 replies      
It's a real shame. I used Elance for around four years (as a client, not a freelancer). This was before Elance merged with Odesk and became upwork.

I'm sure elance had issues. But I noticed a marked uptick in problems when the upwork migration became. The Elance interface was old school, but very functional.

Upwork was confusing. The migration was a mess and made me a freelancer by default, as I had also had a minor freelance profile on elance that I had never used. Took weeks to resolve.

The desktop app....actually, I don't remember the issue, but it led to me leaving the platform entirely. I think messages took ages to load.

I will eventually look for new freelancers, and I'll need to figure out a replacement when I do. It sounds like Upwork is not a great place to be for a freelancer now and that means the quality ones will be elsewhere.

As a client, I want freelancers to be able to make money, and to denounce bad clients. By catering excessively to clients, Upwork is going to select for toxic clients.

phantom_oracle 1 day ago 3 replies      
Nobody else has said it, but I guess I should then...

Does anybody else find it odd that this mans real name is: Shadi Al'lababidi

However, his UpWork profile is: Shadi Paterson

I've seen this done quite a bit when companies (especially the American kind) ship their support overseas, but are either too embarrassed to let their workers use their real names OR justify such actions by saying: "Some Americans will find it difficult to say your name" (or in other implicit scenarios, because your name is Muslim-sounding - or X-sounding - will associate you with terrorism/other-ism).

Imagine the world we live in, where in order to do a job (or get work), you have to literally change your REAL name to appease to the demographic.

Whether Shadi did this of his own accord or was instructed to by UpWork to 'passively appeal' to the hiring-clients, it is quite a shocker to see it YET AGAIN.

slinger 1 day ago 0 replies      
I'm sorry to hear that this happened to you. I just closed my upwork account and I will spread the word.
dageshi 2 days ago 0 replies      
Useful to know, will steer clear of Upwork in future, thank you.
mrsheen 2 days ago 0 replies      
I had similar feelings about Upwork. I am closing my account very soon as well.
edoceo 1 day ago 0 replies      
I purchase talent from upWork on occasion. But less and less. On the buy-side I think the personal network works better. And, with so many jerks on the buy-side it scares the talent away. Death Spiral.

Is it possible to have a community like this without the BS? How to stop it?

desireco42 2 days ago 0 replies      
I am really sorry you are wasting your talent on marketplace like this. Wish I could help you get better work.

Behavior like this, from this dude Kevin, well that is normal on marketplaces like this. If you are experienced, you should always steer clear when you see people talk random stuff.

ftrflyr 1 day ago 2 replies      
How is this falling off the front page?
alucab 1 day ago 0 replies      
Terrible story, all my support to you.It is completely true that the protection we have is very limited and that we must be VERY VERY selective with clients.Also if this means to reject offers.Also if this means to not earn money.I try to give qualified answers and i ask for qualified customers able to communicate and competent to discuss requirements.Otherwise i let them go awayToo busy on other projects thanks is my mantra on UpworkIt needs discipline and will but to be entangled in a poisonous relation with someone who can harm you far worse.Push this story around, it is the best vengeance
dangle 2 days ago 0 replies      
Sorry this happened. Closing my account now -
city41 1 day ago 0 replies      
A major theme of the story is using third parties means you have less control. So why post it on Medium?
erikb 1 day ago 0 replies      
The goal here should be to sue, not just making things public. Why don't you get a lawyer the moment your account won't be reopened? Upwork owes you over $1000. A client is seriously trying to harm your public image, which may result in losing customers/business. Both points themselves would be enough to talk to a lawyer. Together they are clear suing material.

If you go public you actually open yourself up to get sued. Also cheaters and bullies will see that you didn't sue and therefore see you as an easy mark. Normal schoolyard logics apply, just that as a grownup you don't hit them in the face but sue.

(I'm not a lawyer)

MarkMc 1 day ago 1 reply      
What's the alternative to UpWork for a skilled computer programmer who has fairly good English but has no formal education and lives in a poor country?
matsatler 1 day ago 0 replies      
Upwork seems to always take sides with the company/client. It is terrible practice and very scary for freelancers that use upwork as primary income generator.I had few challenges with upwork and it took weeks to resolve. Seems as freelancers have to walk on eggshells around upwork support or clients when issues arise.I guess there is a huge opportunity for the next upwork.
0xmohit 1 day ago 0 replies      
Although sites like Upwork make money from both sides (probably more from freelancers), they are likely to support those offering work.

Perhaps their line of thought goes like: Freelancers would always outnumber those offering work. Even if some walk away or are forced out, it doesn't matter as long as we manage to keep those offering work on board.

noonespecial 1 day ago 0 replies      
Another fine example of when you should ask yourself, "Am I the customer in this deal or am I the raw material that gets rendered into the 'product'?"

With upwork, not only are freelancers raw material, they are so plentiful that waste is free for upwork.

drivingmenuts 2 days ago 0 replies      
Well, shit.

And I was about to try out some freelance work just to get some income going.

Best of luck. You got a raw deal on that one.

nfriedly 1 day ago 0 replies      
Back when Elance was a separate site, I created a script to automatically withdraw funds from my Elance account to my bank account. I posted it to their forums and promptly had my account locked "after a routine review". They unlocked it after I jumped through some hoops, but I think the same shoot-first attitude clearly survived the merger with upwork.
throwaway7312 1 day ago 2 replies      
From the employer side. We're a platinum employer on UpWork with probably close to $100,000 spent on the platform and maybe 70 completed jobs. Tons of reviews calling us one of the best employers on UpWork.

Right after oDesk merged with eLance to form UpWork, the platform rolled out its new "job success" score and sidelined star ratings (which was how it'd previously determined employer and contractor quality).

We typically hire multiple contractors to small test jobs, and let them know these are test jobs. We then keep the best one or two on, and the rest we thank for their work, give them a good review (assuming they at least tried), and end the project.

In this case, right after UpWork rolled out its "job success rate" score, we had a few trial freelancers we brought on who simply did not even start their projects or respond to communications. So we ended those jobs and marked them "unsuccessful."

Within maybe a week, I received a "letter from the principal"-type email from UpWork letting me know that we had too many unsuccessful jobs and UpWork would be monitoring our account to make sure we were following sound hiring principles.

I assumed this was probably a situation where we had 3 job success ratings and 2 of them were unsuccessful, or something like this, since they'd just rolled this out. Whereas we had something like 70 five star ratings (and a couple of four star ratings) built up over the years.

I wrote to UpWork asking what this was about, pointing out that we have tons of five star reviews and this job success thing was brand new, and we just got a form letter back saying, in effect, "just be more careful."

So, now, we make every job "successful" when it ends, regardless how it ended, and are very careful to end jobs in a cheerful way with freelancers and tell them, "Okay! Job 5-starred and marked 'successful'!" in hopes they'll be inclined to do the same. It's not about accurate information. It's about not losing access to the platform.

We do hiring on other platforms as well. Guru, Freelancer, PeoplePerHour. Freelancer and PPH are comparable to UpWork in terms of fees (UpWork's a little bit higher). The PPH interface is pretty good; Freelancer's is not as good, and the quality of contractors on Freelancer leaves something to be desired compared to UpWork (though PPH is pretty good here too). Guru has great contractors and its rates are almost half of UpWork's (12.5% instead of 22.5%), but its interface is something out of 2009 and employers aren't even able to end their contracts with freelancers. It's just a downright byzantine system to use.

So, like it or not, we seem stuck with UpWork for now, and UpWork can run a crummier service than it used to in the oDesk days and charge twice as much for it because, well, they're the only game in town, and that's the market economy. We've moved what work we can off it (e.g., we use 99designs for design stuff now, and have found some terrific contractors we've gone back to repeatedly from them), but UpWork's still the best general place.

Maybe someone else will come along with a better service, cheaper. I kind of hoped PPH would be that, but they charge comparable rates, so maybe that's just what the market rate is for the middle man service between employers and freelancers. Wish they'd plow some of the new capital into better tech though. The new site design is worse than what it was before the upgrade, and often gets stuck loading in the browser. Still better than Guru though.

1_over_n 1 day ago 0 replies      
Yeah this is pretty grim - also shows someones true character when they are willing to act like this from behind the safety of a screen miles away from the person they are interacting with.

Not sure if you have posted on data tau but it might be worth posting there too @shadi....


kinkdr 1 day ago 0 replies      
Unfortunately corporate bullying is a new trend seen more and more frequently. We should be very careful in our choice of companies we choose to interact with.
akashaggarwal7 1 day ago 0 replies      
Thanks, I was hoping to get work at Upwork before, now I'm considering not to. I hope things turn out in favorable for you.
marcamillion 1 day ago 0 replies      
What's interesting about the timing of this story is that I have recently been playing around with Upwork for some freelance work and the issue I am having is actually a different one.

I have come to realize that there is a fundamental problem with the marketplace itself. I don't think it matches clients to freelancers properly.

I did two exercises. I posted a few positions as a 'buyer', and I got a lot of spam (i.e. non-personalized, crap postings to my position/gig/job that was obvious they never read it). I got more than I expected, which makes it difficult to weed through and find a freelancer I want to work with. Granted, I didn't want the typical "low-ball" freelancer. I was looking for a freelancer that knew what they were doing. Alas, I was unsatisfied with the results and ended up not finding what I was looking for.

I also responded to gigs as a Ruby developer. What's remarkable is that it is literally very, very difficult to get any work, much less the type of work I would like (high-value work with a handful of clients, potentially doing on-going work).

I first started off with a relatively high-ish hourly rate for UpWork ($80/hr for someone with 8 years of Ruby & Rails experience and 15+ years of web development experience overall). Because I had no 'history' with the platform, that didn't work. I filled out my portfolio, and responded to each job in a very custom way detailing the specifics of how I would tackle each job I was submitting a proposal to. This took much longer than just spamming, and was more mentally taxing, but I figured I could make up for my non-Upwork-track history by putting more into my proposal. No dice.

I then dropped my rates (down to as low as $40/hr) just to test, still no dice. I didn't even get responses.

Then, I assumed that maybe my proposals weren't robust enough or maybe I wasn't communicating my capabilities in my portfolio properly enough, aka I was being hit with a 'portfolio tax'.

So to get over this, I decided to actually bid on fixed budget tasks that were very specific in what they want and overlapped with specific stuff I have done in the past -- specifically "B2B Lead Discovery" or "Website Scraping" for something.

I recently have been playing around with scraping websites for different types of leads, particularly B2B, and so this suited me perfectly.

I then started applying to some of these with not just the specifics of what I have done, how I would tackle their specific task, but I would even send them sample results for similar leads to what they were asking for. So say someone was looking for wedding planners from each state (an actual job posting) where they would need the $CompanyName, $Website, $Email, $PhoneNumber, $Address. I replied telling them I have experience doing exactly this....in fact, I recently did this exact thing for accountants, so I replied explaining what I have done and how I can help them and I sent them a CSV file with a list of sample accountants, along with a picture of my script producing those results.

In one case, I crawled the specific website they wanted crawled and showed them pictures of the script doing that and then I gave them a suggestion based on what they were looking for and what I found. There was a disconnect between what they wanted, and what could be technically scraped from the website (they wanted email addresses for all users on MySpace to be exact). So I informed them that unless MySpace has an API that gives out this information, and unless you are looking for email addresses that people post within comments on the music throughout the site, this is a waste of time and I provided proof from my script.

Suffice-it-to-say, I did a lot of work on each proposal. I did about 7 - 10 of these specific proposals for scrapers, and about 15 - 20 other specific but not as specific proposals. I also didn't change the price they asked. So if they said their budget was $10, I replied with all of the above with a $10 budget. This is crazy, I know...but I did it just to experiment.

The results? Not even 1 reply. Not even 1. You can see screenshots here [1].

Yes, my portfolio on Upwork could be weak (although I doubt it because I think it looks pretty robust), and my profile could be a deterrent (because the language I use is a mismatch to what these clients are looking for) and my rates could be high relative to the rest of the marketplace, but the real issue is just an overall non-response from ANY of the 20+ proposals I submitted over the period of a week.

Something feels fundamentally broken with that, especially when considering my experience with the other-side of this experience.

I believe that there is some middle ground between the "elitist" Toptal and "broken" UpWork. So, I would like to try an experiment.

Do you have any high value ($30K+ -- note this is a floor, just to weed out inappropriate clients) development projects that you would like done? Either generic projects where no tech stack is specified or Ruby and Rails jobs for starters. I won't specify the types of projects, but something where you would prefer a "high-quality" developer help you see it to fruition rather than the cheapest developer you can find. Perhaps you have tried other developer services/gig boards and are unhappy with the process.

Do you want a product manager to help drive the entire process for you, from beginning to end?

If this sounds interesting to you, please send me an email to: marc+hnexperiment@mymvpblueprint.com.

If I can find a pattern for how to find these types of projects consistently, I would love to work with other developers to fill these needs. Until then though, let the experimentation begin!

[1] - http://imgur.com/a/MjHYk

city41 1 day ago 1 reply      
Why did he censor Kevin's name in all exchanges except for one? Was that an intentional "slip"? Or was revealing his last name an accident?
urza 1 day ago 0 replies      
So who is going to do a decentralized alternative to Upwork in the spirit of OpenBazaar, ArcadeBNB and ArcadeCity? :}
martinko 1 day ago 0 replies      
FYI, despite the fact that you attempted to censure the guy's personal info, you managed to leak both his full name and email address.
dba7dba 1 day ago 0 replies      
Even before the threats made to Upwork, I feel the 'client' was trying to trick the freelancer.

- Snag a freelancer without providing spec up front.- Once some desperate freelancer signs on, flood the freelancer with tons of work.- If the freelancer tries to back out, threaten that you will file complaint with Upwork. Since freelancer was desperate enough to sign on, the client probably assumes the freelancer will be desperate enough to suck it and finish the work.- Repeat. Hence 40 previous jobs.

I think some call this 'client' a shrewd businessman.

DominikR 1 day ago 0 replies      
> Im not going to talk about the impossibility of competition they offer due to being seriously undercut by those that live in countries with lower costs of living.

As a freelancer/contractor working exclusively for customers that have large budgets and pay a lot I'd advise against ever using such platforms.

You are going to compete with very cheap labour (and often low quality services) and businesses will expect that and pay accordingly.

Even if you have no projects lined up it's better to create your own small service or product which you can use later to advertise effectively what kind of value you could create for prospective customers. (go to local events and get into contact with future customers this way)

It's also interesting to note that Globalisation is so heavily pushed on all levels of our society although we can clearly see that it sucks for the majority living in rich countries.

Most people here probably do recognise (at least subconsciously) that it's impossible for them to compete with persons doing the same job in a third world country, no matter if they do a worse job. They make up for it by offering their services at such a low rate that they offset this easily. (some of them live in countries where you can easily feed, clothe and house a family with $200 a month - it's impossible to compete with that)

You could argue of course that it's great for third world countries (it was) lifting many people out of poverty, but would you want to get poor in the process? (take a look at Detroit, this could be our future)

Google, Apple and other large IT corporations (or really any large corp that needs IT services) of course are interested in lowering the cost of labour for them (which is a legitimate interest for them), so make no mistake, what they try to push politically in this case is certainly not in your interest.

35bge57dtjku 1 day ago 0 replies      
Didn't everyone know Upwork was a total POS a decade ago?
amelius 1 day ago 1 reply      
I guess it doesn't help if your name is "Shadi" :)
mamon 1 day ago 0 replies      
Anyone has a similar experiences with Crossover company?
mderazon 1 day ago 0 replies      
Sounds like he stumbled upon a subclinical psychopath.
tabbott 1 day ago 0 replies      
Ugh, what a terrible, terrible client. But I think the title draws the wrong conclusion. I've personally been a client on Upwork over the last year, paying several developers to work on open source software, and all parties have been very happy with the experience. I think one should think about this incident in the broader context:

* It's clear Upwork support screwed this case up. But one should keep in mind that resolving disputes between two people who both complain the other is a criminal (as in this case) is a really hard problem. The US justice system often gets it wrong (something egregiously). While it sucks when it happens, I think one should expect platforms like Upwork to screw up sometimes too.

* Dealing with people trying to cheat is a fact of life in any business. I've heard horror stories in the freelancing world of clients deciding not to pay a freelancer for months or work, freelancers pretending to do work, etc. Often, the wronged party is unable to get the dispute resolved satisfactorily, especially if the two parties are in different countries. Any marketplace the size of Upwork (https://www.upwork.com/about/ says $1B in jobs annually) will have a large absolute number of both bad clients and bad freelancers (there are certainly tons of bad bosses and bad employees in America, lots of bad taxi drivers, etc.). At least with a platform like Upwork or Uber, there's a reputation system where bad actors get bad reviews and eventually stop getting matched with other people. I'm willing to bet that this employer is a jerk to the people he hires not on Upwork, too.

* This particular client's behavior is extremely bad in several ways. But at least the client had bad reviews on the platform. Do business with bad people at your peril! They will figure out how to screw you.

* I had thought the "screenshots every 10 minutes" feature of Upwork was just an annoying invasion of privacy, until I had a freelancer report 50 hours of work fraudulently (i.e. he didn't post any work starting ~50 hours before I stopped paying him), make a bunch of increasingly unrealistic excuses that he would post his work soon once he got back from a vacation or whatever, and eventually disappear. After investigating, Upwork banned the freelancer, but their terms of service don't allow them to recover money already paid since we weren't using the screenshots feature. While I was upset and frustrated by it, I've also seen employees in the US stop working and hope to get a month or two of free pay before they get fired, and it's basically the exact same thing. Given the larger picture of Upwork having 3M jobs/year, mostly for relatively small amounts of money, there are probably a lot of disputes, and I think you should expect to have a significant fraction of disputes decided in a way where at least one of the parties leaves the dispute upset because the decision was wrong (the US civil justice system certainly has that property!). And keep in mind: a 5-20% fee on projects with a <$1000 average size doesn't pay for a lot of manual dispute resolution. Things like screenshots of emails can be forged; who knows what other fabricated evidence the client gave to Upwork support to help their side of the case. The screenshot mechanism is Upwork's current best solution for making dispute resolution efficient, and I think it does help: I haven't had fraud issues with those freelancers who are using it (and Upwork's ToS do allow recovering money from people whose screenshots show they weren't working). They address the privacy issues somewhat in that the freelancer can delete any screenshots they like before sharing with the client. They just don't get paid for those 10 minute windows.

OK, that's my little essay on the Upwork experience. Upwork isn't perfect, but no large marketplace is. Keeping bad actors out of a marketplace is a really really hard problem, and I don't think it's possible for them to eliminate bad behavior. Still, I hope they kick that client off the platform and take this incident as a wake up call to invest more in improving their dispute resolution processes.

anovikov 2 days ago 1 reply      
Sounds terrible. Absolutely disgusting.

Still, Upwork is an excellent mechanism for building professional network with both customers and freelancers and should just be used wisely.

LTE Has Slowed by 50% in the US This Year twinprime.com
490 points by wkoszek  5 days ago   159 comments top 31
franciscop 5 days ago 4 replies      
A quick reminder that 4G != LTE. The 4G specification requires a minimum speed [1] so LTE was launched to avoid exactly this minimum. It seems that the companies did it right by launching LTE instead of 4G as they could have lost their 4G status, while now they could drop as low as 3G speeds and still be called LTE (which is ironic on itself).

This wasn't commented at all in the article, using 4G and LTE interchangeably which I find troubling.

[1] 100Mbit/s for high-speed transit areas and 1GBit/s for low-speed transit areas, https://en.wikipedia.org/wiki/4G#Technical_understanding

josh2600 5 days ago 0 replies      
Traditionally the way that carriers deal with bandwidth congestion is to wait until people start screaming (and networks start breaking) before they invest in innovation. There are a bunch of technologies that could ease congestion and deliver significantly better wireless performance but they would require an investment that doesn't make sense for carriers (it's not like carriers can extract more money from you if the network is better...).

That is to say, subscriber ARPU does not increase with network investment, so why invest in the network until it becomes a drag on subscriber growth?

Source: I was a manager at ATT when the network in San Francisco basically died with the introduction of the iPhone 3G. It stayed that way until ATT added new towers and upgraded the software on the towers for better spectrum utilization.

rosser 5 days ago 4 replies      
Living in SF, I haven't really noticed this, which the article bears out. I was actually just commenting in one of our Slack channels at $work that it's still kinda weird to me that the internets are, on average, at least 4x faster (throughput, not latency) on my phone vs my home internet service (bonded DSL).

EDIT: Out of curiosity, I just checked again, first on LTE and then on WiFi:

 LTE: 30ms ping 64mbit/s down 23mbit/s up WiFi: 24ms ping 6mbit/s down 2mbit/s up

beamatronic 5 days ago 1 reply      
Mobile networks in a way are seemingly destined to be victims of their own success. I find that no matter what mobile bandwidth I'm getting, I can always use more. For example, considering adding a dedicated hotspot to my existing plan, just for my car. The better it works, the more I want to use it. And by "it", we are talking about a fixed physical infrastructure, otherwise known as a capital investment.
toomuchtodo 5 days ago 4 replies      
Excellent timing considering the HN thread [1] about T-Mobile being fined for network management.

"There is no doubt that the US will need to set up the infrastructure to keep pace with the rapid changes in usage and content expected in the future. Like any instance of supply and demand, we will continue to see a give and take in this market. As operators catch up to the current demand and LTE becomes faster, users will opt to use it over others thus creating greater demand, supply scarcity, and decreased performance. At which point the cycle will begin again."

TL;DR Expect more network management in the future due to heavy demand of a constrained resource.

[1] https://news.ycombinator.com/item?id=12745255

mjevans 5 days ago 1 reply      
I think that control of content is one of the major reasons for this. If users were more able to readily (and for zero cost to them) cache content when connected to local networks then we would see less content transferred over 'higher cost' networks.

Of course streaming services (I'm thinking more of Twitch than Netflix) for live content production are 'rather difficult to cache' in their prime viewing time.

morgante 5 days ago 2 replies      
Anecdotally, I've been incredibly disappointed in LTE speeds for NYC lately. It's almost a joke how slow LTE is. Browsing the web feels like using ancient DSL.

There's definitely a material difference between providers. I'm on Verizon now, but T-Mobile and AT&T were both much better when I had them (and I'll be switching back as soon as I can).

iagooar 5 days ago 0 replies      
I work at a quite large telecom company and one of the most repeated topics is that mobile traffic has been doubling every year for the last years. The trend is going to keep growing even more.

The nature of mobile networks is being a shared resource, as opposed to traditional DSL or Fiber which have a generally more dedicated bandwith.

This obviously implies quite a challenge for telcos, as expanding the network comes at a massive cost.

frandroid 5 days ago 1 reply      
> With the onset of functionality like 4K video streaming, this number is set to increase to as much as 22GB/month.

Oh god why would anyone want to watch 4K on a cellphone. Go for 60fps instead, you'll get some value out of that on your 5" screen.

timmaah 5 days ago 1 reply      
I've noticed it big time in the northeast. I live on the road and work via a Verizon connection. Over the last 6 months over 7 or 8 locations I get a full Verizon signal (with a booster) and very low speeds compared to a year ago. And speeds increasing at off peak times (it's fast in the middle of the night) point to overloaded towers.

I know people love to hate on cell companies but it must be hell to try and keep up with demand that changes so rapidly.

zanny 5 days ago 2 replies      
Hey look, another example of why trying to sell the rights to light sucks.

We are going to see AT&T / Verizon / etc go the way of Comcast soon. The cost to improve service will be high enough and the overhead of trying to get more spectrum when they hit physical limits annoying enough and their revenues large enough and the demand insane enough they are going to constantly try to buy each other out than actually invest anything until we have one big corrupt mess like Comcast is for physical wire service.

It seems like the inevitable outcome of having infrastructure services that should be public utilities instead be provided by private companies competing over who can exploit the state to get more unfair advantage, be it land access rights for wire carriers or FCC bribing for spectrum.

codazoda 5 days ago 1 reply      
"From early 2015 to early 2016 there was a 56% increase in data usage according to Cisco."

And there you see the problem with data caps (common among mobile carriers but swiftly coming to cable). We have plenty of bandwidth today and are squeezed for more money in a few years.

mschuster91 5 days ago 5 replies      
What I don't get is: why can't I as an app developer specify what kind of data transfer rate I need and have the phone choose which connection type it needs depending on the currently running software?

Like, if I'm doing push notifications or IRC, I'd tell the phone that I only need 2G speeds, and the phone only connects to something faster than 2G if I open the web browser.

Right now, my phone books into LTE as soon as it's in coverage mode - and it stays there, eating power like nothing else, instead of dropping into the relatively quiet and strong-signal 2G/3G/HSxPA cells and saving power.

givinguflac 5 days ago 1 reply      
I remember getting on VZW LTE reasonably early, with the HTC Thunderbolt (don't even get me started; that device was trash) and I consistently got 60-80Mb down. Now I'm the same location, same carrier, infinitely faster LTE modem, I get maybe 5-10Mb if I'm lucky. Such a shame, could've been transformative.
rcthompson 5 days ago 1 reply      
I went to a wedding in upstate New York last weekend, and I on the drive up, there were some areas where I had no 4G (or LTE, or whatever my phone gets), but anywhere that it was available, it was substantially faster than what I'm used to from the densely-populated areas where I spend most of my time. I assume this was because there were simply fewer people sharing approximately the same bandwidth.
gnicholas 5 days ago 2 replies      
This is an interesting read, but the comparisons to other countries/regions omits any mention of population density. It's much easier to roll out public utilities in dense areas than sparsely populated ones, and western Europe and Korea are more densely populated than the US.

Not that this excuses the big drop in speeds, but it makes the comparative piece a bit less relevant/accurate.

renegadesensei 5 days ago 0 replies      
Meanwhile here in Tokyo my mobile data connection is faster than the wifi running off of my 1 Gb/s internet connection...
rb808 5 days ago 1 reply      
I switched to tmobile $30 plan a year ago and regularly got 25mbps around Manhattan, now days I get around 10, often 5.
acdha 5 days ago 0 replies      
Des the actual report cover whether there are any differences across carriers? I know in the 3G era there used to be fairly significant variations for the companies which installed newer base stations without upgrading their back-haul capacity to match.
roflchoppa 5 days ago 1 reply      
22gb per month expected with 4K? Lawl I was doing ~40gb per month when I first got an iPhone 5s on att. Good times.
pmuk 5 days ago 0 replies      
Just did a test on my iPhone 7 showing 4G over EE in the UK... 18 Mbps down / 1 Mbps up
bjornsing 5 days ago 0 replies      
I've bet pretty big on this development (and its continuation) by building http://www.anyfinetworks.com. Gonna be very interesting how it plays out! :P
samfisher83 5 days ago 0 replies      
Yes the more people that use it slower it goes since people have to share the same bandwidth. However given all the datacaps the faster the speed the faster you hit the datacap so I guess you can look at the positive side.
jack_quack 5 days ago 1 reply      
Oh yeah! I was visiting NYC from Canada and I kept complaining to my wife that the LTE speeds were so slow in the city. I just couldn't understand it!
lightedman 5 days ago 1 reply      
"Network speeds are not what they advertise or what you see in the Bay Area"

So why are the companies in San Francisco not getting sued for false advertising?

dekhna 5 days ago 0 replies      
It seems that the companies did it right by launching LTE instead of 4G as they could have lost their 4G status
Osiris 5 days ago 1 reply      
I have Sprint LTE in Denver and the latency and bandwidth are horrible. I often get 1mbps with really high latency.
merb 5 days ago 0 replies      
> Verizon has the broadest LTE coverage at 95.3%, followed by T-Mobile with 91.7%.

higher than in Germany, great!

CodeSheikh 5 days ago 0 replies      
"Kill the Snapchat"
mycall 4 days ago 0 replies      
So as more people start using LTE, 3G becomes faster?
fbreduc 5 days ago 0 replies      
gimme a good ol hard line
Most serious Linux privilege-escalation bug ever is under active exploit arstechnica.com
476 points by saidajigumi  4 days ago   208 comments top 19
the_duke 4 days ago 5 replies      
Seems to be fixed by this commit (in 4.8.3).

commit 89eeba1594ac641a30b91942961e80fae978f839Author: Linus Torvalds <torvalds@linux-foundation.org>Date: Thu Oct 13 13:07:36 2016 -0700

 mm: remove gup_flags FOLL_WRITE games from __get_user_pages() commit 19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 upstream. This is an ancient bug that was actually attempted to be fixed once (badly) by me eleven years ago in commit 4ceb5db9757a ("Fix get_user_pages() race for write access") but that was then undone due to problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug"). In the meantime, the s390 situation has long been fixed, and we can now fix it by checking the pte_dirty() bit properly (and do it better). The s390 dirty bit was implemented in abf09bed3cce ("s390/mm: implement software dirty bits") which made it into v3.9. Earlier kernels will have to look at the page state itself. Also, the VM has become more scalable, and what used a purely theoretical race back then has become easier to trigger. To fix it, we introduce a new internal FOLL_COW flag to mark the "yes, we already did a COW" rather than play racy games with FOLL_WRITE that is very fundamental, and then use the pte dirty flag to validate that the FOLL_COW flag is still valid.

ontoillogical 4 days ago 6 replies      
At Appcanary, we're thinking about opening up our vulnerability database to be browsable and searchable by the public. If you're not sure which version has the patch for this vulnerability in your distro, here's what we know:

Ubuntu - https://appcanary.com/vulns/45984

Debian - https://appcanary.com/vulns/45983

Amazon Linux - https://appcanary.com/vulns/45992

Centos - no patch yet

If you found this useful, please let me know!

tptacek 4 days ago 7 replies      
It's probably the most serious Linux local privilege escalation ever.

Look, the Azimuth people have forgotten more about reliable exploit development than I have ever known, but, no, as stated, this is clearly not true. Not long ago, pretty much all local privesc bugs were practically 100% reliable.

What I think they mean to say is that this is unusually reliable for a kernel race.

I still think, though, that the right mental model to have regarding Linux privesc bugs is:

1. If there's a local privesc bug with a published exploit, assume it's 100% reliable.

2. In almost all cases, whether or not there's a known local privesc bug, assume that code execution on your Linux systems equates to privesc; this is doubly true of machines in your prod deployment environment.

drieddust 4 days ago 2 replies      
>However that's hard to do when the vast majority of kernel bugs come from vendor drivers, not the upstream Linux kernel, Stoep said.

Doesn't this actually validate Andrew Tannenbaum's argument[1] over 25 years ago when he said monolithic operating systems are inherently insecure and a rethink is required.

[1] https://groups.google.com/forum/m/?fromgroups#!topic/comp.os...

aexaey 4 days ago 9 replies      

 CVE-2016-5195 This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set. This is achieved by racing the madvise(MADV_DONTNEED) system call while having the page of the executable mmapped in memory.
Excellent example why mounting partition with system binaries (such as /usr) read-only is a good idea. CoreOS does this.

[EDIT] added "read-only"

saidajigumi 4 days ago 2 replies      
See also the dedicated page for this vulnerability, dubbed Dirty COW (for copy-on-write), aka CVE-2016-5195:


escapologybb 4 days ago 0 replies      
Okay, I have no idea what to do. Not a security engineer, can't follow what this thing does but I do have a couple of VPS's running my blog and a few other things. Now maybe there's an argument that I shouldn't be doing this if I don't completely understand all the ins and outs, but what the hell, I like learning about Linux.

So my question is: is simply updating and upgrading enough to protect me from this MOST DANGEROUS BUG EVER IN THE WORLD OH MY GOD YOU'RE GOING TO END UP PART OF A BOTNET AND HURT LITTLE CHILDREN!!1!!1! Which is how this reads to even a semi-technical reader, I mean I know my way around the command line but I'm at a loss as to what to do here.

Help me out HN please!

cheiVia0 4 days ago 1 reply      
Cool, this will be great for rooting Android phones to fix this and other security bugs!
cm3 4 days ago 1 reply      
Since for any serious bug that's published, there's very likely a dozen private or not-yet-found, and also considering on how many networked devices the linux kernel is used, I would really like to see a better upgrade story for Android devices and any other linux-inside gear which doesn't have a distro package manager to apply the fix. As little as I like obstructing tech companies with more laws, especially since most laws don't understand the tech, I feel like laws are the only pressure we can hope for. This is why the abuse of IoT devices is a good thing. It will highlight how dangerous it is to slap a random linux version in some device and never bother with updates. A fleet of smart tvs needs to be hijacked with a stalker trojan that is then used by people to record and later post online private moments of unsuspecting owners of always standby smart tv, amazon echo networked microphones, etc. It's just how the world works before it realize the risks and does something about it.

As an engineer you can argue and plead with management to not release something that you don't intend to provide timely updates with a well-communicated support time. Like a 2 year warranty that's prominently communicated, this would highlight to consumers that it's unsafe to use the device unless disconnected from the network. Just like a car that doesn't pass your local safety regulations is not allowed into public traffic.

Actually, I'm surprised modern cars do not require periodic zero-expenses-for-the-owner software updates at licensed dealerships. You can explain to a driver that tires go bad because they drove X miles and have to be paid for, but you cannot argue that software updates need to be paid for because from the time they bought it Y days have passed. Take the Samsung battery optimization that went wrong, where the separation layer was a tiny bit too shallow. It's fair to assume some regulation will follow for safety purposes. Similarly, networked devices, which are not (and cannot be?) microcontrollers with mere 500 lines of code, have to be regulated in terms of software updates.

Now you may say the industry will go broke if they're required to provide upgrades, or less devices will be made, but I think this will lead to consolidation of the software stack, which is mostly a good thing, as those who want to produce dozens of cheap IoT devices can do so without hiring kernel developers. It's like other industries where cheap toy makers source materials like plastic from vendors, knowing it's safe, or create the materials following a detailed recipe which is certified.

Unklejoe 3 days ago 0 replies      
Can someone help me better understand how this works, or perhaps point me to a decent article explaining more of the details? Most of the articles I can find just briefly explain the exploit, but not really how it works (in detail).

From looking at the example code, it seems like the general process is:

- Open some (normally un-writable) file as read-only and mmap it in to your process.

- Kick off two threads. One thread to repeatedly write to the same mmap-ed address via /proc/PID/mem and another thread to keep issuing the madvise call.

- Wait for some race condition to be (un)satisfied such that you're able to write to a cached copy of the file.

What I dont fully understand is how the /proc/PID/mem thing works.

Heres what Im curious about:

1. What would happen if you tried to write to the mmap-ed region directly? Since its been mapped in with PROT_READ, does this mean that youll get a segmentation fault or something? From the manpage, it seems like MAP_PRIVATE allows it to be a COW mapping, but I dont see how the combination of PROT_READ and MAP_PRIVATE is even valid. Unless this means that any writes to data copied from the mmap-ed region into other buffers will be COW-ed and that you cant actually write to the mmap-ed region itself? That would make sense to me.

2.How is writing to /proc/PID/mem any different than writing through the mmap-ed region directly? Assume that you werent running the madvice thread. What would happen then if you tried to write to the /proc/PID/mem file? Presumably the same thing that happens if you just tried to write to the file directly

3. Finally, how does the madvice call cause a race condition? I realize this might be a little too much to cover in a comment, but this seems like the meat of it.

kordless 4 days ago 2 replies      
Curious that the original commit's hash to fix this was never indexed by Google: https://www.google.com/search?q=f33ea7f404e5&ie=utf-8&oe=utf...
AznHisoka 3 days ago 0 replies      
I wish someone could explain in simpler terms to us casual users what this means.

If only privileged users can SSH into my server, does this really affect me? In other words, I already allow only SSH users to become root.

Hello71 4 days ago 4 replies      
Doesn't seem like it works on a $10 DigitalOcean droplet (1 vCPU) with grsec-patched 4.4.8. After running for quite some time (which I suspect a system administrator would notice) "cat foo" still outputs the same contents.
pbhjpbhj 4 days ago 1 reply      
If I'm reading this correctly it works only when there's already access to a user account on the system. So you need to have an existing vulnerability already [eg an untrusted user].

Interesting whether it will give new root exploits for Android as suggested in the comments.

winter_blue 4 days ago 1 reply      
If one's running an LTS version of Ubuntu like 14.04 or 16.04, can one can expect to get an update with the security patch for this?

I'm running Kubuntu 14.04 with the latest security updates, and I'm still on kernel version 3.13.0-98-generic.

 ~ $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.5 LTS Release: 14.04 Codename: trusty ~ $ uname -a Linux anon-pc 3.13.0-98-generic #145-Ubuntu SMP Sat Oct 8 20:13:07 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
No idea why I haven't gotten an update to 4.x. Should I just switch to a rolling release distro like Arch to have the latest updates of everything?

frederikvs 4 days ago 3 replies      
The github page [0] states that "The In The Wild exploit relied on using ptrace."Now, I'm wondering what purpose ptrace serves, aside from debuggers? Why don't we just disable this by default on production systems (where you shouldn't be debugging anyhow)?

[0] https://github.com/dirtycow/dirtycow.github.io/wiki/Vulnerab...

100ideas 4 days ago 0 replies      
Go go armlinux Internet of Things bot army!
fulafel 4 days ago 1 reply      
So the escalation is rw access to privileged files, are LXC and Docker container breakouts prevented then? Also does /proc access through lxcfs or Docker's handling of /proc make any difference?
ndesaulniers 4 days ago 0 replies      
I've filed a bug against Android Nexus/Pixel kernels. Will take a look tomorrow. I'm sure someone else already beat me to the punch.
Google Has Dropped Ban on Personally Identifiable Web Tracking propublica.org
507 points by scribu  4 days ago   287 comments top 39
omouse 4 days ago 17 replies      
The marketers and advertisers have finally won. Google hasn't been an engineering company for the last 5 years maybe, but this confirms it. It's like Facebook, they're beholden to the non-developers and non-software engineers who frankly don't care about other people's privacy and only see the dollar bills.

So glad I'm evaluating other email providers and use Privoxy for ad-blocking.

0xmohit 4 days ago 3 replies      

 We will not combine DoubleClick cookie information with your personally identifiable information unless we have your opt-in consent.

 Depending on your account settings, your activity on other sites and apps may be associated with your personal information in order to improve Google's services and the ads delivered by Google.
So opt-in becomes opt-out.

atrilumen 4 days ago 8 replies      
> Some new features for your Google account.

Oh, yeah, I remember that. I totally clicked "Ok, whatever."

How does one not be herded like cattle by the corporations, without making a full time job of resisting it?

dredmorbius 4 days ago 1 reply      
I'd just like to draw people's attention to a little bit of conflict-of-interest research some Stanford University researchers published a few years ago:

Currently, the predominant business model for commercial search engines is advertising. The goals of the advertising business model do not always correspond to providing quality search to users. For example, in our prototype search engine one of the top results for cellular phone is "The Effect of Cellular Phone Use Upon Driver Attention", a study which explains in great detail the distractions and risk associated with conversing on a cell phone while driving. This search result came up first because of its high importance as judged by the PageRank algorithm, an approximation of citation importance on the web [Page, 98]. It is clear that a search engine which was taking money for showing cellular phone ads would have difficulty justifying the page that our system returned to its paying advertisers. For this type of reason and historical experience with other media [Bagdikian 83], we expect that advertising funded search engines will be inherently biased towards the advertisers and away from the needs of the consumers.


whistlerbrk 4 days ago 2 replies      
A recent podcast (TAL? Radiolab?) just discussed the retreats Google has made over time with respect to privacy and intrusive advertising. I tried to find it - someone have a link? This very much continues the theme. It is important to note how much Sergey and Larry hated advertising and the belief they held that any advertising based search engine would inherently corrupt itself.
agentgt 3 days ago 9 replies      
I'm curious what bothers people most about the privacy issues?

Strangely I don't care that Google (and others) know about me. I probably should but I have just sorted have accepted the lack of privacy today.

What really bothers me isn't the privacy its them using that data to create a completely unfair advantage to continue the oligopoly that is quickly consuming all markets.

I used to be such a capitalist but as of the last few years watching what companies will continue to do to not just grow but grow exponentially with unfair and unethical leverage in every direction.

I'm curious if others share that feeling or is that just me. Or is it just invasion of privacy?

mikeleeorg 3 days ago 0 replies      
For people who didn't read the article but want to opt out of this tracking:

To opt-out of Googles identified tracking, visit the Activity controls on Googles My Account page, and uncheck the box next to Include Chrome browsing history and activity from websites and apps that use Google services." You can also delete past activity from your account.

Links from that paragraph:

* Activity controls: https://myaccount.google.com/activitycontrols

* My account page: https://myaccount.google.com/

* Delete past activity: https://support.google.com/websearch/answer/465

fencepost 3 days ago 2 replies      
Looking at the My Activity details is actually pretty creepy. Starting today working backwards, Google includes "Used Phone," "Used [my launcher]," "contacted [messaging site]," "Used [alarm clock app]," several overnight repeats of the messaging site when I received alerts, my Chrome-based website visits from yesterday, my foray into Android Settings yesterday, etc.

It all serves to make me happy that I'm using Firefox with uMatrix as my daily driver, and only use Chrome (with uBlock Origin) for the rare things that I can't get to load properly because of all the cross-site dependencies.

mtgx 4 days ago 1 reply      
Google seems no better than Facebook when it comes to privacy, and I'm not just talking about how far they're willing to go in tracking users, but also how they are willing to lie and violate their users' trust so they can collect more data.

Facebook is now getting into trouble in the EU for breaking their promise about not sharing WhatsApp data, and yet Google still goes ahead and does this. I hope the European Commission adds this as one more charge against Google.

Without real enforcement the companies will continue to do whatever the hell they want.

rdslw 4 days ago 3 replies      

Yes they deliberatly block chrome extension on mobile chrome, as then ublock usage on mobile would explode. Together with myth of mobile ads.

Do not evil. Riiiight. As long as it does not hamper our profit.

rmc 3 days ago 0 replies      
This is why we need the Charter of Fundamental Rights of the European Union. Article 8 covers personal data, and can blocks things like this.
urda 3 days ago 1 reply      
This is yet another reminder that it's important, especially for HN readers, to continue to give support to groups such as Mozilla and their Firefox platform. The more widespread Google and Chrome usage is, the more Google can push these changes with little to no resistance.
betolink 3 days ago 0 replies      
Just to give you and idea of how big of a deal this is, go to https://myactivity.google.com/myactivity and check what third parties could learn from you, with your name on it.
solveforall 3 days ago 1 reply      
[Disclaimer: shameless plug, and also previously announced as a Show HN a while back]

I would like to mention my search engine as another privacy-focused alternative: https://solveforall.com/

1) Does not track user activity. Hosted in Canada.2) Does not leak referrer to visited sites3) No ads. Will be considering affiliate links, a paid API,and/or "good" ads -- ads people want that don't compromise privacy4) Integrated feed reader which also provides search results5) Activation codes (like DDG bangs, so ?g instead of !g)5) Plugins written in JS/data to be searched can be added at any time.6) Deep search -- get results from the search results page of several sites at a time. Try https://solveforall.com/answers.do?q=rx+480&client.kind=web&...

There clearly a lot more work to be done, and I plan on open sourcing this soon, but please try it out and let me know any feedback you have!

feelix 3 days ago 3 replies      
I use google and have chosen to give up a lot of my privacy to use their services.

One thing I was never willing to do though, and I had an instant emotional reaction to not doing, was allowing them access to all my email.

They can have my GPS coordinates at all times, my web search history, etc, but they can't get into the inner workings of my life and my thoughts.

So back before I had any real use for it I just registered myname@myfirstandlastname.com and used that for my email address. It felt like a natural move. It does bother me still that a lot of the people I email do use gmail, so google still ends up siphoning of a lot of the contents of my email.

I see a lot of people talking about FastMail instead of GMail, but I don't know why more geeks don't register their own domain name which has several advantages (including looking better and more professional). The one downside is that mail search sucks. I'd love to get some decent search without giving up privacy somehow.

barnassey 3 days ago 1 reply      
More and more changes that do not bode well for google, first they changed it to where they can track what numbers you dial, then they tried that with your google chrome history and tabs if you synced it to your account and now this? People wondered why i stopped being a google evangelist after 2014.
throw2016 4 days ago 1 reply      
I think duckduckgo often becomes an alternative that isn't an alternative, in the sense yes its there, you are frustrated with Google's behavior and you persist for a whole day and then have to revert back to Google with tail behind legs so it's more of an alternative in name.

With the sheer scope of Google properties there is always going to be a tempation for 'value searchers' within the organization to give in to dark patterns and compromise users. I have been trying Yandex search and email and its fairly decent. Email is good, search appears to be a much more serious offering compared to duckduckgo but still some way to go.

However we need diversity and decentralization to prevent concentration and inevitable abuse of power.

snarf 3 days ago 1 reply      
Does anyone know the specifics of Google's privacy practices for G Suite (formerly Google Apps for business)? They claim no advertising, but do they use your data for anything else, and do they still build shadow profiles? If you're already buying 1 TB of storage for Google Drive, then you can instead sign up for the $10 month G Suite plan and get 1 TB of storage with ad free versions of their apps.
eveningcoffee 4 days ago 1 reply      
Like I have told under other similar discussions. Something in ToS has no relevance if data is collected. If data is collected then it will eventually be used (against you).
vonklaus 4 days ago 1 reply      
I expect google will experience outages >15 minutes for core services in the comung months. This is based on significant uptick in ddos sophistication, this has been referenced by Schneier-- although not in ref to Goog.

If changes like this announcement convince people to move away; I am all for it. This just proves not only their power, but the danger of a single point of failure.

ams6110 3 days ago 0 replies      
I've already stopped using Chrome on my computers and phone. Getting pretty close to dropping them into my hosts file.
CommanderData 4 days ago 1 reply      
Is it enough to install adblock on the router level? This would in theory block all domains tracking and serving adverts.
forsberg 2 days ago 0 replies      
So there are a lot of talk about using DuckDuckGo instead of Google but I'm wondering if anyone have considered using Bing as a middle ground?

Sure they track you but in my understanding they actually suck at it. :)

Animats 3 days ago 1 reply      
Log out of Google. Now. And delete all their cookies. Consider deleting your Google account. Put your mail on an IMAP server. Your ISP probably offers one.

(I don't use a Google account. My last login to Google was in 2015, and that was to update a browser add-on.)

yuhong 3 days ago 0 replies      
Also recommend that you read https://plus.google.com/104092656004159577193/posts/Bo88vgre... , particularly the comments.
pinewurst 4 days ago 1 reply      
Isn't Google moving aggressively to fingerprint-based browser tracking instead of cookies?
gjolund 3 days ago 2 replies      
What are the best alternative email services with a privacy focus?
yuhong 4 days ago 1 reply      

I was trying to figure out what was happening.

forgotpwtomain 3 days ago 0 replies      
> If you want to permanently opt out of the DoubleClick cookie, you can install the DoubleClick opt out extension.
yason 3 days ago 0 replies      
I sometimes wonder if why it is generally held that marketing sucks and advertisements are evil because they're so random, badly targeted and thus crappy.

I basically wouldn't mind seeing advertisements if they were relevant and spot on. And that probably hasn't been possible until all that big data is cross-indexed with user identities.

It may be that ads are considered bad because good ads happen once in a thousand.

awqrre 3 days ago 0 replies      
You have to be logged-in for the opt-out to be effective... so now they know exactly who you are...
a3n 3 days ago 0 replies      
Don't be evil. Not all at once.
JumpCrisscross 3 days ago 0 replies      
Does this apply to paid accounts', e.g. businesses', data?
rahrahrah 4 days ago 1 reply      
That diff in the article, does anyone know where it comes from?
c_r_w 3 days ago 0 replies      
That's weird. I guess they like making money.
RodericDay 4 days ago 0 replies      
When I read announcements like these I actually get a bit hopeful. These companies seem somewhat scared, and their funding bases more fragile than they let on.
philprx 3 days ago 0 replies      
Bait and switch?
qwerty1234567 3 days ago 0 replies      
ommunist 3 days ago 0 replies      
As for now, there is no viable alternative to Google. There is no distributed, free independent search engine that provides such quality relevant search results as Google, and is caring for users privacy.

I do not think either it is financially possible to run such a thing, without someone's vested interest in metadata behind such possible endeavour. There is silent demand for such an effort however.

UPD: I know about DuckDuckGo, but look: https://www.netmarketshare.com/search-engine-market-share.as...

Hack the Kernel Learn about operating systems online ops-class.org
588 points by krat0sprakhar  2 days ago   51 comments top 19
itsmemattchung 1 day ago 5 replies      
Thanks for sharing. I'm certainly bookmarking this page and revisit this course after wrapping up CMU's 213[0]. How does this compare to Udacity's "Introduction to Operating Systems?".

[0] If you are self studying, like me, CMU offers not only the lectures online, but the labs as well: https://scs.hosted.panopto.com/Panopto/Pages/Sessions/List.a...

kev009 1 day ago 0 replies      
I wasn't expecting much at first as an OS professional, but wow this is great! Flipping through the slides, it's just the right amount of info and context to develop a working knowledge and vocabulary without much time investment or getting overwhelmed or losing interest. Didn't look at the videos or assignments yet.

If you work in some type of ops role this will really accelerate your career.

If you are a programmer and forgot or did not take an OS internals class, ditto.

You will not unlock maximum throughput, minimum latency or a balance without understanding these concepts.

antoncohen 1 day ago 3 replies      
Thanks for posting this. I was looking for more operating system courses. I'm currently watching Kirk McKusick's FreeBSD Kernel Internals course [1], which isn't available for free (the first hour is [2]), but I thought was worth the money. I find is really amazing that I can watch a course taught by someone who is such an expert in UNIX-like systems.

Along with a general in-depth OS course, I would like to find a Linux-specific course. Does anyone know of a good Linux internals course?

[1] https://www.mckusick.com/courses/introdescrip.html

[2] https://www.youtube.com/watch?v=nwbqBdghh6E

Animats 1 day ago 4 replies      
UNIX-like kernels are easy, in that you don't have to have that much running before you can run "Hello World". I'd like to see more on microkernels. You have to have more pieces running before you get to "Hello World".

Also, the emphasis on virtual memory and page faults is becoming dated. Paging out to disk is obsolete technology. RAM is too cheap, and mobile devices don't page.

black_stallion 1 day ago 1 reply      
The professor who made this class is leaving UB next fall. I'd be lucky to be able to attend this one last course under him(the class is gonna be a full house this time) before he moves out of UB, a sad event in itself :(
alistproducer2 23 hours ago 0 replies      
http://wiki.osdev.org/Main_Page has a LOT of great info on OS theory and practice as well.

Edit:added "as well." I don't want to give the impression that the OP is an inferior source.

unsignedinteger 1 day ago 0 replies      
Go bulls! I took Operating Systems with Kosar and worked on Pintos rather than the OS-161 modules. Honestly don't know what I was thinking, Challen's class seems far more interesting...
njade 1 day ago 0 replies      
I have to say - the course is very well organised. For me atleast, the structure and flow is exactly how I approach my learning. A video overview -> a though provoking discussion -> the problems -> hints -> academic paper -> solution. Neat.
Philipp__ 1 day ago 0 replies      
This is godsend! Today I found some final notes and resources over the internet, wanting to put my C/C++ skill to good use and build and learn something. Always was attracted to OS (having OS class in a year but I couldn't wait), so thanks for sharing this so much! Can't wait to get started tonight!
melvin0008 1 day ago 0 replies      
I have taken this course and the assignments are fun and challenging. Learnt a lot.
skmh 1 day ago 0 replies      
Wow! Thank you for sharing. Learnt a lot.

This is really worth keeping bookmarked. Highly recommended.

jza00425 23 hours ago 0 replies      
Mark this, will check it later. Thx
hellllloworld 1 day ago 0 replies      
its the best class i've ever taken. definitely worth solving the assignments!
kim0 1 day ago 1 reply      
That actually looks quite good! Can anyone who took this training vouch for it?
justin66 1 day ago 1 reply      

No, really, I'm asking.

RawData 1 day ago 0 replies      
Wow this looks pretty cool!
j_m_b 1 day ago 1 reply      
Do they have anything like this for learning how to transpile from lisp to other languages? =)
bogomipz 1 day ago 1 reply      
Wow, this really great. Thank you for sharing.

I didn't any "about" link. Does anybody know who did this or what the affiliation is? In this Youtube link I see "Buffalo":


Is this SUNY/Buffalo State maybe?

The lecturer in lecture 1/38 is fantastic. Does anybody know who this person is?

googler1500 1 day ago 0 replies      
Very nice. Look forward to using this.
Twitter Plans Hundreds More Job Cuts as Soon as This Week bloomberg.com
412 points by bentlegen  14 hours ago   296 comments top 34
artursapek 13 hours ago 35 replies      
I've always sort of had this question that continues to feel naive - but I'm not sure I know the answer: why do so many companies feel like they have to grow perpetually? Why can't Twitter just be happy being Twitter, knowing its limits and making a stable profit? Instead it's more users, more VC money, more staff... constantly burning as quickly as possible. There's a ceiling on every business; it's all bound to come crashing down eventually if you don't stop somewhere. Either you do it gracefully or hundreds of folks have to eventually lose their job unexpectedly (very sad).

Is the answer simply that earlier VCs put pressure on the executives to keep growing so they can multiply their investment?

Personally I dream of making a living establishing a patio11-type software business. Something where I can do a high quality job and own all of the decision-making. The ceiling doesn't have to be very high for one guy to sustain himself, and software is appealing because you can automate away nearly all of the "work".

cicero 0 minutes ago 0 replies      
I was at a presentation for high school students last week. At the end, the presenter gave out contact information for Facebook, Instagram, and Snapchat. There was no mention of Twitter.
xenadu02 10 hours ago 4 replies      
I still maintain that screwing over client developers had something to do with it. At the very least it didn't help them "control the twitter experience". Every time I see one of their new ads about how much Twitter loves developers I laugh out loud. There is zero chance I'll ever integrate Twitter into anything I do, period. I'll fight against it anywhere I work and encourage all my peers to do the same.

Did everyone forget they didn't even invent the word "Tweet"? Nor did they write their mobile clients. They had no idea what they were doing and stumbled into success. Then the MBAs turned around and stabbed us in the back.

Twitter can fuck right off.

nikcub 10 hours ago 1 reply      
No offense to the people I know working at Twitter, but these cuts aren't deep enough to stem the losses.

While Twitter revenue grew $664M, $1,403M to $2,218M over the past three years, it is going to be a lot flatter than that at the end of this year - and despite that growth they've consistently been losing about $500M p.a ($645M, $577M and $521M respectively)

3,800 people work there - and equivalent cuts last year can barely be noticed on the financials.

The good times are over - they've spent billions over the last few years and not done anything to save them from flat user growth. They really need a wholesale shakeup and doing it over time, like Yahoo did, will just make it worse.

edit: here's a more brutal analysis [0][1]:

> PS. Twitter staff - I am not exaggerating. Look at the young man on your left and the young woman on your right. Only one of you three will keep your job.

[0] part 1 - http://brontecapital.blogspot.com.au/2016/10/some-comment-on...

[1] part 2 - http://brontecapital.blogspot.com.au/2016/10/measuring-how-b...

madengr 13 hours ago 7 replies      
You'd think they would have figured out targeted ads by now. If I follow people who post about RF/Microwave, antennas, SDR, and ham radio, one would think I'd see ads from Keysight and Tektronix, but no, it's garbage like football and pop music. FAIL!

I also don't like that I don't see all the tweets from a person. They are pruning the timeline.

Good riddance to twitter.

_Codemonkeyism 8 hours ago 0 replies      
Says the frog to the scorpion: "Why have you stung me? We will both die." and the scorpion answers "I'm a VC and I will always aim for the 10x exit, this is my nature"
josep2 11 hours ago 2 replies      
Twitter is by far the #1 service I use everyday. It's been the most valuable to me from a networking perspective where I've made friends and professional connections. I also happen to be a shareholder. It's been disappointing to watch Twitter try to become a business and completely falling flat.

The acquisition of Vine and Periscope haven't led to much and the user growth from Live video is still t be seen.

The product is immensely complicated compared to something like Instagram or Snapchat. It manages to be everything and nothing at the same time. I've been a fan of Jack Dorsey's work at Square but monetization is a complete different animal in that industry.

To summarize I just don't know what the future of Twitter as a business will hold but I guess I'm here for the ride.

user5994461 4 hours ago 0 replies      
3800 employees, $2700M spent a year.

That's 700k per employee. IT'S FREAKING INSANE!

There are only 4 tech companies in the world who ever made more than $700k in revenue per head, in any recent years: SoftBank, Microsoft, Google, Apple


jswny 1 hour ago 0 replies      
I've thought long and hard about why I believe Twitter as a service isn't very valuable to me and I thing I've come up with the answer. Twitter is great at delivering live information. If I'm following my favorite artist on twitter then I know immediately when his album drops. However, that one important tweet that matters to me is mixed in with a 100 other tweets of people I follow retweeting or posting irrelevant things. For that reason the situation in which Twitter truly shines for me (instant, up to date information) is overshadowed by the fact that many people also use Twitter to post funny things which I don't care about.
niftich 13 hours ago 5 replies      
Can we talk about Fabric again? Fabric [1] is a product done by Twitter but heavily de-emphasizes the Twitter association -- it's a value-added Twitter SDK that apps can build into themselves and get crash reporting (ex-Crashlytics) and ad network integration (MoPub) too.

In the scheme of Twitter's self-reflection trying to figure out how to cut costs and find what it wants to do, do you feel Fabric fits into it? Do you feel the 'core platform' i.e. the microblogging site fits into it? Should the less strategic one of these be spun out; or should they be less separated?

[1] https://get.fabric.io

system16 9 hours ago 0 replies      
Apart from killing their third-party ecosystem, I think Twitter's biggest failure has been their inability to monetize their huge celebrity and brand base, and I wonder if this partly has to do with their "verified account" system. How to charge celebrities/brands without pissing everyone off?

Top-tier celebrities and brands can and would easily fork out high fees to use Twitter. But Twitter can't just charge some blanket fee to verified accounts because right now, "verified accounts" are not exclusive enough. They also include "key influencers", bloggers, industry people, other hangers-on (let's call them Group B) and they can't/won't support the high fees and would revolt.

Twitter could try and create a new way to categorize celebs/brands, but that would confuse things and may make Group B users feel less elite: so they'd revolt as well.

sixtypoundhound 1 hour ago 0 replies      
Was pondering this for another business and it seems relevant here. How many people would be required to run "the core" of twitter (basic microblogs)?

Seems like that could be very lean...simple UI. A feed. A huge database. For web and apps for the two major mobile O/S.

Now go one step out. Running ads on that feed. Core sales team (those with paying accts) and administrative team. Need a revenue source. Add them back.

Now....what does everyone else do and is it generating cash?

My suspicion is:

- First two groups are lean & covered by revenue- Most of the rest of the team is "strategic" yet not revenue generating- The rest is support and will scale up/down with headcount

Standalone twitter + ads feels like a business you can make ramen profitable.

rch 12 hours ago 0 replies      
My sense is that while Twitter has been able to hire some very talented engineers (incl. but not limited to those I know personally), the high-level technical leadership hasn't been particularly successful.

Is there room for an independent 'moonshot' team reporting directly to the board?

Raed667 6 hours ago 0 replies      
Twitter should be bought by a non-profit and get re-opened to 3rd party tools like it used to be.

I hate the current Twitter, but can't neglect the benefits it has for the entire world (and not only twitter users)

bad_user 5 hours ago 0 replies      
Came here to say that I love Twitter and am online on it far more than on any other service.

I even clicked on its served commercials, because Twitter has my professional network and managed to score some ads that triggered my interest, versus on Facebook where I have a list of friends and acquaintances with which I've got little in common with.

Their problem is their ad inventory and their targeting. They should serve more ads and improve their targeting.

bluthru 9 hours ago 1 reply      
Twitter should have a tweet quota and charge people who tweet too much. People who chase hashtags and reply with reaction gifs have turned it into low-brow garbage.
butner 12 hours ago 1 reply      
Why the 4a PDT earning call? Ahead of opening of (TYO) Tokyo stock exchange Friday am which trades Softbank?
booleanbetrayal 12 hours ago 0 replies      
I have a market need of being able to broadcast messages megaphone-style to the internet, but they have to be artificially constrained to ..
mrmondo 4 hours ago 1 reply      
I don't really have any insightful input into this other than to say, I hope they're cutting the people they most likely don't need.

Twitter is the only social platform I actually like and still use, and the only thing that could replace it would be similar but decentralised and as widely adopted.

Why / where are they failing - are they failing? I know more people on and using Twitter than ever, many of those have left other aging social networks after finding them irrelevant or too invasive of privacy.

Twitter is simple, Twitter is what it is and it doesn't try to be more than that, it does what it does well and it always has done. This - I enjoy in a product.

jqueryin 6 hours ago 1 reply      
One of Twitter's problem is not properly controlling their feed. I never use their mobile or web client. I solely use a highly customized Tweetdeck. With this experience, I never once see an advertisement. That's a huge loss for Twitter.

Perhaps it's just me, but I wouldn't have a problem seeing advertisements in my Tweetdeck feed if it meant they'd remain successful. I'd much rather see Twitter succeed as it's the only platform I use to keep up with thousands of professionals and news sources. It's entirely a different experience than Facebook.

I think the Twitter community should suck it up and accept the fact that they get served a couple of advertisements in order to support a news service and contend delivery network unlike any other in existence.

krzrak 7 hours ago 0 replies      
Not cool for Twitter employees to learn about such thing from the press, not officially from their management.
pmiller2 13 hours ago 5 replies      
I know this is premature, but I can't help but wonder what the effect of Twitter going under would have on the Bay Area tech scene.
Overtonwindow 13 hours ago 6 replies      
Something I've never been able to wrap my head around is how does Twitter make money? I mean real money. Not valuation of eyeballs, not VC cash, but honest to God profit? It has always baffled me and I wish I knew what the unicorns say to the VC's when (hopefully) someone asks this question.
wh0rth 2 hours ago 0 replies      
Cuts could mean a different direction which would be good for many peoples' stock portfolios. Time will tell I'm sure but I'm hopeful.
kriro 9 hours ago 0 replies      
I feel like a takeover is only a matter of time. If you're Alphabet or Facebook you're probably interested (I'd say Alphabet should be more interested, for Facebook it's probably mostly a blocker play). The question is how long do you let them "rot" to drive down the acquisition price?
netik 8 hours ago 0 replies      
The sad thing is that the market will love this and the stock will go up, while many engineers wonder where their job went, and mid-managers/execs will reap a profit.
throw2016 13 hours ago 3 replies      
There is value in twitter. Even the people who joke about twitter probably realise there is value in it.

There is still nothing that enables one to broadcast information and enable real time conversations better than twitter for companies, governments orgs or celebrities.

That twitter cannot extract value from these cash rich and price insensitive entities is a gigantic mystery.

ricksplat 9 hours ago 1 reply      
I'm just back from a holiday in south east Asia. All the time I was there I was getting ads on twitter targetted to the local market (in the local language) presumably based on my roaming IP.

Maybe my grasp is a bit simplistic but isn't this just intensely stupid? My twitter profile is explicitly Western European is twitter's location based advertising really just as dumb as matching IP addresses to regions?

If I were an advertiser I wouldn't be too happy about twitter claiming 'impressions' like this.

santaclaus 10 hours ago 0 replies      
app.net should have waited three years to pivot into a Twitter competitor...
dbg31415 13 hours ago 5 replies      
How many people does it really take to run Twitter?

If they need more than 100 people I'd be really shocked.

mrcsparker 12 hours ago 2 replies      
I wonder why Twitter doesn't do consulting. They have developed a lot of the big data frameworks that we use today and understand how to scale.

They have the talent and are in a unique position of being Twitter.

gjolund 9 hours ago 0 replies      
Called it.
NietTim 7 hours ago 0 replies      
Ah, maybe people won't get shadow banned at the same rates anymore now. Just maybe it's a good thing
chinese_dan 10 hours ago 3 replies      
Twitter lost the trust of many users and are now suffering the consequences. It was once supposed to be the place for the freedom of speech and truth and is now just another arm of the left-leaning politicians in the US.

So many conservative/libertarian political figures and personalities have been permanently banned from Twitter in the last year for only posting an opinion that it can no longer be chalked up to circumstance.

Good riddance.

Poor kids who do things right don't do better than rich kids who do things wrong washingtonpost.com
365 points by paulpauper  20 hours ago   265 comments top 33
Gustomaximus 16 hours ago 6 replies      
An event that will always stay with me, some years ago I a job opened up where I would have some sway in recommending candidates. I had a uni friend who would fit the role well. A great bloke, smart and hard working. He came from a very blue collar, low income background. His job was pretty middle of the road stuff.

This job would have been lateral in responsibility but in a better industry giving about 2+ times salary. I mentioned this role and said I would get him a chat with the hiring manager. They seemed interested. I said you can double your salary. At this point they got cold feet and said 'it sounds too important for me'. I told them I knew the job, that it would suit them and I wouldn't burn my own credibility if I want confident they would succeed. But they money spooked them.

And while this was a sample of one it really opened my eyes to sense of entitlement that comes with growing up in a wealthy vs poor enviroment. And simply the expectations you approach life with, having a overriding effect on natural ability.

There are so many variable in play for this its not a one issue answer but I suspect this one is more important than we typically give it credit for. An expectation on oneself of where we should end up based on how we grow up.

bshlgrs 12 hours ago 2 replies      
This article is terrible. It makes a shitty and misleading graph, and generates a variety of nonsensical judgements from it.

The graph used makes it really hard to see what the actual distributions of overall income are. If you make, say, a bar graph of the income distributions, you'll see that poor college grads do much better than rich high school dropouts. I made such a graph here:


I also estimated the average incomes of both groups based on the given statistics, and found an average income of $78k for the poor college grads and $60k for the rich high school dropouts.

The main piece of evidence that this blog post uses to support its thesis is: "Specifically, rich high school dropouts remain in the top about as much as poor college grads stay stuck in the bottom 14 versus 16 percent, respectively. Not only that, but these low-income strivers are just as likely to end up in the bottom as these wealthy ne'er-do-wells. Some meritocracy."

The first of these statistics is not clearly related to meritocracy. If you want high income mobility, you want both these numbers to be low. The sentence is phrased as if it's bad that the numbers are similar; that doesn't make sense.

The second of these statistics is correctly interpreted, but seems cherry-picked: I could just as easily point out that 41% of poor college grads end up in the top 40% of income, while only 19% of rich high school dropouts do. To prevent such cherry-picking, we should probably use the Schelling point summary statistics like mean income or median income, both of which indicate that the poor college grads are doing significantly better.

As far as I can tell, the original paper didn't do anything wrong, this "reporter" just decided to make up some bullshit conclusions from the statistics. This is even worse than most reporting--the mistake isn't something you have to read the original source to find, the mistake is right there in the graph that Facebook is suggesting as the image preview. Alas!

mac01021 19 hours ago 3 replies      
This doesn't seem particularly remarkable to me.

> Specifically, rich high school dropouts remain in the top about as much as poor college grads stay stuck in the bottom 14 versus 16 percent, respectively.

They're saying social mobility (up or down) is attainable for 85% of each group. And graduating college is not really the same as making all the right choices...

nostromo 19 hours ago 2 replies      
This is presented as if this opinion journalist found a causative relationship when he's done no such thing. He's just looking at correlations and then shoehorning in his favorite explanations (glass floors, glass ceilings, diploma mills).

Take a look at his previous articles and maybe you'll identify a trend: https://www.washingtonpost.com/people/matt-obrien/

paulpauper 19 hours ago 2 replies      

Hmmm but it doesn't look so bad when you consider that 67% of poor college grads are at least 50-percentile in wealth, vs 49% of rich high school dropouts.

I'm sure is even better when you compare poor high school dropouts vs. poor college graduates, which is why a college degree may still be worth the money and the best pathway out of poverty, especially if you major in a high ROI field like STEM.

soreal 15 hours ago 1 reply      
See, this is the thing about population studies.

1. Millions of people live their life2. Academics put people into buckets in order to count them3. Other academics group that data and label those people4. Even more other academics come along and do more groupings then write a paper.5. A newspaper writes an article with a catchy headline and an out-of-context image with arrows drawn on it to call your attention to one correlation but not others, then proceeds to use that data to make arguments that don't actually follow

At every step along the way, a biased researcher or newspaper makes assumptions, discards outliers, and labels individuals in such a way that if we focus on their chosen pivot, we see what they want us to see.

Longitudinal studies, machine learning, and more are all improvements on the current shaky process. I just hope they continue to catch on despite being tougher to do.

zhemao 19 hours ago 0 replies      
There's a lot of conclusions being drawn here and not much data analysis.

Just going off the chart, it seems that poor college grads are more likely to be in the top half of the income distribution, while rich college dropouts are more likely to be in the bottom half. Isn't that good news as far as social mobility goes?

budadre75 18 hours ago 0 replies      
These stats are interpreted wrong. Assuming poor college kids started out from 1st quintile(<20%), then at 40 yo, 41% of them are above 4th quintile(>60%), while only 19% for poor HS dropouts. And there are more poor college kids in 5th quintile(>80%) than poor HS dropouts, 20% to 16%. This is from conclusion of the paper: "Nonetheless, we find it encouraging that a set of well-evaluated programs appear,according to the model, to make it possible to close most of the gap in the lifetime incomes between children born into lower and higher income families"
LouisSayers 16 hours ago 2 replies      
It's not what you know, it's who you know.

If you're a poor kid that manages to mingle with the rich and famous, I'd imagine you'd have some pretty good opportunities come your way too regardless of education.

That's the real factor here. If you're connected, you can sell your shitty web hosting to all your dad's friends, and you can have doors open for you with minimal effort.

Regardless, there are rags to riches stories - sure, if you're poor you will probably have to play life in hard mode, but it's pretty cool to say "I started on $4.75ph, and now I make $100ph". There will still be struggles however - it's hard to buy a house when none of your family can act as guarantor, and you may have to help family members out every now and then.

In the end, we all die, and life is what you make of it. It's also nice to remind ourselves every now and then of how much better off we are than 90% of the world still.

randyrand 13 hours ago 5 replies      
Why should a meritocracy be individual based instead of family based?

I personally think it's okay for families to give their inheritance/assistance to their children even if the children don't "deserve" it. etc. Working towards bettering your children lives is a reason many of us get up in the morning.

anotheryou 18 hours ago 1 reply      
Anyone else confused by the diagonal arrow on the graph?


> Specifically, rich high school dropouts remain in the top about as much as poor college grads stay stuck in the bottom 14 versus 16 percent, respectively.

weird comparison

nqzero 17 hours ago 1 reply      
"cultural fit" is a huge contributor to this limited mobility
davesque 19 hours ago 1 reply      
I think it also has a lot to do with the way different "classes" of people like to interact with each other. People can tell when you're from a different social group by the way you act. If you're a lower-income person interviewing for a job at a company run by more affluent people, there might be a culture clash which could hurt your chances of being hired. I think I've experienced this a couple of times.
wnevets 18 hours ago 1 reply      
Its much easier to make money when you already have money, ever had to play monopoly while behind?
LyndsySimon 18 hours ago 0 replies      
> But, of course, it's not just a matter of dollars and cents. It's also a matter of letters and words. Affluent parents talk to their kids three more hours a week on average than poor parents, which is critical during a child's formative early years. That's why, as Stanford professor Sean Reardon explains, "rich students are increasingly entering kindergarten much better prepared to succeed in school than middle-class students," and they're staying that way.

I agree... that's why I work a traditional 9-5 instead of traveling the country with my wife and kids in an RV and working 15 hours per week remotely.

I view wealth not only as an exercise in creating income streams for myself when I retire, but as a means of ensuring that my descendants have the best possible chance at success.

maxt 13 hours ago 0 replies      
There is an old proverb my grandmother used to say: "My house is my castle, my cheap cotton silken, my wooden chair, made of gold". My take from that saying was that our current economics is all gold-backed economics, and that we express the value of something only in terms of how much we value gold. The moment you unlearn that gold is valuable, or has some innate intrinsic value is the moment you can replace gold with your own version of value. That is to say, the currency you use is the language you are speaking in your society. If nobody speaks your language, the task is on you to disseminate your language and propagate it, and this can be tough. This is where the 'hard work' ethic does apply. It's easy to talk gold; not so easy to convince us of silver being more valuable.

Some might argue that gold merely enables us to create these abstract forms of currencies, or in some cases, economies, in the first place, but actually they could form in pirate utopias that have little or no scaffolding at all, or exist cybernetically, for example, like Bitcoin or Ethereum. A bit of a chicken and egg situation, of course, where gold bootstraps /enables the other alternatives. But frankly I think we are left with no other choice. We either innovate our way out of gold backed economics (using gold) or we don't prosper and thrive.

WalterBright 10 hours ago 0 replies      
I wouldn't discount the probability that some people know how to handle money and how to make money, and they transmit this knowledge to their kids. I attended public schools K-12 and do not recall a single lesson on handling money or making money.
malandrew 15 hours ago 0 replies      

 "It's an educational arms race that's leaving many kids far, far behind."
This isn't a bad thing. It's an educational arms race that is moving the human race forward faster. Communities that have placed emphasis on education early on have not only typically outperformed their peers, but also add a lot to human knowledge.

 Nobel Prizes have been awarded to over 870 individuals, of whom 185 - over 21.264% - were Jewish or people of Jewish descent, although Jews and people of Jewish descent comprise less than 0.2% of the world's population (or 1 in every 500 people).

Furthermore, I don't understand the criticism regarding "opportunity hoarding". I don't have children yet, but I hope to have children in a few years once I've built the amount of wealth I would like to have before embarking on that adventure. I don't yet feel like I've built the amount of wealth necessary to provide my children with enough of a competitive advantage to succeed in the 21st century. If I've worked hard to create opportunities for my children, why should I give them away to someone who is not my child?

It's not "rigging the game". Saying that it is rigging the game is a misunderstanding of the game. The game spans multiple generations. The game isn't reset every generation. That's not a game I want to play. My parents were my teammates and my children will also be my teammates.

The criticism of pitfalls out there (e.g. degree mills, payday loans) that entrap and deprive people of opportunities is totally fair, but criticizing the decision to spend the wealth one has earned to their progeny seems like wanting to change the rules of the game.

Wealth inequality itself isn't the problem. Not having access to basic necessities (health, education, sustenance, shelter and the Internet) upon which an individual can start building their wealth is. I think it's reasonable to pay a certain amount to level the playing field at the bottom so those that are determined and principled can reasonably begin creating wealth, but that's a totally different goal compared to reducing wealth inequality. Basic income for example would be a great way to begin meeting needs so individuals can start building wealth.

If wealth inequality were the problem, the 10% should complain about the 1% and the 1% should complain about the 0.1% and the 0.1% should complain about the 0.01%, so on and so forth.

nikhilsimha 5 hours ago 0 replies      
The study also doesn't mention anything about what percent of rich kids dropout of HIGH SCHOOL vs what percent of poor kids finish COLLEGE.
lordCarbonFiber 19 hours ago 1 reply      
I feel like the provided chart doesn't quite match up well with the presented narrative. Granted it's hard to evaluate since they neglect to define what the bar for rich and poor is, however, assuming by rich and poor they mean born in the 1st and 5th quartiles by income, the chart would imply over 80% of 1st quartile dropouts fall at least one income quartile and corresponding graduating college (note there's no stratification as to what kind of college, ie whether predatory for profit schools are included, breakdowns by tier of university, etc) results in income mobility (measured by an increase of one or more income quintiles) for over 80% of 5th quartile students.

Granted, I think a better state would be closer to 100% of college graduates are able to live comfortable lives, but I think the data doesn't point to the doom and gloom of insurmountable educational advantage the author seems to want to present.

guilt 19 hours ago 1 reply      
I don't think some people realize the value of a hard day's night. I think it is completely fine to pretend they didn't exist.

And finally - I don't respect the rich and the meaningless kind that have been plaguing corporate America for years.

facepalm 18 hours ago 0 replies      
Missing the chart for poor highschool dropouts. Otherwise it is unclear if the lesson is just that highschool doesn't matter.
aantix 18 hours ago 0 replies      
"opportunity hoarding"

>That includes everything from legacy college admissions to unpaid internships that

>let affluent parents rig the game a little more in their children's favor.

Why does the author imply something sinister with economic division? I want my kid to succeed, so I fight for his chance to succeed. I have high end skills to offer, first in line to learn from me? My children.

This isn't deliberate exclusion of everyone unprivileged, it's hyper-inclusion of only the ones I love the most.

partycoder 14 hours ago 1 reply      
Well, that's what economical disadvantage is about.

A rich student can afford to attempt to enter a top school many consecutive times, by not having the pressure of having to work as soon as possible. Then once accepted, can afford to have minimum passing grades.

A poor student can only enter a top school by earning a scholarship by having good grades, and sometimes that scholarship needs to be maintained by keeping certain grades. A poor student might also need to work to supplement his income since the scholarship might not cover all costs. So less time to socialize and relax.

Then, there's also a disadvantage of food, health, housing, risk of being exposed to bad influences, physical security.

So it's a little bit of a rigged game.

usmeteora 4 hours ago 0 replies      
This is interesting. I was a scholarship kid to a private boarding school, and then went on to get a scholarship at a private university that was $50k+ a year in tuition. I need to preface that I met a lot of good smart hardworking kids who did alot of great things with their education and their parents taught them good work ethic. Alot of the parents worked hard for their success and knew instilling good work ethics was important. I also went to an Engineering University so more likely that smart successful people there were inclined to have valuable degrees to put to work than say maybe a school where Political Science dominated the potential work atmosphere.

Anyways, despite this, there were these disease ridden people called "helicopter parents". The angry moms who believed their genius little sons didnt belong at ANY place beneath what they deemed to be good enough for them, which of course was only the Ivy Leagues or perhaps the trailing 5 after (but only because they DECIDED, not because they couldnt get in ugh how dare you make such an assumption).

The sons, these rich little beleagured alcoholics had been drinking their way through highschool as their parents shoved them into every extracurricular they could think of and 1. Made them feel they were never enough while simultaneously sending the message they were privileged geniuses who were entitled to the best --> that mindset will screw with ya abit and I witnessed it in the guy I dated for 3.5 years from college

2. Completely strips away their ability to havea. self initiativeb. be curious and have confidence in their own intelligence

This leads to a lot of rich entitled kids who simultaneously had low self esteem and no idea what they wanted to do with their lives and were alcoholics.

My ex is interesting particularly because his 4 closest friends were all just like him/similiar background. They all have brand new sports cars fresh out of college and 3 of them have totaled them drunk driving and should be in jail or loaded down with fines and lost their jobs. Needless to say parents payed for lawyers, court, new cars and hooked every single one of them up with jobs and when they "get sad" they can go home and layout at their pools while their mothers dote on them.

My ex before I met him was "depressed" because he wished he could go to state school so his parents sent him to Denmark to party in Europe for a Semester to "cheer" him up....

These kids don't have any sense of consequence for their actions or any idea what its like to work to get into college. They actually have the attitude of being dragged there against their will...

As someone who started on welfare very young and eventually reached lower middle class, going to my college was a dream come true...

Let me tell you though in our 20s ill be paying off student loans and working hard but I am a much happier more intelligent curious person and love my job. These kids are miserable alcoholics bored with life and sitting in jobs their parents put them in.

Their snapshot wealth portfolio may look better than mine ....for now, but they are not happier. They may inherit their parents houses and money but they will still be bored and sad and drinking all the time.

That being said, I know alot of kids who are wealthy and genuinely doing well in life though. I think it is opportunity hoarding when kids who don't want to be in college are forced to go to college, and while some of these kids are obnoxious, upon years of observation I mostly blame the parents for exerting their awful pretentiousness and ways of life onto these kids who basically feel helpless like they don't have any other choice.

hackaflocka 11 hours ago 0 replies      
Back a couple of decades ago in India. I was working for an American telecoms co. I grew pally with an HR manager. He showed me the background on a new hire. The new hire was the son of a mid-level government official cum career civil servant in a dept that oversaw the telecoms industry.

I saw the letter Daddy wrote ON HIS OFFICIAL GOVERNMENT LETTERHEAD... addressed to the head of the Indian division of the telcoms co... recommending his own son for a job.

My point? It's not just rich kids. It's also well connected kids. In high-regulation environments, government officials, although they may not be rich, have the highest access.

known 9 hours ago 0 replies      

It's not quite a heads-I-win, tails-you-lose game where rich kids get better educations, yet still get ahead even if they don'tbut it's close enough. And if it keeps up, the American Dream will be just that.

Animats 16 hours ago 0 replies      
jomamaxx 14 hours ago 1 reply      
I worked at a Fortune 50 and we hired a lot of interns.

After I left, I thought back on the kids we hired, how talented they were, and what they went off to do afterwards.

The 'rich kids' were better prepared, more responsible, better communicators, had a better sense of the vision for the company and the consequences of what we were doing.

'College education' is surely causative to some degree, but in America, most wealth is not inherited, and those parents who can afford 'activities' for their kids are probably far, far better parents than others. It's not the 'activities' that I think develops the kids, I think it's the very fact that these parents are investing a lot of time and energy in their kids, teaching them positive behaviours that matters much more.

I wish I had the link but I read a study a while back that showed that 'rich parents' were far more conscientious than other parents.

I don't doubt that money is a big advantage, as well as social class, but it would be foolhardy to think that these are the fundamental issues.

Rich kids are posited as 'brats' in films and TV because it's populist - most viewers are not rich. And of course - those douches exist. By by enlarge, upper-middle class kids are great. I would bet they make better players than otherwise on average.

I should also point out that kids from communities wherein they were not seen as lower class - i.e. rural communities, seem to have decent dispositions as well, and at least by the numbers, they didn't have a lot of money. But it doesn't cost a lot to have a stable home / good parents out in the sticks.

dudul 19 hours ago 9 replies      
It sucks, but what's the solution? Because let's face it, the primary purpose of "being rich" is to provide for one's family, at least from my point of view. If I work my ass off it's to make sure I can help my kids do better than I did.

What's the point of being "wealthy" if it's not to help your kids have a better life than your own?

I don't want to sound insensitive. All these studies about kids born in poverty and unable to escape it sound very unfair. On the other hand, there has to be a reason for people seeking wealth. And taking care of your children has to be the main driver.

blfr 19 hours ago 6 replies      
But, of course, it's not just a matter of dollars and cents. It's also a matter of letters and words. Affluent parents talk to their kids three more hours a week on average than poor parents, which is critical during a child's formative early years. That's why, as Stanford professor Sean Reardon explains, "rich students are increasingly entering kindergarten much better prepared to succeed in school than middle-class students," and they're staying that way.

It's also a matter of genes. Actually, mostly a matter of genes because this is by far the biggest influence parents have on their kids. Affluent parents pass high IQ and conscientiousness to their children which are critical for the rest of their lives. That's why, as anyone who skimmed the twin studies or maybe on of these new fancy GWAS can explain, rich children increasingly exit the womb better prepared to succeed in life and they stay that way. (That and the fact that we removed most of environmental instults.)

It doesn't end there either. They will also be wealthier, healthier, and live longer. "All good things tend to go together, as do all bad ones."

sixtypoundhound 19 hours ago 4 replies      
jimmies 18 hours ago 1 reply      
Dropping out of high school isn't "doing everything wrong" and finishing college is pretty far from "doing everything right" so this seems to be a little bit of editorial journalism.

From the paper: "Children who go on to achieve a college degree, irrespective of their parents income, are more likely to make it to the top income quintile [...] Bottom-income children without a diploma have a 54% probability of remaining on the bottom rung as adults."

So really what it says is that you have a much better shot in life being educated regardless of who you are. But if you don't like to stay in school, you'd better be rich, because there are some chances you will end up being rich anyway. If you are poor and don't stay in school, you are very likely just live your life miserably.

AT&T reaches deal to buy Time Warner for more than $80B reuters.com
342 points by danm07  2 days ago   171 comments top 31
JumpCrisscross 2 days ago 5 replies      
Note that this is AT&T buying Time Warner the content company [1], not Time Warner Cable the ISP [2]. It's analogous to Comcast's NBC Universal acquisition [3].

[1] https://en.m.wikipedia.org/wiki/Time_Warner

[2] https://en.m.wikipedia.org/wiki/Time_Warner_Cable

[3] https://en.m.wikipedia.org/wiki/Acquisition_of_NBC_Universal...

jasode 2 days ago 1 reply      
Based on the top upvoted comment from echelon in this thread, there seems to be widespread confusion about Time Warner the media company.

Maybe a better way to think of it: AT&T is buying HBO, TBS, and Warner Bros.[1]

(If you squint a certain way and look at Yahoo as a "media company"... the AT&T acquisition of HBO+TBS+WB is somewhat a parallel industry move to Verizon's acquisition of Yahoo.[2])

AT&T is not buying the other company with the similar name Time Warner Cable. Yes, that other company owns some internet pipes (ISPs) but it is not involved in this transaction.



samfisher83 2 days ago 4 replies      
Why not just let AT&T and Verizon get back together and lets get back the original AT&T. How is this good for the country? They own directv. They own all these local sports networks. I hope the government regulators take a strong look at this.

Here is list of assets they own:

New Line Cinema, Home Box Office, Turner Broadcasting System, The CW Television Network, Warner Bros., CNN, Cartoon Network, Boomerang, Adult Swim, DC Comics, Warner Bros. Animation, Castle Rock Entertainment, Cartoon Network Studios, Esporte Interativo, Hanna-Barbera Productions, Warner Bros. Interactive Entertainment

That is a lot of content.

echelon 2 days ago 11 replies      
This is at face value so absolutely insane, I wonder what alternate reality I woke up in today.

This is horrible for competition! Holy effing fuck. What is going on with our regulators?

The telecoms are reconsolidating:


The service providers are consolidating




It goes on and on. At this point I fully expect us all to one day do our banking at Google, receive our medical care from AT&T, and get all of our meals and groceries from Taco Bell.


szx 2 days ago 0 replies      
Slightly OT: The Time Warner Cable (TWC) vs. Time Warner confusion in this thread and elsewhere will luckily be resolved soon as the TWC brand is being phased out in favor of Spectrum [1].

[1] https://www.bloomberg.com/news/articles/2016-05-17/so-long-t...

dimva 2 days ago 1 reply      
Hmmmm.... looks like there was some insider trading.


mathgeek 2 days ago 1 reply      
After allowing Comcast to acquire NBC Universal, is there really any expectation that this will be blocked?
o0-0o 2 days ago 3 replies      
Trump said today, in a speech in Gettysburg, PA, that if he becomes president, he will work to block this transaction because it consolidates too much power.
dzink 2 days ago 0 replies      
Content is king and now the telcos are likely fighting content rates renegotiations by acquiring content companies like TW. US cable subscription business was nearly 92 million households a few years ago. Now that Netflix has crossed more than half of that and they are competing with original content, the telcos have something to worry about. Comcast can do the same with NBCUniversal, the other telcos are left with low negotiation power come channel distribution deal time. The big BIG aspect of this deal is the number of top consumer-demanded channels run by Turner. ESPN (non-Turner) is the most expensive, but then TBS, TNT, and CNN, and Cartoon Network are near the top on the price list for cable distributors. In some plans they define upper-level subscription tiers. This acquisition seems good for competition - Comcast and AT&T would be less inclined to limit access to cable channels to their subscribers only if the other party has something they want.
muninn_ 2 days ago 2 replies      
Wow. That's a lot of money. And not good for competition.
shmerl 2 days ago 0 replies      
This should be simply illegal. A monstrous merger of massive network operator, and huge media company will create an abusive monopolist of gigantic proportions. I.e. they'll use their network to disadvantage competing media (they already do it, violating Net Neutrality with zero rating of their own video services). So, if they already do it, do you think becoming bigger they'll improve? It's an antitrust 101, but somehow this isn't banned outright.
prirun 2 days ago 0 replies      
The government spent untold amounts of money breaking up AT&T, then allows them to continue merging into a bigger company than ever.

AT&T and Time Warner both suck. Their goal isn't to produce great products, it's to protect and expand their monopolies. One of the reasons most of us have only 2 choices for Internet service is that AT&T and the former TWC pay local community governments in exchange for exclusive access to the community. And if a community tries to "do their own thing", they get sued.

Google is trying or considering coming to Louisville and the first thing AT&T did was sue them. I know this deal is about the TWC media company, but AT&T's behavior in other areas is still relevant.

danm07 2 days ago 0 replies      
Looks like regulators are on the fence about this transaction: "Regulators have indicated misgivings about the prior Comcast-NBCU dealin particular, whether obligations placed on Comcast were tough enough and enforceableso it is unclear if they will be willing to bless another such merger. At the very least, former regulatory officials say there could be significant conditions placed on the combination."WSJ
scalio 2 days ago 0 replies      
Tell me again how finding 10B to go to Mars is impossible?

This is a satirical comment, trying to make a point: Depending on the context, the same amount of money can be considered anything from huge to tiny. It seems ridiculous to me that hundreds of billions routinely get pushed around in business mergers or military deals, where no one blinks an eye, but scraping together a tenth of that to do something actually interesting and/or useful is a major undertaking. Just goes to show how unfairly balanced this system is (regardless of which way it's balanced; some things have it easier than others).

voodootrucker 2 days ago 0 replies      
That's $7000 per hostage... I mean customer.
oli5679 2 days ago 0 replies      
Seems to be a negative response to this deal re competitive implications. Can someone outline their theory of harm? I do some work in competition economics but am not American and don't know a lot about either company?
rosser 2 days ago 1 reply      
Regulatory capture is truly a wonder to behold.
m0atz 2 days ago 0 replies      
How the fuck do you buy something for $80bn with a plan to make a profit? If only I knew, I'd have gone to my local NatWest and asked for a loan.
zkhalique 2 days ago 1 reply      
Oh great, more Telco consolidation. First the banks are too big to fail after the Great COnsolidation of the 90s and 2000s, and now this. So we can have more arguments about Title I and Title II and more arguments about the illusion of choice when we have only two choices ... DT or HC, Title I or Title II...
zyngaro 2 days ago 0 replies      
The same thing is happening here in France where a major telco provider became also a major mass media player through acquisitions. I am not very comfortable with this trend especially regarding net neutrality, privacy and public opinion influence power.
shadykiller 2 days ago 1 reply      
Time Warner stock price closed at 89$ on Friday. The deal if 109$ per share.

Newbie trader question - If if buy the shares for time warner on monday morning, would I be able to make profit ?

circa 2 days ago 0 replies      
Ah, wonderful news. Glad to hear this won't have any effect on the wonderful rollout of Spectrum I keep hearing about.
soham 2 days ago 1 reply      
Comcast <==> NBC Universal

Verizon <==> Yahoo

AT&T <==> Time Warner

<<Pipes>> <==> <<Content>>

kevin_thibedeau 2 days ago 0 replies      
First AOL now ATT. Why are the TW execs always looking to sell out a perfectly viable company.
neom 2 days ago 0 replies      
This is sorta like Verizon buying yahoo. This is not sorta like centurylink buying savvis.
Spooky23 2 days ago 0 replies      
I guess the wireless service will continue to go to shit.
Ericson2314 2 days ago 0 replies      
May they be the second coming of AOL
denzil_correa 2 days ago 2 replies      
Dupe : https://news.ycombinator.com/item?id=12769641

Edit : The WSJ submission also has more details and some story too. This one has just one line.

jrockway 2 days ago 4 replies      
Trump also said that he can grab people's private parts without retribution. Unfortunately, that trumps whatever he thinks about ISPs owning content providers.

Maybe his charity wants to buy Time Warner.

(Edit: people are now going around downvoting my other comments because of this one. Good work guys, Emperor Trump has noticed your efforts!)

justinsingh 2 days ago 1 reply      
Can they afford this acquisition? Seems huge.
droithomme 2 days ago 4 replies      
How does AT&T even have $80B. They have been irrelevant for many years.

On the flip side I guess it makes sense that a big media company is on the rails. For media companies it's hard to make a living in the new economy. (Virtually) no one buys magazines these days so Time is irrelevant. And most people are pirates so being a movie studio is likewise a dead end vocation. They're lucky to find someone that wants to buy them. The price is absolutely enormous. Again, where on earth does AT&T have this sort of money.

Tesla released video of a car driving itself tesla.com
475 points by c54  5 days ago   10 comments top 4
sctb 4 days ago 1 reply      
t0mbstone 4 days ago 0 replies      
Can we please leave the comments here? I just want to see what people have to say about what I saw in the video...
falcolas 4 days ago 2 replies      
I want to be optimistic, I really do.

Winter is here, however, I'm looking forward to roads covered with snow, slush, ice, and animals. I'm looking forward to winds in excess of 30mph driving snow across the highway, limiting visibility to a hundred feet or so. I'm looking forward to inexperienced folks driving on ice and snow and being a good 20mph below the rest of the traffic.

People can barely handle these roads (a two day snow storm last week put dozens of cars and semis in the ditch); I'm not sure how a Tesla will handle them. What will it look for when there are no lines on the road to be seen? How will it know the difference between slush, powdered snow, and plowed snow (which is only slightly less hard than a concrete barrier)?

I'm sure the answer is currently "don't allow automatic driving", but these kinds of conditions can reign over half the year in the mid-west; what value is a self driving car which can't half the time?

ChuckMcM 4 days ago 0 replies      
Great demo. Curious if there were outtakes. It occurred to me when it parked itself that cars will probably want to distinguish subtle differences in parking spaces (like handicapped, loading, etc.)
Battery technology may emerge as a trillion-dollar threat to credit markets bloomberg.com
388 points by perseusprime11  1 day ago   267 comments top 30
narrator 1 day ago 16 replies      
I've surmised from years of reading the economic press that there's really only one bad thing that can happen in a capitalist economy: bondholders not getting paid. Heck, lots of commentators argue that war is good for the economy, a natural disaster is good for the economy, the broken window fallacy is a mainstay of Keynesian economics. However, bondholders not getting paid is something that should be prevented at all costs! The federal reserve is doing $40 billion a month of bond buying with electronically printed money (quantitative easing) so the bond holders get paid!

"I used to think if there was reincarnation, I wanted to come back as the president or the pope or a .400 baseball hitter. But now I want to come back as the bond market. You can intimidate everybody." - James Carville

fatdog 1 day ago 3 replies      
Battery technology is a lot like bitcoin and gold in that once it is manufactured, users are not dependent upon a state controlled centralized network for it. It's revolutionary, and will probably be heavily regulated given the amount of independence it will provide people.

The big secret in a lot of countries where energy and communications are state monopolies or semi-private corporations is that they are LOADED with debt that the govt used as a private slush fund.

If you are looking for "off balance sheet" liabilities in a government, look at its utilities that are exempt from public records laws. This is where a lot of the bodies are buried.

If people start dropping off the grid, states will just convert the power bill to a straight up tax bill, but without the pretense of a service attached to it. There are already precedents for charging electric vehicle taxes to make up for the shortfall in fuel taxes they create. Govts say, "well, if they are using the roads, they should pay for them." except gas taxes go into the slop bucket of general revenue, and the roads have been paid for through other taxes. The largest state expense is employee salaries, yet all road maintenance is done by contractors, so the "roads" thing doesn't really wash.

When Greece was trying to sort out its default, it outsourced tax collection to its utility companies as part of the bailout.

Efficient power storage will be a game changer, like a redrawing of international boundaries game changer.

riphay 1 day ago 2 replies      
I used to work in energy corporate finance, and this feels like a pretty alarmist article to me for a few reasons. My logic runs as follows:- The trillions in credit are issued by a wide array of energy companies running the gamut from production, to energy infrastructure, to utilities, etc.- When a company is getting credit, the term is significant to the pricing of the credit. Riskier companies tend not to have access to long-term debt (10 years+); this tends to be open only to companies with more secure revenue streams (utilities, refineries, etc.)- By projecting to 2040, the article assumes creditors won't have a chance to reprice the mosaic of debt many times over until then. Riskier companies may lose access to credit completely (as we've seen during the current downturn in oil prices), while others will have to pay a higher price for their debt.- If the projections are accurate, this market will simply shrink in step with the overall market shrinking. And if past disruptions are any indications, it will be replaced by battery / EV companies needing credit and suddenly looking a lot less risky.- The world doesn't end. Did I miss anything in my logic?
SubiculumCode 1 day ago 5 replies      
Here is the libertarian response, maybe: I'm not going to feel we should protect the oil industry because of potential economic disruption. Winners. Losers. Free Market. Credit markets are about predicting future trends and credit worthiness. If creditors do a poor job, so be it.

This argument is generally pursuasive to me most of the time. Should I be convinced otherwise in the present case.-a layman.

Animats 1 day ago 2 replies      
Credit markets dependent on oil survived the "superspike", the decline of output from several Middle Eastern countries, the rise of US secondary and Canadian oil production, the substitution of natural gas for oil in power generation, and the resulting oil glut. Those were fast events, a few years at most. Conversion to electric cars is going to take a few decades.

Anyway, batteries are not an energy source, just storage. Somebody has to build generating capacity.

ars 1 day ago 4 replies      
Why do they assume auto makers will just sit there and do nothing?

I have seen far too many "projections" that assume nothing will change - they are always wrong, and thus worthless (unless it's your job to make the change).

kumarski 1 day ago 3 replies      
I don't think this is likely, solely based on the limitations of galvanic battery chemistry today.

Energy transitions from wood to coal to natural gas to renewables etc... usually take decades to switch over.

As well, there's no exponential growth in solar. We may be hitting the S-curve flat line on battery storage.

We can't keep moving left on the periodic table. Lead Acid ---> Lithium Ion. Where to move to next?

Lithium Fluoride batteries are scary because of the reactivity...got that noble gas, ya know?

Zinc ion rumors abound, but those ions are big, really tough. Zinc is a huge ion and thus you can only stick a few in the electrode.

Any chemists on hackernews or am I forever alone?

happycube 1 day ago 2 replies      
Amusing that we've gone from talking about Peak Oil Supply to Peak Oil Demand...
spditner 1 day ago 1 reply      
There's an excellent talk by Tony Seba at the Nordic Enegy Summit that goes into more depth about how batteries and solar are quite possibly going to reach the tipping point sooner than anyone has been forecasting: https://www.youtube.com/watch?v=Kxryv2XrnqM
cm2187 1 day ago 0 replies      
Credit markets can sustain expected / anticipated losses. Car makers all have low ratings when they are not fresh out of chapter 11. The problem with credit markets is when there is a big blow in a credit that was deemed to be very safe. Then it hits portfolio that aren't designed to sustain large loses like money market funds or smaller banks or people overleveraging their position. Then you have 2008. But a slowly degrading credit quality to which investors will have years to adjust shouldn't be a problem.
Torkel 1 day ago 4 replies      
I find it strange that articles such as this one states these two things at the same time:

1. Battery cost is falling and EVs will be as affordable as their gasoline counterparts in six years

2. It will take until 2030-2040 until the demand for oil starts contracting

It seems to me like you get to pick only one of these statements. Once EVs reach affordability parity with ICE autos my guess is that things will hit the steep part of an S-curve.

tlb 1 day ago 2 replies      
There aren't many precedents for huge global industries that went from AAA-bondable to rapid obsolescence. There are some that should have, like cigarettes, but they found ways of hanging on. Or international toll calls, still a many-billion dollar business. Perhaps oil will be like that: since the marginal cost is so low, producers will keep it flowing many decades after it made sense. And like tobacco, perhaps we'll pay oil fields to not produce.
jbpetersen 1 day ago 0 replies      
I'm really hoping this ends up being called the "Dirty Bubble" and was a little dismayed that no headline catching names have come up yet.
chx 1 day ago 2 replies      
Um. Good morning? Didn't Germany call for a ban of combustion engines by 2030 just two weeks or so ago? These graphs are wildly optimistic if that happens.
marze 1 day ago 0 replies      
If only there was some company poised to capitalize on this shift we could all invest in...
gregpilling 1 day ago 1 reply      
Oil is also used for plastics, fertilizer, and many other goods. Not just used for fuel.

As the world economy expands, because in 10 years everyone will be on a smartphone, the demand for plastics and fertilizer and rubber and roads etc. that demand should expand more than fast enough to cover the fleet conversion from gas to electric.

200 million vehicles in the USA fleet, and they sell 17 million in a good year. 12 years to replace the fleet; it is currently about 11 years old on average.

I think the article is over stating it. There won't be any problem, it will take decades to adjust anyway.

lsc 1 day ago 2 replies      
I've been reading a lot about this, and I've been wondering the best way to buy a long term 'call' option on oil is... Ideally, I'd buy stock in an unhedged owner of the right to drill for oil in places where it's only profitable to drill if the price of oil goes up above where it is now.

I mean, I'm no 'peak oil' person or anything, I just don't trust that we went so quickly from the idea that we were running out of oil and that it would as a result become super expensive now to this idea that it won't be worth pulling oil out of the ground for much longer; I strongly suspect that the truth is between those two scenarios, and would like to lay some money on that suspicion.

nmstoker 23 hours ago 0 replies      
The original Fitch report is available here (needs a login but I believe it's available to free registered users, ie non-subscribers)https://www.fitchratings.com/site/pr/1013282
dv_dt 1 day ago 0 replies      
When individual jobs are threatened from offshoring, it's just too bad for the workers and is just considered the regular working of the market. When battery technology threatens previous investments in old tech, its a "threat" to the market. Hmmm.
powera 1 day ago 4 replies      
No. [EDIT: headline here fixed to not include the words "death spiral"]

The article is a (lousy) summary of a report from Fitch. It has no new content, and its regurgitation of the report confuses most of the fundamentals of the energy and credit industries.

dboreham 1 day ago 0 replies      
So if you have a stable business toady that appears to make money regardless, it will continue to do so for decades to come (or whatever the bond maturity term happens to be).

There's never been a case in the past when that assumption didn't turn out to be true, of course..

GigabyteCoin 1 day ago 0 replies      
Wow... talk about a first mover advantage...

Best case scenario, according to the graphs in the article, is if "Low Carbon Policies" come into effect to disrupt the oil industry as quickly as possible... we will still be consuming 50 million barrels of oil per day in the year 2060.

Ganoes47 1 day ago 0 replies      
"on a trajectory to make electric vehicles as affordable as their gasoline counterparts over the next six years"

So, in 6 years, I can replace my Corolla with a Tesla model 3. Cool!

paulajohnson 1 day ago 0 replies      
Looks like our survival as a species depends on a race between our ingenuity and our ingenuity.
rdl 1 day ago 0 replies      
Solidly in the "good problems to have" category, at least for humanity overall.
djyaz1200 1 day ago 2 replies      
Those companies have a STRONG incentive to avoid disruption and this co2 to ethanol technology might be helpful in that regard? http://energy.gov/articles/scientists-accidentally-turned-co...
dimino 1 day ago 0 replies      
Is this at all related to the recent cries of "bubble!" in the sub-prime auto loan market that John Oliver did one of his segments on? Or do those folks just shift to selling electric cars, instead of gas cars?
dimino 1 day ago 0 replies      
On that first chart, so battery count will drop post-2030? That's what the y-axis is, battery count (is it count? production rate?), but the conclusion drawn is that oil demand will drop, which feels related to the article, but wholly unrelated to the chart.

Is the y-axis of that graph actually oil demand?

f137 1 day ago 0 replies      
The logic is backward, actually.

The low risk that any breakthrough in batteries would happen IS the reason for the vast amount of securities dependent on it.

StillBored 1 day ago 1 reply      
Uh, ok, so where is all the power for these electric cars going to come from? That oil/natural gas/whatever is just going to get burned at some large newly built plan and transferred using a ton of grid upgrades (all likely paid for using bonds).

Moreover, the cars aren't going away, instead of buying one with a ICE, its going to have a battery and some electric motors, the companies producing that will likely need bonds too. So, without attempting to compute the costs of a few dozen gigafactories, rare earth mines, etc, the article seems pretty worthless to me.

Frankly, i've been wondering for the past few years what percentage of a modern car's production cost is actually the gas engine. Modern engine complexity seems to have peaked 20 years ago, and declined. Of course safety, comfort and entertainment systems have exploded in complexity in that same time period, but those are things people expect out of modern electric cars too.

PayPal 2FA Bypass henryhoggard.co.uk
521 points by Spydar007  2 days ago   136 comments top 28
dkopi 2 days ago 7 replies      
Mistakes were made, and there are definitely lessons to be learned, but if we want to improve the state of security, we really need to change the way we react to these types of bugs.

If a service has an outage and a company posts a postmortem, we all think: "wow! that was an interesting bug, lets learn from this".We shouldn't be treating security issues differently.

People who make security mistakes aren't idiots. They aren't negligent. They're engineers just like us, who have tight deadlines, blindspots and mistakes.Shaming people and companies for security bugs will only cause less transparency and less sharing of information - making us all less secure.

This is a really cool bug. Kudos to the researcher for finding it, responsibly reporting it, and to paypal for fixing it in a timely fashion.Hopefully - this type of bug changes some internal processes and the way the company thinks about 2FA.

As for security questions - these are obviously insecure, and should really never be relied on. If you can opt out of security questions - do so. If you can't - just generate a random password as the answer. "I_ty/:QWuCllV?'6ILs`O12kl;d0-`1" is an excellent name for your first dog / high school. Just don't forget to use a password manager to store these.

pkamb 1 day ago 1 reply      
Sounds like a lot of work! Paypal will just turn off two-factor themselves if you ask nicely via an unverified twitter DM.



the7nd 2 days ago 2 replies      
The simplicity of this exploit demonstrates something profound. The most dangerous things in life are not hidden deep in the weeds. Rather, they stare us in the face in the most obvious spots. It isn't the unknown that presents the biggest threat. It is the known that we never gave a second look.
agildehaus 2 days ago 1 reply      
One of my PayPal 2FA phone numbers is listed twice and both cannot be removed (errors when I try). Their support can't help with the situation because their side wasn't able to see the duplicate.

This is not surprising to me.

ryanfreeborn 2 days ago 3 replies      
Is 17 days an acceptable TAT here? I know investigation and fixes can be a challenge, but with the severity of this exploit+PayPal being a serious financial service, I kind of would hope for a faster fix. Maybe I'm off base...I really don't know; curious what others think.

How much time would've had to pass (without PayPal doing anything) before the author is ethically obligated to post to HN/media/etc about the hack? I believe publicizing an (unpatched) exploit like this crosses into criminality, but it would be essential to demonstrate some kind of proof, for credence and gravity. I'm guessing the community has some standardized guidelines for this sort of thing, but I'm not aware of them.

xorgar831 2 days ago 2 replies      
I've seen equally as ridiculous web bugs, computing prices browser side in javascript, credit card numbers encoded in REST API endpoints, financial websites not supporting 2FA at all or mixing http requests into the sites. We're solidly in the dark ages of web security still.
discordance 2 days ago 4 replies      

Also, PayPal really needs to stop using SMS for 2fa.

I expect more from a payment processor that is linked to my bank account.

TorKlingberg 2 days ago 0 replies      
This seems like a good time to rant about PayPal 2FA and its poor usability.

Every time I open the PayPal app I have to wait for a text message and type a code across. That should not be necessary! PayPal should count the app as the second factor and only ask for the password. I am happy to us 2FA with Google because I only have to use it when on a new device, or once a month or so in the browser.

Second, support 2FA apps like Authy already. SMS based 2FA is both insecure and unreliable.

chirau 2 days ago 0 replies      
Out of curiosity, how much was the bounty? 3, 4 or 5 digits?
algesten 2 days ago 0 replies      
I'm using Verisign's VIP Access app (silly name) to generate PayPal's 2FA tokens.

Good thing is it works without access to my phone.

Bad thing, the app has a unique ID that PayPal only allows me to use for one of my three accounts.

Wish they implement TOTP.

bad_user 2 days ago 2 replies      
Does anybody know how to activate 2FA for PayPal?

In the security section I don't even have that option.

phreack 2 days ago 2 replies      
This is scarily simple. Profit indeed for a black hat. Coupled with a recent post about Gmail on how phone carriers are the weakest link, I just don't feel safe with anything but a dongle based 2fa these days.
DavidWanjiru 2 days ago 4 replies      
Am I the only one who found it odd that the author had internet access, but there was no phone signal? Maybe it's because I'm Kenyan, where phone penetration is much higher than internet penetration, and where internet access over GSM has the biggest share of the internet access pie chart.
nabla9 2 days ago 0 replies      
The lesson from this:

Just looping trough input arguments from the client, validating them and then acting on them gives the client control of the code execution.

It's not enough to validate each input argument. You musth also verify that all parameters are really there and no extra parameters can slip into the system. The whole combination must make sense. Enumerating all used parameter combinations in a record that can be changed easily is one way to solve this.

ryanlm 1 day ago 2 replies      
I'm assuming that the relevant code, is simply an if statement checking for the existence of the url parameters, not even checking if the security questions are correct.

 if(isset($_GET['securityQuesiton0')) { // success, }
This is negligence on the developers part and I think they should be disciplined.

0xmohit 2 days ago 0 replies      
If I were to guess this flaw was a result of monkey-patching to support 2FA that didn't quite consider different scenarios.

I've come across a few authentication bypass vulns that seem similar.

dczmer 22 hours ago 0 replies      
reminds me of this paypal 2fa exploit from a couple years ago:


because it was the same simple exploit on a different field.

danielsamuels 2 days ago 0 replies      
I imagine you could have got the same results with inspect element and deleting the form fields, rather than using a proxy.
yashafromrussia 2 days ago 3 replies      
What kind of API design is this? Post data should be sent within the request's body over HTTPS. Not as a url query.
Propen 1 day ago 0 replies      
It's 2016. They are a financial company. Why aren't they implementing TOTP codes? NIST officially deprecated SMS.
andrewvijay 2 days ago 0 replies      
Short and sweet. Never seen a bug explained so succinctly.
TekMol 2 days ago 0 replies      
What is the additional phone verification good for if you can bypass it anyhow?

I mean - if you can chose between pw+phone and pw+pw2 ... why bring the phone into play at all?

greyskull 2 days ago 5 replies      
What could the backend logic possibly be this worked?
nobodyshere 2 days ago 0 replies      
Bypass? Haha, it has been quite a while and they still haven't even enabled it for my country. Same goes for Apple.
foota 2 days ago 0 replies      
Oh my god.
benevol 2 days ago 1 reply      
This is surreal.

Does PayPal outsource their web development to an anonymous script kiddie on 4chan?

rvolkan 2 days ago 2 replies      
I'm happy to see that the article doesn't have any BS that I have to ignore. It's a simple page that only tells the 'required' story. As a reader, I want more people to cut the crap about 'blah blah blah' and get to the subject.
jknoepfler 2 days ago 0 replies      
Thank you to the author for reporting this big in a responsible way. They are a credit to our profession.
IPFS is the Distributed Web ipfs.io
402 points by jasikpark  2 days ago   239 comments top 30
d--b 1 day ago 5 replies      
I have a truly naive question about the distributed web: what makes the supporters of it think it will be any different from the original web. I mean, isn't it likely that at some point, there will be the need for a centralized search engine for it? Isn't it unavoidable that big companies like facebook runs their own non-distributed subnetwork, so that it can deliver standard functionality to all its users? The original web IS distributed already, isn't it? It's just that organically, the way people use it has become a lot more centralized, no? Or am I missing the main argument for a distributed architecture?
idlewords 2 days ago 11 replies      
I worry that this is another example of throwing technology at a social and political problem.

That the current web is centralized has little to do with its technical design, and everything to do with economic and structural incentives that have made it that way.

It's tempting to say "start afresh", but we'll just be trading our current problems for a new set of problems IPFS introduces. It's a law of nature that problems are always conserved.

I would rather we do the hard work of fixing the web we've got, in particular the hard issue of how to re-decentralize it.

TimJRobinson 2 days ago 4 replies      
So I've been thinking about creating a basic site running on IPFS and here's my dillema. The hash of each page is a sha256 of the contents right? So lets say you have 3 pages A, B and C, A links to B, B links to C, C links to A. How do you create all 3 pages with correct links to each other?

When you create page A you have to have the SHA of page B, but then to create page B you have to have the SHA of page C and finally to create it you need the SHA of page A. You get into this cyclical loop where you can't generate any page and link to others. What is the solution to this problem?

runeks 2 days ago 1 reply      

 > Each network node stores only content it is interested in [...]
Isn't that the issue here? Storing data that will maybe be there later isn't really storing data. People want to publish something that must always be available, so why inject data into the IPFS network and hope it will be there in a year, rather than set up a $10/yr VPS?

 > With video delivery, a P2P approach could save 60% in bandwidth costs.
In my opinion, this may be true, but total costs will be greater. P2P solutions are awesome because they are resilient, not because they are cheaper. Distributing pirated movies by dumping them on public FTP servers is much cheaper than BitTorrent. BitTorrent appeared because the centralized method was not resilient enough against adversaries, not because it was cheaper (quite the contrary).

supergreg 2 days ago 2 replies      
If I try to host a javascript application that uses LocalStorage for saving data, it would be visible to any other ipfs JavaScript application because they all exist under the same domain, right? Have you thought about having the URLs be something like ipfs://<hash>/index.html instead of http://local host/<hash>/index.html so browsers keep the LocalStorage for each ipfs hash separated?
msane 2 days ago 1 reply      
If you want to tamper with content on the web, the idea that content is fingerprinted in IPFS is a huge deal.

IPNS (the name service) then becomes the vulnerability, but that is also distributed.

vegabook 2 days ago 3 replies      
IPFS appears here every 6 months, every 6 months the same questions get asked, the same problems get raised, the same collective sigh of bewilderment/disappointment appears to emanate from the comments, and it goes away again for another 6 months. Everybody wants something this clever and community-spirited to work, but the basic problem is, I don't want my data to be vulnerable to slow, unreliable endpoints, or people switching off their IPFS servers. I can't really trust an unremunerated volunteer system with my data, and I don't believe that my keeping your data is remuneration enough for you to keep mine forever.

Peer-to-peer is excellent for ephemeral streaming stuff like chat, file transfer, even gaming. But it is not good for permanence unless some monetary remuneration gets involved, either via a centralizing entity asking for payments (dropbox et al), or a distributed monetization system like bitcoin. Somewhere, somehow, someone needs to get paid to keep the system running.

fosh 2 days ago 3 replies      
How do hosting providers fit in here, if at all? E.g., if I want to host a website on IPFS, do I publish it from my own machine and then wait a healthy amount of time for the content to be absorbed by the ether, or is there some way I can encourage other nodes to pick it up without requiring end-users to actively seek out my fresh material?
mcbits 2 days ago 2 replies      
Suppose I'm poking around IPFS and unintentionally download some unauthorized copyrighted content. Is my computer going to automatically start sharing this content, exposing me and my ISP to legal action?

Or if there is a way to prevent sharing particular content that I've accessed, what's to stop me from leeching everything and never sharing anything?

(Edit: Ah, now I see "BitSwap" as possibly addressing my second question, but I'm still concerned about the first.)

empath75 2 days ago 1 reply      
As a devops guy, I sort of think ipfs seems more useful as a private, backend sort of solution where you trust all the nodes. I'm sort of vaguely imagining it running as a shared file system in AWS, running on docker containers.
voltagex_ 1 day ago 1 reply      
Beware anyone on a metered connection - in 20 or so minutes, the ipfs daemon has used 3 gigabytes of bandwidth.
kefka 1 day ago 1 reply      
Ive been using IPFS to port and make serverless webapps.


clueless404 1 day ago 1 reply      
Does IPFS come with some kind of content filter or firewall to protect its users?

When child porn inevitably shows up, how do you protect yourself from accidentally downloading and then seeding it?

tijs14tijs 2 days ago 1 reply      
Interesting, I have two questions:

Can you create your private ipfs network? (accessible by anyone, upload only me)

If you upload sensitive material to the global ipfs network, what do you think will happen?

kylehotchkiss 1 day ago 1 reply      
There's an interesting emphasis on developing nations not engaging with the Internet, but I think that might be partially cultural too. What tools have we given the developing world to really engage with the internet? The easy-to-use publishing platform often require an email and usually a real name. Both of these things may be unavailable to countries where being connected to thoughts posted online could be dangerous.

Most content is not written in simple english, and there's just not much incentive for somebody who may not know how to think critically/complexly (due to lack of western education) to engage with the internet.

I think distributed web is an interesting idea, and that IPFS really lists out some issues with the internet that we'd all win in solving, but I think maybe some of these, like developing nation web access, are solvable with current tech, and more culturally based solutions

clueless404 2 days ago 1 reply      
What problem does IPFS actually solve?
JulianMorrison 1 day ago 1 reply      
This sounds like distributed Geocities, where you can have any content you like so long as it's static, or at least, changes in iterations of static files like a HTML-generator blog.

If you do anything that needs a central server, suddenly its advantages vanish. I could imagine Wikipedia using this; I couldn't imagine gmail doing so.

ShakataGaNai 1 day ago 1 reply      
So I've got a (let's say) WordPress blog. Where's the "here's how to get your existing content on IPFS in less than an hour" guide?
teekert 1 day ago 1 reply      
Some content here to play with: [0]

Interestingly some links to copyrighted material end in Unavailable for Legal Reasons however, running the daemon and issuing an ipfs get hash the download does start.

[0] https://ipfs.io/ipfs/QmU5XsVwvJfTcCwqkK1SmTqDmXWSQWaTa7ZcVLY...

delegate 1 day ago 0 replies      
ipfs is fantastic, but it is half the solution. We also need a distributed p2p application framework, with which nodes can securely communicate and allow building distributed apps, like search.

We can think differently with ipfs. Traditional web allows everyone to publish content somewhere, hoping that search engines will index it.

With ipfs, the same file (with the same content) is only indexed/stored once and then you reference the hash to get to the content.

This fact changes the problem of search.

Take all the world's movies. With ipfs + p2p network, you only need one back end in the form of a distributed search index, which can index all the movies in the world.

Same with the world's music. You only need one back end which can index all the music.

The index can be as simple as {"movie title": [sha256]}, where the array contains the hashes of different 'encodings' of the same content (eg. 'dvd rip', 'blue ray' or 'mp3').

Content can be indexed by all kinds of properties of course and it can grow organically over time to include more and more details.

With ipfs plus the p2p network we'll build 'apps', not 'pages'. People can have a list of 'apps' running on their machines - which are node instances in various distributed applications, sharing the same p2p network and using ipfs as storage.

Apps can have 'backend' and 'front end' parts - the back end is the part which participates in the p2p network, while the 'front end' provides a human interface to the back end, were users can search/browse/view the content.

Apps are distributed as git repositories stored in ipfs, while the 'core' running on the user's machine compiles the sources (inside a build vm) and loads the resulting binaries into containers running in virtual machines.

This would make it easy for devs to write and publish new distributed apps, making the network totally decentralised and virtually unstoppable.

Ps. If you feel that this insanity could work, then I'd love to discuss it in more depth - delegate78@gmx.com

mark_l_watson 1 day ago 0 replies      
I heard about IPFS at the Decentralized Web Conference in SF last spring. It sounded promising, long term. Anyone here using it right now? What are the costs for running it on a VPS, for example, bandwidth, storage, and CPU load?
girzel 2 days ago 3 replies      
Hey I have a related question: so with IPFS we all host bits of the internet, and with IPv6 our machines are all directly world-accessible, right? So how do we prevent this from turning into a huge pwn-fest? If routers aren't doing NAT and a bit of firewalling along with that, would each machine be completely responsible for its own security?
usgroup 2 days ago 0 replies      
What I'd personally like to see is built in monetisation such that hosting and serving other peoples pages becomes a socialised cost and benefit although one would guess that such as feature would have to be deeply designed into the system itself, and cannot be added as an after-thought?
z3t4 1 day ago 1 reply      
We keep things that are important, and throw away the garbage. But if we keep everything, there will be mostly garbage.
tscs37 2 days ago 1 reply      
IPFS is a pretty nice project, but it's pretty slow at times.
manigandham 2 days ago 1 reply      
Who exactly runs these nodes that store data?
descript 1 day ago 0 replies      
IPFS is vaporware. They are going to launch a token and try to take your money
bfrog 1 day ago 0 replies      
how does this differ from maidsafe?
j45 1 day ago 0 replies      
I really hope something like this takes off.

Connecting and indexing documents has been the challenge of a few internet generations. Creating a document at a point of filing is a subtle but potentially large shift.

Hopefully this lands on homebrew soon to aid it's growth.

knocte 2 days ago 1 reply      
504 Gateway timeout

A bit ironic :) (being distributed it shouln't be a single point of failure ;) )

Deep learning papers reading roadmap github.com
418 points by kevindeasis  4 days ago   25 comments top 9
annnnd 4 days ago 0 replies      
Missing on the list: http://neuralnetworksanddeeplearning.com/

Great book for learning concepts and for getting a generic overview (but goes deep enough that you can jump straight into implementation if you want). I recommend it highly.

leblancfg 4 days ago 1 reply      
# This downloads all the links in that page

# Just save README.md to the folder of your choice

 sed -ne 's/.*\(http[^")]*\).*/\1/p' < README.md | xargs wget -U 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0'

zk00006 4 days ago 2 replies      
Nice list, but there are too many papers like this and it is easy to get stuck in theory. I would suggest to grab some simple neural network (Darknet is great for that) code and read that first. If something does not make sense, find the theory from papers.
yalogin 3 days ago 1 reply      
A bit off topic but what does one need to know/read before doing the Udacity course on autonomous driving?
markovbling 3 days ago 1 reply      
Great, thanks!

I find the problem is actually how to select what content to study given a time constraint like if you had 5 hours or 20 hours or 200 hours - what should you read?

Like an exhaustive list is great but it's an optimization problem - how do I maximise understanding subject to a time constraint - which resources do I select to maximise learning in x hours/days/years?

amelius 4 days ago 4 replies      
What are the best video lectures out there, with emphasis on theory (not coding)?
syphilis2 4 days ago 2 replies      
Is there a link to the book mentioned in item 1 (1.0 Book) as a PDF? The closest I could find is http://www.deeplearningbook.org/ which says I cannot get a PDF of the book, though clearly one existed at some point.
jonnys1 3 days ago 0 replies      
I was SOOO looking fow something like this!
ilaksh 3 days ago 0 replies      
I would skim these to select something basic and then try to experiment with a real system with those documents as a guide/reference.

Try to actually learn one level at a time.

That is my approach right now. I have read a lot but without being 100% on the fundamentals it mostly goes over my head so I am backing up. I plan to try Tensorflow examples also but I expect it will be pretty shaky until my high-level practical surface knowledge can meet in the middle with my fundamental knowledge if I can keep progressing.

Introducing Initialized Capital initialized.com
538 points by ernestipark  23 hours ago   138 comments top 68
garry 23 hours ago 11 replies      
Hi HN! Happy to answer questions here, which is funny because this is where it all really started for me back in 2007 when I was first thinking of starting my first company. I started as an HN reader working at a friend's startup, applied to YC and got in, became a YC partner, and then an early stage investor.

We're engineers and designers and product folks, and most investors aren't still (which is crazy, right?) so we figure if we can do what we're doing while being the investors we wanted when we were founders, that's about as good as it gets.

sandslash 22 hours ago 0 replies      
For full transparency: I was Garry's Chief of Staff for 2 years before joining YC.

Garry and Alexis are the most founder friendly investors I've ever had the pleasure of working with. Late nights and early mornings in every time zone were normal for them. When I managed Garry's schedule, he held 3-5 hour blocks every single day to talk to founders. Then, in addition, we'd squeeze in as many calls and meetings the schedule would allow to speak with founders who reached out cold asking for general advice. A nightmare logistically sometimes, but a true testament to just how much they care about helping others.

When stereotypes of fund investors are that they are sluggish to make investments, quick and impatient when it comes to vetting teams and products, it is refreshing to see that Garry and co consistently break that view with their founder-first approach.

It might be an understatement for me to say that I'd recommend Initialized to any founder!

tyre 23 hours ago 0 replies      
We met Garry, Alina, and Alexis at YC16 investor day. After talking for twenty minutes, they said "we're going to go talk about you behind your back, then give you an answer."

They made a decision in 2 minutes.

That's what it's like working with other founders. There's no bullshit. They proactively ask how they can be helpful, are empathetic and understanding when we go through tough times, and push us in a great way.

I'm pretty critical of a lot of Silicon Valley, but we are big fans of Initialized.

ahaseeb 25 minutes ago 0 replies      
Garry was our group Partner in YC S'14 and I am lucky enough to know Alexis as well. Fantastic team that you want on your side.
guiseppecalzone 22 hours ago 0 replies      
Ive known Garry since 2010. Even though he didn't know us at the time - he met up with us to help us hone our YC pitch. He later became our adviser. Awhile after, when I showed him our growth numbers, he offered to invest, which then triggered a round. He didn't need to follow anyone else to decide. When we had an announcement, Alexis helped get us press. There are tons of helpful moments like this.

When I talk to other founders, I keep hearing how helpful they are. This is one of the most talented and genuine groups of people in the valley.

Congrats on the raise!

prayag 14 hours ago 0 replies      
Story time folks! I have known Garry and Alexis for many years now. They lead our seed round and we invited Alexis to be on our board for a brief period of time.

So, when we were raising Series A, the negotiations with some new investors were getting a little tenuous. I knew and appreciated that investors are professional negotiators and do this for a living. I on the other hand was a first time CEO. So, for some time during the process, I was feeling a tremendous amount of pressure.

So, one morning I come in to the office feeling sick and questing my ability to withstand the kind of pressure a growing company's CEO has to endure. First thing I see is this short email from Alexis "How's it going? How can we help?". I had talked to Alexis and Garry a few months before about raising a Series A but I was sure that famous people in the valley with full-time jobs had more important things to do than check in on a small, pre-series A company with 10 employees.

I welled up. It was the first time in months that I had felt like someone had my back. In the end we were able to raise a successful A followed by a successful B as well but I still go back and read that 2 sentence email from time to time.

Garry and Alexis are not only awesome investors but wonderful human beings.

qwrusz 1 hour ago 0 replies      
I don't know these guys. I just want to say kudos for launching a VC fund the way they did:

-Announced in public and on VC website.

-Who you are

-What you look for

-What you offer ($ size and intangibles from partners)

-What track record/prior vintages look like

-How to reach you

Too many VC funds are too opaque or they ask founders to go hunt down a random mutual connection, bother that 3rd person and then circle back to get introduced to the VC.

I like Initialized approach here and wish you a lot of success.

P.S. If nitpicking the website isn't exactly the most impressive looking. Doesn't bother me one bit. KISS. Hope founders look past that too.

hackerews 22 hours ago 1 reply      
I met Garry in 2014 during YC. After our first office hours with him, I knew Garry would be a valuable go-to. He's a legit advisor because he can dig in at any level with you - founder stuff, company, go to market, users, working with big companies, design/code, hiring, raising money, prioritization, etc, etc. Part of that comes from being a YC partner and seeing that large sample size of startup problems. But he has also built inspiring products, led teams at large companies, is a brilliant developer and designer, and flat out an all around great guy.

So for me, this announcement is bittersweet. Initialized will be great for so many early stage founders, but now I don't have a simple way to book office hours with Garry. Well actually, I bet if I shoot him a message, he'd still be glad to help anytime.

apoorvamehta 21 hours ago 0 replies      
hey - this is apoorva from instacart s12. we'd not have been in YC had it not been for Garry Tan! full story here: https://techcrunch.com/2012/08/18/how-instacart-hacked-yc/

really happy to see this happen. i think this will be great for the community.

jakek 12 hours ago 0 replies      
This is fantastic news for entrepreneurs everywhere.

Garry has been instrumental to the success of my company from the earliest days when we were back in YC W11 through to the present day - I'm so excited for all the new founders who will get an opportunity to work with him as a result of this new fund. Garry is not only an extremely kind person, extremely smart,but also completely understands what it means to have ups and downs as a startup since he's been there and helped hundreds of other companies through those ups and downs. So when you need someone in your corner he's there every step of the way. If you're an early stage founder I couldn't recommend Initialized and Garry more highly - super excited for what Garry and team are going to build.

parkerconrad 14 hours ago 0 replies      
Congrats Garry -- I just wanted to chime in with others to say that Garry was an incredible investor in our seed round -- always helpful, and has been very loyal in good times and bad. If you can work with him I highly recommend it.
barmstrong 13 hours ago 0 replies      
Garry was one of the first investors in Coinbase and acted as my CEO coach for the first ~6 months of the business, during a very stressful time. He was incredibly helpful to us early on! Would recommend them as a firm.
OoTheNigerian 22 hours ago 1 reply      
Congratulations Garry!

A few questions.

1. An obvious question is: Why start out on your own rather than via YC as you've done for a while and seems to have succeeded for you.

2. Would you actively seek investments from outside the United States? As you may well know, emerging markets are gaining a load of attention. In 3 months Nigeria would have hosted Zuckerberg, YCombinator and 500 Startups. (You're always welcome :D)

3. What's the investment thesis of Initialized. Didn't see an Investment Thesis on the website.

Congratulations and all the best!

PS: Not sure if you remember me but you were in the panel that interviewed me for YC in Summer 2014

datalus 19 hours ago 1 reply      
Is there a reason why the startup list is a giant image rather than a table of links? It'd be nice to hit each startup's landing page as I'm browsing your list of clients.

Not that big of a deal, though. Interesting VC being product people instead of finance people :)

michaeldwan 21 hours ago 0 replies      
I met Garry while he was a part-time YC partner during S11. Office hours with him were always helpful and productive. He gave thoughtful product feedback, facilitated countless fruitful introductions, and helped us navigate fundraising and an acquisition. Hes laid back, easy to talk to, and doesnt bullshit or play games. After YC Initialized invested a small amount in us and he continued to be one of the most value-add investors we had. I cant stress enough how much value these guys bring to the table. Id be honored to work with them again.
aerosmile 14 hours ago 0 replies      
If you haven't met Garry, Alexis or the rest of the team, by now you will have read that they have all worked very hard to earn all this good will that's reflected in the comments. And if you're wondering how you can be like them one day, it's really very simple - pay it forward and be kind. Obviously, it helps if you're also incredibly smart and experienced, but the first two items alone will get you very far.

I first met Alexis in 2011 in Austin, and to this day my wife and I often reference the many different nuggets of wisdom he shared with us. A couple of years later, I met Garry at YC, and his support far exceeded the typical business stuff - we were having a hard time at one point, and his help made all the difference.

What I appreciate the most about people like this group is that they are setting a high bar for everyone who's trying to be a value-adding investor - and people are also stepping up to the plate. The amount of help that my current startup has received from people with no skin in the game is truly remarkable, and people like Garry are the real reason why building a startup in the Valley is easier than anywhere else.

FT_intern 10 hours ago 1 reply      
This comments section feels like an Amazon review page of a product that launched a month ago with 1000 5 star "received product with discount here is my unbiased opinion" reviews.
skdoo 13 hours ago 0 replies      
Sanjay here from Boosted S12. Garry and Alexis and team were one of our first investors and have been some of the best people we've worked with. I am so excited for them and for all the new founders who will get to work with them.
vecter 14 hours ago 0 replies      
Our company was part of YC S12, which was a huge batch before YC sharded itself into clusters. During that summer, Garry was one of few partners we actively sought out for advice. He was always extremely helpful, especially with product and UI suggestions.

Initialized was one of our earliest post-YC investors and we've been incredibly happy with their support for us during the many years since YC. We're happy to have them onboard and still talk with the partners quite frequently relative to many of our other investors. I'm excited to see what these guys will accomplish with their new fund!

rmorrison 11 hours ago 0 replies      
Garry, Alexis, and Initialized have been extremely helpful and hard-working investors in my company for ~5 years. I love that they're founders themselves, which means they know what it takes and they work really hard to help their portfolio companies. These are the investors you want on your side, particularly when you run into road bumps. I highly recommend them as investors, and I'm happy to answer any questions (my email is in my profile).
dsugarman 12 hours ago 0 replies      
It has been great to work with Initialized so far. When we had bad times, other investors acted poorly, they supported us. When we were going through a pivot, Garry gave us weekly office hours during a very busy time in his life. This allowed us to keep pace like we were still in YC even though it was 3 years after still under the same company and it set us up properly for the crazy growth we had for the next year. I would highly recommend them to anyone who has a chance to work with them.
7cupsoftea 19 hours ago 1 reply      
Just a quick note to say congrats to Garry and Alexis. Garry helped us out a ton at 7 cups. He said a startup is like a magnet. The more users you attract, the more powerful your magnet becomes. Alexis has also always been very encouraging and helpful in figuring out things that are not obvious. I highly recommend Initialized!
dbburton 22 hours ago 1 reply      
Congrats to Garry and the Team. Garry was one of our partners during YC W15 - he was incredibly insightful on product and design, generous with his time, and just plain nice throughout.
collinjackson 14 hours ago 0 replies      
I feel very lucky to have had an opportunity to work with Garry and Initialized. They are incredibly helpful investors and I expect big things to come from the new fund.
waxman 12 hours ago 0 replies      
Garry and the Initialized crew are simply the best!

You can really judge investors by how helpful they are during adversity. Through ups and downs, but especially the downs, Garry and Initialized have been the absolute best!

If you're a founder and you have an opportunity to team up with them, do it without hesitation!

arshmand 13 hours ago 0 replies      
Congrats Garry, Alexis and team. Just to add another anecdote: We are backed by Initialized coming out of YC S16 batch. Incredibly awesome to work with such founder friendly investors. I'm sure the perspective that Garry/Alexis gained by going through YC themselves gives them this sort of empathy towards other founders.
ckelly 14 hours ago 0 replies      
This is fantastic news for founders.Survata (S12) was pumped to have Initialized in our Series A last year. Garry worked the closest with us of all YC partners, and Alexis had already been a customer! They make valuable customer intros, always offer time to help, and have such a pro-founder view of the world.
GraffitiTim 10 hours ago 0 replies      
I still remember the time we came to office hours with Garry to get some advice on how to approach designing a new product, and in 15 minutes he sketched out an entire design -- which we used.
dkobran 13 hours ago 0 replies      
Initialized is venture capital without the attitude. Garry has been an incredible advisor to us ever since our first YC interview (he and Alexis were both there actually). Could not imagine a more down to earth, insightful and energetic group. Congrats!
kalvin 8 hours ago 0 replies      
Another upvote for Garry and Alexis from a YC alum! Garry was such an empathetic, helpful person throughout our startup journey.
ajkates 14 hours ago 0 replies      
Congratulations to Garry, Alexis, Alina, and team! Such an awesome group---and an immense pleasure to work with. You won't find a more beloved group of partners in the entire Valley. So excited to be sharing in this journey together!
nim 12 hours ago 0 replies      
This is great news for future startup founders! Having worked with Garry personally I can absolutely attest he is top notch. (disclaimer / cred: our startup is a part of the Initialized portfolio)
lancerpickens 12 hours ago 0 replies      
Garry is bar none one of the best investors I've ever had the privilege to have worked with. Garry is down to earth and a great advisor. Highly recommend working with Garry to any entrepreneurs.
lorenbaxter 13 hours ago 0 replies      
Garry and Alexis have been a huge help in getting Priime started, and have consistently given us solid feedback along the way. I can't say enough how excited I am to see them launch. Congrats guys!
saadrizvi 11 hours ago 0 replies      
Congratulations Garry, Alina and Alexis! We feel incredibly lucky to be backed by them. Super founder friendly, tremendously helpful and always have your back!
pjg 17 hours ago 1 reply      
Garry - way to go!! Raising a fund of 100M+ while being so founder friendly is not easy. Of course building a stellar team helps. Nicely done!

I read your farewell letter when you left YC - you hit the nail on head by saying you haven't decided what to do because that would obviate the "founder's perspective". Founders who are going to a known from a known will never know the unknowns faced by a startup.

Everybody I've talked to has raves to say about you. We're solving the problem of paper Checks. People and Businesses are still writing paper Checks. Contrary to popular opinion, Checks moved 5X the money as VISA and MC combined in 2014. We're already seed funded but would love to talk more.

clairethere 14 hours ago 0 replies      
Congrats, Garry! It's a rare treat to get to work with people as smart, savvy, helpful, and kind as you and your team. I'm glad more founders will have the chance w this new fund.
bedros 20 hours ago 1 reply      
Hi Garry, and congrats on your new firm.

the age old question comes to mind; how do you value startups with a prototype with little traction. assuming the target market is the size of markets for airbnb,facebook,dropbox, etc.

do you guys follow YC with a fixed rate, (7% for 120K) like 10% for 1M; do you have a min and max for equity and valuation?


jvrossb 12 hours ago 0 replies      
Could not recommend an investor more strongly. Incredible how they've progressed since we met them with their Initialized hats on in 2012.
kaistinchcombe 14 hours ago 0 replies      
Garry saved my company twice. There is nobody like this team.
mrmch 14 hours ago 0 replies      
Super stoked to see this announcement, I know Garry has been cranking on the new fund.

Canadian founders, Garry+Alexis are super canuck friendly, some of the best investors we have :)

tomharari 13 hours ago 0 replies      
Garry and Alexis were early believers in Cleanly and have been incredible seed investors. Highly recommend them if you can get them on your side.
btrautsc 14 hours ago 0 replies      
Few investors I've met feel like they're completely on your side. Garry and Alexis are two of few, and there is absolutely zero doubt.
estitesc 14 hours ago 0 replies      
Garry and Initialized have been amazing to work with. So happy for you and can't wait to see what awesome companies you invest in next...
nickadam 20 hours ago 1 reply      
This site needs to be recategorized https://www.mywot.com/en/scorecard/initialized.com
mmmmax 14 hours ago 1 reply      
Garry, this is a big fund. What can you do for founders with a large fund that you can't do with a small one?
technofiend 20 hours ago 1 reply      
Did you guys recycle a domain name? Blocked due to security concerns. You may need to work with the big vendors to get yourselves off the naughty list for actions taken by prior domain owners.
stephenvlahos 14 hours ago 0 replies      
Garry is an amazing investor and a great advisor! Wishing these guys the best of luck!
stephenvlahos 14 hours ago 0 replies      
Garry is an amazing investor and advisor! Wish these guys the best of luck.
yc-kraln 21 hours ago 1 reply      
I'm curious to know if there is a specific market you are focusing on (in terms of target market, such as IoT, Security as well as regionally).

How would someone make the determination that you are the right firm to pitch to? How would they bend your ear? What's the best way to get your attention? I'm missing a lot of this from your site.

eattropics 5 hours ago 0 replies      
Are you actively seeking startups or do you wait for them to come to you?

What would be your Ideal investment and are you investing in Food Tech startups?

TedBlosser 11 hours ago 0 replies      
congrats Garry and team! Any entrepreneur is lucky to have your team in their corner.
vskr 20 hours ago 1 reply      
What percent of company do you expect in return. YC has a pretty deterministic formula. Do you have a similar formula? Or do you decide (or negotiate) on a case-by-case basis
wasd 22 hours ago 1 reply      
Hey Init! Congrats on the launch.

Curious, have you funded any startups under Init? If I had to guess, "Our Startups" are startups you (Garry / Alexis /et al) personally invested in.

ilithiumi 13 hours ago 0 replies      
garry and alexis are two of the best in the valley! a big congrats for all your hard work :)
PStamatiou 20 hours ago 1 reply      
Congrats Garry!! Curious who else is on the investment team?

"Were founders who are engineers, designers, and product people. "

brandnewlow 17 hours ago 0 replies      
The news is out! Congrats guys!
bastian 19 hours ago 1 reply      
Huge congrats Garry. Maybe we will find a way to work together in the future!
stonlyb 22 hours ago 1 reply      
Congrats Gary! Will you be sharing your deal flow or syndicating any of your deals?
foobarqux 22 hours ago 1 reply      
Has one of the GPs directly invested in each of the startups listed on the "About Us" page or are some of those startups listed because of an advisory relationship or indirect investment (e.g. carried interest)?
ranidu 15 hours ago 0 replies      
Congrats Garry!
volkk 21 hours ago 2 replies      
very cool. i know you guys mention startups, and IMO thats a pretty generally encompassing term. would that include game development?
alibaba2020 22 hours ago 1 reply      
Salute Garry and team.. congrats Q:how founders will get in touch with you? Via referral like the rest?
dmritard96 17 hours ago 1 reply      
any interest/aversion to hardware or hardware/software?
cloudjacker 18 hours ago 0 replies      
What are you looking for in your portfolio?
davidrjm 13 hours ago 0 replies      
congrats guys! great partnering with you and look forward to seeing where you dig in with this fund
jasonwilk 23 hours ago 0 replies      
Congrats guys!
Skeptique 20 hours ago 2 replies      
Dear Garry - is any VC really "founder friendly"? VCs expect founders to work for zero or minimal salary. Even a below-market salary is incredibly painful in any metro.

My question -- will VC-funded startups ever enter the realm of the non-wealthy and/or beyond bro's willing to bunk up in a studio apt?

The Remote Freelancer: A list of remote work alternatives to Upwork github.com
444 points by RonanTheGrey  1 day ago   66 comments top 17
rossriley 1 day ago 3 replies      
Thanks for the list, there's a couple I hadn't come across before.

Domino and TopTal look like they may be more suitable for more experienced developers.

What is everyone else's experience for finding work at the higher end of the market ($600 - $900 / day)? From my experience I know the demand is out there but currently all of my work comes via traditional recruitment agencies which seems a shame for the companies doing the hiring, since agencies charge fairly big fees.

I have in the past tried eLance, Upwork, People Per Hour, and they all seem to end up overrun with low-end work and low-end clients and whilst there may be some gems in there it ends up not being worth your time to sift through / send propsals because 95% of clients will choke if you mention your hourly rate.

RonanTheGrey 1 day ago 2 replies      
After Shadi Paterson's post about his experience with Upwork (and my own floundering trying to find freelance and contract work) I decided to make this list. Please feel free to contribute and make a great community-curated list of remote working resources!
throwaway047 1 day ago 1 reply      
Been using Upwork a bit more intensely over the last 2 years to supplement my earnings while growing a startup. I can confidently say that 85% of my activity on Upwork is lead generation, meaning the project specifics and payment is done off the platform. I know that's violating their terms (hence the throwaway) but as others have pointed out, Upwork isn't exactly a great friend to the freelancer. I've had great success with this approach, so it certainly can be done.
mosburger 1 day ago 0 replies      
Here's a similar list on GitHub for Remote Work (with less of a Freelancer bent than the OP)... it's not maintained by me, I just stumbled upon it once a while back: https://github.com/lukasz-madon/awesome-remote-job/blob/mast...
k__ 1 day ago 1 reply      
The first big thing I learned as software consultant was, don't charge per hour and now there are even portals that are called "People Per Hour" and "We Work Hourly". Funny.
tmikaeld 1 day ago 2 replies      
Thank you very much for this. My company hire from UpWork but after reading that appalling behaviour, we are considering any alternative.
mrcactu5 23 hours ago 2 replies      
what happens if you're not in the top 3% of freelance talent. what happens if you're actually not that good?

I am not kidding. By design that site eliminates 97% of applicants -- be it front-end or mobile development or Python or Java or Go language.

Can people who are learning still do remote freelancing?

orangewin 1 day ago 0 replies      
A few more resources here for remote work options can be found here: