hacker news with inline top comments    .. more ..    14 Jun 2017 Best
home   ask   best   2 years ago   
Please Make Google AMP Optional alexkras.com
1129 points by tambourine_man  3 days ago   429 comments top 60
epistasis 3 days ago 5 replies      
I'm trying to imagine the uproar if Apple had done AMP instead of Google. Somehow AMP has some staunch defenders, but everything, and I mean everything about how it's been approached has felt very anti-web and pro-Google. The overall concept may be sound, but the implementation, and the inability to escape it, has significantly hurt my opinion of Google. In fact, I no longer use Google's search because of it.
niftich 3 days ago 4 replies      
Google Search on Mobile is no longer a web search engine that hyperlinks to the resulting page, but rather an search-integrated newsreader that loads itself when you click on a result that's marked with AMP. This is understandably a big change from how things used to be, but it isn't going to get better anytime soon.

After all, most people on mobile spend their time inside apps, probably from some Google competitor like Facebook. Within these apps, they click on links, which increasingly load inside webviews; the framing app collects info on where people go, and uses this to sell targeted advertising. Facebook is a king in this space, and is now the second largest server of internet display ads, after Google.

Google's assault on Facebook's encroachment is twofold: drive people to Google's apps like the Google Now Launcher (now the default launcher on Android) or the Google app present in older versions of Android and available for iOS, and deploy the same content-framing techniques from their own search engine webpage on mobile user-agents, where the competition is most fierce, and they can also position it as legitimate UX improvement -- which, to their credit, is largely true, as bigpub content sites on mobile were usually usability nightmares and cesspits of ads.

I understand that the author and quite a few others are peeved at this behavior and that there's no way of turning it off. But it's really not in Google's best interest to even offer the option, because then many people will just turn it off, encouraged by articles like the author's own last year where he was caught off-guard and before he gained a more nuanced appreciation for what's really going on.

The bottom line is this: Google is inseparable from its ad-serving and adtech business -- it is after all how they make most of their money -- so if you are bothered by their attempts to safeguard their income stream from competitors who have a much easier time curating their own walled garden, you should cease using Google Search on Mobile. There are other alternatives, who may not be as thorough at search, but that's the cost of the tradeoff.

godot 3 days ago 4 replies      
There's a lot of complaint about Google AMP and Facebook Instant Articles, e.g. walled garden, anti-open-web and whatnot.

Here's something simpler from a non-developer, average-consumer point of view. I recently began taking BART to work daily (new job). For those who don't know, BART is Bay Area's subway system, and (at least on the east bay side) cell reception is notoriously spotty.

When I'm on the train, which includes 2 hours of my day everyday (unfortunately), I'd be browsing on say Facebook, and look at links that my friends post. Instant articles almost always load successfully (and quickly) and external links to actual sites almost always fails to load or loads insanely slowly.

Yes, when you're at home or in the city with good mobile reception, these things make no sense and you'd rather hit the original site directly. Give them their ad revenue, etc. to support them, right. But for the average consumers who actually have problems like slow internet (like the average joe who rides public transportation and wants to read on their phone), things like AMP and Instant Articles actually help. I can only imagine outside of silicon valley (where I live), how much more significant of a problem slow internet/slow mobile data actually is.

P.S. I don't work at Google or Facebook, and I know this sounds like propaganda, not to mention this is exactly what they would like to tell you as the "selling points" of these features, in order to continue building their walled garden empires. Fully aware of it, but I did want to bring up why they exist and why I even actually like them.

gub09 2 days ago 5 replies      
Please, web developers, as a minimum, set up your websites so that they do not depend on Google, Facebook, Microsoft, Amazon or Apple for their functionality. That means, for example, use DoubleClick or AdSense or GoogleAnalytics if you like, but please do not use jquery from Google's CDNs. If you do that, and the site is dependent on that functionality to work (i.e. for text to be displayed), those of us who don't allow Google CDNs will not be able to use the site. The same for WebAssembly: use it if you like, but please don't make your actual content unnecessarily dependent on the use of services from these multinationals. It makes the Web less free.
daveheq 2 days ago 4 replies      
Google AMP:

1. Obscures the web page's URL.

2. Makes manual zoom in/out impossible.

3. Sometimes hides content mentioned in the article, with no ability to scroll horizontally to see it.

4. Confuses Chrome on Amdroid into over-hiding its top address/menu bar (forcing two swipes down all the way to the top to show) or forces it to show (won't hide on scroll down).

This is just coming from a user's perspective, fortunately it doesn't impact my work, but may in future websites I build due to it being almost 100% of the news articles I read.

matthberg 2 days ago 0 replies      
"What I realized today, however, is that while I dont so much mind AMP as a publisher, I really hate it as a user. I realized that EVERY TIME I would land on AMP page on my phone, I would click on the button to view the original URL, and would click again on the URL to be taken to the real website.

I dont know why I do it, but for some reason it just doesnt feel right to me to consume the content through the AMP. It feels slightly off, and I want the real deal even if it takes a few seconds extra to load."

I have subconsciously been doing the exact same thing for a while now, and I think this quote covers a good deal of public sentiment. It's weird to use AMP, yet slower without it.

Another main issue I have with AMP is that there is no speedy way to check the url, something I do quite frequently. Instead it's just Google's hosting for the site, with the source being only available by clicking on the link icon.

sintaxi 3 days ago 8 replies      
I suggest stop using google search altogether. https://duckduckgo.com/ is an excellent search engine and its trivial to make a google search via `!g` prefix when you are not finding what you are looking for.
ciconia 3 days ago 7 replies      
At 43yo I probably belong to the older folks on HN, but those modern devices all of us carry in our pockets to me seem just absolutely incredible and magical. They probably can run around machines that took up whole rooms just a few decades ago.

At the risk of sounding like an old fart (I probably do), I fail to understand this frustration of normal mobile users with the so-called slowness of their mobile experience. To quote CK Lewis: "Give it a second! Its going to space! Can you give it a second to get back from space!??"

andy_ppp 2 days ago 2 replies      
What really gets me about the AMP Cache (AMP itself is fine by me) is that it doesn't actually make anything faster. If you time the difference in download speed between the real website AMPd page and AMP Cache URL the difference is almost nothing in 99% of cases. And neither page load gives you that magical instant hit you get on Google's SERPs.

The speed difference on SERPs is the background downloading and (possibly) pre rendering of AMP pages. This functionality could easily be added to browsers, keeping people on their own websites and Google not having control over the content.

We already have <link rel="preload/prefetch"> but how about adding <link rel="prerender" href="http://amp.newswebsite.com/article/etc." />.

This would absolutely give all of the benefits of AMP Cache without Google embracing and extending the web. It's also much simpler to integrate, every single site can choose to benefit from this (not just SERPs) and I don't end up accidentally sending AMP Cache urls to my friends on mobile.

wmf 3 days ago 2 replies      
The author's argument against AMP comes down to "I dont know why I do it, but for some reason it just doesnt feel right to me to consume the content through the AMP. It feels slightly off". This is... not a strong argument.

The AMP saga has pretty clearly shown that users care about content while Web developers only care about URLs and what goes over the wire. This is a huge disconnect. It doesn't help that many Web developers show no empathy for the users' viewpoint.

Ultimately it probably is easier for Google to add an opt-out to appease a very small, very vocal minority than to educate them that the URL doesn't matter.

sorenstoutner 3 days ago 3 replies      
My experience is that all the advantages of AMP can be had by disabling JavaScript while browsing. And this comes with none of the disadvantages of ceding even more control to companies like Google and Facebook.

In my opinion, JavaScript should be disabled by default and only enabled for specific tasks or websites. Not finding exactly what I was looking for in any other browser, I eventually created Privacy Browser on Android. https://www.stoutner.com/privacy-browser/

There are extensions like No Script that can give similar results for other browsers. https://noscript.net/

tangue 3 days ago 2 replies      
AMP has been created for product managers. Everybody in a project knows that slow and bloated pages hurt users, but business requirements are making it impossible to do otherwise. Google AMP solves this problem, in an authoritarian way (hence the outrage), by defining what's good and bad for the Internet.

Marketing has taken the lead in corporate websites projects to the detriment of the end-users, AMP puts the user in the center.

j1vms 3 days ago 0 replies      
What some may fail to see is that the Web's success in the smartphone/mobile era is not yet secure. Both Facebook and Apple, among others, have vested interest in treating the Web as competitive threat. I believe AMP was Google's response to Facebook's Instant Articles.

Although there is much to be concerned about Google's ever-expanding reach into the daily life of a good portion of the planet, I think web proponents have more to fear from the likes of FB, Apple, and others appearing on the horizon. These companies are mostly succeeding at meeting current UX expectations (performance, standardization, ease-of-use), and in doing so they are capturing eyeballs away from the web. It's possible some of those who have left for these walled gardens may not return.

b0rsuk 2 days ago 2 replies      
The article displays his autocomplete hints:

 google amp pages google amp annoying google amp sucks google amp conference
My equivalents in google.com are:

 test cache disable maps
Both bing.com and duckduckgo.com (which doesn't track) don't recognize "amp", even when I put both first words in quotes, and assume I made a typo in "maps".

This simple test is therefore inconclusive, but my hypothesis is that his search autocomplete hints are, ironically, colored by his search history. The only negative word I got (disabled) is much more neutral.

Now that I think about it, duckduckgo's "no tracking" isn't just valuable for privacy. It's also valuable for consistent search results across computers without yielding even more information (logging in etc). A few times I made a query and found something useful and surprising, and then I wasn't able to replicate the query on another computer to show someone else. In any case I'd hate to miss a rare interesting page because Google thought that extra 10 pages about Linux might interest me more.

naasking 2 days ago 1 reply      
I'm starting to hate AMP for one simple reason: it breaks the back button on my Android phone. Like, what the hell? Didn't we do this dance over 10 years ago? Do we really have to keep circling the same drain over and over and over again?
omot 3 days ago 12 replies      
I never really understood why google amp is bad. Can anyone explain the reason why people think its ethically bad?
drawkbox 2 days ago 0 replies      
Towards the end of AOL (early 2000s), they used to take all content that you visited through their browsers and re-compress and sometimes remove things from the sites. This sometimes really ruined image color, layouts, style etc.

The agency I worked at it was a huge problem because back then clients and business people still used AOL and would see the jacked up versions of their site. There was literally nothing you could do, they did it to small and large sites without abandon.

AMP reminds me a bit of that type of setup with AOL re-compressing and crunching down sites through their network. I agree with Google on doing this for email for security but not necessarily websites. AMP to me is quite annoying and in general a bad move.

801699 3 days ago 0 replies      
"... Google's AMP team even invited me to have lunch with them."

Reminds me of this:http://blackhat.com/media/bh-usa-97/blackhat-eetimes.html

As far as I can tell, in order to be "forced" on a user, AMP must rely on javascript, the browser used or maybe the OS (I trust they are not rewriting search results to point to AMP but that could be another one).

A no javascript command line tcp client will retrieve the page without automatically following the amphtml link. Users thus have a choice. And if choosing the amphtml link it is easy to filter out everything but the text of the page (the content). In that sense AMP is quite nice.

The "forced" nature of AMP should make users think about these points of control for advertisers and Google: javascript, browser, OS. Maybe website owners will think about them too the next time they "recommend" or "require" certain browsers. Web should be javascript, browser and OS neutral.

BinaryIdiot 2 days ago 0 replies      
Honestly AMP should have been a set of tools / a framework. Think about it.

Currently with AMP Google gets not only your traffic but they get your content on their own domains (which makes all content look like the same trustworthiness) and, at the same time, they mark sites that have AMP available in their search results thusly weighting those results differently because it can train users to click on those more.

Ultimately this is bad for everyone but Google.

However, if it was a framework / set of tools we could create our own AMP pages and simply put them on our own DNS. Google's cache is really the only unique thing going on here and we wouldn't have to worry about sharing trust.

cmac2992 3 days ago 1 reply      
I love AMP as a user. So many sites have brutal load time and jumpy pages, popups and sometimes crashes.

As a developer I'm not a fan. It's another thing to manage and maintain. And the last time I checked once you can't leave without some serious consequences.

As a marketer I like the increased CTR but dislike the higher bounce rate and limited features.

limeblack 3 days ago 0 replies      
So another article was posted a couple weeks ago about AMP. One advantage I have seen is that you can get around intranet blocking sites if they support AMP. Besides obviously speed this is the only advantage I have found.
alenros 2 days ago 1 reply      
Wrote down this Tampermonkey\Greasemonkey script that would do the job of automatically redirecting you to the original content. can also be obtained from [0]

// ==UserScript==// @name Un-AMP// @namespace http://tampermonkey.net/// @version 0.1// @description avoids google AMP links and navigates to the original content// @author Alenros// @match https://www.google.co.il/amp/*// @match https://www.google.com/amp/*// @grant none// ==/UserScript==




johneke 1 day ago 0 replies      
Even if people are for/against AMP, I think it does make sense to have AMP optional. For instance Google searches will often show the "Ad"-ified link at the top, but with the regular link somewhere below in the search results. Google could just as easily have the AMP and non AMP links in the search results if they aren't really the evil corp everyone thinks they are :)
tempodox 2 days ago 0 replies      
If we need Google to tell us to do something that could just as well be achieved by applying reason and sane engineering, without capitulation to a monopoly, then something is deeply wrong with our industry.
abrowne 3 days ago 2 replies      
I've never actually seen AMP "in the wild". Is it because my only mobile browsing is with Firefox on Android?
ender7 3 days ago 8 replies      
Users: I like AMP pages, they're fast!

HN: But the open Internet!

Users: What's that?

HN: Normal websites!

Users: Like...the really slow ones? With all the annoying popovers? And pages that take forever to load? And for some reason cause my fancy new phone to slow to a crawl?

HN: Well, those websites should rewrite their entire codebase to be faster.

Users: That doesn't help me, though.

HN: Trust in the free market! The problem is you, the user, who just needs to exert more pressure on website purveyors so they'll make performant web sites.

Users: You mean, like, preferring websites that offer faster experiences? Okay. Continues to use AMP.

whyagaindavid 2 days ago 0 replies      
Here in 3rd world with flaky 2/3G and just 100-300mb data, AMP is welcome. We still use 1G ram phones!
frankydp 3 days ago 2 replies      
Isn't AMP just an RSS reader for the entire internet?

If they solved the URL issue somehow(even if faking the address bar), and had original and AMP links in search; it would probably reduce the antiAMP argument quite a bit. Which both seem to be just UI issues.

jbg_ 2 days ago 0 replies      
I started using a self-hosted searx[1] instance recently, and I highly recommend it if you'd prefer to not have to care about this nonsense.

It's the first time I've found an alternative to google.com that is actually usable (i.e. I find what I'm looking for near the top of the first results page every time I make a search).

You can use Google as one of the results providers, but you won't see any AMP results, and since searx can mix in results from Stack Overflow etc, you might find that a different search engine than Google still gets you good results.

I think Google would pull fewer of these monopolistic tricks if people would realise they have genuine alternatives.

[1] https://github.com/asciimoo/searx

bsaul 2 days ago 0 replies      
This is crazy, i never noticed those amp links until i read this article. I never clicked on it because my brain somehow classified them as "weird google stuff looking like a new kind of ads". It looks so much like the "external content" ads you find on some website, plus it provides less room for the first sentences of the article, so it made it look even more like clickbait.

What did happen though, is that i found google results a lot worse on mobile, and ended up not searching for stuff on my mobile. Google results really look like a mess on mobile now...

They really went from minimalist zen to baroque indian arabesque over the year...

makecheck 3 days ago 2 replies      
Be sure to structure your Google searches as "g!" searches to DuckDuckGo and AMP effectively disappears with the same set of search results.
quadrangle 3 days ago 2 replies      
> this jeannie is firmly out of the bottle

It's "genie"

codazoda 3 days ago 0 replies      
So, funny thing. I have been ignoring amp results by accident. I didn't realize what they were and they look like sponsored ads, so I had complete "banner blindness" to them. Odd, now I'll try a few.
vultour 3 days ago 2 replies      
> AMP took off. Over two billion pages are using AMP

I don't think I've ever seen an AMP-enabled website, I certainly never noticed any buttons suggesting I visit the original website.

andy_ppp 3 days ago 1 reply      
I mean, if you take AMP to it's logical conclusion why should Google allow anyone to host their own webpages when Google can host them all better and faster.
cubano 2 days ago 0 replies      
> To be honest, I dont even know what Facebook Instant Articles are.

Amen, brother.

jeshwanth 2 days ago 0 replies      
AMP should be optional, I was getting irritated yesterday as many pages are not getting loaded.
burgerdev 2 days ago 0 replies      
> My issue with AMP being used inside Google the Search engine

I'd suggest trying an alternative, maybe https://duckduckgo.com.

Artlav 2 days ago 1 reply      
As someone who just heard of AMP today, i still can't find any site where it's used, nor have i ever encountered it in the wild.

Is it an american thing, not enabled for other countries? Just what am i supposed to look for?

reaperducer 3 days ago 0 replies      
As someone who used to make WAP web sites for mobile phones, I find AMP's limitations comforting and its goal laudable. Much better than the throw-another-javascript-framework-on-the-pile ethos that they teach kids coming out of school these days.
ccommsxx 2 days ago 2 replies      
I've been waiting for a comment on why re-hosting verbatim copies of the original content by google is not considered copyright infringement? How come there seems to be no discussion on this at all?
lokedhs 2 days ago 0 replies      
Honest question. How do I see an AMP page? Perhaps my use of a browser is different that most others (I don't use Facebook, for example) but I can only recall seeing an AMP link once or twice.

Do you only see them when doing a Google search?

JeremyBanks 3 days ago 1 reply      
Google search doesn't really have many options like this, and I'd be shocked if they added this one.

But given the URL format, it should be trivial for a browser extensions to rewrite links or requests from AMP pages to the original. I bet it already exists.

falcodream 2 days ago 1 reply      
If my regular page loads as fast as the AMP page, to within some margin, could Google drop the AMP version and link directly to me? It would make AMP a tool for improving the web rather than replacing it.
homero 2 days ago 0 replies      
At least they give you the link now, before was horrific
plasma 3 days ago 0 replies      
Like the article, I often dismiss AMP and visit the original, because I want the latest content - AMP is cached and so for sites like reddit the content is out of date.
geekme 2 days ago 0 replies      
The publishers should stop supporting AMP collectively. I own a couple of websites and I have not enabled AMP in either of them.
grizzles 3 days ago 0 replies      
I posted an alternative solution. https://github.com/electron/electron/issues/8534

The ticket was closed a few days ago. People dislike stuff like AMP, but we are probably stuck with it, there just isn't much interest in alternatives.

skmanish 2 days ago 0 replies      
Not able to view AMP pages in my Google chrome right now, neither on my friends' phones
learntofly 3 days ago 1 reply      
I use an older iPhone as my primary internet device when at home.

From google news, the top hits are served through amp and I lose about 1/10 of my screen area to a pointless blue "bar" underneath safari's address bar. This loss of screen space is the only reason I object to amp.

dabber 3 days ago 0 replies      
I haven't read through the comments here yet but my initial impression of the article is 'ha, I was literally thinking this today'; because I was. AMP is a little heavy handed for my tasteS. Another instance of HN being on the same wave length I guess.
tomphoolery 3 days ago 2 replies      
Why doesn't AMP change the URL bar itself? I don't see a reason why it can't utilize the browser history API and attribute the correct URL page view, considering Google is probably doing your analytics too.
radicaldreamer 2 days ago 0 replies      
I cant help but think that Google considers more and more posts like this a success metric for taking over this part of the web (like Facebook does with its walled garden).
tobyhinloopen 2 days ago 0 replies      
I must be stupid but I never seen an AMP page anywhere. Link?
0x0 3 days ago 8 replies      
AMP is bad and anyone who's invested in it should feel shameful for making the internet a worse place.
Shorel 2 days ago 0 replies      
Just make your blog in Jekyll instead of WordPress.

Much faster everywhere, in all browsers and platforms.

dreamcompiler 2 days ago 0 replies      
Maybe if we all start adding

Pragma: no-AMP

to our HTTP requests Google and publishers will start noticing we care.

wbc 3 days ago 1 reply      
anyone from the project? wanted to test out but it looks like the create link is dead: https://www.ampproject.org/docs/create/
zhuzhu 2 days ago 1 reply      
This guy earning with Google adsense
PaulHoule 3 days ago 1 reply      
Use bing?
Chess.com stopped working on 32bit iPads because 2^31 games have been played chess.com
745 points by NewGier  1 day ago   312 comments top 28
eponeponepon 1 day ago 11 replies      
It's fascinating... the Y2K problem never came to fruition because - arguably - of the immense effort put in behind the scenes by people who understood what might have happened if they hadn't. The end result has been that the entire class of problems is overlooked, because people see it as having been a fuss over nothing.

I sometimes think it would've been better if a few things had visibly failed in January 2000.

cm2187 1 day ago 8 replies      
Self-confidence as a programmer is when starting a new project, storing the transaction ID as a long rather than an int...
chesserik 1 day ago 5 replies      
Hey all. Thanks for noticing :P Obviously this is embarrassing and I'm sorry about it. As a non-developer I can't really explain how or why this happened, but I can say that we do our best and are sorry when that falls short.

- Erik, CEO, Chess.com

SomeHacker44 1 day ago 3 replies      
"This was obviously an unforeseen bug that was nearly impossible to anticipate..."

Snarky... Except that there were probably years of games to notice that you were approaching a "magic number" like 2^31.

pram 1 day ago 3 replies      
I recently experienced a nasty bug with BLOB in MySQL. The software vendor was storing a giant json which contained the entire config in a single cell. It ran fine for months, and then when it was restarted it totally broke. Reason was: the json had been truncated the entire time in the database, so it was gone forever. It was only working because it used the config stored in memory on the local system. Nasty!
russellbeattie 1 day ago 1 reply      
This problem is more related to a programming underestimation than the actual limitations of a 32bit CPU (which can happily process numbers or IDs that arbitrarily big if you have the memory for it and program it correctly).

That said, this is definitely indicative of what's going to happen in just 20 years, 6 months and 20 days from now. I mean, we're still cranking out 32bit CPUs in the billions, running more and more devices, and devs still aren't thinking beyond a few years out. I know of code that I wrote 12 years ago still happily cranking away in production, and there may be some I wrote even longer than that out there... and I guarantee I hadn't given two thoughts about the year 2038 problem back then, and I doubt many devs are giving it much thought today.

It's truly going to be chaos.

jakub_g 1 day ago 1 reply      
Long long time ago, I created a poll on a small website I was maintaining. I didn't expect much traffic and, so, not thinking too much about it, I put the ID column to be a TINYINT (i.e. max value = 255)...

That was a valuable lesson.

(I actually generated most entries myself while testing stuff - live in prod of course - and while there were probably fewer than 255 votes, the AUTO_INCREMENT did its job and produced an overflow).

throwaway2016a 1 day ago 1 reply      
Reminds me of the havoc that was caused when Twitter tweet IDs rolled over. Resulting in every third party developer to update their apps (and at the time there were a lot of those).

Twitter saw it coming and forced the issue. By saying that at a certain date and time they would manually jump the ID numbers rather than wait for it to happen at some unpredictable time.

ericfriday 1 day ago 1 reply      
This reminds me YouTube changed its view counter from 32-bit integers to 64-bit integers due to the popularity of 'Gangnam style' https://www.wired.com/2014/12/gangnam-style-youtube-math/
vitomd 13 hours ago 0 replies      
A lot of comments but no one said the great time that we are living for chess. So many games online, ready to be analysed and learn from them. After deep blue people thought that it was the end of chess, but its only getting better. Computers helping players to improve.

Chess.com is a great site, also lichess.org and chessable.com if you like chess you should check them.

chesserik 1 day ago 0 replies      
Fun to read some of other stories where this bit them too (PacMan, WoW, and eBay)! Anyway, new app has been approved by Apple and should be rolling out soooooooooon....

Thanks for all the comments! Always lots to learn from.

shurcooL 1 day ago 1 reply      
Do we know when chess.com launched? If so, we can calculate the average number of games being played per second.
rasz 1 day ago 6 replies      
were they ever expecting negative number of games? why signed integer?
vxxzy 1 day ago 10 replies      
How many other examples like this have occurred throughout computing history?
abalone 1 day ago 1 reply      
So they probably just need to use longs instead of ints. But I'm curious, if you were really stuck with a 32-bit limit on data types, what's your preferred workaround? I'm thinking I'd add another field that represents a partition. Are there other "tricks"?
cwfrank 3 hours ago 0 replies      
Issues like this are not uncommon on Chess.com. I've been playing there since 2008 or 2009. If you read recent comments about issues as they pertain to the recent "v3" release ... as much is to be expected.
key8700 1 day ago 0 replies      
eBay (almost) had this problem and I cannot find any articles about it online. They were rapidly approaching 2^31-1 auctions. So they switched to a larger integer, the switchover went badly, and they were mostly down for 4 days, if my memory serves. This would be like 10+ years ago I think.
inieves 1 day ago 1 reply      
The title is probably wrong, off by one.

You probably mean 2^31 -1.

spullara 1 day ago 1 reply      
The other one to watch out for is the 53-bit javascript integer limit. That caused the twitpocalypse when Twitter tweet IDs hit it. They had to switch to strings in the JSON representation.
mtkd 1 day ago 0 replies      
These are always the best problems to have
phonon 1 day ago 0 replies      
And I was just reading Heroku/Django discussing the same issue this morning!


yoz-y 20 hours ago 1 reply      
What would be the best way to test for this kind of issues in advance. Testing at theoretical limits at all endpoints?
callumjones 1 day ago 1 reply      
> For f sake how are we supposed to Anderstand that. I suppose your French fry maker is broken ?

Didn't expect Chess.com and YouTube to have a crossover of users? Surprised there isn't active moderation on a site this size.

_pmf_ 1 day ago 0 replies      
That's the most successful reason for failure.
nicky0 21 hours ago 0 replies      
> an unforeseen bug that was nearly impossible to anticipate

Hmmm... :)

fsiefken 1 day ago 1 reply      
Will the Lichess app and platform have this issue? And if not, why not?
prh8 1 day ago 3 replies      
Real world example of why Apple is killing 32 bit apps on iOS.
mattkenefick 1 day ago 1 reply      
"Obviously unforeseen.. impossible to predict." Really? You don't know how to properly store ID numbers?

IMPOSSIBLE to predict.

Verizon closes $4.5B acquisition of Yahoo, Marissa Mayer resigns techcrunch.com
630 points by pyprism  12 hours ago   320 comments top 33
chollida1 12 hours ago 8 replies      
A list of Marissa Mayer's/Yahoo's accomplisments with her at the helm....


Even though all of these gains, plus more as core yahoo lost value was from Alibaba this does look impressive at a first glance.....

> We oversaw the creation $43B in market capitalization and shareholder value. Our market cap has gone from $18B to $51B (increasing our valuation by $33B), while we returned nearly $10B in cash to shareholders.

Sadly the list of employee gains seems very spartan compared to the shareholder gains.

For those of you wondering what the Yahoo/Altaba shell contains now...

- approximately 15 percent equity stake in Chinas Alibaba Group Holding Ltd.,

- about 36 percent in Yahoo Japan Corp.,

- cash and marketable debt securities,

- certain minority investments and Excalibur IP, which owns some patent assets.

brookside 11 hours ago 2 replies      
I have disliked her ever since being influenced by this gawker screed some years back:


Subsequent reporting has hardend my opinion: https://www.nytimes.com/2014/12/21/magazine/what-happened-wh...

I have tried to examine what role gender plays in my visceral dislike for Marissa Mayer. I hope it is a small one. I give myself some consolation that I recoil almost equally when reading any news coverage of Travis Kalanick.

chibg10 11 hours ago 42 replies      
I find it interesting that the comments section of the WSJ (a pretty capitalist-friendly corner of the internet) is filled with complaints about Mayer's "overpay" as CEO and outrage over her "golden parachute," while HN (a much less capitalist-friendly corner of the internet) has gone through 40 comments and I've only seen a couple questioning her pay as CEO, and several comments praising her job in the role.

Take away Marissa Mayer from this story, and replace her with a generic CEO, and I'm not sure we'd see the same mood in either comment section.

Why is this? Is this because she's from Google? Because she's a former engineer? Because she's a female CEO? Is she just a politically polarizing topic ala Elon Musk?

Genuinely curious. Anyone have any ideas?

rayalez 26 minutes ago 0 replies      
What do you think is going to happen to Tumblr?

Tumblr has a massive audience, but some of the worst tech among the social media, and now it seems like it might get abandoned completely. So people will eventually migrate to something else, right?

What can other platforms, like Medium, do about this? If you had a platofrm that might be valuable for a similar usecase(though, hopefully, much better), what would you be doing right now? Any ideas or advice?

invincibles 12 hours ago 2 replies      
Coming soon: All Verizon phones will contain tons of Yahoo crap and use Yahoo by default.
pram 12 hours ago 1 reply      
I really wonder what the ultimate fate of Flickr and Tumblr will be, especially the latter since the acquisition was deemed "essentially worthless" lol
rb808 12 hours ago 6 replies      
Congratulations to Marissa on a job well done. That boat was a sinking ship that no one wanted to captain, and she kept it alive long enough to a satisfactory outcome.
nadim 1 hour ago 0 replies      
signal11 12 hours ago 5 replies      
If anyone knows what impact Verizon's ownership will have on Flickr, please could you share?

I've been on Flickr for a long time now and it works well for me, should I be worried?

CodeSheikh 9 hours ago 1 reply      
I am still waiting for Silicon Valley TV show to pick up this vast subject of Myer's tenure at Yahoo into one of its episodes.
justboxing 8 hours ago 0 replies      
> As expected, Marissa Mayer, who had been the CEO of Yahoo and recently received a $23 million golden parachute for her work there.


I dream of a day when the Engineers who make the Tech Company what it is, are also offered 'Golden Parachutes' as part of a Job Offer.

Simulacra 12 hours ago 2 replies      
I give it about 3 years until Verizon unloads it onto someone else for half the price.
dopamean 10 hours ago 1 reply      
I thought the job of a CEO was to increase shareholder value. Yahoo stock is up roughly 230% since she was officially signed on as CEO. Sounds like she did her job to me.
troxwalt 12 hours ago 0 replies      
They should probably just end all fantasy baseball leagues for this year too. I'd hate to have this year count.

In all seriousness, Yahoo! has done an amazing job with their fantasy sports.

zw123456 12 hours ago 3 replies      
Verizon is combining the AOL and Yahoo operations and calling the new organization "Oath"
redm 12 hours ago 1 reply      
I for one hope this works out well, more diversity is good for consumers. IMHO, anything that chips away at the dominance of Google and Facebook are positive too.
redm 11 hours ago 2 replies      
I can't help but think about the Microsoft buyout offer back in 2008. From a $44 billion dollar offer to an offer 1/10th the value 9 years later.

[1] https://techcrunch.com/2008/02/01/wow-microsoft-offers-446-b...

shawnee_ 11 hours ago 1 reply      
> Those who are keeping jobs in the media division in the newly merged operation include Jared Grusd leading the News vertical (including yahoo.com, aol.com, HuffPost, and Yahoo News); Geoff Reiss leading the Sports vertical; David Karp leading the People and Community vertical (including Tumblr, Polyvore, Cabana, Yahoo Answers, Yahoo View, and Kanvas); Andy Serwer leading Finance media (including Yahoo Finance and Autoblog); Michael LaGuardia leading Finance product and utilities; Ned Desmond leading TechCrunch and Engadget; Alex Wallace leading OTT video production & distribution as well as lifestyle & entertainment (that includes BUILD, RYOT, Yahoo Celebrity, Yahoo Style, Yahoo BeuYahoo TV, Yahoo Movies, Yahoo Music, and Yahoo Entertainment); Dave Bottoms heading up distribution products (Newsroom and video OTT products) as well as growth, monetization, and syndication; Tim Tully leading all of engineering; Dave McDowell leading subscriptions, commerce, and customer care (including Yahoo Shopping and AOL Shopping); and Mary Bui-Pham leading our operations (including design, UXRA, analytics, and program management).

The problem with consolidations like this into bigger and bigger conglomerates is that it reduces editorial independence in favor of a false sense of corporate unification among all the "verticals". The heavy and overweight company has a "great" vision which involves being everything to everybody. But that never works. End result will likely end up providing a lukewarm mediocrity in them all.

What Yahoo probably should have done was divest; instead it allowed itself to be swallowed whole by an ISP whose sole goal (as evidenced with its malfeasance to destroy Net Neutrality) is be able to selectively prioritize traffic in the ways that are most profitable to them... Ergo, the objective of this kind of empire is not to track down the truth and inform people about what is really going on, but to entertain and distract.

parantap2001 10 hours ago 1 reply      
Question - Can someone explain the $4.5B valuation of Yahoo-Verizon deal versus the $49.46B Market cap of Yahoo! Inc. ticker on Nasdaq. Thanks.
ddebernardy 10 hours ago 0 replies      
Didn't Microsoft extend a $40+B (however hostile) bid a decade ago or so? I'm still at a loss as to why Jang et al didn't sell then...
EternalData 7 hours ago 0 replies      
Yahoo thought the media they provided users was important, Google thought user data was important -- it's possible Mayer tried to bring some of Google to Yahoo. But I don't think it was enough to bring Yahoo anywhere close to competing.
PayForPeenus 11 hours ago 0 replies      
Marissa Mayer was already on the sinking ship - but I admire her ambition on trying to make that thing work. God speed on her future en-devours for sure.
adamonkey 10 hours ago 1 reply      
She should become COO of Uber. Perfect!
fred256 8 hours ago 1 reply      
I noticed the YHOO stock ticker is still active. Is that now the empty shell that still has the Alibaba stake, or something else entirely?
drzaiusapelord 12 hours ago 3 replies      
Kind of a sad day for me. Yahoo was so instrumental in the early web where I cut my teeth. Seeing it now sold to some telecom giant at around what a handful of unprofitable mobile apps go for is a bit depressing. For Millenials, imagine if Google was sold to AT&T 5-10 years from now after beaten by hungrier competitors. I guess all these companies fold eventually but Yahoo had quite the terminal illness and it lasted far longer than I assumed and often with bouncebacks that made you think things were getting better.

Perhaps Verizon can do something useful with the brand, but the Yahoo I knew is dead and probably has been since Mayer took over. She was brought in as a hatchet-woman to get an acquisition and got the job done.

timdellinger 6 hours ago 0 replies      
The whole Net Neutrality situation just got more interesting.
faragon 8 hours ago 1 reply      
Does anyone know any significative achievement made by Mayer in Yahoo?
pvsukale3 9 hours ago 0 replies      
"Ye to hona hi tha "

English : this was going to happen anyway

jellicle 7 hours ago 0 replies      
When she took over, there were numerous articles about how Yahoo's core business had negative value (the business plus the Alibaba investment was worth less than the Alibaba investment).

Since then she's given a lot of cash to shareholders, raised the stock price, and is selling the "negative value" core business for $4.5 billion.

That's an astounding success.

59bcc3ad677 8 hours ago 0 replies      
joering2 8 hours ago 0 replies      
For 2 weeks now I'm fighting an enormous amount of spam that start popping up from nowhere and I did trail-back in my memory to not find a single instance in last 3 months where I would give out my email address to anyone new.

Its insane how much of it goes to my direct mailbox right in front of my eyes! Some even have "viagra" word in subjects, they come from weird addresses like hJGabtmDwbaiaJUsgUNiepwwUzDUUdanBHFpiMEghzLKNsotQTbrhZdpDzCHFWatqQB@perico.hunmooth.com and open up with images and everything ready for my click.

I suspect Verizon is already working hard on break the remaining thing that worked fine until now - yahoo mailbox.

But I'm fine with that. I had it in my pipeline to move out of them for so long now another incentive to actually do so :)

joeblubaugh 12 hours ago 3 replies      
Savvy PR move doing this on the same day the Uber report drops and Jeff Sessions testifies in the Senate
aerovistae 12 hours ago 1 reply      
Whoa! The beginning of the end of the end.
How is GNU `yes` so fast? reddit.com
760 points by ruleabidinguser  23 hours ago   309 comments top 31
tzs 19 hours ago 5 replies      
The /r/programming discussion of this is interesting [1].

Someone does a Go version and gets the same speed as GNU yes. Someone else tries several languages. This person got the same speed in luajit, and faster in m4 and php. Ruby and perl about 10% slower, python2 about 10% slower still, and python3 about half that. The code is given for all of these, and subsequent comments improved python3 about 50% from his results, but still not up to python2.

[1] https://www.reddit.com/r/programming/comments/6gxf02/how_is_...

mooktakim 14 hours ago 4 replies      
If anyone, like me, is wondering what "yes" is used for. You can use to pipe "y" to commands that require interactivity, so if you just want to say "y" to all the inputs, you can use "yes" to do this:

 yes | rm -r large_directory yes | fsck /dev/foo

pixelbeat__ 20 hours ago 0 replies      
The recent commit that sped up GNU yes has a summary of the perf measurements


madeofpalk 21 hours ago 2 replies      
Back when I worked at the Genius Bar at Apple Stores I saw a customer come in and talk to a 'Genius' about their MacBook being "slow". After a quick bit of troubleshooting, he just opened up 4 terminal windows an ran yes in all of them, and did some hand wavy explanation about diagnostics.
joosters 19 hours ago 3 replies      
the limit isn't the processor, it's how fast memory is. With DDR3-1600, it should be 11.97 GiB/s (12.8 GB/s)

I don't understand this reasoning. Why is it being limited to main memory speed? Surely the yes program, the fragments of the OS being used, and the program reading the data, all fit within the L2 cache?

mkj 22 hours ago 3 replies      
You could make "yes" faster with the tee() syscall. Keep duplicating data from the same fdin (doesn't actually copy) and it becomes entirely zero-copy.
luckydude 9 hours ago 1 reply      
I was not going to post this because hacker news has this ethic (?) of down voting anything that seen as not positive. Perhaps we should have discussion about that, I'm not sure that's a good thing but I'm not in charge here.

The top comment is:

"It's a shame they didn't finish their kernel, but at least they got yes working at 10GiB/s."

which as an OS guy, someone who has been working on Unix for 30+ years, as a guy who was friends with one the QNX kernel guys (they had perhaps the only widely used microkernel that actually delivered), that's hugely amusing and spot on. The GNU guys never really stepped up to being kernel people. Bitch at me all you want, they didn't get there. It's a funny comment, especially coming from reddit.

akerro 19 hours ago 0 replies      
Years ago I read a similar experiment about max. CPU data flow. Guy was testing how much data can his CPU pass in a second. He was writing it in C, using some Linux optimization, optimizing code for CPU caches, using some magical C vectors that are optimized for such purpose. He got some help from someone working at Google. I tried to find that post but never succeeded. Does anyone here know it?
jvolkman 21 hours ago 4 replies      
`yes` (with the backticks) is my favorite "bring the system to its knees right now" shell command.
tobik 13 hours ago 1 reply      
FreeBSD's yes has just been updated because of this.


It's about twice as fast as GNU yes now on my FreeBSD system here.

raverbashing 19 hours ago 3 replies      
And the question is, do we need yes to be so optimized?

Not complaining, I like this kind of analysis

But it seems you won't be limited, in a shell script, by the speed you can push y's

sequoia 12 hours ago 1 reply      
Let's not forget the most crossplatformest, purest `yes` of them all: https://www.npmjs.com/package/yes

 # /usr/local/bin/yes | pv > /dev/null 11.5MiB 0:00:09 [1.02MiB/s] [ <=>] # /usr/bin/yes | pv > /dev/null 1.07GiB 0:00:09 [ 142MiB/s] [ <=>]
JavaScript wins again!!

ww520 21 hours ago 2 replies      
I would just pre-allocate a static array of "y\n" of size BUFSIZ, write it out in a loop, and call it for the day, skipping the whole malloc and filling loop business.

Make the static array BUFSIZ * 1024 to trim the syscalls by a factor of 1000.

ojn 22 hours ago 1 reply      
Measurements are really noisy, but I seem to get significantly better numbers than that when I use fsplice() on a pre-generated few pages of file data instead.
likelynew 21 hours ago 3 replies      
Why is it so slow(compared to the post) in the macbook air. Native yes runs at 26 MiB/s, and GNU yes at 620 MiB/s.
Someone 21 hours ago 2 replies      
With that malloc overhead, I expect GNU yes to be slower when only a few bytes are read from it.

So, what's the distribution of #bytes read for runs of 'yes'? If we know that, is GNU 'yes' really faster than the simpler BSD versions?

Also, assuming this exercise still is somewhat worhtwhile, could startup time be decreased by creating a static buffer with a few thousand copies of "y\n"? What effect does that have on the size of the binary? I suspect it wouldn't get up much given that you can lose dynamic linking information (that may mean having to make a direct syscall, too).

sytringy05 16 hours ago 1 reply      
man, I just spent like 8 minutes today writing a python script to use up all the disk space on some servers (part of ops readiness testing) when I could have just used this trick.

`yes` will help me on the "see what happens when something uses all the CPU and memory" test case. Thanks Reddit/HN!

ars 22 hours ago 4 replies      
But doesn't this make the typical use case (just a few "yes"s needed) slower, since first it has to fill a buffer?

I would write() the buffer each time it gets enlarged, in order to improve startup speed.

Also: The reddit program has a bug if the size of the buffer is not a multiple of the input text size.

And it's increasing the buffer by incrementing one at a time, instead of copying the buffer to itself, reducing the number of loops needed (at cost of slightly more complicated math).

melicerte 17 hours ago 4 replies      
Did you notice PHP outperforms any other scripting languages? Some report that it event beats the GNU yes implementation.

After reading here so many unfair critics and pedantic dislike over PHP[1][2][3][4][5][6], I just want to say: STFU.

[1] https://news.ycombinator.com/item?id=12706136

[2] https://news.ycombinator.com/item?id=3825227

[3] https://news.ycombinator.com/item?id=3824881

[4] https://news.ycombinator.com/item?id=1823022

[5] https://news.ycombinator.com/item?id=1819517

[6] https://news.ycombinator.com/item?id=1819413

... Just to name a few.

du_bing 18 hours ago 2 replies      
I run the command `yes | pv > /dev/null` on my MacBook Pro, it's only 37m/s, is this normal? I am not familiar with the command.
peter_retief 18 hours ago 0 replies      
Well now I know what `yes` does (And pv)
Tepix 14 hours ago 1 reply      
Why is he using backticks to quote "yes" in the title?
DonHopkins 13 hours ago 0 replies      
The proprietary Oracle Solaris 11.2 yes really slowed down when they added DRM and Verified Boot support...
crb002 13 hours ago 0 replies      
yes | write <USERNAME> "Don't you hate dialup connections?"
dekhn 14 hours ago 0 replies      
clearly, we just need /dev/yes
metaphorm 13 hours ago 1 reply      
I thought this was a fascinating read but it left a serious question lingering in my mind, which is a little out-of-scope for the article, but I hope someone here can address.

Why did the GNU developers go to such lengths to optimize the yes program? It's a tiny, simple shell utility that is mostly used for allowing developers to lazily "y" there way through confirm prompts thrown out by other shell scripts.

is this a case of optimization "horniness" (for lack of a better word) taken to its most absurd extreme, or is there some use case where making the yes program very fast is actually important?

arnaudsm 14 hours ago 0 replies      
peterwwillis 10 hours ago 0 replies      
tl;dr someone who doesn't understand how i/o works gets a small insight into how memory and a cpu work and decides "Buffering is the secret" and "You can't out-optimize your hardware"

Can we have a new flag for posts by people who don't know what they're doing so I can skip them? I am serious.

fredmorcos 16 hours ago 2 replies      
fuckemem 22 hours ago 3 replies      
Reverse engineering guide for beginners: Methodology and tools 0x00sec.org
761 points by ingve  1 day ago   63 comments top 15
badosu 1 day ago 1 reply      
I highly recommend this guide on how Samba was written, describing the techniques involved on RE [0].

[0] - https://www.samba.org/ftp/tridge/misc/french_cafe.txt

strictnein 1 day ago 3 replies      
After brushing up on this, if you're looking for something "fun" to work through, the NSA's 2016 Codebreaker challenge is good, granted you have a .edu email address (only US .edu too, unfortunately).


I think they're going to be keeping the 2016 version up for a while longer. They generally start a new one in September each year.

nekitamo 1 day ago 2 replies      
An excellent introduction to Windows reverse engineering are lena151's video tutorials:https://tuts4you.com/download.php?list.17
tripzilch 16 hours ago 1 reply      
Maybe fix the title to make it clear that this is about reversing binaries? Because RE is quite a broad term, even within the field of computing and/or generally "topics of HN interest". You can reverse engineer so many other things than just executable binaries. And not just other kinds of software (web), but hardware, communication protocols, even organisations and bureaucracies, or processes in the widest sense of the word.

It's not like this article teaches much about the general "reversing mindset" (similar to the "hacker mindset", but not quite exactly the same), or the "methodology" as promised in the title. Because yes there is some very interesting overlap in skill within the broad field of RE. Ask any pentester who also picks locks.

Not to discredit the article itself, btw, which is fine given what it actually covers. Which is about Linux binaries, and in particular with the object of solving a crackme puzzle.

Maybe "Reverse engineering a crackme for beginners" would be a bit more descriptive.

atemerev 1 day ago 2 replies      
Binary Ninja is a fine piece of software, but it is more ethical to advertise this article as "nice reversing tutorial included with said software", because not-so-hidden shameless advertisement for it is worse.
aidos 1 day ago 4 replies      
I'd love to know more about disassembly. I've recently had more and more reason to go deeper into applications I'm running as dependencies. A few issues I've found and fixed just by using strace to get an idea of the system calls.

There was one thing in particular where I knew there was a jump somewhere (if some_length < some_width) that caused bad outputs. I was playing around looking at registers etc in gdb while following along with a disassembled version of the code, but it was impossible to get any idea where to start.

I wanted something that could give me a few seconds worth of samples of where the instruction register was spending its time as a starting point, but couldn't find any such tool (linux).

Within my control:

 - giving input files to explicitly set unique numbers to watch out for - giving inputs that would generate bad output numbers only in the bad code path - giving inputs to force a load of jumps down the bad or good code paths
Does anyone have any advice on how you might approach such a situation?

doktrin 1 day ago 4 replies      
orthogonal :

I honestly wish CMU would release the lectures and full class materials for 15-213 (the course most typically associated with the bomb lab mentioned here). The lectures combined with the accompanying text and labs form a masterpiece, and it's a shame the community at large can't take better advantage of it. It's like SICP for systems : that effing good.

The tests, however, are just awful. Those can safely be dumpstered.

hackermailman 1 day ago 0 replies      
The bomblab is from CS:APP student labs section if anybody is interested https://news.ycombinator.com/item?id=14522391 specifically here http://csapp.cs.cmu.edu/3e/labs.html
ngneer 1 day ago 1 reply      
Upvote if you grew up on Fravia and tKC
bor0 21 hours ago 0 replies      
In around 2001 I started reverse-engineering games on the PC before having any programming skills (later moved to programming).

I remember MadWizard's assembly tutorial[0] being very helpful at the time.

[0] http://www.madwizard.org/programming/tutorials/

sakawa 1 day ago 0 replies      
OpenSecurityTraining[1] videos are also a golden resource for beginning reverse engineers

[1] http://opensecuritytraining.info/Training.html

ngneer 1 day ago 1 reply      
Evan's debugger is nice for Olly fans
kclay 1 day ago 0 replies      
wow times have changed from using softice and ollydbg. When I used to RE for fun it was sad seeing how expensive programs could just be rigged by a simple NOP or JNZ/JMP change.

My best challenge was Brazil (3ds render engine). It had all types of checks that would only show up when rendering.. But that was no match.. Good times

tyingq 1 day ago 3 replies      
Where RE is reverse engineering, as opposed to say, regular expressions.
bwidlar 1 day ago 2 replies      
Blank page without javascript. Bye.
#c0ffee is the color surge.sh
771 points by pavel_lishin  1 day ago   120 comments top 37
vmarquet 1 day ago 1 reply      
I'm surprised no one yet has mentionned the famous stack overflow question: https://stackoverflow.com/questions/8318911/why-does-html-th....

TLDR; For legacy reasons, some words produce valid colors even if they don't respect the standard color formats. For example, "chucknorris" produces red.

lol768 1 day ago 7 replies      
Got to admit I was hoping it'd be a coffee-ish colour before I sorta parsed the colour in my head and realised it was mostly green.

With that said there are some pretty cool ones (e.g. 5afe57 = safest = a green) that do match up. Can't say I can think of many hugely practical uses for this, but it's kinda neat!

nailer 1 day ago 2 replies      
Oh neat:


is the colour of asafoetida: https://www.google.co.uk/search?q=asafoetida&source=lnms&tbm...

And #C0C0A5 is cocoa.

For fitness studio folks who are into hex (of which there are obviously billions) #F17 (bright pink) would be popular too.

atemerev 1 day ago 2 replies      
#c0fefe, you wanted to say.
thebouv 1 day ago 3 replies      
Since #BADA55 keeps coming up:


oxguy3 1 day ago 1 reply      
SAFEST is a decent green and ACIDIC is a decent red -- probably going to use these instead of #f00 and #0f0 next time I need success/failure color codes for some hastily-made web thing.
turkeywelder 1 day ago 1 reply      
It's missing Badass: #b4da55. Lovely green colour :)
mrspeaker 1 day ago 1 reply      
This is great, but I'm not a fan of the "7 looks like a T"... my brain can't make that work. I request an "Ice T" mode that does this:

 Array.from(document.querySelectorAll(".wrap > div")) .filter(n => n.getAttribute("name").includes("t")) .forEach(n => n.parentNode.removeChild(n));

madcaptenor 1 day ago 0 replies      
#B00B00 is the color of blood.
pavement 1 day ago 1 reply      
HN feature request: three character hex code support for topcolor.

Bonus points: named color support for valid CSS colors, such as dodgerblue.

forgot-my-pw 1 day ago 0 replies      
Isn't it just easier to memorize HTML color names? https://en.wikipedia.org/wiki/Web_colors#HTML_color_names
jaclaz 1 day ago 0 replies      
The idea is nice, but (as a suggestion) I would add a drop down to "strict" where you can tick whether to include 0 (zero) and 1 (one) as respectively O and I, which is what everyone would likely read as well as - maybe - 5=S while the 1 as L (as in 1337) and the 7=T are far less intuitive.To give anyone freedom of choice maybe adding a "selectively strict" button with ticks for each leet letter would be ideal (as an example I cannot read the 2 as R as it is used on http://bada55.io/ ).
adolph 1 day ago 0 replies      
The yellow fiesta is similar to the yellow tone of the dishes


Etheryte 1 day ago 1 reply      
It makes me both happy and uncomfortable that #dab and #dabbed are valid colors.
boozelclark 1 day ago 0 replies      
I wonder if they intentionally left out FAECE5? A brownish color
mxfh 1 day ago 1 reply      
I always paint my computer chassis' front panel in drab #facade.
waynecochran 1 day ago 0 replies      
You should allow for an alpha-channel then you have two more letters and can do the Java Class file magic number #CAFEBABE.
JoshTriplett 1 day ago 1 reply      

One oddity: for some reason, the site's CSS makes text selection highlights invisible. If you select text, the selection looks identical to unselected text, though copy/paste still works.

Also, the color boxes appear to be editable text areas: if you click on one, you can backspace or Ctrl-U and the text of the color vanishes, until you hover/unhover it again and the text gets reset (because of the 1337/LEET translation going on with hover/unhover).

ajacksified 1 day ago 0 replies      
Nice - I built something similar a few years ago, mostly to mess around with CSS columns (http://thejacklawson.com/csswords/). I only used a regex over the system dictionary, so it doesn't include a lot of what it probably could.
merraksh 1 day ago 1 reply      
There's "tic", "toe", but not "tac". I guess we need a "even less strict" option.
narrowtux 14 hours ago 0 replies      
I found it easier to view after I added `border: 10px solid #111;` to the `.flexer` class
oever 1 day ago 0 replies      

 aspell -d en dump master | aspell -l en expand|grep -e 

19eightyfour 1 day ago 0 replies      
This is brilliant. I am going to be using these colors exclusively from now on in all my designs.
jellyd0ts 1 day ago 0 replies      
Very cool! I found #c0ffee myself a while ago and it made me quite happy to immediately know which color the title meant.

I didn't think of the other possibilities(like #bada55), but instead opted to shorten it to 3 letter codes. The one I like most is #b00, a nice red.

piyush_soni 23 hours ago 0 replies      
Now that I know it, I'm going to be forever sad that #c0ffee color is not the same as the color of coffee :(
zem 1 day ago 0 replies      
needs a medium-strict mode with a-f, 1 as I and 0 as O only. those two digits seem a lot less of a stretch than the rest of the leet spectrum
brianzelip 1 day ago 1 reply      
Love the Roy Ayers!
vegbrasil 1 day ago 1 reply      
Maybe this could be open source? I wish to generate HEX colors using my non-english language.
Scirra_Tom 1 day ago 0 replies      
The only time purple testes are not a cause for concern perhaps
ubertaco 1 day ago 0 replies      
Seems appropriate that #D15C05 (DISCOS) is an ugly, 70s orange-brown.
asmosoinio 1 day ago 0 replies      
5AFE57 = safest is cool.
ynniv 1 day ago 1 reply      
My topbar color is #badfoo, which is a somewhat sickly green.
mikeycgto 1 day ago 0 replies      
My fav is #baebae
pklausler 1 day ago 0 replies      
#efface makes a nice background color.
_eric 1 day ago 1 reply      
> ctrl + f

> BADA55

> not found

> closes tab

kyledrake 1 day ago 1 reply      
This isn't related to the post content (which was great), but I noticed that HN lists the domain as "surge.sh", which doesn't make a lot of sense because surge.sh is just the web hosting service this site is on.

With the web, the convention right now is to treat the subdomain as a different security origin (with the exception of www). So the link should show c0ffee.surge.sh, not surge.sh.

If this is a manual setting, it probably also needs to be set for neocities.org. I noticed that wordpress.com domains were being subdomained properly.

It really shouldn't be manual, it should just always show the correct origin domain.

zyxzevn 1 day ago 1 reply      
What is your favorite color, IDIOTS?
Hackers Are Hijacking Phone Numbers and Breaking into Email, Bank Accounts forbes.com
638 points by CarolineW  2 days ago   359 comments top 67
TaylorSwift 2 days ago 5 replies      
This happened to me.

1. I believe it began with the hacker getting DOB/SSN.2. Called wireless provider, and hacker forward all calls and texts to a burn phone. Eventually, the hacker ported my wireless phone to another provider/number (not sure which), and the phone registered to my provider did not work anymore. The landline phone was also forwarding calls to another number.*3. Hacker gained access to email (as that email was also within the telco's site). At the beginning, the hacker did not reset the password. After I changed the email's password, hacker was still gaining access to our emails and he/she eventually reset the email blocking my access. (reason was all the text and calls was forwarding to his/her burn phone so he/she can reset the pass anytime)5. Requested 2FA from bank.6. Gained access to bank account.

This was over a course of 3 months. It was a nightmare to resolve and paranoia still remained. The hacker later on went opening several bank accounts. Fortunately, this was discovered early. The entire situation was communicated to the FBI, local police, and bank institutions, but I do not think anyone cared.

*I saw two numbers that were being used within my wireless account site to forward the calls.

49531 2 days ago 5 replies      
A few months ago I took 3 of my 4 kids to a birthday party at a minigolf course. I played some holes with my youngest I had taken with me, and then left the two older ones at the birthday party with the understanding that their mother would pick them up (as we had discussed earlier)

After leaving the party with my youngest, I went to the grocery store, and then on home. When I got home my wife was gone, which I expected since she was picking up the older kids from the party.

Throughout this afternoon I had not been checking my phone in an attempt to be a bit less connected on the weekends.

About half an hour later my wife comes home totally freaked out and frazzled.

Apparently after I had left, someone went into a T-Mobile store and somehow convinced the associate that my number was theirs. I had received a couple of texts from T-Mobile with a pin number where the store associate had attempted to do something, but I was not aware of them until later.

Once this person had my number, they called my bank, reset my online password, and transferred all of our money from various accounts into one of my checking accounts. The bank then put a hold on everything (thank god).

My wife happened to have been paying bills online while this was happening, and saw it all go down. Her first thought was to call me, then when I didn't answer to call the mom throwing the birthday party.

Birthday party mom told my wife I had left, so my wife assumed that myself and our 3 year old were being mugged or something. The police were involved and she spent a good amount of time freaking out trying to find me.

All in all I had a pretty good afternoon :P

For real tho, it was a freaking mess. Took weeks to get our accounts safe, and we try to avoid using phone numbers for 2fa now.

pascalxus 2 days ago 4 replies      
So, I've read the article a couple of times, It's pretty long. For those of you looking to get the most bang for your buck, I think the following advice is Golden:

1. Do NOT secure your sensitive accounts (facebook, primary email, bank accounts, twitter, etc) with your telco phone #. Telco Phone number is NOT secure!

"Create a brand new Gmail email account. Do not connect it to any of your existing email accounts. (When signing up for a new Gmail, you dont need to enter a phone number or current email, although there are fields for you to do so. Leave them blank.) Once youve created the new island-unto-itself email address, create a new Google Voice number." Use this Google Voice # to secure your primary accounts, and don't have your telco # listed in any of those accounts.

But, make sure your New Gmail account is super secure, with a security key, as mentioned in the article.

2. Check the password recovery methods for all your sensitive accounts and make sure the answers aren't duplicated from any other site. Actually, it's best to remove them, if you can.

If any security experts want to chime in, please do.

ghouse 2 days ago 0 replies      
While SMS for 2fa is _a_ problem, it's not _this_ problem. Using SMS for _account recovery_ circumvents 2fa and circumvents strong passwords.
yladiz 1 day ago 5 replies      
Can anyone recommend a US based bank (or a bank that accepts US customers) that 1) has either a 2FA token for phone e.g. with Google Authenticator, a hardware token, or some kind of other token based factor; and 2) has strong security when calling? I generally don't need a physical presence.

My current two banks don't have direct 2FA enabled. As far as I remember, the questions available to one of my banks (credit union) are simple enough that you could probably find out by doing a public info search somewhere, and the other bank (Chase) has SMS 2fa, but outside of that it's just public database questions (I know this because I had my card number stolen recently, I currently don't have access to my phone as I'm out of the country, and they asked me a few different questions from a public database, like if I had ever lived at ABC Dr., do you know this person, and what is the full name, etc.). I'd much rather be able to give the banks some kind of information that they are required to verify before they can access my account, like a verbal passphrase, but I don't think that's possible (as in, I wouldn't be able to access my account over the phone without the passphrase).

devuo 2 days ago 3 replies      
Last year when I upgraded my phone I was amused but mostly horrified by how easily one could get a SIM card for my own phone number with less than a modicum of information on me.

As I required to upgrade my Micro SIM to a Nano SIM, I went to one of my provider's shops and asked for a Nano SIM for phone number X. I was then asked to verbally confirm my name and address and that's it. No ID card confirmation, no nothing. "Here you go sir, your new SIM card will be active within a few minutes. Can I help you with anything else?". What. the.

noobermin 2 days ago 6 replies      
NIST has already been discouraging the use of SMS for 2fa[0], but that apparently won't stop the subset of incompetent IPSec consultants who still recomment SMS based 2fa.

[0] www.slate.com/blogs/future_tense/2016/07/26/nist_proposes_moving_away_from_sms_based_two_factor_authentication.html

Keverw 2 days ago 2 replies      
It's insane how much easier it is to transfer a phone number than a domain name.

I also find it odd Facebook, and other sites will let you signup solely with a phone number. There's prepaid cell phone providers that recycle phone numbers, etc. Just seems so stupid to rely on a phone number for authentication alone, but two factor I'm okay with since you still need to know the password. Twitter has a developer product where you can be texted a code to login using only a phone number, which to me just seems wrong to do.

It'd be nice if trying to port a number, change important info, etc if they had to actually call you or text you first to confirm. But one of the problems is people will lose their phones, and need a new sim or phone... That I think I'd have a requirement to actually visit the store - but that doesn't work to well with prepaid phone providers without physical stores selling via other stores like Walmart, Target, etc. Maybe in that case without nearby stores, partner with your retailers to verify ID or fax a ID in.

dheera 2 days ago 2 replies      
I wish we could kill phone numbers once and for all. It's insecure, device-dependent, carrier-dependent, country-dependent, subject to snooping and censorship, and all of these are recipes for disaster as an authentication scheme, especially in the event that a device gets stolen. Phone calls and text messages should emphatically NEVER be used to verify anything.

Conversation with one of my banks the other day:

Them: Can we please verify a code sent to your phone number?

Me: Umm, sure, although that won't verify anything. Use something else to verify that it's me.

Them: Can you please verify your phone number?

Me: Umm, I don't know what phone number I used with you? Try XXX-XXX-XXXX, XXX-XXX-XXXX, XXX-XXX-XXXX, XXX-XXX-XXXX, XXX-XXX-XXXX, XXX-XXX-XXXX, and XXX-XXX-XXXX? They all belong to me depending on where I am.

Them: Can we use XXX-XXX-XXXX? Do you have this phone with you right now so we can we send a text message with a verification code?

Me: Send your insecure SMS to any of my numbers. They all go to my e-mail inbox. [I don't need to have my "phone" with me -- my "phones" are virtual.]

flurdy 2 days ago 4 replies      
So 2FA reset via SMS is bad, which I agree but what are the alternatives to prevent a meltdown when your 2FA device dies?

I have had two phones die on me that was my 2FA device, plus OS upgrades, so I have gone through resetting 10-20 2FA accounts a few times. Though with upgrades usually I foresaw that and downgraded my 2FA before hand.

All I wish for was that resetting 2FA would be a very very slow step by step process and spammingly broadcasted to all emails, sms, postal etc associated with the account. But I know for cost cutting customer services departments that wont happen.

godzillabrennus 2 days ago 3 replies      
I owned a hosted PBX company from 2007-2011 and was amazed with how antiquated the port request system truly is.

The problem is that the phone company owns your phone number and you just get access as part of a service. Unlike a domain name where you own it.

If we change the law we'd bring more accountability.

awinter-py 2 days ago 6 replies      
Not answering security questions truthfully is tricky.

Yes, it's a problem that security questions turn hacking into a simple public records search.

BUT most terms of service have a line like 'you warrant that you've been entirely truthful with us' or something. If you give the wrong security question to your bank, they potentially have grounds to freeze your money or screw you later.

Why isn't the answer 'consumers have the power -- punish services that don't support FIDO by not using them'.

At best this article is saying 'don't connect anything to anything'.

willow9886 2 days ago 1 reply      
This recently happened to a friend of mine. It was devastating. As mentioned, U2F is very scarcely supported today.

The best way he came up with to secure services that insist on using SMS for 2FA (or credential reset) was to register the number of a pre-paid phone for those services.

Inconvenient? YES. But a pre-paid phone number can not be ported by a negligent (or willfully criminal!) operator.

fabian2k 2 days ago 8 replies      
What settings exactly do I have to change to get GMail to never unlock my account by SMS alone?

I have enabled proper 2FA on my Google account with U2F, but I haven't disabled everything else yet because I only have one token, and I still need something like TOTP for stuff that uses Google accounts, but doesn't support U2F.

As a closely related remark, I wish U2F would just get popular enough, it's pretty convenient, isn't vulnerable against the kind of attack SMS-based 2FA is, and protects against phishing. But almost nobody outside Google supports it, and OS/Application support is rather incomplete or requires additional setup.

occamrazor 2 days ago 2 replies      
Would this attack be neutralized by a mandatory waiting period of a few weeks for number porting?I recently ported my number to another operator (in a European country), I had to wait for a month and received at least two warning SMS.
exratione 2 days ago 0 replies      
Many phone companies will allow you to (a) add an annotation to your account to declare the number you are using should never be ported to another company, and (b) add a password to the account that you will have to provide to customer service representatives when making changes. This helps to minimize the chance that an attacker can use social engineering to redirect your number to a system under his or her control. If these are not options for your phone company, find a better phone company.

Even given that, since it relies upon human choice and behavior, and does nothing versus attackers with assets within the phone company, it seems a bad idea to have 2FA via SMS.

maherbeg 1 day ago 0 replies      
Someone should write a comprehensive guide on how to protect your accounts while preventing yourself from being locked out of said accounts.

Seems like some combination of the following:

* using Google Voice for all account recovery situations that require a phone number

* Calling your cell phone provider to have a note that states do not allow for number porting

* Use hardware 2fa tokens. Have two setup, one as a backup in case you lose one.

* Keep a copy of your recovery codes somewhere accessible

* Probably have a safety deposit box with your backup 2fa token and recovery codes stored.

* Primary email provider should use a hardware token and not have sms recovery

* Use unique passwords everywhere and use a password manager

ww520 1 day ago 1 reply      
5 or 6 years ago, my phone number got ported by someone else without my knowing. My phone suddenly didn't work anymore. I called into AT&T right the way to ask what's going on and they said someone has "took over billing" from my account and AT&T transferred the number over. WTF? I was adamant to get the number back since that's the number I give it out to people. They won't bungle saying it's out of their hand. Finally they said they could place the number into the free pool for re-allocation which would freeze it for 3 months before it could be used again. I was concerned it could be used as a vector against my bank accounts. It was a nightmare.
hobarrera 8 hours ago 0 replies      
If I want to change my number to a new SIM, my telco requires me to log in, and fill in a form. If I forgot my password their email it to me.

They don't have any offices open to the public, nor any hotline, and are really the cheapest alternative where I live, but it seems that their attempts to save money have resulted in them ending up with a securer infrastructure than some notorious ones from very advanced countries.

tbrock 1 day ago 3 replies      
Great. Now that we've succeeded in compiling a list of personal sad stories to one up one another, why not not discuss how we could encourage the banks / phone companies to make this situation impossible.

1) Ban SMS as a second factor for high risk targets like banks.

2) Telecom companies should require social security number or uniquely identifying information to provide account access.

3) ???

mathrawka 2 days ago 1 reply      
I highly suggest having at least 2 phone numbers, one that is your main number that you use and give out. The others are kept private and never for calls or texts, but only for 2FA.
drdaeman 2 days ago 2 replies      
2FA (including U2F and whatever else) has one big problem that this article fails to mention. And when 2FA is suggested, this really should be said explicitly.

Users aren't warned enough about the fact that everything fails, and they will have to go through 2FA deactivation/account recovery process sooner or later. They must be really reminded to DO BACK UP the recovery code(s). With "back up" as in "keep not just somewhere, but where you can actually find it, when you'll need it". (But not in your password manager)

This is true for SMS 2FA as well, but completely losing the number (as long as one's a paying customer) must be significantly less common than losing a device.

exabrial 1 day ago 0 replies      
Companies are calling it "two factor authentication", which it is not. Please, hn, don't promote sms 'authentication' at your jobs. TOTP is easy to implement and not never difficult for users to understand.
kraig911 2 days ago 1 reply      
Security while we all say is super important will never be important until people doing the customer service actually care. When my identity was stolen 20 years ago it was a nightmare involving writing letters to a postbox and getting form letters in return... doing to the police, the banks, and the utilities and being treated like an idiot because I filled out a rental application that someone used to get credit cards is a nightmare that still follows me to this day. It's as if all forms of customer service needs to go through a third party.
santzeshn 1 day ago 0 replies      
A few months back I lost my phone, so I went to my operator with passport to get new sim with my old number (in Thailand) . She said the sim isn't actually in my name but my ex-girlfriend's, and I told I remember I took the sim with her id as I didn't carry my passport with me, so I guess there's nothing I can do.

She just replied well we could change the sim to your name, didn't even check with the original owner and 5 minutes later I was on my way with new sim.

CWuestefeld 1 day ago 2 replies      
A few weeks ago I was vacationing in Big Bend National Park, which is in a remote corner of Texas. When trying to pay for our breakfast, my credit card was declined.

On the phone with them, they said the card had been flagged as being used in fraud because we were off in the middle of nowhere, away from our normal spending patterns. The ONLY way to reactivate the card is for the CC company to SMS text us with a code, which we have to read back to them. The thing is, the very reason they flagged us - that we were way off in the middle of nowhere - also meant that we had no cell phone service, and couldn't receive the SMS. And given the vast size of Big Bend (getting out of the park from the hotel is a 45 minute drive), it was questionable if I'd be able to drive to a location with cell service if I couldn't fill my gas tank first.

The hotel manager overheard me arguing on the payphone with the credit card company, and he drew me a map of some pockets of cell service within the park, so in the end I was able to get it taken care of.

One ironic part of this was that the card is in my wife's name. When they wouldn't listen to her, she gave them verbal authorization to talk to me in her stead. They were willing to believe her identity for this, but not for the re-activation of the card, which doesn't make sense.

I also asked their CSR why they flagged the card. They said that I should always notify them if I'm going away. I asked them what the criteria is for that, since this was an in-state trip (I live in Austin, and Big Bend is also in Texas). The CSR said that's odd, and he doesn't know why that would happen.

So good for them that they watch for fraud, but the failure mode for their heuristic is the most catastrophic possible. If the very reason they flag me also prevents me from fixing the problem, then it's a rather badly-designed system.

dhruvrrp 2 days ago 0 replies      
A couple of years ago i got a new phone which used mini sim instead of the micro sim that my older phone used. So i went to an AT&T store to get it and the rep asks for my name and my phone number and 5 minutes later comes back with a new sim saying it'll activate my noon the next day.

There was no authentication at all. Literally anyone could have walked in gave my name and phone no and would have gained access to my phone. I stopped using my phone for 2FA since then.

EZ-E 2 days ago 2 replies      
This kind of attacks could lead to total disasters in China where the standard is to login and register solely on a phone number using a confirmation text.

In China your phone number is pretty much as valuable as all your password combined, all services are solely linked to it.

Even though phone companies ask for id before issuing a SIM card, I'm pretty sure a tiny bribe is enough to get past most store clerks

cloudkj 2 days ago 0 replies      
Does this hack work on Google accounts? I just tried the "forgot password" feature there and as far as I can tell there's no way to actually complete a password reset with only a compromised phone number.
ziikutv 1 day ago 0 replies      
What's funny is... my Bank does not allow me to use any special characters and for the investor accounts numerical only. They do not have 2FA either.

CIBC Canada

Addendum also several of my purchases were flagged as hacked purchases by them and I had to call them three times so far this year. All purchases from same Amazon account, same IP too. So I do not think they have a good services team.

chrisper 2 days ago 2 replies      
The issue I have with 2FA without sms is that I need to also take care of recovery codes. Basically, it's like erasing all the benefits of going digital, since now I have to store (and take care of) paper copies of recovery codes.

If I use a 2FA app like the Google one and lose my phone, I need to have the codes ready. If I were to use my phone number, I kind of don't need that since I just get a new sim and a new phone. But at the same time that is not safe now.

So what is the solution here? I liked the idea of something like DUO but not enough places use it.

konceptz 1 day ago 0 replies      
Take a modified attackers point of view.

Could you convince a cell phone store rep that you are who you say you are without your drivers license?

Or, for a million bucks, could you make a cell phone store rep think you were someone else?

The answer is why SMS 2fa isn't such a great idea. Because your security checkpoint is owned by a (underpaid) store representative.

sr2 1 day ago 0 replies      
Seems pretty silly putting any form of security apparatus into a technology which could possibly have been engineered from the ground up to be SIGINT-enabled. It's as if GSM was deliberately designed by the intelligence community to be available for eavesdropping. They build the protocol with just enough good security that Johhny can't intercept his wife's calls to check for cheating, but with enough bad security that intelligence services (and sophisticated criminals) can play Mallory[0]

[0]: https://en.wikipedia.org/wiki/Alice_and_Bob#Cast_of_characte...

zkms 2 days ago 0 replies      
Years ago, when SMS 2FA first became a thing, I remember people familiar with telecom stuff pointing out SS7 vulnerabilities and porting/SIM takeover issues. People shouted them down and claimed that they were being too paranoid and exaggerating the risk, or that most people aren't attractive-enough targets for someone to dedicate so much effort for hacking their accounts (and that SMS 2FA was thus good enough for most people).
e79 2 days ago 1 reply      
You should also make sure providers like Google don't fall back to less secure account recovery methods. I blogged about this here, after I realized that I was still vulnerable even while using real 2FA:


theoracle101 1 day ago 0 replies      
"If you follow several of the steps I outline in this story (unless you go with Google Voice), youll end up with at least three email addresses: your current primary one, one just for your mobile carrier, and one that you use for other sensitive accounts such as online banking or Facebook or Dropbox."

Why not just have all sites that require SMS 2FA (there are a lot, including tele co.s) be directed to a personal google voice number? And also remove the any SMS 2FA from this google and your personal? Wouldn't that solve the issue they are suggesting? Why do you need a third account?

Osiris 1 day ago 1 reply      
For 2FA I like how Microsoft does it. You have an app on your phone. When they need to authorize you, they push to the all and it automatically pops up with approve and decline buttons. You verify the code is the same on the phone and screen and hit approve. It's an easier workflow than having to open Google authenticator, find the code, and enter it.
z29LiTp5qUC30n 1 day ago 1 reply      
I am surprised no one here mentioned mooltipasshttps://www.themooltipass.com/
seanieb 2 days ago 0 replies      
Has anyone tried suing a Telco that's given away access to their phone account?
ossguy 1 day ago 0 replies      
I've noticed a number of people using https://jmp.chat/ to get a second number for 2FA. It supports most of the short codes companies use for 2FA, but it doesn't require you have a Google account (or even an existing phone number).
SkyMarshal 1 day ago 0 replies      
Worth reposting Kraken's mobile phone security advisory:


homakov 11 hours ago 0 replies      
Or just ask them all to implement decentralized SecureLogin.
bit_logic 1 day ago 1 reply      
It seems a simple solution would be for the phone company to send a confirmation SMS or automated voice call to confirm number porting or any other major action. Is there a reason they don't do this? It seems like a good balance between convenience and security.
legohead 2 days ago 2 replies      
I read a blog where someone got hacked through a simcard clone, and they went into the details of how easy it was to do. This prompted me to enable 2fa on everything I could, but the funny thing is, a lot of the backup options for 2fa is -- you guessed it -- your cell phone number. Some of them don't even allow you not to use your cell phone as a backup. I think Github and Slack are like this, but I may be wrong, it has been a while since I turned them on.
leke 1 day ago 0 replies      
Articles like this ramp up my paranoia, especially since I got a phone call from the UK three days ago. Nobody on the other end. Hung up after saying hello three times. Never heard back since. It has me worried, especially since I just came back from my holidays (not in the UK).
mtgx 2 days ago 1 reply      
Remember this the next time you may tend to agree with governments' push for backdoors. If they get their way even Google Authenticator won't be safe, just as SMS isn't anymore for 2FA, all because the surveillance agencies preferred to keep the SS7 vulnerability and others like it so they can exploit it (outside of the "rule of law", as otherwise they wouldn't need it).
ganwar 2 days ago 0 replies      
This sort of attacks have been happening for over 5 months in crypto.

Kraken published a highly useful blog post on it. Do give it a read.http://blog.kraken.com/post/153209105847/security-advisory-m...

buyx 2 days ago 0 replies      
These attacks have been going on for at least a decade in South Africa. The fact that it's still going on, and if the coverage is to be believed, spreading globally, is a pretty shocking indictment of the industry.

I wonder what other scams are being incubated in lesser-known parts of the world, that are waiting to be unleashed.

itslennysfault 2 days ago 1 reply      
I'm SHOCKED this wasn't a thing earlier. Spoofing a phone number is insanely easy. When I was in High School we figured out how to do it and used to prank call people from other peoples numbers. Eventually, we realized that if you call someone's cell from their own number it takes you directly into the voicemail admin menu. Fun times.
leighmon 1 day ago 0 replies      
Take a look at the article by Cody Brown regarding his coinbase account being drained of ETH and BTC due to the same fundamental problem: way too easy to steal someone's phone number.
pseud0r 1 day ago 1 reply      
Where I live you need a copy of your passport to port a number, in addition the new sim can only be sent to your government registered address, I think that would be quite hard to game.

Even so, hackers can still use SS7 to hijack phone numbers.

TimMurnaghan 1 day ago 0 replies      
Too many Forbes articles. They're months behind on this story and have an aggressive anti-adblock so I'd rather not see stories from them.
addcn 2 days ago 1 reply      
Wouldn't the easiest solution be to use a landline and use the call options for 2f? Physical access to my home is root access
galfarragem 2 days ago 0 replies      
Resuming: what's the simplest solution to at least reduce risk? Is it to get a second phone number just for banking?
avenoir 2 days ago 0 replies      
What is a good way to make these attacks more difficult? Would something like Yubikey work if it had more adoption?
theprop 2 days ago 0 replies      
Wow! What's the easiest way to stop this kind of attack? Stop all two-factor authentication?
sna1l 2 days ago 1 reply      
Does anyone know if Project Fi provides any extra layers of security? I haven't seen anything
tracked24x7 1 day ago 0 replies      
"Locksmiths Are Breaking into Bank Safes"
microwavecamera 2 days ago 0 replies      
With helpful picture of a "hacker" so you can recognize one.
simooooo 2 days ago 2 replies      
This has been the vector for Twitter hacks for many years.

Get the 2nd factor

adventured 1 day ago 0 replies      
Anyone here happen to know how hard it is to steal a Twilio number as compared to a number issued by eg T-Mobile or Verizon? Is the only way to do so, by accessing the Twilio account that controls the number (whether directly or by API)?
rxdemon 2 days ago 0 replies      
Old article ?
rxdemon 2 days ago 0 replies      
isn't it old article ?
KGIII 2 days ago 0 replies      
dustinmoris 1 day ago 1 reply      
lerie 2 days ago 4 replies      
droithomme 2 days ago 4 replies      
Two factor authentication is nothing more than a massive vulnerability. We've seen people somehow change our listed contact numbers through unknown exploits, then hijack ownership of properties using the new number to prove they are us. This wouldn't be possible if not for 2nd factor authorization schemes.
Be Careful with UUID or GUID as Primary Keys tomharrisonjr.com
582 points by bkudria  4 days ago   290 comments top 54
bdarnell 4 days ago 9 replies      
One of the post's points is that UUIDs will scatter your writes across the database, and that for this reason you want a (more or less) sequential key as your primary key. This crucially depends on both your database technology and your query patterns.

In a single-node database or even a manually-sharded one, this post's advice is good (For Friendfeed, we used a variation of the "Integers Internal, UUIDs External" strategy on sharded mysql: https://backchannel.org/blog/friendfeed-schemaless-mysql).

But in a distributed database like CockroachDB (Disclosure: I'm the co-founder and CTO of Cockroach Labs) or Google Cloud Spanner, it's usually better to get the random scattering of a UUID primary key, because that spreads the workload across all the nodes in the cluster. Sometimes query patterns benefit enough from an ordered PK to overcome this advantage, but usually it's better to use randomly-distributed PKs by default.

For CockroachDB, my general recommendation for schema design would be to use UUIDs as the primary keys of tables that make up the top level of an interleaved table hierarchy, and SERIAL keys for tables that are interleaved into another. (Google's recommendations for Spanner are similar: https://cloud.google.com/spanner/docs/schema-design#choosing...)

platz 4 days ago 3 replies      
> secondary primary key

This is called a "candidate key" in existing literature. much has been written about such things.

Both UUID's and auto ID's are "surrogate keys" because they are arbitrary with respect to the data.

lastly, "natural keys" are combinations of columns that consist of the business data.

problems 4 days ago 2 replies      
> Botnets will just keep guessing until they find one.

Why does your security rely on primary key obscurity? This seems like you're doing something horribly wrong, put some authentication on that or something.

And no, no they won't. Hitting a collision is very hard if you're using cryptographic strength random UUIDs, you wouldn't even be able to bruteforce 64 bits over the internet in a reasonable timeframe.

Go ahead, try the math on that, the only reason small keys are vulnerable to local attack is because you can perform an enormous number of attempts per second, often in thousands of millions of attempts per second and they can keep at it for as long as they want. The database server won't let you query anywhere near that fast. You will never get anything like that for network based attacks as you're limited by bandwidth, latency and of course, the other side who will notice if you even try to do this for any significant period of time and likely block your attempts or limit them greatly.

Pxtl 3 days ago 2 replies      
This is why I'm starting to loathe SQL. The theory is great, but when the theory meets the practice and everything falls apart, the perfect kernel of relational beauty turns into a trash fire and I just want to get my freaking graph of objects out of the database. If I use numbers for keys, I deal with disaster when I try to merge from disparate sources. If I use guids as keys, I get terrible performance. Or I can just use a goddamned document store of Json or XML and have related objects get stored right next to their parents and tell the beautiful mathematics of relational algebra to shove it.

I'm tired of hearing "you don't have to say how to get the data, you have to tell the database what you want and it will get that in the most efficient manner" and then deal with an encyclopedia of byzantine rules to get it to do the aforementioned "efficient manner" with anything approaching decent performance. I can see the art, but the practicality mars it beyond recognition. It's like Venus de Milo sculpted out of duct-tape and bubble gum.

Sorry for the rant, I'm just getting frustrated with performance problems in small data sets. I've taken the courses, I've read Date and Darwen, and I'm just starting to get terribly disillusioned.

evadne 4 days ago 1 reply      
I recall reading something about this in the PostgreSQL mailing list, message written in 2016 but may still be relevant


There's no substance to these claims. Chasing the links around we finallyfind this article:http://www.sqlskills.com/blogs/kimberly/guids-as-primary-key...which makes the reasonable argument that random primary keys can causeperformance robbing fragmentation on clustered indexes.

But Postgres doesn't _have_ clustered indexes, so that article doesn'tapply at all. The other authors appear to have missed this importantpoint.

One could make the argument that the index itself becomming fragmentedcould cause some performance degredation, but I've yet to see anyconvincing evidence that index fragmentation produces any measurableperformance issues (my own experiments have been inconclusive).

sp332 4 days ago 2 replies      
"Things got really bad in one company where they had decided to use Latin-1 character set. When we converted to UTF-8 several of the compound-key indexes were not big enough to contain the larger strings."

This shouldn't be right. UTF-8 encoding uses the same 8 bits for each valid UUID character that Latin-1 would. Unless someone put invalid characters in the UUID field, I would guess that the new encoding was actually UTF-16 or something.

foolfoolz 4 days ago 7 replies      
sounds like the author thinks "uuids are a pain" and wants the benefits of them but with a smaller representation. but doesn't provide any reasonings why uuids are a pain other than not being able to remember them or say them out loud. these are not things anyone does with primary keys!

you'll never say this out loud : 7383929. you may be able to remember it, maybe. in a uuid you'll match the last few and first few letters just as fast in your head

uuids are fine. sorting is an issue but at scale (the entire point of this article) how often do you need to sort your entire space of objects by primary key? you'll have another column to sort on

hiding primary keys and having 2 keys seems like a great way to make all queries and debugging 2x as complicated

drawkbox 4 days ago 1 reply      
Maintaining UUIDs is much easier than maintaining id/int lookups that may be autonumbered (mssql, mysql, pg) or sequenced (oracle), even if using them internally and UUIDs externally. This especially comes into play when syncing across dev, staging and production environments and when clustering and servicing out parts of your app.

The moment any db starts to grow to these areas, UUIDs lead to far less issues than incrementing ids everytime.

Most RDBMS now have optimizations and native types (uniqueid) for UUIDs/GUIDs and this is really a moot point at this point, most UUIDs are no longer strings in DBs unless legacy from the time before native UUID types.

UUIDs are right for most projects but not all and as typical in any system, the environment and needs of your project will dictate whether it makes sense to use them.

UUIDs eliminating the round trip and negating dealing with autonumbering/sequencing is a massive benefit, the only real con of UUIDs is the extra 8 bytes but make up for it in less need to lookup during runtime when creating new or associating data with them.

MithrilTuxedo 4 days ago 0 replies      
Can confirm: using MySQL and for reasons... everything in the DB gets a primary key set by taking a random UUID, stripping the dashes, and then doing an `UNHEX(id)` in the stored procedures. Those IDs are both the primary keys and the keys used in the service's APIs.

One of our Ops guys did an experiment where they put a uniqueness constraint on the ID column and added an auto-incrementing primary key column that's never exposed to the code driving the thing. It apparently sped up our DB performance by orders of magnitude.

It also turns out that MySQL would perform faster just by leaving those values as strings instead of converting them to binary values. We've got some outside pressure to use Oracle instead of MySQL, and apparently it performs much better than MySQL with our current schema so we apparently aren't going to do anything to improve the MySQL performance or change any of this behaviour.

sudhirj 3 days ago 0 replies      
Shameless plug: Anyone bothered about the wasted space in UUID string representation (and using Ruby) can check out https://github.com/sudhirj/shortuuid - it re-encodes your UUID into any alphabet you choose, with a Base62 default (I find that to be a sweet spot that gives both URL safety and efficiency).

Let me know if you want ports in any other languages - the the algorithm is to really just treat the UUID as a hexadecimal number (that's actually what it is) and re-encode it into any other alphabet of choice.

That said, always use native UUID types in datastores - they'll convert to bytes / numbers internally and will always be the most efficient. For other situations, remember that they're just numbers, so you can write them in binary, ternary, octal, decimal, hexadecimal, vowels, baseXX or really any other alphabet you want. The bigger your alphabet (as long encoding remains efficient, like ASCII under UTF-8), the better your gains will be.

makmanalp 4 days ago 2 replies      
Yep, glad to see this posted. In the python world, this is why we have UUID.int (https://docs.python.org/3/library/uuid.html#uuid.UUID.int), though the native postgres UUID type with uuid-ossp works well too if you need them auto-generated in the DB rather than in application code.
zimbatm 3 days ago 0 replies      
Little rant on UUIDs:

Notice how the author assumes UUID v4[1] in the conversation. There are very few reasons to use the other versions but we are still paying for their price in code complexity all the time.

Look at this UUID parsing code: https://github.com/sporkmonger/uuidtools/blob/master/lib/uui...

What it really should be is `[uuid_string.gsub('-', '')].pack('H*')` (for non-rubyists: remove the dashes, decode the hex back to binary).

Their representation is also not that good since hex encoding is not very compact.

I guess what I'm trying to say is that UUIDs are often used as a default unique identifiers but they are actually not that good.

[1]: https://en.wikipedia.org/wiki/Universally_unique_identifier#...

rikkus 3 days ago 0 replies      
Lots of talk about performance, but no numbers cited. I did my own benchmarks before using sequential ("COMB") GUIDs as 'PRIMARY KEY' (yes, they're surrogate keys) and found no material performance difference. I didn't keep the results, but someone else has made their numbers public here: https://blogs.msdn.microsoft.com/sqlserverfaq/2010/05/27/gui...
dimgl 4 days ago 9 replies      
This article is so poorly written it's hard to take it serious. The entire paragraph about the size of a UUID takes reading it three or four times before you can actually understand what the author means...

In what context would a primary key change, even when sharding? In my entire career I have yet to see it. Also any sane person would never sort random values. If you need sorting in your table, provide some kind of indexed timestamp.

wvh 4 days ago 0 replies      
Postgresql has a UUID type which should store them as a 16-byte number. If you use time-based UUIDs for instance based on the unix time stamp in hex, like CouchDB then you also get sortable primary keys, which conceptually might or might not be useful to your application, but it probably speeds up indexes. I've done exactly this for two different projects, and it works well.

On top of that you get IDs that are impractical to guess, which while wouldn't replace other security measures, would still give you some collision resistance and probably avoid some bugs because of the unlikeliness of accidentally picking the same key for two different entities.

I'm sure there are pathological cases for UUIDs as primary keys in certain scenarios, like perhaps a very high number of small records, but I've not come across them myself. You obviously have to know your own data and database if you have some very specific requirements.

vkrm 3 days ago 0 replies      
Datomic [0] uses SQUUIDs [1] (Semi sequential UUIDs) to work around this:

 Many UUID generators produce data that is particularly difficult to index, which can cause performance issues creating indexes. To address this, Datomic includes a semi-sequential UUID generator, Peer.squuid. Squuids are valid UUIDs, but unlike purely random UUIDs, they include both a random component and a time component.
[0] http://www.datomic.com/

[1] http://docs.datomic.com/identity.html#sec-6

edit: formatting

caleblloyd 4 days ago 0 replies      
I work on an Entity Framework Core Implementation for MySQL and we recently added sequential GUID generation for primary keys that are of type Guid. The first 8 bytes of the GUID are the current UTC timestamp in ticks and the last 8 bytes are cryptographically random.

One interesting thing we ran into when implementing is that C#'s binary format and string format must be different to be sequential. So we have to detect whether the GUID is stored as a string or binary and put the timestamp in the correct place to ensure it is actually sequential.

Here's the PR for the feature for anyone interested: https://github.com/PomeloFoundation/Pomelo.EntityFrameworkCo...

mark242 4 days ago 2 replies      
The reason I don't like the internal-int-external-UUID strategy is that all of your queries now require an extra join. It's no longer "select microblog.* where userid = ?" now it's "select microblog.*,user.id from microblog,user where microblog.userid = user.id and user.uuid = ?".

This may be practical from a storage standpoint but string-based indexes on an SSD are pretty damned efficient.

michaelcampbell 4 days ago 2 replies      
> Aside from the 9x cost in size, strings dont sort as fast as numbers because they rely on collation rules.

Why would you sort these to begin with; what ordering of essentially randomness (part of the point) makes sense?

mirekrusin 4 days ago 1 reply      
"UUIDs do not reveal information about your data" - this is false statement; in sensitive environments you need to be aware that some UUID versions can leak MAC addresses, timestamps, hashes of your data etc. - sometimes just enough to abuse this information.
emodendroket 4 days ago 1 reply      
Why should it matter if you can guess IDs? Presumably records are locked in such a way that simply knowing a URL doesn't allow you to bypass security.
harel 4 days ago 0 replies      
PostgreSql has a dedicated UUID column type. Those are fast and the storage difference is insignificant.
ivan_gammel 4 days ago 2 replies      
The strategy "internal int-external uuid" can be simplified if you use encryption and hypermedia API. It's possible to encrypt int and some additional information and format it as uuid v4 (random). For external users that know natural keys of some objects it's possible then to discover the rest of objects by navigation via API, where UUIDs are just some pseudo-random parts of the URIs.
d0m 4 days ago 1 reply      
One huge benefit of UUID is how you can safely create them while being offline, and then sync them at a later stage without conflicts.
eranation 3 days ago 0 replies      
Excellent post, write ups like this are the reason I keep coming here.

What about the hi/lo algorithm as a middle ground?


In short, and I hope I don't oversimplify, each "shard" or "cluster" in the database gets a "block" of ids it can then go and assign on their own, the sequential "atomic" increase happens only once per hi "block", lowering the contention.

This gives you nice integers, incremental-ish most of the time.

I like the notion of integers internally and UIID (as integers of course! I would have never saved one as a varchar, I swear! ok, I was a noob... I deserve to be shamed)

Great post all in all!

mreftel 4 days ago 2 replies      
"Then add a column populated with a UUID (perhaps as a trigger on insert). Within the scope of the database itself, relationships can be managed using the real PKs and FKs."That would mean doing lookups by UUID, which is /really/ bad for performance. UUIDs are evenly distributed, so index caches are rendered nearly useless.With sequential keys, and access patterns that touch mostly new data, all you need to find the row is likely to already be in RAM, no matter how many rows you have. With UUIDs, you'd end up doing random I/O. Might not sound like that big deal to some, but we got a 3x overall throughput increase in one of our apps by switching from UUIDs to sequential ints.
stollercyrus 3 days ago 0 replies      
I found this post super helpful. For anyone doing rails development, I wrote a gem to make this really simple. I'd love feedback.


flatline 4 days ago 1 reply      
Another alternative to avoid guessing is to use randomized 64-bit integer keys. You still risk collisions over sharding/replication, but only if you truly have a lot of data. You potentially lose some index performance but it shouldn't be any worse than with guids. If you really need the full size of a guid, just use them for the key. I don't get the rest of his argument for hiding internal surrogate keys.
krisdol 4 days ago 0 replies      
In a time-series datastore, you may have to replace a set of invalid/corrupt events within an index. Having IDs that are in some way deterministic from the source data, you are able to replace the invalid documents by ID by simply re-indexing that time period with your patch applied. This is the most simple and least risky solution, with minimal downtime

If the IDs are UUID, then the easiest way to fix the values is to drop the index and re-create it, making all of the other data in the index unavailable as it's being recreated.

The less-easy way with UUIDs is to select just the broken events, create new patched events, delete the old events, and insert the new ones in the right index. But you'd have to branch off of your regular indexing logic to do this, probably writing a separate script. Of course if you make a mistake, you may end up with either duplicate documents or loss of data, compounding the original problem.

So I agree, have IDs that are deterministic (that they can be recreated using some known formula and source data, for example: documenttype_externalid_timestamp).

paragarora 4 days ago 0 replies      
This is just opinion and looks like UUID is bad for a particular case author is working on.

We have multiple components over different stacks and id could be generated anywhere in the components. We had to live with either building unique id per table separate infrastructure or UUID. UUID works perfectly and with POSTGreSQL, it's just awesome.

njharman 4 days ago 0 replies      
Using UUID for external means you've just forced all the problems with UUIDs on your users.

I'm dealing with that from several vendors atm.

dpark 4 days ago 2 replies      
> A naive use of a UUID, which might look like 70E2E8DE-500E-4630-B3CB-166131D35C21, would be to treat as a string, e.g. varchar(36)dont do that!!Oh, pshaw, you say, no one would ever do such a thing.

> Think twicein two cases of very large databases I have inherited at relatively large companies, this was exactly the implementation. Aside from the 9x cost in size, strings dont sort as fast as numbers because they rely on collation rules.

Eh, I've done that before because it made some interaction with Entity Framework easier (don't recall what now). Hasn't really mattered. The space for storing GUIDs has never been a meaningful constraint for anything I've ever worked on (9x is also nuts and assumes that your database uses 4 bytes per character). Sorting UUIDs is also generally uninteresting since they aren't meaningful by themselves. Maybe if you're doing lots of joins you might care about this.

manigandham 2 days ago 0 replies      
Use the hi/lo mechanism to generate IDs on the client. You can use a simple transaction to reliable reserve a range of numbers and then easily have incrementing numbers. Use longs and you can reserve a billion IDs per second and never run out.

This solves basically all the problems and we use it in production to number several tables with billions of events per day.

masklinn 4 days ago 1 reply      
> Another problem is fragmentationbecause UUIDs are random

UUID-4, UUID-3 and UUID-5 are random (3 and 5 are hashes).

UUID-1 is time-based with the time leading, and you can often control the sequence (14 bits) and nodeid (48 bits) fields to be used as whatever you want to avoid collisions.

tsechin 3 days ago 0 replies      
At a previous company, we got burned using UUIDs as MySQL PKs. Turns out MySQL keeps data on disk sorted in PK order, so even a moderate INSERT workload would lead to lots IO and disk thrashing as pages kept needing to be rewritten.

Fun times...

einrealist 4 days ago 0 replies      
My advice (and daily practice): If IDs are exposed, expose them as strings. If that ID is a compound key of a database, serialize it into a single string. If the ID is exposed via webservice, use URIs. In a entity provided by a webservice (e.g. a JSON-LD document via HTTP), use URLs or URNs. If possible, provide both and a translation service that translates URNs to URLs. URNs should be used for long term storage, URLs for transient use.

If I follow my advice, the type of an ID is an implementation detail of the persistence layer and/or service endpoint.

jondubois 3 days ago 1 reply      
The reason given for not exposing UUIDs publicly (migration) doesn't apply to most NoSQL databases because they let you set the ID yourself so you can just copy each document as-is. Maybe the author was referring to databases which automatically (and forcefully) generate the ID on insertion... Even in this case, isn't there a way to tweak this temporarily just for the migration?
scandox 4 days ago 0 replies      
I use the internal int and external uuid strategy mentioned at the end. It does make for somewhat confusing code for newcomers. I still don't love it.
iask 3 days ago 1 reply      
I was at a new client the other day and notice that for all their tables in SQL SERVER, they use an IDENTITY column for primary keys, obviously seeded by SQL SERVER. What I found strange is that they allow deletes of records, allowing gaps in the sequence.

Is that normal practice? Their DBA was insisting that its normal.

phamilton 3 days ago 0 replies      
I'm surprised the author calls out that knowing the pk before insertion is useful, but doesn't once mention idempotence as a key benefit.

If you are building mobile apps that sync state, UUIDs make your life so much easier. Optimistically perform writes locally, then perform writes remotely and retry on exponential backoff in case of a network error.

tehlike 4 days ago 2 replies      
When I was a developer on NHibernate, one of my favorite ID generators was something called HiLo.

Each of the clients reserve a chunk of Lo numbers, and increment the Hi number. Basically, they would pre-allocate a chunk of id ranges, and this allowed good distributed id allocation performance, while somewhat keeping local ordering.

Client generated ids are very useful to do.

JTenerife 3 days ago 0 replies      
I don't agree with many points.

1. Store uuids in a uuid field. Why starting the article with such a trivial finding that a text field is not optimal.

2. Use sequential uuids.

3. Several benchmarks have shown that the performace hit is minimal.

4. The only way to communicate with ids is to copy and paste them. Never try to memorize, talk about them or type them.

clairity 4 days ago 0 replies      
for ruby on rails, acts_as_having_string_id [0] is a nice gem for not exposing sequential int primary keys:

it's nicer than using UUIDs because the strings are much shorter.

[0]: https://github.com/hult/acts_as_having_string_id

wcummings 4 days ago 6 replies      
>The original issue with simple auto-incrementing values is that they are easily guessable as I noted above.

I don't think this is a real problem. If you're relying on your ID's being "unguessable" (and introducing engineering complexity to that end) for security you've already failed.

sfeng 4 days ago 0 replies      
Using a better encoding than hex for the GUID would fix many of the storage and memory issues he cites: http://eager.io/blog/how-long-does-an-id-need-to-be/
russdpale 3 days ago 0 replies      
This is what hash keys are great for. After getting the hash, convert to a BIGINT. Works great for me. You still get everything you do with UUID, but as a bigint so the numbers are much quicker, and its 8b.
scotty79 3 days ago 0 replies      
In my current project, in ms sql server, I have guid PK with unclustered index and clustered index on another field filled with current time stamp on insert.

What do you think about such setup?

rickmode 4 days ago 1 reply      
I've yet to see anyone mention storing UUIDs in a BINARY(16) column. Use exactly 128 bits to store 128 bits. We'd still have the random sort problem though.
org3432 4 days ago 0 replies      
He missed one of the biggest issues, in most implementations they are slow to generate due to the complexity and requiring a PRNG.
brlewis 4 days ago 0 replies      
Shouldn't the title be appended with (2015)?
kazinator 3 days ago 0 replies      
> Best of Both: Integers Internal, UUIDs External

Database coder reinvents interned atoms.

tuxt 3 days ago 0 replies      
We use unixtime + server number + random as pk.

Works fine.

(10 million new rows everyday)

arrty88 4 days ago 1 reply      
How big a deal is this on Postgres?
cynoclast 4 days ago 1 reply      
This article sort of assumes you're using a relational database.

Most of the drawbacks discussed don't exist if you're using a key value store.

$80k/month App Store Scam medium.com
696 points by amima  3 days ago   193 comments top 26
blhack 3 days ago 7 replies      
This is particularly annoying while my beta is "waiting for review" so I can have the privilege of giving it to a few beta testers.

How does apple not expect that annoying developers with their app store process (so much so that things like this exist: https://fastlane.tools/), AND charging them 30% AND apparently not actually reviewing anything about the apps making it into their store isn't going to eventually drive people away from it?

(Why yes, I am cranky over the amount of hoops I had to jump through to get to the point of asking apple for permission to put my beta on my co-founder's iPhone)

blunte 3 days ago 5 replies      
#1 - Apple has a quarter of a trillion dollars in cash. You would think they could afford intelligent, reasonable app review teams. Clearly they don't bother, based on the complaints from honest developers and evidence of pure scams like this.

#2 - Average computer/phone users are willfully ignorant. I would say stupid, but that's a judgement call (even though I think it's true). Someone with knowledge can advise them, but they cannot be bothered with all that fuss. They'd rather ignore sound advice and push buttons. After all, look at the who runs the country and the complacence of many of its people.

Have you ever had a friend who was a lawyer? Did you ever get some traffic ticket and think, "Hey, I'll ask Bob if he can help me handle this!"? I'm guilty of this once in a while. But "average users" are guilty of doing this to technical people all the fucking time. And when we advise them of behaviors to change to avoid future incidents, they nod and agree, but then repeat the stupid behavior later.

Sorry for the rant, but perhaps it's time to just start replying to scammed/screwed users with, "Oh wow, that's really unfortunate. I guess you'll have to go buy a new phone/computer." Maybe that will jar them into actually using their brains.

* Edit for wine-related typos.

notadoc 3 days ago 9 replies      
How does garbage like this get through the App Store? I thought Apple was notoriously strict on approvals?

Also, do people still use the App Store? I don't think I have casually browsed for apps in 5 years or more.

chatmasta 3 days ago 5 replies      
These App Store ads are the Wild West right now. I've seen multiple cases where I search an exact app name, and that app's competitor has the top "spot" due to buying an ad. It's like if you searched for Uber and saw an ad for Lyft above it.

How long will apple allow this? At the very least it should be impossible to bid on trademarked terms, and no ad should ever outrank an exact match result.

downandout 2 days ago 4 replies      
There has got to be more to this story. People would refute accidental purchases of $400/mo. Perhaps these guys are using tech support scams etc to drive traffic to this thing, or they're simply using stolen credit card numbers to setup Apple App Store accounts. Perhaps that's why the spelling and layout is so bad...it's possible that they don't intend anybody outside of themselves to actually use it.
kennydude 3 days ago 3 replies      
Some keywords need to return help topics instead. If you search "virus scanner", Apple should tell users their device really doesn't need one
_pmf_ 3 days ago 3 replies      
One thing of note: the spelling errors are deliberate to let only the most gullible people through to the last step (improving the odds that the person in question will not know how to report this as a scam or initiate a chargeback). The same tactics are used by ads on porn sites[0].

[0] Or so I have heard ... from a friend

htormey 3 days ago 0 replies      
wow, I'm pretty pissed off by this. One of my clients is a medical marijuana startup and we have had to jump through so many hoops to stay compliant with Apple's random app store rules. We have been rejected on several occasions and pulled from the app store.

I also had another app that was accepted into the app store then when I pushed an update release I was informed that my logo had to change because it used Apple's camera emoji. I only did this because another popular app did the same thing (down for lunch). In order to stay compliant, I had to change my logo.

I'm fine with said rules existing as in theory they are meant to protect lay customers from junk like this. How on earth did this thing make it through a review process that's so hard on some apps?

I wish Apple would apply it's rules and vetting with more consistency.

prodmerc 3 days ago 4 replies      
> Ive also never clicked on a Google Ad.

I've never done it, either. I clearly remember the only few times I clicked on AdSense ads - once by mistake, and was extremely annoyed at the results (it was a sort of list like search results), and 2-3 times to test my own AdSense ads (yeah, against ToS).

Yet AdSense is raking in billions. I've always wondered who actually clicks on the ads :D

tyingq 3 days ago 1 reply      
I was under the impression that the approval process for the app store was somewhat rigorous.

How did this app get through that?

microcolonel 3 days ago 1 reply      
You know, it's sad that people are eager to pay Apple nearly a thousand dollars for a phone, buy an iCloud subscription to go with it, and maybe buy a MacBook (Pro?); and then content that after all of that money changes hands, Apple still wants to fill 80% of your screen with an advertisement. Then, if it wasn't bad enough, they don't vet the advertised applications for basic legitimacy (meanwhile legitimate apps frequently get caught up in endless nitpicking at submission).

I get why people do it, but it's sad that they do.

kuon 3 days ago 3 replies      
This kind of things make me wonder why I am honest and poor (I mean not rich to the millions, I am not actually "poor"). I could do scams like this and be rich by the minute...
akcreek 3 days ago 3 replies      
How are chargebacks handled on the App store? I would assume a scam like this will receive a relatively enormous number of chargebacks.
tinus_hn 3 days ago 3 replies      
I don't understand why such an obvious scam works; Apple keeps the money for a while so they should be able to cancel the developer account and refund all users.
endgame 3 days ago 2 replies      
At what point do you say "no, the app store experiment has failed" and give users control of their own devices?

Never, I guess.

lordvon 2 days ago 0 replies      
I get the feeling that companies like Amazon and Apple purposefully try to hide as much as possible/tolerable the fact that you are subscribed to something (specifically, Apple apps and Amazon's Audible). I've spent tens if not hundreds of dollars towards subscriptions I didn't even know I had, and I'm afraid this might account for a shocking amount of revenue, as this article suggests. Microsoft on the other hand seems to let you know when you are going to charged again (I've experienced this with my office license subscription).
draw_down 2 days ago 0 replies      
There's no way that a huge portion of the blame for this is not Apple's. Some of the ways they run the App Store were pretty silly starting out, and now just outright ridiculous.

Little distinction between ads and search results? No filtering or approval for ads? Scammy $100/week subscriptions for nothing? Meanwhile you're not allowed to make fun of the presidents elbows or whatever. Come on.

meric 3 days ago 1 reply      
Looks like many of the keywords you can buy Ads for are underpriced. To advertise for a keyword you need to build can "relevant" to that keyword. It takes time for legitimate app developers to build apps to take advantage of those keywords. Until then, the underpricing of ads is taken advantage of by these "scammers" who build costly non-functional apps and recycle the earnings into buying ads for them.
balladeer 3 days ago 0 replies      
And I thought Apple vets the apps (and from what I heard even betas and upgrades/updates too?) before letting it go live on the App Store.

As a long time Android user (and no I wans't happy for most parts; and I wanted to taste the iOS waters both as an user and a mobile dev) who recently moved to an iPhone SE I feel really disappointed.

ge96 3 days ago 1 reply      
Haha I thought this was a how to guide initially as a "good entrepreneur" mind you good to me is subjective, or is it personal. Money is money right? I can't ask my clients to pay me so I obvs don't support that.

Nice into the rabbit hole though, should see how bad it gets with VMs.

fright 3 days ago 0 replies      
While it's frustrating if taken at face value, Sensor Tower's numbers aren't totally valid. They get the number for a few of my apps really wrong. The download stats are more or less true, but the revenue can be way off.
hellofunk 3 days ago 1 reply      
When I read stuff like this I really lose faith in the human race.
whyagaindavid 2 days ago 0 replies      
Does nobody from apple read hn? How does one recommend iPhone to NGOs, privacy activists, other vulnerable people?
LoSboccacc 3 days ago 1 reply      
yeah app store quality has dropped to google play levels to the point that one of ios last, actual, concrete advantage for non technical users is becoming moot.
kuroguro 3 days ago 0 replies      
Brilliant! Wish I would have thought of that xD
timwaagh 3 days ago 0 replies      
finally i can be rich too! too bad i am not an ios dev. these apps are made by people from 'nam. i doubt you could do this in a civilized country without getting sued into the ground though.
Inkscape Moves to GitLab inkscape.org
515 points by dabber  2 days ago   203 comments top 11
lucideer 2 days ago 12 replies      
I used to use Inkscape constantly on Windows & Linux, and really like it. I found the UI intuitive and it did absolutely everything I asked of it.

Which is why the XQuartz/&c. user experience on macOS really really surprised me. It's absolutely unusable. Inkscape for macOS basically may was well not exist as far as my experience with it goes.

Are there other comparable GTK+ apps that work well under macOS or is this a common story?

luord 2 days ago 1 reply      
Every time a project moves to GitLab or GitHub it is great news; I find them much easier to contribute to. It's specially goo news when it's gitlab, it's just an all-around awesome service.
benwilber0 2 days ago 4 replies      
> During the decision about which platform would host our git repositories, we discounted staying on Launchpad itself as its git support was very weak compared to other platforms and the project doesn't appear to be actively developed.

How in the heck did Canonical squander such an incredible opportunity to be the de facto standard for Ubuntu/FOSS code hosting by letting Launchpad stale so badly?

They freaking built it into their distribution of apt with PPA shortcuts, etc.


mintplant 2 days ago 2 replies      
I can't find a link to their GitLab instance/repositories. Where is it?
riffic 2 days ago 1 reply      
Self-hosted GitLab, or gitlab.com? Would a link in the article to the repo be too hard?
rejschaap 1 day ago 0 replies      
I am very curious how many devs will stop and how many will start contributing because of this move.
codebam 2 days ago 0 replies      
I really hope other FOSS projects take the same initiative
akerro 1 day ago 0 replies      
Now just please make use of https://hosted.weblate.org/ for translations
bburger71 1 day ago 1 reply      
rishidevkota 2 days ago 0 replies      
na85 2 days ago 14 replies      
I really want to learn to use inkscape well, but just can't grok the interface. It's a sad symptom shared by many open-source projects.

They seem to want to differentiate themselves as (e.g. "not photoshop" in gimp's case) but seem to equate that with "ignoring good ui/ux design".

Automattic is closing its San Francisco office as most employees work remotely qz.com
523 points by nkjoep  1 day ago   297 comments top 24
marcuskaz 1 day ago 3 replies      
We didn't switch to allowing remote work but started remote and always been remote. We had an office space at Pier 38 that was closed by the city in 2011[1], so had to scramble to find space. At that time we thought we would expand more in Bay Area and found a good deal that also could support other employees visiting the Bay Area. For example, in 2013 we held our whole company meetup, but have outgrown it. The main US WordCamp used to be held in SF but now as cost goes up we are moving them around last two in Philly, next in Nashville so another use of the space wasn't needed.

We found it easier to grow and expand all over the world and didn't grow as much in the Bay Area as thought. Currently only 20-30 people of our 550+ live in Bay Area

Also as far as space goes, that is just one photo of the downstairs area of the space. You can see more at https://automattic.com/lounge/ and some early shots here https://customspaces.com/photo/uklO4BLxis/

P.S. I'm the guy in the green shirt in the photo, woo hoo!

[1] https://techcrunch.com/2011/09/06/pier-38-shut-down/

alaskamiller 1 day ago 9 replies      
Had a party at the WordPress office a few years back and it's a great space. There's a lounge, kitchen, the bathrooms are nice, some room for bikes, and the rest of the space is setup to be multi-use. There's a big stage area and the corners are furnished to be pretty cozy.

Of my past work places--death star cube farms in old silicon valley to tiny rooms in sweltering Berkeley summers to shiny live/work lofts to giant sprawling disneyland like campus to noisy hipster coffee shops--that WordPress office would be up there in terms of a good place to work at.

The real story is the upward trend that if you give an inch, your employees will take a foot. If you offer telecommute, workers will not show up.

I've been freelancing and telecommuting the past five years. I've built my workstyle around chat bubbles, slack channels, video calls, and emails whether 2PM or 2AM.

I've built my lifestyle around that. As in I work around my life. Things just... get done without a direct measure of productivity anymore.

Sitting somewhere from 9 to 5 is like watching TV from the 2000's, ordering Netflix DVDs when we live in the 2010's with streaming Netflix.

And as one disappear, so does another and another. When you look around and realize no one else is there anymore it just becomes a ghost town while the virtual water cooler becomes more and more vibrant.

No ones goes to the office anymore, it's too lonely.

Androider 1 day ago 3 replies      
If you ask anyone inside IBM or Yahoo, going from remote to in-office was all about significantly reducing the headcount. The moves also coincided with reducing the number of sites, so many people would have to move far away or resign.

I think the benefits of working remotely are still poorly understood, and long-term the companies that are being built remote-first are going to have a significant engineering advantage over those that bolt remote working on after the fact.

ldp01 1 day ago 1 reply      
It sounds like the crux of the issue is connectivity is now fast, reliable, and cheap. Employees don't need to waste time commuting anymore, so they don't.

Now spare a thought for those of us sweating in the digital wasteland that is Australia.

Every so often I have to walk over to my fridge and nudge my 4G modem to improve the signal strength. I have a script running 'round the clock to reset the darn thing if the connection drops completely (this somehow it fixes it). I need the 4G connection because the copper wire to my house is so broken it can no longer support an ADSL signal.

Fibre is apparently coming in like... 2019? It is expected to run at a maximum of 25Mbps.

Needless to say, remote work is not exactly on the cards.

mrweasel 1 day ago 5 replies      
If you look at the pictures I can't say I'm surprised. It doesn't look like a nice place to work. Two long desk, concrete floor, it looks very temporary.
westoque 1 day ago 4 replies      
As a remote developer myself. I still value having an office.

I think being remote with an office setup is the best you can get. I can go in at any time I want, and still have the nice environment to work from of.

Being remote doesn't necessarily mean no offices.

nfriedly 1 day ago 1 reply      
I feel like I have the best of both worlds. I work remote, at least from my employer's prospective, but I recently leased an office in town.

I now have a quiet, private space to work, and a nice 5-6 minute bicycle commute :D

It costs a little bit (~$300/mo for the space & utilities - yay for small-town-Ohio pricing), but it's totally worth it.

syshum 1 day ago 3 replies      
>The goal is to make the companys workforce more nimble

No the goal is to reduce head count with out laying people off. Companies that go from Remote to Non-Remote do it because it is an easy way to reduce head count with out having to Lay people off, it is a methodology to force people to look for work elsewhere.

People that can not relocate or have built their life around working from home can not or will not make the transition back to working in an office easily. As such they will seek out employment that better fits their needs which is ultimately these companies goal because they want to avoid that "XX Company is laying off X,XXX people in the next quarter" headlines

Mozai 1 day ago 3 replies      
So they bought an oversized office space, provisioned it like a warehouse, in a location that is horribly expensive to live near or get to. Are they surprised employees would rather not go there?
CapnCrunchie 1 day ago 0 replies      
Working remotely has been a great experience for me. My wife and I started traveling around the US since I am fully remote and her company offered to let her work remote for a while so we could do this.

We either work out of the Airbnb we rent or a cafe. In some cities we were close to a reasonably priced co-working space and would work out of there.

The big draw for me has been the flexibility. We try as hard as possible to do asynchronous work, so some days I will take a few hour break in the middle of the day and go do something, and then work later into the evening.

sgt 1 day ago 4 replies      
I find this quite funny: "And if theyd rather work at Starbucks, Automattic will pay for their coffee"

I can understand occasionally working out of a coffee shop. But who does this all the time and remains productive? And is it really fair to the coffee shop?

spikels 1 day ago 0 replies      
Shame that such awesome space was barely being used right in the middle of SF. There is a pretty severe shortage of office space in the area. Automattic should both make a pretty good profit by subleasing at current much higher market rents and help alleviate the shortage.

Even better would be if this low density land could be incorporated into the huge 667 Folsom office/residential project planned next door. You could build 50,000+ sqft on that large lot and help both the office and housing shoartage. Unfortunately SF's planning process is so slow and uncertain it is probably too late even if the owner and tenants agreed.

tuna-piano 1 day ago 5 replies      
Humans desire to be a part of a community. For the last several decades, that community (in the US) has been in large part the workplace.

Is anything replacing the workplace as the form of community for people or is that something that is just being lost?

kyriakos 1 day ago 2 replies      
doesn't strike me like a nice office. looks like a co-working space for startups. add more people and it will look like a hackathon than a company workspace.
redm 1 day ago 0 replies      
It's gotten far easier to telecommute in recent years and that keeps the productivity much higher than it used to be. My partners and I tried remote work back in 2007, even spending 10k to video conference with Marratech [1] (Google-owned). Today it's trivial to have good fast communication while working remotely.

[1] http://www.marratech.com/

raimue 1 day ago 0 replies      
The article claims they had 5 people visiting the office regularly. That does not sound much compared to 550 employees. However, according to their map [1], there are only about 10 employees in SF itself, a few more in the surroundings.

Maintaining a 15,000 square feet office in that area for the amount of employees seems oversized in any case.

[1] https://automattic.com/map/

daemonk 1 day ago 0 replies      
I've just started working remotely. I think one of the major benefit for me is actually that we mostly communicate via e-mail/messaging services.

Of course there are plenty of situations where talking face to face is more informative, but I often find that to be rare.

Communicating via text has the added benefit of documentation and allows you to think about what you are actually writing. I find describing what I plan to do with a client via text helps me organize my thinking.

I work in data analysis though. So maybe this doesn't apply to other fields.

TokenDiversity 1 day ago 2 replies      
I'm sick of working in open spaces. If you cannot give me a cubicle, let me work at home.

There are countless researches clearly saying that open spaces are bad for productivity yet for some reason they always win. And it's easy to see why, you only have to throw buzzwords like collaboration, team-work, open ... and done.

KIFulgore 1 day ago 0 replies      
Judging just from the photo, I'd work from home too if my workspace was a warehouse with a bunch of picnic tables.
pyb 1 day ago 0 replies      
Funny how fast the 'remote' tide has turned in the last year or two. These days, most prospective employers/contracts I find would prefer me to work remotely. Although personally, I'd rather work onsite ! This is for London and the South East of England.
aresant 1 day ago 0 replies      
What does a remote team do to enterprise value assuming a long term acquisition?
cygned 1 day ago 0 replies      
I am wondering how a globally distributed team is set up from a law perspective.How can I employ someone from another company? Create a subsidiary in their country?
winteriscoming 1 day ago 0 replies      
Looking at that picture, it looks like some kind of backroom place in some store where employees gather to have lunch.
carroccio 1 day ago 6 replies      
What type of work can one do without double monitors and a mechanical keyboard?
Apples Guidelines Now Allow Executable Code in Educational Apps and Dev Tools macstories.net
403 points by tempodox  1 day ago   248 comments top 25
interpol_p 1 day ago 3 replies      
I've just submitted an update to Codea[1] that allows for the importing of user projects[2]

It has been "In Review" for a suspiciously long time now. So I think it might be testing the application of these updated policies.

I have often submitted updates to App Review which include the ability to download and install executable code (along with review notes detailing my reasoning) with the knowledge that they would be rejected. I have also appealed Apple's rejections in order to effect a change in policy for the App Store. At some point during phone calls with the reviewers they told me they were "advocating for policy change internally on my behalf" even if they couldn't approve my app right now. I'm so glad policy has changed now.

[1] https://codea.io

[2] https://twitter.com/twolivesleft/status/873692454947442688

paultopia 1 day ago 7 replies      
Honestly, I try to write code on iOS all the time, and it's not really the absence of tools that can execute that code that really stands in the way. Instead, it's:

- The absence of a really good typing story. The 12.9 iPad Pro with smart keyboard is nice for typing text but terrible for moving the cursor around. It's agonizingly slow to do it with keyboard (highlighting is worse, for some reason) and inaccurate to do it with finger/fiddly to do it with Pencil.

The only text editor with vim keybindings (an absolute must in an environment where it's hard to move the cursor normally...) of which I'm aware is Buffer, while the only text editor with both good syntax highlighting and good github integration (via Working Copy) is Textastic. Honestly, I really wish one of those two would just buy the other so that I could have both.

- The absence of a really good ssh story. Prompt is nice, but for some reason, whenever I try to SSH into anything, there's so much latency that it is really painful to actually do anything. Maybe I just have slow network connections? But anyway, so much for just coding on a linode or something in vim.

JesseWright 1 day ago 0 replies      
I actually appreciate that Apple stipulated "apps must make the source code... editable by the user". I personally think this helps with the educational spin to this currently, as it assures users are able to see source code but also tinker with it and learn. This is something I wish I would have had when I was in school - there were some editors at the time, but none of them could run any at that time to my knowledge.

I think this could really help a lot of students for what it is, and I hope it does well in that regard.

nolok 1 day ago 6 replies      
Let me give a courtesy remainder that it is "... until Apple change their mind".

Whatever the provider, I really hate those walled gardens where what you can deliver or not is at the whims of a company whose interest is not always aligned with yours. I understand being on them is necessary due to how large their market are, but this is really not where I hoped we would be fifteen years ago.

I guess I'm merely venting, and daydreaming about what could have been, "if only"...

ferdterguson 1 day ago 4 replies      
I feel like we are inching closer to being able to write code on iOS. Swift storyboards on the iPad kind of opened the door and I hope we can keep chipping away at this.

The day I can run and write Python natively on iOS is the day I buy an iPad Pro. Right now there are some good ssh clients and I can write code from a terminal, but pros of the device are not worth that tradeoff right now IMO.

mark_l_watson 1 day ago 0 replies      
One of my favorite apps is Raskell, basically Haskell 98 ported to iOS. It uses Dropbox for storage so it is possible to move small Haskell applications in and out of iOS. Pythonista is also very cool.

I like the safety of the iOS walled garden but I also see real value in complex IDEs like IntelliJ running on iPad Pros.

barrkel 1 day ago 1 reply      
Technically any program which loads a file is executing loaded code - the file is interpreted as a set of instructions about what data structures to create. This is more explicit for things like vector formats, and reaches its logical conclusion with things like postscript files.
sudhirj 1 day ago 3 replies      
Anyone know how Swift Playgrounds work? Do they interpret the Swift code or compile it against a set of mock APIs?
jacquesm 1 day ago 8 replies      
What I find absolutely incredible is that this is accepted at all. You really have to wonder how we went from a computer with a bunch of slots and open schematics to one that is so closed you need permission from the manufacturer to run whatever code you desire.

The degree of paternalism is astounding.

klinquist 1 day ago 0 replies      
Dear VSCode team... now is the time for VSCode for the iPad!
Jyaif 1 day ago 1 reply      
Ah, but now we need to be able to spawn processes (at least one extra), otherwise we app developers can't secure the user's data in our own app...
sigjuice 1 day ago 2 replies      
Apple should just do a Darwin/macOS ARM VM on the iPad so developers can have ARM Homebrew and other Unix tools they are used to.
brians 1 day ago 0 replies      
One step closer to Emacs on iPad.
d08ble 1 day ago 0 replies      
Amazing! I've been waiting for this.

Animation CPU Studio will be published soon.


Aaron1011 1 day ago 0 replies      
> Apples Guidelines Now Allow Executable Code in Educational Apps and Dev Tools

This title is somewhat confusing - it makes it sound as though educational apps and dev tools somehow weren't allowed to execute code before, which doesn't make any sense.

eecc 1 day ago 0 replies      
noblethrasher 1 day ago 0 replies      
Funny coincidence: I just downloaded Scratch Jr. for my nephew this past weekend, only to be disappointed that we couldn't view the other projects from within the app, nor could he share his.

I hope that we can now expect to get this feature, soon.

jonknee 1 day ago 1 reply      
Silly question, but how does WeChat get around this? Does custom code for Official Accounts just work on Tencent's server and basically work in a WebView?
83457 1 day ago 0 replies      
yay, pico-8 should be allowed now
fgandiya 1 day ago 2 replies      
I hope this mean I can easily load scripts onto Pythonista. It's a real pain right now.
adm2life 14 hours ago 0 replies      
Good step in right way !
jlebrech 1 day ago 1 reply      
so something like xcode on ipad is now possible, as they won't build it themselves.
laughingman2 1 day ago 1 reply      
The irony of people defending apple because its "safe" and doesn't let you "shoot yourself in the foot" in a forumn named Hacker news.

What is happening to hacker culture? I think as influx of new programmers increase, awareness on the culture's ethos of freedom, liberty, anti-authoritarianism, anti corporatism has to be increased.

Or we will have people loving to be jailed by their benevolent overlords in "apple/google/facebook/etc"

pmarreck 1 day ago 1 reply      
Did they ever consider that any number of web browsers can already execute javascript?
dalacv 1 day ago 0 replies      
Just an FYI, I use a cheap Android device with a Bluetooth keyboard and mouse and use Termux which is a Linux emulator with support for many packages including vim, python, jupyter, task warrior and much more
NumPy receives first ever funding, thanks to Moore Foundation numfocus.org
414 points by happy-go-lucky  9 hours ago   60 comments top 15
chollida1 8 hours ago 5 replies      
Wow, I'm surprised that this is the first funding they've ever got.

It wouldn't be a big stretch to say that 90% of quantitative hedge funds use Numpy in some fashion, whether its directly, or via a library that sits on top of it like pandas or tensorflow.

I can't think of a more ubiquitous library in the financial space, maybe QuicFix (http://www.quickfixengine.org/)...

Maybe numpy's problem is visibility?

Possibly it does its job so well that people don't know they are using it when they use library libraries like scikit learn and Pandas?

csaid81 7 hours ago 9 replies      
It's great that the Moore Foundation provided funding for open source data science tools in Python. Good for them!

That being said, I do wonder if numpy is the most appropriate recipient. In my experience with data science, the tool that would benefit the most is not numpy, but pandas. While data scientists rarely use numpy directly, every data scientist I know who uses pandas says they are constantly having to google how to do things due to a somewhat confusing and inconsistent API. I use pandas at work every day and I'm always looking stuff up, particularly when it comes to confusing multi-indexes. In contrast, I rarely use R's dplyr at work, but the API is so natural that I hardly ever need to look things up. I would love if pandas could make a full-throated commitment to a more dplyr-like API.

Nothing against pandas -- I know the devs are selflessly working very hard hard. It's just that it seems there is more bang for the buck there.

carreau 7 hours ago 0 replies      
Just to note that if you know of anyone who is interested in working on NumPy and potentially to move to UC Berkeley then tell them they probably should contact Nathaniel if NumPy got funding they'll likely hire developers/community manager/technical writer ... etc . UC BIDS is a fantastic place to work at, and Nathaniel is an extraordinary person to work with. I'm going to assume there is also some opportunity for remote work.
rectangletangle 8 hours ago 0 replies      
Really surprised there wasn't already funding for this.

Numpy is an amazing library, and it's basically Python's "killer app." The fact that you can seamlessly blend numerical/data science computing with more general web applications is what makes Python great.

visarga 33 minutes ago 0 replies      
Are they going to make Numpy work on GPU? There is a library called Cupy (from Chainer) that does that but not quite well enough. In fact on my attempt to swap Numpy with Cupy, my program ran slower.


gigatexal 3 hours ago 1 reply      
Imagine if .1% of wall street profits from shops that use numpy were donated to the project. Or some similar scheme for the other OSS projects used for profit by large firms.
ykler 8 hours ago 3 replies      
I wonder what they plan to use it for. Numpy kind of seems finished already.
thearn4 8 hours ago 1 reply      
I could have sworn that Continuum had gov't funding for numpy development, but maybe that was just for Blaze?
metalliqaz 9 hours ago 0 replies      
They've come a long way without funding. Good for them. Mathworks taking notice, I'm sure.
theprop 6 hours ago 0 replies      
Congratulations!! Nice work...looking for lots more math libraries :-D!
digitsman 7 hours ago 0 replies      
Does anyone have a link to the text of the proposal?
santaclaus 8 hours ago 0 replies      
Wasn't Google funding the lead dev on NumPy for a while?
ahmedfromtunis 8 hours ago 1 reply      
I really wish I could help!
gregjw 5 hours ago 0 replies      
About time.
in9 8 hours ago 4 replies      
$645020 is good for what? 4 jr developers or 3 slightly experienced developers, working full time on numpy for 2 years?
Pirate Joes, Maverick Distributor of Trader Joes Products, Shuts Down nytimes.com
372 points by artsandsci  4 days ago   264 comments top 36
captainmuon 4 days ago 15 replies      
I don't understand with what right trader Joe's can prohibit somebody from reselling their products. If he clearly states where he bought them from, and that he is not affiliated, and doesn't misuse their trademarks (impersonate them), it should be absolutely legal.

A side remark, people often say how great the US / north America is for entrepreneurs, compared to (continental) Europe where there is a lot of red tape and regulations. But in my opinion, if I were to do this in Germany there is no way ALDI (whom trader Joe's belongs to iirc) could sue me out of business. Not even with the old frivolous "we are wrong but you can't afford the defense" trick. There is just so much legal uncertainty in NA that it would give me nightmares doing business there.

lsiebert 4 days ago 2 replies      
I am not a lawyer, so I don't know that I am qualified to comment on the legal issues.

I can say that this does make me upset at Trader Joe's, and I will be considering where else I can spend my money.

They could have worked with this guy, eventually set up a Trader Joe's in Canada, and then offered to let this guy run it. That would have been better for their brand, in my view.

I care about what companies do. Costco hires employees and treats them well. It pays above average, and it hires and keeps on people with disabilities and injuries, even if they can't do everything someone else can do. It makes me feel good to shop there. And it's employees are loyal, hard working, happy and friendly, and they have less pilferage then other stores.

This idea that a company has a duty to be a dick is silly. Companies should care about their brand, and about being a good corporate citizen.

chx 4 days ago 5 replies      
Let's review one of the court documents because it has a very important detail. https://cdn.ca9.uscourts.gov/datastore/opinions/2016/08/26/1...

> Defendant Michael Norman Hallatt purchased TraderJoes-branded goods in Washington State, transported themto Canada, and resold them there in a store he designed tomimic a Trader Joes store. Trader Joes sued under theLanham Act and Washington law.

Repeated later:

> It is uncontestedthat Defendant Michael Norman Hallatt purchases TraderJoes-branded goods in Washington state, transports them toCanada, and resells them there in a store he designed tomimic a Trader Joes store.

Emphasis mine and it's a big deal. Trader Joe's would have had a hell of a time bringing a suit if it would be called Hallat's Little Shack and would look like any random grocery store.

Noos 4 days ago 1 reply      
Problem is it sounds like he was trying to rely on association to the Trader Joe's brand to make money, kind of a shadow franchise. That opens up the problem of brand dilution, and even the most ethical companies have to be ruthless about that, or they can lose their own brand and all the benefits they worked to build with it.

He should have realized the need, and done things like match their product mix with his own brands, work on making the store's own feel, and dampened direct association to Trader Joe's. He didn't and it bit him in the ass. No sympathy here.

thefalcon 4 days ago 2 replies      
There's protecting your brand, and then there's whatever the heck it is Trader Joe's did here, which seems senseless and malevolent.
rfdub 4 days ago 2 replies      
Trader Joes doesn't have a goddamn peg-leg to stand on in this dispute. If Trader Joes had made any indication whatsoever they were seeking to satisfy the clearly substantial demand for their products in Vancouver I might better be able to see their side of the story, but they have done absolutely nothing to expand into what would be ludicrously lucrative market. I know multiple people who have sent bloody hand-written letters to Trader Joes begging them to open a store in Vancouver and yet they would rather spend hundreds of thousands of dollars fighting a local small-business owner than satisfy the demand themselves. Regardless of the legality of this situation Trader Joes has not won the moral high ground.
settsu 4 days ago 0 replies      
While this was arguably a legally heavy-handed act on Trader Joe's part, it also seems like Mr. Hallatt became increasingly bold and antagonistic as his revenue increased.

I mean, he did change his store name to Pirate Joes (from the far more ambiguous Transilvania Trading) and his actions seem to betray less charitable motivations than his words would lead you to believe ("This is not a business I should be doing from a personal profitability standpoint - https://www.theguardian.com/world/2014/nov/21/pirate-joes-tr...)

That said, seems like Trader Joe's missed an opportunity for a win-win partnership with someone who had already developed rudimentary logistics to meet a demonstrated demand. But then it doesn't surprise me based on my 30+ years shopping at Trader Joe's: I would never describe them as innovative, instead I'd say they are very focused on what they've been doing well for decades.

SeeDave 4 days ago 2 replies      
Pardon my ignorance, but... why would Trader Joe's have a problem with their products being resold in Canada if they don't have a presence there? Does their parent company have a competing brand that sales are being cannibalized from?

From my perspective: every product sold in Canada was purchased in the U.S. so... if anything, this Pirate Joe fellow has provided additional sales for Trader Joes and proved that there is demand for Trader Joe's products in Canada at an incredible 40% markup!

If they're not interested in servicing Canada, would it not be to Trader Joe's advantage to enter a formal franchising or wholesaling agreement with Pirate Joe?

There must be more to this story in terms of Trader Joes objectives as opposed to Pirate Joe's methods or the legal proceedings.

tryitnow 4 days ago 2 replies      
As much as I like to side with the little guy, I think it's pretty fair for an establishment to restrict whom they sell to (as long as it's not based on a protected class like race, gender, orientation, etc). Despite being banned from the store this guy still sought out ways to shop there, so I can't defend him too enthusiastically.

Then again it kind of annoys me that TJ's just didn't open a damn store in Canada. And if they don't want to do that then why not just look the other way while someone else took on the risk of importing their products into another country?

heynk 4 days ago 3 replies      
I live in Bellingham, WA, which has (I think) the closes TJ's to Vancouver. The parking lot is already about 50% British Columbia plates, and maybe now it'll be even more. I certainly welcome more friendly neighbors shopping in town, but it's a bummer they have to shut down.
mazameli 4 days ago 1 reply      
kefka 4 days ago 4 replies      
Gotta love capitalism, eh? Just like votes, more money = more protection.

This certainly wasn't a trademark issue. Trader vs Pirate. There was no question this store wasn't run by Trader Joes/Aldi North. They were buying in bulk to stock a store where they couldn't normally get the goods. Reselling should be 100% A-OK. Any trademarks go along with the products. And as far as I would guess, the grocer certainly wasn't tampering with anything - if (s)he was, they'd go out of business quick.

This is just normal SLAPP-style punitive legal actions that a large monied corporation can do to stop the little guy from doing legal behaviors that they don't like.

bbarn 4 days ago 0 replies      
Trader Joe's is a masterclass example in branding.

The only reason anyone's surprised or outrage is that the store feels like a small, homey, good natured place full of organic this and that that's lower priced than you'd expect. That might have been true, 40 years ago. For a store that had the same name, but was a different entity entirely.

Trader Joe's now is just a giant marketing and packaging front for 70 billion dollar a year Aldi, a multinational chain. It's a corporation. None of this behavior surprises me at all.

joncp 4 days ago 2 replies      
I'm not clear on how US courts were allowed to hear a case about events in Canada. Is that a thing?
echlebek 4 days ago 0 replies      
That's really too bad. Pirate Joe's fit nicely into our cultural tradition of thumbing our noses at the Americans.
hallalex831 4 days ago 1 reply      
I'm surprised Trader Joe's hasn't gone to Amazon yet to have all of these listings removed yet... https://www.amazon.com/s/ref=nb_sb_noss_2?url=search-alias%3...
sailfast 4 days ago 0 replies      
Assuming that taking care of customs duties and other food quality issues legally would not be that expensive, all I'm seeing is missed revenue.

If the person wants to order 10,000 palettes of cookies at retail price, why wouldn't you sell the cookies to the person? He's not stealing from the back of the store, he's paying full price. I'm very confused why Trader Joe's would not have created a direct connection with the guy.

This reminds me of major services cutting off API access because they thought they could do it better in-house. Just HIRE the person doing your own service better in a different way.

chaostheory 4 days ago 9 replies      
Is Trader Joe's that much better than anything else Canada has to offer?
Simulacra 4 days ago 0 replies      
This story has always baffled me and I've never really understood where Trader Joe's comes from on this. It seems like business opportunity exists, but they're either really full of themselves, or have some other tacit reason for avoiding the Canadian market. I just don't get it, and I don't like how Trader Joe's has behaved here. Right or wrong, as a consumer, I disagree, and I'm putting this down as another reason to never go to a Trader Joe's again.
pthreads 4 days ago 0 replies      
"At one point, Mr. Hallatt dropped the P from his store sign so it read Irate Joes a signal of his determination to fight the grocery chain."


nfriedly 4 days ago 0 replies      
That's too bad. I loved it when they took the "P" out of their sine after Trader Joe's sued them! ("Irate Joe's")
debacle 4 days ago 0 replies      
Makes sense. If it was called Pirate Pete's I would understand. The same thing happened with South Butt, which was a weaker case in my opinion.
halfnibble 3 days ago 1 reply      
Trader Joe's doesn't want customers who spend a ton of money buying in bulk at full retail price. Furthermore, they clearly have no intention of expanding into a large market that desperately wants them. What kind of business is this?
rdl 3 days ago 0 replies      
I generally load up a few Amazon Fresh disposable coolers with TJ products as gifts for friends in Vancouver whenever I drive up -- Kerrygold butter is really hard to get in Canada, and has much better omega 3 ratio than grain fed butter.
dawnerd 4 days ago 0 replies      
So if Trader Joes is so concerned why don't they just open up shop in Canada? I've heard the podcast about it and original articles way back and it's amazing they're shutting out a market that seems to be very welcoming.

Maybe they see Target Canada failure and are scared away by that?

stevewillows 4 days ago 0 replies      
It's sad to see Pirate Joes go away. I don't know anyone who shopped there on a regular basis, but I do think TJ would do well in that neighborhood.

The main draw to Trader Joe's is that its part of the journey across the line. This week I'll be doing this same old routine -- pick up some packages at the mail place ($2 per package), hit up a few grocery stores for different hot sauces and staples (including condensed milk in a squeeze tube), have lunch in Bellingham, go for a walk around Fairhaven, then return home.

Trader Joe's is part of that journey, much like Target (who had a massive, depressing attempt to break into Canada). Strip away that special-trip aspect, and all you really have is another grocery store with a few exceptional items.

CodeWriter23 4 days ago 0 replies      
Well, that's one way to deal with a guy who has spent the money proving the market for your product line. I think a better move would have been to take a page from Dave Thomas' (Wendy's) play book and open a Trader Joe's down the street.
valuearb 3 days ago 0 replies      
He spent so much time and effort creating and running the store and fighting this. I mean, paying $20/hour for people to shop Trader Joes to get him goods at retail? That's so incredibly inefficient.

Why didn't he just create his own store with his own brand and mimic the Trader Joes products and aesthetic? He could buy goods in bulk at much lower prices. He doesn't have to worry (much) about legal issues or spend money on them.

Clearly demand was so high he could still get away with charging very high prices.

20150327ASG 4 days ago 0 replies      
I have just lost my appetite for Trader Joe's products.
beatpanda 4 days ago 1 reply      
>>For one trip, he hired a couple who he said did not look like conventional Trader Joes shoppers. They had dreadlocks, tattoos and piercings. They looked like they just walked off the set of a Burning Man documentary, he said.

I'm sorry? Trader Joes, in at least 4 locations I've seen in California, does special signs and displays the week before Burning Man to market to Burners. Where is this writer from?

grizzles 4 days ago 1 reply      
If I lived in Vancouver I would have an irresistible urge to start a Swashbuckler Joe's right now. If only for the mischief of it.
ryanSrich 4 days ago 0 replies      
Does anyone else feel like he didn't raise the money because he didn't use a sensible crowd funding site like GoFundMe?
miiiiiike 4 days ago 0 replies      
The StartUp Podcast tagged along with him a few years ago: https://gimletmedia.com/episode/pirate-needs-pirate-season-3...
Shorel 4 days ago 0 replies      
He could have started to make his own products in this time, and slowly replacing the Trader Joe's ones with his own.

Right now he would simply stop buying the other products while having his own brand.

jliptzin 3 days ago 0 replies      
Lawsuit aside, what was this guy thinking. What an awful business model.
massung 4 days ago 2 replies      
I'm looking at this as though Trader Joe's was a different company... say Disney. Disney goes to great lengths to work out how its products are used, packaged and distributed to not only maximize profits, but also to maintain a certain image.

If I go to DisneyWorld, purchase a Mickey Mouse doll, an take it home. I have the right to do with that doll whatever I want: burn it, give it to my daughter, or resell it at whatever price I see fit.

However, I don't believe I have to right to go - as an agent of another (presumed competitor), purchase that same doll, and then resell it in my own store. I have no resell agreement with Disney to do so. In a typical reseller arrangement, wouldn't a store (e.g. Target) have an agreement with Disney to purchase bulk product for resell, presumably at a reduced price, but also under strict guidelines as to how it could do so? For example: cannot be sold above a certain price, cannot be sold next to adult content, etc.

On a side note: I have to believe that (while not a TJ problem or related to the lawsuit) there were other issues with what Pirate Joe's was doing related to imports, possible tariffs not being adhered to, etc.


Lessons Ive Learned from Three Million App Downloads jordansmith.io
457 points by jordansmithnz  1 day ago   109 comments top 20
firasd 1 day ago 8 replies      
Love this bit: Sometimes youre stuck on a problem, and there just dont seem to be any great solutions: maybe its related to a piece of code youre writing, or decisions around how youre going to market your app. Then, you start thinking about the problem from a wider perspective. You realize that you wont need to even write the tricky piece of code if you architect it the right way, and that the marketing decision is one your friend (who has a knack for that sort of problem) would know how to tackle. You could sum it up as taking a step back from the problem.

Taking a literal step away tends to help. I've often realized new approaches or epiphanies when mulling a problem while walking or in the subway.

srinathrajaram 14 hours ago 1 reply      
"What Ive learned (aside from sucking it up, and sending a kind, helpful response) is: design your product as if it was going to be used by people that are a software literacy step below the target user."

Completely with you on the 'sucking up and sending a kind helpful response'. Snark does not pay. It makes no sense to snap at a user.

Regarding the other point about first-time users. I have a slightly related theory.

When you design something, design it for someone who has the attention span of a two-year-old. Not because your app is going to be used by a two-year-old. But because that is how much mental bandwidth a user is going to give you. Your user is probably busy or just likes to multi-task.

Working that much harder on the UI pays off, or at least prevents a disaster.

sidlls 1 day ago 3 replies      
"So, dont be stingy: a product with no paying users is (usually) better than a paid product with no users. Its much easier to upsell to an existing customer than it is to find an entirely new paying customer."

This is generally true, but it seems a bit like applying an Enterprise view of sales to a market of minnow sized budgets. It reinforces app consumers' view that apps should only charge for marginal value, not core value or the biggest value. This sort of "freemium" model leads to basically a market of pure crap with extremely rare gems.

Edit: I'm not dumping on the author, here. Were I to "do mobile" I'd probably take a similar approach because it clearly works.

jansho 16 hours ago 1 reply      
It's particularly encouraging to read the many hours of work and back-stepping he's done, to get the quality really, really high. Startups are often associated with speed, but less so on flexibility, even if lean philosophy purports it. Ship fast. Get the bare-bones MVP done. Aim for viral growth. This is probably why we have millions of apps, but only a few dozens last and actually taken up by the mass. Different types of products mean different processes after all, give or take amount of resources.

In this app's case, it's about re-imagining an existing function - timetables. The designer knows that user experience is everything, and because of this he's willing to scrap everything if need to. And even when this happens, it isn't exactly waste as you understand the problem deeper and come to the design of an even better solution.

Sure you can argue that an MVP can bring about those design iterations. Keeps your focus on the users too. But arguably the market for this type of product is very active - though not necessarily competitive. So rather than get buried with the hundred others, it needs to shine right from the beginning.

ensiferum 19 hours ago 0 replies      
Regarding just trying again and again... "Winners never quit,quitters never win but those who never win and never quit are idiots".

I'm reality most of us don't really have more than a few shots except in those rare cases of the most trivial apps.

scarface74 1 day ago 5 replies      
What's sad is because of App Store economics. He can never depend on his paying customers to ever pay for an upgrade. He will always have to chase new customers.
sriram_iyengar 1 day ago 0 replies      
Very impressive Jordan. Pls do consider releasing TimeTable in India - an Android version if possible. Millions of parents of primary kids (more than the students) will be happy.
ramshanker 1 day ago 1 reply      
TLDR: App design is equally important as coding. Design everything around first time user and simplicity.
djsumdog 23 hours ago 1 reply      
A lot of apps are like this. I know dev who were like "They made that all that money off Angry Birds." Didn't Rovio have a bunch of terrible ideas that failed and Angry Birds was one of their last ditch projects?
lettersdigits 20 hours ago 0 replies      
"Instead, my moderate success story is closer to one of hard work, and slow, steady progress"
jaclaz 9 hours ago 0 replies      
>Sure, three million downloads is a lot, but thats happened over more than six years.

It still remains "a lot", US$ 500,000 per year, not exactly peanuts IMHO.

EDIT:Ah, no wait, I misread the article, he got a handful of downlads when the app was US$1, the 3 million downloads are since it was made free/freeware.

FollowSteph3 11 hours ago 1 reply      
It's sad that people aren't willing to pay $1 for an app but are willing to purchase in app features. I feel mobile software is moving in this direction and that it will only get worse with time. The sad part is it makes software more complex and hence more expensive overall, and you probably end up spending more over the lifetime of the product...
minademian 19 hours ago 0 replies      
really great article. It's a breath of fresh air in the sea of churnalism suffering from Mediumitis - "I did this in 3 hours and now I have self-worth".
abraae 1 day ago 1 reply      
I'd be intrigued to know what caused those spikes in your download volumes.
guard0g 1 day ago 0 replies      
Some profound product management wisdom there, Jordan. Wish enterprises understood it as well as you've laid out. Thanks for the post and here's to your continued mojo.
6stringmerc 12 hours ago 0 replies      
Personal essay strikes again in business context - I like it very much and glad to see it here. Looks like a useful read and educational.
therealmarv 23 hours ago 1 reply      
Does somebody know which blog engine and theme was used here?
michaelevensen 19 hours ago 0 replies      
Thanks for sharing Jordan!
tarr11 1 day ago 1 reply      
Would love to see revenue data!
syngrog66 20 hours ago 4 replies      

unless -- based on personal experience -- if it's treated as suspicious by the local police/neighbors, even if its a skinny, geeky-looking, white male who goes out walking alone late at night.

if I had a nickel for every time I've been harassed by police or local do-gooders, I'd have a lot of those nickels. and I'm not even of the demographic that PC-ness says should be oppressed. (ostensibly: black+male, or male+gay, or non-white, or female, or mean-faced, or weapon-carrying, etc. in reality: straight white male, innocent, no weapons, not in a gang, no drugs, etc.) "why are you walking alone at this time? why are you looking at things? implied: are you a terrorist? a pedophile? explain immediately!"

We do not (always) live in an intellectual-friendly culture. At least not in the USA, 2017. We (might, often) live in a small-minded, hyper-stereotyped, very ignorant local culture. Obviously it depends on precisely where you live. SF on Friday at 8pm? very different than Kansas, small town, Wednesday, etc.

not even joking. (And I submit this knowing it's not a HN-hivemind/PC-aligned viewpoint, and thus will be downvoted. I do not care anymore.)

Windows93 SP2 windows93.net
501 points by ivank  2 days ago   118 comments top 52
ninjakeyboard 2 days ago 5 replies      
I've been staring at the half life 3 loading screen for the last 6 hours. I don't think it's going to start.
vxxzy 2 days ago 4 replies      
Just a suggestion... Open up the calculator and do 0/0.
laumars 1 day ago 0 replies      
The part that impressed me the most is you can drag and drop files from your own desktop onto this. It even opens those files in it's own editors when you double click the icon.
vocatus_gate 2 days ago 1 reply      
This site is my favorite page to put full-screen on coworkers' computers when they forget to lock their screens.
graeham 1 day ago 1 reply      
I was going to protest the full Lena image without a NSFW warning, but hadn't realised the full story of its history[1]...

The site in general is a beautiful work of art, a great blend of attention to detail with comedy of computing in that era.

[1]https://en.wikipedia.org/wiki/Lenna - tl;dr is this iconic test picture for computer imaging was a cropped Playboy centerfold from 1972. I've just finished a PhD which included a fair bit of image processing, but I was unaware of the story behind this iconic image.

marxdeveloper 2 days ago 0 replies      
Woah shameless plug, my game is "Windows93 SP2" compatible it seems - right click on desktop - Create shortcut.Command: iframe https://data.mo.ee/index2.html?inapp=steam&node-webkit=1 --width=1280 --height=720

Title: RPG MO

(Don't leave a space before iframe in the command)

krrrh 2 days ago 2 replies      
This is a work of art. The ProgressQuest game loading screen is one of the funniest things I've seen in a while. Like all well-told jokes, it's in the timing.
shimon_e 2 days ago 1 reply      
Back button goes back to previous app. If this can get the back button to work correctly why can't Google AMP?
ahacker15 2 days ago 3 replies      
Awesome that this even work well on mobile browsers!

Is this open source? So we could see how it was made?

flavio81 2 days ago 0 replies      
Finally, an operating system for my Android phone that will let me do useful stuff, like playing Wolfenstallman 3D!!
abluecloud 1 day ago 0 replies      

fair enough.

tambourine_man 2 days ago 3 replies      
"Safari is the new Internet Explorer"

Accidental "works best in browser X" 90s reference right there.

I find Safari superior to every other browser on any platform in every possible metric except for dev tools, which took a nose dive when they ditched the open source WebKit one for this calamity.

TeMPOraL 2 days ago 0 replies      
Took a cursory look for now; few things I love:

- Half Life 3

- Defrag <3.

- Running Windows93 inside Windows93 inside Windows93 inside Windows93...

A work of art, indeed. Kudos!

elipsey 2 days ago 4 replies      
bug report: i broke it by making a folder on the desktop, opening the folder, and putting the folder in itself.

now it's crashed and won't reload.

is there a work around for my workflow?

strin 2 days ago 1 reply      
At first, I thought this is a VNC connecting to a Win93 in a virtual machine.

Then I realized everything is written with web technology.

runnr_az 2 days ago 0 replies      
That's clearly a labor of love. Nice job!
koyote 2 days ago 2 replies      
This is awesome!

It's also quite buggy (chrome/linux) which adds to the whole Windows 9x feeling. Not sure if intentional but well done anyhow!

std_throwaway 2 days ago 1 reply      
You can actually win the game in the solitaire clone; the minesweeper clone not so much.
Paul_S 2 days ago 0 replies      
Inspired. Microsoft should learn from this and include the "Reinstall" button in the start menu of windows 11.
chrisb 2 days ago 1 reply      
Making Arena93 full-screen (within Windows93) hard-crashed my Mac!(MacOS 10.12.4, using Chrome 58)
josteink 1 day ago 0 replies      
This site has a uncanny attention to detail: The C-drive inside "Virtual PC" differs from the C-drive in the "host OS"!

Given that kind of zealotry, it irks me that you can launch an infinite amount of nested "Virtual PCs". Obviously it makes for some fun screenshots and is technically impressive in itself, but Windows early on never allowed you to run Virtual PC inside Virtual PC. So this is clearly wrong!

In short, not considering OCD, where do I file the bug-report? :)

akira2501 2 days ago 0 replies      
I saw that RSS icon and my first instinct was to check and see if Java needed an update.
sengork 2 days ago 0 replies      
There is one thing missing for a complete experience: https://en.wikipedia.org/wiki/BonziBuddy
TheWoodsy 2 days ago 1 reply      
Take a look at A:\system32.dll

I wonder how many hours I could waste looking for more Easter eggs ;]

gallerdude 2 days ago 0 replies      
Best ratio of Comedy:Operating System that I could have ever imagined.
akoster 1 day ago 1 reply      
Just curious, is anyone else hearing popping sounds when they click on various things? Unsure if its intentional, and if so, trying to emulate an old hard disk seeking or speakers popping from interference.

Otherwise, kudos to the devs for creating this amazing work of art!

laurent123456 1 day ago 0 replies      
Pity the Run dialog doesn't work, I wanted to try "c:\nul\nul" [0]

[0] http://windowsitpro.com/security/device-names-crash-win9598

jancsika 2 days ago 0 replies      
Where is the project hosted?

I'd like to throw some event handlers on "Puke Data" to allow changes to the dsp graph.

mabynogy 2 days ago 2 replies      
Take a look at GAFA3D (near Defrag icon). There is an interesting level called "Operation Stallman" ;-)
emidln 2 days ago 0 replies      
Just need an IRC gateway for trollbox
chenster 2 days ago 0 replies      
This is the OS of the future!
mataug 1 day ago 0 replies      
Virtual PC inceptionhttp://imgur.com/XRWSiHe
partycoder 2 days ago 1 reply      
I am impressed they went to the extents of making Wolfenstein 3D levels.
Anarch157a 1 day ago 0 replies      
I loved the "Troll mode" in Mine Sweeper :-D

Serious hard work went into this site.

huxflux 1 day ago 0 replies      
I can't get my HL3 to work, anyone has a fix? I took three days of from work, and now this.
vocatus_gate 2 days ago 0 replies      
You can actually right-click on the files in the "file explorer" and download them to your desktop IRL.
Filligree 1 day ago 0 replies      
This allowed me to make a folder named CON. Literally unplayable.
edward_rolf 1 day ago 0 replies      
I came here to use my fav browser, IE 3. You could add bookmarks and it supported CSS I believe.


sajithdilshan 1 day ago 0 replies      
If only Windows 9X had these kind of slick animations...
xg15 1 day ago 0 replies      
Can I type Google into Google somewhere?
Jemm 1 day ago 0 replies      
I really miss Defrag. It is zen to watch.
tcbawo 2 days ago 0 replies      
ByteBeat plays a familiar tune, it's pretty catchy.
pavement 1 day ago 0 replies      
Is there a code repo for this?
yellowapple 1 day ago 0 replies      
So apparently Symantec Endpoint Protection thinks that the Virtual PC app is some kind of "Fake App Attack", and thus cuts off network communication for 600 seconds.


devniel 2 days ago 0 replies      
bananamp playlist please, I googled it without success.
sbarre 2 days ago 1 reply      
Half-Life 3 confirmed!
seoseokho 2 days ago 0 replies      
In castle gafa, what does the amazon computer do?
edgarvm 2 days ago 0 replies      
Solitude does not accept drag and drop on android
eof 1 day ago 0 replies      
>~/desktop ls



Arena 93.lnk42


>~/desktop dir

dir is not defined


andrius4669 2 days ago 1 reply      
Would webasm port make this actually real?
devuo 2 days ago 0 replies      
Brilliant! Kudos to the authors
nnfy 2 days ago 0 replies      
This was (intentionally?) painful on my Nexus 5. Interesting nonetheless. I suppose it wouldn't be windows93 without some degree of discomfort.
Intel fires warning shots at Microsoft, says x86 emulation is a patent minefield arstechnica.com
327 points by Analemma_  3 days ago   228 comments top 33
rayiner 3 days ago 3 replies      
This marks a distinct shift for Intel. Historically, Intel's IP approach has focused on trade secrets, because they had a huge advantage in manufacturing and implementation techniques that are not easily reverse-engineered. Patent-protecting x86 didn't make much sense during the long period where nobody could make a general-purpose CPU as fast as Intel running native code, much less while emulating x86. As Moore's law has run its course, Intel's lead on that front has been shrinking. Apple's A10 is shockingly close to matching Kaby Lake on performance within a similar power envelope. And Ryzen is within spitting distance of Broadwell at the high end. All on non-Intel foundry processes. That was unimaginable 10 years ago.
amorphid 3 days ago 2 replies      
Attorneys on both sides must be excited on some level about the potential number of billable hours it'd take to litigate a case like this. Reminds me of a something an entrepreneurship professor told me...

If there's one lawyer in town, they drive a Chevrolet. If there are two lawyers in town, they both drive Cadillacs.

Deinos 3 days ago 2 replies      
The article mentions Cyrix as a "victim" of Intel patent defense; however, Cyrix not only won their lawsuits, but they also went after Intel for patent violations in the Pentium Pro and Pentium II processors.



amalcon 3 days ago 5 replies      
Years ago, I spoke with an attorney with a CS background. He had once worked on a case like this. Sharp guy. He didn't tell me the parties involved, and I didn't ask, though I assume he wouldn't speak openly about it while it was ongoing. I therefore don't know how it turned out. It was many years ago, so I might be remembering wrong. I'm not a lawyer, this is not legal advice (neither mine nor his).

Basically, there are two approaches the plaintiff might take here. The simplest is to cite the doctrine of equivalents[1]. This is basically the notion that if you do the same thing in the same way for the same purpose, then it's the same process, even though you are using digital instructions instead of logic gates. The legal theory here is pretty well settled. The problem is that you'd need to justify that digital instructions are obviously equivalent to logic gates, and a skilled professional would have equated them at the time of the patent's filing.

The other approach is to argue that an emulator actually is a processor, and therefore fits the literal claims of the patent. The explanation for this is pretty well-established: it's literally the Church-Turing Thesis[2]. However, the viability of this argument depends on the language of the patent claims. Also, it's hard enough to explain the C-T Thesis to CS students. My undergrad had an entire 1-credit-equivalent course that basically just covered this and the decidability problem. Explaining it to a judge, who (while likely highly intelligent) probably has no CS background, over the course of litigation is likely to be really hard.

Now, Intel certainly has enough resources to do both of these things (and they may also have precedent to cite, that didn't exist back then or that wasn't relevant to that case). Don't take this as an opinion on any possible result, it's just information such as I remember it.

[1]- https://en.wikipedia.org/wiki/Doctrine_of_equivalents[2]- https://en.wikipedia.org/wiki/Church%E2%80%93Turing_thesis

natch 3 days ago 3 replies      
Patents expire after 17 years and x86 is 39 years old, so any of the original patents must have expired twice over already.

They no doubt have been filing additional patents over the years. But I'm sure MS and Qualcomm have plenty of their own patents to bargain with.

Also their warning could backfire if it gives Microsoft one more reason to finally walk away from x86 compatibility... not that this is likely to happen anytime soon.

wfunction 3 days ago 1 reply      
Can someone explain this:

> AMD made SSE2 a mandatory part of its 64-bit AMD64 extension, which means that virtually every chip that's been sold over the last decade or more will include SSE2 support. [...] That's a problem, because the SSE family is also new enoughthe various SSE extensions were introduced between 1999 and 2007that any patents covering it will still be in force.

AMD64 requires SSE2 which was introduced in 2001, right? So isn't it just 1 year until Microsoft can put in what's required for the AMD64 architecture?

faragon 3 days ago 0 replies      
Intel will not threat Microsoft, not even indirectly, in my opinion. Rationale: once Apple starts shipping desktops and laptops with ARM chips, the only safe port for the expensive x86 chips would be Microsoft (desktop and server market) and big iron on Linux/Unix/Hypervisors.
AstralStorm 3 days ago 2 replies      
So they will ban all virtual machines which sometimes have to go for emulation, e.g. to handle XSAVE?

Scorched earth policy will likely not be defensible under fair use law. Reverse engineering for compatibility has a few precedents.

tyingq 3 days ago 1 reply      
An earlier discussion here had most people guessing it was Apple, not Microsoft, that Intel was lobbing the threat at.https://news.ycombinator.com/item?id=14518189
nerpderp83 3 days ago 4 replies      
Well, since x86 is a monopoly ... Intel oughta go easy on this one.
ikeboy 3 days ago 1 reply      
> And Intel's business health continues to have a strong dependence on Microsoft's business, which has to make the chip firm a little wary of taking the software company (or its customers) to court.

I mean, Apple and Samsung had a billion dollar lawsuit while Samsung chips were still in iPhones. It's certainly precedented to sue a corporation you're actively doing business with.

pmarreck 3 days ago 0 replies      
I would personally be pleased if the millstone of the x86 instruction set sank both Intel AND microsoft's hegemony.
payne92 2 days ago 0 replies      
It will be interesting to see how this strategy fares in the US, given the Alice ruling which made it much harder to patent methods that were purely software.

Intel's strategy of going after other hardware companies may not translate neatly to emulators.

clouddrover 3 days ago 0 replies      
For anyone interested, here's a Microsoft Channel 9 video in which they talk about some of the x86 emulation layer internals:


orionblastar 3 days ago 1 reply      
I remember IBM having a contract with Intel to allow other chip companies to make x86 chips in case Intel could not keep up with demand.

QEMU emulates X86 chips as does other emulators. I wonder how those are effected?

jonstokes 3 days ago 3 replies      
Alright, I'll come out of retirement to hit this dead horse another lick.

"if WinARM can run Wintel software but still offer lower prices, better battery life, lower weight, or similar, Intel's dominance of the laptop space is no longer assured."

Peter. My man. I laughed. I cried.

For the millionth time, the ARM ISA does not magically confer any sort of performance or efficiency advantage, at least not that matters in the billion+ transistor SoC regime. (I will include some relevant links to ancient articles of mine about magical ARM performance elves later.) ARM processors are more power efficient because they do less work per unit time. Once they're as performant as x86, they'll be operating in roughly the same power envelope. (Spare the Geekbench scores... I can't even. I have ancient published rants about that, too).

Anyway, given that all of this is the case, it is preposterous to imagine that an ARM processor that's running emulated(!!!) x86 code will be at anything but a serious performance/watt disadvantage over a comparable x86 part.

This brings me to another point: Transmeta didn't die because of patents. Transmeta died because "let's run x86 in emulation" is not a long-term business plan, for anybody. It sucks. I have ancient published rants on this topic, too, but the nutshell is that when you run code in emulation, you have to take up a bunch of cache space and bus bandwidth with the translated code, and those two things are extremely important for performance. You just can't be translating code and then stashing it in valuable close-to-the-decoder memory and/or shuffling it around the memory hierarchy without taking a major hit.

So to recap, x86 emulation on ARM is not a threat to Intel's performance/watt proposition -- not even a little teensy bit in any universe where the present laws of physics apply. To think otherwise is to believe untrue and magical things about ISAs.

HOWEVER, x86-on-ARM via emulation could still be a threat to Intel in a world where, despite its disadvantages, it's still Good Enough to be worth doing for systems integrators who would love to stop propping up Intel's fat fat fat margins and jump over to the much cheaper (i.e. non-monopoly) ARM world. Microsoft, Apple, and pretty much anybody who's sick of paying Intel's markup on CPUs (by which I mean, they'd rather charge the same price and pocket that money themselves) would like to be able to say sayonara to x86.

The ARM smart device world looks mighty good, because there are a bunch of places where you can buy ARM parts, and prices (and ARM vendor margins) are low. It's paradise compared to x86 land, from a unit cost perspective.

Finally, I'll end on a political note. It has been an eternity since there was a real anti-trust action taken against a major industry. Look at the amount of consolidation across various industries that has gone totally uncontested in the past 20 years. In our present political environment, an anti-trust action over x86 lock-in just isn't a realistic possibility, no matter how egregious the situation gets.

So Intel is very much in a position to fight as dirty as they need to in order to prevent systems integrators from moving to ARM and using emulation as a bridge. I read this blog post of theirs in that light -- they're putting everyone on notice that the old days of antitrust fears are long gone (for airlines, pharma, telecom... everybody, really), so they're going to move to protect their business accordingly.

Edit: forgot the links. In previous comments on exactly this issue I've included multiple, but here's a good one and I'll leave it at that: https://arstechnica.com/business/2011/02/nvidia-30-and-the-r...

dboreham 3 days ago 1 reply      
Logically this implies that I can't execute some i386 binary that I possess without infringing Intel patents.

I think this theory of infringement has to run into various thought-experiment problems such as : can I auto-translate that binary into some other instruction set, then execute the translated binary, without infringing Intel patents? (yes, surely) Is the translator now infringing Intel patents because it has to understand their ISA? (no, surely).

Now, can I incorporate that translator into my OS such that it can now execute i386 binaries by translating them to my new instruction set which I can execute either directly or by emulation? If so then I am now not infringing. Or did infringement suddenly manifest because I combined two non-infringing things (translator + emulator for my own translated ISA)?

make3 3 days ago 3 replies      
How did I not already know Microsoft had a working x86 emulator.. this is a massive game changer for the laptop space if it's fast and reliable enough, as afaik ARM chips are so much more power efficient for similar perf
sliken 2 days ago 1 reply      
Keep in mind the most relevant instruction set is the X86-64 instruction set (32 bit code is not very relevant these days). The x86-64 ISA was created by AMD, not Intel. Intel was busy trying to milk the enterprise market with the Itanium, trying to reserve 64 bit as an enterprise feature.
narrator 3 days ago 0 replies      
Another component of Microsoft getting off Intel is that the antitrust settlement only applied to x86 hardware, so MS getting off x86 would let them lock down the platform and do all their dirty tricks all over again.
someSven 3 days ago 3 replies      
May someone please elaborate on the difference between what MS does and emulators on Linux like Quemu and ExaGear?
kev009 3 days ago 1 reply      
IBM sold an x86 translation for a while https://en.wikipedia.org/wiki/PowerVM_Lx86. Would be interesting to know why it was discontinued.
mtgx 3 days ago 1 reply      
So Intel is so scared of little ol' ARM (compare their revenues) that it's willing to use patents to take it out of the PC market, rather than compete on technical grounds?

Okay, got it. I'll make sure to account for that in my next CPU/device purchase.

mental_ 3 days ago 3 replies      
If AMD can implement x86 in hardware, why can't Microsoft implement it in software?
chris_wot 3 days ago 1 reply      
Windows still has a HAL, makes me wonder why Microsoft don't just cut a new HAL for the ARM.

It's quite possible I'm missing something vital here, of course.

julian_1 3 days ago 0 replies      
Anyone know if it is an emulator, or an on-demand isa translator that operates at runtime? I wonder what the implications are for infringement.
asveikau 3 days ago 0 replies      
Another reason Microsoft should be telling ISVs to recompile for Win32 on ARM instead of binary emulation.
zekevermillion 3 days ago 1 reply      
I'll just sit hear eating my popcorn and waiting for a lowRISC computer I can buy.
ksec 3 days ago 0 replies      
Everything Intel have said and put forth are Hardware companies. I can't believe anyone can be sued for software emulation of x86.

And unless Qualcomm and Microsoft are working on a Hardware assisteed X86 emulation, this warning shot may be directed at somebody else.

My guess: Apple.

nickpsecurity 3 days ago 0 replies      
I was just watning about fhis on anothet thread. It's not competition if it requires compatibility with patdnt-protected ISA or microarchitectures. It's coercion.
dis-sys 3 days ago 1 reply      
best outcome I can think of:

AMD licenses x86 patents to Qualcomm/MS to make x86 emulator better patent troll proof. In return, Qualcomm and AMD team up for better ARM server based processors. MS can sell more Windows/Windows Sever (sad).

syshum 3 days ago 0 replies      
Microsoft should Partner with AMD to pressure the big desktop and laptop OEM's to stop using Intel CPU;s

I would love to see Dell, Lenovo and HP to switch exclusivly to Ryzen processors,

And switch to the new Naples CPU in all their Server/Storage systems

Pistol sights yarchive.net
360 points by luu  23 hours ago   299 comments top 20
seibelj 14 hours ago 15 replies      
Anyone who is diehard anti-gun for personal use, I recommend taking a pistol class from a reputable organization, and keep an open mind. No one is telling you to get a license or buy a gun, just go take a class. They will teach you all about safety, how to shoot, gun cleaning and maintenance, and all of the basic skills needed to properly own a gun. Then if you are still diehard anti-gun, great! But if you have no experience, then taking a day to learn more might help you understand how the other side thinks.
electrograv 22 hours ago 6 replies      
If you're interested in the science behind this, you may be even more interested in learning how peephole style rear iron sights almost eliminate the dual sight alignment problem of goal-post style rear sights (as commonly found on pistols).

The rear peep sight on rifles take advantage of actual "optical effects", without any glass -- much like a pinhole camera can actually magnify images without any lenses or mirrors at all.

By simply providing an arbitrarily small "aperature" you're looking through in the rear, the front-rear sight alignment problem is not only capped at an upper bound of error (defined by the peephole size and sight radius), but the actual error from front-rear sight misalignment is visually magnified and centered through a fixed viewing point, making it vastly easier to keep the actual error near zero.

So generally, to achieve precision within the (small) upper bound of error with a peephole sight, all you need to do is place the front sight post on the target when looking through the rear peep sight. Even better precision is made much easier via a sort of "peephole camera" effect through the aperature of the rear sight.

chrissnell 21 hours ago 6 replies      
Going target shooting is incredibly relaxing and a great break from the workday. The focus required to sight in a target and control one's breathing, arm, and finger movement is a very powerful relaxant to me and melts stress away.

I work from home and I live in the burbs so pistol or rifle shooting is not possible. However, I've gotten really hooked on shooting (of all things) my Red Ryder BB gun. It doesn't make a loud noise, it costs almost nothing to shoot, and it's surprisingly accurate for how inexpensive it is. These little BB guns have iron sights like the article discusses.

My favorite thing to shoot is little plastic bottles--particularly the ones that over-the-counter medication comes in. They're durable and make a nice popping noise when you hit them. I put them on little stakes in the back yard at about 10-15 yards and shoot at them from my deck. As I got better, I made up little games, like shooting them in a sequence and trying to get 100% accuracy. I find it easy to get back to writing code after doing this for five or ten minutes.

binarytransform 20 hours ago 6 replies      
Former JSOC dude here. Circumstances requiring engaging with pistols == bad day for everyone, so only a few things matter. Front sight focus (which implies maintaining equidistance from the rear sight posts), both eyes open, fast presentation, parallel grip, smooth trigger pull, reacquire, repeat as necessary. And optical sights = more things that can break / run out of batteries / fall off and make noise / etc etc.
danielvf 15 hours ago 0 replies      
I lucked into learning to shoot with a small weekly local group that included a future many time US National Champion, and another person who was in the top five nationwide.

Competitive pistol shooters actually use several different sight picture styles.

In the speed styles of competitive shooting, the goal is to hit targets as fast as possible, so you want to make each shot in the "worst" way that will give you about a 95% chance of a hit. So for a close, low risk target, a shooter may look only at the target and ignore the sights, for a tiniest fraction more speed.

For most targets, the looking at the front sight is correct. Shooters tend to lock their upper body into one shape, then pivot it from target to target while shooting a string. This locks the rear sight in just the right place behind the front one. When the front sight is put on target, the rear sight is automatically in the right place. It's true that the target does become blurred a little when you do this.

Then for really far targets, you do have to bring your focus back a little farther, and see and care about both sights.

The sight picture is not the only thing that changes from target to target. You usually budget the amount of time spent for each shot.

Surprisingly, many pros know where their round will hit before it reaches the target. The time penalty for missing a shot is so high that it's almost always better to take a second shot in case of a miss. However, it takes a while for a pistol shot to reach the target, and for your eyes to see where it landed (plus you'd have to change your focus to look for it, then back again to your sights). To get around that, with practice, you can know in the moment you pull the trigger where the round went, and follow it up in about a twentieth of a second with another round.

In most competitive pistol matches, the sequence of targets to be shot on a given stage is not rigidly defined. There are often plenty of constraints (this group must be shot before these) or timing related constraints in some sports (shooting this target will cause a pair of targets to pop up in 1.2 seconds). Given this, there's a surprising amount of planning that goes into discovering the optimum run. The details of each shot are then worked out and mentally rehearsed.

leroy_masochist 14 hours ago 1 reply      
It's also important to note for broader context that pistols, despite the number of people who take pistol accuracy seriously, are not really designed for precision marksmanship.

For the use cases that really matter, you won't be taking well-aimed shots, you'll be trying to get rounds out of the weapon in the general direction of the threat as quickly as possible, in order to buy yourself some time and/or space.

The front sight rule is not just the best aiming mechanism for the reasons of geometry described in the article, it's also the quickest way to acquire a basic sight picture under stressful conditions.

bawana 10 hours ago 1 reply      
Gun safety should be taught in school. Just like driver's ed. Why do we give no attention to these weapons which are real, commonly available and impossible to eliminate from our world? Showing teenagers 3 months of ballistic videos of various projectiles going through gelatin will give them a better appreciation for reality, rather than relying on games like call of duty to 'mis-educate' them. What can possibly be learned by an 18 year old in a single hour safety course prior to getting an FID ?

And knowing when a gun is being handled safely will prevent many of the accidents that occur when the naive start handling a gun like they've seen done on television and film.

c517402 20 hours ago 1 reply      
Instead of using convolution to produce the imagery, I think it should be produced using fractional Fourier transforms. IIRC fractional Fourier transforms are mathematically equivalent to Fraunhofer and Fresnel diffraction integrals. Although, the convolutions look good.
exabrial 11 hours ago 0 replies      
I prefer shooting iron sights under 150yds, but I use peep sites, which don't suffer as many problems.

Fascinating analysis!

xtreme 21 hours ago 1 reply      
I wonder if this is related to [Hyperfocal Distance](https://en.wikipedia.org/wiki/Hyperfocal_distance), a concept familiar to many photographers. Roughly, if you focus on the background (infinity), the foreground would be blurry; and vice-versa. If you focus about ~1/3rd into the scene, you'd have everything in reasonably sharp focus.

Unlike camera lenses, our eyes can't easily focus on an arbitrary distance without an object being present there. Perhaps the front sight is working as an approximation of the hyperfocal distance.

euroclydon 18 hours ago 1 reply      
I have this little drill I do, with a iron sighted handgun or rifle. I give myself no more than 2 seconds to bring the weapon up, acquire the target a shoot. I can pay attention to the rear sights, but then I never hit anything. In this drill, I've found that maintaining a consistent body position, and only paying attention to the front sight yields the best results. I just put the front sight on the target and pull the trigger. Distance about 10-15 yards. Target is soda can.
OliverJones 12 hours ago 1 reply      
Interesting that the author didn't mention ambient light levels explicitly.

A constricted pupil (from daylight) has a much greater depth of field than a dilated one (from darkness). So everything will appear sharper in the light of day.

Do at least some practice in low light conditions.

tahabi 8 hours ago 0 replies      
What are the rates of gun ownership among hackers? Conversations with old alumni from school indicate that back in the day, a lot of them were firearms enthusiasts, but it seems that trend died out near the turn of the century. I know MIT still has a rifle and pistol range, however.
ajmarsh 14 hours ago 2 replies      
There are improvements to be had in pistol sites that don't involve battery powered gimmicks. The trapezoid sights on Steyr M pistols for example. I rented one from my local range and it works well for new shooters.
csours 13 hours ago 1 reply      
> "But optical sights small and robust enough to be mounted on a pistol slide are a recent development, and are costly; very few handguns have one mounted."

This is still true, but pistol red dot sights are becoming more prevalent.

RUG3Y 22 hours ago 1 reply      
Near the end of the article, he mentions that some people say that it's more difficult to aim a weapon that has a shorter sight radius. Actually, I think it's more accurate to say that having your sights out of alignment with shorter sight radius will have a more dramatic effect on your accuracy.
cynicalbastard 22 hours ago 2 replies      
> I was told once by a proficient pistol shooter that he ignored where the front sight was on the target, and paid attention only to the alignment of the two sights relative to each other. Since he did in fact hit the target,

is the "two sights" here the rear sight which has two posts, or the two sites as in front sight + rear sight?

several pages of reading and then .. an ambiguously worded conclusion.

plazmatic 13 hours ago 2 replies      
Isn't this supposed to be a HACKERS NEWS blog? What in the hell does some article about pistol sights have to do with this?

I literally only made an account to post about how absurd and out of place this article is. If I wanted some second amendment lovers blog (and I don't), I'd simply find one.

Strike one, "hacker news". Strike one.

plazmatic 13 hours ago 0 replies      

Thank god for the HIDE option, you second amendment freaks are everywhere. Back under the bridge you go, losers.


baby 18 hours ago 3 replies      
Kind of off-topic. But I had a thought the other day: without the US we wouldn't have action movies like James Bond or FPS and other shooters video games. It's interesting to see that guns are rare in other countries' movies/discussions. Maybe FPS would all be like Nintendo's octopus thing.
Exploring LSTMs echen.me
347 points by deafcalculus  3 days ago   43 comments top 11
visarga 3 days ago 4 replies      
LSTMs are both amazing and not quite good enough. They seem to be too complicated for what they do well, and not quite complex enough for what they can't do so well. The main limitation is that they mix structure with style, or type with value. For example, if you want an LSTM to learn addition, if you taught it to operate on numbers of 6 digits it won't be able to generalize on numbers of 20 digits.

That's because it doesn't factorize the input into separate meaningful parts. The next step in LSTMs will be to operate over relational graphs so they only have to learn function and not structure at the same time. That way they will be able to generalize more between different situations and be much more useful.

Graphs can be represented as adjacency matrices and data as vectors. By multiplying vector with matrix, you can do graph computation. Recurring graph computations are a lot like LSTMs. That's why I think LSTMs are going to become more invariant to permutation and object composition in the future, by using graph data representation instead of flat euclidean vectors, and typed data instead of untyped data. So they are going to become strongly typed, graph RNNs. With such toys we can do visual and text based reasoning, and physical simulation.

inlineint 3 days ago 1 reply      
I personally find recurrent highway networks (RHNs) as described in [1] to be easier to understand and remember the formulas for than the original LSTM. Because as they are generalizations of LSTM, if one understands RHNs, one can understand LSTMs as just a particular case of RHN.

Instead of handwaving about "forgetting", it is IMO better to understand the problem of vanishing gradients and how can forget gates actually help with them.

And Jrgen Schmidhuber, the inventor of LSTM, is a co-author of the RHN paper.

[1] https://arxiv.org/abs/1607.03474

YeGoblynQueenne 3 days ago 2 replies      
In the experiment on teaching an LSTM to count, it's useful to note that the examples it's trained on are derivations [1] from a grammar a^nb^n (with n > 0), a classic example of a Context-Freee Grammar (CFG).

It's well understood that CFGs can not be induced from examples. Which accounts for the fact that LSTMs cannot learn "counting" in this manner, nor indeed can any other learning method that learns from examples.


[1] "Strings generated from"

[2] The same goes for any formal grammars other than finite ones, as in simpler than regular.

mrplank 14 hours ago 0 replies      
Google Brain outperforms LSTMs with Convolutional Networks in speed and accuracy, seeming to confirm LSTMs are not optimal for NLP at least:


mrplank 3 days ago 2 replies      
LSTMs are on their retour in my opinion. They are a hack to make memory in recurrent networks more persistent. In practice they overfit too easy. They are being replaced with convolutional networks. Have a look at the latest paper from Facebook about translation for more details.
dirtyaura 3 days ago 5 replies      
Really great work on visualizing neurons!

Is anyone working with LSTMs in a production setting? Any tips on what are the biggest challenges?

Jeremy Howard said in fast.ai course that in the applied setting, simpler GRUs work much better and has replaced LSTMs. Comments about this?

minimaxir 3 days ago 1 reply      
Is there code for the coloring of neurons per-character as in the post? I've seen that type of visualization on similar posts and am curious if there is a library for it. (the original char-rnn post [http://karpathy.github.io/2015/05/21/rnn-effectiveness/] indicates that it is custom Code/CSS/HTML)
CyberDildonics 2 days ago 0 replies      
> I once though LSTMs were tricky, but LSTMs are actually very easy ...

You would think an article like this would define LSTM somewhere.

Seanny123 3 days ago 1 reply      
Is the code for generating the reactions from the LSTM hidden units posted anywhere? That was the best part for me and I'd love to use it in my own projects.
natch 3 days ago 1 reply      
LSTM is "Long Short Term Memory," since the tutorial never mentions what it stands for.


raarts 3 days ago 1 reply      
Can someone provide a tl;dr ?
The future of education is plain text simplystatistics.org
316 points by simplystats2  13 hours ago   263 comments top 45
AdmiralAsshat 12 hours ago 15 replies      
Plaintext certainly seems more attractive the more docs I write. Over the years, with both work and personal projects, I've used every format from:

- Notepad

- Microsoft Word


- Twiki

- Various proprietary WSYWIG that compiles to HTML


- Raw HTML

- Markdown (several flavors)

With nearly every kind of migration, there are numerous pain points. The "raw" formats are a nightmare to edit and update, and the compiled ones require several hours of changing syntax, image locations, etc.

I've been getting so tired of having to re-do stuff on different platforms that more of my docs are starting as Plaintext and then written in pseudocode markup for areas that I know will change on every platform (e.g. generating a table of contents, image tags, etc).

Having just coded an entire website from scratch that was basically just documentation, Markdown comes remarkably close to doing what I want, except when the common format fails to meet my needs, which forces me to then have to switch to a specific flavor of Markdown in order to get something as basic as tables.

The docs of mine that seem most resilient to platform shifts (other than plaintext) are the ones that are written in or compiled to longstanding formats like LaTeX or HTML.

So perhaps my takeaway is, write in something readable that compiles to something widely available. That will provide the least headache.

Dangeranger 11 hours ago 3 replies      
Plaintext OrgMode notebooks exhibit every benefit listed in Minimaxir's [0] post, and have the additional advantage of powerful editor integration beyond R code.

Here is an example of using the IPython kernel to evaluate inline Python code within an OrgMode document.[1][2]

More information on how to create multi-language notebooks with OrgMode Babel here[3]

[0] http://minimaxir.com/2017/06/r-notebooks/

[1] http://kitchingroup.cheme.cmu.edu/blog/2017/01/29/ob-ipython...

[2] https://github.com/gregsexton/ob-ipython

[3] http://orgmode.org/worg/org-contrib/babel/

doublerebel 11 hours ago 3 replies      
Plain text: so that no one can own the presentation method.

Plain text: so that no one can own the distribution method.

Plain text: so that no one can own the creation method.

Plain text: so normal people can recover data even when partially corrupted.

Plain text: so you aren't forced to see jarring ads.

Plain text: so that there are no tracking pixels.

Plain text: because connecting information with hyperlinks doesn't require all of HTML or even computers.

Plain text: because it's good enough for metadata.

My future and knowledge is in YAML-fronted markdown and YAML metadata for binaries. Let's take back our data. Look out for Optik.io.

voidhorse 12 hours ago 2 replies      
As others have mentioned, once you dig into the innards and nuances of plain text representations and formats, things can get hairy. Still, I think the author is correct in that plain text formats are certainly a better base for sharing curricula, and for knowledge production in general, than something proprietary like word docs, pdfs, etc.

I think markup languages like markdown which are both fairly easy to convert into other formats and deliciously human readable are the way to go.

krapht 12 hours ago 10 replies      
Nope, because plain-text is incompatible with centuries of mathematical notation.
rnprince 12 hours ago 1 reply      
What important problem in this domain does the author think plain text uniquely solves? I'd say that the arguments aren't specific to education, and that they're also pretty weak.

Remember that one of the major breakthroughs of the World Wide Web was that HTML meant documents were no longer plaintext.

calinet6 12 hours ago 1 reply      
And the future of operating systems is the command line.

We deserve better than this reductionist thinking. Constraints can breed innovation; but they can also just constrain.

confounded 10 hours ago 1 reply      
It seems worth mentioning that plaintext is discussed here as the storage / source format.

That doesn't mean it has to be the distribution / consumption format.

One of the great things about something like Markdown is that it can be rendered to HTML trivially, to display video, equations, etc.

Same thing for ebooks, PDFs, whatever (thanks Pandoc!). It's also easy to translate between formats (e.g. .md, .org, .rst, etc.).

If a new format comes along that everyone wants, there's an extremely good chance that plain text can be rendered to it.

The reverse is not true.

austincheney 12 hours ago 1 reply      
What many developers either don't understand or refuse to accept is that when it comes to distribution you don't control formatting. It doesn't matter if that white space is explicit like white space characters or inferred from rules like CSS.

There is a naive assumption that all platforms and operating systems will treat your text (everything is either text or binary before it is parsed into something else) equally. This is false. When when this fallacy becomes self-evident many developers will refuse to modify their assumptions in the belief that consuming software will figure it out properly. Sometimes that is true and sometimes will absolutely break your code/prose/data. Clearly that assumption carries a heavy risk, but this is just data at rest.

When it comes to data moving over a wire the risk substantially increases, because all software that processes that text may make custom modifications along the way. You don't see it so much when the protocol is primitive like HTTP, pub/sub, or RSS (but it still does happen frequently). There are many distribution protocols are that less primitive and absolutely will mutilate the formatting of your documents, such as email (which is why there are email attachments).

polygot 6 hours ago 0 replies      
While plain text is compatible with virtually 100% of every OS ever, when I try to open a txt file on my windows machine it asks what application to open it in, since there are no default apps (Windows 7 and earlier.) This might make it appear that plain text files are a "special" format because it doesn't open up when you double click on it.

I have sent plain text files to some of my colleagues in the past (so that there is a 100% chance that they could read the file), and they were unable to open them because of this issue with choosing the default application, and asked me what app they needed to download to view the files.

geebee 11 hours ago 2 replies      
May I share a related vignette?

I have a kid in middle school, and he has a tablet. These things are often pushed as "educational". Pop quiz: you walk by, and you need to determine, within a couple of seconds, if what he's doing is actually educational. Here's what you see:

lots of graphics, whizzing around the screen


black alphanumeric characters against a white background

Now, you don't actually know, but generally speaking, the second is a better indicator than the first.

I realized this applies to my own work as well. There are parts of my job that I consider extremely useful to the world, and parts that I really gotta wonder about.

If I'm looking at green or white alphanumeric characters against a black background (easier on the eyes), I'm probably at a UNIX prompt, writing code that is doing something very analytical, or writing SQL. If I'm looking at graphics whizzing by, I'm either trying to figure out how to get a drop down to repopulate with the right thing pre-selected in the latest javascript framework, or, worse, I'm so irritated with javascript frameworks that I've decided to browse the web.

Again, it's not a guarantee, but I'm starting to consider a very general guideline: if you are looking at symbols and alphanumeric characters, the odds that you are building something of lasting value is much higher than if you are looking at things with elaborate UI elements.

It's not 100%. My kid could be watching Citizen Kane and developing an interesting critical point of view. He could be reading 101 fart jokes. It's not a perfect match. There are worthy and unworthy things on both sides.

But as a general rule, for culture and career - if you're looking at plain text, that's a good sign.

franciscop 11 hours ago 0 replies      
I totally agree and I strongly prefer text. So much that I made this: https://www.libre.university/ for me and my classmates to learn some topics. Note: the English one is mostly empty except for [1], the main one is the Spanish page.

[1] https://en.libre.university/subject/4kitSFzUe/Web%20Programm...

FabHK 9 hours ago 2 replies      
One advantage of plain text formats that I haven't seen mentioned is that they're easily and meaningfully diff-able.

You can run two versions of a markdown file or a LaTeX source file through a diff, and see what's been changed. Try that with a PDF or Word file or what have you.

As I like to keep my files in version control, I use plain text formats as much as possible.

bluetwo 12 hours ago 1 reply      
A long text explaination of how a piston engine works or a short explanation and an animated GIF.

Which is better?

I would say the second one is more effective.

gkya 9 hours ago 0 replies      
Plain text would've been THE usual way to go for most things (1), but it's so hidden in major OSs, even in Linux distros. Many use Word or Wordpad mostly as a plain text editor becausr they don't know the difference between plain text and a word document. Also, there is thpage metaphor in those programswhich people like, because we think of text in pages. This is not that hard to emulate in plain text but not that straightforward too. People often share documents so pages and paragraphs must be equal for all (paragraph numbering might be a solution). We have the tooling fir generating convenient formats for consumption likr PS and PDF, but default tooling for plain text and the visibility thereof is what's needed.

(1) When youcompose text you want to compose first style later. Wysiwyg mixes the two and you end up with crappy spelling and half arsed formatting most thetime.

minimaxir 12 hours ago 1 reply      
Odd to see a statistics-focused site to emphasize plain text as opposed to formats that promote usability/reproducibility like Notebooks such as Jupyter (or R Notebooks, as discussed last week: https://news.ycombinator.com/item?id=14522795)

The post correctly notes that R Markdown files are plain text, but the benefits of such (version control) are not discussed by the OP.

Sodman 2 hours ago 0 replies      
I completely agree. After spending hours trying to programatically read something as 'common' as a PDF [not all .pdf files are created equal, I learned] - I'm totally on the side of the "Give me the content and I'll deal with the formatting" mentality.
Spooky23 11 hours ago 1 reply      
The future of <X> is the solution that best meets the job.

For exchange and processing data (data != information), UTF-8 text with contextual formatting like Markdown, CSV, etc is nice as it is generally tool agnostic.

But for conveying information (information != data), plaintext sucks. That's why Markdown is a copout -- the formatting still matters... and humans don't perceive markup coding as well as the rendered result. Humans do better with visual queues when interpreting written data. Formatting, typesets, bullets, tables, graphs, etc all help use process and contextualize data.

If being able to reference information or data over time, where time > 10 years, you need to think about what you're doing. (Archivists do this professionally.) PDF is the quick path to address this for format-sensitive applications, as big & important institutions like the US Courts use PDF for their documents -- it isn't going anywhere. Big datasets are more complex to deal with... you have to decide whether the raw data should be preserved vs. the processed/analyzed data, etc.

ajarmst 5 hours ago 1 reply      
I find anything but plain text irritating when writing (I dislike attempts to merge the creative process of writing with the only peripherally related creative processes of orthography, layout and printing). The WYSIAYG editor "revolution" and the associated explosion of opague untranslatable binary file formats did us all a huge disservice. My students learn fairly quickly that my warning that assignments submitted as MS-Word files will be deleted without comment was not a bluff.
mwcampbell 12 hours ago 0 replies      
Text is also accessible to people with sensory disabilities (blind, deaf, deaf-blind...). Hypertext is also fine, of course; I won't insist on "plain" text. But this is in contrast with graphics, audio, and video.
thebiglebrewski 10 hours ago 0 replies      
Having written tons of curriculum in Markdown, I thought it was amazing! The remixing possibilities are endless and it makes all of it so much more programmable.
Sreyanth 10 hours ago 2 replies      
The future of education might be plain text, but not for the reasons mentioned in the article. Also, I think something can be the future of XYZ if it solves the problems XYZ face currently.

The current content for education is good, but is definitely bandwidth-heavy and is tough to maintain. But dropping to plain text will force us let go a few things that otherwise make learning more effective.

I think HTML (or a WYSIWYG style editors - that seem like plain text, but can be powerful with images, videos, animations when required) also does the same thing like plain text,

- it is always compatible (I give it to you that it takes effort to run hifi stuff on browsers, but still better than plain text).

- is easy to mix and match

- is easy to maintain (thanks to many editors)

- is light weight (not compared with plain text of course)

- is forward compatible (not possible when all browsers decided to not support HTML in its current state).

I appreciate the thought behind bringing this up. I think writing something in plain English, which can then be turned into some super cool learning material that runs everywhere would be awesome. It helps both in solving the issues mentioned in the article at the same time keeps learning effective.

peterburkimsher 12 hours ago 4 replies      
What about the existing "standard", PowerPoint slides and PDFs? Although most of my notes could be plain-text, any graphs or figures need pictures. ASCII art doesn't cut it.
IshKebab 11 hours ago 1 reply      
Great let me just illustrate this mathematical equation with a diagram.


louiz 12 hours ago 1 reply      
Theres no such thing as plain text.

Is this UTF-8, latin-1, 7 bits ASCII?

vesak 11 hours ago 2 replies      
I recently wrote a book using Libreoffice and Microsoft Word, because the publisher demanded it.

The process took about a year. My own estimate is that we lost about 2-3 months to tool-related problems, without any benefit whatsoever. I have never in my 20 year career understood the point of word-processing tools, and never will.

And those tools make money. That is wrong.

JBorrow 11 hours ago 1 reply      
I must say that I agree - to a certain extent. They (lecture notes) actually already are (at least in HE Physics education) as everything is written in LaTeX. They are just not distributed that way. I've been working on hacking together a demo of some stuff that turns those original LaTeX documents into a little (static) website. We've had pretty positive reviews from students so far - it's searchable (which is key), considerably more screen-reader friendly, and is broken up into manageable chunks rather than being some monolithic 100+ page .pdf! (https://community.dur.ac.uk/joshua.borrow/npp_notes/)
jancsika 11 hours ago 0 replies      
> My answer to this question was that we need lecture notes stored in plain text files (like rmarkdown files) and data stored in csv files with direct links.

When I think of lecture notes I think of two uses:

1. An informal reference/mnemonic for the lecturer. This use suggests a format that suits the particular lecturer (which may not necessarily be text, or even a digital format).

2. Potential answers to exam questions for situations where there are too few instructors (i.e., lecturer plus TAs) chasing too many students over too short a time for students to practice critical thinking.

Are there other uses? If not, I can imagine standardizing notes across schools could be a detriment by streamlining "plugging-and-chugging".

ppod 5 hours ago 0 replies      
There is an excellent argument and guide to this here


ivanceras 11 hours ago 0 replies      
Why stop with markdown? You can draw diagrams[0] with plaintext too

[0]- https://ivanceras.github.io/spongedown/

simonebrunozzi 12 hours ago 4 replies      
Which reminds me of my "biggest" crux these days: what should I replace Evernote with? Looking for a text-based solution, possibly open source, possibly encrypted, and possibly with sync.
edejong 12 hours ago 0 replies      
Here we are, 33 years after PostScript was created and now the answer to "education" is plain text... Shouldn't we, as tech sector, feel ashamed for even thinking this might be a good idea?
anotheryou 12 hours ago 0 replies      
even the article uses more :P

Let's agree on markdown/rich text + non-interactive media (images, sound, video)

ptr_void 4 hours ago 0 replies      
There are some hiccups like newlines that don't transfer too well between unix/dos in plain-text.
killjoywashere 10 hours ago 0 replies      
Plain text should be the only option for medical records. PDFs and drop-in Word documents should be frowned on.
voidfiles 8 hours ago 0 replies      
Markdown is the new Cursive
j_s 8 hours ago 0 replies      
I would appreciate any additional pointers to resources available in plain text demonstrating its effectiveness - the future predicted here should be readily evidenced by the past!
ajarmst 5 hours ago 0 replies      
I don't care what you use, as long as Org-Mode can export to it and Pandoc can consume it.
Pulcinella 10 hours ago 0 replies      
I would hope that the future of education is not plain text and lectures! Computers can generate powerful methods of interaction. Why limit them to being worse than physical paper?
lyra_comms 11 hours ago 2 replies      
We believe the future of online conversation is plain text, too.


gglitch 9 hours ago 0 replies      
I'm as great a fan of plain text as anyone else, but you gain a lot when you keep it in a sqlite db.
Animats 9 hours ago 0 replies      
The author doesn't mean "plain text". They mean some variant of Markdown.
agentgt 11 hours ago 1 reply      
I have not really found a viable plain text version to Excel that normal users can use. I have done some Excel like tasks with R, Python (pandas, and various other python sci libraries) and even SQL (postgres) but it seems its either a programming language (R, python) or a data format (csv).

I have been meaning to look into what alternatives are out there.

EGreg 11 hours ago 0 replies      
No, the future is interactive multimedia that you can rewind as many times as you like.
partycoder 12 hours ago 1 reply      
Plain text in what encoding, with what character set? We start adding implementation details and suddenly it's not as straightforward.
The relationship between mindset and getting old nautil.us
338 points by dnetesn  2 days ago   152 comments top 19
robteix 2 days ago 11 replies      
I wonder how much the effects vary between different professions.

I'm in my 40s. Incredibly old for HN standards. And yet, I feel no nostalgia for the "good ol' times." I mean, don't get me wrong I'm sure there's a lot of things that set me apart from newer generations -- I don't get Snapchat at all ;) -- but I don't see me being happier by being put in a house set up to look and feel like the 90s/80s.

Is it maybe because we as programmers tend to be less prone to be stuck to the past? Just wondering

michalu 2 days ago 2 replies      
I suspect the reason they felt better and more vital is that the change of mindset and environment altered their biochemistry.

How we feel and what we think of ourselves affects our levels of Testosterone, Cortisol, Serotonin, etc. Even a 5 minute conversation can give you a T boost of 30%+ ... or believing that you're perceived as high status alters your Serotonin. Those hormones in turn make you more vital.

So who knows what was the reason... maybe more social interaction with strangers? Or simply putting their mind into a different, better place?



dheera 1 day ago 3 replies      
It would be interesting to see how much of this is truly biological and how much of it is due to societal and situational conditioning.

There were lots of things I could do in my 20s (e.g. refuse to use gasoline-powered city transportation, refuse to patronize places that used disposable cutlery, refuse to use non-free software, etc.) that I can't do when I'm in my 30s because people around me would think I'm a stubborn idiot, jeopardizing my career at a point where I have not yet established myself. It's very easy to tell a colleague, advisor, anyone at school that you're going to bike to the destination or take electric-powered transit [because you don't believe in a fossil fuel future]. It's very difficult to say the same thing to an investor, co-founder, employee, customer, or whoever is offering you a ride in their car, without feeling like an ass. I'm basically forced to be "normal" during work times and fit into the mould of society. I can only be myself on evenings and weekends.

I can only imagine how much more "being normal" I need to do if I had kids, pets, tenants, or whatever. I don't have any of those at the moment. The other night I was pondering over potential improvements to our music and mathematical notation systems while staring at the Milky Way. (I didn't come to anything conclusive, but I love thinking outside the boxes that society defines for us.)

10 years ago, I could truly be myself 24 hours a day. I was basically learning all kinds of things about the world by doing that. Now, I only get about 5 hours a day to be myself. The rest of the time, I need to conform. The lack of "me" time itself may be contribute to some degree of mental rot/aging, apart from the biological component.

sdenton4 2 days ago 0 replies      
It's an effect probably at least as real as ESP:https://slate.com/health-and-science/2017/06/daryl-bem-prove...

Which is to say, I'm dubious as hell of this result: For something this click-baity, at this point in the history of psychology research, I'mma need some serious replication before I give itan ounce of belief.

TheOtherHobbes 2 days ago 1 reply      
In my 50s. Not exactly pickled in nostalgia.

I think the computing party is just getting started. Non-trivial domestic AI will be here within a couple of years, personal robotics 5-10 years after that.

The current ad mania sucks, but it's going to have to evolve or die.

I don't miss much of the past. Pocket phone computers, tablets, GPS, video calling, massive data storage, and the potential of renewables and distributed energy grids are all awesome. Like.

Even social has its moments.

The real problems are cultural and political. There's been some movement there, but not nearly enough. The system has nearly enough energy to go through a phase change soon, and that's when things will get really interesting.

myth_drannon 2 days ago 0 replies      
I wonder if nostalgia is a human mind's hack to slow down aging.
afpx 2 days ago 2 replies      
I look forward to living to 100. But, 80 would be even better if only I could regain a 12-year-old's sense of the passage of time.
chiefalchemist 2 days ago 0 replies      
Kinda like a placebo effect, yes. It would be interesting to take a group of slightly younger test subjects and see what happens to them when they live with older people in the present.

Moi? The body and mind are both subject to: Use it or lose it. We also, as humans, tend to assimulate into the norm around us, be it smoking, obesity, and now I guess perhaps youth.

Finally, I have to wonder about the effects of essentially being on holiday. In addition, perhaps the group discussions energized them? That is instead of waiting to die, they had more reason to live? In any case, interesting.

theprop 2 days ago 0 replies      
Age may mean certain things about DNA methylation, but it doesn't mean you can't continue inventing, challenging yourself taking chances e.g. 94 year-old co-inventor of lithium batteries co-invents a solid state (solid-glass electrolytes) battery.


ilaksh 2 days ago 0 replies      
http://www.sens.org -- after reading the article, still by far the most scientific and fully developed approach that I have seen.
anentropic 1 day ago 0 replies      
Has anyone reproduced the results from this study of 49 people back in 1979?
kusmi 22 hours ago 0 replies      
It's official, my boss really is feeding off my youth.
DrNuke 2 days ago 1 reply      
Whatever your past, it is irrelevant now and future the only way forward, so smile and enjoy your ride together with the people you love (mid 40s here and still pushing, ehehe).
reasonattlm 2 days ago 1 reply      
Physical activity is the likely mediating mechanism between acting younger and gaining modest benefits by some measures. Since the development of lightweight accelerometers, studies of physical activity have demonstrated strong correlations between even modest activity of the housework/gardening variety and health in old age. There is a mountain of further research demonstrating the benefits of increased moderate exercise and lesser forms of activity in older people.

But ultimately the end is the same. You can't reliably exercise your way to 90, even. The majority of people who are exceptionally fit die before reaching that milepost in the environment of the last 90 years of medical technology. The future of health and longevity in later life will be increasingly determined by medical technology, and nothing else. Aging is damage, and that damage can be repaired given suitable biotechnologies to do so.

DNA methylation patterns correlating strongly with age are a very promising tool when it comes to assessing treatments for the processes of aging. Companies offer various implementations now - see Osiris Green for a cheaper example, to pick one. In the SENS view of aging as accumulated molecular damage, epigenetic changes are a reaction to that damage; a secondary or later process in aging. We'll find out over the next few years how the rejuvenation therapy of senescent cell clearance does against this measure, now that things are moving along there.

But you shouldn't think it impossible to construct useful metrics of biological age more simply. There are a number of excellent papers from the past few years in which researchers assemble weighted algorithms using bloodwork, grip strength, and other simple tests as a basis into something that nears the level of discrimination of the epigenetic clock.

When it comes to a biomarker of aging, there are lots of promising candidates. Researchers will spend a lot of time arguing before they come to any sort of pseudo-standard for that task. Industry (today meaning the companies developing senolytic therapies for the clinic) will overtake them and, I'd wager, adopt one of the epigenetic clocks because it basically works well enough to get along with, and can be cheap in some forms.

Schiphol 1 day ago 0 replies      
The experiment that kicks off the piece looks pretty replication-crisis worthy.
coldtea 1 day ago 0 replies      
A man is as old as the woman he feels (G. Marx)
robertlagrant 2 days ago 3 replies      
Some of the article was okay (although you can cherry-pick a lot to achieve a conclusion) but Langer's study in particular seemed very dubious. They "looked younger"? Stop - that's just way too objective for me!
jldugger 2 days ago 2 replies      
> getting old

'aging' is the word you are searching for

ianai 2 days ago 1 reply      
Constant change does harm. That's my takeaway.
Area code 710 wikipedia.org
351 points by raldi  3 days ago   78 comments top 20
yodon 3 days ago 6 replies      
When I was in college in the '80s, My roommate and I got curious about unused area codes (and/or prefixes? I forget). We started dialing some. Within about 15 minutes we stumbled on some government service with a scary-official sounding operator on the other end (I've no idea if it was this service or a different one).

The really scary part was after dialing the number and encountering the operator, we were unable to hang up (any time we hung up and picked back up, the operator was still there, even after waiting about two minutes). Fortunately this was (a) at MIT which still had a central electromechanical telephone switch for student phone lines in the '80s and (b) I had keys to the switch as a student phone repair tech.

I still remember grabbing my keys, running over to the switch, and physically pulling the relay contacts to release the call and prevent a trace to our location in case that was the motivation for holding the line (nowadays traces are digital and instantaneous, but when looking at old-school electromechanical switches you really did need time to trace the call physically through the relays).

Yes, we were aware the operator was probably just messing with us by showing he could hold our line against our will to discourage us from calling again, but it still scared the crap out of us just in case.

kijeda 3 days ago 3 replies      
I have a GETS account that uses this area code. You are given a credit card sized reference card with your PIN number to activate it.

There is also another service called WPS for cell phones where you get priority just by prefixing your number with *272, the only catch there is your specific phone needs to be enrolled.

813594 3 days ago 0 replies      
I have a GETS account too (I work in healthcare). T-Mobile provides WPS service free, whereas Verizon charges $5/month per enrolled line. More info here https://www.dhs.gov/publication/getswps-documentsandhttps://www.dhs.gov/sites/default/files/publications/HOW%20I...
doctorshady 3 days ago 1 reply      
Little known fact: sometimes the other exchanges in area code 710 will translate to places going to military bases and such, depending on the time of year. The best way to tell is by calling 710-867-5309. If you get a recording saying "You are using <long distance provider>" followed by a not in service recording, well, it worked. If you'd care to look around random exchanges and thousand blocks, you might be in for a fun day. Or a knock at your door.

But yeah - it's all the luck of the draw. Some phone people have had varying levels of luck with other things involving that area code as well: http://www.binrev.com/forums/index.php?/topic/48478-weird-71...

wonderous 3 days ago 1 reply      
Here are more docs on the 710 area code via a simple Google:https://www.google.com/search?q=%22710-NCS-GETS%22+card+ext:...

For example, this PDF explains a lot than anything present on HN or Wikipedia:http://chicagofirstdocs.org/resources/060912-GETS.pdf

Here's a doc that covers all US Federal emergency communications:https://www.dhs.gov/sites/default/files/publications/nifog-v...

jpeterman 3 days ago 2 replies      
Every time I see posts like this on HN, I feel obligated to post http://www.evan-doorbell.com/production/

I originally discovered this guy from HN and the audio recordings on that site are mesmerizing to me.

schoen 3 days ago 1 reply      
I remember something in an old Phrack or another hacker zine where someone was recounting a rumor about this mechanism that he heard from someone who worked in a telco (viz., that there were special government phone numbers that were treated differently by the telephone system). It's interesting to see the progression from underground rumor to Wikipedia article.
losteverything 2 days ago 0 replies      
At&t used to create new prospects for long distance by comparing both numbers in a call to its customers database.

If a number was not an active customer it was put in an outbound call list to solicit long distance.

The best story i remember was when the navy wanted to know why we called one of their nuclear submarines. This implied that the right 10 random digits contacted a sub.

inspector-g 2 days ago 2 replies      
The article mentions that individuals placing calls though GETS, with a valid access code, receive "alternate carrier routing, high probability of completion, trunk queuing and exemptions from network management controls". I find this fascinating, and it's hard not to wonder if any (rough) equivalent exists for government-related internet traffic. As in, perhaps some special/cryptographic data can be provided in network traffic data that ensures higher-priority treatment in an emergency or crisis, like GETS. Can anyone enlighten me here?
axonic 2 days ago 0 replies      
Some numbers forward via DSN to "red phones" and what not. Please don't prank them or waste their time. I had a spouse social engineer the number to an overseas camp. It bloody rang the literal red phone used for CASEVAC operations on my helipad. Then she wanted to get pissed when I told her to hang up and call a civilian phone... "Well, don't you have call waiting?"... We are divorced now, of course.
reaperducer 3 days ago 1 reply      
Another odd area code is 500. Back in the 90's, I had a 500 number through AT&T. You could program it to "follow" you. Meaning that if, for example, someone called your number between 9a-5p M-F, it would ring your office. 5p-6p, your car phone. 6p-10p, your home phone, etc...

I suspect it got killed off because so many businesses were switching to cheapo, poorly-made, Winmodem-based PBXes that didn't recognize the area code.

nodesocket 3 days ago 2 replies      
I'm guessing don't try calling the number? Don't want to flood some poor government operator with internet trolls.
doctorshady 3 days ago 0 replies      
I'll just leave this here:

808-248-0002 - "Your GETS call is being processed. Please hold."

michaelgrosner2 3 days ago 3 replies      
Is there anywhere else to read more about these kinds of special phone numbers? Something about the current state of phreaking?
nsaslideface 3 days ago 0 replies      
I imagine this was part of what was dialed in last week's Twin Peaks
polygot 3 days ago 1 reply      
> "the call is then redirected to a live human operator who then asks for the access code."

I feel bad for that operator

saul_goodman 2 days ago 0 replies      
There's lots of good lore about stuff like this in phreaker circles. I remember a story about someone who supposedly found some listings of 710 numbers including things like the presidents bunker and such. The folks answering the phones for some of these numbers were not amused and were also caught off guard by calls from kids asking to talk to the president and such.
pavel_lishin 3 days ago 3 replies      
I wonder what it's like being an operator on that line; is it mostly hours or boredom, punctuated by a few phone calls? Or is it actually busy throughout the day?
gumby 2 days ago 0 replies      
> GETS is intended to be used in an emergency or crisis situation

Sounds like a major security problem, and during a crisis is especially when I would not like to have a buffer overrun.

axellgun 2 days ago 0 replies      
Area code 710 is a special area code, reserved to the federal government of the United States in 1983. As of December 2006, it had only one working number, 710-NCS-GETS (710-627-4387), which requires a special access code to use. See Government Emergency Telecommunications Service for more information on this service.
Chuck Thacker has died acm.org
285 points by mpweiher  6 hours ago   17 comments top 8
iqster 3 hours ago 1 reply      
I have fond memories of Chuck at MSR-SVC. I was a lowly post-doc who sat close to him for a time. He was very generous with his time and I can only recall his door being open. I was struck by the breadth of his expertise (e.g. he knew about HCI matters even though I considered him a low-level systems guy). I've heard him being called the engineer's engineer and that is an apt title. He inspired me and will be missed. RIP.
jszymborski 1 hour ago 1 reply      
> After returning to the U.S., Thacker designed the hardware for Microsoft's Tablet PC

Tablet PCs were way ahead of their time and suffered as a result imho. It was hard to find one that wasn't under-powered, and I suspect that it was a way to make them affordable, but hot-damn those things were cool.

Frankly I'd argue we've still to perfect that idea. We've got those "transformer" laptops now-a-days, but finding something with a decent digitizer has still been elusive; or at least it is to me.

Regardless, thanks for the fish Mr. Thacker, hope you enjoy your seat at the pantheon of computer gods.

Aloha 2 hours ago 1 reply      
If you dont know who Chuck Thacker is (and why his contribution is important) - read Dealers of Lightning (https://www.amazon.com/Dealers-Lightning-Xerox-PARC-Computer...)
smmnyc 3 hours ago 0 replies      
Sadly I didn't know who he was: "...Known for his pioneering design of the Xerox Alto, the first modern PC. He also is credited as a co-inventor of the Ethernet family of computer networking technologies."
Aloha 2 hours ago 0 replies      
One by one the people who built the technologies that rule our world will go - their everlasting monument is the change they wrought.
sctb 4 hours ago 0 replies      
The Archive has a copy of the article if folks are having trouble accessing the site: https://web.archive.org/web/20170613200242/https://cacm.acm.....
factorialboy 3 hours ago 2 replies      
The dreaded black bar on HN .. :( RIP
Kubernetes Production Patterns and Anti-Patterns github.com
339 points by twakefield  4 days ago   40 comments top 14
lobster_johnson 4 days ago 3 replies      
Good news about zombies: Kubernetes will soon solve this by having the pause container (which is automatically included in every pod) automatically reap children. [1]

Note that this change depends on the shared PID namespace support, which a larger, still-ongoing endeavour [2].

[1] https://github.com/kubernetes/kubernetes/commit/81d27aa23969...

[2] https://github.com/kubernetes/kubernetes/issues/1615

web007 4 days ago 0 replies      
This is an excellent check-list of both kubernetes and docker gotchas to avoid.

Coming into the k8s ecosystem with very little container experience has been a steep learning curve, and simple, concrete suggestions like this go a LONG way to leveling it out.

twakefield 4 days ago 1 reply      
We've also published some other workshops for Docker and Kubernetes that we take customers through when onboarding (if needed): https://github.com/gravitational/workshop

Feel free to take them for a spin and feedback welcome and appreciated.

outworlder 4 days ago 2 replies      
I would like to have seen more "patterns" regarding configuration.

Right now, we have a bunch of microservices. Most of them talk to our shared infrastructure. We started with single configuration file, which has grown to monstrous proportions, and is mounted on every pod as a config map.

What would be the correct approach? Multiple configmaps with redundant information are just as bad, if not worse.

bryanlarsen 4 days ago 1 reply      
Have you tried out istio yet? It's the packaging of Lyft's Envoy that Google and IBM are putting together to handle your last two points, circuit breaking and rate limiting and much more.
lclarkmichalek 4 days ago 2 replies      
Might be worth mentioning about Docker's native support for multi stage builds: https://docs.docker.com/engine/userguide/eng-image/multistag... (still quite a new feature, plenty of people won't have it yet I guess)

Edit: oh, you kind of do. Well, it's not upcoming any more, it's in the latest Docker CE :)

Langhalsdino 3 days ago 0 replies      
Awesome github repo! I think i need to incorporated some of your patterns into my work ;)

If some of you are interested in Kubernetes GPU cluster for deep learning, this article might be good to read as well.https://news.ycombinator.com/item?id=14526807

throwaway34802 4 days ago 0 replies      
Have you tried using Habitat? It pairs nicely with Kubernetes and solves alot of these antipatterns I feel like.



old-gregg 4 days ago 1 reply      
Some background on these workshops: we (Gravitational) help SaaS companies package their applications into Kubernetes, this makes them deployable into on-premise environments [1]. This in itself is an unexpected and quite awesome benefit of adopting Kubernetes in your organization: your stack becomes one-click portable.

[1] http://gravitational.com/telekube

pooktrain 4 days ago 0 replies      
The presentation of patterns here is quite helpful. Is anyone aware of other resources for container design patterns?

The k8s blog has some as well:http://blog.kubernetes.io/2016/06/container-design-patterns....

nunez 3 days ago 1 reply      
what are everyone's thoughts on building containers for running one time binaries? like building a container to run jq or awk or something like that.

i've seen this pattern before and it didnt make me feel very good. it reeks of unnecessary complexity.

m0rganic 3 days ago 0 replies      
we use kubernetes, helm and gitlab.. runtime configuration lives in each repo next to code - values.yaml, dev.yaml, test.yaml, prod.yaml to store applications runtime configuration -- each environment is host to 40+ redundant services.. its working quite well but has required a pretty big upfront investment... surprised there was much discussion about monitoring- prometheus and grafana work well for that
eldios 4 days ago 0 replies      
Awesome article!
humanfromearth 4 days ago 2 replies      
> Anti-Pattern: Direct Use Of Pods> Kubernetes Pod is a building block that itself is not durable.

Kind of.. but you can set `restartPolicy: Always` and will always restart in case of failure.

For an Inclusive Culture, Try Working Less hackernoon.com
320 points by itsdrewmiller  1 day ago   258 comments top 26
exelius 1 day ago 4 replies      
Yes, yes, yes.

This was brought up in a thread last week about "As a female, how do I identify a good employer?"

The best answers basically said "work somewhere that has as boring a corporate culture as possible". Basically, work for a place where you are rated on your production and nothing else. Work elsewhere and things like "how late did you work?" -- a metric that is far easier for people without children to meet -- cease to matter.

Working late isn't the only thing (though it is a big one), but it tends to correlate with "immature HR practices" in general. Inclusivity is about recognizing that people have life configurations that differ from your own, and creating the space for those differences to exist.

trustfundbaby 1 day ago 1 reply      
For all the noise tech startups make about meritocracy, they sure do a poor job of separating the work from personal issues which spells doom for minorities in a lot of instances.

I lost count of how many times, something innocent like not going to lunch with the team regularly (I'm a picky eater), or participating in whatever game the team was nuts about (foosball, or various exotic board games) turned into personnel issues where all of a sudden I was "unavailable to the team", or "distant and aloof" etc, even though my professional contributions were just fine or even stellar.

You can imagine how stressful it is to show up to work everyday wondering what bullshit non-work related nonsense is going to come up that day and require another stupid chat with your manager. And in the midst of that you're expected to keep up a cheerful demeanor and work well with the same assholes that keep bringing up this irrelevant crap because the fault in these interactions couldn't possibly be with them.

The day it becomes about the work, and not personal discomfort with new and differing points of view about communication and interaction, diversity at tech companies will become an after thought ... in a good way.

adventist 1 day ago 2 replies      
> Thats because the culture was mostly about the business of software, how you build it, how you sell it, how you support it. If you were excited about that, you automatically belonged. You didnt need to stay late, or drink alcohol, or play Rock Band, or play board games, or not have kids to pick up, or go to church, or not go to church, or do anything except show up 9-to-5 and care a lot about good software.

Yes! Yes! Yes!

I don't drink, and its kind of sad that I get to miss out sometimes because I don't go to the bar. Because I like to bike instead, why can't I not feel pressure to go to the bar and do my own thing after work?

Handling work stuff at Work I feel is the way to go.

creepydata 1 day ago 4 replies      
>Yesterday, I had a wide-ranging Slack conversation with some very nice people who patiently allowed this privileged white male to repeatedly touch the third rail of diversity and inclusion.

Read this three times and I can't understand what it means. Can anyone "translate?"

On the overall topic, it seems really obvious in retrospect that removing formalities in the workplace turns the office into a social club and those who don't want to socialize are excluded. Its certainly an unintended consequence though.

I can certainly see the benefits of formality in the office now that I'm older.

jblow 1 day ago 9 replies      
This is all fine, but there are side-effects.

If you only work a minimum number of hours within your field, you are unlikely to emerge as one of the peak achievers or thought leaders in your field. That's just because you learn more from experience, and working more hours gives you more experience.

You can extrapolate from there what this means for companies and individuals.

I am not at all saying that companies should ask people to work long hours. (I run a software company, and we are super-lax about hours, people showing up at the office, etc). But I am saying that if an individual wants to be an expert in a particular field, that person should probably work a lot (and probably wants to work a lot anyway, due to interest in the subject). This doesn't necessarily have to be at the company; it could be at home, on personal projects, whatever. But the deeper and more challenging the project is, the better you learn, and it's easier to have one project that is deep and challenging than somehow to have two in parallel. And if only one is deep and challenging, then you are sort of idling with half your time. So there are basically two paths to this kind of deep work: work for a company, make sure you get a project that's really good, and then work hard on it; or go do your own thing, make sure you have enough money somehow, and work hard on what interests you.

This also means that "work-life balance" is not a thing for experts the way it is for normal people. But that's fine, because for these kinds of experts their work is a serious part of their life and the two things are inseparable.

Of course if you don't feel this way about what you're working on, that it is a serious part of your life, then this strategy doesn't make sense; and I would not encourage people who don't feel this way (who are the majority of the population) to work that hard. I am just pointing out that there are some of us for whom a different life strategy is best.

temp-dude-87844 1 day ago 1 reply      
This approach finds its parallels in other collaborative spaces where meritocracy is valued; open source software development comes to mind. In that arena, this approach was widely deployed, but is at odds with the more recent trend of explicitly stating to promote inclusion and diversity.

Staunchly meritocratic online interaction and collaboration, from software development to messageboards, allows people to cultivate identities largely defined by their contributions, which is often distinct, or even at odds, from the identity they wish to demonstrate in their real life. In online spaces where individual contributors aren't restricted from speaking out against the leadership, this disconnect will manifest instead of being suppressed.

While I don't disagree with the author's recommendations and rationale, it's unfortunate that the OP's argument essentially reduces down to the fact that the less casual interaction between people, the more inclusivity will result. It's also re-framing the implied problem: the equality vs. equity debate. In the OP's view, the solution is to cultivate a minimalist, work-focused culture that solves the inclusivity question by avoiding it entirely. This is very much at odds with the approach that receives a lot more press these days, which seeks to prescriptively address inclusivity within its own problem-space.

nashashmi 1 day ago 5 replies      
I am going to wrap this article around a bigger more general concept. I might be going off topic but bear with me.

The difference between a startup culture and a corporate culture is the difference between a creative company and a disciplined company. "Discipline" is like a swiss knife, something that can work anywhere and everywhere. Creativity only works in some places, in places that are desperate, in places that are still making basic decisions, in places where the problems are high and the solutions are few.

A disciplined company has no problem being acquired by a creative company. But a creative company has many problems when they start masquerading in a disciplined company. (Read: Microsoft acquires Company X and writes it off 5 years later.)

Working in a disciplined company is easy for most people. No manual required. Working in a creative company is difficult for most people but easy for creative people. Most foreigners or people with diverse minority backgrounds have a difficult time adapting to very social environments. They would rather stay strictly professional and confined to their work.

But here is the problem: what is the point of having diversity if social interaction is nil? How messed up is your social world if it does not include unsocial minorities?

There is a balance that is needed. Google started as creative and became more corporate and also became more "boring". (Sergey Brin's word)

platz 1 day ago 1 reply      
It is also known that casual dress is somehow connected to less social mobility.

> But above all I didnt have the cultural and social capital to know how to dress casual in the right way. My casual dressing was made of nerdy, unfashionable and cheap clothes: you could immediately say that I havent accomplished anything. And I didnt even know that there was a rich way to dress casual.


theres more art to looking sharp in casual attire than in a suit and tie!

> Tyler Cowen: Well, being a casual person myself, I'm very glad being casual is in vogue, and probably will stay in vogue. But what I find striking is societies with a lot of upward mobility often tend to have strict dress codes. So you see this today with Mormons, at Mormon businesses. You see it in Japan in its heyday years--you know, the businessman or journeyman suit, they more or less all looked the same. There's something about upward mobility where actually clothing is not that casual and one is being more formal in trying to impress; and that is a [?]. But the thing about being casual is it actually makes it harder for people to prove themselves. So, Bill Gates goes to a meeting and he may show up dressed very casually; but he's still Bill Gates--either everyone knows or if you really needed to, you could Google him. So there's a code of casual that's actually very difficult for, say, people from other cultures in America to master or demonstrate that's actually made signaling harder. Just that right way of looking casual is in a funny way more conformist than like the blue suit and tie, which you could do and then innovate around and try to climb to the top. So I find this disturbing, the more I think about it.


lmm 1 day ago 3 replies      
> Its so comfortable and nice to lead an integrated life where your colleagues are your friends and vice versa, where your conversations over beers solve problems encountered over keyboards.

> But maybe that comes at a cost. If we set aside that desire and focus on what were really trying to do heremake good softwarethen maybe well open up some different possibilities. By constraining the number of things we have to agree on, and the number of hours we have to spend agreeing on them, we naturally open ourselves to a diverse world of talented people.

Much as we might wish otherwise, I think this article is right that informality and diversity are in tension (though I think it's massively wrong to conflate informality with long hours; it's very much possible to have a culture where you drink alcohol, play Rock Band, play board games, but still go home after your 35 hours/week). But having to give up informality would be a very heavy price. For me a comfortable life is the end and making good software is the means. But even if your goal is good software, looking at the past couple of decades of big professional companies being displaced by scrappy startups, informal organizations seem a lot better at producing good software.

andrewfong 1 day ago 0 replies      
The takeaway for me is less about minimum hours and more about minimum culture. Or put another way, "keep your identity small". http://www.paulgraham.com/identity.html
Animats 1 day ago 0 replies      
Maybe this is more about drinking than dress code. Companies of Japanese salarymen have the same problem - too much group drinking, and a very uniform culture.
323454 1 day ago 0 replies      
Sometimes, to solve really difficult problems, you have to make big personal sacrifices.

Sometimes, to evolve, adapt and gain the edge, you have to be loose and unprofessional.

Sometimes, to survive a famine or a drought, you have to ruthlessly cut what isn't absolutely necessary.

These are the other phases of the business cycle that the author neglects. Professionalism, openness, and work life balance belong to a certain phase of the cycle. That phase does not come from nothing and it does not last forever.

Mz 1 day ago 8 replies      
Overall good post, but:

Yesterday, I had a wide-ranging Slack conversation with some very nice people who patiently allowed this privileged white male to repeatedly touch the third rail of diversity and inclusion. That conversation led me to the realizations in this post. Ill thank them by not naming them, and by promising never to bring this up in their Slack channel again.

In other words, people openly hated on him for wanting to discuss something with them and get informed -- a white male in a position of power that few women or poc occupy. And all they can do is make him scared to bring it up again and act like the abuse they heaped upon him is some sort of privilege he didn't deserve or something.


I am so sick of women and people of color being openly hateful to people who were born the "wrong" gender and color to be part of the unfortunate many. Hello? Whining about how "it isn't my job to explain this stuff to you!" instead of being all "OMG! An opportunity to have a useful conversation with a white male who is actually curious about how the so-called other half live!" is part of the problem, not part of the solution.

(Before you auto-downvote this on the assumption that I am some overprivileged asshole man, please note I am a woman.)

mnm1 1 day ago 0 replies      
The whole article is brilliant. I'd argue one great way to make this happen is remote work. Agree on some basic tools for text and voice chat and you're good to go. No stupid bro culture. No having to be seen working late. No dress codes. No bullshit. Either you create the product or you don't and get fired. Been working for years for my company and many others.
jankotek 1 day ago 1 reply      
Remote work is even more inclusive.
anothercomment 1 day ago 0 replies      
The assumption seems to be that companies culture is driving women away. Is that even true, as in, are there really hundreds of thousands of female software developers in waiting who would jump at a job at a company with the appropriate culture? It seems very unlikely to me - more likely, the pipeline dries out long before the hiring stage.

That some companies with great effort manage to compete over the few female developers on the market doesn't prove every company could hire lots of female developers if only they changed their culture.

To be honest, personally, even if there were those hundreds of thousands of female developers supposedly driven away by bro culture, I would still maintain that people should have a right to create companies they enjoy working in. If some people want to work in T-Shirts and get drunk every night, it is their right to do so (if they can earn the money to sustain it).

Luckily not all companies are the same, so that people can apply to companies that suit their tastes.

If it weren't so, there wouldn't even be a need for hiring or job seeking to begin with. People could just apply to the next best company and be hired, likewise, companies could hire the next best applicant - because there would be no such issues as cultural fit or whatever. Not very realistic (source: I am not friends with everybody and not everybody is friends with me).

golemotron 1 day ago 0 replies      
I wish I could up-vote this more.

It is a problem that corporate America tries to optimize function by getting everyone closer and closer together with team building exercises and alignment of values.

Values are deeply personal and we should recognize that people are going to differ. Freedom of conscience is as basic as freedom of religion and important for the same reason.

If we keep work a professional space we maximize diversity of thought and life experience, which are ostensibly what the large push toward ethnic and gender diversity are a proxy for.

alexashka 1 day ago 0 replies      
I think he's taking the surface level and assuming if we copy the surface level, we are going to get the rest.


The reason Fog Creek works well, is because it's very smart people, who care about what they're doing. They care because it's a product company - they get to make decisions that impact the product. They feel a sense of ownership.

Contrast that with a sweat, uh sorry, I mean dev shop. Contrast that with doing contract work for big companies where you come in, leave 6 months later. Contrast that with start-ups that only exist because someone got free money.

Contrast that with shit maintenance work at big corps.

Does that about cover 95%, if not more, software jobs out there?

There is no fixing shit workplaces because the foundation is rotten. When you have no say, when you don't care about the product, when you move around every few years - yeah, it's shit culture.

There is no fixing that - most people long for a stable group of people they can make something happen with.

Most people are confused about how much work and dedication it takes to make something great. Most people's actions create what most people complain about and they don't even know it. There is no fixing it, there is only becoming good enough to either start your own Fog Creek, or be good enough to join one.

to_bpr 1 day ago 0 replies      
There's no shortage of corporate environments to work in for those who want it.
voidr 16 hours ago 0 replies      
Why does racial and gender diversity matter in tech? I have worked in teams of all white guys and teams of mixed race and gender and I have seen no difference in productivity. The only thing that ever mattered was the skill level of the people. I see nobody complaining that most successful basketball players are tall black people.

I don't see a problem with having companies with corporate culture and companies with startup culture side by side, just because I dislike the suite and tie culture doesn't mean I want it gone, however from reading the article I get the impression that the author wants the more liberal companies gone just because he doesn't like them.

Humjob 1 day ago 2 replies      
lacampbell 1 day ago 3 replies      
vedranm 1 day ago 3 replies      
Sir_Substance 1 day ago 2 replies      
Am I the only one who gets the niggling feeling that anyone who uses the words "males" and "females" in their public dissertations like it's normal to refer to people the same way one does cable connectors must have a tenuous and possibly weakening grip on the real world?
thegayngler 1 day ago 2 replies      
So by forcing everyone to work strict 9-5 schedules you can create diversity. Ok.

Hmmmm... I agree at least in principle that one shouldn't be required to always hangout late nights after work. However, admittedly occasionally I think it's useful and it's helpful to understand your co-worker's motivations and spending a bit more time with co-workers sometimes is certainly reasonable and helps to build trust and respect amongst other co-workers.

Maybe people should be working only 30 hours a week and spending the other 10 hours just on team building.

I also think its useful to understand the social aspect of things because understanding motivations can help the team solve problems in a way that everyone will agree to.

Kinnard 1 day ago 1 reply      
I'm looking for an alternative framework to work-life balance: https://news.ycombinator.com/item?id=14538411

I bet there's more than one out there.

Work/life balance doesn't "work" for a lot of people, a lot of types of work and a lot of lives. Astronauts, Presidents, Prophets . . . startup ceo's . . .

Fractal planting patterns yield optimal harvests, without central control phys.org
253 points by dnetesn  3 days ago   69 comments top 12
chrismealy 3 days ago 3 replies      
This reminds me of something from Sam Bowles's "Microeconomics":

Like the overnight train that left me in an empty field some distance from the settlement, the process of economic development has for the most part bypassed the two hundred or so families that make up the village of Palanpur. They have remained poor, even by Indian standards: less than a third of the adults are literate, and most have endured the loss of a child to malnutrition or to illnesses that are long forgotten in other parts of the world. But for the occasional wristwatch, bicycle, or irrigation pump, Palanpur appears to be a timeless backwater, untouched by Indias cutting edge software industry and booming agricultural regions. Seeking to understand why, I approached a sharecropper and his three daughters weeding a small plot. The conversation eventually turned to the fact that Palanpur farmers sow their winter crops several weeks after the date at which yields would be maximized. The farmers do not doubt that earlier planting would give them larger harvests, but no one the farmer explained, is willing to be the first to plant, as the seeds on any lone plot would be quickly eaten by birds. I asked if a large group of farmers, perhaps relatives, had ever agreed to sow earlier, all planting on the same day to minimize losses. If we knew how to do that, he said, looking up from his hoe at me, we would not be poor.

aetherspawn 3 days ago 3 replies      
I didn't understand:

1. how they didn't have pest problems if they planted in fractal patterns

2. but they did have pest problems if they didn't plant at the same time

Could someone kindly explain that in a little more depth?

jcoffland 3 days ago 4 replies      
I fail to see how the planting patterns are fractal. A fractal pattern is one which repeats itself at different scales. I realize that the repetition does not need to be exact but I don't see how there is any at all in this situation.
ggrothendieck 3 days ago 0 replies      
There is an agent-based model of Balinese irrigation written in NetLogo here: https://www.openabm.org/model/2221/version/3/view
chriswarbo 3 days ago 3 replies      
This looks very interesting from a regulation point of view, as a potential way to bring greedy self-interest into alignment with national/international social interest. I wonder what scenarios could be given a "pest tax", to alter the dynamic from a tradgedy of the commons to a cooperative/competitive optimum?
kakarot 3 days ago 1 reply      
Now how can I apply this to Dwarf Fortress?
abhinai 3 days ago 0 replies      
TLDR; Locally collaborative greedy planting strategy leads to globally optimal results and looks like a fractal from above. Mind == Blown.
havella 3 days ago 1 reply      
this is very interesting, wondering the principle applies to societal organization and current reversal trends on globalization (mono-culture) and weakening of international 'controlling' organizations.
marmshallow 3 days ago 1 reply      
Can anyone find sample satellite imagery that illustrates the fractal patterns? I didn't see any in the article or with a quick google search.
chiefalchemist 3 days ago 1 reply      
Is this a form of emergence?
anigbrowl 3 days ago 0 replies      
These insights will be useful for my political project.
Polarity 3 days ago 0 replies      
so: monolithic frameworks vs loose coupled components?
The Holder Report on Uber nytimes.com
282 points by sunils34  10 hours ago   190 comments top 28
dragonwriter 8 hours ago 1 reply      
This is not the Holder (well, Covington would be more accurate) Report. The Introduction to this document makes reference to report Covington prepared for and presented to the Special Committee of Uber's board, and to the fact that the full board adopted all of the recommendations in that report.

Beyond the Introduction, this seems to just be the recommendations from the Covington report; the full report (per the Introduction ) was to cover (1) Ubers workplace environment as it related to the allegations of discrimination, harassment, and retaliation in Ms. Fowlers post; (2) whether the companys policies and practices were sufficient to prevent and properly address discrimination, harassment, and retaliation in the workplace; and (3) what steps Uber could take to ensure that its commitment to a diverse and inclusive workplace was reflected not only in the companys policies but made real in the experiences of each of Ubers employees.

This document only includes the part addressing (3), which implicitly indicates that the bottom line conclusion on (2) was no, but doesn't really provide any clear information on (1).

killjoywashere 8 hours ago 4 replies      
Every new grad: read this. Then file it away and review it as soon as you have people reporting to you. This should be required reading for every start-up founder and every manager at every mid-size and large org, and every person who criticizes the decisions of those people or hopes to be in those positions. Which means every creative, every knowledge worker, engineer, designer, lawyer, physician, all of them. And therefore, almost without exception, everyone reading this comment.

Edit: This is the executive symmary. It contains a lot of what to do. Going forward, you don't need to know so much how Uber got into the mess they're in. You need to know how to stay out of similar messes. This is a good plan for how to stay out of such messes.

paulsutter 9 hours ago 2 replies      
The meat of the document is missing. It states the situation that triggered the investigation, describes the process followed, and gives the recommendations.

But it doesn't tell us what they learned through the process.

wonder_bread 8 hours ago 3 replies      
My eyes are bleeding from all the bureaucratic jargon. "Special Committee", "Oversight Committee", "Independent Committee" for the promotions process, checklists for alcohol consumption, human resources training, etc. I dearly hope it doesn't take this many layers of control within a company to ensure a livable atmosphere for its employees.
terryjsmith 9 hours ago 7 replies      
While there are some concrete next steps in here (hire a COO, management training, HR training, the "Rooney Rule"), what is the goal and how do these steps connect to it? As far as the harassment stuff, I think the solution is clear: have a zero tolerance policy and enforce it. But it otherwise says the words "inclusion" and "diversity" a lot, but never really connects those words to achievable outcomes and seems superficial. Maybe the end result is to restore Uber's image - in which case doing those things makes sense - but without any goal posts or authority, many of these recommendations seem to fall short.
cozzyd 9 hours ago 7 replies      
I especially like:

"Uber should consider moving the catered dinner it offers to a time when this benefit can be utilized by a broader group of employees, including employees who have spouses or families waiting for them at home, and that signals an earlier end to the work day."

Note to Linux users: this PDF looks terrible without msttcorefonts installed. I guess MS Word neglects to embed fonts? Also, as someone who is not used to seeing documents generated by MS Word, I'm surprised at how bad the typography is in general (although maybe this due to user error...for example it looks like hyphenation might be disabled.)

aemachado94 9 hours ago 2 replies      
Feels like Uber just paid a load of money to get patronized by a well-respected official. Nothing(as far as this public version suggests) in this document should be surprising to a growing company. "You mean if we create a patriarchal company culture that preys on personal weaknesses and demeans women and minorities we're going to have a bad public image? Gee, who would've thought!"
mandevil 6 hours ago 5 replies      
According to https://www.washingtonpost.com/news/the-switch/wp/2017/06/13... One of the Uber board members made a misogynist joke during the company-wide meeting explaining how Uber was going to fix its culture. This is... special.
sjbase 10 hours ago 0 replies      
boxcardavin 9 hours ago 2 replies      
I think this whole Uber situation is a good reminder to the valley that the "No Assholes" rule is still a good policy.
favorited 5 hours ago 0 replies      
According to Yahoo reporting[1], a board member made a sexist joke at their all-hands meeting to address this report today.

Huffington: Theres a lot of data that shows when theres one woman on the board, its much more likely that there will be a second woman on the board

Bonderman: Actually what it shows is its much likely to be more talking

What a garbage fire.


jstewartmobile 7 hours ago 1 reply      
This smells a lot like a pentesting report: pay people a lot of money to make a report, persevere with current bad practices, then when litigation comes up say "Hey, we took this seriously. Look at all the money we spent on this report!"
tmh79 9 hours ago 0 replies      
Very interesting recommendations, but no mention of the CTO, Thuan, who was called out by Fowler herself in her blog post.
Cyclone_ 4 hours ago 0 replies      
Don't think for a second that these are isolated incidents. These things happen all the time, it just so happened that people like Susan Fowler fought back. I've seen these things happen constantly.
sywan 6 hours ago 3 replies      
While some of the points in the report are legit, I feel most of the content is so general that you could literally change the title of the company to any other tech firms and it will probably still work.

I genuinely believe that people work hard because they believe what they do has a meaning, not because the company serves free dinner/beer/water at 7pm or 8:15pm. I don't understand why you should run a fast-paced startup like a non-profit. As someone who used to work in law firms, not only we don't have catered anything, we regularly stay till after 10pm and on-call during weekends/holidays so we make barely the same, if no less, than a first-year engineer. And you let a law firm make "better workplace culture" recommendations. I am so lost.

blacksqr 3 hours ago 2 replies      
So Mr. Holder, were you able to confirm the veracity of Susan Fowler's descriptions of her experiences at Uber?

Mr. Holder?

Is this thing on?

sywan 6 hours ago 1 reply      
While some of the points in the report are legit, I feel most of the content is so general that you could literally change the title of the company to any other tech firms and it will probably still work.

I don't understand why you should run a fast-paced startup as a non-profit. As someone who used to work in law firms, not only we don't have catered dinner, we regularly stay till after 10pm and on-call during the weekends/holidays so we make barely the same, if no less, than a first-year engineer. And you let a law firm make "better workplace culture" recommendations. I am so lost.

jonstewart 9 hours ago 0 replies      
Blind Rsum Review stands out.
netvarun 9 hours ago 2 replies      
Random thought: Marissa Mayer (who hacker news informs me, just quit her previous job) could potentially be their COO
misterbowfinger 9 hours ago 1 reply      
I'm mostly unimpressed. Most of the suggestions are just process changes, which often just obfuscate organizational issues and cripple performance. The only value is the signal it sends to employees that affect the culture negatively.

The most substantive recommendation, IMO, is that they suggest a COO that controls most of the day-to-day. It's a clear move to reduce the CEO's power, and most likely a path to remove the CEO in the future unless the CEO regains power, which is unlikely.

sbarre 9 hours ago 2 replies      
So is this the full report, or an abridged version for public consumption (as was indicated might be released a few days ago)?
Tycho 5 hours ago 0 replies      
I suspect Uber has a Hudsucker Proxy situation going on.
alanh 6 hours ago 0 replies      
Anyone have plain text or HTML of this content? Update: https://pastebin.com/L0Qf7Ddp
ryanmarsh 7 hours ago 0 replies      
> Uber should establish key metrics to which its leaders will be held accountable in the performance review process. This would include, for example, metrics that are tied to improving diversity, responsiveness to employee complaints, employee satisfaction, and compliance.

Every metric has the power for evil. This will be gamed, simply by measuring these things behaviour will be affected in unpredictable ways. I understand the challenge they're up against but I absolutely cringe at turning some of these subjective items into metrics.

dingdongding 9 hours ago 1 reply      
TLDR version. Anyone?
thogenhaven 9 hours ago 2 replies      
If someone can write 13 pages in bullet forms about things you need to change, you're not doing your job very well...
ProAm 9 hours ago 1 reply      
So long Travis.
theprop 4 hours ago 0 replies      
I think a new charge of "criminality" must go to Holder & his law firm who probably charged hundreds of thousands of dollars for these bland, obvious recommendations.
Stench gas everything2.com
240 points by raldi  4 days ago   54 comments top 15
abalone 4 days ago 2 replies      
> air allows mines to use a very interesting way to communicate

This is a very important point to remember about subterranean tunnel systems. It is exactly what came to my mind when I watched the Boring Company video about a huge network of 3D tunnels.[1] The tech press, which had probably never even covered a construction project yet alone tunnels, was basically like "what about earthquakes"? But tunnel collapse is not the primary safety issue.

It's fires. Smoke and toxic gases from fires spread very quickly through tunnels.

I am a huge fan of the concept, by the way, but I want to emphasize that most fatalities from traffic tunnels have been from fires (apart from ordinary traffic accidents).[2][3][4][5] And Elon Musk has stated that what makes this vision feasible from a cost perspective is smaller tunnel diameters. Which makes air "communication" all the more accelerated and safety critical. Thus any vision of tunneling without detailing fire safety, evacuation systems and firefighter access is significantly incomplete, as these can add significant cost and fundamentally constrain designs.

[1] https://www.youtube.com/watch?v=u5V_VzRrSBI

[2] https://en.wikipedia.org/wiki/Caldecott_Tunnel_fire

[3] https://en.wikipedia.org/wiki/Gotthard_Road_Tunnel#2001_coll...

[4] https://en.wikipedia.org/wiki/Kaprun_disaster

[5] https://en.wikipedia.org/wiki/Mont_Blanc_Tunnel#1999_fire

quadstick 4 days ago 0 replies      
100 years ago, yesterday, was the worst hard rock mining disaster in the US, in Butte, Montana. They didn't have this way of warning the miners back then and 168 miners died due to a fire in one of the shafts. Most died from asphyxia.

Michael Punke, the author of the Revenant, wrote an excellent non-fiction book about it called "Fire and Brimstone: The North Butte Mining Disaster of 1917".

userbinator 4 days ago 2 replies      
They remain there until an all-clear is given, which may include a distinct all-clear scent such as wintergreen.

If you search for "stench gas" you will find some... interesting photos of the control panel for these systems:


(Something about buttons marked "release stench gas" and "release anti-stench gas" seem amusing in a rather comical fashion.)

Herodotus38 4 days ago 3 replies      
Just reading about that article triggered an olfactory memory of the related compound 2-mercaptoethanol (or beta-mercaptoethanol as it was labeled in the lab). Used to reduce disulfide links in proteins (edit: see more correct response below) so that they would unravel a bit and separate by size more as they travel through the western blot matrix.

Unlike carbon monoxide this compound had a very "this will kill you" smell to it.


thomk 4 days ago 3 replies      
Everything2 is still around?!?! Awesome.
hitekker 3 days ago 1 reply      
If our noses were "sharper", i.e., able to distinguish on a deeper more meaningful level like a dog, could we transmit complex information with olfactory encoding?

Right now the smells are simple signals; I'm curious if a scent could be engineered to contain a language. Like paper and writing.

I'm asking for my story, in which sapient rats struggle against two-legged monsters with opposable thumbs.

rcarmo 3 days ago 0 replies      
I wonder if we could tie this to Jenkins for when a build breaks. Would make for a nicer alternative than sirens and flashing lights, although I suspect people would tend to clear the office...
rmm 3 days ago 1 reply      
It smells absolutely wretched, and is totally unmistakable.

Had it go off on a couple sites I've been on, and it's remarkable how it reaches every corner of the mine.

pjs_ 3 days ago 0 replies      
I instinctively hovered my mouse over the link to wintergreen, my brain fully expecting to click and experience the smell - as I would with any image, video, or sound. Took me a few seconds to manage expectations!
cobbzilla 4 days ago 1 reply      
smsm42 4 days ago 0 replies      
Same principle in fire alarm for the deaf:


They use wasabi.

toomanybeersies 4 days ago 0 replies      
I remember seeing this for sale on BOC's website when looking for CO2 a while back (https://www.boc.co.nz/shop/en/nz/stench-gas). I briefly considered buying some for nefarious purposes, but I think I figured that they probably wouldn't just sell it to any random person.
rabboRubble 4 days ago 1 reply      
Reminds me of the Friends' episode where Ross goes on and on with the (bored and weirded out) pizza delivery girl about the smelly chemical added to natural gas in order to make it olfactible & safer to use.

Found it... https://youtu.be/kH5JhYsfNMA?t=1m10s

hammock 4 days ago 0 replies      
Same compound that is added to propane
__s 4 days ago 0 replies      
I think my family went to that exhibit while I was pre adolescent. I got scared so only my mother & sister went, while I stayed topside with my father. We window shopped the souvenir shop

Nowadays my sister suffers claustrophobia & I feel most comfortable shoved into small crooks. But I think I was mostly offset by anxiety related to ventilation

Visited Timmins this May, another northern Ontario city. It was snowing

Are Google, Amazon and others getting too big? bbc.com
249 points by happy-go-lucky  3 days ago   328 comments top 31
jondubois 3 days ago 17 replies      
I agree they should be regulated. The world is a better place with lots of smaller companies.

These big companies turn regular people into corporate livestock to serve the wealthy.

If you were to analyze Facebook as if it were a country, the wealth gap among employees would be atrocious - The top 1% would own maybe 99% of the wealth of the country and everyone else would earn a minuscule fraction of the total value that they produced.

If we let monopolies take over, then the economy of the world will start to mirror the economies within these large corporations.

What's worse is that the social aspects will also be mirrored. We will gradually lose freedom of speech, in the same way that employees of large corporations don't have the freedom to say what they really think to their bosses.

Many who have worked for a big corporation will know how suppressing the environment can be. I'm really glad that I live in a time when there are still alternatives.

tyingq 3 days ago 4 replies      
Feels like it's getting worse too. For example, things like Google Home and Alexa discourage choice. "Order me a pizza" means they are now either kingmakers in the space, or incented to open their own pizza business.

I'm not a fan of big government, but at some point depending solely on their goodwill seems dangerous.

marcoperaza 3 days ago 8 replies      
I am ultimately skeptical of companies that get all of their revenue from advertising and who fail to make money from sales of products. The value of online advertising is massively inflated.

Of the tech giants, Apple, Amazon, and Microsoft seem to be in the best shape at the moment. They make their money from selling real products and services to real end users.

Amazon is strong but not unbeatable. Walmart in particular, as well as a hypothetical alliance/merger of supermarket chains, are well positioned to break Amazon's dominance of e-commerce. But they will need the ambition and ruthlessness that has served Bezos so well. Few large American corporations still have the vigor and virility of Bezos's Amazon.

Microsoft (full disclosure: my former employer) too is strong but not unbeatable. All of their products are facing tough competition from Apple (in OS and hardware sales), Google (in online services), and multiple others (in business software). Microsoft's wins are hard fought and fair, and the competition never lags too much.

jimnotgym 3 days ago 0 replies      
RE Amazon: I think it is problematic that they are now one of the biggest marketplaces, as well as being a trader. Put simply this allows them to watch other peoples sales, and if they look pretty good on a certain product, undercut them. This could be solved by divesting, hiding the transactions nature from Amazon, or more radically, having the data in the open so everyone can use it

Re Apple: Technology comes and goes, but the iphone was a good one. The troubling thing for me is the amount of cash they are hording. If this is intended to underwrite Applepay as a new bank, then firstly they must allow open access to all technology platforms to use Applepay. You can't have a new dollar that works better at Walmart than Tesco.

Re Google and Facebook: These companies are advertisers. I have no problem with their size or structure at present. I do have a problem with using their easy cross border presence to avoid taxation. You cannot have the biggest revenue generators for advertising paying no tax, when everyone else has to. In the UK Google is headquartered in Ireland so the UK receives no tax from the billions of revenue. This is unsustainable for the country.

My real problems with Google and Facebook is they regard everything about us as their to do what they want with.

codefined 3 days ago 3 replies      
It does concern me when people say that the internet should be unregulated, especially given the recent vote in the US and the likely upcoming votes in the UK.

Monopolies are very easy to form on the internet, and in the interest of improving everyone's use, we need to try to avoid them. Walled gardens currently trap people into one service and limit the ability to swap between them, similar to "forcing" you to use just one company for your construction work, no matter the price.

I haven't heard a great answer to this problem yet, if one even exists. Is there a way to attempt to prevent these from forming which can be practically implemented?

gigatexal 3 days ago 1 reply      
Regulation only makes the largest companies that much more untouchable. Why not invest what would have been spent on regulation instead on education? That way the next pioneer could be fostered. Or invest in subsidies for health and wellness and food programs so the next Zuckerberg doesn't go hungry and can have the luxury to innovate (terrible analogy since he came from a middle class family but still). Or if you don't want to do that what about allowing foreign nationals with an idea but without capital and a safe and business friendly government to come to the States to create their businesses?
cmurf 3 days ago 1 reply      
Regulating them ultimately doesn't work very well because a.) it's reactive rather than proactive, so there's regulatory lag b.) it injects politics, and political wind c.) because of a and b we get inconsistency, changes in policy, this isn't good for either consumers or employees or investors.

I'm not sure what the work around is, but for sure we (Americans) do not apply anti-trust / competition law as aggressively as we should. It just seems wrong to me to allow these big companies to buy up smaller companies and then just obliterate them into nothing, not use their technologies, just destroy them by putting the patents into a vault and sue anyone who infringes but not letting anyone benefit either. They all do this to varying degrees.

It's like at a certain market value as a percentage of either global or maybe national wealth, companies should be disallowed from mergers of any kind. And at another level of size, they are required to break themselves up into pieces.

Edit: Maybe disallow hoarding patents. If after X years you're not using a patent, it either auto-expires and is relegated to public domain, or it's compulsory to sell it. Use it or lose it!

unityByFreedom 3 days ago 0 replies      
If you don't like their services, you have plenty of other options, one of them being that you don't need to use them at all.

On the other hand, you're locked in with your broadband ISP. If I'm going to decry some internet business, I will first point the finger at Comcast and their ilk.

sangnoir 2 days ago 0 replies      
If I didn't know better, I would say this is a reaction to "nouveau riche" companies. When was the last time that the BBC proposed reining-in banks or oil companies despite clear consumer antipathy? Even after LIBOR, the 2008 crisis, Deepwater Horizon and HSBC cartel laundering, no one suggested these companies were to big, outside of the phrase "too big to fail". They were punished by being bailed out or given a nominal fine, but these uppity tech companies ought to be broken up.

Perhaps they are "too big", but only because they isn't a revolving door between tech companies and the corridors of power (yet?)

Asdfbla 3 days ago 1 reply      
I'm surprised the EU hasn't acted against Google already. Remember when they (rightfully) went after Microsoft and forced them to offer a browser choice? And that wasn't even the peak of the Internet Explorer monopoly.

And yet it's allowed that like 80% smartphones sold in Europe come with Android versions that basically lock the user into the Google ecosystem, else you can't use the default store.

BenoitEssiambre 3 days ago 2 replies      
I'm not usually very pro corporate taxes. I think (with some caveats) that it is generally better to tax the owners of businesses than the businesses themselves. However, in order to counter the unfair advantages of overly large companies and promote competition (in tech, in finance or elsewhere) wouldn't it make sense to make corporate taxes slightly progressive where the larger a business is (by revenues), the higher the tax rate?

Is there an obvious flaw to this approach? Why don't I see anyone ever suggesting it?

someSven 3 days ago 0 replies      
If some gov dosn't like the power of those companies then the should feel free to support free software. The same goes for competitors and consumers. Regulation only in rare cases please.
sr2 3 days ago 0 replies      
Things like Mastodon[0] and IPFS[1] are always worth checking out, if you want to get a sense of control over your data. With regards to the argument that these companies are so entrenched in our society that they are very difficult to remove, almost like barnacles, then I agree that something has to be done. The real problem exists when there is no other choice for people. For example, the default search engine on Android phones is most certainly Google and not DuckDuckGo. Another example of terrible monopolistic practice is that Android phones are so fragmented. It seems kind of odd that in order to have the most secure Android installation, that I also have to have the latest hardware. I find it very unfair that legacy devices are locked to a single Android install and can't upgrade properly. These things should be future proof and be able to respond to threat landscapes. I feel very uneasy communicating on legacy devices because there is the uneasy feeling that the device has been infected by either low-level attackers, or nation states.

[0] https://mastodon.social/about

[1] https://en.wikipedia.org/wiki/InterPlanetary_File_System

whyenot 3 days ago 0 replies      
What is interesting to me is that according to the article, the five largest companies in the world (by market cap) are all now companies headquartered on the west coast of the US. What a remarkable shift in the world from the way it was just a few decades ago. We are in the midst, of a massive power shift, a revolution. I think it's hard to predict what the results of any regulation would actually be -- everything is changing too quickly.
seattle_spring 3 days ago 1 reply      
From the perspective of a software engineer, I would also say "yes." It's frustrating that 80% of the available positions, even in a tech center like Seattle, are at the huge mega-corporations.
jrnichols 3 days ago 0 replies      
Apple & Amazon and the others, probably not. They have their own markets and they're just doing well in them. Google might be a little different in that what they've done in some areas affects so many others, especially in small business communications and now into education. I'm just thinking about how kids are unaware that there is even another email provider out there because all they know is Gmail. To me, that's where things have tipped over into "kind of a problem." The Googleverse is massive, and we don't even know how much data they've collected.
benevol 3 days ago 1 reply      
Well, that was pretty clear more than a decade ago.

Proprietary technology has a monopolizing effect in capitalism.

Since technology by definition has an exponential growth rate of efficiency, the monopolizing effect grows with it.

Mendenhall 3 days ago 0 replies      
Anything "big" causes me to pause and count the concerns. The bigger any entity is the more damage they can cause. I tend to support "small" things as best I can.
redm 3 days ago 0 replies      
When I look at these monoliths, I can't help but think about the fabled Sci-Fi Mega Corporations of the future that seem to be anything other than positive. [1] [2] [3]

There are of course real life examples from the past.. [4][5][6]

[1] http://residentevil.wikia.com/wiki/Umbrella_Corporation

[2] http://alienfilmspedia.wikia.com/wiki/Weyland-Yutani

[3] http://bladerunner.wikia.com/wiki/Tyrell_Corporation

[4] https://en.wikipedia.org/wiki/East_India_Company

[5] https://en.wikipedia.org/wiki/Breakup_of_the_Bell_System

[6] https://en.wikipedia.org/wiki/Standard_Oil

rdlecler1 3 days ago 0 replies      
The problem here is that only one or two of their business lines actually make money. Everything else simply strengthens network effects and gives them optionality for new businesses. It would be hard to break up Google and say: you get to provide search for the US and another company has to do it for Europe. While that may be in the interest of Europe, it's of less interest to the US.
therobotking 3 days ago 1 reply      
On one hand I absolutely love Google's ecosystem and have an Android phone, use Gmail, have an nVidia Shield TV, use Android Pay, travel using Google Maps for transit every day, use Docs for work, Drive for all cloud storage needs and YouTube is YouTube.

On the other, being so reliant on one company for so much is bound to cause problems at some point.

therealmarv 3 days ago 1 reply      
Two words: too late.
jorblumesea 3 days ago 0 replies      
What's to stop the most powerful companies from using regulation to squash business competitors? Almost every industry has abused this to a certain extent. Regulatory capture is a thing, at least here in the US.

Regulations are a double edged sword and it's often used to stifle new business and crush possible competition.

strin 3 days ago 0 replies      
I highly recommend the book "Master Switch" by Tim Wu on this topic. (https://www.amazon.com/Master-Switch-Rise-Information-Empire...).

It argues that every information networks in the history- telegraph, telephone, radio, cable - follow the pattern of consolidation and disintegration. The new inventions always had the chance to disrupt the old industry, but our modern network - the Internet - might be an exception. Because the Internet is the master switch of all things digitized.

notadoc 3 days ago 0 replies      
Remember in the 90s when Microsoft was the subject of an antitrust case over bundling a web browser?
yalogin 3 days ago 0 replies      
Are the existing laws enough to regulate them though? The anti competition laws don't apply here as all of them are competing in the same space and all of them are huge.
ilaksh 3 days ago 0 replies      
Integrating technologies for both decentralization and common platforms are the answer, not more traditional government or more capitalism or more communism.
TheRealmccoy 3 days ago 0 replies      
yet again, one of those posts. all those people who have the ability to do something, discuss and post detailed comments and then wait for next such article, and then rinse and repeat.

what is the point of discussion, if we nothing concrete, other than rhetoric can be done?

esturk 3 days ago 0 replies      
No. This MAGA (Microsoft, Apple, Goggle, Amazon), is actually making American tech great.
anth1988 3 days ago 1 reply      
> In 2013, the European Commission fined Microsoft for giving preferential treatment to its own browser, Internet Explorer.

I don't understand why Microsoft gets fined, but Google gets a pass when they used their other products to push Chrome to a dominant position.

blairanderson 3 days ago 1 reply      
"Too big to control?" Uhhhhmmm I don't want to be controlled. No control necessary. Just guidance.
Money can be stolen from an Uber account unlikekinds.com
253 points by unlikekinds  14 hours ago   149 comments top 25
vxNsr 13 hours ago 6 replies      
In general in these cases, if it's a credit card just do a charge back and let Uber deal with the fallout. no need to bother trying to get Uber to make it right, your credit card company will be much more interested in knowing that Uber failed to safeguard their clients card info. To many charge backs can result in higher processing fees so companies will do everything they can do avoid that.
naturalgradient 13 hours ago 2 replies      
I have noticed that with any type of money processing service (stock broker, bank, ..), whenever any irregularity happens, I end up losing money no matter whether I was at fault.

The asymmetry between me as a customer and a large organisation with a faceless customer service is just so big that complaints take too much effort to reach someone that could do something about it (if they were willing to own up to problems, which they usually are not).

Having the legal right to get any fee refunded and getting it are just so far removed that I would wager all money handling services make non-trivial amounts of profits from unjust fees because they can exploit this asymmetry.

Sadly, for me as an individual the right decision is almost always to let it go because my time is more expensive.

mstade 13 hours ago 6 replies      
And this is why you only ever use credit cards from reputable providers with a proven customer satisfaction track record. I had uber pulling all sorts of shenanigans against my Amex a few months ago, and instead of dealing with Uber's BS I just had Amex cancel the charges. Done. Zero risk to my personal accounts with actual real money on them.

Never use debit cards when credit cards are accepted, is my general tip.

wolfgang42 13 hours ago 4 replies      
> I received an SMS saying Enter Uber code 5483 to confirm your number. Thinking someone entered their number incorrectly or similar, and assuming - as I had my phone with me - that my account was safe, I ignored the message.

This sounds like yet another example of why SMS is not a good second factor. The Uber rep's responses seem to ignore the question of how this account was compromised (instead providing suggestions for good password hygiene), so it's not clear to me whether they even think that the SMS PIN is supposed to provide any security at all.

caseysoftware 13 hours ago 3 replies      
I suspect the argument here is simply "we refunded the exact amount we received!" and that they bear no responsibility for the foreign transaction fees, which were probably from the owners' bank.

It sucks but it makes sense for the merchant. The bank should return the fees but the exchange rate difference is likely lost.

Also another good reason not to use a debit card for any online transaction. At least with a credit card, no one can take your money while they're settling the dispute.

jefferson123 13 hours ago 4 replies      
Can someone shed light on how this sort of attack might have been carried out?
morrow 12 hours ago 0 replies      
The exact same thing happened to Alex Blumberg in this episode of Reply All: https://gimletmedia.com/episode/91-the-russian-passenger/. They investigate and try to find out how his account could have possibly been hijacked with 2FA enabled.
paul7986 11 hours ago 1 reply      
And Uber does not give a damn!

In 2015 my Uber account was hacked and 1k was taken from my bank account. Uber knew/knows about their users getting hacked and their PR was it's the users fault for using a bad password. Also then I tried to cancel my Uber account via their site but there is no option that lets the user do so only can be done by contacting/waiting for a support person to do so. It took them a few days to cancel my account.

Needless to say I loathe then for this reason followed by all their other horrid behavior!

thinkMOAR 13 hours ago 0 replies      
And it seems that the banks are aware of this. Two weeks ago only used a credit card for a bunch of uber trips in eastern parts of europe*. Maybe 8 - 10 rides, max 20 euro total charge... bank found the charges/refunds of uber suspicious enough to block my card as security measure (for already total mount of less then 20 euro)
Cakez0r 13 hours ago 0 replies      
So how did they get access to the account without the SMS pin? The question was never answered!
bkor 13 hours ago 4 replies      
Shouldn't any normal consumer/customer protection law ensure that the full amount should be refunded? Meaning if due to no fault of your own X amount was charged / taken from your bank account, then that exact amount should be refunded. No matter if the currency changed or not.. as it was never your fault.
nate_robo 7 hours ago 0 replies      
The same thing happened to me last week. Noticed a number of Uber charges being hailed from Moscow, Russia which was brought to my attention by Chase's fraud prevention. They recognized the charges as suspicious and denied to let any of them through so I ended up not losing anything besides my debit card which I had to cancel. Changed my password and ordered a new debit card and everything is resolved. However, I was very surprised to see a hacking effort towards an Uber account versus something like an Amazon account...
datasage 13 hours ago 0 replies      
In my experience dealing with this, it depends on who initiates the refund.

If the consumer initiates the chargeback, it will be handled in the consumer's currency. Which will result in a fun reconciliation problem for the business.

If the company initiates it will be done in the currency it was originally charged in. Which will give the consumer more or less money depending on exchange rates.

huac 12 hours ago 1 reply      
If the biggest cost was the foreign transaction fees, then the author should get a credit card without foreign transaction fees. Which seems like decent advice in general.

And to be fair to Uber, they don't have control over foreign transaction fees or changing forex rates. This just as well might have worked out in the author's favor. Uber could curry some goodwill by covering the forex losses and transaction fees in this case, especially since it came out to about $20, but God knows that that's not their MO.

taormina 11 hours ago 0 replies      
I had this happen to me. Since I wasn't in Amsterdam, it was pretty clear that it was fraud of some sort. My credit card company handled everything and I canceled the card.
benmmurphy 12 hours ago 0 replies      
does anyone know how they are breaking 2FA here? it doesn't sound like SS7 hijack because the message is still going to the correct handset and presumably if you are carrying out the SS7 hijack you wouldn't proxy the traffic. was/is uber allowing people to brute force pins? or are the PINs being leaked through whoever is doing bulk SMS messaging for them?
nstj 10 hours ago 0 replies      
Interesting post, but the title is quite misleading - something closer would be Someone can hijack your Uber account and charge you for their rides.

The title gives the impression that your credit card can be used for transactions outside of Uber by attackers.

lr4444lr 13 hours ago 0 replies      
Why would you fight Uber for these charges in the face of such obvious fraud? Just dispute them with your credit card.
gkya 10 hours ago 0 replies      
Uber is like the Kardashians of the tech industry, every other news is a scandal. It's interesting to watch pure human vile turn a big success and a bigger potential into nil.
bradyat 12 hours ago 1 reply      
Anyone else notice that they gave the driver one star? I get that you don't like uber but it's hardly the drivers fault.
ajaimk 13 hours ago 1 reply      
Uber has no way of accounting for the exchange rate changes from their end. A charge back will fix the problem for the OP.
gambiting 13 hours ago 2 replies      
>>Uber quickly agreed to refund the money. Problem is, the value of the currency had changed, so the money refunded was less than the money stolen: $406.70

I'd just like to point out that if the currency value changed the other way, he would be refunded more money.

I actually wondered where is that money technically going in this case. I rented a car abroad once, a block of 3000 Euro was put on my card, then when it was released I got less money back than it blocked originally since the currency rate has changed. So someone made money on just blocking that money for a few days, but who? The bank?

marvel_boy 13 hours ago 1 reply      
Newbie here. Any guess on how this account was compromised?
42fortytwo 13 hours ago 0 replies      
Chargeback? I believe all CC companies offer that, and it's pretty effective?
aidenn0 12 hours ago 0 replies      
Money can be stolen. From pretty much anywhere.
       cached 14 June 2017 04:11:01 GMT