hacker news with inline top comments    .. more ..    16 Dec 2016 Best
home   ask   best   2 years ago   
Yahoo discloses hack of 1B accounts yahoo.tumblr.com
951 points by QUFB  1 day ago   548 comments top 83
Arubis 1 day ago 8 replies      
Fittingly, attempting to change my password to a 32-character random string generated by 1Password returns an error that the password "cannot contain my email or username", regardless of the contents of that random string (I tried several).

It does, however, _happily_ accept `passwordpassword` and cheerily move along to confirming that my recovery email account from 2003 is still valid.

niftich 1 day ago 4 replies      
> August 2013

> hashed passwords (using MD5)

I don't even know what to say.

> investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password. Based on the ongoing investigation, we believe an unauthorized third party accessed our proprietary code to learn how to forge cookies

How is this possible? Aren't most auth cookies just a session ID that can be used to look up a server-side session? Did they not use random, unpredictable, non-sequential session IDs?

kstrauser 20 hours ago 4 replies      
DO NOT delete your Yahoo account! In their disclaimer when you delete it, they state:

> "[...] we may allow other users to sign up for and use your current Yahoo! ID and profile names after your account has been deleted"

Bummer if you forget that it was the password reset email for your Facebook account, huh? Instead of deleting your account, purge it of all data: https://honeypot.net/purge-your-yahoo-account/

alyandon 1 day ago 4 replies      
"Separately, we previously disclosed that our outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users accounts without a password. Based on the ongoing investigation, we believe an unauthorized third party accessed our proprietary code to learn how to forge cookies."

So that exactly explains how my Yahoo account was used to send spam despite having a password that can't be reasonably brute forced (despite them using MD5). :-/

kajecounterhack 1 day ago 0 replies      
Related: former Yahoo security engineer talks about a backdoor Yahoo installed for the NSA to read private emails...behind their security teams' backs...


ilarum 1 day ago 1 reply      
In case you are looking for the important information, it seems to be MD5 hash without salt.
ausjke 1 day ago 8 replies      
I'm speechless.

More and more are migrating to cloud these days, I expect more and more epidemic leakage will come.

I host everything myself except for email, which is always a headache but contains more private info than all others I manage combined. Maybe it is time to run a small email server again but it is easily said than done, gosh please give me something like a working PGP or whatever for safe emails(PGP is dying from what I read)...

CiPHPerCoder 1 day ago 0 replies      
If anyone else has screwed up and used MD5 for passwords and doesn't know a good way to migrate towards something secure: https://paragonie.com/blog/2016/02/how-safely-store-password...
AdmiralAsshat 1 day ago 1 reply      
Well on the upside, if you changed your password as a result of the hack from a few months ago, you should theoretically be safe against this one which happened in 2013.

Those security questions, on the other hand, are still fair targets.

ponco 1 day ago 2 replies      
I almost hope the data is made somewhat public so Troy / https://haveibeenpwned.com/ can get a hold of it and provide the public with reassurance.
copser 21 hours ago 0 replies      
Wait, according to this,

"""Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016."""

this incident occurred in 2013 and 2016, or they needed three year to figure this hack out. How is this possible?

myared 1 day ago 1 reply      
One day, this will be Google announcing they've had a breach of this size. Not looking forward to that day.
phantom_oracle 1 day ago 5 replies      
there's a couple of things that these major providers getting pwned teaches you:

1) their security isn't good just because of their scale/size (that begins to seem more and more like a false-assumption nowadays)

2) migrating your email to a new provider is quite difficult (consider that the average person will have just 1 - or 2 - email accounts and they link EVERYTHING to it)

3) the price of ads/convenience is no longer worth it. I'm assuming at least a sizable minority of internet users are using ad-blockers these days. They can't get your eyeballs, so they package and sell your data. Granted, you can probably now get the same (raw) data on the black market by paying a fraction in bitcoin and you'll get to see those billions of emails telling people someone attacked their farm in farmville from 2009

Lastly (and I really hope this happens), Yahoo implodes/collapses (cause the average Joe won't migrate willingly) and leaves a vacuum for their 500+ million email users. Hopefully the smaller providers (Proton, Migadu, Posteo, Tuta, etc.) get at least 10% of these users and the email-cartel is broken (somewhat).

anigbrowl 1 day ago 0 replies      
It baffles me that Yahoo continues to live an independent existence. It's like a Terminator that never had a clear mission and now just wanders around randomly banging into things.
WA 19 hours ago 1 reply      
Nobody in here mentioned it: phone numbers were leaked, too. Which I consider even worse.

I wanted to sign up for Flickr, but the Yahoo login requirement was a big turnoff, because it requires a phone number. This nagged me so much that I never did it.

Turns out: right decision. Because my 8 year old phone number isn't target of spam yet.

uptown 1 day ago 2 replies      
When credit cards are compromised, the responsible party is usually responsible for providing identity theft protection. Why not tech firms that seek to store sensitive personal information? Maybe it'd scale back the desire for every firm to collect as much personal info as you'll provide them.
_navaneethan 21 hours ago 1 reply      
"We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data"

How the forensic experts could have analysed? based on the log data? my another question is, just assume if yahoo is trying to dump the experts, can it be possible? or else, still the experts be experts to make sense out of it?

taurath 1 day ago 0 replies      
Its scary to think about the consequences if the only reason Yahoo knew they got hacked was that they are more, and not less competent at security. Do you think the security team {insert retailer, other nontech company with a login screen here} is somehow MORE competent?
wapz 1 day ago 1 reply      
I logged into my yahoo email in chrome in an incognito tab and it logged into someone else's account. This was probably in 2014 (it could have been in 2013). I wonder if this was related at all.
djhworld 13 hours ago 2 replies      
Yahoo is so frustrating

I got the email this morning regarding the hack, I've not used Yahoo for a long, long, long time, so figured I would go and delete my account.

So I log in, password in 1password is incorrect, no big deal I go to reset it. They send me an email, I reset the password then go through the account deletion process. It tells me my account is "deactivated" and will be deleted in 90 days

...Once that was done I just so happened to look through my emails to see what Yahoo had sent me in the past and I saw that I had undergone the exact same procedure (deleting my Yahoo account, presumably after news about another hack) about 3 months ago but completely forgotten about it.

So what I must have done today was relogged into my 'deactivated' account that I 'deactivated' back in September, which caused it to become active again, then issued a 'deactivate' request again, so now I have to wait ANOTHER 90 days for it to be deleted.

I've made a note of this fact this time to avoid relogging into Yahoo again...

jondubois 17 hours ago 1 reply      
I'm using Yahoo mail and when I logged in, they gave me a link to their security notice. About 'Hashed passwords', it says:

"At the time of the August 2013 incident, we used MD5 to hash passwords. We began upgrading our password protection to bcrypt in the summer of 2013. Bcrypt is a password hashing mechanism that incorporates security features, including salting and multiple rounds of computation, to provide advanced protection against password cracking."

WOW. So basically they did not even salt their passwords until 3 years ago! I knew about the importance of salting password hashes since I was like 17 years old and this mega billion-dollar corporation did not.

Also, they claim:

"Hashing is a one-way mathematical function that converts an original string of data into a seemingly random string of characters. As such, passwords that have been hashed cant be reversed into the original plain text password."

Which in the case of MD5 is a deceptive claim; even a basic dictionary attack could probably reverse at least 50% of all their accounts' MD5-hashed password (assuming most people use one-word passwords with maybe a few digits at the end).

dfar1 1 day ago 0 replies      
What a hot mess. I am glad I mostly ignored their services over the years.
blauditore 10 hours ago 1 reply      
In the context of (unsalted) MD5 passwords: If they have a large legacy base of MD5 hashed ones, how would one "move" those to a stronger hash function?

I can imagine something like re-hashing the existing one with a better algorithm and some salt, and storing new ones solely using the new algorithm + salt. But that introduces some additional complexity because every hash needs information about how it was hashed (MD5 + X vs. just X).

Is there an established best practice for this?

harigov 1 day ago 2 replies      
I hope they stopped depending upon those security questions if that is part of the leak. On a side note, this seems like a great time to be an abuser. One can collect so much information about users - they may actually have more data than any govt in the world.
mkhpalm 1 day ago 6 replies      
Guys... let's just delete our Yahoo accounts. That company can't go bankrupt fast enough. It will sell our data for quarters.
ben174 1 day ago 2 replies      
This is a time where a decent password manager comes in handy. I can look in my password history to see what my password was in August 2013, and see if that password is still in use anywhere else, then change the password on those sites.
dingbat 1 day ago 0 replies      
security is important, but lets not forget the strides theyve made in making meaningful connections with their audience via collaborative relationships with powerful leaders such as Katie Couric
tomc1985 1 day ago 1 reply      
For the longest time my yahoo account (which I had not checked on in many years) reported at least a dozen open sessions originating from IPs in Russia and Eastern Europe, and unlike my legit sessions I was unable to kill them in the control panel (the site would bug out)

So yeah, Yahoo's been hacked. Duh...

Finance and Flickr are about all Yahoo is good for any more, and I think my portfolio page loads (instead of 404'ing) maybe 1/2 the time I request it...

(God I really hope they dont mess with flickr though...)

rakibtg 10 hours ago 1 reply      
While i was new to programming and i read some articles about why not to store password in clean text, a google was enough to taught me about blowfish algorithm and the concepts of higher costs hashing benefits! Well my life first program was more secure then Yahoo i guess, storing password in MD5 too bad Yahoo...
barking 16 hours ago 1 reply      
I'd forgotten my yahoo password but wanted to change it.They sent a code to my phone and I was able to do that.

Then I tried to set up 2 factor authentication but I am unable to do it. It keeps rejecting the same phone numberas being either invalid or not recognised as a contact, no matter which format I choose to enter it. I've dropped the interational prefix, added it, added and dropped the plus sign, added and dropped the 0 after the international prefix etc etc.

I'd dump yahoo altogether except it's the email for my paypal for over a decade and i can't change that.

icpmacdo 1 day ago 2 replies      
When are the mutlibillion dollar lawsuits that cause these idiots to get it together with security
hvo 1 day ago 1 reply      
MD5 in 2016?.I hope yahoo can save itself and tech community all this embarrassment by just going out of business one and for all.Folks at the helm of affairs at yahoo are incompetent. And it is about time government started to persecute incompetent CEO.
fname 1 day ago 1 reply      
Maybe that can get Verizon another $1B discount.
wdr1 23 hours ago 0 replies      
If you collect user PII & get hacked, you should be obligated to pay for the damages. Specifically, covering the user for identify theft monitoring for 10-15 years.
witty_username 21 hours ago 1 reply      

Chrome says "The server presented a certificate that was not publicly disclosed using the Certificate Transparency policy. This is a requirement for some certificates, to ensure that they are trustworthy and protect against attackers."

Probably my Chrome version is too old I guess? (probably not, it's 53 which is only a little behind the latest).

dom0 1 day ago 0 replies      
By now it's probably easier if Yahoo just published the (short) list of services that weren't owned through-and-through right under their noses, and notify users unaffected by any breach (0 rows returned).
jupp0r 13 hours ago 0 replies      
What happened that made them disclose this > 3 years later?
jlgaddis 1 day ago 0 replies      
I just attempted to log in to an old @yahoo.com account that I haven't used in probably five years or more.

On the login screen, there was a short notice about this breach (with a link to more details), and after logging in I was prompted to create a new password, and update recovery emails / phone numbers.

That doesn't negate any of this shit that happened, obviously, but maybe they're at least gonna try to make things better (we can hope, anyways).

fluxcap 7 hours ago 0 replies      
This just proves that Silicon Valley is full of geniuses.I mean, look at how cleverly Yahoo kept it a secret for so long!Well, at least the Valley's rapacious landlords got paid.
AndrewMock 1 day ago 0 replies      
Being a Fortune 500 CISO must be so easy. Corporate expectations are evidently low enough that you probably don't have to show up for work.
automatwon 1 day ago 0 replies      
1 billion accounts. I'm curious: Has there been a bigger data breach, in terms of user volume?
nkkollaw 1 day ago 0 replies      
It's amazing that they're telling users to change their password/security questions 3 years after the hack.
adam12 10 hours ago 0 replies      
First thing I did was control-F "sorry", "apolo", "inconv".


hbosch 1 day ago 3 replies      
So, the scuttlebutt last time was that they disclosed the hack due to a potential Verizon buyout forcing their hand. Seems as though this could be the same thing, generally speaking.

Can anyone enlighten me as to how Verizon compels Yahoo to disclose this information? Or rather, how does Verizon know about these intrusions, if they do?

anton_tarasenko 1 day ago 1 reply      
nsxwolf 1 day ago 0 replies      
What good is requiring you to change your password on the next login? How do they know it's not just being re-compromised? There are a lot of accounts that are orphaned, but the contents are exposed and still a threat to the original owners.

Why not just lock the accounts?

voltagex_ 13 hours ago 0 replies      
What alternatives to Flickr do I have? I think I pay $25/US/year at the moment.
hacker_9 1 day ago 0 replies      
sigh this is really shitty news. In a time when governments are deciding more invasive surveillance is in everyone's best interest too, it's probably never been more profitable to be a hacker.
LargeCompanies 1 day ago 0 replies      
They can have 17 years of junk mail as that's all I ever used yahoo for
somewords 11 hours ago 0 replies      
FYI - the tumblr link for the notice redirected me to a "You have viruses installed on your computer" site. Hacker News just got phished.
kumarski 21 hours ago 0 replies      
Sales and marketing automation companies just got a huge boost in their capability to do SMTP validation.

Time to go check HANSA on the onion.

MarkMc 1 day ago 1 reply      
So when did Yahoo stop using MD5 as the password hash? 2014?
edem 16 hours ago 0 replies      
Is this __another__ 1 B users or the previous one which was already posted?
intralizee 22 hours ago 1 reply      
I don't know why anyone would still be using Yahoo as their email provider at this point.
overgard 15 hours ago 0 replies      
"passwords hashed with MD5" Jesus seriously?
SixSigma 1 day ago 0 replies      
Let's not forget that high ranking officials in the US govt. used Yahoo to send classified information to print at home.
drelihan 1 day ago 0 replies      
How does yahoo have a billion accounts???
disposablezero 23 hours ago 0 replies      
Yahoo - AOL email for grandparents, owned by Verizon, destined to be maintained by Taos.
iamrobinhood123 20 hours ago 0 replies      
Everything will come to light. All our info is being stored somewhere. One day, people who know you will be able to easily search a database of all your information for specific things.
cdevs 1 day ago 1 reply      
Security question : mothers maiden name?answer: 1q&#*v83%?ghd53

Date of birth : 01/01/2011

carbocation 1 day ago 1 reply      
I cannot tell from this disclosure -- have they updated their algorithm beyond MD5 at this point?
reiichiroh 1 day ago 0 replies      
This is the same Yahoo that wants us to switch to a LESS secure password-less Yahoo Key?
camus2 1 day ago 1 reply      
Notice that this is yet ANOTHER hack, not the one HN was talking about a few month ago. also notice they were still using MD5 passwords AND without salts ... None of these hacks have been disclosed directly to their users, I never got an email saying I may have been hacked and I should reset my password, irresponsible.
draw_down 1 day ago 1 reply      
I thought "didn't they already announce this recently?" Nope, that was a different one. Boy oh boy.
JustSomeNobody 1 day ago 1 reply      
What value does Yahoo have for Verizon now, the brand is so tainted?
cmurf 1 day ago 8 replies      
OK so I'd like to invite the pure free market types to explain how this gets fixed without any government, including no lawsuits. Because I keep hearing from free market types that 100% of phishing victims are ignorant and basically deserve what happens to them, if they can't learn that they're being duped they deserve to be duped, they somehow think wholesale loss of trust ends up being focused only on specific companies rather than entire technologies. And so on.

So how are these externalities dealt with where there is no such thing as insurance for this type of breach? There's no way to put the toothpaste (my private information in the form of answers to personal "security questions") back into the tube (only my brain or nearby sphere of influence).

And this goes along with IoT devices that aren't having their known exploits patched by their manufacturers. Similar problem different details.

So without broad laws that say this is wrong and here is a mechanism to attach a tangible cost to this information so a proper risk assessment is done, I imagine we keep seeing this happen with essentially no punishment beyond what Yahoo already is getting punished for.

platinumrad 1 day ago 0 replies      
Plain md5 again. Nice.
forf 14 hours ago 0 replies      
Oh no! All of those free offers could be stolen from me!
swehner 1 day ago 0 replies      
Easier to list who was not affected??!!
zmmmmm 1 day ago 1 reply      
Sorry, there's no shielding Marrisa Mayer from this. Yes, she had only been there a year or so. But that's long enough she should have been on top of security. Yes, she's just killing time until she leaves now anyway. But, the symbolic statement is still important - she should resign.
szul 14 hours ago 0 replies      
MD5 hash? Jesus...
netrap 1 day ago 0 replies      
I guess this is the final nail in the coffin...
GoodieBear 1 day ago 0 replies      
This Yahoo company seems pretty cavalier.
myf01d 20 hours ago 0 replies      
> MD5 hash


DougN7 1 day ago 0 replies      
This occurred in 2013.
serashioda 18 hours ago 0 replies      
Thank goodness I use gmail?
dimino 23 hours ago 1 reply      
I thought we knew about this already, is there more info than before?
EGreg 1 day ago 0 replies      
I didn't know Yahoo had 1B accounts. Most must not be active, otherwise how could they be so small financially compared to Facebook and Google?
CodinM 1 day ago 0 replies      
sciurus 1 day ago 0 replies      
sqldba 1 day ago 4 replies      
jwatte 1 day ago 0 replies      
jasonmp85 1 day ago 1 reply      
Anyone up for trying to get a corporate death penalty law on the books?
Yahoo installed a backdoor for the NSA behind the back of the security team diracdeltas.github.io
959 points by xenophonf  23 hours ago   272 comments top 35
peterkelly 22 hours ago 6 replies      
I know this is from October, but it warrants re-reading now.

Today, Yahoo announced a hack of 1B accounts. They say they don't know who it is, but we can conclude it's not the US government because Yahoo is willing and legally able to publicly disclose it.

Previously, Yahoo willingly assisted an attacker in compromising 1B accounts. In this case, they did not disclose the attack publicly, or even to their own chief information security officer, because in that instance the attacker was the US government itself.

US intelligence activities are actively harmful to American commercial interests because they destroy trust, particularly from customers elsewhere in the world.

[1] http://arstechnica.com/tech-policy/2016/10/report-fbi-andor-...

walrus01 22 hours ago 34 replies      
I seriously think that to get a CS or EE degree (or similar) B.Sci degree, you should be required to take at least one full term length ethics course. Same idea as the ethics courses taught to junior law students.

The internet is already fucked up enough with governments and rogue corporations messing with its AS-adjacency topology in non-free ways at OSI layers 1-3 , before you even get into stuff like writing backdoors at layer 4+ to pass all email to the NSA.

pksadiq 14 hours ago 1 reply      
> [Update (12/14/16): Reuters has specified that the rootkit was implemented as a Linux kernel module. Wow.]

Hm.. One more proof to avoid using non-free binary blobs in Linux kernel. Be safe. Use Debian GNU/Linux without non-free repo or any better[0] one.

[0] https://www.gnu.org/distros/free-distros.html

brian-armstrong 23 hours ago 2 replies      
Let's say you were on security on and found it on the network. Would you somehow be bound by a gag order about it, since you would never have seen said gag order?
greenyoda 23 hours ago 2 replies      
This is an old story that was discussed extensively when it was new (in October):


mouzogu 9 hours ago 0 replies      
What is a "backdoor" exactly? Another euphemism used to disguise something much darker I imagine.

Usually a "backdoor" is something you would be aware of in your home. You know you have a door round the back. This is more like your landlord giving the keys to a stranger who comes and stares at you every night when you're sleeping and rifles through your draws and cabinets.

danbmil99 16 hours ago 1 reply      
What really upsets me about this is the idea that the security team was bypassed, effectively compromising security for Yahoo and every one of their customers. The idea that a company executive would knowingly bypass their own CSO, and take it upon themselves to understand the risks they are introducing, is mind-bogglingly stupid and egregious.

Marissa Meyer, if she approved this, should be deeply ashamed of herself.

ryanmarinoff 23 hours ago 0 replies      
With the way the execs of Yahoo handled the 2015 back door, there is a likelihood that the 1 billion + 500 million compromised accounts were due to an exec decision that no one knew about. That individual or group of individuals may not be at Yahoo, and kept everything quiet. Or, the individuals may not even know that they did it!
fulafel 21 hours ago 0 replies      
From a threat modeling POV, this is an interesting type of insider threat. A high-privileged faction of the company is hijacked (via extortion) by a malicious third party with legal leverage.
hoodoof 23 hours ago 0 replies      
But Yahoo definitely does not know how it got hacked, losing 1 billion accounts.
peterkelly 22 hours ago 0 replies      
Seriously, why the title change? Sometimes the title tells you nothing - wouldn't it be reasonable HN policy to allow the title if it's an accurate summary of the first paragraph?

"Yesterday morning, Reuters dropped a news story revealing that Yahoo installed a backdoor on their own infrastructure in 2015 in compliance with a secret order from either the FBI or the NSA"

Edit: Looks like it's changed back now - great. For a brief period the title was set to "Surveillance, whistleblowing, and security engineering".

electic 21 hours ago 1 reply      
If they are doing this at Yahoo, what proof do we have they are not doing this at Google...right at this moment?
stefek99 13 hours ago 1 reply      
Ever since I started using email I though law enforcement has continuous, uninterrupted access to my communication.

News like this are no news to me :)

titzer 12 hours ago 1 reply      
Face it, the US government is not operating like it has the best interests of the people as its core motivation.
tootie 23 hours ago 2 replies      
Whelp. Yahoo is officially over today. It was quite a fall.
milansuk 13 hours ago 1 reply      
I'm wondering what will happen? More users will start using decentralized and open source programs? They will run their own mail server? Or They will hate NSA, but still push personal data to few big corporations?
JustSomeNobody 14 hours ago 1 reply      
I think we need to find ways to hurt big companies in the pocket book who do this. Stage (IT) employee walkouts, boycot the products they sell, etc.

Somehow, _we_ need to get the upper hand over the surveillance monster the US is becoming.

benevol 18 hours ago 0 replies      
Does anybody still doubt that all major closed-source software companies in the US (but probably elsewhere too) will put backdoors in their software products and therefor on your hardware?
dsfyu404ed 12 hours ago 0 replies      
What I wonder is how this slipped past the security team? I had an internship with a defense contractor my junior year of college and they would have been all over that.
avdempsey 17 hours ago 1 reply      
Taking the headline literally "Yahoo installed a backdoor for the NSA behind the back of the security team" is as much an indictment of then-Yahoo's security team as a reminder that's it's a possibility for other companies to consider.
OverThere 11 hours ago 0 replies      
Yahoo has completely lost my trust forever... looking forward to the day they don't exist anymore.
huac 22 hours ago 2 replies      
Yahoo stock hasn't moved very much recently over these issues. I guess the market still thinks that the Verizon acquisition will still go through. For context, the price was ~$43 after the acquisition and closed at ~$41 today.
voycey 18 hours ago 0 replies      
2 of my friends had their Yahoo accounts compromised and then their credit card off the back of it - I want to say its a coincidence but....
jlebrech 14 hours ago 0 replies      
if you're forced to installed a backdoor do you have to maintain it?
kakarot 21 hours ago 0 replies      
So who built the backdoor? Do we know if it was existing software or privately contracted?
norea-armozel 8 hours ago 0 replies      
Ouch. And I have at least one active account on there for Flickr. Nice to know they basically screwed over the security of the entire site. I guess I'll have to delete that account now.
oonny 21 hours ago 0 replies      
and they wonder why i use yahoo for my marketing spam newsletters.
lasermike026 10 hours ago 0 replies      
Wow, that was stupid.
chinathrow 19 hours ago 0 replies      
Great Yahoo - way to sink the ship.

Yahoo won't be the one and only lucky receiver, hello Google, Apple...

known 21 hours ago 1 reply      
Does Yahoo violate its Terms and Conditions?
peteretep 23 hours ago 1 reply      
ronreiter 22 hours ago 6 replies      
disposablezero 23 hours ago 1 reply      
Fuck Yahoo, AOL and Verizon.
hourislate 22 hours ago 1 reply      
I would be surprised if anyone was using Yahoo for anything but a spam account when this occurred.

I guess a really good indicator that things were not right was when the CSO left the company with no real reason. He was like I want no part of this shit.

hash-set 12 hours ago 0 replies      
So sad what tech people in this country have become. I prefer the anarcho-capitalists. Statism is ugly, ugly, ugly.
Waymo: Google's self-driving car company waymo.com
775 points by davidcgl  2 days ago   747 comments top 66
joeguilmette 2 days ago 25 replies      
I'm interested to see where all the major players end up in 5yrs:

Tesla bootstrapping a ride service on the backs of buyers

Waymo directly rolling their own fleet

Uber trying to get a self-driving fleet up, burning mountains of money to maintain their "monopoly" on Uber for rides

Lyft working with GM to get a fleet up

All of the other car manufacturers trying to get autonomous vehicles going, presumably hoping for consumers to still want to own a vehicle rather than just pay $1 to get a ride

So: How much is Uber's market share worth? I suspect it'll evaporate overnight in every market where another service has autonomous vehicles and they don't.

Also: Private car ownership is going to fall off a cliff shortly after autonomous ride services arrive. Which probably means general demand for vehicles will fall off a cliff.

I predict blood on the walls.

walrus1066 2 days ago 22 replies      
It feels there's a mountain of hype around autonomous vehicles. I think the core challenges to a fully autonomous vehicle (with no human backup), are still far from solved. They need to reliably deal with an almost infinite number of edge and corner cases, each quite different from the last. For example:

- communication with other human drivers. In London, this is required all the time, like when parked cars block the road, allowing just one car through. Or traffic light out of action, so you negotiate with other cars using hand gestures, light flashes etc

- endless roadworks, that change what lane you're allowed to go on, turn a two way road to one way road.

- random debris on road. Plastic bag - safe to drive through, wooden plank - safe, plank with nail - not safe.

- loss of GPS, mobile data, or both (again, surprisingly frequent)

- making way for emergency vehicles (sometimes need to drive into lane you're not normally allowed to go, I.e. Bus lane, pavement)

- policeman coordinating traffic

So far, I haven't found any evidence of autonomous cars dealing with the above. If anyone has, please post.

metakermit 2 days ago 1 reply      
More business info in this Forbes article:



> Were now an independent company within the Alphabet umbrella,

> Google is currently equipping a fleet of 100 hybrid Chrysler minivans with its sensors and computing gear that will soon join its nearly 60 prototype autonomous vehicles. The company hasn't yet disclosed when and how it will begin generating revenue from its efforts and Krafcik declined to discuss specific business plans today.

arijun 2 days ago 11 replies      
I still don't understand why every company doing self driving cars is focusing on consumer cars while no major player is doing interstate trucking. Interstate trucking could pretty much be done now, and has several advantages. Driving on interstate freeways is orders of magnitude easier than driving in a city with pedestrians, bikes, cars parked in the road, etc. And there is a great monetization scheme--no driver means you can get it to its destination more quickly and more cheaply.

(The thought is you'd hand off to a real driver once you get in to a city)

Unklejoe 2 days ago 2 replies      
Its going to be interesting watching how local police departments and municipalities handle the widespread adoption of autonomous vehicles.

In my town (a suburban town with a low crime rate), the police spend the majority of their time enforcing traffic laws. The municipal courthouse is always filled with people, and if I had to guess, Id say that 80% of the people are there as a result of a traffic violation, while the other 20% are there for drug offenses/other.

It seems like autonomous cars would lead to a drop in traffic offenses and thus revenue. Even if only a tiny portion of the towns revenue actually comes from traffic violations (when compared to local property tax), there would probably be a lot more idle time for police.

I suspect that they will first start to raise our property taxes to compensate for the lost revenue, but I would think that the long term effect would be a reduction of municipal workers/police.

Of course, this doesnt apply to other areas like Philadelphia, where police spend only a small percentage of their time enforcing traffic laws.

visarga 2 days ago 5 replies      
At least they could have given a more up to date report on what they are doing. 7 years passed since 2009 and all we've seen is a couple of promo videos with scant actual information. We have no idea how they compare to Tesla or other self driving car startups.
boxcardavin 2 days ago 3 replies      
Google's commitment to SDCs has always seemed half hearted so I wonder if this indicates that they are getting more serious about it. Moonshots at X have been getting the axe, the SDC stuff seems to be the only obviously viable one right now.

To the surprise of many folks (myself included) it has turned out that SDC tech is probably for existing manufacturers to develop versus software guys learning how to build cars without the massive supply chains needed to assemble 4000lb widgets. Before anyone points to Tesla, try getting inside a $140k Tesla and then a $140k Mercedes and it will be obvious what advantages there are to having manufacturing experience stretching decades.

joezydeco 2 days ago 2 replies      
Interesting that this very same day, the US Government is looking into proposals to require vehicle-to-vehicle communication in passenger cars to enhance safety.


graaben 2 days ago 0 replies      
Although this site doesn't really offer any substance, I'm glad that Google is making this project more public. Not only it nice to have updates on the project (I do hope they continue to update this site with their progress) but I think PR campaigns like this will go a long way to swaying popular opinion on self driving technology. The faster they can get the public on their side, the fewer regulatory hurdles they will face.
heywire 2 days ago 6 replies      
On days like today, when there are several inches of snow on the ground and more to come, I always wonder how autonomous vehicles will handle such situations. What happens when snow (or mud, etc) accumulates on the camera or sensors? I don't doubt that a computer can react quicker and with more precision in an "event", but what about when it simply can't "see"? I don't see a steering wheel in these videos, so I guess there is no manual failsafe?
dfar1 2 days ago 0 replies      
I am confused. Was there some news today that they wouldn't have their own car, and instead would use their tech with existing car companies?
bertil 2 days ago 0 replies      
There is an announcement today too that Google will not be operating that technology, but focus on selling self-driving to car manufacturers.

Does this mean that Alphabet will keep on working on building their own cars but under a different company? The association between the two is a little confusing at the moment.

riprowan 2 days ago 3 replies      
A lot of comments here and I haven't seen one that addresses the problem of impulsivity. Many / most of the times I need a car are not schedulable events but impulses. For example when I'm working on a project around the house, it's typical to need to run up to the hardware store 3 times in a day.

I think autonomous transport will be very popular but shared vehicles will be hardly more popular than Uber / taxis are now. If you think that shared autonomous vehicles will be significantly more popular than shared conventional vehicles are today, I'd be interested to hear why. Is it primarily cost savings?

shogun21 2 days ago 2 replies      
I feel like they're really getting on the cute-sy theme, from the car's friendly design to the name "Waymo".

The lack of control is still kind of terrifying so I think they're trying to make it as non-threatening as possible.

fareesh 2 days ago 1 reply      
What is it about car hardware+software that gives people confidence that the operating system / some core process won't crash or reboot in the middle of a turn or brake? I'm not familiar with the architecture of "mission critical" systems which I assume would be similar to what they use in these cars.
jrowley 2 days ago 3 replies      
How long until someone puts a personal gym inside a self driving SUV, so you can workout during your commute? I can imagine people running on a treadmill inside a car while it is stuck in traffic. Or at least sitting on a trainer.
shardo 2 days ago 1 reply      
I'm not sure how I would feel about the absence of steering wheels and pedals within their cars.

Tesla's auto-pilot can be over-ridden due to the presence of the steering wheels and the pedals. But in a car that has none, you're not in control. And that, is scary no matter how you look at it.

nojvek 1 day ago 1 reply      
Its great that waymo has its own brand now. I really wish udacity's open self driving car takes off as well. I predict there will be a linux of self driving car software/hardware kit that will be battle tested, reliable, secure and solid with contributions and test cases from all around the world.

I also really think someone should invent a solution to convert existing modern cars with brake, gas and steering from CANbus to self driving cars by installing a kit.

The current car manufacturers can simply make really good cars with cameras and sensors integrated. One can then install open software adapted for the region that is always getting updates. The test cases and lidar data is put in a giant shared repo whose ownership is the community. E.g OpenStreetMap and wikipedia.

Same software can be used for smaller robots to dispatch packages to the front door, or robotic lawn mowers, rubbish trucks, cleaning trucks e.t.c

That would be a fantastic future to be part of.

meterplech 2 days ago 3 replies      
Obviously this vision is compelling. I'm confused by the decision of their prototype car to not have manual control overrides (e.g steering wheel or something similar). Air travel has been revolutionized with autopilot, but there are clear overrides for safety in case systems crash. I don't think we need to be wed to the pedal + wheel paradigm - but having a manual override option seems critical to safety.
kLeeIsDead 2 days ago 1 reply      
How is this news? So what, they slapped a new name on the project. What about actual progress on the tech?

Honestly, with Google's track record, I'm starting to doubt that this will ever ship. It just seems like a huge marketing tactic at this point. Plus. all of the talent has moved to companies like Otto and comma.ai; who are making tangible progress in this space.

pera 2 days ago 0 replies      
Google seems to like logos with a W shape (Wallet, Wave, now Waymo). I wonder if that's on purpose, as in making a reference to WWW in some way.
gaspar 2 days ago 0 replies      
I can see the potential of self-driving cars for long distance trips (e.g. SF-LA) or for big trucks, but I can't see it for everyday use especially if someone has kids. How many times an average person in US uses her car? 2-3 without kids and maybe more than 4-5 with kids(I think my numbers are probably too low)? For this to be viable economically, the pricing has to be very low and in order to be very low all of the people has to use this "self-driving service". This creates another problem though, you will have to plan your "short ride" ahead of time, e.g. what happens if you want to leave at the last moment and no car is available around you? And then there is another problem, if the self-driving service is cheap the ownership of the car is going to be even cheaper. A lot of variables and difficult to answer questions. I don't know if we ever going to be a society without car ownership and to be honest as long as there is no traffic I like driving, and it makes me relax. I see it more as a fancy option for cars, like what Tesla does, but to completely remove the car ownership is going to take many decades. Before cars there were horses and stuff so the transition was easier. This is going to be very tough.
laurentoget 1 day ago 0 replies      
My real question is whether they will be able to convince american customers to give up one of their most prized status symbols. It feels from this webpage their main argument will be safety, so I guess we will find out how much human life weighs against the thrill of owning and controlling fast, expensive and shiny machines.
ticktockten 2 days ago 0 replies      
Am I the only one getting a 404 on this URL?
gpmcadam 2 days ago 0 replies      
You'd think Google would have considered optimising the content on this page as per their own recommendations:


jonthepirate 2 days ago 0 replies      
More power to anybody who's willing to put their children in a car and not pay attention to the road or have control the outcomes of relentless traffic threats all around them.

In my view, all of this technology is much better suited to aid the human driver as a safety enhancement system rather than a full replacement for vehicle navigation.

devy 2 days ago 0 replies      
On the FAQ section,

Q: "I'd like to join the team. Where can I find a list of open roles?"A: "You can learn more about available roles here[1]."

And interestingly, that link[1] is broken :)

Update: it's fixed NOW!

[1]: https://waymo.com/join/

mberger 2 days ago 2 replies      
Interesting that they built the site with Angular 1.5.7. I thought they would want to showcase Angular 2.
dispose13432 2 days ago 2 replies      
What I don't understand is if trains aren't completely automated, planes aren't completely automated, subways aren't completely automated, ships aren't completely automated,

How are CARS supposed to be automated??

rudolf0 2 days ago 1 reply      
Really shallow of me, but the name kind of turns me off. "Uber" or "Lyft" are just whatever, but Waymo sounds like... something an infant would sputter out. Or "Lame-o".
shanwang 2 days ago 2 replies      
Looking at it, I'm thinking google hasn't learnt anything about the failure of google glass, who wants to buy a car like that?

A car is more than a commuting tool, it really matters how it looks.

ipreferhumans 2 days ago 0 replies      
Being a pedestrian sharing space with moving autonomous cars is not a future I'm looking forward to, not one bit.

1. Pedestrian->driver observation and interaction are the primary factors in deciding what's safe.

2. Roads full of networked autonomous vehicles are a hack away from becoming hoards of hurtling tonnage.

In my opinion this is all a solution looking for a problem and we should know better than to make our roads so utterly hostile to our own kind.

fh973 2 days ago 0 replies      
... meanwhile Microsoft successfully attacks the billion dollar office communication market.

Seriously, Google has had so many growth businesses in their hands and just fails to execute on them. This might be for one part because of its internal structure but I get the impression that many of these things look not exciting enough for its leadership.

melling 2 days ago 2 replies      
The hardest problem to solve will be the humans who bully the polite self-driving cars:


scarmig 2 days ago 1 reply      
If you look at the cumulative miles driven, the slope has a tendency to increase, as you'd expect as you added more cars to your fleet.

In 2013, though, there's a regression in number of new miles logged, and it took until 2015 to catch up to 2012 numbers. Can anyone give insight into the cause?

iblaine 2 days ago 2 replies      
What does waymo mean?
thomasthomas 2 days ago 0 replies      
this comment section is hater news at its finest. autonomous will change all of our lives for the better sooner than you think. edge cases will be solved. the competition will be interesting, rooting for everyone.
hartator 2 days ago 0 replies      
> Imagine if everyone could get around easily and safely, without tired, drunk or distracted driving.

I don't really think we should place drunk driving at the same level as tired or distracted driving.

dang 2 days ago 0 replies      
There's also a Wired article about this at https://news.ycombinator.com/item?id=13168781.
blancotech 2 days ago 0 replies      
All I can think of when I hear the word Waymo https://www.youtube.com/watch?v=_lMu8V5Xa90
wiz21c 1 day ago 0 replies      
How will this affect climate change ? I mean, will autonomous driving increase or decrease the number of cars on the roads ?
iMuzz 2 days ago 0 replies      
The only thing I really learned watching that video is that google decided to call its autonomous vehicle unit 'Waymo'.

While I'm excited, I'd love to know how they actually plan to roll this out!

pookieinc 2 days ago 1 reply      
This is really exciting! I see these cars all over the place in the Bay Area, so it's nice to see that they're at least one step closer in making it into a product and thus bringing it to reality.

I wonder about the internationalization of this product, especially if (or when?) it's brought to other countries and regions, such as the Middle East. In some of those countries, women aren't allowed to drive and men drive with extreme speed (and park in the most horrible of ways). While this will cut down on things like speeding / drinking / etc, it may also potentially impact social norms as well.

I'm hoping to keep a level-head about this project, but any step forward in this endeavor is worth being excited about.

turingbook 2 days ago 0 replies      
The self-driving car is just a component of bigger system, as new generation of servers on cloud centers. Riding service is cloud computing. I bet on Uber or Didi in China.
jeffmcjunkin 2 days ago 1 reply      
They have a number of blog posts that just launched on Medium: https://medium.com/waymo
gist 2 days ago 0 replies      
What's the story in the video with 'pulling at heartstrings' by featuring a blind person? The problem of a blind person getting a ride is obviously solved. But more importantly it's an edge case of a need for a vehicle that is self driving. And actually I wonder whether someone who is blind actually would rather have a human driver in the car and feel safer generally that way. Seem to me almost like a strawman in a way. In other words 'if you feel that you have to help the handicapped you need to be onboard with self driving cars'.
cr0sh 2 days ago 0 replies      
This post seems like a "way-back" post - considering Google has announced pulling from the self-driving car market (another HN post details it)...
tzury 2 days ago 0 replies      
Waymo will be the Android of the cars, that is, Google Technology on other's hardware.

Well decided Alphabet, very well decided!

chirau 2 days ago 0 replies      
Welp, the site no longer works. Let's hope they didn't shut down the project already, Google Wave style.
ilaksh 2 days ago 0 replies      
So when does the Waymo app come out that I can use to get an autonomous car to drive me to the store?
Pica_soO 2 days ago 0 replies      
How much alone are the parking lots worth in San Francisco? Imagine a city without those..
kin 2 days ago 1 reply      
The website is pretty explicit about it being just self-driving "technology". I wonder if they just plan to work w/ one manufacturer for now or if they're in talks w/ many. With so much competition, if they're all executed to the same standards of safety, my wallet is going to go w/ better design & aesthetics.
glbrew 2 days ago 0 replies      
They will get smoked by Tesla.
debt 2 days ago 0 replies      
definite old-school warner brothers inspired logo they got going on there


sidcool 2 days ago 0 replies      
Somehow the link is giving 404 to me.
perseusprime11 2 days ago 0 replies      
Do we even need a car in the future?
Skunkleton 2 days ago 0 replies      
The name sounds like a cartoon car crash.
codecamper 2 days ago 0 replies      
Easily mispronounced "whammo"
tedajax 2 days ago 0 replies      
So nothing new, just the name?
vthallam 2 days ago 0 replies      
This is great. Finally a separate division with focus and more accountability on the timeline i guess.
cjcole 2 days ago 4 replies      
"The average US city gets 26 inches of snow per year."


"Snowfall is 0 inches."


"Snowfall is 0 inches."


"Snowfall is 1 inches."


"Snowfall is 4 inches."

I hope they are driving far enough from their home bases to get some snow miles under their belt.


"Snowfall is 47 inches."

dictum 2 days ago 5 replies      
This is such a minor nitpick, but I'm bothered by it because I see so much performance-shaming coming from some Googlers:

The site loads large pictures for all viewport widths (ideally they'd load downscaled images for smaller viewports it's wasteful to load a large image for small devices) and the image files are PNGs when they should be jpeg or webp (example: http://waymo.com/static/images/journey/streets.png)

homero 2 days ago 0 replies      
You mean Alphabet
SippinLean 2 days ago 0 replies      
Sounds like "lame-o" D:
serg_chernata 2 days ago 2 replies      
I'm optimistic. I agree with Musks estimates. At most I see first fully autonomous vehicles being on the roads within 5 years.

Yes, they may only work in places with clearly marked streets but if I could use my autonomous car for daily commute or roughly 50% of the time it's still an incredible achievement and well worth the cost.

aoeu345 2 days ago 1 reply      
This repels me for a few reasons:

- Instead of talking about their car's capabilities on the front page, they include a pathos about drunk driving. I feel embarrassed how Google doesn't have more things to say about the car.

- It looks really unattractive, I could hardly call it cute.

- It's not in production, it's in testing.

These companies are sitting on mountains of cash! And they still fail to do things effectively! Apple and Google are just sitting on their fat cashflows while the world is getting very scary very fast. I'm tired of these "technology" companies doing complete fails of R&D projects, too damn shy to leave their advertising revenues. We need leaders with real courage.

New NIST password guidelines: don't require character types or rotation nist.gov
628 points by aaronharnly  2 days ago   300 comments top 24
aaronharnly 1 day ago 4 replies      
Operative bit in 5.2.2: "Verifiers SHOULD NOT impose other composition rules (mixtures of different character types, for example) on memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically) unless there is evidence of compromise of the authenticator or a subscriber requests a change."

I'm cautiously hopeful that this will supply needed ammunition for those advocating for saner password rules and policies in organizations big and small.

bdamm 1 day ago 6 replies      
This part is very good advice:

 When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list of known commonly-used, expected, and/or compromised values.
So, no rotation, no character set rules, but the password better not be already known. They specifically refer to comparing against a corpus of known broken passwords. Very good.

Angostura 1 day ago 2 replies      
This bit caught my attention:

>Memorized secret verifiers SHALL NOT permit the subscriber to store a hint that is accessible to an unauthenticated claimant. Verifiers also SHALL NOT prompt subscribers to use specific types of information (e.g., What was the name of your first pet?) when choosing memorized secrets.

I wonder if Mastercard and Visa will reconsider this policy.

labster 1 day ago 1 reply      
"If Unicode characters are accepted in memorized secrets, the verifier SHOULD apply the Normalization Process for Stabilized Strings defined in Section 12.1 of Unicode Standard Annex 15 [UAX 15] using either the NFKC or NFKD normalization."

I had not even thought about normalization before in this context, but I could see it being an issue if a user moves to a new device. But what if new composed characters are added to Unicode, does that mean the user can no longer log in with NFC passwords? I guess that K in NFKC is important.

hug 1 day ago 0 replies      
Previous related discussion around these rules here: https://news.ycombinator.com/item?id=13016948
SeanDav 1 day ago 0 replies      
> "When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list of known commonly-used, expected, and/or compromised values."

This has to be applied to the whole password (which it implies anyway) or you end up with the rather silly situation which I encountered the other day when I had to create a temporary password for a Microsoft service. It absolutely refused to accept even a very secure password if there was a portion that was not secure.

For example:a password similar to "$4(password(!monsT3rDiet%@" was rejected. But if I removed the word "password" and made the string shorter (and therefore less secure), that was okay!

peterjlee 1 day ago 5 replies      
I'm not sure if accepting unicode characters is a good idea. It would make it more secure but you can very easily get locked out of your own account if you try to login from another device without the correct input method.

Here's one extreme example of it:"I included emoji in my password and now I can't log in to my Account on Yosemite"(https://news.ycombinator.com/item?id=10742351)

cmurf 1 day ago 0 replies      
"Memorized secrets that are randomly chosen by the CSP (e.g., at enrollment) or by the verifier (e.g., when a user requests a new PIN) SHALL be at least 6 characters..."

Does this include credit/debit card PINs?

"Verifiers also SHALL NOT prompt subscribers to use specific types of information (e.g., What was the name of your first pet?) when choosing memorized secrets."

I take it this proscription applies to the actual passphrase, not as part of an account reset mechanism? If so, that's too bad, I really don't like these questions let alone the storage of the answer. Are these answers secrets though? If so, send like it's proscribed, and also they have to be salted and hashed in which case the answer itself isn't being stored.

TwoBit 1 day ago 8 replies      
I never understood thecidea of having to change my password periodically. The password was good last month, why isn't it good now?
discreditable 1 day ago 0 replies      
rconti 1 day ago 0 replies      
Super relevant because today I got the annual reminder to check my Social Security statement online.

Go to login, password expired. Expires every 6mo. Also, requires punctuation. I type in a typical strong/long password and it says "weak" until I append ! to the end and magically now it's "STRONG!"

guelo 1 day ago 2 replies      
At my publicly traded company I was told that they have to do password rotation because of Sarbanes Oxley. Is there any truth to that?
OliverJones 1 day ago 1 reply      
It says "SHALL be generated using an approved random bit generator." What are some examples? debian /dev/urandom? dotnet RNGCryptoServiceProvider? others?

Who approves this stuff? Does anybody know?

Tostino 1 day ago 0 replies      
Interestingly enough, I just recently released a password strength library which can help enforce these exact requirements. https://github.com/GoSimpleLLC/nbvcxz
ht85 1 day ago 0 replies      
Good to see that after all this time dodging corporate pressure to implement counter-productive measures, the guidelines themselves have changed for the best :)
torbjorn 1 day ago 2 replies      
>Unicode [ISO/ISC 10646:2014] characters SHOULD be accepted as well.So, can passwords contain emojis under these guidelines?
protonfish 1 day ago 1 reply      
Wait, 10,000 iterations of the has function? That's surprising, and of questionable value.
Dylan16807 1 day ago 0 replies      
That code points are counted as a single character is absolutely mandatory, but there's no requirement to allow passwords over 6 characters? Interesting choices.
warunsl 1 day ago 0 replies      
This was very counter-intuitive to me until I've read the explanation.
stefek99 1 day ago 1 reply Memorized Secret Verifiers

I prefer plain English aka "passwords"

vog 1 day ago 0 replies      
Obligatory XKCD on this topic:

"Password Strength"


kutkloon7 1 day ago 0 replies      
Finally some common sense in guidelines (appearently, some people need guidelines for this stuff because they have no common sense).
nicois 1 day ago 0 replies      
German research institutions boycott Elsevier uni-goettingen.de
540 points by millettjon  7 hours ago   79 comments top 14
hannob 7 hours ago 7 replies      
The thing is, scientists have a much more powerful tool to stop bad publishers: Don't give them your texts.And maybe even more important: Don't demand from your applicants that they have published in high impact journals from the very same publishers that make your life hard.

That might really change things.

Everyone has been complaining about Elsevier for years now. They still have publications and they still seem to have no problem to fill them. That's the problem.

anton_tarasenko 6 hours ago 1 reply      
Professors don't care about high prices. Universities pay for subscriptions. The pricing is political in Europe where education is funded by the public. US universities pass high prices over to students. Students pay with debt since good universities have oversupply of applicants anyway.

Elsevier had been buying academic journals for decades. A typical scheme is like Cell's story.

A professor establishes a journal under a big university's publishing arm. Then the professor thinks how to make money. Elsevier makes an offer and the professor accepts it. The journal becomes the property of Elsevier and the editors keep reviewing papers for free because it's good for their CVs.

Looking at older HN posts[1], Elsevier becomes another Comcast. That said, boycotts have not reversed the Group's profit trend.

[1] https://hn.algolia.com/?query=elsevier&sort=byPopularity&pre...

return0 7 hours ago 1 reply      
https://sci-hub.ac/ is always there for you [edit: thanks]
thomasDE 6 hours ago 1 reply      
German researcher here.

There are multiple problems with the offer from VG Wort (which is the German association "representing" authors and publishers). One is that they raised the license fee. Another one is that they want to replace the current "flatrate" (where a university pays a fixed sum for the right to copy books or parts of books for education) with a individual billing concept. That means, lecturers have to report to administration for EACH part of a book or paper that they distribute. This model is not feasible as the administrative costs exceed the royalties which have to be payed for the copyright.

For this reasons, multiple virtual learning environments (which are used to distribute books and papers) in Germany might go offline in 2017 because the copyright situation is currently unclear.

More information (in German):https://netzpolitik.org/2016/deutsche-universitaeten-2017-im...

Someone 7 hours ago 0 replies      
No, they don't boycott; they play hardball in negotiations:

"The DEAL project, headed by HRK (German Rectors' Conference) President Prof Hippler, is negotiating a nationwide license agreement for the entire electronic Elsevier journal portfolio with Elsevier.[...]In order to improve their negotiating power, about 60 major German research institutions including Gttingen University cancelled their contracts with Elsevier as early as October 2016."

wofo 7 hours ago 1 reply      
It is refreshing to see the scientific community stand against Elsevier. Great news!
jmcdiesel 6 hours ago 3 replies      
Forgive my absolute ignorance on the topic - I genuinely don't understand this environment even though I'm interested, so please don't take this as a stupid or inflammatory questions...

Why are these publishers needed? What service do they provide these days? It seems their role is similar to publishers in other media (TV, movie, music, etc) that can and have been replaced due to the distribution ease of the internet. Aside from a distribution platform, what do these publishers provide?

jgord 1 hour ago 0 replies      
They should just keep going, and other countries join them - but don't do it as a bargaining tool, actually kill the company.

Its basically a scam, and its holding back scientific progress.

jimmytidey 6 hours ago 0 replies      
Elsevier must be extremely conscious that this can only drive the uptake of SciHub. German academia on the other hand must be aware that SciHub will soften the blow.
cknight 4 hours ago 0 replies      
This is really cool. I'm no scientist, but it was Uni Gttingen where I was properly introduced to the world of academia, doing programming for a research group there. This was just 2-3 years ago, and Elsevier was a regular discussion point at the lunch table. I'm glad all the talk has translated in to some real action, and so many have gotten on board.
captn3m0 7 hours ago 0 replies      
While this may be a major hiccup for researchers in Germany, I have to applaud this. Are the terms of the offered deal public?
swehner 44 minutes ago 0 replies      
I look at titles and abstracts, not at journal names, in my literature searches.
carbocation 7 hours ago 3 replies      
People want to publish in high-impact journals. Aside from name recognition (Nature, Science, New England Journal, etc), impact factor and similar metrics drive where people want to publish.

If you really want to strike at a particular journal or family of journals, you could work to convince academics not to cite articles in those journals. Since all these metrics are some variant of (inward citations)/(publications), usually over a 2-5 year window, this would have a tremendous effect.

fmax30 5 hours ago 0 replies      
Just three days ago my ML Prof (at TU Munich) told us to boycott Elsevier. Didn't know that this was a nation wide thing.
Open sourcing our Android and iOS apps kickstarter.engineering
554 points by mecredis  1 day ago   73 comments top 18
unsoundInput 1 day ago 4 replies      
Kudos to them. Compared to the web it's rather cumbersome to poke into packaged and released mobile apps, so I really appreciate access to the source of a real world app for learning and comparison.

The Android codebase looks very modern and well structured. I think it makes great use of many of the goodies (gradle, rxjava, retrofit, dagger, android support lib, ...) and learnings (bring your own MV*; use Fragments when you need them, stick to Activities if you can) that is state of the art in Android development.I think it's a great thing to skim through if you are interested in developing for Android or to compare it to you own app.

I can only assume that the same is true for I iOS. I'll certainly check it out should I start developing for that platform.

120bits 1 day ago 4 replies      
I'm not a mobile app developer by profession. But I always wanted to start learning and developing real world apps. The problem I always ran into the tutorials and demos, that they are mostly limited(i.e not close to solving real world problems). I think browsing their code, will give me a good start. And I would know how it's done right! Thank You!
tthbalazs 1 day ago 1 reply      
I had a chance to see Brandon from Kickstarter talk about their functional approach at the Functional Swift Conference in Budapest. I highly recommend watching it!


ohstopitu 1 day ago 1 reply      
Last year when I was working on a startup's mobile app for Android, it was almost impossible to find good quality code that was open sourced.

I am really happy that Kickstarter has released their android app as open source - would definitely be a great learning experience!

dblock 1 day ago 0 replies      
For anyone reading their post, we're so humbled by Kickstarter mentioning the tiny Artsy for having inspired some of this work. If you're interested in the open-source by default conversation and need some ammo to bring this to your team, start at http://code.dblock.org/2015/02/09/becoming-open-source-by-de...
krschultz 1 day ago 0 replies      
This is very exciting. There simply aren't a lot of open source "full scale" Android apps. Most of what you find are quick sample apps which simply don't show the complexity inherent in most professional apps. The largest other ones I'm aware of are Github, Google I/O, and some of the AOSP apps.
rezashirazian 1 day ago 0 replies      
The iOS app looks like a treasure trove, I can't wait to download it and dissect it. It'll be interesting to see how they integrated playgrounds into their development cycle.

I just wish they had upgraded to Swift 3.0

john_gaucho 1 day ago 0 replies      
This is great. I hope they also provided good documentation / commenting. This can be a fantastic learning tool for programmers at all stages.

Kudos to kickstarter.

perfmode 1 day ago 1 reply      
What's the purpose of Android's ApplicationGraph interface?


ocdtrekkie 1 day ago 3 replies      
This is pretty awesome. Just because an app connects to a single website/service doesn't mean there isn't a benefit to being open! It's good to be able to trust (and verify) the software running on our devices.
shmerl 1 day ago 0 replies      
Good! I try to avoid closed applications on my mobile devices if possible.
mwcampbell 1 day ago 0 replies      
I wonder if they've considered using something like React Native or Xamarin so they can share some of that functional-style code between the two platforms.
afro88 1 day ago 0 replies      
This is a really great example of how to do it right when it comes to Swift, MVVM, Reactive Cocoa, Testing, CI etc. Lovely code and architecture!
melling 1 day ago 1 reply      
They use Swift Playgrounds to do a lot of development:

"Swift Playgrounds for iterative development and styling. Most major screens in the app get a corresponding playground where we can see a wide variety of devices, languages, and data in real time."


I've recently bought into this development method too. It's not quite what Bret Victor dreamed up, but it's a big step in the right direction.

SimonSelg 1 day ago 0 replies      
This is awesome! Open source production apps are always useful.
alexashka 23 hours ago 1 reply      
iOS Project does not build - Xcode 8.2... There is a guard statement with no else clause, that's the first error I got. I didn't bother looking further because... a guard without an else could never compile, so what am I looking at?

I'm getting flashbacks from my last workplace where people merged in code that didn't compile and then went 'oh really? let me fix that real quick'...

Code wouldn't compile in master but the codebase... everything had to be clever. We can't just have a model, a network request to fetch/update for it, a view controller and view cells. A few storyboards and of course no bloody tests - it's a phone app.

No, we need protocols everywhere we can fit them, third party libraries - ones that haven't been out a few years (Reactive whatever), a third party library to make a basic GET request (Alamofire looking at you), a CSS styling library, a JSON to Model library, list goes on.

What we don't need is folder structure that lets you know this is the initial VC, the two folders beneath it are the 2 possible places you can go, the sub-folders in there are the places you can go from that VC and on and on.

Let's just dump all VCs in one folder, all cells in another. Nevermind that in 90% of the cases, that one cell is only ever used in that one tableview - no need to group those together.

I don't know - maybe it's just me - I'd rather I download a zip, open the project, click that triangle and it runs - this thing makes me jump through hoops, and it still doesn't work... And nothing makes sense, unless you go learn reactive cocoa - based on the amount of files/code, a clear waste of time.

EGreg 1 day ago 0 replies      
Does this mean we can clone it now or does the license prohibit that?
stirner 1 day ago 0 replies      
Open sourcing a client is pretty useless when the bulk of the logic happens inside a company's server somewhere.
GodBolt: Enter C, get Assembly godbolt.org
558 points by setra  21 hours ago   139 comments top 27
rzimmerman 19 hours ago 8 replies      
Try with gcc 6.2 options -Ofast -march=native:

 int square(int num) { int a = 0; for (int x = 0; x < num; x+=2) { if (!(x % 2)) { a += x; } } return a; }
All kinds of loop unrolling and vector instructions.Now remove the "!"

xroche 18 hours ago 1 reply      
This site is extremely valuable to produce good quality reports of GCC bugs. For https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67283, I was able to track multiple regressions on a GCC optimization over the different versions of GCC, within few minutes. Doing the same manually would have been extremely tiresome. Kudos to the website authors!
JoshTriplett 19 hours ago 4 replies      
One optimization I've always found impressive:

 #include <stdint.h> uint32_t testFunction(uint32_t x) { return ((x & 0xff) << 24) | ((x & 0xff00) << 8) | ((x & 0xff0000) >> 8) | ((x & 0xff000000) >> 24); }
compiles into:

 testFunction(unsigned int): mov eax, edi bswap eax ret
Another fun one, that only works with clang:

 #include <stdint.h> int testFunction(uint64_t x) { int count; for (count = 0; x; count++) x &= x - 1; return count; }
compiles into:

 testFunction(unsigned long): popcnt rax, rdi ret

samlittlewood 16 hours ago 0 replies      
Also, look at Matt's write up of how this works:


as a pragmatic example (incl. all tools & configs) of how to build an auto scaling & deploying site, without overdosing on kool-aid.

smitherfield 20 hours ago 4 replies      
I like the highlighting I finally understand why people say compilers generate faster code than a human could write. Pasted in a pretty straightforward and already fairly optimized function I'd written and of course got back something also pretty straightforward, then I put in "-Ofast -march=native" and, wow. Completely rearranged everything in a totally non-linear way and generated all sorts of bizarre (to me) instructions. I think I'd need to study it for months if not years to understand what the compiler did.
jdub 19 hours ago 1 reply      
Cool! Certainly quicker than loading up cross compilers (even when they're so easy to get on Debian/Ubuntu), building a binary, and running the right version of objdump.

The Rust Playground at https://play.rust-lang.org/ has a similar function, letting you check ASM, LLVM IR, and MIR (Rust's mid-level intermediate representation) output for current versions of the Rust compiler.

wibr 15 hours ago 1 reply      
I know C but no Assembler, so this looks like a good way to get more familiar with what's going on under the hood. It would be really neat if you could click on each instruction/register to get a short summary, though.
pjmlp 18 hours ago 1 reply      
For D, https://d.godbolt.org/

Also this is actually a repost from one year ago,


jerven 19 hours ago 5 replies      
Really cool, it surprised me to see even trivial code give very different results in gcc,icc and clang.

 int retNum(int num, int num2) { return (num * num2)/num; }
gives this in clang

 retNum(int, int): # @retNum(int, int) mov eax, esi ret
While icc and gcc give

 retNum(int, int): mov eax, esi imul eax, edi cdq idiv edi ret retNum(int, int): imul esi, edi mov eax, esi cdq idiv edi ret
The clang version at first sight seem right. But then thinking about it this is integer math.

 4/3 := 1
1 * 3 := 3 leads to 3 != 4I believe gcc and icc returning 3 there is correct, while clang returning 4 is not. Maybe someone more C/int versedcan tell us which are acceptable (knowing C both might be ok)

cfv 11 hours ago 1 reply      
Can anyone please explain why this naive pow() implementation is so freaking huge? I lack the chops to figure this out properly https://godbolt.org/g/YFvNWa
zitterbewegung 11 hours ago 0 replies      
it 19 hours ago 2 replies      
There's a Go version too: https://go.godbolt.org.
beardog 19 hours ago 5 replies      
Is this just a toy or does it have any place at all in real assembly projects? (I don't know assembly besides having tinkered with it a bit)

Cool project regardless.

nowne 20 hours ago 1 reply      
This is an amazing tool, I use it almost daily. Whenever I want to test an idea, or see what is going on in the assembly, I go straight to godbolt.
geofft 20 hours ago 1 reply      
Note that "GodBolt" isn't some clever Zeus-inspired service name, "Godbolt" is just this fellow's last name.
syphilis2 19 hours ago 1 reply      
I can't edit the code samples using a mobile Firefox browser. Attempting to delete text and then type new text results in the deleted text reappearing appended to whatever new text I typed.
ndesaulniers 10 hours ago 0 replies      
folks interested in doing this locally should play around with objdump
anthk 9 hours ago 0 replies      

 square(int): mul r0, r0, r0 bx lr Mips is damn awesome.

flukus 20 hours ago 4 replies      
That's really cool. Is it actually compiling in the background? Is this a tool you wrote?
rawnlq 17 hours ago 1 reply      
Xcode has a disassembly view that's really similar (and works with lldb!).

After moving back to linux I haven't found a replacement ide that's as nice for doing c++ development.

selckin 17 hours ago 1 reply      
Java version @ https://javap.yawk.at/
rado 18 hours ago 0 replies      
Reminds me of SPHINX C--, which was great.
teddyuk 15 hours ago 0 replies      
we need a DevilBolt: Enter Assembly, get C!
cptank420 8 hours ago 0 replies      
AstralStorm 17 hours ago 0 replies      
Pity it isn't a recompiler.
Annatar 20 hours ago 5 replies      
Should be "get assembler". Assembly or assembling is the process of using an assembler to assemble assembler code, which is actually mnemonics.
poseid 19 hours ago 0 replies      
really nice project - i was playing with compilers and javascript a while ago see http://embeddednodejs.com/compiler - as a simple experiment to learn about javascript's role in compilers
CHVote: Open-source e-voting system from Switzerland republique-et-canton-de-geneve.github.io
423 points by porker  1 day ago   191 comments top 22
yason 1 day ago 7 replies      
For giving a guiding vote from the citizens to assist in parliamentary or local decisions, yes.

For electing state officials, no. A voting scheme needs to be designed for the worst possible circumstances which practically means a bordering civil war, and where trust between voters is zero at best. Voting allows revolution to take place peacefully.

Therefore the method of voting needs to be understood, carried over, and be verifiable by the common (wo)man. No electronic scheme can do that: anything that runs in software means that the correctness of the system depends on the experts' word only, and that word is likely to mean nothing when half the population is already collecting arms.

StreakyCobra 1 day ago 0 replies      
While I appreciate the effort of putting it open-source, and even more to do it on GitHub, I hope they will hire someone who knows how to use Git/GitHub, like using tags for versioning instead of repository name [0], or using meaningful commit messages [1].

For the future let's see how they will manage external contributions. Opening the code for transparency is a good point (even if this still doesn't ensure you that the same version of the code is running in production on trusted hardware), but doing this on GitHub will certainly bring some contributions. Will they refuse everything? Or accept external contributions? Will they use GitHub as the central development process? If not how are they going to handle the development in intern in regards with external contributions? Also are they going to do all commits with this dedicated state-account? Who will be part and what would be the process for reviewing and accepting external contributions, to be sure they are not adding backdors purposely desguised as mistakes? Having a state starting to work on open-sourcing such a sensitive software in Switzerland opens a wide range of interesting questions. Maybe, and probably, this has already been discussed in other countries or even other part of Switzerland, but in the state of Valais (Switzerland) this is at least not the case.

It's not the first project under state control in Switzerland that is on GitHub. I'm also aware of geo-admin [2] who have their sources there. As far as I saw, they are handling GitHub much more professionally.

[0] https://github.com/republique-et-canton-de-geneve/chvote-1-0

[1] https://github.com/republique-et-canton-de-geneve/chvote-1-0...

[2] https://github.com/geoadmin

PaulRobinson 1 day ago 1 reply      
The system overview is in the github repo here: https://github.com/republique-et-canton-de-geneve/chvote-1-0...

For me, they haven't fixed the problem GUN.FREE highlighted when they decided to shut down (https://www.gnu.org/software/free/), but they have highlighted the risks and made them harder to exploit.

I need to sit down and think about attack vectors properly, as the process is quite convoluted, but it seems to me there are multiple opportunities for key personnel to change votes and to identify whom voted for each outcome - the scope is limited, and within a very small step due to ballot shuffling, but it definitely is there on a first read-through.

tauntz 1 day ago 1 reply      
Estonia's E-Voting systems backend code is also on GitHub (for already quite some years): https://github.com/vvk-ehk/evalimine
ElijahLynn 1 day ago 0 replies      
I have been very interested in Open Voting Systems for quite some time now and have been following Open Voting Consortium, Alan Dechert and more for many years now. It is a problem that I think could have better solutions. There are many good ideas out there for this, and many include paper and open source software.

I have compiled a list of reading materials here for those who are interested.


splike 1 day ago 4 replies      
But how does a voter verify that this is really the software running in the background?
pedrocr 1 day ago 1 reply      
Besides the usual comment that e-voting is a really bad idea[1] this sentence in their copy is delicious:

"CHVote, entirely developed, hosted and exploited by the Geneva Canton"

[1] https://news.ycombinator.com/item?id=13143302

specialist 1 day ago 0 replies      
These fix all, cure all novel voting systems are like recurring announcements of perpetual motion. Catnip for nerds.

Please, study how election administration (in the USA) works to better assess these new technologies, techniques, systems.

TLDR: Electronic (mediated) voting schemes cannot guarantee both the secret ballot and public count. Tech which may do one, or perhaps even both, hasn't even been conceived, must less invented.

homarp 1 day ago 0 replies      
java8 based. AGPL.currently used by 4 cantons in Switzerland: Basel-City, Bern, Geneva and Luzern, either for votations or elections.
xiphias 1 day ago 0 replies      
Shouldn't it be using cryptographic proofs for voting?

Ring signatures are good for it for example:


dttrgrr 1 day ago 2 replies      
There are necessary requirements in a voting system:

1. Authenticity - One vote per citizen.

2. Secrecy - no one, not even the government, should know who voted for who.

3. Verifiability - I know my vote counts.

So if you have a login/password, #2 (logs are too easy) and #3 are out.

With a Blockchain, #1 is out (how do you verify that a private key is owned by a citizen)?

lo-enterprise 1 day ago 0 replies      
Most interesting document of CHVote documentation is this one https://github.com/republique-et-canton-de-geneve/chvote-1-0...

At the moment, the open sourced part is the "offline administration application" in the green box at the top right.


bikamonki 1 day ago 4 replies      
A successful challenge to the results of an election will most likely end up in a civil war. In other words, whoever is officially announced as winner will remain so, even if proof of fraud is found; accepting fraud would question the capabilities/transparency/independene of the electoral authorities. This situation is aggravated by electronic voting, not because of the possibilities of hacking the system, but because the results come to damn fast: victims of fraud do not have a chance to react. While they are barely starting the legal paper work to ask for a recount, the winner is already giving his/her triumphant speech!
sandGorgon 1 day ago 1 reply      
The world's largest elections in india are all electronic.. including voting boxes shipped on elephant, camel, horses and canoe.

is there a comparison of this voting system versus the others that exist?

triangleman 1 day ago 0 replies      
The electronic voting system in Brazil is pretty well thought-out, IMO:


Still, I would not trust an electronic system unless it printed a paper receipt behind a glass window, and dropped it into a box when I hit the submit button.

Synaesthesia 1 day ago 4 replies      
I would like to say I think e-voting is a very good thing and could be transformative to society, given the political will. We have a very weak form of democracy in which we elect representatives and then entrust them to make decisions for us (yes I know we can lobby and petition govt). However this could allow a form of government where the population actually ratifies decisions made by government - a direct form of democracy.
coldcode 1 day ago 0 replies      
Why build an open source voting system, why not go all the way and build an open source election system? That way no one can complain about voting or not voting. Assuming you could find a bunch of people eligible who are willing to do the work, building some kind of AI system would at least eliminate the hassle, though I imagine not the complaining.
pksadiq 1 day ago 0 replies      
I don't know how are they going to make a Java based application to be AGPLv3 compliant.

And I don't know if the source code be provided to every voter on request, as voting is the service provided by the machine.

Edit: Yeah, there are exemptions for voting machines in [A]GPLv3.

rvdm 1 day ago 0 replies      
I've always been intrigued by Swiss software.

I'd love to know what the Swiss themselves think about this system.

To any Swiss people on HN :

Do you feel this had a positive impact on society?

Maybe more important, would you recommend this to other governments?

ljk 1 day ago 0 replies      
relevant Tom Scott video on E-voting https://www.youtube.com/watch?v=w3_0x6oaDmI
grondilu 1 day ago 0 replies      
What proves that the published code is the one that is actually running?
brazzledazzle 1 day ago 2 replies      
Off-topic: This one is kind of a curve ball for the temporary ban on political posts.
Starting a real business stripe.com
427 points by hepha1979  1 day ago   124 comments top 16
patio11 1 day ago 9 replies      
I wrote this (and the linked guide). Feel free to ask me if you have any questions or comments, in particular about things you'd like to see us cover in the future. If you'd rather do it over email, my address is my HN username @stripe.com
tvladeck 1 day ago 11 replies      
If you're just starting out, the worst decision you can make is to incorporate as a C-corp. An LLC makes vastly more sense, even for the tiny proportion of companies that want VC funding (and specifically institutional funding - funding from other sources would not matter as much - I'll explain why below). Stripe Atlas really ought to make the default an LLC.

The two major reasons why:

1. When you're a C-corp, you pay taxes twice. Once at the corporate level, and once at the individual level. This matters both for ongoing income but also for any liquidation event - as most liquidation events are asset, not stock, sales, you're getting taxed twice here too.

2. You can go from LLC -> C-corp easily but not the reverse. Why would you make the decision before you have to? Start as an LLC. In the very unlikely event you are taking institutional funding you can convert; in most cases, you'll happily stay as an LLC and keep the extra tax dollars you'd be giving the government.

Finally - all this business that VCs prefer to invest in Delaware C corps because of the legal knowledge there is - sorry - bullshit. They do it because they have to invest in taxed entities, because they themselves are partnerships so their interest in any flow-through entity will flow up to their investors, some of which are non-profits. Non-profits, like pensions, risk losing their non-profit status if they have unrelated business taxable income. There is a solution here, which is to have a special purpose blocker corp that sits in between the VC partnership and the LLC. This is done all the time in private equity but not in VC and there is no principled reason why not.

So there you have it. Don't do Stripe Atlas because you're forcing yourself to make a decision you don't need to make right now, that's irreversible, and that may end up costing you a lot of money.

IANAL, but I am a Wharton MBA

jakozaur 17 hours ago 0 replies      
Absolutely amazing world for entrepreneurs around the world. It used to be that incorporating in Delaware for foreign companies was almost a secret knowledge that cost quite a lot in legal fees and travel. Right now it is almost click through. I hope this will lead to VC money being more accessible as anyone can create Delaware if there is someone willing to write you cheque.

Same with credit card payments, it used to be super expensive and painful to integrate, right now its a simple API.

Thanks Stripe.

soared 1 day ago 4 replies      
> 80% of entrepreneurs are sole proprietors or partnerships

This seems interesting but makes complete sense. Most ideas likely won't pan out and incroporating usually isn't worth the time. I'm in Colorado and making a c-corp took all of 15 minutes, but I've been told in other states its a huge proccess. If it wasn't so simple and I didn't have free legal support, I definitley would not have done it.


edblarney 13 hours ago 1 reply      
"Were all making it up as we go along."

This is rubbish. Most regular people are not :). Entrepreneurs - maybe.

Just because you're 'faking it until you make it' does not necessarily mean that it's 'ok'.

Most businesses are well established, and there are long running norms and practices.

Working for a bank, usually you need a very specific education, then several years of learning the ropes, and there's no way around it, unless you want an embarrassing hole in your knowledge.

So yes, it's good advice for some, but there's a reason you might feel like an 'impostor' and it could be because you are. There is a reason that most CEO's are 40-50 something and not 23. Heyzeus.

hbcondo714 1 day ago 0 replies      
Lengthy and comprehensive guide[1] but no support for LLCs (yet) which cost less to incorporate

[1] https://stripe.com/atlas/guide#incorporation

jondubois 18 hours ago 1 reply      
I've never had this "imposter syndrome".

The main feeling I've struggled with in the past was that the market I was in had been monopolized by well-funded, well-advertised imposters.

I mean that strictly in the sense that a lot of startups these days are selling their product before it's even finished - I feel that by me actually taking the time to complete the product (instead of going around raising capital), that I'm at a disadvantage.

It's dangerous to legitimize this concept of 'imposter syndrome' - Some actual crooks might use it as an excuse and start to think that what they're doing is normal.

annerajb 23 hours ago 0 replies      
I was so exited about Stripe atlas.

But for me it came around 2 months late.

I already used a online website to register a C-Corp and they have no process to "import" your c-corp you either start all over again or dont use it.

I also have no idea what would I have to do to "close" the existing c-corp and start anew using atlas.

hobo_mark 11 hours ago 0 replies      
In case anyone else is going to Ctrl+F 'Europe':

> Were writing primarily from the perspective of U.S. companiesits most relevant to Atlas customers (all of whom have U.S. companies)

I take this to mean this won't work for those on the other side of the pond?

crispytx 1 day ago 0 replies      
Seems like Stripe is trying to jack Clerky's business.
giis 19 hours ago 1 reply      
Anyone here can share their thoughts on benefits of Delaware C-Corp vs incorporating in Singapore?
rubicon33 1 day ago 1 reply      
While I definitely appreciate what Stripe is trying to do here, they've left out one of the most important, but perhaps less tangible aspects to starting a business:

Getting off the ground!

Say you have an idea, maybe even a prototype... MAYBE even a functional software business that's drawing some small income! How do you go about GROWING that idea, or tiny business? Do you HAVE to seek external capitol? Do most successful startups utilize angel / VC funds to "make it"?

If so, where do you go, and how much do you ask for? What happens if your business fails?! Do you owe all that money back? Are people going to be pissed at you? Are you blacklisted from the industry? Etc. Etc.

The point I'm getting at is... It seems to me like they've left out the part about resources. Funds. The stuff that really gives your idea, a strong kick in the pants.

sillepl 1 day ago 2 replies      
Stripe Atlas would be a lot better if it would have more of the kind of payments that CoinPayments allows: ETH, DASH, Monero, Litecoin, ...

I believe that Stripe Atlas has only Bitcoin as a cryptocurrency, correct?

sjg007 19 hours ago 0 replies      
hey.. patrick mckenzie aka patio11!
hkon 1 day ago 1 reply      
If you want to know if you are running a real business, answer this simple question.

Are you making money?

If you are, you run a business, if not, you run a liability.

miles_matthias 1 day ago 0 replies      
Absolutely love this! There's no one better than Patrick to talk about starting a "real" business and being a solo entrepreneur. Really looking forward to learning as much as I can from his guides.

On a personal note, Patrick is an awesome guy. I'm still super thankful he took time out of his busy schedule to do our little podcast: http://startupcto.io/podcast/0-23-cross-training-with-sales-...

One More Sign World Is Shrinking eBay Is for Suckers matthewsag.com
469 points by silverdrake11  1 day ago   225 comments top 48
StanislavPetrov 1 day ago 7 replies      
Its sad to see how far Ebay has regressed. I was a seller of lots of random (and sometimes very expensive) things (mostly collectibles) on Ebay for many years. I had 100% feedback, often going out of my way (and taking a small loss) to deal with crazy and/or difficult people in order to keep my perfect feedback status.

I would pinpoint the time Ebay went off the rails to many years ago, when they changed their feedback system. The whole beauty of Ebay was that it was based on reputation. If I was selling something for thousands of dollars, I would only allow buyers that had plenty of good feedback. This simple system allowed you to avoid 99% of scammers. The only scammers that got through were people who spent a long time acting legit and building up lots of positive feedback, then "going rogue" and using that built-up goodwill to pull off a scam. This risk was small and worth taking (happened to me twice after hundreds of sales).

At some point, though, Ebay changed their feedback system so that sellers could not leave buyers negative feedback! You could only leave positive feedback, or refuse to leave feedback at all. Overnight, the entire reputation-based system of buyer/seller reputation was destroyed. Within three months of the change I was hit by three scammers, after selling less then ten total items. This was more scammers than I had to deal with in a decade of prior Ebay sales. There was simply no way for me to figure out which buyers were legit, and no way to warn other sellers which buyers were scammers. As evidenced in the article above, Ebay has absolutely no interest in blocking these scammers. Contacting Ebay inevitably results in a canned response that has nothing to do with your issue. Shortly after they changed their feedback system I stopped selling on Ebay all together. It just isn't worth dealing with the scammers, and Ebay seems to think that their current business model is fine.

zeahfj 1 day ago 9 replies      
I used to work at eBay Trust and Safety. The place is a nightmare and will not improve. The culture was destroyed by Meg Whitman and never recovered.

This kind of fraud sticks out like a sore thumb in click stream. I had no trouble finding fraud and building algorithms to automatically detect it but I did find it impossible finding someone at eBay who cared enough to do anything about it. eBay still gets paid so no one wants to be in charge of a revenue hit. I doubt that's changed.

Mark Carges tried to turn it around in 2008 and failed.

I have high hopes Facebook can move into this space.

noonespecial 1 day ago 2 replies      
For what its worth, thats the "brick scam". As in "you can't sell apple stuff on ebay anymore because of the brick scam".

Usually, they send you a return package with a rock or brick inside approximating the weight of the original package.

Its famous enough at this point that its impossible that ebay is unaware. They are fully aware and are choosing to continue to profit off of this. So much so that the "shell game" the author faced is likely scripted by this point.

Ebay consumes sellers as a raw material as part of the process. That's their business model.

manacit 1 day ago 0 replies      
As someone who casually sells their old computers/phones on the internet, eBay is completely useless for something like this. It's frustrating that they advertise it on TV as a place to sell old equipment, actually trying is futile.

Their fee structure is pretty bad (10% of the the sale price?!) compared to just selling it locally on Craigslist if you are in a big metro. The eBay UI to figure all of this out is even less so, and I had to resort to Google to figure basic information.

Less than 24 hours after listing an iPhone 6s for sale, it was 'bought' by someone who was an obvious scammer.

They reached out and asked for my direct PayPal email, citing that eBay was broken. Of course, I told them to pay through eBay or I wouldn't ship the phone. Immediately after this, I reached out to customer support and reported the account. This did absolutely nothing - the sale was locked up for a week "pending payment" until the buyer 'reported their account stolen' and the sale was reversed. Nobody responded to my ticket, absolutely nothing happened.

I ended up selling it in that time frame locally in less time than it took to deal with all of the eBay BS, and I was able to get something like $50 more.

mperham 1 day ago 6 replies      
If you google the buyer's address, it's home to a package forwarding service. Do not ever do business with a buyer using such a service. 100% guarantee it's a scam.


rickyc091 1 day ago 0 replies      
Ugh, sorry you had to go through this. I was in a similar case not too long ago. Basically the same start... the item arrived and a claim was filed stating that the phone wasn't working. I offered to help since it was perfectly fine before I shipped it, but I was ignored. I waited until the last date before accepting the return. As Matt mentioned, eBay basically forces you to accept the return or you lose the item.

The buyer never shipped it back so it finally timed out after another 30 days and I was able to file a claim and get my money back. Good to know I can unlink from PayPal since they pulled the funds directly from my account. I was in a negative balance.

Here's the kicker. If you decide to checkout on any site using PayPal, they'll actually authorize the full balance behind the scenes. I was definitely surprised when I saw a $400 charge for a $11 item I paid for.

eBay sucks for sellers, but you typically still get the best value aside from dealing with criagslist.

walrus01 1 day ago 0 replies      
I would never buy or sell consumer stuff like an iphone on eBay. On the other hand, I buy used/refurb network equipment all the time, from sellers that have like 8000+ positive feedback and 99.8% positive feedback ratings. Very rarely a problem, and no higher rate of problems/DOA items than with any other refurb equipment dealers. There are some amazing deals out there for things that are fresh off 3-year corporate leases, or have been decommissioned from telecom/ISP sites somewhere for whatever reason. Want a 48-port 802.3af PoE 1000BaseT switch for really cheap, with proper cisco IOS, to put in the wiring closet of your house? It's a good place to look. For consumer goods, not so much.

also: I confine my purchasing on ebay to and from US domestic vendors with verified accounts, and I never sell to consumer end users...

hackuser 1 day ago 0 replies      
> eBay is an enormous company with over $8 billion in revenue a year, so naturally it's difficult to talk to anyone there who is not a computer

It's not naturally difficult, it's just a decision by eBay. With that kind of money they could pay and train people to provide service to you. Larger companies than eBay operate tech support services, and my guess is that tech support is higher-skilled than the customer service eBay needs.

jrs235 1 day ago 5 replies      
This is why I'm starting to consider taking video of me packing and placing goods in the shipping box (while at the shipping company), placing the shipping label on the package, and dropping them off directly with UPS/USPS/FEDEX (all in a non clipped video). Then also recording the opening of any packages received in returns. Problem is this probably still wouldn't be enough evidence and sufficient for eBay.
neutered_knot 1 day ago 0 replies      
This has been going on forever. Here is an example from 2007, almost identical to the one in the post.


ars 1 day ago 2 replies      
What I do to protect myself is record a video of me packaging and shipping the item.

I record the video at the post office itself, and of course include a shot of the post office.

Start the video showing a closeup of the item, then record yourself packaging and sealing the box, and putting on the address label - then very important record an image of the address label, and finally walk it over to the drop box, put it in, and pan wide to record the building.

Make SURE never to have the item go off frame or people will say you pulled a trick.

The post office where I am is open 24/7 and deserted at night, so it's easy. When I shipped UPS the guy looked at me funny and warned me he didn't want to be in the video, but other than that I was able to record (and I included the tracking receipt I got from them in the video).

It's a lot easier if you have a second person holding the camera, but it's also possible with a tripod, or even just holding it if you prepare all the tape stuck on one side of the flap so you can work one-handed. Do a test shot to make sure your video camera is good enough that you can actually read the address label - and even better the serial number on the product.

Keep the video for a long time, several months.

I've never actually had to use any of the videos I've made, but I keep making them anyway.

teknologist 18 hours ago 1 reply      
I'm from the UK. Some years ago we bought a game console on eBay and instead received a photo (!) of one in the post. eBay were unwilling to act, so we went to the local police station and reported it. To our surprise they eventually found the seller and recovered the money.
thisrod 21 hours ago 0 replies      
So in Australia we have things called small claims courts, which are designed to make it practical for an individual citizen to sue a billion dollar company for a few hundred dollars. And I think that Australian consumer law would take a very dim view of website terms and conditions that claimed to prevent it. There's a tradition of "Yes, your thousand-dollar contract is enforcable, but any attempt to enforce it would be an offence under the Trade Practices Act, and we could fine you a million dollars if you tried."
JumpCrisscross 1 day ago 0 replies      
Contact your state banking regulator and report eBay and PayPal. New York State's Department of Financial Services is particularly strong and responsive [1].

[1] http://www.dfs.ny.gov

imgabe 1 day ago 2 replies      
It sounds like they still have their money and eBay is "demanding payment". Is there any reason to give into this demand? Obviously the Ukrainian scammer is not going to sue. It seems unlikely that eBay is going to sue over $465. So, keep the money and don't use eBay anymore (which it seems like was the case anyway).
slezyr 17 hours ago 3 replies      
Try to report it to Kharkiv's police.


ignorantguy 1 day ago 3 replies      
I wouldn't recommend ebay to anyone at all. This article probably will help potential scammers to actually cheat more people.
ensignavenger 1 day ago 3 replies      
I only sell on ebay rarely, but I buy stuff all the time, big, small, expensive, foreign and domestic, from big sellers (lots of feedback) and new ones. I have never had any problems, some times I am disappointed by the cheap junk I buy from China, but generally I am quite satisfied. I have had to request a refund once or twice because something was not as described, but I don't think I have ever had to escalate to ebay or PayPal on anything.

All this being said, anecdotes aren't data, and I worry every time I read an article like this that I am going to get burned bad one day.

timmaxw 14 hours ago 0 replies      
Behind the specific problem of eBay prioritizing buyers over sellers, there's a more general problem of how marketplaces can determine who's right in a dispute. Other commenters have suggested taking a video while packing up the item and unpacking the return. However, that could be vulnerable to fraud as well; how can you prove that the package you film yourself opening is the package the other party actually sent?

Perhaps UPS/Fedex could act as a verification service. For a small fee, the UPS store employees could photograph the contents of the package before it gets mailed, check if the electronics turn on, write down the serial numbers, etc. and send a report to eBay.

Dowwie 1 day ago 1 reply      
This is loosely related to the subject but I wanted to point out a scam that I was victim to and nearly lost more than a grand:. PayPal doesn't protect vacation rental by owner scams.

The reason that this was a close call rather than complete catastrophe was that I had the listing reviewed by the service's internal investigation team while I transacted. The team altered me of fraud, I responded immediately with PayPal to learn that hey guess what - their fraud claims policy excludes vacation rental services! They refused to help me. Further, the scammer knew this policy limitation, and even left me a troll voicemail as I was escalating the scam that was along the lines of "guess what? PayPal won't refund you!"

Fortunately, I used a credit card for payment. I managed to file a claim with the credit card company and reverse the fraudulent charge.

The reason I escalated this listing as a concern was that it had zero reviews and was new. The owner was also a bit too accommodative of my requests. I proceeded with caution.

I went to the authorities about this, including the secret service, who for whatever reason handles fraud like this. I never heard back from anyone.

qq66 18 hours ago 1 reply      
I've had good experiences with hard-to-find items on eBay by following two simple rules: 1) I will only buy an expensive item from a seller with thousands of reviews and a 99.8% rating or higher, and 2) I will only sell an expensive item to a buyer with an account older than three years, more than 100 transactions, a 100% rating, and other expensive and related items in their history.

I don't typically get the best prices, of course, but I've never been scammed.

annerajb 23 hours ago 1 reply      
I had something like this happen.

The buyer from hungary filed a item not received claim and they took my money from my paypal account (it has been negative ever since).

5 months later out of curiosity I sent a message to the buyer and he replied that he did received. But since the case was closed in Ebay there is no way for me to forward the email I received from him to get my account back up in good standing...

I was sent to collections and filed a debt verification letter which they didnt reply correctly and havent responded to it and two years later still does not show on my credit report.

If it ever does I will just file the debt verification letter again and ask for small claims court.

ionised 9 hours ago 0 replies      
In my personal opinion, EBay and PayPal have both become seriously shady and among my own awful experiences with the two companies I have family members that have experienced varying levels of bullshit treatment, not limited to PayPal hounding them for years for money they clearly did not owe and EBay blacklisting them for this reason.

Then there are the horror stories like this all over the internet that just cemented my decision to never use or recommend either service ever again.

cbdfghh 1 day ago 1 reply      
Would it be possible to take ebay to a small claims court?
jliptzin 21 hours ago 0 replies      
Pretty much the same exact thing happened to me about 6 years ago. Nice to know ebay's policy still hasn't changed. I'm still banned from paypal because I refused to pay them back the money they refunded to the scammer. I used to use ebay pretty frequently but since that incident I've only been back there a couple of times to buy things (with a friend's paypal account) that I really couldn't find anywhere else.
setq 16 hours ago 0 replies      
Had this problem before. If you send something expensive, film yourself putting it in the box, write the serial numbers down, send it recorded or signed for delivery always, withdraw EVERYTHING from your paypal account instantly into your bank account.

A friend of mine however ended up with a debt collection agency (Transcom) after him for 6 months because he refused to refund the item. Eventually after much letter writing with "fuck off" in it basically, they gave up because there wasn't a genuine claim that would stand up in court.

I still buy and sell off ebay but it's usually very niche items which are on 1:1 interest and low value (vintage transistors for example). Anything popular, I get the other half to stick it on Facebook and it's gone, in cash usually within 72 hours. No fees, nothing.

em3rgent0rdr 1 day ago 1 reply      
eBay is centralized moderation. Maybe a distributed p2p market-based moderation with reputation scores for moderators in addition to sellers, like openbazaar, is the solution: https://blog.openbazaar.org/how-moderators-and-dispute-resol...
amai 7 hours ago 0 replies      
Why does eBay allow buyers to use remailer addresses? It should be very easy for them to check that and not allow any buyers using these remailer addresses.
pmorici 1 day ago 2 replies      
Your problem was checking the box that said you would ship world wide. You can eliminate 99% of fraudulent ebay buyers by only shipping within the US or your local region. also keep and eye out for package forwarding addresses those can be problematic as well but not as bad as a straight foreign shipping address.
simonhamp 1 day ago 0 replies      
I'm finding it hard to understand what's so difficult about eBay 'doing the right thing' here... surely it can't be that hard to take seller evidence into account and cross-reference that with buyer proof that they returned the correct item in the condition they received it...
rick_perez 22 hours ago 1 reply      
"I dont accept payment by check or Western Union and I dont accept returns."

If you sell me a broken phone, it gets broken in the mail because you didn't package it correctly, or any other thing that can happen between the time you send it out and when I receive it, you should refund my money or accept my return.

I buy hundreds of thousands of products per month for my business on Ebay and Amazon and many people outright lie about the products they are trying to sell me. A good return policy is a must.

My theory is that it's one of the only reasons Amazon and Ebay became the kings of the online marketplace. I've tried to purchase from the other sites and because there are barely any protections in place for buyers, I always go back.

dstaten 23 hours ago 0 replies      
I will never use eBay again. It took over a month to get a refund for a product that was never shipped. In fact the transaction was somehow canceled by the seller within minutes of it being completed, but it still took a ton of work on my end to get the refund. What a shame
codedokode 14 hours ago 0 replies      
As I understand his mistake was to sell an item to Eastern Europe. He should have sold it to US so in case if something goes wrong he could use the police.

Mail forwarders usually take photos of items sent through them (so their customers could see what they would receive). Ebay could contact the forwarder if they wanted to find out the truth.

No1 19 hours ago 0 replies      
It's not just the buyers who are scammers - the amount of counterfeit and significantly-not-as-described stuff being sold is astounding. Ebay is large enough to do their own sample purchases, but clearly they just don't care. I stopped using Ebay after they sent me a message saying that I had contested too many transactions (all due to counterfeit goods) and could not contest again for some period of time.

I'm interested in what will happen when Ebay becomes a site for scammers sellers to transact with scammer buyers.

intrasight 1 day ago 0 replies      
I've not used eBay in years as a seller - ever since they started withholding my funds pending approval/release by buyer. Now I just use Craig's List and Facebook and sell face-to-face. And as a bonus, I've met some pretty cool people.
phjesusthatguy3 11 hours ago 0 replies      
I just have to say I'm grateful this hasn't happened to me. I just started using ebay again after a ~8 year break to sell off some LPs, and gotten through about $1000 of sales without a problem.
Spooky23 1 day ago 0 replies      
I'd never do business with eBay, ever. You can surf around there and spot obvious scams in 5 minutes that have been run for a decade.

I consider them a co-conspirator.

The best bet for selling was Amazon, but now is Facebook groups.

FrankenPC 1 day ago 0 replies      
This happened to me as well and the thief/buyer decided it would be funny to leave negative feedback as well. I'm not selling on Ebay ever again. The system is st
catalystframe 22 hours ago 0 replies      
Yeah had same kind of issue. Dispute management people told me "If I was running a business, I'd accept every customer I can." My response "even if they're using you as a free rental service?" Author is 100% right, they totally side with the buyer and they're essentially churning through sellers to make money. Even if they ever clean up, fuck em
morganvachon 1 day ago 0 replies      
I learned a while back to never, ever sell a phone or tablet on eBay. I only use Swappa for this service now, and I've bought and sold several devices on there with zero issues. Anecdotal, I know, but they give equal protection to buyers and sellers, and their employees are actively involved in each sale.
rdlecler1 21 hours ago 0 replies      
I stopped using eBay in 2003 when I had aweful service with PayPal. It's sad. eBay could have been Amazon. It had so much going for it--too good to fail--unfortunately poor leadership wronged the ship.
ns8sl 12 hours ago 0 replies      
I tried to sell Bitcoin on eBay and every single buyer attempted to commit fraud.
conductr 23 hours ago 0 replies      
Wonder what would happen if author filed a small claim in his local jurisdiction? (Against eBay)

I tend to think eBay would not even respond and lose by default

jaimex2 1 day ago 0 replies      
Yeah, eBay is not a place to casually sell anymore. The 10% fee was bad enough but now you have to place a bond account even if your account has a long reputation of happy customers.

Facebook marketplace is the way to go. You get way more exposure and can usually sell something in minutes.

Scottn1 20 hours ago 0 replies      
I have been a ebay user since 1999. Have accumulated 200 feedbacks and currently at 100% positive. But I have entertained closing my account a few times in past two years and have started to cut back drastically on ebay as both a buyer and especially a seller.

First, as others have mentioned, they have a monopolistic marketplace where they require one to use their own Paypal for transactions. The combined fee's for selling on ebay + Paypal now are 10% of the final sold amount + the shipping amount. Where margins are slim as it is and things are already selling well below their value at times because of so many other competing auctions, the fee's make it not worth it in many cases. They are making a boatload in fees and I'm tired of it. I just sold $400 golf clubs and had to give them $42? Ebay provides value as the market is so large. I had those clubs on Craigslist for TWO months and not even a inquiry at that price. Ebay got sold in 7 day auction. But to pay 10% for everything is too greedy imo. They have NO competition.

Second, ebay has become a haven for scammers and overrun with them to point I am leery of purchasing anything like electronics, phones, etc on there. Software..forget it! DO NOT buy any licensed software from ebay no matter how good buyer feedback. Even if it claims new/sealed. The pirates have gotten too good. I'd venture to say 99% of software on there now is either a)counterfeit from get go or b)legit but "used" and/or illegal Volume Licenses. The problem is key will work when you get it but fail 5 months from now or when you need to reinstall. I've been victim of this two times now and NO more will I buy software off ebay. When it does fail, it is long enough you have zero recourse. Ebay you can't even file a claim as they give you only like 14 days after purchase. A pirate knows this and gets keys from a keygen. I had 8 legit looking MS Office licenses in sealed retail boxes register then 4 months later started to fail. Called Microsoft and they told me I had registered them too many times and they are now flagged. Huh? I only installed them ONCE. Credit card company didn't even help as it was past the time limit for a case. So basically the seller sold many of the same key and whoever bought from him, who knows how many of us, they are all worthless. Really upsets me that ebay allows ANY software even on there. They clearly know that this must be going on. I tried to inform them of the practice but couldn't even find a contact to let know. They don't care as they are making their fees! Tons of them from software. Their only concern is a small webpage to help identify counterfeit. From now on, I will only buy hard items that can't be counterfeited or scammed easily, like golf clubs.

Third, as this story is about, ebay is WAY to buyer-centric and I too was once bitten by similar story as topic starter. Not as blatantly bad as the OP or that amount of money, but bad enough I was pissed. Eventually also got someone from ebay on the phone and as similar was brushed off and there was no pleading my case. End of story, refund the money. It cost me out of my own pocket by time it was returned and settled.

andrewclunn 1 day ago 1 reply      
Okay... So how is this evidence that the world is small?
fapjacks 20 hours ago 0 replies      
Yeah absolutely fuck Ebay. It was broken years ago.
djoldman 1 day ago 2 replies      
Why not just pick "no returns accepted" when selling?
Visual Studio Code 1.8 visualstudio.com
394 points by kentor  1 day ago   186 comments top 42
wwalser 1 day ago 6 replies      
I recently moved from EMACS (after using it for ~10 years & ~6 languages) to VSCode. There are loads of things that I miss but overall it's been a fairly smooth transition.

I'm moving because I spend most of my time writing javascript and felt that no combination of emacs modes allowed me to keep up with a proper IDE. Emacs is a tool to learn once and use for a lifetime (and I will continue to use it for other editing tasks) but I found that I was increasingly having to learn outside tools in order to gain the benefit that IDEs could hand me for "free" (free like a puppy, retraining your fingers takes months).

Things I love:

- Intellisense is immediately superior to anything I've used in EMACS.

- Debugging from my editor. This was available in emacs for C, PHP & Java using GDB or similar but it never made it's way to javascript as far as I can tell.

- Goto definition.

- Good typescript and Flow integration

Things I miss:

- IDO Mode (FML I hate Finder for moving through directories)

- Creating files with just the keyboard (probably possible but I haven't figured it out yet).

- Kill ring

- Moving around the code with just a keyboard (ctrl-v and the sort).

- Non-intellisense completion. When your caret is at the end of a word, Command-\ in EMACS completes to another word from the same buffer that has the same prefix and continue to swap through words on subsequent presses. Very useful in a dynamic language.

mmanfrin 1 day ago 2 replies      
VS Code is, along with Typescript and Vue, one of my favorite things to have entered my world in the past 6 months. They have been rapidly improving VSC and I am exceptionally happy with it.
WhitneyLand 1 day ago 11 replies      
Why are people using this instead of WebStorm? It seems like:

- It a little faster for Typescript (but no better TS features from what I can see).

- A lot of people are trying it because it's new, or because they like MS tools.

- It's free

On the other hand WebStorm still has more functionality overall, a few less rough edges, and a more standard UI (some people don't like how MS Code doesn't have a tabbed doc UI).

My personal calculus is that WebStorm is so cheap, I would not allow my primary tool to be even 1% worse to save money. Also I like those crazy guys - they have been pushing out features very fast for years now.

torgoguys 1 day ago 2 replies      
Anybody know how many people are on the VSCode team? They're moving so fast in adding useful stuff with very few hiccups...I'm lovin' it.
hackcrafter 1 day ago 0 replies      
The Just my Code debugger support, where stepping through callbacks can just skip all the in-between functions handled by third party libs looks fantastic.

Especially with await / yield-promise type stuff, I could imagine this will make debugging much nicer.

[0] https://code.visualstudio.com/updates/v1_8#_just-my-code-nod...

SwellJoe 1 day ago 0 replies      
Being able to hide the activity bar puts VSCode into a class of editors I could imagine myself using. I tried it a couple of times in the past, and that damned big ass bar of useless icons bugged me too much (I work on a laptop screen 95% of the time, so giving up that much real estate for something I'd rather do with hotkeys is just painful). It sounds silly to dismiss it over such a small UI thing, but well...my screen is small, my eyes are getting older (so even though I have a 4k display, I can't shrink everything down without eye strain), and vim and Atom don't eat up the screen in the same way. So, I use vim and Atom (mostly vim, as old habits die hard). But, will give VSCode another try.
angelofm 1 day ago 1 reply      
It looks pretty good congratulations to the team.

There is an issue though that I find so annoying and I just hope they fix it.

I set up the external terminal to git bash on windows and sometimes when I'm deleting commands with the backspace it doesn't really delete the full word, hard to explain but as an example if I type "nani" and then press backspace "nani" stays but I know it has been deleted because it kinda flicks so I type "o" now I have in the terminal "nanio" and sure enough if I now type the name of the file it edits it.

Hope this makes sense, I put up with it because I'm really enjoying the product and the speed of development.

Big congratulations to the team.

earthnail 1 day ago 1 reply      
I know they're working on styling, but now that the titlebar is black, too (on Mac), I really, really would appreciate if the status bar would blend in, too.
americanjetset 1 day ago 0 replies      
> Terminal copy and paste key bindings on Windows have changed to Ctrl+C (when text is selected) and Ctrl+V respectively.

So happy.

ggregoire 1 day ago 1 reply      
> JavaScript improvements: IntelliSense for paths in import

Does that mean we don't need those extensions anymore?

- Path Intellisense: https://marketplace.visualstudio.com/items?itemName=christia...

- NPM Intellisense: https://marketplace.visualstudio.com/items?itemName=christia...

(I have not updated yet)

rl3 1 day ago 3 replies      
Anyone using Visual Studio Code for Rust development? If so, how is it?


Going by feature set alone (plugins included) it appears like a good choice, though I've yet to try it myself.

bopcrane 1 day ago 1 reply      
The pace of development on VS code is impressive! I'm really looking forward to the JS improvements
augb 1 day ago 6 replies      
Finally, we get hot exit. :)
geostyx 1 day ago 0 replies      
I really like the improvements to the settings system. It's a lot easier to use now while still keeping it a simple json file!

Also, I did not know how much I needed Zen mode in my life.

hannibalhorn 1 day ago 0 replies      

 JavaScript Intellisense in HTML
This is awesome - I was just this week looking at using Vuejs for a new project instead of React, but the lack of Intellisense in "Single File Components" with VSCode was a deal breaker for me, better to stay with JSX. I've used all kinds of things before the associated tooling is really up to par, and it's one of those things I often regret later. At least it's still not too late to revisit the decision!

LeonidBugaev 22 hours ago 0 replies      
Worth noticing that VSCode currently have the biggest ever active community on Github https://github.com/Microsoft/vscode/issues/17125

Over 1500 people, monthly, contribute to the project!

soneca 15 hours ago 1 reply      
Is VSCode a good tool for someone that is just starting to learn software development?

My plan is to become a front-end developer. I am learning Javascript now, then go back a little and learn more deeply CSS, then make some projects with NodeJS and on and on.

I use Notepad++ today and it looks good enough for me. So I wanted to ask more experienced developers: a more powerful tool at this early stage of the learning curve help or confuse?

gremlinsinc 1 day ago 1 reply      
Still waiting on docblock support or plugin for PHP, then I'm going to give it a shot. Till then I'll stick w/ sublime.

Though I've been trying vim again, maybe I'll finally jump into it.. I mean I jumped into Arch linux + i3wm(tiled window manager), moving into the console for everything seems next logical transition toward becoming part computer.

_tjm 17 hours ago 0 replies      
Has anyone been able to get decent JS Intellisense working on VS Code? I recently switched to (and decided to pay for) WebStorm, despite the fact that it's debugging experience is slower, because it will properly inspect my project, automatically get the typings .tsd's for all of my node_modules and Node core and put them somewhere out of my way (i.e. not in my project root directory!).

I can then properly refactor my code. I can 'go to definition' and it actually works! Also the editor automatically telling me a 'variable is unused' being switched on by default without some plugin? This should be standard.

Having been a C++ and Java dev before this Node gig, these things were essential for me.

This and the fact that it has lots of tools built in persuaded me to make the switch.

I still keep an eye on the VS Code releases hoping one day I can hop back.

sorenjan 23 hours ago 0 replies      
Is it possible to first open a file, and then easily open the folder that contains the file?
tarr11 1 day ago 1 reply      
How do VSCode features get ported to the Monaco Code Editor[1]?

I was interested in using it but noticed the last commit for Monaco was in October.

[1] https://github.com/Microsoft/monaco-editor

hkon 1 day ago 0 replies      
But I just downloaded the previous version. I am really impressed about the speed of deliveries.
itaysk 1 day ago 0 replies      
Amazing pace and progress between each minor version
azmenak 1 day ago 1 reply      
I do almost 100% js dev these days, and I've been switching back and forth between Sublime and VSCode for the past few months. The one major issue I have with VSCode is lack of completions for strings and words which Intellisense doesn't understand. Sublime's CodeIntel dose an excellent job of picking up all the "words" I've used in open files and saves me a lot of typing and typos.

Maybe there's some config I'm unaware of, since VSCode's site does mention "words" as a type of completion, but I've never seen it work for js files.

hprotagonist 1 day ago 2 replies      

I have high hopes for a sublime-style "whole document" scroll bar in future releases.

jensvdh 1 day ago 0 replies      
Fantastic update. The node debugging tools are some of the best out there.
anupshinde 21 hours ago 0 replies      
Hot exit is finally here. I missed this feature when I moved from SublimeText. And very useful on desktops
lowmagnet 1 day ago 0 replies      
I use VSC for Go stuff and the extension (lead author Luke Hoban) for it is excellent. I haven't gotten debugging working properly yet, but I so rarely need it, it's hard to justify configuring it.

I might have to make a few actions to do it, and I'm too busy being productive with the go toolchain tools so nicely integrated with the extension.

astrostl 11 hours ago 0 replies      
I <3 VSC because it isn't a bloated IDE.

I worry that it will eventually be a bloated IDE.

Rapzid 20 hours ago 0 replies      
I wonder how much of VS Code's community momentum over Atom is due to TypeScript vs Coffee. Personally, I find code bases with great language tooling easier to jump into.
cocochanel 20 hours ago 0 replies      
I switched to VS code today and I love it! Looking forward to JS improvements. Thank you to the Microsoft team! :)
protomyth 1 day ago 1 reply      
Is there anyway to get user-defined macros? Sublime and JEdit handle them well and was wondering if there is something coming or a preferred extension?
RUG3Y 1 day ago 0 replies      
I never thought that I'd like a Microsoft product again, but VSCode is really neat and has become my editor of choice.
asadm 20 hours ago 2 replies      
mini-map is the only thing stopping me from jumping to VSCode.
donatj 22 hours ago 0 replies      
The non-native taskbar drievs me nuts. At least I can turn it off.
_tjm 17 hours ago 0 replies      
Let us all not forget that with the move from Chrome 52 to Chrome 53, this version of VS Code supports full-color emoji.
howfun 23 hours ago 0 replies      
Why all editord lately become black themed?
hubert123 15 hours ago 0 replies      
Can it ctrl navigate to html import?
aivosha 1 day ago 2 replies      
is this any good for python ?
jongar_xyz 1 day ago 0 replies      
I actually find Atom more pleasant to look at.
azinman2 1 day ago 0 replies      
Loving the work done.. now we just need a more complete VIM mode implementation!
nkg 1 day ago 1 reply      
I want to love you, VS. Your name would look so good on my resume.I'm going to try one more time.
A Backdoor in Skype for Mac OS X trustwave.com
361 points by finid  2 days ago   103 comments top 12
dangerlibrary 2 days ago 5 replies      
Most generous interpretation: this could easily be an old, deprecated API in an enormous, complicated codebase on an engineering team with high turnover.
haddr 2 days ago 1 reply      
The backdoor aside, but using Skype seems to be a real pain recently. It used to be something that offered unmatched quality and service, but with time passing it is lagging behind. Skype on Mac OS X now starts like in 10 seconds and even the shutdown takes 10-15 seconds (on SSD). Video calls are fine, but the fans are quickly 100%. It's funny but the (long unmaintened) Linux skype seems to be better at video calls.

This news only proves that the Skype codebase must be an unmanageable mess. I can undetsrand that. But also it seems that MS is moving to the web version of skype, in the meantime not taking care too much about the native clients.

hashhar 2 days ago 3 replies      
Calling this a backdoor is an extreme measure. I wasn't able to see any working example, nor any responsible disclosure which seems bad.

Also, if somebody has the ability to run arbitrary code on your machine, I would think that it's game over at that point - backdoor or not. This is not a remote exploitable backdoor it seems.

campuscodi 2 days ago 0 replies      
Looks more like an ancient and unmaintained API. This is AV security-firm-hype at its best.
klodolph 2 days ago 3 replies      
I've heard rumors that the Skype codebase is a giant mass of unmaintainable code "approaching a singularity" and for this reason alone you wouldn't expect it to be terribly secure. At one time I wondered if I was too paranoid for adding another user account for the sole purpose of running Skype, but I no longer wonder.

That and the fact that OS X security is not fantastic to begin with, and I don't want anything weird showing up in screen sharing with job interviews (say, in search history).

milge 2 days ago 0 replies      
I thought it was already well-known and assumed Skype has backdoor(s) in their software.
ryanlol 2 days ago 0 replies      
Super unlikely this is an intentional backdoor. OS X privesc vulns definitely aren't nearly rare enough to come by to justify backdooring software like Skype for local privesc.
bitmapbrother 2 days ago 4 replies      
This wouldn't be the first time Microsoft has worked with the NSA


EugeneOZ 2 days ago 0 replies      
What wonders me is absence of urgent update after such news...
ryanmccullagh 2 days ago 0 replies      
I'm surprised to this company on the front page of HN.
thedutchguy 2 days ago 0 replies      
Good. All things should have backdoors. /s
y_u_no_rust 2 days ago 1 reply      
calling this a backdoor is pretty disingenous
Does It Make Sense for Programmers to Move to the Bay Area? triplebyte.com
346 points by runesoerensen  1 day ago   483 comments top 71
josh_carterPDX 1 day ago 13 replies      
As someone who grew up in the Bay Area, but moved to Portland about three years ago, I can tell you there is a stark difference in ecosystems. However, if you are a young up-and-coming programmer coming out of school, it makes complete sense to move to the Bay Area. If you're an Actor you move to L.A. to get your big break. If you're a programmer, you go to the Bay Area to work for a big firm that will help build your reputation and resume. For people later in their careers who have "been there/done that" it's less about what you can do for a company and more about what you can do for yourself. People later in their career tend to think more about their quality of life after spending years grinding it out in markets like the Bay Area. I know it's the big reason I moved to Portland. I love the tech community here. It's much more collaborative. The salaries may not match what you get in the Bay Area, but what I lose in salary I gain in not being stressed all the time.
harterrt 1 day ago 5 replies      
It looks like the salary differential of $33k listed in the article is gross earnings. After taxes this would just barely cover the rent differential of $1.5k/mo ($18k/year). Note that this is the best case scenario according to their estimates.

What troubles me is the use of median rent to compare housing costs. As rent increases, renters are likely to downsize offsetting some of the rent increase. I'd be willing to bet Seattle renters are able to get more space for the area's median rental. Accordingly, the salary increase probably doesn't cover the rent increase for a similar sized home.

tom_b 1 day ago 6 replies      
Interesting that Bay Area hackers make more than local hackers when they relocate outside the Bay Area.


 A 2015 report by Hired found that when engineers from the Bay Area relocate to other areas, they out-earn engineers on the local market. Experience in the Bay Area seems to advance careers. Engineers moving from San Francisco to Seattle make an average of $9,000 more than others who get offers in Seattle. This Bay Area premium is even higher in other cities: $16,000 in Boston, $17,000 in Chicago, and $19,000 in San Diego.
[found slide at http://get.hired.com/rs/348-IPO-044/images/Hired-State-of-Sa...]

Bay Area hackers are more valued in different markets than local hackers. I would love to see the raw data for the "relocating" hackers and local hackers. Is it a question of applied experience opportunities in the Bay Area hackers? Is just startup afterglow? Are relocating hackers better than average pre-Bay Area experience to begin with and this shows up when they migrate away from the Bay Area?

ammon 1 day ago 8 replies      
When people compare salaries / the cost of living in different cities, they often fail to account for the fact that many people don't spend their entire salary in the local economy. If you are trying to save money (or pay for college, donate to a cause, or buy a Ferrari) this costs the same no matter where you live. You should only apply the cost of living adjustment to housing (and maybe food). When you do this, living in the Bay Area starts to make more financial sense.
dustinmoris 1 day ago 2 replies      
So a recruiting agency who makes money from placing applicants in the Bay area, a place with a shortage of developers, writes an article to convince more developers to move to the Bay area ? Yeah, totally trust their data and the data they selected for this article!
Henchilada 1 day ago 2 replies      
This whole dialogue shows a very laborer-centric view of the world. What is missing from this entire conversation is the concept of being an employer/founder or independent consultant. If you want to bootstrap a startup, the Bay Area cost basis is going to destroy your nest egg until you can raise capital. Also, this conversation implies that you are employed 100% of the time, ignoring any cases where you quit, are fired, or the "rocketship" startup you joined doesn't work out.
danwalmsley 1 day ago 2 replies      
I did the math on this about 1.5 years ago and came to the conclusion that it wasn't worth it. I was, at the time, in a CTO-level position at a VC-funded startup and so had plenty of opportunities in the Bay, but in the end opted to live in a quiet country town about 2.5 hrs drive away and work from home in a lower-key role.

I have a 3yo kid and another on the way, and I do not regret my decision for one second, particularly when I hear horror stories from my stressed-out friends in SF/SJ. Also we can easily pay the mortgage on one salary and my wife is able to finish her PhD without us going into debt.

For us, it wasn't just about salary vs cost of living, but also about the stresses of big city life, competing for limited places in overtaxed childcare, sitting in traffic for hours every day, and being surrounded by other parents enduring the same tortures. No thanks.

michaelchisari 1 day ago 3 replies      
I ended up in Los Angeles because, despite being an expensive city, rents were cheaper than the Bay Area, and the salaries being offered were equivalent. I have a great place in LA that would easily be 50% to double the price in the Bay.

This wasn't the only reason but it was one of the biggest. Another reason being that I wanted to work in tech as it relates to media and content, and there were many more options to choose from here.

automatwon 1 day ago 4 replies      
I wonder how much weather affects success, both for companies and individuals.

I worked as a Data Science engineer in Seattle (startup), and just moved to San Francisco this year (Google). I know this sounds trivial, but I think the more pleasant weather in the Bay Area is beneficial to my career. The lifestyle aspect is just icing on the cake.

I can't get up in the morning when it's rainy and cold. Of course, I do show up to work, just a little bit later in the day than if the weather was pleasant. I'm less refreshed. I think less clearly. I work less efficiently. I make more mistakes. I feel less healthy, because grogginess and caffeine consumption is positively correlated. That's the effect weather has day-to-day. Week-to-week, month-to-month, I can't help but avoid having S.A.D. (Seasonal Affective Disorder) in Seattle. Occasionally, I'd have an Existential Crisis, to use the term lightly, questioning whether my work is meaningful, whether I've sold out on my passion for programming. It helps that I work at a Google, but San Francisco weather definitely makes me feel more excited for work.

Maybe things will change when I want to own a house. Until then, even if my take home pay minus cost of living in the Bay Area is lower than Seattle, the Bay Area is still a better payoff, both in finances and purposefulness.

uiri 1 day ago 1 reply      
The salaries here do cover the higher cost of living, and if you are able to capitalize on the additional opportunities that are uniquely available here, you could end up doing much more than covering costs.

This conclusion is patently false. The article mentioned but failed to calculate California state income tax.

That $15k-33k salary differential is going to be eaten by at least $12k in California income taxes. That leaves $3-21k to cover the additional rent expenses which is $250 - $1750 per month. The difference in median rent is almost $1500 per month. The article itself already admits that Seattle is better if you wish to own rather than rent housing.

EDIT: The salaries at Microsoft (Redmond) are comparable to the salary figure for Google, Facebook, Twitter, Airbnb, and Uber. The salaries at Amazon are $5-10k lower but make up for the difference in stock.

I'm estimating stock and cash bonus to be 40% of salary (which is conservative for Google and Facebook, I think). California state income tax on $160k is $12k.

jeroen94704 1 day ago 4 replies      
This article seems to assume you're single and not in a hurry to start a family. I'd be interested to read an article "Does it make sense for a programmer with a wife and kids to move to the bay area". I secretly suspect the answer will be "no", since no matter how you slice it, a 4-bedroom house in the Bay Area won't be reachable until you are well on your way to, say, 40 or so.
alex- 1 day ago 0 replies      
I moved (internationally) to the bay area. In my specific circumstances I would not say that it was financially clearly a good thing to do, due to the MUCH higher costs of living.

However as a place to live it is quite nice. Technology is everywhere. You can go to a free meet up and literally see the creator of the language doing a talk (e.g. Guido tomorrow with the baypiggies). It has A LOT of opportunities to pursue the career that interests you. It's warm, close to the coast and a manageable drive to skiing in Tahoe.

Some times it is not all about the profit loss.

rememberlenny 1 day ago 6 replies      
This point is interesting:

 [3] We find that engineers often under-value startup success (growth rate, revenue) when looking for jobs, and instead place an emphasis on brand-recognition, or whether they find the subject area exciting. Now, I don't mean to judge anyone for this working in an areas of passion may be great choice. But if your goal is to maximize your financial outcome, looking at startups more like an investor and picking a company in a big market on a promising trajectory is likely a winning strategy. The Bay Area, with a large number of startups, is probably the best place to do this.

plandis 1 day ago 2 replies      
This doesn't factor in stock compensation AFAIK. For instance, I started at Amazon at around $90k in salary plus signing bonus of $20k so like $110,000 my first year out of college back in 2013. I made about the same in 2014. In 2015 I got promoted to SDE2 and my salary is closer to $118,000. But additionally I also got like $60k in 2015 in stock and this year my stock compensation is just about $100,000.

I'd imagine this is the case for a lot of tech companies so comparing salary alone probably isn't going to make a good argument one way or another.

Also taxes. WA has no state income tax so add an additional 10% income buying power

tedmiston 1 day ago 0 replies      
Counterpoint: Globalization is real. Top tier accelerators accept companies from outside of the Bay Area and tech hubs these days. You can work for a tier 1 early to mid stage startup in a tier 34 startup ecosystem if you look hard enough (I do).

(The Triplebyte recruiter didn't seem super enthused with that being my response to why I didn't do their process.)

baccheion 17 hours ago 0 replies      
Divide yearly salary (before taxes) by median rent (40 = bare minimum to rent an apartment, 60 = comfortable, and 100 = luxurious living).

Once you're making enough, it's about realizing the chances you'll be able to buy a house or find a compatible (and attractive) romantic partner are low.

Before the rent situation got completely out of control, it was easy to recommend at least living in the Bay Area for a while (just to see if you like it or not, and to have experienced it), especially if just out of school, but now things are unclear.

Many (of the better) tech companies have their headquarters in the Bay Area, and it's been commonly said that working out of any other office is a poor experience.

pfarnsworth 1 day ago 0 replies      
If you are young, single and in tech, then it makes sense. You don't care if you share an apartment or even a room, you'll make good money and you'll acclimatize to how ridiculous the prices are over a few years.

If you are older, and you have a spouse and/or kids, then it makes less sense. It actually makes no sense if you're coming from a low cost area, and more sense if you're moving from NYC to Bay Area. If you're coming from a low cost area, you will suffer, because even if you owned your house outright, if you sell it it may be a decent downpayment, and then you'll have to spend a lot of money on mortgage. Plus school, commute, etc. I wouldn't recommend it in that situation.

_lex 1 day ago 1 reply      
This analysis is very low quality. Engineers move to the bay area not for salaries, but for equity and RSUs. It's not unusual to make your salary again in RSUs, which are usually not that risky. Equity is a mixed ball, however. But these two factors are the unique element in the Bay area, and why you should move there. If you are an engineer in the bay area without loads of equity or RSUs, you're getting ripped off.
framebit 1 day ago 2 replies      
State and local taxes are a big concern that didn't get any mention in the article.
s3nnyy 14 hours ago 0 replies      
There is no doubt that the big four (Google, Microsoft, Amazon, Facebook) and hot tech startups like Airbnb pay really well.

However, I think that "normal" companies in the Bay Area pay normal salaries.

If you are a normal software engineer, who wants to have a family, you are better off in Zurich. Here you can make similar money and have lower living expenses.

Disclaimer: I run coderfit.com, a platform which should become hired.com / triplebyte of Europe and I live in Zurich. Read my story about Zurich that I wrote two years ago: "8 reasons why I moved to Switzerland to work in tech" - https://medium.com/@iwaninzurich/eight-reasons-why-i-moved-t...

anigbrowl 1 day ago 0 replies      
Not if rent/property prices are a major economic factor for you. Obviously you can find deals if you know someone or get lucky, but housing prices have gone back to pre-recessionary craziness. As a homeowner I regularly get mail from real estate agents offering to get the best price if I want to sell; over the last 5 years prices in my neighborhood have increased 300%. Yes, three hundred per cent. A small one bedroom apartment in this nice-but-not-fancy North Oakland neighborhood typically starts around $2000/mo.

There's just too much money chasing too few housing units, and while I am seeing a fair amount of new residential construction in the last few years it's only a fraction of the amount demanded.

Mz 1 day ago 0 replies      
My favorite line from the article:

(Perhaps you have heard about...) ...the guy on Reddit who calculated that it would be cheaper to commute daily to the Bay Area from Las Vegas by plane than to rent an apartment in San Francisco?

However, I am going to nitpick the title:

Does It Make Sense for Programmers to Move to the Bay Area?

This question really ought to be:

Does It Make Financial Sense for Programmers to Move to the Bay Area?

I will also suggest that there are facets to this question that really are not covered by the article. I am keenly aware of this because I returned to California as soon as I could for health reasons. My health is simply better here ("here" being California -- I am not in the Bay Area currently).

My condition can be very expensive and very debilitating when it is not well controlled. So, while I am horrified by real estate prices out here, for me it makes more financial sense to be here than to be someplace that keeps me too sick to work while running up medical expenses.

There are many reasons to want to live in a particular place. While criticism of the insane cost of living and insane pace of inflation is totally valid, I think it is problematic to boil down a decision about which job to take or where to live to these (specific) financial metrics (of salary and rent). Life is multifaceted. Such decisions do not hinge entirely on money.

samuraig 10 hours ago 0 replies      
I haven't seen anyone else make this point, but the other vicious cycle to consider is the 7-10 year downtown cycle that the Bay Area goes through (1991, 2000, 2008, 201?). When this happens, the tech companies gleefully (privately) and sadly (publicly) lay off all their middle-aged employees (many now with families), and many smaller companies just fold or get bought. Those people have to hunker down or sell their assets and get out (this was me, 1998-2013 worked/lived in BA).

Then 2 years later, it's all back to hiring and partying, but for recent college grads and twenty-somethings who are suckered into the cycle and are unaware of the history.

But I'm sure 2017 will be different...

Heraclite 18 hours ago 0 replies      
After having spent some time in SF in the whole "startup ecosysem", my dream is now to run a 100% boostrapped business, totally location-independant.
linkregister 1 day ago 0 replies      
Mixing median rent and average (mean) salary is confusing. Why not go with median salary?
WhitneyLand 1 day ago 1 reply      
Does this article have anything insightful?

It's easier to compare against Seattle: The housing is still very expensive, and you get only half as many sunny days.

Why not compare to someplace like Austin? Most people can afford a real house, it's very sunny, great grad school, great culture, great startup scene.

The SV big company advantage is not true. Most of the same big tech companies have a presence in Texas. And guess what. If you work for Microsoft, Amazon, etc, you get all the same stock compensation, same retirement matches, and your resume sparkles just as brightly.

The biggest advantage for SV that they don't even mention is making deals. VCs/Funding, partnerships, contacts, etc. All of these exist elsewhere just on a smaller scale. However this stuff is mostly an advantage if you start a company.

TripleByte's case is pretty weak.

pdimitar 1 day ago 2 replies      
> Its easy to hear data and stories like these and conclude that programmers moving to the Bay Area are suckers. After all, salaries have not risen by 70% in the past four years. But what this analysis misses is the extent to which this place and time is exceptional.

The author lost me right there, even though I did make an honest effort to read the article to the end.

(1) There are plenty of "brain centers" in the world. The fact that they don't tout it day and night makes them no worse than the Bay Area. In fact, as an European, I am more likely to move to Gothenburg, Oslo or even Reykjavik than the Bay Area -- on this basis alone. Most of us Europeans strongly dislike touting. In fact it says a lot to me and many others how the Bay Area gets the most press coverage of being the "tech innovation center of the world". Center of what? The 99% of failed startups that want to disrupt markets that didn't exist yesterday? Center of "work 16 hours a day for the measly promise of 1% equity if we ever take off"?

(2) "Amazing place and era to live in" is a good inspirational motto... and it only works until you get your first burnout and wish to just make good money and be at peace, and have time for your other hobbies, significant other or whatever else. I feel sorry for all the tryhard after-teens who are about to find that out the hard way.

(3) Company valuations in billions rarely mean anything. I am too lazy to dig around but I clearly remember there were cases of several companies being valued close to 1 billion, only to be sold for ~30 millions several months later. This is hype, it's produced by the investors and VCs themselves, they profit from it, and it has almost zero real-world credibility. I might be oversimplifying this; but I am convinced I am not that far off.

(4) The historical flashbacks only make the author want to desperately justify how cool is it to live in the Bay Arean. No, sorry; I'd honestly prefer 14th century Venice compared to San Francisco. There were tangible things to see there, for example Michelangelo's art. What can SF show you? Zombified devs hurrying for their commute, hellbent on zombifying themselves even more in the name of a cause that's 99% likely to fail?

rurban 15 hours ago 1 reply      
There are already a bunch of valid arguments made here. Double salary, double career opportunities vs 2-4x expenses for rent and food, opportunism all over.

But the biggest contra argument I had was the Diablo nuclear power station directly at the coast (protected by 6m walls) and directly near the a huge fault which will hit soon. The other 3 corners of the Pacific ring of fire already hit their 9.x in the last decade, San Fran not yet. And this will be in the country, not 50 miles outside. If so you get the Diablo meltdown by tsunami, if not something much worse. And then the career in this company will only be short term.

So not.

hellofunk 16 hours ago 0 replies      
I think it makes sense for programmers or anyone else in this universe to do what they love to do and want to do. If moving to SF is the best way for you to do that, then sure, move there.

But I don't think it is. A place with much lower cost of living might give you much greater freedom to explore your interests and hone your skills, develop your talents, let you wander through your own ideas, implement your own projects, grow as a developer in a way that working for a company would not.

I'm a believer that more interesting things get done when talented people are left on their own to explore. Maybe down the line you get a job in SF after all that exploration is over. But I'm not sure that exploration ever really ends.

geggam 13 hours ago 0 replies      
Yes, If you have never been around Silicon Valley culture do experience it. The culture and knowledge sharing is invaluable.

If you have a family do not go to Silicon Valley.

Loved living in the Bay Area.

Hated the commute. Hated the prices of everything.

Loved the culture. Loved the crazy you can only find in SF ( altho much of that is moving to places like that warehouse which burned in Oakland ) Loved the beautiful ocean beaches.

Rent prices... well... you will lose money moving to the bay unless you get a ludicrous salary.

Single.. I wouldnt hesitate. Married with kids. Stay away from The Bay.

kosei 21 hours ago 1 reply      
This article focuses entirely on cost of living through home pricing, however there are many additional areas impacted. First, perhaps most importantly, Washington does not have state income tax. Additionally, there are differences in price of groceries, restaurants, etc that are not considered here.
hacknat 21 hours ago 0 replies      
I just left Seattle a year ago, be careful about confusing Seattle Metro with Seattle. Seattle is surrounded by water and its mass transit system is nascent, so it's pretty hard to live too far outside the city to take advantage of the cheaper real estate.

Seattle city proper prices are getting ridiculous and I suspect they will catch up with the Bay Area quite quickly and maybe even surpass it.

Seattle doesn't come close to the level of tech/economic output that the Bay does, but the output is more geographically dense. Amazon is, effectively in downtown Seattle. The most far flung tech outlier is Microsoft a mere 20 miles away. Expedia moved all of its staff from Bellevue to downtown. I would venture to put median home prices closer to 600k than the 450k reportedly here.

brilliantcode 1 day ago 0 replies      
I'm just not sure if the cost of living is worth the pay increase both from a service provider and business owner perspective....

Arguments like network effect, "being in the ecosystem" or near physical vicinity of other SV startups seem to be the face value but these are only superficial items.

I almost feel like with the connected world, as long as you are in a fairly crowded North American city, it shouldn't matter....unless your customers were all focused in SV area.

I'm not a city slicker or a instagram traveler so please feel free to offer any alternative view. Maybe being in SF is important but I'm too biased (haven't left Vancouver for 20+ years)...

gregatragenet3 1 day ago 1 reply      
Go to the bay area, spend a few years becoming ridiculously skilled and invaluable to your organization. Then tell employer you'll be moving to X and telecommuting. X being somewhere with a lower cost of living, and someplace you love (nice beaches, near family, etc).
JKCalhoun 1 day ago 1 reply      
If you plan on buying a home it is worth considering the future when you decide to (semi?) retire from Corporate and sell the kid-raising home.

Cashing out in Arkansas means you can move to ... a cheaper part of Arkansas. Cashing out in Silicon Valley means you can go about anywhere.

nsxwolf 1 day ago 2 replies      
I'm married with 4 kids. We like living in roughly 3,000 square feet of housing with on roughly a quarter acre of land, so I'm going to guess in absolutely no universe could it ever make sense for us to move to the Bay Area.
wlk 1 day ago 2 replies      
I use this website to compare costs of living between countries and cities: https://www.numbeo.com/cost-of-living/compare_cities.jsp

Here's example for Seattle and SF: https://www.numbeo.com/cost-of-living/compare_cities.jsp?cou...

I'm wondering if anyone could comment if those numbers look accurate for those cities.

kin 1 day ago 0 replies      
It depends. If you're just starting out, it could make sense to move to the Bay Area to work for a big name company that will teach you a lot and make you look better on paper. You'll even get a higher salary to use as slight leverage when you decide to work in a different city. Yes, rent in the bay is expensive. But, at least a lot of things will cost the same. An Apple product will cost the same whether you live in the midwest or the bay. A vacation will also cost the same no matter where you live. Just a different perspective of looking at this argument.
bkbridge 1 day ago 0 replies      
As a New Yorker, all we're hearing here is LA, LA, LA. Just a heads-up.

Smoke a joint in NYC, spend a night in jail. Smoke a joint in LA, change the world. How I look at it all.

We got Brooklyn, and that's about it.

disposablezero 23 hours ago 0 replies      
If one plans to take full advantage of brain, entrepreneur, capital and customer concentrations then yes. Otherwise, scarcity elsewhere make for increased career leverage (at varying income / cost of living ratios) elsewhere.

Also: https://news.ycombinator.com/item?id=13178495

hrshtr 1 day ago 0 replies      
I have been in Bay Area for little over 3 years with a fairly stable company. The opportunities are many in all technical fields(pro) but again it comes with the cut throat competition(con). One has to compete with people from FB/Google or new grads who have mugged all DS questions. My interest to stay in Bay Area is with the hope I could be able to join one of the companies which will be Uber/Airbnb of tomorrow and gain great experience and $$$.
makecheck 1 day ago 1 reply      
When I started my career I ended up in Austin, Texas. At the time, I didnt know much about the place (and it was much smaller than now) but it really is a serious tech hub. Even at its current absurd rate of growth and increasing cost of living, it is more affordable than the Bay Area and has enough else going on that it isnt an exclusively tech climate. Politically, Austin is like a blue bubble in a red state so it is more California-like in that sense too.
robrenaud 1 day ago 0 replies      
It's kinda bad that the article fails to mention the possibility of working at Google or Facebook in Seattle. You can get nearly as high comp without the taxes and high housing costs.
platita 1 day ago 0 replies      
Doing some goal factoring and trying to really understand what reasons would keep you in Bay Area is a good excercise. I'm guilty of noticing being stuck in this artificial prison quite late myself. :) https://medium.com/teleport-stories/another-kind-of-silicon-...
bandrami 1 day ago 3 replies      
DC/NoVa is hurting for programmers. Particularly if you can get a clearance, there's no shortage of work out here, at a (somewhat) cheaper cost of living.
thinkpad20 1 day ago 2 replies      
> At Triplebyte, we help engineers around the country (and world) get jobs at top Bay Area companies

I admit that I stopped reading at this point. Maybe I read that wrong and they meant "in addition to other areas", but from the way it's written it sounds like a conflict of interest. It's going to be difficult to make an objective assessment of the pros and cons of living in the Bay Area if your business depends on people wanting to live in the Bay Area.

dongslol 1 day ago 2 replies      
As a college dropout, I have nowhere to go but the Bay Area, where many startups don't care much about credentials. Everywhere else does.
alasdair_ 23 hours ago 0 replies      
A major selling point for Seattle over SF is the complete lack of state income tax. Losing an extra 10% of your money before you receive it is pretty painful, and it's especially painful if you get stock options and cash them out while an SF resident.
aecorredor 1 day ago 1 reply      
"drone programming in Clojure" this...hahaha
nfriedly 1 day ago 0 replies      
I spent a year in the Bay Area before moving back to Ohio, and this rings true:

> ...when engineers from the Bay Area relocate to other areas, they out-earn engineers on the local market.

I think that part of it, for me at least, is just having the confidence to ask for more.

sytelus 21 hours ago 0 replies      
The comments are full of opinions. It would be interesting to know experience of anyone who has moved to Bay area, have family and does not have double income :).
joshlittle 1 day ago 2 replies      
I always feel like these articles are one sided - jobs and money. Those things make life easier but ultimately are not the things that make life worth living. This article hits on none of the reasons I moved here after several prior extended stays in the City. For what I want out of life, it absolutely made sense for me to move here - even with only $2K in cash, no job, and no place to live at first.

I came here for the things you can't easily put a price on - like the weather, local arts, music, and culture. Also driving into the mountains, or down the coast of California. Chicago is no slouch for fun but cold days like this make me glad I'm not waiting for the 'L' outside anymore. SF weather is generally magical.

Being in a top US city still gets me direct, reasonably priced, and frequently scheduled nonstop flights to family/friends in places like Chicago, Cincinnati, Los Angeles, Seattle - not always attainable in some of these smaller tech hubs (like Portland, or Austin.)

When people move here, there is a constant worry about how much money they will make or what company they work for - I didn't sweat it.

Within a month after arriving, I landed a great career. I spent the last two years exploring other hobbies and interests, and nurturing healthy new friendships.

Biggest tip I can give - It's nice to get to know people who've been around here for a while, they've seen it all before. Show an interest in your local community. Volunteer your time but branch out of tech. Get to know people here in all walks of life; show compassion You just may be liked enough by some old school San Franciscans that refer you to one of their friends; who rent you their old place (with parking and views on Twin Peaks) for $1200. It worked for me.

San Francisco is not an expensive city because of tech alone, it's always been a bit on the expensive side; as there's no place in America like it.

Of course this is my experience. I merely bring it up just as a reminder that there's so many things to focus on when decide whether or not moving here is worth it. The questions that guided me in my decision to move here were:

What are my goals long-term? What made me decide to move here? What is my contribution to the local community and society - outside of working in tech? Will I ultimately grow as a person; both personally and professionally?Is there enough other activities around that will keep me from being bored that I'll enjoy?

My $.02.

x0x0 1 day ago 1 reply      
The article is poorly argued.

Paragraph 2 -- if you pick a winning startup (uber, etc) then the bay area is great! Well, yes. The problem is picking that winning startup, and really, if you're good at that, stop wasting your life as an engineer and go invest money for a living. We shouldn't expect eng to be able to pick better than vcs, and their hit rate isn't great.

It also uses pre-tax salaries, not after tax salaries, where Seattle has a large advantage; even at $120k, you get $5k more in cash in Washington state. Which may not sound like much, but you should view it not as 5/120 but as 5/80 (roughly your take-home pay).

The discussion of housing (where exactly is that sub $800k housing in sfbay) ignores commute times and costs. Sure, if you want to live in outer sunset or east bay and deal with horrid commutes, there's cheap housing. If you want to live within 30 minutes of work, housing will likely be much more expensive.

The author also pays no attention to the effects of having to reset your social network / family to exploit moving to sfbay, banking the higher salary, then moving away. That's a large price to pay if your plan is to get to your mid 30s then move elsewhere. And hard to achieve buy-in from significant others who may similarly not be stoked about losing all his/her friends.

And finally, it finishes with a discussion of the two most generous employers, google and fb. Who, yes, are generous but also not representative.

bcheung 1 day ago 1 reply      
One thing the article is missing and not factoring in is home ownership. It can be a tremendous form of "compensation" as well provided you can weather out any downturns (10 years will probably be sufficient).

With high salaries you have high tax brackets. Probably 40-50% total marginal tax rate with state, federal, and all the misc taxes. Being able to subtract your mortgage interest and the fact that your "rent" is going to pay down equity, on paper at least, your living costs are actually lower. Even more so if you have roommates.

Factor in 4-10% appreciation with leverage (10% down = 1000% leverage) so that becomes a 40-100% annual ROI.

Work in the bay area for about 10 years when you are young and then sell your house. You can buy another house somewhere cheaper for cash and then retire.

Might also be possible to just rent out the house in the bay area. The rent should cover rent some place cheaper and have plenty of additional cash flow to live on each month.

tatterdemalion 1 day ago 1 reply      
Bay Area tech is a gold rush, and Triplebyte sells shovels. Of course you'll strike it rich.
automatwon 1 day ago 0 replies      
This growth creates opportunity. Startup jobs, big company jobs, drone programming in Clojure
blazespin 1 day ago 0 replies      
Living in the bay area is not necessarily expensive. I pay like very little in rent. It all depends on how you want to live.
khana 1 day ago 0 replies      
Pretend you live in the bay area and use Skype.
timothycrosley 1 day ago 3 replies      
The smartest thing would be to start in Bay Area, and then transfer to Seattle at the same pay rate.
ww520 1 day ago 0 replies      
Move to area of high cost of living for work. Retire to low cost area.
jasonjei 1 day ago 6 replies      
I do not understand the obsession the software industry has for locality. Wouldn't it make sense for people to work anywhere? Haven't Bay Area companies heard of something called the Internet?

If you have to have people in the office to make sure they're working, you already have a fundamental hiring problem.

DoodleBuggy 1 day ago 0 replies      
Yes absolutely. For career opportunities alone, yes.
amyjess 10 hours ago 0 replies      
I will never, ever move to NorCal.

I find the Silicon Valley tech industry degenerate, and I honestly have no desire to be part of it. I'd rather work a corporate job at a traditional company than have anything to do with SV. I'm not fond of the general non-tech atmosphere in NorCal either... the lack of quality Mexican food puts me off in a big way.

On top of that, NorCal is the most expensive part of the US. Even SoCal is considerably cheaper (and I'm honestly considering moving to SoCal when I have to flee Texas next year).

tn13 1 day ago 0 replies      
For the following reason:

1. Bay area is extremely tolerant of immigrants and of different people. 2. Bay area is an excellent place for raising kids. The opportunities for your kids to learn are simply endless. There are excellent colleges near by and some of USA's best high schools. 3. Your experience as a programmer in bay area will always be valued more than your experience in Denver other things being same. 4. Job hopping is easier, finding another job when fired is even easier. 5. Skewed gender ratio means women might get more attention. 6. Networking opportunities are unparalleled in the world.

Disadvantages: 1. If you don't like racial, ethnic diversity then you might be uncomfortable in bay area. 2. If you are a single male finding a girl would be harder in bay area. 3. Competition is cut throat and sometimes it is stressful. 4. Job security is less as there are more people out there who can replace you. 5. California's tax policies and other government policies are very tyrannical and sometimes pure nonsensical. The Liberal state is far too liberal with your money. 6. Housing is bad. 7. Everything is expensive.

hiram112 1 day ago 1 reply      
It all depends on your own situation.

I, myself, moved from the Midwest to a very high COL East Coast city 7 or 8 years ago. My salary has pretty much doubled, though I imagine at this point it is about $40K more than I could get back home.

But I live very frugally, and I have saved a lot of money. The plan is to soon get out of here and buy a nice place somewhere cheaper (South or Midwest) with cash and not worry about making the same salary.

OTOH, I think many people end up losing out financially in places like NYC and SF. If your salary is only $40K more than it would be in Omaha, after taxes, you're probably looking at only $30K. If you rent a typical corporate apartment, you're probably now underwater.

I think we're going to start seeing more and more people refusing to move to SF, NYC, and DC if salaries don't allow similar lifestyles as $20K less in middle America.

dorianm 22 hours ago 0 replies      
Yes :)
ap22213 1 day ago 0 replies      
If you want status, sure. But, if you're relatively good and want money, then no.

Economics is about supply and demand. And, every city in the world wants high-end developers. Many companies are willing to pay a lot because they have a shortage. But keep in mind that they're looking for someone who's good in more than just programming.

imagist 1 day ago 1 reply      
Headline follows Betteridge's Law.
stakhanov 17 hours ago 0 replies      
wow, this article, and the discussion in this forum is doing a great job at substantiating an idea that's been swirling around my head for a long time now.

i personally have made a lifestyle choice not to work for any company that won't allow me to work largely remotely. i often apply to great companies who do interesting stuff and pay well, and then i hear "sorry, we don't do remote". that can be very frustrating. i'm losing a contract right now with a company that decided they were going to switch to a non-remote policy. that too was very frustrating. but the kind of data that's pointed to here really shows that the joke is on them.

think about the cost base of a completely centralized non-remote company: a large share of their employees' salaries goes into their landlords' rather than their own bank accounts. a large share of their time goes to crazy commuting routines rather than actual work.

tell your employees "okay, you make $140000 dollars now, but $30000 goes to your landlord for the privilege of being in the BA. work remotely, move to wherever you want, and we'll pay you $125000". both the company and the employee have $15000 to gain. that's 12%!

tell your employees: "okay, you do 8 hours of work now, and you do 2 hours of commuting each day. why don't you work from home for 9 hours instead." both sides win. the company gains an hour of work, and the employee gains an hour of time to themselves. if we subtract holidays, sick days etc. so that we assume that a year normally has 220 working days, that's 220 hours over a year.

cumulatively that adds up as follows: $140000 over a year for 220 x 8 hours equals an hourly rate of $80. $125000 over a year for 220 x 9 hours equals an hourly rate of $63. That's a 21% cost advantage for the company, and more money left over and a better life for the employee. Over a base of $125000 that 21% advantage is $26250 a year per employee.

i find it really funny how the word "coffee" keeps being brought up by people who deny that there's an economic opportunity here. when i lost my current remote contract, the argument was something like "sorry, our culture is such that so much information exchange is taking place over a coffee, and so many decisions are being taken over a coffee that we can't have you working for us if you can't be a part of that". someone in this discussion thread suggested that it's important to be able to "have coffee" with investors and co-founders. i get the point that we're all meant to be social creatures, and it's nice to be able to have coffee with people. but i'd seriously question the business acumen of people willing to value it to the tune of $26250 per employee per year.

the other thing i find interesting about this article and the discussion thread is that it's another example showing how markets always find a way to get into an equilibrium that rules out the possibility of any such thing as a "free lunch". the article mentions the idea of "building equity." my own first job was in a high-paying finance role, working with lots of other young people who come in with extremely naive ideas around the notion of building equity. "i'll work like crazy for top dollar until i'm 35. if at that point i want to deleverage my lifestyle, i'll always have that option. i'll be able to move to a trailer park and never have to work again in my whole life if it turns out at that point that that's what i want to do. by building equity i'm just expanding my options, never reducing them". the point i'd like to make is: earning more is easy. building equity at a higher rate is hard! the point of departure for your thinking might be "move to the BA because of the higher salaries". but then you start to think things through: "higher rents, higher costs of living, higher taxes, higher risk when you should find yourself out of work for a month, bad situation if you're foreigner, build a life there, then lose your job", and you inevitably conclude. "well there's no such thing as a free lunch in the BA either."

sealthedeal 1 day ago 0 replies      
"The Bay Area in the early 21st century has produced an astounding number of successful tech companies. Uber was valued at $60 million in 2011 and at around $68 billion in late 2015 [1]; Stripe at around $500 million in 2012 and $9 billion during its most recent funding round; and Twitch at just under $99 million in September 2013, before Amazon acquired it for $970 million less than a year later."

^^^ Is not a selling point. Those are anomalies. How about the hundreds of other companies that are going under consistently everyday in the bay area. If I want to work for startups why would I not move to some where like Austin Tx? Get good experience, have a reduced cost of living, and have no state income tax?

jjtheblunt 1 day ago 0 replies      
The Talk smbc-comics.com
414 points by based2  14 hours ago   43 comments top 11
mrfusion 14 hours ago 7 replies      
I'd like to see more complex topics explained this way. Imagine an organic chemistry comic novel!

I think people make a lot of topics seem way more complicated than they need to be, probably to make themselves feel important.

adekok 12 hours ago 0 replies      
(ex) Nuclear physicist here. I wish I had had this explanation at the start of my quantum mechanics courses.
SamBam 11 hours ago 1 reply      
Heh heh, I like the dig at Penrose at the end.

(Only because I used to argue the exact same thing with my dad when I was a teen, and we had both read his books, and I have a human bias that when I read something that agrees with me, I smile, feel vindicated, and don't think about it further.)

devilsavocado 12 hours ago 0 replies      
For a more in-depth, but still funny and entertaining, explanation of quantum computing check out 'Quantum Computing Since Democritus' by Scott Aaronson, the co-author of this comic.
iopq 11 hours ago 0 replies      
I didn't understand any of that.
dkonofalski 11 hours ago 0 replies      
I understood some of those words. 5/5. Would read again.
cm127 11 hours ago 3 replies      
I'm starting to become skeptical of our understanding of quantum mechanics because we completely discredited a common theory with only one experiment over a hundred years ago:


We never recreated the experiment again until Ernest Wilbur Silvertooth did about one-hundred years later in the 1980s. He found a possible connection to the Ether, but by this point every scientist in the world committed to thinking the opposite; they didn't care for his findings.

People say GR works, but they keep running into weird situations where they have to keep fudging their mathematical models -- none of the equations work together, i.e. no unified field theory, -- and everyone is too afraid to suggest we've been approaching it all wrong.

God, I love how political science has become: funding, faith, pride... The world didn't care for Galileo's theories, either: it turned their whole world upside-down.

acqq 13 hours ago 2 replies      
For the first time viewers: don't miss to hover over the cartoon (or on the iOS, long press on the image):

"Somewhere in the multiverse, there's a superior universe where all comics are this dorktastic."

And the big red button at the end:

"Out-nerd me now, Randall!"


And more to read: Scott Aaronson's "Making of The Talk":


andrewclunn 12 hours ago 0 replies      
On the scale of, "Scientists keep their discoveries hidden," to, "Overly simplified explanations abound in order to 'popularize' science," we've definitely gone too far the other way. Of course the only remedy then is more precise explanation. Favorited.
qwertyuiop924 10 hours ago 1 reply      
Was that last frame a dig at Douglas Hofstadter?

Zach, I think you may have finally surpassed Randall.

grabcocque 12 hours ago 1 reply      
The even bigger problem is that current quantum computers, if indeed they are, are not heading down the universal quantum computer route, but instead heading down the route of adiabatic quantum annealing. I mean if you can explain that to your kids, could you explain it to me?

I would take issue with various claims in the comic anway. The idea that quantum mechanics is a "generalisation of probability" is itself a simplification. The wave function can be used to derive the probability P=.*, but it's not probability per se. It does neatly encapsulate why the Copenhagen Interpretation of the wavefunction leads to a lot of magical thinking about what the wave function represents.

I've been writing ring buffers wrong all these years snellman.net
337 points by b3h3moth  1 day ago   163 comments top 25
jgrahamc 1 day ago 7 replies      
This is of course not a new invention. The earliest instance I could find with a bit of searching was from 2004, with Andrew Morton mentioning in it a code review so casually that it seems to have been a well established trick. But the vast majority of implementations I looked at do not do this.

I was doing this in 1992 so it's at least 12 years older than the 2004 implementation. I suspect it was being done long before that. Back then the read and write indexes were being updated by separate processors (even more fun, processors with different endianness) with no locking. The only assumption being made was that updates to the read/write pointers were atomic (in this case 'atomic' meant that the two bytes that made up a word, counters were 16 bits, were written in atomically). Comically, on one piece of hardware this was not the case and I spent many hours inside the old Apollo works outside Boston with an ICE and a bunch of logic analyzers figuring out what the hell was happening on some weird EISA bus add on to some HP workstation.

It's unclear to me why the focus on a 2^n sized buffer just so you can use & for the mask.

Edit: having had this discussion I've realized that Juho's implementation is different from the 1992 implementation I was using because he doesn't ever reset the read/write indexes. Oops.

phaemon 1 day ago 9 replies      
> Join me next week for the exciting sequel to this post, "I've been tying my shoelaces wrong all these years".

Probably. Use the Ian Knot: http://www.fieggen.com/shoelace/ianknot.htm

Seriously, spend 20 mins practising this, and you'll never go back to the clumsy old way again.

cannam 1 day ago 0 replies      
I love the way this discussion has divided neatly into thirds: history of ringbuffers; digression on shoelaces; fragmentary, widely ignored, replies about everything else (this one included, I'm sure).

I like this kind of article and enjoyed this particular one, but the long discussion above about the "right" way to do it goes some way to justifying why so many people are happy to do it the "wrong" way.

I've implemented and used ring buffers the "wrong" way many times (with the modulus operator as well!) and the limitations of this method have never been a problem or bottleneck for me, while its simplicity means that it's easier to write and understand than almost any other data structure.

In most practical applications, it's memory barriers that you really have to worry about.

planckscnst 1 day ago 5 replies      
This is another interesting ring buffer implementation that uses mmap. https://github.com/willemt/cbuffer
ChuckMcM 1 day ago 1 reply      
I have always considered these "double ring" buffers. Along the same lines as how you figure out which race car is in the race is in lead by their position and lap count. You run your indexes in the range 0 .. (2 * SIZE) and then empty is

 EMPTY -> (read == write) FULL -> (read == (write + SIZE) % (2 * SIZE))
Basically you're full if you're at the same relative index and your on different laps, you are empty if you at the same relative index on the same lap. If you do this with power of 2 size then the 'lap' is just the bit 2 << SIZE.

ams6110 1 day ago 4 replies      
Why do people use the version that's inferior and more complicated?

Because it's easier to understand at first glance, has no performance penalty, and for most busy programmers that often wins.

tveita 1 day ago 0 replies      
The Linux kernel seems to leave one element free, which surprised me, but it does have this interesting note about it:


 Note that wake_up() does not guarantee any sort of barrier unless something is actually awakened. We therefore cannot rely on it for ordering. However, there is always one element of the array left empty. Therefore, the producer must produce two elements before it could possibly corrupt the element currently being read by the consumer. Therefore, the unlock-lock pair between consecutive invocations of the consumer provides the necessary ordering between the read of the index indicating that the consumer has vacated a given element and the write by the producer to that same element.

dom0 1 day ago 1 reply      
falcolas 1 day ago 3 replies      
Usually when I'm writing a ring buffer, it's for tasks where the loss of an item is acceptable (even desirable - a destructive ring buffer for debugging messages is a fantastic tool). As such, I simply push the read indicator when I get to the r=1, w=1 case.

Using the mask method is slick (I'd cache that mask with the array to reduce runtime calculations), but it's definitely going to add cognitive overhead and get messy if you want to make it lockless with CAS semantics.

RossBencina 1 day ago 0 replies      
From what I understand, this is the way you'd do it with hardware registers (maintain the read and write indices each with one extra MSB to detect the difference between full/empty).

We've been using similar code in PortAudio since the late 90s[0]. I'm pretty sure Phil Burk got the idea from his hardware work.

[0] https://app.assembla.com/spaces/portaudio/git/source/master/...

pawadu 1 day ago 0 replies      
> This is of course not a new invention

No, this is a well known construct in digital design. Basically, for a 2^N deep queue you only need two N+1 bit variables:


tankfeeder 1 day ago 0 replies      
PicoLisp: last function here as circular buffer taskhttps://bitbucket.org/mihailp/tankfeeder/src/3258edaded514ef...

build in dynamic fifo functionhttp://software-lab.de/doc/refF.html#fifo

kazinator 1 day ago 0 replies      
> don't squash the indices into the correct range when they are incremented, but when they are used to index into the array.

Great! Just don't use it if the indices are N bits wide and the array has 2N elements. :)

Not unheard of. E.g. tiny embedded system. 8 bit variables, 256 element buffer.

jstanley 1 day ago 0 replies      
I had to pause for a second to convince myself that the version relying on integer wrap-around is actually correct.

I guess that's the reason most people don't do it: they'd rather waste O(1) space than waste mental effort on trying to save it.

phkahler 1 day ago 1 reply      
I find the headline very interesting. It's very inviting because of the way it expresses a sort of epiphany about doing it wrong on a mundane programming task. One is tempted to read it in order to see if there is some great insight to this problem. just maybe it's applicable outside this one problem. It begs the question: if he's been doing it wrong on a fairly mundane thing, maybe I am too. I need to see what this is about.
hzhou321 1 day ago 2 replies      
He keeps stating the case of one-element ring buffer. Is that a real concern ever?
noiv 1 day ago 0 replies      
Just in case, StackOverflow has some variations for JavaScript, although not that much optimized ;)


ansible 1 day ago 0 replies      
Hmm..., interesting.

I've always been doing it the "wrong" way, mostly on embedded systems. My classic application is a ring buffer for the received characters over a serial port. What's nice is that this sort of data structure doesn't need a mutex or such to protect access. Only the ISR changes the head, and only the main routine changes the tail.

ared38 1 day ago 0 replies      
Dumb question: why use power of two sized rings? If I know the reader won't be more than 100 behind the writer, isn't it better to waste one element of a 101 sized rings instead of 28 of a 128 sized ring?
falcolas 1 day ago 2 replies      
My C is rusty, but won't this act... oddly... on integer overflow?

 size() { return write - read; }
0 - UINT_MAX -1 = ?

[EDIT] Changed constant to reflect use of unsigned integers, which I forgot to specify initially.

ts330 1 day ago 0 replies      
i love that he has 20 different shoelace knots! life was too simple before now.
geophile 1 day ago 1 reply      
His favored solution introduces subtlety and complexity. Remember that 20-year old binary search bug in the JDK a few years ago? That is the sort of bug that could be lurking in this solution.

I understand not wanting to waste one slot. A third variable (first, last, count) isn't too bad. But if you really hate that third variable, why not just use first and count variables? You can then compute last from first and count, and the two boundary cases show up as count = 0 and count = capacity.

zimpenfish 1 day ago 1 reply      
If you use modulus instead of bitmasking, it doesn't have to be power-of-2 size, does it?
blauditore 1 day ago 0 replies      
> I've must have written a dozen ring buffers over the years

Why would someone do this instead of re-using previous (or third-party) implementations? Of course unless it's all in different languages, but I don't think that's the case here.

doktrin 1 day ago 1 reply      
> So there I was, implementing a one element ring buffer. Which, I'm sure you'll agree, is a perfectly reasonable data structure.

I didn't even know what a ring buffer was

where do I dispose of my programmer membership card?

edit : lol, what a hostile reaction...

Sharing National Security Letters with the Public blog.google
335 points by 0mp  2 days ago   134 comments top 17
mr_spothawk 2 days ago 1 reply      
> Over 300,000 NSLs have been issued in the past 10 years alone. The most NSLs issued in a single year was 56,507 in 2004. In 2013, President Obamas Intelligence Review Group reported; that the government continues to issue an average of nearly 60 NSLs every day. By contrast, in 2000 (the year before the passage of the USA PATRIOT Act that loosened NSL standards), 8,500 NSLs were issued.


* - formatting

timbowhite 2 days ago 0 replies      
> we have been freed of nondisclosure obligations.

> the Act restricts the use of indefinite gag restrictions that prevent providers from ever notifying customers

Did Google say anywhere in that blog post that they've notified the users the NSLs were targeted at?

EDIT: no, but from the TC article[1]

> A Google spokesperson said the usernames were redacted to protect user privacy and that the targeted individuals had been notified.

[1] https://techcrunch.com/2016/12/13/google-national-security-l...

bahmboo 2 days ago 2 replies      
From the statute (and in the letters):

> the information sought is relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities, provided that such an investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution of the United States.

Of course they could still lie but you can't be investigated just for your protected speech. Not defending the whole thing, but didn't realize that requirement until now.

[edit: formatting]

JorgeGT 2 days ago 5 replies      
Tangential: it always annoys me how difficult it is to highlight text in a Google blog post and look it up. Drag doesn't work and right click clears the selection. My only working approach is highlight and hit menu key.
gxs 2 days ago 2 replies      
It's interesting that most of these are only for:

>>...name, address, length of service, and electronic communications transactional records for all services, as well as accounts...

Makes me think they would submit two requests: one for metadata and one for content. This would allow them to let google publish more "innocuous" letters while continue to gag order letters where they request more intrusive information.

Would love to hear the opinion, however, of someone who unlike myself knows what they are talking about.

mikiem 1 day ago 0 replies      
Interesting. As a service provider (hosting) we have received many "court orders" that are very similar to these NSLs... but they were not NSLs. Now that I see these NSLs, I am not that freaked out by them. I'm not sure of all the hub bub, at least for these particular NSLs. The scope of these is basically limited to identifying the user. These specifically say to not provide content of the account to the FBI. The not-NSL court orders we have received have included verbage to not disclose the request to the subject of the request.

I thought NSLs were supposedly non-contestible, broad and were for communication detail. These don't seem to be any if that.

The requests we have received have been from a variety of organizations (but signed by a magistrate) ranging from local law enforcement to three letter acronyms and one entity that is neither. While the requests don't say why the order is being issued, we usually receive a call from the agent/detective beforehand and dialog ensues in which they explain what's going on.

While many companies will just give the info, we scrutinize the request and ask the agent/detective politely and apologetically that we can help, but only if they acquire a court order. We have caught not-legitimate requests before, so we verify the request is legit before responding. We have never been asked for content of communications. If Google is not doing the same thing... oof. Just as a matter of process I assume they do. I recall in the past some networks having right in their WHOIS info, how/where Law Enforcement can send FAX requests.

bflesch 2 days ago 1 reply      
They redacted the NSL letter number on the top left of the second pages, but kept the file reference number "In reply, please refer to NSL 10-272979" both in the address box on first page and the name of the PDF file.
boomboomsubban 2 days ago 0 replies      
I only looked at one of them, but it seems that these are able to be released as they have the same illegal language as the Internet Archive release. Their language makes it sound like they were released due to the government being forced to review if they should be upheld.
CiPHPerCoder 2 days ago 1 reply      
Has anyone on HN ever been notified by Google/Yahoo/other that they were the subject of an NSL? I wonder if the people most likely to care about that are unlikely to ever be targeted?
haikuginger 1 day ago 1 reply      
The fact that the NSL numbers are sequential gives an interesting look into the scale of issuance.
tehwalrus 1 day ago 1 reply      
> In 2015, Congress passed the USA Freedom Act

Really?! That is a terrible name for a piece of legislation - it says nothing - even before you consider that it was messing with gag orders about executive overreach.

awqrre 2 days ago 3 replies      
I wish the FBI would be required to produce the original digital document instead of poor quality scans...
secfirstmd 2 days ago 2 replies      
I wonder how this writing of a NSL letter would affect an organisation's warrant canary (if they have one).
h4nkoslo 1 day ago 1 reply      
The interesting aspect of NSLs to me has always been authentication. One gets a fax, and one faxes some crap back? Trivially hackable. One contacts the phone number listed on the NSL? Ditto. How difficult would it be for the Chinese or the Russians to slide in their own "NSL" in the 30K / year "legitimate" ones?

In fact the feds make it intentionally difficult to authenticate requests; for instance they prohibit taking copies of federal IDs, they often won't submit them for actual inspection, and they have no directory of employees to consult. If one wants to confirm that one is speaking to a bona fide FBI agent you're looking at minimum an hour in phone tag, and then there is the issue of if they are relating a bona fide request or going off the reservation.

swalsh 2 days ago 2 replies      
Imagine the possibilities of this, combined with McCarthy's wet dream palantir.
bradleyjg 2 days ago 2 replies      
pauleastlund 2 days ago 0 replies      
Filmmakers Ask Nikon and Canon to Sell Encrypted Cameras wired.com
302 points by SonicSoul  1 day ago   203 comments top 25
jfindley 1 day ago 29 replies      
I'm not certain this has been thought through sufficiently. If an organization is in a position to confiscate the camera from a journalist, they're almost certainly ALSO in a position to extract the encryption password from the journalist.

It would be far better if the cameras automatically uploaded these photos[0], and could be configured to upload them somewhere outside of hostile reach, such as servers owned by the magazine/paper they work for.

A side issue is that being able to prove authenticity would be valuable, as the issue of faked news/images becomes more visible in the eyes of the general public. Having some sort of GPG signing of (image + gps time + gps position) would be valuable, although establishing the trust chain in practice would be quite difficult and requires some serious thought.

0: Yes, there's a question of how you get internet access in places such as the middle of a warzone, but something generic like wifi would allow individual papers to provide something like a satellite wifi bridge to enable uploads regardless of location (although the cost would obviously be large).

jdfellow 1 day ago 3 replies      
How about an SD card in to which SmartCard, the size of a micro SIM card, can be inserted. The SmartCard holds a public key, and any files written to the SD card are signed and encrypted using that public key. Decrypting the files would be accomplished with the corresponding private key which is kept separate on a different hardware device and using a PC.
devb 1 day ago 4 replies      
Could this be accomplished at the storage level instead of at the camera level? Could an SD card have an onboard encryption engine? We have cards with built-in wifi already.
peterbonney 1 day ago 4 replies      
This is a great idea for the public good, but unfortunately there just isn't much economic imperative for the camera companies to invest in it. Security-sensitive filmmakers and journalists represent a vanishingly small niche, not a meaningful market. For the rest of users, photos taken on stand-alone cameras are generally meant to be shared, not strongly protected, meaning encryption is at best a "nice to have" not a "need to have" or perhaps even a "want to have". And that means that if it comes at the price of even a tiny degree of inconvenience, consumers will refuse it.

Having said that, it's not inconceivable that camera makers can solve this problem (a) cheaply and (b) in a way that is "off by default" for most consumers but available if needed. But I'm not holding my breath.

I think it's far more likely that we'll see the quality of phone photo/video quality become "good enough" for security-sensitive users to abandon standalone cameras entirely than that we'll see camera encryption catch up in the other direction.

chaz6 1 day ago 0 replies      
This is already possible on Samsung NX series cameras https://sites.google.com/site/nxcryptophotography/
tombrossman 1 day ago 0 replies      
Interesting discussion of this idea on the Stack Exchange photo site (from 2013): https://photo.stackexchange.com/questions/33902/do-any-dslrs...
kfreds 1 day ago 1 reply      
I'm developing a solution to this problem.

Longer version:Since I last posted about this on HN (check my comment history), I put the project on ice, and then started it again a year ago.

Follow @ZifraTech on Twitter for more information. Our website (zifra.tech) is not up yet.

rlpb 1 day ago 2 replies      
Free Software extensions for cameras such as Magic Lantern http://www.magiclantern.fm/ exist. I wonder if it's possible to add encryption support there, before images are written to the SD card?
mobitar 1 day ago 1 reply      
If you're starting a new startup, it's now honestly unacceptable to not have encryption come standard.

I'm building an open standard for encryption and ownership of notes. Would love any feedback/help.

See https://standardnotes.org for the full spec. Or follow along @standardnotes on Twitter.

If you'd like to contribute, ping me.

attilak 1 day ago 0 replies      
Well with many cameras people usually record 4k video to an external device, connected to the video output of the camera anyway (like Atomos Shogun). Adding an encryption to this external device might be a better approach.

And also as mentioned before, just recording to an encrypted macbook or any other laptop might also work already, just the size might be a problem.

chris_overseas 1 day ago 1 reply      
Magic Lantern has had some support for this for a while now: http://www.magiclantern.fm/forum/index.php?topic=10279.0
mahyarm 1 day ago 0 replies      
If you want to circumvent the adblock blocker, just disable js for their webpage. uMatrix is a useful extension for that.
ARothfusz 1 day ago 1 reply      
I wonder if, while they're adding encryption, they could also add user-controllable DRM. That way when you post a photo or video, you can specify the rights of (and prices for) those who download it. One of the things that's always felt evil about DRM to me is that it currently only protects the big guys. What if DRM could protect (and pay) everyone who creates content? So we have no more of this: https://www.theguardian.com/media/2009/jun/11/smith-family-p...
zczc 1 day ago 1 reply      
The solution already exists: there are Android-based cameras like Samsung Galaxy NX which can use encrypted camera apps for Android with nice sensor and lenses.
bluesign 1 day ago 0 replies      
I think with custom firmware on camera[1] it can be possible, although would be hard.

Also there is an option for custom firmware on SD card [2] but probably kills the speed too much.

[1] http://chdk.wikia.com/wiki/CHDK_in_Brief[2] http://hackaday.com/2013/12/29/hacking-sd-card-flash-memory-...

pjc50 1 day ago 0 replies      
Next week: NSA Demands Back Door To Encrypted Cameras.

Ironically I think the best way of getting this actually built would be to sell it as in-camera DRM. The requirement - no viewing without authorization - is almost identical.

This kind of thing is a very tricky use case, because suddenly the camera is a safety-critical device. That is, if people are relying on their software to encrypt images, they may take photos that if revealed to the wrong people at the wrong time may get them killed.

alrs 1 day ago 0 replies      
Canon cameras already have ethernet ports. I'd much rather the camera support iSCSI so that I can mount a network block device and save to that. I wouldn't trust any consumer electronics crypto support.

The form factor of an embedded Linux box with an Ethernet port, an SSD, and a hardware power switch would be pretty tiny. It could be done in the shape of an autowinder.

wtk 1 day ago 2 replies      
To piggyback this topic - I think cameras should feature an equivalent of iCloud lock. These are things worth thousands of dollars, and are dead easy to sell on once stolen. I would sign a petition that would convince camera makers to add a theft protection like above. Am I missing something here? The same should go for expensive lenses that should have a coded list of bodies they are permitted to work with.
alabamamike 1 day ago 0 replies      
I've seen self encrypting SSDs, and I'm wondering why SD Cards with hardware encryption aren't already available. Is there a technical limitation that would render it impossible to build a storage card that has the ability to encrypt/decrypt data transparently to the device it is installed in?
zdw 1 day ago 4 replies      
What's the point of encrypting a video data stream if it's going to local storage that could be destroyed or taken by someone else, effectively depriving whoever shot the video of the footage?

Making encryption happen in the camera seems like solving the wrong problem - you really want to exfiltrate to secondary, offsite storage at high speed in a secure manner.

rbcgerard 1 day ago 1 reply      
Seems like it would also make it really hard to view your photos - i.e. What happens to that little screen on the camera?
iansowinski 1 day ago 1 reply      
I think some kind of hidden, backup card slot would be also great feature for a number of photojournalists
tn13 1 day ago 1 reply      
Sounds like a bad bad idea to me. When authorities realize that you have outwitted them they are going to beat you up, torture you or simply kill you. In countries like Pakistan, Turkey, India or China you body might later be found floating in some gutter somewhere. A better idea would be to simply hand over the camera to cops and save your skin.

There are two strategies of surrender when a defeat in imminent.

Political surrender: You fight till your last breath and make it difficult for the other party to win.

Military surrender: When defeat is imminent it makes sense to surrender without a fight and cut need-less losses.

I think journalists when confronted with a certain defeat must embrace second type of surrender instead of first.

cbhl 1 day ago 2 replies      
Why don't these filmmakers just use an iPhone to shoot their documentaries instead?
jijji 1 day ago 1 reply      
most of the android/ios devices that are out there have had this capability for many years. Typical resolutions of 16 - 41 megapixel are common today. Why not use these cameras?
GitHub lost $66M in nine months of 2016 bloomberg.com
314 points by mobee  5 hours ago   285 comments top 31
josho 4 hours ago 11 replies      
This is an example of how VCs distort the market for other businesses.

I had a recent conversation with a prospect and they took issue with the price of our software. Our app is in a specialized industry (ie. a smaller market). We charge a per use fee of $35. This fee enables our customer to immediately earn nearly $200 (a 5x return with no risk to them). Despite the significant benefit and profitability of using the app the prospect took issue with our price and referred to the cost of other apps.

It was that conversation that made me realize how we've become accustomed to the quality and price of software that's been heavily subsidized by massive VC investments.

mmastrac 5 hours ago 10 replies      
The thought of losing Github to the startup graveyard is kind of scary. It was bad enough to lose Google Code and when SourceForge had their "great purge" of inactive projects.
tim333 2 hours ago 0 replies      
It's funny reading Tom Preston-Werner's write up on GitHub in Dec 08:

>You Dont Need Venture Capital

>A lot has been written recently about how the venture capital world is changing. I dont pretend to be an expert on the subject, but Ive learned enough to say that a web startup like ours doesnt need any outside money to succeed. I know this because we havent taken a single dime from investors. We bootstrapped the company on a few thousand dollars and became profitable the day we opened to the public and started charging for subscriptions.

I guess VCing up and losing money is a choice. They probably figure the odd $100m cash loss will end up as $1bn+ on the market cap. He looks quite cheerful in his rich list write up http://www.forbes.com/profile/tom-preston-werner/

drchiu 4 hours ago 12 replies      
I can't find the blog post, but some blog wrote a while ago why VCs invest in companies like Github. TL;DR -- basically it provides infrastructure for other startups.

The business itself may not be a great business due to the amount of cost it takes to run it -- but it's necessary for the running of other ventures.

Sort of like highways and non-toll bridges.

joeax 4 hours ago 2 replies      
The takeaways from the article:

(1) They went on a hiring spree in 2015-16, dramatically increasing their costs before their revenue was able to keep up. Something to keep an eye on in 2017.

(2) Half the team is remote! Kudos to them for making this work.

antirez 4 hours ago 1 reply      
It's a few years now I can not see Github focused, from the external POV at least, to provide good coder tools. All the new things only marginally improve on what we used to have. I would worry more about that than about the losses themselves, since I feel the losses mostly reflect the fact the company has no clear direction so is spending money on workforce in the hope to have larger effects. Perhaps they don't need more people but more focus.
ThePhysicist 4 hours ago 0 replies      
Considering the piles of venture money they received it sometimes startles me how few new features they have pushed to production in the last two years. Gitlab, on the other hand, seems to push a new major feature every other month. Of course it helps that they don't have to worry about running a SaaS service for several tens of millions of users, but still it seems that Github is too focused on minor improvements and might just lose the game against the open-source approach of Gitlab.
wjossey 5 hours ago 1 reply      
I hope this is a temporary blip on the radar for Github, and that they return to profitability very quickly.

Github should be a pillar platform in our community for the next decade, and the only way for them to become that is via profitability.

nunez 3 hours ago 2 replies      

I don't care how advanced GitHub is; that is an INSANE number of employees for this kind of business!

cyphar 3 hours ago 1 reply      
I'm surprised that they actually have a recreation of the oval office in their office. How arrogant and self-important do you have to be to honestly believe that such a parody is in any way justified? No, GitHub, you're not in charge of the free software world. You were just the first decent choice for code hosting. GitLab is eating your lunch and you're pretending that it's not happening.
nikcub 48 minutes ago 0 replies      
Interesting that 600 employees sounds like a lot, but it works out that revenue/employee p.a is $230k+ - which is above average for enterprise SaaS[0] - and you have the 25%+ annual growth on that

That said, they should be doing better margin-wise since they would have relatively lower customer acquisition costs compared to the market since they have so much developer recognition.

[0] http://tomtunguz.com/revenue-per-employee-trends/

throwaway2222c 4 hours ago 0 replies      
I once met Chris Wanstrath. He is the most arrogant guy I ever met.

I travelled for an hour and he sat there staring at his phone between looking at me like something he had trodden in.

At least pointing tens of companies at Gitlab has made me feel better.

sergiotapia 4 hours ago 5 replies      
>The new digs gave employees a reason to come into the office. Visitors would enter a lobby modeled after the White Houses Oval Office before making their way to a replica of the Situation Room. The company also erected a statue of its mascot, a cartoon octopus-cat creature known as the Octocat. The 55,000-square-foot space is filled with wooden tables and modern art.

The Sillicon Valley episodes write themselves it seems haha. This is hilarious.

andrewbinstock 4 hours ago 1 reply      
GitHub has some significant challenges ahead that are not mentioned in this article. As companies move to the cloud, they will run their own development ecosystems--SCM, CI, defect tracking, etc.--in their own cloud; and hosting services like GitHub and BitBucket will have a hard time competing. Already Oracle (and surely other vendors) are offering developer cloud instances that provide these services all wired together.
bootload 4 hours ago 1 reply      
"GitHub quickly became essential to the code-writing process at technology companies of all sizes and gave birth to a new generation of programmers by hosting their open-source code for free."

How much would you be willing to pay to store your open-source code at github?

dkarapetyan 3 hours ago 0 replies      
This is why the mania around unicorns is not sustainable. The best part is that github isn't even burning money that fast compared to some of the other ones.
kristopolous 3 hours ago 0 replies      
Staying in an annual budget of $98 million sounds feasible for a place like github. That's an $8.1m/month burn. Just be a little less elaborate, I'm sure this is doable.
pep_guardiola 4 hours ago 0 replies      
please guys get your shit together. I guess I would be able to figure out an alternative but a big chunk of my life as a programmer is centered around Github. It would be a major let down to see them perish.
christop 59 minutes ago 0 replies      
Interesting to read there (and nowhere else that I could find) that GitHub co-founder Scott Chacon left the company this year.
huntermonk 2 hours ago 0 replies      
> "The income statement shows a loss of $66 million in the first three quarters of this year. Thats more than twice as much lost in any nine-month time frame by Twilio Inc., another maker of software tools founded the same year as GitHub."

These sort of statements are a little annoying. I understand that Bloomberg has to write for a less technical audience, but the writer must know this isn't an accurate comparison.

DeBraid 1 hour ago 0 replies      
Short-selling companies that make very popular and effective developer tools is low expected value play.
kumarski 5 hours ago 4 replies      
I always freak about some other country attacking github.

The world would crumble/ it's probably some sort of weird national security scenario.

bsder 3 hours ago 2 replies      
Apparently "git cash" isn't working very well ...
camus2 4 hours ago 0 replies      
Fortunately it is easy to push the same repo to multiple hosts with git. So people, use mirrors instead of putting all your eggs in the same basket. Git is a distributed CVS, relying only on github means you are using it just like SVN.
Animats 3 hours ago 1 reply      
Uh oh. So much is dependent on Github. Is there a full mirror?
partycoder 4 hours ago 0 replies      
If you are an investor, you want to invest $1 to get $2 back (aka shareholder value). If your dividends are not growing, you divest and invest somewhere else.

Now, the thing is very competitive, and many companies offer "exponential growth". If your growth slows down, if the perspective is not good, divestment starts and that is a downwards spiral.

To stay competitive and to prevent an investor run, companies are forced to take massive risks. And risks materialize into huge disasters... like this one apparently.

dijit 5 hours ago 8 replies      
k0mplex 5 hours ago 1 reply      
234dd57d2c8db 3 hours ago 0 replies      
You know, I can't say I'm surprised. When github first started, it was just about code. Nothing else. Then they started with all the identity politics crap.

As soon as a company starts parroting political messages like "white middle managers have no empathy" instead of, you know, building good tools, I know it's time to find another solution. I was a paying customer, and when github got into the political game, I dropped them like a bad habit.

I'm not screwing around here, I'm trying to build a business and your political aspirations do _nothing_ for me as a customer, so why don't you take them and shove em. Happy customer at bitbucket ever since.

pinkrooftop 4 hours ago 0 replies      
Maybe they'll be the next Verizon aquisition
therealjohn 4 hours ago 0 replies      
Am I the only one the tone in this article bothers? The author keeps criticizing and belittling the CEO, who is obviously significantly smarter than him. There might be correlation there.
AMD Gives More Zen Details anandtech.com
285 points by Osiris  2 days ago   190 comments top 22
dbcooper 2 days ago 2 replies      
Anandtech article:


3.4+ GHz for 8-core base frequency (TDP is apparently 95W) is good news.

rl3 2 days ago 4 replies      
During the press event it was suggested the boost mode would operate primarily off of temperature, taking into account high-end cooling setups. Seemed interesting, if not innovative. As far as I'm aware, existing boost modes tend to be static ranges.

I'd really like to see Ryzen meet or exceed Intel i7-6700K/7700K single-core performance using boost mode clocks with a reasonable cooling setup. That would eliminate any reason whatsoever to choose Intel for gaming until their 10nm product arrives Q3 2017.

keldaris 1 day ago 3 replies      
This being HN, I'm hoping someone more competent than me in the area of CPU architectures can comment, but as a scientific programmer some of the details lead me to adopt a very cautious attitude for now, especially given the 95W TDP. Given the architecture, producing a performance-competitive 8C/16T chip at 68% of Intel's TDP (95W vs 140W) seems very dubious.

Most of the things they're touting in the slides amount to little more than finally catching up to Intel (SMT, branch prediction (minus the neural network thing), cache bandwidth, etc.). Also, some of the areas where they seem to exceed current Intel architectures may turn out to be a mixed blessing. For instance, I'm not sure if doubling L2 caches (512kb/core vs 256kb in Intel CPUs) is a great idea given bandwidth limitations and associativity effects. We also don't know the amount of vector registers these CPUs will have, which will greatly influence the performance of optimal CPU-bound code.

Can anyone with more experience comment on the low level details they've released, particularly the issues per cycle and cache architecture figures?

protomyth 2 days ago 1 reply      
zython 2 days ago 2 replies      
Is there a MSRP for the RYZEN flagship that they showed off today yet, because I havent seen one.

But as long as it stays under the $1100 of the 6900K I think they can secure the mid to high-end enthusiast grade market which is good because I am tired of intel controlling that portion of the market

mtgx 2 days ago 1 reply      
Can we all give Mark Papermaster a healthy round of applause? Amazing what he accomplished. Who would've thought AMD would ever even come close to Intel in performance again?
elcct 2 days ago 5 replies      
But is it going to support ECC memory?

Also with Intel you can upgrade to more performant Xeons. What can you upgrade AMD to?

tcoppi 2 days ago 0 replies      
They are staying consistent with a 40% IPC improvement number, which is great. This should finally be competitive with Intel's current offerings.
walterbell 2 days ago 0 replies      
Does AMD now have an equivalent to Intel's open-source tboot for DRTM?

In the past, AMD avoided artificial "enterprise" segmentation with security features like IOMMU, but did not always have the necessary BIOS, board (e.g. TPM) and open-source tooling that Intel solutions provided.

pragmar 2 days ago 0 replies      
I want to believe, I really do. Intel can't offer a compelling reason to upgrade my 5 year old 3930k--there's no question that the desktop market has stagnated in the face of a weakened AMD. Can anyone enlighten me as to what video encoding and 3d benchmarks might omit that a more well-rounded passmark score would not?
yakult 1 day ago 0 replies      
It's all wasted ink and pointless flapping of gums until a tech magazine gets their hands on a production model with a set in stone RRP, and does third-party benchmarks. You can't eyeball the actual performance from the marketing material, and neither can anandtech.
free652 1 day ago 0 replies      
More competition is good, though I dont have many hopes now. I switched to Intel starting with "Cores". I don't see myself upgrading my 4690k anytime soon, but I hope but the time I need, AMD would have some nice offerings.
stolk 1 day ago 1 reply      
Does it have AVX512 support? Or at least AVX2?
revanx_ 1 day ago 0 replies      
Will the new Zen include the AMD Platform Security Processor (PSP)?

(To those asking, PSP is the equivalent of the Intel Management Engine).

shmerl 2 days ago 0 replies      
What about Vega? When is it going to be released?
deepnotderp 2 days ago 2 replies      
Neural network for memory access huh? Interesting!
randiantech 2 days ago 3 replies      
Is it plausible a procesador like this to be used on new Xbox scorpio, later next year?
geezerjay 1 day ago 0 replies      
Support for multi-processor systems would be very awesome.
mSparks 1 day ago 1 reply      
you've seriously never heard of pcmark or passmark?

noob alert :p

smegel 2 days ago 0 replies      
Flagged for non-English link.
hellofunk 2 days ago 2 replies      
An interesting read about the Zen by a financial analyst:


Ubers self-driving cars start picking up passengers in San Francisco techcrunch.com
274 points by orenbarzilai  1 day ago   204 comments top 17
bigtones 1 day ago 5 replies      
Actually these Uber Volvo self driving cars have been picking up passengers using UberX in San Francisco for weeks. They're easy to spot because they have a huge lidar contraption on the roof and a lot of camera's mounted on the roof, rear vision mirrors, and the rear tailgate of the vehicle. The depot they use is on Harrison and 3rd so you see a lot of them driving around the area just south of Market Street, which has a lot of traffic obstacles, construction, and pedestrians. They go very slow and stop often out of an abundance of caution, much to the consternation of impatient SF drivers behind them.
aedron 1 day ago 4 replies      
Uber's product is the company's stock. All of their "AI" and "self-driving" stunts so far have been transparent hype fuel that anyone with the slightest domain knowledge knows have no practical significance.

Their PR department are, as can be expected, top notch though. I especially like how they put a populist spin on their announcements, like the beer delivery (yay, beer!) and now picking up passengers with their proof-of-concept vehicles, to make it look like self-driving cars are already part of their business.

autotune 1 day ago 14 replies      
How is this going to combat people who make a mess inside the vehicle after going 100 percent without human drivers/test engineers? If it picks up a drunk person at 3 AM who then throws up inside the car, is it vomit-aware and knows it needs a cleaning before picking up the next passenger?
dzdt 1 day ago 4 replies      
They describe this as a third-generation vehicle, but it still requires multiple human-driver interventions over a single journey. How many more generations to reach reliable true autonomy?
sankyo 1 day ago 1 reply      
I ride a motorcycle in SF daily and frequently "split lanes". I saw one of the Ubers all decked out with spinning radar and wondered how it would react as I passed through at 10-15mph. There was a person at the steering wheel, I am not sure who was in control. Thankfully it was uneventful. I thought the car might brake or veer away from me.
annerajb 1 day ago 5 replies      
Just saw this: https://electrek.co/2016/12/14/uber-autonomous-rides-califor...

I am confused do they require a permit or is uber changing the claim/capabilities of the car to evade getting a permit?

joosters 1 day ago 6 replies      
I wonder if everything you say & do is recorded in these? The car has all those cameras covering the outside of the vehicle, it would be little effort to add another inside, and I doubt Uber will be able to resist.

Uber could claim they need to record passengers in order to spot damage or dirtying of the cab. (Otherwise passengers could blame any damage on the previous occupant.)

Globz 1 day ago 2 replies      
As a Canadian, I wonder how anyone in this industry can create an autonomous vehicle that can safely drive during winter?
lucker 1 day ago 4 replies      
Bit of a conspiracy theory sort of question, but... is there any reason to believe that maybe self-driving car technology is being backed by the military-industrial complex as a way to run R&D for military automation and related technologies? That could explain why there was a sudden spike in interest in this technology several years ago, and it could also explain why enormous amounts of hype are continually being generated for a technology that is probably still quite far away from being approved for fully automated road use.
ckinnan 1 day ago 1 reply      
> a blade architecture, a whole bunch of CPUs and GPUs that we can swap out under there, though he wouldnt speak to whos supplying those components specifically.

Does anyone have more info or speculation on the tech stack sitting in the trunk?

yalogin 1 day ago 1 reply      
Is this a voluntary thing? Do I get a discount to sit in those? I would at the very least want to know in advance that an autonomous car is going to pick me up so if I want I can reject it if I want to and not waste time.
kabes 1 day ago 0 replies      
Does anybody know what the chance of getting a self driving car is? I could try to use uberX instead of pool for a while, if there's a sufficient chance of getting one.
luhn 1 day ago 0 replies      
One thing that's still not clear to me is how autonomous these truly are. There's still a human in the driver's seat, but how much intervention is required from them?
jasoncchild 1 day ago 1 reply      
There is an amazing amount of hand waiving and conjecture in this discussion.
vit05 1 day ago 0 replies      
I have more expectation about self drive Bus and Trucks than cars.
dvdhnt 1 day ago 0 replies      
No thanks.
bryanrasmussen 1 day ago 0 replies      
and never letting them go.
Yahoo discloses hack of 1B accounts techcrunch.com
278 points by BreakoutList  1 day ago   3 comments top
minimaxir 1 day ago 2 replies      
A Git query language github.com
341 points by bryanrasmussen  1 day ago   66 comments top 15
Erwin 1 day ago 2 replies      
This might benefit from SQLite's Virtual tables: https://sqlite.org/vtab.html

With Virtual Tables you can expose any data source as a SQLite table -- then you can use every SQL feature that sqlite offers. You can just tell sqlite how to iterate through your data with a few functions, with an option to push down filtering information for efficiency.

You can also create your own aggregates, functions etc.

Here's an article where the author exposes redis as a table within sqlite: http://charlesleifer.com/blog/extending-sqlite-with-python/

masklinn 1 day ago 1 reply      
Mercurial has a somewhat similar concept predating this (added circa 2010): revision sets (https://www.selenic.com/mercurial/hg.1.html#revsets) (for selection, and templates for selection but git has that built-in, kind-of, via log --format)
koolba 1 day ago 4 replies      
This is pretty cool. Looks like it's local to the current repo which makes sense for most usage. Having something like this across a swathe of repos would be useful in different ways (ex: "What has Bob committed over all the repos for our projects that involves the string 'billing'?".

Minor off topic rant about the animated example: Who doesn't put a space at the end of their prompt after the $?! Ugh!

c8g 1 day ago 2 replies      
taspeotis 1 day ago 2 replies      

 A Git query language (github.com) 10 points by bryanrasmussen 1 hour ago
This ought to have (2014) in the title: Latest commit 49c1c17 on 22 Jun 2014.

Tarean 1 day ago 1 reply      
Very cool. I always wanted to play around with a git provider for powershell. Powershell's syntax is great for queries and you could use everything that works on the normal file system with anything that has the abstractions implemented.

The syntax seems close enough that this could just replace it, though:

 ls commits | where date < (get-date).AddDays(-4) | where message -like *foo* | select autor, message, date -First 3 | ft

odammit 1 day ago 1 reply      
Oh I love that the example gif includes:

 select author, message from commits where 'Fuck' in message
I'm pretty sure that query's results would fill my screen buffer.

andrewchambers 1 day ago 0 replies      
I don't see the point in wrapping the data in all that ascii art noise, will make it harder to script with.
oneeyedpigeon 1 day ago 3 replies      
Imagine if we could just have this automatically for every program that generated text output. It doesn't seem beyond the realms of possibility that every tool could either a) structure its text output in a way that can guarantee simple command-piping to a general purpose query-language processing tool or b) in the presence of a "--output-json" flag, produce json which can then easily be queried.
seliopou 1 day ago 0 replies      
This can easily be accomplished using `git log`, `head`, and `grep`:

 git log --pretty="format:%an, %s, %ad" --after="2014-04-10" | grep "Fuck" | head -3

georgewfraser 1 day ago 0 replies      
If you actually want to query git data in production, it's really a better idea to copy all the data into a real SQL data warehouse. If you're using github, my company (Fivetran.com) has a connector that pulls from their API.
ecesena 1 day ago 0 replies      
It would be nice to see a plugin for presto
guard-of-terra 1 day ago 1 reply      
But why does it have to look like SQL (and not like xpath or jquery)?

Not many people enjoy writing SQL statements on the command line. It's verbose, the order of things is arbitrary...

ujjwal_wadhawan 1 day ago 0 replies      
support for "SELECT DISTINCT" would be great !
rodorgas 1 day ago 0 replies      
That's a great idea!
Steve Wozniak Was My Computer Teacher in 1995 vice.com
309 points by curtis  2 days ago   55 comments top 18
theologic 1 day ago 3 replies      
I'm roughly 14 years younger than Woz, and I grew up in Seattle reading about the exploits of the Steves. While I started at a startup in Seattle at 17 years of age, I've never reached any real fame. But I was always a fanboy of the men that built high tech, with Woz being one of them.

8 weeks ago, I returned to the Silicon Valley for a job, and I bought a house in the hills of Los Gatos. After being here for a week, I was told that Woz lives up the hill a few house from mine.

I wake up every morning hoping to see him riding his Segway down the street, but I have yet to spot him.

Everbody wishes they could hang out with the Woz, and even though I'm 54 years old, I still have my heroes in the industry.

Woz is one of them.

marclave 2 days ago 0 replies      
Steve Wozniak is whom I strive to be as a Computer Engineer. He is so thoughtful, creative, passionate and genuine. He has inspired me like no one else.
WalterBright 1 day ago 2 replies      
I'm glad there are people like Steve in the world.
rodgerd 2 days ago 2 replies      
Wozniak would have gotten along well with C E Beeby: "The upheaval of the depression years and the rise of fascism forced him to think not only about differences in human abilities but also about the right all individuals should have to education in a democracy. In his view the education system suffered from undue centralisation and conformity and should open itself to variation, experiment and change. The abolition of the proficiency examination in 1937 held out hope for primary schooling responsive to the range of childrens abilities."

Alas, these tenets of New Zealand's public education system are being systemically demolished.

sonabinu 1 day ago 1 reply      
It's so important that you have a good inspiring CS teacher when you start learning the ropes. The first person who taught me computing was the reason I stayed away from going into CS for 15 years before taking it up a second time. This time round my community college math teacher taught us how to program a TI-84 and encouraged us to do so. I went on to download R because I read that it was best for statistics and learnt more stuff later. An inspiring teacher who goes out of their way to ensure that your learning roadblocks are removed is the best!
eltoozero 1 day ago 0 replies      
Met Woz at Bob'a Big Boy in Toluca Lake and he's a super friendly guy.

We compared notes on the Sony DSC-T7 and I gawked at his Nixie tube watch.

Good times.

pmoriarty 1 day ago 3 replies      
"I admitted that generally, school was hard for me, but I loved art..."

Logo. He should have taught them Logo.

kumarski 1 day ago 1 reply      
I think* every technocrat has a teacher or mentor who enables them to level up on a subject matter.

Am I alone in this feeling?

Zuck had a world class programmer teaching giving him coding lessons when he was young.

mvkaxon 1 day ago 3 replies      
World needs more Wozes than Jobses.
ntaylor 1 day ago 1 reply      
I was lucky enough to meet Steve at Xamarin Evolve, this year. He is incredibly friendly, and one of the most fascinating people I've ever had the chance to hear speak.
poisonarena 1 day ago 1 reply      
I follow him on twitter, He is always tweeting from Outback Steakhouse with his wife..
johnnydoe9 1 day ago 0 replies      
Woz seems like a cool guy, very few people in his position would act in ways he does.
MaxLeiter 1 day ago 0 replies      

 "I remember feeling like I had the keys to some magical kingdom."
This post, and this quote in particular, strongly reminded me of this song by a former teacher on the current educational system: https://www.youtube.com/watch?v=RD2o6soOe1I

latchkey 1 day ago 0 replies      
Around that time there was a Macintosh web server called WebSTAR. I hacked together a shareware plugin in C that used the newish (at the time) browser 'Host:' header to allow for multi-homed domains without the need for separate IP addresses. He bought an entire site license for $1500 when he could have just spent $35. I had created the $1500 option as a joke thinking nobody would spend that amount. Made my day and that really encouraged me to become a professional software engineer. Thanks Steve!
hkmurakami 1 day ago 0 replies      
Look at the kid rockin' the America Online T-shirt in the splash image. ;)
eMumbaBlog 1 day ago 0 replies      
Good to know, that. Feels good to have someone to follow and know that they're out there still doing good.
foxhedgehog 1 day ago 0 replies      
his son was my cofounder 20 years later
AI Programmers Bookshelf mit.edu
298 points by geospeck  1 day ago   26 comments top 9
rm999 1 day ago 10 replies      
This is about game AIs, which are definitely interesting. But for the most part they overlap very little with what most people think of as AI.

In undergrad (mid 2000s) I partially specialized in both computer graphics and machine learning, and took a video game class to try combining these skills. I have two big memories from this time that stuck with me. The first is the time a dev on Civilization 1 visited our class. He spoke about the "AI" of civilization, which he revealed to be a simple random number generator. He told us people often thought it was far more complex, but that's really all there was to it.

The second memory is when we actually built a 3d engine + game from scratch. Every week we had to add a new feature, so one week I obviously took on the AI. My partner and I were doing a soccer-style game, and I had grand visions of implementing a sophisticated AI using what I'd been learning in my other classes, like SVMs and neural networks. I started doing research, and was shocked to learn that no video games at the time did any of this. I learned that computers at the time weren't really capable of running several versions of an ML algorithm simultaneously (one per agent) while dealing with everything else - and more importantly that there was little need. I ended up spending a couple days building out a basic state machine, and it worked. Even the professor thought we added incredible intelligence to the players, who in reality were just following ~10 rules like "if player in defense mode: move towards the midpoint between the ball and the goal while keeping some distance between other players".

My main take-away from that class is that there was little need for actual AI in video games, and that I should pursue a different career path :/

adamnemecek 1 day ago 0 replies      
This seems really out of date. I put together a list of ML books not too long ago


inputcoffee 1 day ago 0 replies      
I am half-joking here, but since they have a "related reading" section with more "philosophical" works, they really should include "Godel, Escher, Bach"
lenocinor 8 hours ago 0 replies      
When this was discussed previously, I made an in-depth comment on it there, which I'll reference again here: https://news.ycombinator.com/item?id=8851408
brudgers 1 day ago 0 replies      
Missing: Paradigms of Artificial Intelligence: Case Studies in Common Lisp, Peter Norvig
jraedisch 1 day ago 4 replies      
Many of the books seem older than 10 years (also in the general exams list[1]). Are the (seemingly) vast advancements in the last years still based on the same principles? (Speaking as a complete ML noob.)

[1]: http://alumni.media.mit.edu/~jorkin//generals/general_exams....

kranner 1 day ago 0 replies      
Steve Grand's other book "Growing up with Lucy: How to Build an Android in Twenty Easy Steps" should also be included in this list.


douche 1 day ago 0 replies      
The Matt Buckland books, especially Programming Game AI by Example are very good, for simple, practical techniques.
martincmartin 1 day ago 0 replies      
What's the state of the art in path planning? e.g. as used by Google Maps? Perhaps some subset of those techniques could be used in games.
Slack Calls: Now with video slackhq.com
248 points by tilt  2 days ago   122 comments top 21
joshmanders 2 days ago 8 replies      
I hope screen sharing comes soon. They bought Screen Hero a while back, and said they were integrating it.
aluminussoma 2 days ago 9 replies      
Has anyone else noticed how pristine the audio quality of a Slack call sounds? I wonder how they optimized it. My company's voip, and Lync, and Skype all fail to deliver the same kind of call quality. I've only noticed / admired better call quality when making a call within Cisco to another employee.

I don't use video much but I hope they've done as good of a job as they did with audio.

ts330 2 days ago 2 replies      

the sooner i can remove skype from my life the better.

that said, why can't any of these phone systems deal with the use case of two people trying to call each other and then simply auto connect the two calls? why does one side have to drop the call and answer the other?

giovannibajo1 2 days ago 1 reply      
We constantly have problems with Slack audio calls, they seem not to be stable even over very stable internet and wifi. I wonder if being in Europe is a factor
fpgaminer 2 days ago 1 reply      
Does Slack have a phone bridge for voice calls? Would be helpful for participants who can't use Slack.

If not, I wonder if their APIs allow a bot to join a voice call and get access to the audio...

n00b101 1 day ago 3 replies      
Counting number of options I might have when trying to do a video/voice call with someone:

1. Facetime

2. Skype

3. Hangouts

4. GoToMeeting

5. Slack

6. Facebook

7. WhatsApp

The fragmentation / lack of standards we had with IM is now a reality in video/voice calling as well.

ioseph 2 days ago 0 replies      
I feel video calls are the new email in Zawinski's Law
cygned 2 days ago 0 replies      
Only screen sharing and a dark theme are missing. Then it has everything I want as a developer.
omouse 2 days ago 2 replies      
bad enough that I can be reached after work via slack and get calls while I'm on a commute (which is never compensated for aside from general salary), it'll have video?

also, this only works in Chrome and on mobile, which is really messed up considering that Firefox is also a bleeding edge browser.

edhelas 1 day ago 1 reply      
One small question here. With their "Instant emoji reactions" looks like they are doing server side shape recognition, so Slack video-calls are not P2P (i.e. if I'm calling my colleague in my office the streams are going to the Slack servers before going back)?
carlcortright 2 days ago 0 replies      
This just made slack 10x better.
relics443 1 day ago 0 replies      
Anyone try this yet and compare it to Hangouts on a poor connection? I'm constantly dealing with colleagues in another office where the internet connection is sub-par.
vkjv 2 days ago 2 replies      
Slack calls have been broken in linux for a while--even though they worked when calling first launched. Is a fix for that on the horizon?
jonheller 2 days ago 0 replies      
Excellent. I do hope it's better than Hipchat's attempt, which I found to be terrible -- delayed audio and stuttering video.
fred_is_fred 2 days ago 0 replies      
With video (again). Since they had it in 2014 and then yanked it out.
tdburn 2 days ago 0 replies      
I'm looking forward to the promised threaded comments ability
siminsayz 2 days ago 1 reply      
I had two colleagues suddenly have the chat text field filled with Chinese characters and emojis today so they were told to clean their pcs. Different environments and location but both using slack... heard of this ?
sergiotapia 2 days ago 0 replies      
I think the next step here would be screen-control from the Screenhero acquisition?

Off-topic: The guy's beard looks like a Snapchat filter haha.

cpeterso 2 days ago 0 replies      
The call emoji support is a great idea for streamlining communication in a video meeting.

Does video calling work in Slack's web client?

kristopolous 2 days ago 7 replies      
Does slack feel like IRC to anybody else?

Sorry I didn't mean for this to be divisive or rude. I wasn't aware this was a common observation. I'm not trying to be negative or incriminate the product. I use and enjoy slack every day.

pcora 2 days ago 0 replies      
yay, more distraction! now in video
Prolific Engineers Take Small Bites gitprime.com
246 points by tbassetto  2 days ago   93 comments top 25
minimaxir 2 days ago 7 replies      
This post is a good example of my current issues with modern data journalism as content marketing: you can say anything you want without evidence to back it up, but hey, there's a pretty chart, so it doesn't matter. (In this blog post, the data points don't correspond to actual data!)

This is also the primary reason I have switched to Jupyter/R Notebooks for my blog posts: if I make ridiculous claims, people can check my work as evidence. This post doesn't even provide any quantifiable metrics, just "we analyzed millions of commits."

clifanatic 2 days ago 5 replies      
There's a great, fun, programmer-centric website called thedailywtf.com (sorry, I just scheduled the rest of your afternoon for you). Developers can submit WTF's that they've found in other's code - as the site admin says, "curious perversions in information technology".

One thing that strikes me about the majority of the submissions, as funny as they are, is that they mostly boil down to "so-and-so didn't know that such-and-such feature existed, so wrote reams of code to implement that feature in a complex way". It also strikes me that just this article's sort of analysis of "prolific" (aka "good") engineers/programmers drives this same sort of behavior. If every developer is supposed to be committing code all day, every day, there's no time left over to read the product documentation, try out a new feature, review a reference implementation, read a blog post: to be "good", you must be spending as much time as possible _typing_, because that's what you're paid to do. This (ubiquitous) management mentality is how we end up with roll-your-own crypto, or five competing Javascript frameworks, parsing using regular expressions... it's not so much that what they did was wrong - and trust me, if it works, it won't be removed - it's that it's pointless.

trevyn 2 days ago 2 replies      
Non-technical co-founder of Git analysis tool writes blog post that makes assertions about all sorts of things and then justifies this with mockup charts whose axes are unlabeled. Then offers tools to help micro-manage engineers.
NumberSix 2 days ago 1 reply      
Neither in the article or in the referenced article/blog post linked to "Impact" is impact defined.


 What I found is:
Impact takes the following into account:

 The amount of code in the change What percentage of the work is edits to old code The surface area of the change (think number of edit locations) The number of files affected The severity of changes when old code is modified How this change compares to others from the project history
No exact or detailed formula for "impact" is given. "takes the following into account" is extremely vague as it could indicate any relationship. Is impact higher with more files changed in the commit? Why would it be better if more files are changed? Is it lower? Why would it be better if fewer files are changed? Is it some totally unobvious non-linear function such as a trigonometric sine?

Based on the vague description above, nothing in "impact" is directly related to the actual end user/paying customer experience or a reasonable proxy such as systematic end user testing by a QA team.

This lack of a direct relationship to the desired end result is the same problem that lines of code (loc or LoC) and many other metrics of software engineer output have.

The "impact" metric, whatever it precisely is, looks suspiciously like it would naturally be positively correlated with a large number of commits/high frequency of commits.

Also the plot is labeled with "volume" on the horizontal axis and not the mysterious "impact" metric. The text implies this horizontal axis is the "impact" metric. Why is the horizontal axis not labeled impact?

Even more peculiar, "impact" is claimed to measure cognitive load:

Impact attempts to answer the question: Roughly how much cognitive load did the engineer carry when implementing these changes?

A good engineer will attempt to find a low or no cognitive load solution to a problem! In general this will be faster and less error prone and cheaper! Reinventing the wheel has a very high cognitive load.

rsp1984 2 days ago 0 replies      
The title, well actually the entire article, is one of those things where A -> B is stated, well knowing (and almost expecting) that readers will understand it as B -> A or B <-> A. It's the developer version of the typical "10 Things Successful People Do" clickbait.

Yes, a lot of (although far from all!) good coders have the habit of taking small bites. That doesn't mean though that by taking smaller bites you are (or are becoming) a good coder. I've had the past displeasure of dealing with code that hit all the superficial checkmarks (small commits, unit-tested, peer-reviewed, you name it...) yet completely stunk.

traverseda 2 days ago 1 reply      
Jesus that site was annoying. I go to read the article, and a popup beeps at me distracting me. I think "what the hell is this crap" and move my mouse towards the "about" page. A pop-up pops up (as they do) and distracts me from even that.

Both times I tried to get information out of their site they found a way to interrupt me.

Then I leave without reading the article.

dasil003 2 days ago 0 replies      
I large agree with this, although with some provisos.

First of all, sometimes it's most useful to take a step back and think about problems in a wider context. Often the biggest impact is from the code you don't write. There's really no way those kinds of contributions come out in any kind of metrics, but the team will sure remember them.

More commonly, I prefer to commit often to aid my dev process but then rebase those commits into more cohesive units before merging. How chunky to make those final commits is somewhat a matter of taste, and probably shaped by the domain one is working in. Personally I like the finest grain possible without any build breakage, that way git-bisect still works, but hopefully there's still enough granularity to help with trickier merge/rebase scenarios around dependency upgrades and/or db migrations. But pardoning the digression, my point is the output seen by the rest of the team may not represent the original frequency of commits.

xt00 2 days ago 0 replies      
Title of the article uses the word "Engineers" rather than software engineers, and if you lump together virtually anybody who makes changes to a code base (testers, sw architects, sw leads, etc), it seems like its easy to have the data obviously skewed by people who essentially spam the commit process. I think most people can look at a commit log and sort of eye-ball who are the people who really make shit happen on a project--and who is probably causing more grief than anybody else. I agree its hard to quantify, but to be honest I didn't take away much from this article. I like the goal of the article, just think it didn't really hit the mark.
tedmiston 2 days ago 1 reply      
Extrapolating a "prolific engineer" from one's commit log is no less absurd than from lines of code.

Their methodology fails to account for so many things, commit squashing feature branches, for example. A fundamentally flawed "study".

coldcode 2 days ago 0 replies      
What are they measuring? Public git repositories? The article doesn't say anything about whatever data is being analyzed. If its public git that's hardly comparable to a large corporate entity.
Dowwie 2 days ago 0 replies      
Analyzing churn is tricky and can be easily misinterpreted by management. This reminds me of what was revealed from studies in behavioral sciences and presented by Dan Ariely: https://www.youtube.com/watch?v=Q92BqouxyX4
ninjakeyboard 2 days ago 0 replies      
Can you make any claims about the number of commits? That's another metric that changes depending on tools and processes.

If you're using a code review tool well (if you are more experienced with it) then you'll automatically be making lots of small commits vs people that may not be well versed in working that way.

If you're working with large or prolific teams then you'll be committing all the time with eg feature toggles to ensure everyone is as close to the current code with their changes as possible.

So making general claims about more commits without taking into consideration the ways that metric is bent and changes with tools and processes and different experiences seems to be dangerous.

kristianc 2 days ago 0 replies      
Unless I'm missing something, how is 'Impact' derived here?

Impact as a metric is fine, but you have to show what it is and how you arrived at that conclusion, and have verified that against a test set of data otherwise it's turtles all the way down.


keeptrying 2 days ago 0 replies      
This article and company can be safely ignored.
ns8sl 2 days ago 0 replies      
We have a hard rule that you do not commit code that doesn't pass unit tests.

This leads to bad coders not being able to commit as frequently as good coders.

However, this seems like a very, very loose heuristic.

ianstallings 2 days ago 0 replies      
Huh, strange. My made up charts say something completely different.
agentultra 2 days ago 1 reply      
I'm curious what the general vehemence is to quantifying and understanding this information is? It's right there in your commit history. I've run my own analyses out of curiosity in the past... statistics just isn't my favourite subject. I think it's an interesting metric and I'd certainly like to know more about how it's calculated.

(Although I'm sure that's part of the secret sauce).

awinter-py 2 days ago 0 replies      
concepts missing from the article: 'staging' and 'commit size'.

People who have worked in code review shops tend to stage their commits, i.e. do a bunch of work but commit it with git commit -p.

Article also doesn't look at deployment frequency, and 'merge' appears only once. We don't know if these 'high impact' devs are in their own branch for 6 weeks cooking up the PR from hell. That's one way to have a high impact.

alphanumeric0 2 days ago 0 replies      
Well I guess I'd be labelled a poor programmer since I wait to commit until my code has passed a few core specification tests.
nano1237 2 days ago 0 replies      
We tried this. It gave us an unmaintainable code base that our platform could no longer add features unless we threw so many people at it.
nano1237 2 days ago 0 replies      
We tried this. Fast commits for small features gave us an unmaintainable code base that eventually didn't work anymore.
bertr4nd 2 days ago 1 reply      
This reminds me that one of the things I loved about working on server-side efficiency is that for any given diff, you can measure the performance improvement, multiply by hardware costs, and say, "That diff saved $X." Makes it really easy to measure impact and feel that my salary is justified.
ticktockten 2 days ago 0 replies      
This is misleading, however I would like to point out that if Small Bites == Kaizen. Then, Prolific Engineers like any other prolific professionals may be Kizening the crap out of their codebases. No data here either to back the smart ones up though.
arnon 2 days ago 0 replies      
Unfortunately know some bottom-right quadrant people. We got rid of some of those not too long ago - wouldn't want them on my team again.Super hard to manage and work with.
z3t4 2 days ago 0 replies      
How do you finish a project ? One step at a time !
Show HN: The Road to learn React Build a Hacker News App on the Way robinwieruch.de
322 points by rwieruch  2 days ago   22 comments top 5
acemarke 2 days ago 3 replies      
The previous tutorial posts by Robin are fantastic, and cover topics like React, Redux, MobX, Flow, and ESLint ([0]). This book looks to be even better. I'm going to preemptively recommend it without having even read it yet, because I know it'll be extremely well written.

As a similar note and bit of a self-plug: I keep a big list of links to high-quality tutorials on React, Redux, and related topics, at [1]. Specifically intended to be a great starting point for anyone trying to learn the ecosystem, as well as a source of quality info on more advanced topics. I've also been blogging at [2] on React and Redux usage, and just posted "Practical Redux Part 5: Loading and Displaying Data" [3], the latest in a tutorial series intended to demonstrate some intermediate to advanced usages of React and Redux.

[0] http://www.robinwieruch.de/

[1] https://github.com/markerikson/react-redux-links

[2] http://blog.isquaredsoftware.com/

[3] http://blog.isquaredsoftware.com/2016/12/practical-redux-par...

tzury 1 day ago 2 replies      
Love this book, the flow, the levels, and the rhythm!

The only thing I stay apart from, is the implicit approach of ES6.

IMHO, explicit is better than implicit. Therefore:

 return (<div>...</div>)
Is better than

 { <div>...</div> }

 this.state = { list: list };
Is better than

 this.state = { list};
Everyone these days seems to take the implicit ES6 way though.

Steeeve 1 day ago 1 reply      
Two days ago I made a comment about HN evangelizing React, but never posting any good/current getting started points. I officially stand corrected.

I'm still curious about reasons to invest time in learning it over plain old javascript.

vanderreeah 1 day ago 0 replies      
Pedantry alert: small typo - "if you can effort it" should be "if you can afford it".
baristaGeek 1 day ago 1 reply      
Why would you want to teach React without Redux?

I failed on the trap as well, I mean, why would you want to add yet another 'concept' to your stack when you can just get a simpler piece of code do the same thing as a more complex one?

The truth is that if you're going to build something as simple as a simplified Hacker News clone, you can just get along using concepts of Redux with plain-old React without actually using Redux.

However, if you want to build a much more complex frontend system using Redux does give you a utility.

AirPods are now available apple.com
241 points by runesoerensen  2 days ago   564 comments top 51
FireBeyond 2 days ago 15 replies      
There's like a next-level Apple marketing babble on that page:

"AirPods introduce an effortless wireless listening experience packed with high-quality audio and long battery life. These magical wireless headphones use advanced technology to reinvent how we listen to music, make phone calls, enjoy TV shows and movies, play games and interact with Siri, providing a wireless audio experience not possible before."

Magical. Reinvent. Not possible before.

None of these words applies.

erikpukinskis 2 days ago 18 replies      
I find this headphone war discussion a bit boring. The AirPods are much more interesting as Apple's first foray into augmented reality.

If they add positioning, this product becomes Magic Leap without the visuals. I don't think they see this as a music device, they see it as a new platform for audio. Interesting things start happening when people start leaving one or both in their ears all day. Arrival times in your ear at the bus stop. Ask Siri for a price check while at the store, etc.

A cable to your phone makes the earbuds hard to forget. This makes it easy, but the design details have to be right for you to truly forget they are in.

I know "forget they're in" doesn't sound like a groundbreaking feature, because it's not connected to any obvious technical challenge, but I think if they succeed at that it would in fact put these in a new category.

Positional audio would seal the deal. You can walk around your kitchen and it would feel like your invisible conversation partner was in the room with you.

Scriptal 2 days ago 3 replies      
Why did they not make the charging port USB C?

I feel like a lot of this mess with needing a different dongle and special wire for each product would have been less of a big deal if everything they did just moved to USB C all at the same time. Now if you want to charge your air pods with a macbook pro you need a cable to go from usb C to thunderbolt (not included) or an adapter to use the previous-gen-usb to lightening cable it does come with.

It feels to me like the different product development teams at Apple didn't communicate with each other at all w.r.t. what ports to use.

rconti 1 day ago 1 reply      
Not airpods, but I've gotta plug my amazing Bose QC35. I've never owned (or seen the need for) noise-cancelling headphones, never thought I'd use wireless headphones. But the QC35 caught my eye with the built-in mic (probably on a day I had a phone conference). I bought them despite the steep $330 price, and haven't looked back.

They're amazingly comfortable, the noise cancelling is best-of-breed, the battery lasts AGES (far beyond the rated 20 hour (!!!) life), the sound quality is epic, they play plenty loud, handle bluetooth handoff better than anything I've used.. I just can't stop talking about them.

It seems like just a year or so ago bluetooth was still an impossible-to-pair never-works-right pile of crap, and now it's turned a corner. I've always got my FitBit, Apple Watch, and often my headphones paired to my phone. Everything just works. I can be on a call on my headphones, hop in the car, and the call seamlessly transfers to the audio system in the car (2016 VW Golf).

My phone and laptop both play sound through the headphones just fine, it keeps both paired at the same time.

And they don't even support whatever high-resolution codec Apple uses (aptx or the other one, I can't remember). But the sound quality has to be heard to be believed, the noise cancelling makes tiny details in the music way more audible than ever before.

I'm not in the market for AirPods, but I'm a total believer in wireless headphones now.

AceJohnny2 2 days ago 8 replies      
> "No wireless. Less space than a Nomad. Lame." -- Slashdot creator CmdrTaco/Rob Malda about the iPod in 2001.

I'm not saying these will have the impact of an iPod, but I am entertained by the amount of naysaying here.

For one thing, how often have you fiddled with the knots in your headphone cord? It's frustrating enough to prevent me from using them in situations where I otherwise would.

MrQuincle 2 days ago 2 replies      
They should have used the cigarette butt picture:


Regarding specs:

+ Bluetooth

+ No cables

+ 5 hours battery life

+ Charging case with total 24 hours battery life

+ Automatically turn off when removing from your ears

+ Key synchronization via iCloud (makes pairing process simpler - and could make sharing process simpler as well - but is Apple-only)

+ Peripheral to Apple Watch

+ Including microphones and double-tap to activate Siri (no direct volume shortcut)

usaphp 2 days ago 3 replies      
A lot of people here seem to be complaining about them falling out of their ears, while non of them actually tried to wear them first. Also everyone is stating things like this "I will use them two or three times during rush hours in London, bump into a couple people". But for me personally - I only use headphones while at my desk and I love current EarPods because unlike many other in-ear headphones they do not create any pressure onto my eardrum, I can wear them all day without any fatigue whatsoever, having a wireless version so I can stand up and walk around often sounds perfect to me. Also the only time when current EarPods are falling out of my ears is when the cable gets pulled or tangled on something, without a cable I don't see how they can fall out easily.
grandalf 2 days ago 1 reply      
I'm very curious how this product will sell. Considering that I routinely lose or break ear phones and occasionally put them through the clothes washer, I'm very unlikely to invest $150 in a pocket sized pair (I do have some high end cans that i use now and then which are too large to be easily lost or accidentally submerged).

As the owner of an iPhone 7, I have encountered some frustration from not being able to charge and listen to headphones at the same time. I realized that if lightning cables were USB, I could just use some sort of hub.

But it seems that Apple has declined to offer a splitter, leading to many shoddy attempts for sale on Amazon, most with fewer than three star average ratings.

Viewed as an independent gizmo, these are a great idea and will appeal to some people. But viewed as an alternative to the convenience of the 1/8th inch jack on the back of the phone, a lot is left to be desired.

The picture of the futuristic woman wearing them evokes the single-ear bluetooth headset, only worn over both ears.

johnhenry 2 days ago 9 replies      
I don't know the best place to say this... I'm always a little sad whenever Apple announces earphone related technology -- their earphones simply do not fit in my ear; they simply fall out. I wonder if anyone else has the same problem? Or problems with other specific pieces of technology?
pawelwentpawel 2 days ago 1 reply      
Beats X which are wireless too seem to have a cool solution for keeping them close to the user - there is a cable which stays behind the neck. As well, you can magnetically clip them together. And... get them in red - much easier to find!

I like the idea of AirPods. Unfortunately, my main concern though is that I will use them two or three times during rush hours in London, bump into a couple people on the tube and they'll be gone.

snegu 2 days ago 1 reply      
The use case that I'm interested in is being able to have just one bud in my ear (to be able to hear what's going on around me) without the other one dangling. To me, that's worth the money.
bnastic 2 days ago 0 replies      
Ordered, delivery in a week. I have a couple of Bluetooth earphones that are all pretty poor in UX department and not-so-horrible-but-still-subpar in the sound quality department. I am hoping these will prove to be much better in both.
josteink 1 day ago 2 replies      
> AirPods to deliver high-quality audio and industry-leading battery life in a completely wireless design. AirPods deliver up to five hours of listening time on one charge

5 hours and then I have charge them? That won't even last me a work-day.

Count me out.

sumitgt 2 days ago 0 replies      
I use one of these cheap ones: https://www.amazon.com/Bluetooth-Headphones-Wireless-Sweatpr...

For someone who listens to mainly podcasts, I found them to be really really convenient. And the wire between the two pods makes it seem a bit harder to lose compared to AirPods.

jjuhl 2 days ago 15 replies      
To me these seem pretty stupid. Major features (to me) of ear-buds with wires and 3.5" jack are: 1) being attached with wires means I don't easily lose them when they slip out of my ear/hand/pocket. 2) the 3.5" jack actually keeps them pretty solidly attached to my phone (again, less risk of losing them). Walking around with two loose tiny objects seems less than ideal - at least to me; I'd lose them within days.
ArlenBales 2 days ago 0 replies      
I would like to try these, but the AirPod/EarPod form factor is just painful to my ears. I can never wear them for longer than 30 minutes at a time. Must just be my ear anatomy.

On the other hand, Panasonic makes simply the most comfortable earbuds I've ever worn, even for 8+ hour sessions, for $10: http://a.co/4ztIdDw

mcintyre1994 2 days ago 4 replies      
Has anybody got standard bluetooth headphones and found a way to reliably use them on multiple Apple devices? Mine are usually paired to my phone, and it's just not worth the hassle of unpairing and pairing repeatedly until the Macbook picks them up as unpaired and lets me try to pair with them, which works about half the time. Maybe my Macbook's bluetooth is just broken.. This is kinda disappointing though because I know it'll never get fixed, because why bother when if I just bought headphones from them I wouldn't have the problem?
BHSPitMonkey 2 days ago 0 replies      
Bose makes a set of noise-canceling earbuds that are marketed for all-day wear, as a general way of filtering out noise. They want you to leave them in during face-to-face conversations (to help isolate the other voices from the background) or train rides (just to silence everything).


Justin_K 2 days ago 2 replies      
Title should read available in 4 weeks. Hard to call them available when they haven't even shipped from China.
jsatk 2 days ago 2 replies      
I truly do not get the hype around this.
rememberlenny 2 days ago 4 replies      
Ships January 12th
lolive 2 days ago 1 reply      
Can we expect a better sound quality, when compared with actual earpods?
jarboot 1 day ago 0 replies      
I just got some cheap Bluetooth headphones and they changed how I listen to audio. It's so much more immersive and convenient.

While these are expensive and may not be popular among the slashdot/hn crowd, Apple knows which way the wind blows.

blhack 2 days ago 0 replies      
Just a quick resources-share (since this is turning into a thread that is complaining about earpods): These headphones (https://www.amazon.com/gp/product/B003ELYQJI/ref=oh_aui_sear...) might be my favorite headphones EVER.

The sound is good (at least as good as I've ever heard from earbuds), they're cheap, but most importantly, they TWIST into your ears instead of simply pressing.

This emulates what you'll find in really high end, custom-fit earplugs.

They absolutely will not fall out unless you PULL them out.

mullsork 1 day ago 1 reply      
> Advanced sensors detect when AirPods are in your ear and can automatically play and pause your music.

I've been thinking about this for a while now. Whenever I'm asked for directions or something on the train/commute to and from work I wish I could just take my headphones out and they'd be smart enough to instantly pause and rewind the podcast/audiobook a second or two.

benwad 1 day ago 0 replies      
Honest question: if these become ubiquitous (i.e. the majority of OEMs remove the headphone port on phones and everyone uses some kind of wireless headphones) wouldn't the interference make them unusable in a crowded place? How many channels are available, and is that enough for a whole bus full of people using wireless headphones?
skynetv2 2 days ago 5 replies      
Why is Apple so obsessed with calling everything "magical". If anyone believes this is magic, they also need to believe Apple employs wizards & witches.
kefka 2 days ago 2 replies      
This is very much the "Apple" style, and gave me a laugh.


Seriously, I have very little to add to this. It's overly expensive wireless earbuds to go alongside a failure of 3.5mm jack.

annerajb 2 days ago 0 replies      
AirPods are now orderable.
DoodleBuggy 2 days ago 3 replies      
Very curious how long battery life actually is.

Also, will Apple include these within iPhone box to replace the clunky new lightning things?

copenbacon 22 hours ago 0 replies      
I'd really just like a battery that doesn't die after the 4th iOS update
brandon272 2 days ago 0 replies      
I love wireless headphones. But the main downside to these for me is that it doesn't look like they will improve upon sound quality and sound isolation (or lack thereof) in the traditional wired Apple Ear Pods.
antiffan 2 days ago 6 replies      
A feature I'd love to see: sync to AirPods.

I imagine it won't happen because in some ways it's kind of backwards, but I hate running with my phone, especially because I have a huge 6+.

It seems like a simple thing to just want to be able to take some of my music/podcasts with me running, but it's not realistic unless I own a separate iPod shuffle that I then have to deal with. Adding a small amount of memory to AirPods would make this possible and relatively seamless.

donatj 2 days ago 2 replies      
Do they only work with Apple products? Could I use them with an Android phone?
plg 2 days ago 0 replies      
still says "ships in 4 weeks" for me (canada) (the article says they will be available in stores, and start shipping, next week)
saddestcatever 2 days ago 0 replies      
Are now available*

*beginning next week.....

analog31 2 days ago 0 replies      
Startup idea: A string that attaches them to your phone, so you don't lose them.
ben_jones 1 day ago 0 replies      
FINALLY. I have exactly $159 burning a hole in my pocket. Thanks Apple!
gigatexal 2 days ago 0 replies      
eh the beats X headphones are the ones I am going to get -- I can't be having these q-tips falling out of my ears
eMumbaBlog 1 day ago 0 replies      
Got a pair already. whoot whoot.
amaks 2 days ago 1 reply      
What's the battery life?
caogecym 2 days ago 0 replies      
I won't be superised this product will lead to a absolute failure
bertomartin 2 days ago 0 replies      
might be one of the few duds Apple's ever produced. Let's see.
andrei_says_ 2 days ago 0 replies      
I feel incredibly satisfied by my decision to never buy them.
RCortex 2 days ago 0 replies      
$160...for wireless earbuds + mic. I mean I have the money to throw away but...why. They look ok, kinda odd, but not like call center headsets at least.

You could buy a DS for that much right? That's about how much the ps2 slim costed back in the day.

OliverJones 2 days ago 1 reply      
"double-tap" ?? Isn't that jargon used by snipers to describe the use of two rounds of ammo?
brentm 2 days ago 1 reply      
I thought the public more or less rejected hang from the ear style Bluetooth earphones because they look awkward. I don't think making them white and giving you two is going to fix the perception. Although these may work much better than the old style I am not sure it offsets the reason a lot of people do not like this type of earphone.
remarkEon 2 days ago 2 replies      
These look extraordinarily uncomfortable, especially if I'm supposed to have them in my ears more than usual headphones - or even as long as my current model. If Apple is trying to make an in-ear controller ala Her, I do not see these as something I'll pick up.

Curious. Will there be third-party headphones that work here?

mgo 2 days ago 2 replies      
I will not buy a phone without a 3.5" jack period. I'm not buying ridiculously expensive wireless headphones that are objectively worse (worse quality than wired alternatives, added hassle of charging them plus much more expensive).
equalarrow 2 days ago 0 replies      
My only problem with these is they're not comfortable. No, I have not worn a pair, but the speaker part is just like the current standard headphones and I've never found those comfortable. I think the pairing and siri integration, etc is all nice though.

I still have a $25 pair of Sony earbuds I bought in an airport store years ago. They are comfortable, sound great and have the mic support. Sure, they have the cord which is annoying, but I've tried Shure, Bose and a lot other wired & bluetooth earbuds and none of them sound as good as the Sony pair I have.

It's too bad Apple didn't include some kind of silicone adapter for comfort because if they did, I would consider the AirPods. But again, they're just uncomfortable.

Oh, and my wife likes her Apple headphones because they let a lot of outside sounds in. That's another reason I don't like the Apple headphones and I have a pair of Beats for noise canceling when I want it. I didn't see anywhere that the AirPods had noise canceling, so you're probably going to hear a lot of background noise when using them.

scythe 2 days ago 0 replies      
Why have the stupid white thing hanging down? You don't need it anymore. There used to be a wire coming out of it, but now there's not. They could have made it look like anything, but now it looks like I'm foaming at the ears.

Furthermore, why isn't there a better way of attaching these to your ear? I hate shoving a piece of dirty plastic into the innermost part of my ear. It'd be much nicer to have something with that shark-fin rubber piece[1] or the over-ear clip[2].

1 - http://shop.nordstrom.com/s/bose-soundsport-in-ear-headphone...

2 - http://store.nike.com/us/en_us/pd/powerbeats3-wireless-beats...

Amazon Restaurants amazon.com
249 points by chrisan  7 hours ago   171 comments top 40
guelo 5 hours ago 2 replies      
This is obviously part of Amazon's effort to build out their own delivery network in order to muscle out fedex, ups, usps, etc. If their drivers aren't delivering packages they can be delivering food. That makes their whole delivery network stronger because it allows them to have more drivers employed driving around town all the time. It's the same reason Uber got into food delivery.
gthtjtkt 6 hours ago 13 replies      
This is kind of terrifying after hearing so many life-ruining stories about the rash decisions Amazon makes when dealing with 3rd party sellers ([1] from last week, for example).

Everyone always says "Don't stake your livelihood on platforms you don't control" (e.g. Amazon, Facebook, Twitter, etc.), but what happens when one of those platforms suddenly forces its way into your business? How can a restaurant owner turn them down when all the short-sighted owners nearby are happily signing up?

I'm imagining a day in the future where a restaurant goes broke because Amazon had become a significant portion of their orders, but they suddenly got kicked off the service after X number of complaints (happens to FBA sellers all the time). By the time other restaurant owners realize how easily Amazon can destroy their livelihood, they might be too dependent to voluntarily leave. And then all the smug commenters from the last thread will be grateful for another opportunity to say "Well the restaurants should've known better than to sign up in the first place!"

[1] https://www.reddit.com/r/amazon/comments/5gvgdl/using_a_amaz...

ryaneager 7 hours ago 3 replies      
I received a free $20 to Amazon Restaurants for buying something on cyber Wednesday, didn't know that was a thing until I received the email. I used it to order pizza from a local joint, because who doesn't like free pizza.

Ordering was interesting, they didn't have the pizza I wanted listed under the pre-made options, so I had to make my own, but there was no option to do half and half and adding additional topping had a confusing interface. The menus do not seem to be optimized for each restaurant the way Doordash is, and you must click on an item to see the price.

Also the food wasn't kept in a thermal bag, like pizza delivery does, so it wasn't piping hot when I received it and the delivery members don't have distinct shirts. I probably won't use it ever again since I prefer Doordash, and one of my friends brother in laws is a cofounder/CTO so I feel a false tie to it.

kt9 7 hours ago 1 reply      
When I first saw amazon restaurants (almost a year ago) I thought... meh! Why would I use this... order via phone and then wait an hour. I could order by phone call and go pick it up faster.

Turns out now we use it so much and I've found that the value is that I can order by phone when I leave work and by the time I get home the food will be arriving at my door.

The real value to me is that I can order dinner! They've had a few hiccups in the early days but now its pretty solid!

Animats 4 hours ago 2 replies      
So far, Amazon is just delivering for others. But perhaps they'll get into preparing food as well. Unlike Google, Facebook, GrubHub, Postmates, and Doordash, Amazon is willing to build physical infrastructure and hire people. Amazon could set up a large scale centralized catering operation like LSG Sky Chefs, which makes airline meals. For high-density metro areas, this could work quite well.

Amazon could probably beat out the low-end guys simply by using vehicles and containers capable of keeping the hot stuff hot and the cold stuff cold.

lux 7 hours ago 1 reply      
Interesting that I'm seeing this for the first time on the same day that local food delivery company SkipTheDishes was sold to Just Eat for $110M (http://www.cbc.ca/news/canada/saskatoon/skip-the-dishes-sold...).

Skip is very popular here in Winnipeg since this is where they're headquartered, but always seemed like the underdog in the overall market. Wondering what will become of Skip, and how Just Eat and the others will keep duking it out from here now that Amazon is in the ring too.

SallySwanSmith 7 hours ago 1 reply      
Amazon restaurants is hardly new. My first order was over a year ago. Is there something else new that I'm missing?
Androider 3 hours ago 0 replies      
Amazon Prime Now has a $10 minimum, free delivery, and no markup allowed on the restaurant menus in New York. For me, that makes it the best service available hands down, and actually starts to change my behavior as a customer.

If it doesn't cost any more than what I'd pay in person schlepping to the restaurant, the psychological barrier to ordering on a whim is virtually eliminated. It also has that Uber-esque impersonality to it: the delivery guy doesn't wait around after dropping of your food in your typical managed NY apartment building (literally racing down when I get the call, I've never been able to spot them), since they're tipped up front. In fact, the last service I can remember that was such a no-brainer improvement when introduced, was Uber X.

That's not sustainable you might say. But members do pay $99/year for Prime, which isn't a whole lot since it does so much, but is increasingly a larger part where Amazon makes their margin from.

untog 7 hours ago 1 reply      
Interesting - it appears that Amazon handles the delivery part, theoretically freeing restaurants up from having to worry about that side of the business. Makes sense, though I wonder what % of costs delivery drivers really are (and, of course, what % Amazon is charging)

Either way, Seamless/Grubhub have turned to utter garbage since their merger. I'm happily using Delivery, but much like Uber/Lyft, these are commodity businesses that I can switch between at zero cost to myself. So I'll give Amazon a try too.

cavisne 6 hours ago 3 replies      
One differentiation with amazon restaurants is at least in my market they don't mark up food prices (like door dash and kindof postmates) and they don't charge for delivery.

Uber eats is the best of these I've found, but it's a pain meeting at the curb.

Amazon restaurants has by far the worst drivers though, I think compounded by tipping before they deliver, and no ratings system

harigov 5 hours ago 2 replies      
This is a great opportunity for some restaurants to outsource cooking. Just provide a place for people to sit, eat and chat with some alcohol options. One can order food an hour before arriving and eat at the restaurant. The advantage is that folks can order from any number of cuisines. This can still be cost effective in the long run when kitchens can be bigger and in the outskirts and the premium place in the city is reserved only to sit customers.
kin 4 hours ago 0 replies      
While my first order was close to a year ago, what I have to say about this and all the other food delivery services (Postmates, UberEats, Grubhub) is that I typically have a hard time meeting delivery minimums or straight up find the delivery fee too expensive to justify an order.

So far, I've only ever used Amazon when I have a coupon. It would be cool if I could accumulate Amazon restaurant credit as an option when I choose No Rush Shipping or have some form of loyalty/rewards system. Else, I'm just going to choose whatever is cheapest, even if slightly less convenient. And that's just me. Other users' loyalty could be even more elusive I'm sure.

Balgair 4 hours ago 1 reply      
So, Amazon is having some issues with retailers trying to sell you some gadget that really isn't what you thought you were going to get. Like a USB stick that says it's 256GB, but is actual 2 Mb. The 'reviews' of these shadier products are shilled out or just 'bots and amazon is trying to get these types of things off their market.

So, what happens when this happens to these restaurants? Like, say I 'open' up a restaurant inside of my apartment. Maybe I list the address as some other place, or I just risk the local health inspector showing up unannounced. But I only sell via Amazon, and I get some friends and family to write reviews of my kitchen, or maybe I just pay some 'bots to do it too. Amazon has problems already with that fly-by-night operation, how are they going to combat it?

For reference, this was an issue with GrubHub last year:



oldbuzzard 7 hours ago 0 replies      
Meh. I have prime and keep getting $10 off coupons but here in Minneapolis I don't see anywhere I want to order from. Bitesquad has places that I order from every now and then. If Amazon had a decent network they might entice me in to becoming a restaurants customer... but as it is, it is like the crappy prime video selection.
koolba 7 hours ago 1 reply      
So how much longer till they combine this with drone delivery?

The thrill of having a pizza arrive by drone could justify a hefty premium for a kids birthday party.

sytelus 4 hours ago 2 replies      
Assume that on average,

* delivery time = 30 minutes

* minimum wage + minor benefits = $10/hr

* cost of vehicle, gas and other logistics = $5/hr

...then they must charge $10 per delivery. If you squeeze and wiggle may be you can bring this down to $7 or so likely not considering downtimes in between peak hours. I thought this was the reason why most door-to-door delivery services eventually failed or switched to catering. What is the new business innovation here?

CodeSheikh 4 hours ago 2 replies      
Amazon is moving forward with a GREAT momentum to dominate consumer market and extends its monopoly. It is not Amazon vs small businesses anymore. Amazon is in a ferocious battle right now with big players in various domains (Google, Walmart, Apple etc). So far it is turning out to be beneficial for an average middle-class consumer who conveniently gets to purchase cheap products and services. The way Amazon has extended its tentacles deep into TV content (Netflix vs Prime Video), produce (FreshDirect vs Amazon Fresh), Amazon Basics and Amazon elements, Alexa in home automation, e-readers, Spotify vs Amazon Prime Music, Rackspace vs AWS cloud, (failed) cellphones venture, and now Seamless vs Amazon Restaurants. Is it becoming more possible for Amazon to either acquire FedEx/UPS or create its own shipping company? I mean why not? This seems like a missing piece of puzzle.
kldavenport 7 hours ago 1 reply      
So far it looks to have a better web and mobile interface than postmates and grubhub.
mfonda 5 hours ago 1 reply      
Amazon Restaurants is a great service which has been around for some time now, at least here in Seattle. I use it pretty much exclusively now instead of other similar services I've used in the past. The minimum order is much lower ($20 instead of $30 or $40 a lot of other services add), there's no delivery fees, and your driver is tracked via GPS with guaranteed delivery windows, so you have a much better idea of when you're order will actually arrive. There's also a better selection of restaurants than other services.

That said, the UI isn't quite as user friendly. It feels bolted on top of Prime Now, so you don't really have a typical menu, a regular shopping cart is used and shared with Prime Now which just feels a bit off. I think it would feel much nicer if they built a website specific to food ordering instead of trying to shoehorn it into Prime Now.

tigershark 3 hours ago 0 replies      
I am really missing something here.If I click the link it brings me to my Amazon application and I don't see anything new.My first order with Amazon restaurant was at the beginning of September.So I guess that I am missing something?Amazon restaurant is three months old and the useless link that just brings me to their app doesn't really help me to shed any light.
wwalser 6 hours ago 0 replies      
I like DoorDash and I hoped that they would end up winning in this space but it seems unlikely when their two competitors have other things that the supply side (delivery people) can do if food deliveries aren't needed. Amazon is likely re-using prime instant delivery and Uber is transparently using their drivers to deliver food.

It's kind of like competing with Amazon or Google for cloud infrastructure. Very few companies need all of those machines or that tech, they have no use for it other than renting to people. Amazon and Google on the other hand already needed that tech. They are essentially renting their own excess.

dajohnson89 7 hours ago 1 reply      
Why does Northern Virginia get coverage, but not D.C.? I don't really understand the logic there.
nodamage 2 hours ago 0 replies      
They seem to be pushing this hard here in Seattle. This past week they've sent me two coupons for $20 off my entire order.
pk0020 5 hours ago 0 replies      
As much as I love Uber...I don't feel bullish that they will beat out amazon and their network of vendors/merchants. Uber might go the way of replicating the last mile as a service model that amazon is exploring with their prime now networks, but I'm not sure how Uber will scale this late game since it's not a real core competency.
wineisfine 5 hours ago 2 replies      
As a consumer I couldn't be more then delighted by the Amazon (customer) service.

However, when I read how they threat their employees: it sounds horrible.

Let's hope they never get to the tipping point that they can threat Restaurants, like their employees.

That said: I like it that they try out new things and don't care about failing.

celticninja 6 hours ago 1 reply      
This must be worrying for JustEat who just purchased HungryHouse. Amazon getting in on your business is never great.
rglover 4 hours ago 0 replies      
rajathagasthya 6 hours ago 3 replies      
They advertise Bay Area as one of the regions they deliver, yet it's not available in the South Bay. I wonder what's the logistics overhead to make it available elsewhere in the Bay Area where you already have a Prime Now delivery network.
mundo 5 hours ago 1 reply      
So, how does this make money? Other than the Prime membership, I don't see any reference to fees on either the customer or restaurant side. Is this a freebie land grab?
mournit 6 hours ago 5 replies      
So Amazon now has 5 services to order food from: Prime Now, Prime Pantry, Amazon Fresh, Amazon Restaurants, and regular Amazon. Did I miss anything?

I can't say I'm having an easy time keeping track of which service to use for what.

giacomolaw 6 hours ago 0 replies      
This is awesome! Interesting to see Amazon is really branching out with drones and all that.
bg0 5 hours ago 1 reply      
So this link is just sending me to the amazon restaurants page which has been around for about a year where I live.

Can someone explain the point of this post?

nerfhammer 4 hours ago 0 replies      
"Amazon is eating the world" gets a new meaning today
rm_-rf_slash 7 hours ago 3 replies      
A few years ago when I began to use Grubhub more exclusively to order food, I realized that I was effectively being shut out from other establishments that weren't on Grubhub, simply because I hadn't checked to look at what was nearby, and because the options on Grubhub were usually good enough on their own. It was "post-Google," in a way.

I imagine this effect would be even more pronounced with "the everything store" encompassing an ever-larger portion of total commerce.

ramon 5 hours ago 0 replies      
I can imagine the day I will need an Amazon account in order to enter my house :)
airesQ 5 hours ago 0 replies      
So Deliveroo for the US?
chinathrow 5 hours ago 0 replies      
Once you realize that you can't buy shit anymore without some simple platforms get a huge cut/fee in the middle: rental cars, hotel bookings, flights, meals, everything else... oh I forgot: taxi rides!
partycoder 4 hours ago 0 replies      
This has been around for a while. I wish there was a better integration with the Amazon Echo.

The benefit is that the delivery fee is included into your Amazon Prime plan.

Now, in my opinion, Sprig is a much more affordable everyday meal option when you get the membership. There's also Doordash, GrubHub, EAT24, UberEATS, Postmates... etc. You'll find some restaurants are not available in some apps.

BHSPitMonkey 3 hours ago 4 replies      
Question for the HN mods (and community): At what point is a post like this not simply an advertisement? This isn't a link to a press release, an article, a blog post, etc. that discusses the project, and this isn't even new (I've been getting snail mail ads for this for a month or two).

Should big companies just start linking directly to things they want us to buy on HN, with no context? Is that encouraged here?

tomc1985 7 hours ago 1 reply      
Oh look, Amazon chases another venture like a dog that smells food. So stupid how everyone's always trying to take over the world...
Verizon Explores Lower Price or Even Exit from Yahoo Deal bloomberg.com
237 points by thehodge  10 hours ago   153 comments top 17
bmh100 9 hours ago 8 replies      
One benefit of these incidents at Yahoo! is that they represent salient, clear examples of the cost of poor information security. CIOs and security directors will be able to point to this deal as evidence that poor security can have material impact on the business and destroy massive shareholder value, even years after the fact. A 6.5% intra-day dip sends a clear message. Even a CFO can now see that information security should be viewed as vital insurance that directly impacts shareholder value.
anton_tarasenko 10 hours ago 11 replies      
Yahoo controls 8% of search traffic and costs $4bn. Google controls 64% of search traffic and costs $558bn. That's a 17-fold difference in the price for 1% of the traffic. Even more if you take US search traffic only (to exclude Yahoo Japan).

Verizon can get rid of the costly parts of Yahoo (mostly its media business) and have its own small Google to make cash. That was $1.8bn per year in 2015, while Yahoo's overall revenue stands at $3.9bn (Asia excluded). So Verizon buys the company at 1x revenue.

Who would quit such a deal?

oddevan 10 hours ago 7 replies      
OK, what's it going to take to keep tumblr running? That's literally all I care about here. Everything else in Yahoo can be gotten or done elsewhere, but tumblr's a social network, so there's value in preserving those connections.
heisenbit 9 hours ago 0 replies      
Fixing Yahoo seems impossible. It is bleeding cash and has at its scale no really credible strategic business model as a conglomerate of ideas. Selling it may fall flat now. Would it be possible to split it up? It may be easier to find a strategic direction for parts of it and maybe wind up others?
CodeSheikh 9 hours ago 1 reply      
Let's also not downplay the "Yahoo" brand name. It does not have much high impact negative publicity associated to it (yet). The name "Yahoo!" goes as far back as the Internet for modern day users i.e. 30+ yrs age group. If Verizon can put a nice spin to it and through micro-filtration of the brand whatever filtrate is left, as long as it is somewhat appealing it would sell, let it be a search engine or whatever new product Verizon offers free-of-cost to its subscribers over its data network. Verizon owns AOL and with that a few mobile advertising companies. As TV content is gradually getting further away form traditional set-top-box nightmarish cable providers and more towards individual content companies (Netflix, Amazon Video, HULU, HBO etc), this would be a good step for Verizon to head in that direction as well, maybe not produce original content (such as Netflix/Amazon) but perhaps air exclusive sports events. At the end of the day, it is all about maintaining your monopoly.
AdmiralAsshat 10 hours ago 2 replies      
Verizon would be stupid not to walk away from the deal at this point.

Setting aside that $4 billion was clearly way too much, Verizon, as the parent company, would be liable for any lawsuits against Yahoo resulting from the last few leaks.

luhn 6 hours ago 0 replies      
According to the email I received from Yahoo this morning, the data stolen was from 2013 and contains MD5 hashed passwords.

MD5 hashed passwords. In 2013. Apparently Yahoo never made it out of the 90s.

accountable 10 hours ago 1 reply      
Yahoo has some good stuff, but their brand-name is just so, so toxic now.

I hope that if the deal goes through (and I'm sure it will), Verizon will still keep the better Yahoo services running.

imkevinxu 7 hours ago 0 replies      
Looks like Mozilla still stands to make a lot of money from this http://www.recode.net/2016/7/7/12116296/marissa-mayer-deal-m...
rivaldo 4 hours ago 0 replies      
The prospect of being part of the yahoo acquisition team at Verizon sounds dreadful. Yahoo has so many problems, so many things to figure out... it represents a close to impossible challenge to try to turn it around (in any way).
Animats 3 hours ago 0 replies      
Verizon wants to acquire Yahoo "without the liability". What do they want to do, dump the liability on a business unit designed to go into bankruptcy?
cgvgffyv 3 hours ago 0 replies      
That's silly, of course the deal will go through.

Verizon wants Yahoo on the cheap and somebody at Yahoo is helping.

ChildOfChaos 6 hours ago 1 reply      
This is really just a news headline that really doesn't matter, or make any difference in the real world, who cares? the media just wants to make things seem bad so they can get some attention then on the back of that bad attention someone seeing an opportunity to save some money. Pathetic.
rokhayakebe 10 hours ago 5 replies      
Can anyone explain to me why Yahoo is not worth over $4B?
bogomipz 3 hours ago 0 replies      
So considering there has been at least two breaches that are known and given the size and extent of them is there no concern by Verizon that any intellectual property held by Yahoo might have been taken as well?
serg_chernata 10 hours ago 3 replies      
Is this related to the most recent hack? IE, are they valuing Yahoo as less now that there's more bad press?
cmdrfred 9 hours ago 3 replies      
       cached 16 December 2016 03:11:02 GMT