hacker news with inline top comments    .. more ..    24 Jul 2017 Best
home   ask   best   4 weeks ago   
visited
1
153k Ether Stolen in Parity Multi-Sig Attack etherscan.io
939 points by campbelltown  4 days ago   720 comments top 60
1
int_19h 4 days ago 16 replies      
Just skimming through the Solidity docs, I see a lot of unwise decisions there aside from the weird visibility defaults.

All state is mutable by default (this includes struct fields, array elements, and locals). Functions can mutate state by default. Both are overridable by explicit specifiers, much like C++ "const", but you have to remember to do so. Even then, the current implementation doesn't enforce this for functions.

Integers are fixed-size and wrap around, so it's possible to have overflow and underflow bugs. Granted, with 256 bits of precision by default that's harder to do than usual... but still pretty easy if you e.g. do arithmetic on two inputs.

Operators have different semantics depending on whether the operands are literals or not. For example, 1/2 is 0.5, but x/y for x==1 and y==2 is 0. Precision of the operation is also determined in this manner - literals are arbitrary-precision, other values are constrained by their types.

Copy is by reference or by value depending on where the operands are stored. This is implicit - the operation looks exactly the same in code, so unless you look at declarations, you don't know what it actually does. Because mutability is pervasive, this can can have far-reaching effects.

Map data type doesn't throw on non-existing keys, it just returns the default value.

The language has suffixes for literals to denote various units (e.g. "10 seconds" or "1000 ether"). This is purely syntactic sugar, however, and is not reflected in the type system in any way, so "10 second + 1000 ether" is valid code.

Statements allow, but do not require, braces around bodies. This means that dangling "else" is potentially an issue, as is anything else from the same class of bugs (such as the infamous Apple "goto fail" bug).

Functions can be called recursively with no special effort, but the stack size is rather limited, and it looks like there are no tail calls. So there's the whole class of bugs where recursion depth is defined by contract inputs.

Order of evaluation is not defined for expressions. This in a language that has value-returning mutating operators like ++!

Scoping rules are inherited from JS, meaning that you can declare variables inside blocks, but their scope is always the enclosing function. This is more of an annoyance than a real problem, because they don't have closures, which is where JS makes it very easy to shoot yourself in the foot with this approach to scoping.

2
earlz 4 days ago 16 replies      
Here's the root error I believe: https://github.com/paritytech/parity/blob/master/js/src/cont...

The initWallet function should have been marked internal, but was instead not marked. Unmarked functions default to public in Solidity, so anyone can call that function and reinitialize the wallet to be under their control

3
finnh 4 days ago 8 replies      
I've posted this before [0], but it's still apropos regarding the foolishness that is Ethereum.

[Ethereum] only makes sense if all of the following obtain:

(a) the code is 100% bug-free (b/c accidents cannot be rewound)

(b) all code-writers are 100% honest (their code does what they say)

(c) all contract participants are 100% perfect code readers (so as to not enter into fraudulent contracts)

(Strictly speaking, only one of (b) and (c) needs to be true).

None of these conditions will ever obtain.

[0] https://news.ycombinator.com/item?id=14471465

4
aresant 4 days ago 2 replies      
From the post mortem (1) -=>

- A hacker managed to exploit a ICO multisig wallet vulnerability and drain 44,055 ETH - $9,119,385 at present.

- A white hat showed up and "saved" 377,000 ETH - $78,039,000 !!! - by draining other accounts.

I get the "see cryptos are too insecure / it's a pyramid / it's a bubble / ICOs are scams / etc" arguments.

But holy shit turning a world currency into the wild west - for better or worse - is going to be disruptive, period.

That $10m out the window is like a Series A for a nefarious hacker with deep crypto skills, what does this success embolden or create?

I can only imagine the debacles that we have to look forward to, and I say that in full support of and as a long term believer in both blockchain and cryptocurrencies.

(1) https://press.swarm.city/parity-multisig-wallet-exploit-hits...

5
doener 4 days ago 1 reply      
"my favorite part of this latest ICO hack is that it appears to have gone to same wallet as the dao hack ....."

https://mobile.twitter.com/IamNomad/status/88777698177709261...

"incredible plot twist: whitehat hacker supposedly saved most tokens from being stolen using the same vuln."

https://mobile.twitter.com/bcrypt/status/887775417406431232?...

"Multisig wallets affected by this hack: - Edgeless Casino (@edgelessproject)- Swarm City (@swarmcitydapp)- ternity blockchain (@aetrnty)"

https://mobile.twitter.com/maraoz/status/887755889897295872?...

6
cl0rkster 4 days ago 2 replies      
7
ericb 4 days ago 1 reply      
As Charlie Lee said:

If the creator of Solidity, Gavin Wood, cannot write a secure multisig wallet in Solidity, pretty much confirms Ethereum is hacker paradise.

https://twitter.com/SatoshiLite/status/887781929726038016

8
joshschreuder 4 days ago 9 replies      
Let's play hypotheticals.

If you were the attacker and you now have the ETH in your wallet, how do you cash out without anyone identifying you and maximising your profits?

Also has the attacker broken a law by exploiting a bug in the contract?

9
notsofastbuddy 4 days ago 1 reply      
Parity shipped with a built-in Solidity contract to implement multi-sig wallets. That contract had a vulnerability that is now being exploited.

Importantly, the contract is not part of the Ethereum protocol, so other implementations and non-multi-sig Parity wallets are safe.

10
sna1l 4 days ago 1 reply      
https://etherscan.io/address/0x1dba1131000664b884a1ba2384641... -- white hat group exploited the vuln and are holding people's crypto for them.
11
matt_wulfeck 4 days ago 2 replies      
I'm sure they'll just hard fork again. And nobody cares because ethereum isn't actually being used for anything real, just a bunch of enthusiasts trying to get rich.
12
pietrofmaggi 4 days ago 0 replies      
This is the most useful explanation I've found about the vulnerability so far: https://blog.zeppelin.solutions/on-the-parity-wallet-multisi...

The explanation is a bit scary about what actually ended up in parity code:

The wallet contract forwards all unmatched function calls to the library using delegate call... This causes all public functions from the library to be callable by anyone, including initWallet, which can change the contracts owners.

Edit: formatting

13
djhworld 4 days ago 1 reply      
On the parity website they state the following

> Every single line in our codebase is fully reviewed by at least one expert developer (and routinely two or more) before being placed in the main repository. We strive for excellence; static code checking is used on every compile to cut out bad idioms. Style is enforced before any alteration may be made to the main repository. Continuous integration guarantees our codebase always compiles and tests always pass.

14
icelancer 4 days ago 1 reply      
Black hat hackers nabbed $31MM in ETH. Not a bad payday due to a coding error.

https://etherscan.io/address/0xb3764761e297d6f121e79c32a6582...

15
lawrenceyan 4 days ago 1 reply      
Silver lining: https://etherscan.io/address/0x1dba1131000664b884a1ba2384641...

Looks like about +300,000 ether was able to be drained before it could be stolen thanks to a white hat group.

16
dvcc 4 days ago 2 replies      
Can someone explain how immutable contracts get updated? From what I understand you can have one contract forward requests to another, and you can use some storage in the forwarding contract to determine the real target contract. But why would someone participate in a contract that is mutable?

I guess I am just wondering how this contract can be updated, given its on the blockchain and considered immutable.

17
nkrisc 4 days ago 2 replies      
Just thinking hypothetically here as a coin novice: could a bug like this theoretically have been implemented intentionally? If the code is the law, and the code is sufficiently complex, couldn't it be feasible to dupe people?
18
swamp40 4 days ago 0 replies      
The begging in the comments section, along with their wallet ID's, looks like a glimpse of the internet 100 years into the future.
19
o- 4 days ago 0 replies      
I believe from looking at the fix [0] I was able to trace back the origin of the bug. This is my (unverified) theory. Can anybody familiar with serpent confirm?

There is a catch-all [1] function in the public API (why???) of the wallet contract which uses delegatecall to delegate to the library class.

"In a similar way, the function delegatecall can be used: the difference is that only the code of the given address is used, all other aspects (storage, balance, ...) are taken from the current contract." [2] (again, WHY???)

So calling through this catch-all function the "internal" modifier on "initMultiowned" does apparently not prevent it from being called, since the delegation happens from a function inside Wallet.

So the "attack" is to just tell the wallet to reset its owners to myself. This would be so embarrassingly trivial, that it's more like picking the money up from the floor, than a "heist".

This wallet contract is insane and the programming language too. Why would a language for such a critical application have such super unsafe constructs? This can't be true. Please, serpent community, talk to your local PL people!

[0] https://github.com/paritytech/parity/pull/6103/files[1] https://github.com/paritytech/parity/blob/02d462e2636f1898df...[2] https://solidity.readthedocs.io/en/develop/types.html#addres...[3] https://github.com/paritytech/parity/blob/02d462e2636f1898df...

20
jondubois 4 days ago 0 replies      
The problem with Ethereum is that it's just way too complex. The more complex something is, the more bugs and vulnerabilities there are going to be.
21
niahmiah 4 days ago 4 replies      
Let me guess... another hard fork to undo this.
22
ericb 4 days ago 0 replies      
No rollback this time. The chain with this hack must have the longer Proof-Of-Vitalik.

https://twitter.com/VitalikButerin/status/887782650026631168

23
theptip 4 days ago 0 replies      
Can someone explain to me why you would want a smart contract for multi-sig? This is a feature that can be implemented easily off-chain, i.e. using split keys (Bitcoin has had this approach for some time).

Seems like having this complex logic on-chain is asking for it to be exploited.

24
tudorw 4 days ago 0 replies      
Entropy, not something you want from a currency, also, paper money is not magic, it's a network of trust. I think block chain applications are out there, I just don't think cryptographic currencies are their best use.
25
ericfrederich 4 days ago 1 reply      
Is this even illegal? Or just frowned upon? It seems this is just one big game, you find the weakness and you profit.
27
e79 4 days ago 0 replies      
The vulnerability was extremely simple, as suggested by the three keyword-long patch. I've written about this and other Solidity/EVM bugs from a technical perspective, if anybody is curious:

- https://ericrafaloff.com/parity-multi-sig-contract-vulnerabi...

- https://ericrafaloff.com/analyzing-the-erc20-short-address-a...

I think at least a big part of the solution to these security problems is two-fold:

- More secure conventions. All of the gotchas in Solidity make for a bad time. Even non-security bugs create a bad developer experience. Opting into private functions by default

- More code review. Engineers need to be diligent or hire security professionals who are (I'm one).

28
redm 4 days ago 0 replies      
The blog announcement from Parity:

https://blog.parity.io/security-alert-high-2/

29
rboyd 4 days ago 0 replies      
you can see that this is also effecting tokens. check the whitehat effort (Token Transfers / View Token Balances) on this wallet https://etherscan.io/address/0x1dba1131000664b884a1ba2384641....

$30M worth of BAT, $26M ICONOMI, $17M CFI, $1.4M EOS

historic episode here which is sure to spur many a conversation about what disclosure means in the blockchain era.

30
ericb 4 days ago 1 reply      
Things like this are why I think Tezos, when/if it comes out, has a bright future. I want a formal proof for any contract I use with real-money.
31
jamespitts 4 days ago 0 replies      
Helpful information for users potentially affected by this issue:

- The vulnerability is in Parity's "enhanced" multi-sig contract

- This affects Parity 1.5 and later

- Parity 1.5 was released on January 19, 2017 (have you created multi-sigs in Parity since then?)

- The canonical multi-sig contract used in Mist / Ethereum Wallet does NOT have this vulnerability

- 0x1db is a community "white hat" sweep effort and not an attacker (See: https://etherscan.io/address/0x1dba1131000664b884a1ba2384641... )

32
codewiz 4 days ago 0 replies      
The bug in the wallet contract was fixed one hour ago with this commit: https://github.com/paritytech/parity/pull/6102/files/e06a1e8...

Parity bug: https://github.com/paritytech/parity/pull/6102

33
okreallywtf 4 days ago 0 replies      
In reading the comments I had forgotten what DSL stood for and had to look it up and it usually means something other than intended here, to save anyone else the trouble its Domain Specific Language.

https://en.wikipedia.org/wiki/Domain-specific_language

34
redm 4 days ago 1 reply      
I'm not sure why everyone is piling on Solidity. At the end of the day, bugs happen in all languages, to all programmers eventually, and if you want to point the finger, it has to be at Parity.

If anything, it shows there needs to be a better process for peer review and some defaults in Solidity should be changed for security.

35
kensey 4 days ago 1 reply      
The great thing about reading this comment thread is that I basically already read it a couple of weeks ago, because a friend of mine (David Gerard, of Wikipedia, RationalWiki and Rocknerd Internet fame) let me preview his forthcoming e-book _Attack of the 50-Foot Blockchain_. There's a whole section in there about smart contracts, Ethereum, and The DAO that goes over much of what commenters here have mentioned ("non-reversibility, till it's our money at stake", the requirement that everyone write and read code perfectly, the problems with the very idea of immutability in contracts, etc.)

If people are interested, it's on Amazon: http://amzn.to/2trOjJS (I have no financial interest in it, but I bet a lot of people in this thread would enjoy reading it and/or writing long diatribes on why he is wrong about everything in it.)

36
abhi3 4 days ago 3 replies      
That's like 30 Million USD at current prices? This is close to the DAO hack in USD value, not another fork now surely?
37
coinme 4 days ago 0 replies      
Better techniques are required. Solidity is clearly not ready to be used to secure billions of dollars that can be anonymously stolen in an instant. Fuzz testing should be an absolute minimum. Formal proofs, and a simpler language should be the ultimate goal.

Hopefully the ethereum foundation takes note because this problem is not going away, and they are responsible for 20B$ market cap of value. I realise that ethereum is still young but they have chosen to build a product that can be used in a multitude of ways without enough thought about how to keep the value secure. I wouldn't even know where to start when deciding whether it's safe to use a smart contract, and I understand the concepts well. If ethereum is ever going to grow into it's current market cap if will have to be safer for use by everybody.

38
ateevchopra 4 days ago 0 replies      
77 Million were rescued by the white hackers and stored.

https://etherscan.io/address/0x1dba1131000664b884a1ba2384641...

39
samstave 4 days ago 3 replies      
Forgive me for being harsh:

Why is there no "pen-test" phase to any crytocurrency which hits the market.

So, let me understand; you're ostensibly smart enough to (perhaps as a body of contributors, even) develop a cryptocurrency offering - yet youre also fucking stupid enough to not have same/wider network of ppl attempt to hack the fuck out of your plan?

Does this already occur? or some savant comes and owns them?

We have fucking HIPPA FFS and the compliance systems for something as trivial as my stupid name.

so; ELI5: WTF are currencies doing/not-doing which allow for such hacks (1) and allow for exploits to go unseen (2)

40
mtgx 4 days ago 1 reply      
So will the devs create another Ethereum fork to recover this money?
41
rjurney 4 days ago 0 replies      
I can't even understand what you are all talking about. Crazy kids. I'm not even kidding. Usually I can figure out what the topic of conversation is if I'm not familiar with it, but in this case I'm like three degrees removed from comprehension.

Sounds like this is all probably dot com bullshit, but maybe something genius will come out of it that is unforeseen now.

42
draw_down 4 days ago 1 reply      
It's "cynical" to point out these problems will keep happening, but then they keep happening. So, not much to say.
43
curiousgal 4 days ago 0 replies      
Maybe it was a feature not a bug.
44
likeclockwork 4 days ago 0 replies      
If the code of the contract IS the contract, how was anything 'stolen'?
45
6nf 4 days ago 0 replies      
Time for another hard fork!
46
rocky1138 4 days ago 1 reply      
How do we know this is stolen? The link doesn't provide much detail.
47
campbelltown 4 days ago 0 replies      
It appears the hacker has begun moving ether from the account. The number presented in this link will no longer match the amount in the title. There is currently 83K ether remaining.
48
viach 4 days ago 0 replies      
Looks like a good motivation to start learning Solidity.
49
hohenheim 4 days ago 1 reply      
I wonder, why the black hat didn't drain all the money and left it for the white hat group?
50
codewiz 4 days ago 2 replies      
Can someone ELI5?

I use Parity, I have a wallet contract deployed, it's night and I'm wearing sunglasses.

51
sparky_ 4 days ago 0 replies      
Didn't they fork the project a while ago due to theft?
52
joeblau 4 days ago 0 replies      
It's being put back: https://news.ycombinator.com/item?id=14811534

Edit: Without Vitalik or a hard fork.

53
kevinwang 4 days ago 1 reply      
Can anyone explain? Don't know what I'm looking at.
54
davidw 4 days ago 1 reply      
I miss patio11's posts on these things.
55
tbarbugli 4 days ago 2 replies      
how much money is that?
56
thecrazyone 4 days ago 0 replies      
the link seems to be down. Did we DDoS it ?
57
imron 4 days ago 0 replies      
Don't worry, they can just do another hard fork and get the money back, amirite?
58
qwertyuiop85 4 days ago 0 replies      
0x2ee4899d44F086e8ee974399f404214de33F9b68Please donate, I'll go full time auditing code from now on. WHG member.
60
qwertyuiop85 4 days ago 0 replies      
0x2ee4899d44F086e8ee974399f404214de33F9b68Please donate, I'm going full bug hunting from today on your behalf. WHG dev. S.
2
The New Firefox and Ridiculous Numbers of Tabs metafluff.com
960 points by robin_reala  2 days ago   521 comments top 58
1
huntie 2 days ago 15 replies      
I'm really glad that people at Mozilla use ridiculous numbers of tabs too. Lazy-loading of tabs is the reason I switched to firefox. I'm not sure if it's still this way, but Chrome used to load every tab on startup. So even if you only had 100 tabs, you were looking at 5+ minute startup time. God-forbid that any of them were Youtube, or you'd have to go through and pause them all.

I've just updated to Firefox 55 to test this, and the improvement is ridiculous. I hope that Firefox focuses more on power users in the future.

I'm curious what the author uses to manage all of these tabs. I use Tab Groups, but I think they won't work in a few Firefox versions so I'm looking for alternatives.

2
ilaksh 2 days ago 9 replies      
There are a lot of people who use tabs as bookmarks. Seems like a good way to keep the RAM industry going strong. Someone once told me (seriously) "I need at least 128 GB of RAM otherwise I can't keep my tabs open." But does everything you were interested in over the last X weeks or months really need to be loaded up? No, and if you use it like that then it can't preload stuff.

I think the main lesson is that bookmarks don't work too well or people just don't use them. If nothing else, make the bookmark display show newer bookmarks rather than the same old ones from four years ago. And maybe start preloading if they are opened regularly. Merge two features together, maybe add optional other organizational features for example similar to new tab screen.

The tricky thing is that there are a lot of things that are potentially supposed to happen while a tab is open. The browser is now it's own OS, and it may be very difficult for developers to use important features if tabs (processes) only _look_ like they are running.

3
elfchief 2 days ago 11 replies      
Wow. I've been getting more and more frustrated with how poorly Chrome handles even a moderately large number of tabs (~150), and it sounds like my savior is going to be ... Firefox. Huh.

Wouldn't have guessed it, but I'll totally take it.

I have a nice extension for Chrome called Quick Tabs that gives me a searchable list of my open tabs and makes it easy to find things I have open... anyone know which of the several things that seem to do that with Firefox would be the best to use?

4
lobster_johnson 2 days ago 6 replies      
I've been considering switching to Firefox due to these performance improvements, but the one feature that's always missing is for the location bar to autocomplete terms from other sources such as Wikipedia. Is there some add-on I can install that can fix this?

Safari is brilliant here. If you enter something in Safari's location bar, it will suggest Wikipedia and other search suggestions right away [1]. I use this feature all the time. But FF, out of the box, will only show suggestions from one source. Here [2] is what FF suggests; all the hits are from Google, and it doesn't try to be clever about showing what I might mean to search for. Notice how it offers to search Wikipedia, with this tiny, obscure icon at the bottom of the suggestions, which I find to be a completely useless feature (I have keywords for that). The top hit tends to be what Google puts in a special box in its search results.

Here is another nice thing Safari does [3] which I make use of all the time. I've not visited walmart.com, so that "Top Hit" is just because it's a popular site. I can't make FF do anything like that.

[1] http://i.imgur.com/83FfnPn.png

[2] http://i.imgur.com/T4p1NZv.png

[3] http://i.imgur.com/MkRP2Le.png

5
rc_kas 2 days ago 11 replies      
I <3 you Firefox. I'm so sad that nobody uses you.
6
randomString1 2 days ago 0 replies      
I find way more productive to use bookmarks

- Archive folder: bookmark dump to keep the links just in case I ever need it again (so they pop on the search bar even after I clean my history, you can also add keywords manually if you want)

- Buffer folder: to-dos, reminders and things I <need> to read soon. I keep it at a maximum of 10 items at all times

- Follow up folders (plural): pages I want to check ocasionally for updates. Often used for pages without RSS. I don't like to use extensions to check for page modification because I want to do it on my own pace. This helps reducing my mental load because I know it's there if I ever need it. I often delete the entire folder if I don't feel it's useful anymore.

- The rest are folders divided by a main folder and subject. This way I can easily delete them after I'm done with that task (after a minute or after a year). Example: Programming > Project X, Programming > CSS fix for that thing.

Middle click on the folder to open everything at once. Done.

The position of the folders are crucial and also helps with muscle memory. I keep it like this: the more to the right (of the browser), the more disposable they are.

7
iamleppert 2 days ago 5 replies      
Firefox is a case study in how performance really does matter. A lot.

It used to be the best browser, and then something happened and it gradually became slow, really slow, while Chrome became fast. Who was in charge over at Mozilla during all this?

Any engineering director worth their salt would have noticed what was happening and installed metrics that didn't let engineers commit code that caused performance regressions and given an engineer (or multiple engineers) who loves optimizing things carte blanche.

Really, I want to know what happened over there. Does anyone know?

8
adrianmonk 2 days ago 2 replies      
A quick tangent to plug my method for paring down open tabs when it gets out of control: I create a document!

Personally I use Google Docs, but you could use a wiki or MS Word or many other things. The point isn't the technology, it's that when you have a whole slew of tabs open, and you feel the urge to keep them open, it's a strong sign that your mind is trying to gather info about a topic.

Putting it into a document often feels great. It gives you an opportunity to type out a few quick notes on the topic (like what you thought was significant about various links) or other thoughts you had. And you might find you want to share the document with people you're working with. And I find I feel more organized, not just because I cleaned up something messy but because I took a moment to focus my energies on something my mind was begging me to pay attention to. Sometimes you even realize you need two different documents on different subjects, and it's a little enlightening to realize the two separate themes.

9
chippy 2 days ago 1 reply      
I'm also very impressed with FF's performance on Linux in recent versions. I bumped up the RAM allocated for multiprocess but I never really have more than 20 tabs open. Startup and rendering seems much quicker, and the add-ons seem more open.
10
forevercrashing 2 days ago 1 reply      
Surprised to see no mention of Tab Center (https://testpilot.firefox.com/experiments/tab-center) in the comments. I've gotten so used to it that now I find it hard to use a browser with tabs on top. Being able to see more of the page title when tabs are displayed horizontally is extremely useful. There's a search field too. This combined with the "browser.ctrlTab.previews" set to true in about:config (enables MRU tab switching with ctrl-tab) makes managing tabs awesome for me.
11
aboodman 2 days ago 5 replies      
Why do you have a profile w/ 1600 tabs in it. If whatever it is is so important, aren't you afraid to lose it? I'd be terrified that one time Firefox just wouldn't shut down clean.
12
Koshkin 2 days ago 5 replies      
Can anyone offer an explanation of why should not tabs be managed by the window manager? (My understanding is that this question is independent from how the particular application would choose to control the contents of a tab - whether directly, or through a separate thread, or by spawning a child process.)
13
megamindbrian 2 days ago 0 replies      
It's about time. Slowness is why I quit all of Mozilla. Also dumping Thunderbird is irresponsible. We need one client that doesn't give annoying pop-ups when using IMAP and that use to be it. Guess we have to go back to using CLI to avoid pop-ups.
14
overcast 2 days ago 2 replies      
I was already using 55.x Beta. My BIGGEST issue, is that EVERY browser seems to chew up memory over time, just by leaving it open with tabs going. Firefox, Chrome, Safari. All do the same thing. Alleviated by using the Great Suspender in Chrome, but why can't they all have this just built in? Startup/speed, and initially memory use really haven't been that big of an issue. It's the memory, and finally grinding to a halt that is the BIGGEST issue for me. I can't escape it.

Happens on MacOS, and Windows for me.

15
ledgerdev 2 days ago 1 reply      
I would love get rid of chrome and to switch back to firefox as my everyday browser, but simply can't get over how messy/ugly the tabs(even in compact theme) and window title look compared to what chrome does with tabs and title bar, and lack of window title bar.
16
userbinator 2 days ago 2 replies      
"Ridiculous" is right, especially from a UI perspective --- it still puzzles me why they would design it so that by default all the tabs are crammed into the place which used to be the titlebar, making it difficult to both read the title and find the tab you're looking for.

I've seen others start opening multiple windows when the tabs get too small. I usually do that to keep tabs grouped into "pages I am unlikely to view simultaneously".

17
fiatjaf 2 days ago 1 reply      
I have 2 tabs open right now. If the number of open tabs gets over 10 I start to actively look for tabs to close.
18
eyeball 2 days ago 1 reply      
The OneTab extension has been really good for helping me handle my tab hoarding tendency.

https://www.one-tab.com/

It lets you hit a button and send all open tabs to a single page that persists between browser sessions. You can remove a link by opening up that list and clicking on it.

Has a bunch of other handy features too ... like publishing the list of links to a share-able URL.

19
mannigfaltig 2 days ago 0 replies      
Whenever people ask me about the excessive number tabs in my browser, I simply show them Einstein's desk: http://2.bp.blogspot.com/-eyOIn_EOW2Q/Vmcl6O-55OI/AAAAAAAADs...

I am not Einstein but it is probably not a bad idea to have a whole lot of interesting things around you all the time. Sort of like a cache or the way proteins are synthesized, like swimming in a nutritious soup. "Oh, look here is a piece that fits!".

One basically decreases the chance of forgetting interesting and useful information. "Out of sight, out of mind."

20
ernsheong 2 days ago 0 replies      
(shameless plug) For those of you keeping many many tabs open because you worry you might forget it again, or working on related topics, I am building https://www.pagedash.com to save your page exactly as you saw it, and everything from the original page (HTML and assets) are saved to PageDash so that you can load it again without worrying that the original page went bonkers/down.

v1 will be quite basic, just a list of saved pages. Expect more organization tools (folders, tags, etc.) in the further releases.

Please do sign up to be informed of impending release! :) (estimated end August)

Also, do leave a reply if you are keen on using ML (link classification) to help organize your pages for you. Unfortunately, because computers can't read our minds, this can't be perfect so folders are probably still relevant for your mini-projects.

21
outworlder 2 days ago 1 reply      
I use Firefox as much as I can, for many reasons. Two things keep me from using it all the time:

Yubikey My Chromebook (I would use and equivalent FirefoxOS if given the choice)

There are performance issues in some cases but nothing major. It is still somewhat slow compared to Chrome, even though this may be due to optimizations done specifically for Chrome.

22
mrkrabo 2 days ago 5 replies      
I suppose I'm alone in getting all nervous if I have more than 10 tabs open.
23
septentrional 2 days ago 1 reply      
Sorry if this is somewhat off-topic but how do you make Firefox' tab bar look like the one in the article (i.e. no rounded edges for the tabs) on MacOS?
24
giancarlostoro 2 days ago 1 reply      
I love Firefox and never had issues, except at work. For some odd reason it will break, all tabs will look white and all I see is a loading icon on the middle no matter what tab I click on ruining my workflow. No idea what that's about since at home Firefox works fine, Chrome seems to work fine at work on the other hand. I guess I'll be using Chrome at work and Firefox at home till I figure out how whats causing the Firefox issue. I only usually have no more than 20 tabs open at any given time. Very unusual for me to keep 10 tabs open really.
25
problems 2 days ago 0 replies      
I've been running a ~7 year old laptop for occasional browsing. Chrome is unable to seek properly in video playback (gives page unresponsive after a while) and lags randomly when loading large pages, I suspect due to RAM allocations.

Old Firefox played videos fine, but lagged on many page loads. I was about to conclude it was just too old to browse the web decently, but this... this seems incredibly usable.

Thanks Mozila, I'm definitely installing this thing on my main, much more modern machine tomorrow.

26
PhasmaFelis 2 days ago 2 replies      
I'm torn between thinking it's time to switch back to Firefox, and thinking I need to avoid Firefox at all costs, because the slowdown when Chrome gets over 100+ tabs is the only thing keeping my browser windows remotely navigable.

You know what I really want? A way to attach titles to browser windows. This window is "Games", this one is for "Books", this one is for my current "Work" task, this one is "Research" on the new doohickey I'm thinking of buying...

27
ChoGGi 2 days ago 0 replies      

 I measured by eyeball, using "time cat" on the command line. This might seem weird, but c'mon - I'm measuring minutes. Microsecond precision is not required.
For anyone else doing this sort of testing; there is an extension to monitor startup speed called about:startup

https://addons.mozilla.org/addon/about-startup/

28
rndmize 2 days ago 1 reply      
This is nice to hear. I use Firefox as my default browser with the tree-style tabs add-on, and just yesterday I replaced ABP with uBlock and Ghostery with Disconnect out of frustration with how slow things were going (~30-50 tabs open). The slow startup time hasn't been helping (come on, its not even loading the tabs until I click them, what's taking so long?)
29
evolve2k 2 days ago 1 reply      
My biggest frustration with Firefox is that you can't 'Tab to Search' as you can in chrome. Every time I attempt to switch to FF the lack of this feature just kills my productivity and I end up switching back.

So wish this was possible.

Ref: https://www.chromium.org/tab-to-search

30
versteegen 2 days ago 0 replies      
I currently have over 1380 tabs open in firefox 52 ESR (over 4 windows). Oh god, it's terrible. Very slow and unresponsive, CPU usage is typically 60+% when idle. I restart firefox every couple days (which takes many minutes) to keep CPU and memory usage down, by causing all tabs to be unloaded. (As an example, right now at 5.2GB resident, with only a small percentage of tabs loaded).I've been trying to kick the habit.I also have several other profiles and other computers. Probably adds to 5000 tabs all in all.

I use All Tabs Helper to help jump between tabs. Finding tabs is hopeless without it. ATH also has features like mass closing tabs or unloading them. I wish it had a way to bookmark tabs, which I would use to close most of my tabs.

So, I'm very glad to hear this. Time to switch off ESR.

31
libeclipse 2 days ago 0 replies      
Is there anything similar for chrome/chromium? Would be interesting to compare them.
32
znpy 2 days ago 0 replies      
I am happy to hear this because I stopped using firefox and migrated to google chrome around firefox 51, and boy it was SLOW.

Now it might be worth it to give it another try.

In the meantime, I am seriously concerned about Thunderbird. Thunderbird is my MUA of choice and quite frankly, there are very few options to replace it, and none of them seems 100% okay (except, maybe, Evolution). Clawsmail is okay-ish, but so ugly to see and feature-poor.

33
softinio 2 days ago 0 replies      
I use chrome with the extension The Great suspender and that works well for me:

https://chrome.google.com/webstore/detail/the-great-suspende...

Would love to switch to Firefox, but I still find Chrome faster to use. Anyone tried vivaldi?

34
bigbugbag 2 days ago 0 replies      
How does this translate to real use, as in actually loading the pages and having a couple dozens extensions ?

The ability to open 5-10 times more tabs than I use is quite and edge case that mozilla usually doesn't care about, but the real question is what is the point of this when it comes with making firefox totally useless for said use case by dropping support for extension that make it practical or useful.

35
kowdermeister 2 days ago 0 replies      
I follow the zero inbox mindset with tabs and try to reduce them to a few ever running apps like Gmail and Mixcloud. The rest is just noise and mental load that I can get rid of.

I put articles to Pocket if I don't read them for a week or so. I'll probably read them on a vacation, but I don't need a constant reminder how poor my time limits are.

36
johansch 2 days ago 0 replies      
Opera has supported this abnormal behavior for like two decades now. I remember being shocked by how many tabs the Opera core browsing/rendering engine developers used to have open on their desktops when I joined Opera back in 2004. I guess it was an odd pride thing? :)

To clarify: I am talking about a one-row tab scenario. With about 3-4 pixels per tab. And they were perfectly happy with that. Even seemed to feel it was a good user experience.

37
reiichiroh 2 days ago 1 reply      
With Chrome, I use "The Great Suspender" extension.
38
fouc 2 days ago 0 replies      
Note for the blog author:

"It's interesting that Firefox startup time got consistently worse over time until Firefox 51."

I believe you meant to write "until Firefox 52." I think the usage of "until" would typically point out the exception to the rule, in this case Firefox 52 is the first version that is no longer slower than the previous.

39
droithomme 2 days ago 0 replies      
When I see bug reports with these sorts of ridiculous over the top use cases, I think, yeah buddy, why don't you join the project and fix it since it's only applicable to you.

And in this case that happened. This guy is an actual Firefox developer.

This is as it should be and congrats.

Now I am wondering how I can possibly get into this mysterious world of having thousands of tabs open.

40
cf 2 days ago 1 reply      
So one challenge I face is that many of my tabs are for web content that isn't always there. Do any of these extensions like Great Suspender, Session Buddy, etc actually let me save the webpage as it is and then let me choose to refetch it as necessary?
41
kronos29296 2 days ago 0 replies      
If such numbers happen in android also you sir just have another firefox fan. I want to know right now. (Chrome sucks at this on all devices now.) The only reason I am using it is that it is better than firefox for accessing google.
42
muppetman 2 days ago 0 replies      
This would have been useful 4 years ago before we all gave up on Firefox.
43
austinjp 2 days ago 1 reply      
And then there's Firefox Focus which has no tabs and no other new instance capability. One single window. "Focus" indeed. It still makes me twitchy, but is so far completely usable.

Could do with a "fetch as desktop" mode, though.

44
manuelmagic 2 days ago 0 replies      
I have the bad habit to open many tabs on my old MacBook (mid 2010). Boot time, together with CPU usage, is one of the main reasons I had to use Opera as my primary browser. I'm really happy to see this might change in the near future.
45
caio1982 2 days ago 0 replies      
This is the first time in a decade that something (the article) convinced me to try Firefox as a possible day-to-day browser once again.
46
TekMol 2 days ago 0 replies      
Great that you can open over a thousand tabs now. Next blog post will be when it's over a million I guess?

Personally, I usually have something like 3 or 4 tabs open. But what I would really need is this:

https://xkcd.com/619/

Yup, hardware accelerated video on Linux. Chromium has it. Firefox doesn't.

It's 2017 and for me Firefox is still missing the basic feature of seeing smooth Youtube videos.

Anybody working on that? Can't you just take it from Chromium? I mean it's open source, isn't it?

47
CurtMonash 2 days ago 0 replies      
I use ridiculous numbers of tabs, and Firefox has been less stable for me the past months than ever before.
48
wnevets 2 days ago 1 reply      
What made it so much worse over time?
49
codychan 2 days ago 0 replies      
Impressive, now I'm looking forward to the official stable version of 55
50
minusSeven 2 days ago 0 replies      
I wonder what these numbers would be compared to chrome.
51
BlytheSchuma 2 days ago 0 replies      
LOL I've been running Firefox with 5k+ tabs since 2009.
52
crorella 2 days ago 0 replies      
I tested with 1690 tabs and got similar results :D
53
snorrah 2 days ago 0 replies      
John Siracusa would be proud :)
54
digitalzombie 2 days ago 0 replies      
lol this is why I love firefox. I hoard tabs. But not as excessively as OP though... 1000+ is crazy.
55
daef 2 days ago 1 reply      
My usual day looks something like this:

open FF (it it's not already running) and wait for a hand full app-tabs to load:

 * slack (there's no dark theme in the native app) * skype (there's no dark theme in the native app) * toggl (timetracking) * email (office365, I stopped worrying about outlook/thunderbird) * jira (gotta know what to work on next) * social (fb&twitter - could probably also do w/o - I rarely open those)
since they exist I'm also use a hand full tab groups - at least those 3:

 * work * private * to read
the work tab group usually starts empty (at least when I finished up the day before), might grow to a hundred or two during the day - but usually ends up empty at the end of the day when I'm done again.

I hardly ever left-click a link, I only wheelclick. but my ^w is at least as fast as my wheel click - since the awesomebar searches through history, pagetitles and already openend tabs it's really easy to navigate even between tab groups just by ^t, type 3 letters, press return to 'switch to tab' (really convenient icon there so you know you're going to close the new tab and switch to an existing tab at this moment)

if I want to restore a tab i killed prematurely I fire up the history - where I only use the 'by last visited view' - does anyone srsly use the 'by date and site' view?

tabs are something very different than bookmarks to me, a bookmark is something I return to on a regular basis - a tab is an open 'todo'. I don't use the usual bookmarks thou, only the bookmark-toolbar below the url - and my bookmarks there have no text - they get renamed to "" so I only see their favicon.entries there are e.g.

 * HN * blog.fefe * oglaf * xkcd ...
one thing that I really disliked that mozilla sometimes decided to drop the dedicated keyboardshortcut to hide/show the bookmark-toolbar (I tend to hide it for screenshots where I want the URL to be on the screenshot https://xkcd.com/1863/ )

I have no idea what I'm going to do after the death of the tab groups extension.

one thing that really bugs me is that every time a show tab groups to 'normal users' (tm) they insta love them. I really wonder if no one used to use them bcs hardly anyone ever knew about them.

56
linuxray 2 days ago 0 replies      
thanks for info
57
valuearb 2 days ago 0 replies      
Dear god, why?
58
revelation 2 days ago 6 replies      
Whut? It didn't get any faster, it's just more aggressively lazy loaded now. This is breaking the very use case of people who have 100+ tabs; they want stuff to be there when they click on it.
3
Things Ive Learned from Reading IndieHackers toomas.net
595 points by scribu  5 days ago   149 comments top 15
1
donmatito 5 days ago 2 replies      
What I find interesting with Indie Hackers is that it covers a wide range a personal/business situations. It goes from real lifestyle business, to beer-money-making side-projects.

I feel that there is a world of difference between a side-project that is free, to one where you ask customers for their credit cards. Of all professional experiences, I have never learnt as much as I did taking a side-project idea from idea to MVP, then to beta users, then to paying customers, scaling server issues, and marketing strategies. It's not so much about the money, than the fact that you learn so much on so many dimensions.

Sincere thanks + shameless plug, the interview about Smooz was fun, a good self-reflection exercise, and a good source of traffic too (https://www.indiehackers.com/businesses/smooz)

2
ThomPete 5 days ago 5 replies      
In other words. Reading about success to become successful is like reading the autobiography of lotterywinners. There are no secrets to success other than luck, timing and actually shipping your product (or play the lottery).

Contrary to the lottery though much fewer people ship and there are much more winning lottery coupons.

There is nothing to learn about how to build a successful product.

If you want to read anything read about specific obstacles you get into.

Great read!

3
bigtunacan 4 days ago 2 replies      
The 4-Hour Workweek is the first book listed and I have heard of it so many times I finally decided to read it. I picked up an old copy from the local library and I'm a little over 1/2 way through.

So far I have not been all that impressed. Just in general it seems so light on anything really concrete and more just a motivational book. Where it does have concrete things though they are just really out of date (One example is that they recommend Yahoo Stores where today someone would probably use Shopify or another alternative. Another example is there is a LOT of talk about using magazine ads, but how many people are actually still reading/buying print mags today?).

What are other people's thoughts on this particular book, and what about the updates in the latest edition? Has it changed enough to be somewhat current when the realities of today?

4
rb808 5 days ago 5 replies      
Yeah this is the best for me:

> Ship. Ship. SHIP. The overwhelming failure case among people who read interviews like this one is that they spend 98 units of effort reading about running a business for every 2 units of effort running a business. Flip that on its head.

I wonder how many successful entrepreneurs actually spent time reading advice blogs when they were starting.

5
noxToken 5 days ago 9 replies      
I've always wondered what the advice would look like if you compiled a list of what not to do from failed companies. TFA is a list of the successful ones who got it right, so we know what they did to make it. Yet I'm sure many people follow this advice and still fail.

You can find wildly varying statistics, but somewhere between 50% and 90% of startups will fail within 2 years. What did those companies do (or failed to do) that made them close up shop?

6
zapperdapper 5 days ago 9 replies      
All good advice, but I'm going to propose something that may be a bit contrary to current wisdom: if you really want a decent lifestyle/work-life balance don't start a business!

So what's the alternative?

Go contracting. Reduce your expenses to the bone, and limit the contracts you do. I now only take 3 month contracts and I do one a year. I make about 24K from that - I know many developers making double my rate. That 24K is more than double my expenses though. If there's a 6 month contract I really like the look of I will do it (especially if it's remote working) - but then I'll take at least a year off.

The great thing about a contract is you go in, do your thing, get out. Job done. No stress. No worry. No customers giving you grief and wanting their money back. No infrastructure going down with admin alerts at 3.00am. No hassle. I don't even have my own limited company. I use an umbrella company and while not as tax efficient I have no dealing with accountants, HMRC, tax returns and all that nonsense.

I think there are many good reasons to start a 'lifestyle' business. I'm just not convinced it's the way to go if work-life balance is what you are looking for.

7
konpikwastaken 4 days ago 0 replies      
Heh, something I read earlier on indiehackers made me chuckle.

"Honestly, negativity about my business model is more likely to come from a community like Hacker News than it is from my readers."[1]

He's not wrong.

[1]: https://www.indiehackers.com/businesses/site-builder-report

8
Silhouette 4 days ago 0 replies      
A lot of this seems to reflect the consensus among experienced HN posters as well: you have to actually ship something and charge for it, it has to be something people actually want instead of just what you enjoy making, and so on. Arguably much of this is just common sense, but maybe that's just hindsight talking.

The only one I strongly disagree with is "raise your prices". While this is common advice on HN as well, I think it should come with a caveat that it mostly applies to B2B businesses. If you're running a B2C business, your customers are spending their own money, and possibly on something that isn't a necessity and isn't immediately going to make or save them a greater amount of money in return. Customers in this situation may well be extremely price-sensitive, and even small adjustments in pricing can have dramatic effects on conversion rates. As a counter-example showing that a big price cut can be effective, look at the way that games suppliers like Steam and GoG run their sales.

9
superasn 4 days ago 0 replies      
Very interesting post. I think the author can head his own advice and could have hosted it on a domain like startuptools.com or something, because this blog post is going to be backlinked heavily and with a touch of SEO this can be a regular source of targeted traffic.

Just add a pdf checklist at the bottom that needs an opt-in (anybody who reads this will have a very conversion rate) and soon you've got a small list. Pitch them the startup tools or whatever you think is best for the list (using affiliate links) and soon you have a site that is making a passive income. It's easier said than done, but creating a passive income is really that easy and if you're doing the effort you may as well reap the rewards.

10
tmaly 4 days ago 0 replies      
One other thing not mentioned in the article is the community on Indie Hackers. If you are working on a side project, the majority of the people in the forum are there to help you. They have given me great feedback and ideas for my project.
11
soneca 5 days ago 3 replies      
I believe this list is missing what I consider to be the most important factor for success, an underlying strength that the most successful business I read on IndieHackers (and elsewhere) have that is systematically underestimated as a reason for success: previously acquired audience.

I believe audience is the most important currency in today's world, especially for digital products. Audience may be followers on Twitter, Instagram, Youtube, etc. Audience may be an email list. Audience may be traditional networking (as if you are in a B2B niche business). If you do not have audience, you can buy one with ads (even so it is easier said than done); or you can borrow the audience from someone else, an influencer (I know there are ways to pay for influencer's audiences, but I do not believe it is very effective, to get some influencer to legitimately love your product and act as your referrer seems to me to be more effective, if harder). Or you can borrow the audience from something else, like HN, Reddit, PH.

All of the steps of launching and building a business, especially the very first ones are enormously easier if you have an audience. And enormously - some times impossibly - harder if you do not have one. This is derived from the adage that your first idea is always wrong. You have to learn everything by shipping early and talking to customers, but if you ship early to 20 eyeballs and talks to luckily one or two potential users, this feedback loop just doesn't count. But if you launch to thousands to eyeballs, even if you are making the mistake of no shipping early or not focused on talking to customers, you will receive unsolicited feedback from some of them.

And a previously built audience of people who trust you at a basic level will be much more responsive and engaged in rationalizing and vocalizing their opinions about your product. They will be "early adopters" type (hard to get that when you buy an audience). And they also will (likely) be people that are your target audience (hard to get that when you borrow an audience from HN and similar).

Some of the most impressive successful business in IndieHackers (according to my own criteria) are the ones who had years of building an audience. Through foruns, email lists, blogs.

A genuine audience is hard to plan ahead. Does not seem plausible to have the vision, the will, and the diligence to think about the industry/niche where I want to launch a business years ahead. So it is good to launch a business where you have genuine passion, somehow you will have the network (even so, not necessarily a large audience).

If you are in that position of having a large audience, seriously consider launching a business because you have a very big unfair advantage (and follow all the advice on this list). If you are not, pay a lot of attention on how to reach your target audience. It is a very tough problem to crack.

12
Oras 5 days ago 2 replies      
Nice article, I would add:

1. "Be patient" as success does not appear overnight.2. "Don't be afraid to fail". It's hard to get it right from first time.

I guess second point is covered in ship,ship,SHIP :)

13
jacobrobbins 5 days ago 0 replies      
this is a great resource, a lot more stuff in here than a typical blog post
14
cbar_tx 4 days ago 0 replies      
digital nomadism doesn't mean anything.
15
dahoramanodoceu 5 days ago 1 reply      
I work one hour a morning. W00t!
4
Scientists Reverse Brain Damage in Drowned Toddler? newsweek.com
562 points by Deinos  4 days ago   286 comments top 29
1
dumbneurologist 3 days ago 13 replies      
Disclaimer: I am a neurologist

The enthusiastic replies on this thread are understandable, but disappointing to see: we all need to be less credulous regarding the lay science press, and especially the lay medical press.

I would love nothing more than to have this kind of therapy be a reality for my patients. However, I am deeply skeptical of this report.

Why? Because

- hyperbaric oxygen therapy has a big industry of quackery behind it[1][2]

- oxygen is a standard part of medical care and can just as easily be harmful as helpful

- because there is just no way in hell that oxygen is going to reverse cell death.

- this is in newsweek, and not a peer-reviewed journal.

And if there was no cell death, then the recovery is almost inevitable.

Some posters are skeptical because 15 minutes is impossible.

On the contrary: the key point is the temperature. The article says the water was 4 degrees C. That is cold enough that you can recover fully. In fact, the most amazing recovery is also one of the best-documented: with a 66-minute submersion in Utah that was followed by complete recovery[3] (this is a far more interesting article than the original post - it was in 1988, and utilized extracorporeal rewarming). This observation was used to pursue hypothermia in other causes of anoxic injury, which is clinically used today. I'm sure the 66-minute case also got oxygen during the recovery, but to say that it was due to oxygen (which is standard of care) rather than the temperature is silly.

Sorry to be a wet blanket, but this article is just clickbait junk.

1. https://www.fda.gov/ForConsumers/ConsumerUpdates/ucm364687.h...

2. https://www.quackwatch.org/01QuackeryRelatedTopics/HBOT/hm01...

3. http://www.nytimes.com/1988/07/26/science/the-doctor-s-world...

2
nerdponx 4 days ago 6 replies      
This is approaching Star Trek levels of medicine. Congratulations to the team who discovered and pull this off, and of course my heart goes out to the family and their child. Drowning is very serious and very scary.

Edit: somewhat unrelated since this girl fell into an unattended pool, but it's important to know the signs of drowning, which are not what you see in movies: http://www.cbsnews.com/news/how-to-spot-signs-of-a-child-dro...

Edit 2: I get that people have a right to downvote whatever they want, but seriously, did I say something wrong here?

3
madilonts 4 days ago 3 replies      
Well, this event happens enough that it might be worth studying the benefit of oxygen therapy, but I'd be very careful about the conclusions you draw from this.

Maybe the oxygen had a substantial positive effect, or maybe the child would've recovered on her own. We really don't know, since there are other reports of children who have good neurological outcome despite terrible prognosis [1] [2].

I'm suspicious because of the unusual and/or stereotyped responses in the Medical Gas article and the linked YouTube videos: "doctors said she had 48 hours to live" (doctors don't say things like that) and "this demonstrates that we're inducing 8101 genes!" (ummm, OK...), etc.

Also, be suspicious when something like this hits all the pseudo-news sites simultaneously. It reminds me of the articles that go something like "16 year-old cures cancer...DOCTORS HATE HIM!".

Finally, I'm very happy this little girl has been given a second chance and hope for her continued recovery. However, don't forget that a toddler was left unsupervised and submerged in a pool for 15 minutes. Some people call that an accident; some people call it neglect.

[1] https://www.ncbi.nlm.nih.gov/pubmed?term=3379747

[2] https://www.ncbi.nlm.nih.gov/pubmed?term=10665559

4
davidiach 4 days ago 1 reply      
>Concluding, the researchers say that to their knowledge, this is the first reported case of gray matter loss and white matter atrophy (types of brain damage) reversal with any therapy and that treatment with oxygen should be considered in similar cases. Such low-risk medical treatment may have a profound effect on recovery of function in similar patients who are neurologically devastated by drowning."

I always believed that brain damage cannot be reversed. If version 1 means reversing it in toddlers, maybe version 10 will do miracles for many other people. Truly amazing and congratulations to the medical team!

5
matt4077 4 days ago 3 replies      
> was in the 5 degree Celsius water for up to 15 minutes before being discovered.

as my professor used to say: If you're going to drown, drown in almost-freezing freshwater.

6
amykhar 4 days ago 5 replies      
What frustrates me is that in the United States, most insurance companies won't pay for hyperbaric oxygen treatment for traumatic brain injuries. My son, 26, was injured in a car accident last November. I would love to be able to get Oxygen therapy for him, but cannot.
7
slr555 4 days ago 1 reply      
Drowning is from a medical standpoint more complex than the simple notion I grew up with which was in essence "water fills your lungs so you can't breathe air".

In fact drowning does not require filling the lungs completely. Even a volume of a few milliliters/Kilogram of body weight is enough to cause drowning. Additionally, drowning can cause serious damage to the lungs themselves even if the patient survives initial attempts at resuscitation. The alveoli (functional unit of the lungs) are lined with a surfactant that is critical to the exchange of air to the blood stream. Water can severely disrupt the surfactant and impair function not just while the water is present but until the body is able to restore the surfactant layer. Damage to the patient's lungs in this case seems to have been mild enough that the oxygen therapy could do it's job.

Also notable is the 5 degree celsius water temperature (41 degrees Fahrenheit). This water temperature compared with the temperature of an olympic practice pool (~76 degrees Farenheit) is cool enough (though not as cold as many other reports) to trigger the so called "diving reflex" where stimulation of thermo-receptors in the skin triggers a vagal response that shunts blood away from the periphery and to vital organs.

Minimal surfactant damage and the diving reflex (as well as the patient's age) seem likely to some degree to have facilitated successful treatment of the patient.

8
mechnesium 4 days ago 0 replies      
This is really awesome. I am curious if this therapy would have been augmented by cognitive enhancers or nootropic substances such as piracetam. Piracetam in particular exhibits neuroprotective effects and improves cerebral vascular function. Several studies have found it to improve recovery following acute/transient ischemic stroke. It has actually been prescribed in several countries for this purpose.

References:https://www.ncbi.nlm.nih.gov/pubmed/22972044https://www.ncbi.nlm.nih.gov/pubmed/10338105https://www.ncbi.nlm.nih.gov/pubmed/9412612https://www.ncbi.nlm.nih.gov/pubmed/9316679

9
zeveb 4 days ago 0 replies      
Egad the JavaScript on that page is terrible! Every time I scroll to read the first paragraph, it hides the video or something, causing it to scroll away.
10
samfisher83 4 days ago 0 replies      
It seems like they fed the body a lot of oxygen and the body healed itself. I think the body is pretty amazing at regeneration when we are young.
11
sehugg 3 days ago 1 reply      
Can anyone knowledgeable about medicine explain this article further? For example, I'm wondering why they waited 55 days to give normobaric oxygen therapy. Wouldn't it be given immediately for a patient with brain injury?
12
mabbo 4 days ago 2 replies      
I was worried this would be a case of neural plasticity, where the brain just rewires itself around the damage (which is a thing, and it's super cool). But then I read this part:

> An MRI scan a month after the 40th HBOT session showed almost complete reversal of the brain damage initially recorded. Researchers believe the oxygen therapy, coupled with Eden having the developing brain of a child, had activated genes that promote cell survival and reduce inflammationallowing the brain to recover.

We can reverse brain damage. Wow.

13
timcamber 4 days ago 3 replies      
This is amazing. Does anyone think the cold temperature of the water (5C) had anything to do with the feasibility of recovery? I don't necessarily have a reason to think it would be beneficial or not, just a thought that crossed my mind. I don't think it was mentioned in the article.
14
wvh 3 days ago 0 replies      
[...] and two hours where her heart did not beat on its own.

Impressive. I wonder if there are ways to force this level of regenesis in adult brains with less generative power and neuroplasticity.

I don't think there's anything sweeter to a human being than "here's your child back".

15
sunwooz 4 days ago 0 replies      
Is there data out there about infants in a similar situation who didn't receive oxygen therapy? Is it possible that the developing child brain is what almost solely caused the improvements?
16
blauditore 4 days ago 1 reply      
First paragraph:

> she spent 15 minutes submerged in a swimming pool

This seems highly implausible, given she survived. Also, how would they know the moment she dropped in?

Further down:

> up to 15 minutes

Ah ok. From what I know, brain damage starts occurring even after 2-3 minutes without air (for adults), so I suppose it was rather on the lower end. Does anybody know a bit more about this?

17
rhinoceraptor 4 days ago 0 replies      
It would interesting to know if better results could be obtained using even more oxygen, in combination a ketogenic diet/exogenous ketones (which would negate the risk oxygen seizures).
18
msie 3 days ago 0 replies      
This is cool but will other people try it or will it be another forgotten technique?
19
TurboHaskal 4 days ago 2 replies      
How is nationality relevant?
20
flamedoge 3 days ago 0 replies      
Drowned U.S. Toddler. U.S. is unnecessary here.
21
wcr3 3 days ago 0 replies      
?
22
ilitirit 4 days ago 6 replies      
Does drowning not imply death? Is there different definition for drowning (or death) in medicine?

EDIT: I'm referring to the fact that the title says the girl drowned, not that she was at some point "drowning".

23
Karunamon 3 days ago 3 replies      
It is also completely irrelevant to the correctness or incorrectness of the argument, which is often what gets missed. Authority is a heuristic, nothing more.

The evaluation of P -> Q happens independently of the speaker. If you're trying to refute P -> Q by mentioning an attribute of the speaker, you're necessarily answering some other question entirely, while making an excuse to ignore the original question.

You can say that someone making such an argument is more likely to be incorrect based on their beliefs, but that's still an untested hypothesis (more bluntly, a rationalization) until you actually sit down, stop making excuses, and verify it yourself.

Excuses aren't logic. You can say you don't have time, and that's valid, you can say you don't want to, and that's valid, but don't say you're doing logic. You're coming up with reasons to avoid doing logic.

24
wfunction 3 days ago 2 replies      
> Disclaimer: I am a neurologist

> {informed comments}

A little off-topic but I see this so often I feel like I should mention this at some point:

I think you mean "disclosure" and not "disclaimer" (and most likely it's best if both are omitted and you just mention you're a neurologist).

"Disclaimer" means refusing to accept responsibility, which doesn't make sense when it's a preface to what looks like a comment based on expertise. If, on the other hand, you're really trying to say that you're refusing any responsibility for what you say, then the disclaimer should probably be something more along the lines of "I'm NOT {a qualified lawyer/neurosurgeon/whatever}", and not "I AM {a qualified whatever}".

25
mrkrabo 4 days ago 3 replies      
I swear to God, from the three videos I've seen, the drowning kid was always black. Was that luck, or was that an actor?
26
melling 4 days ago 4 replies      
No, not really. You're making a hyperbolic statement. I've been watching Star Trek for 40 years. We're definitely still in the Dark Ages:

https://www.youtube.com/watch?v=MMaGnpVaSGQ

27
Supremacist 3 days ago 1 reply      
28
komali2 3 days ago 2 replies      
29
blahdblah 3 days ago 1 reply      
5
18yo arrested for reporting a bug in the new Budapest e-Ticket system marai.me
688 points by atleta  12 hours ago   239 comments top 32
1
lebowen 3 hours ago 3 replies      
A few years ago I also found a serious bug in a debt collection agencies web software. I ordered a phone and neglected to pay import tax and was chased by the agency. I found their website and saw that they developed their management software in-house and made it available for purchase for other agencies.

They offered a demo which I used to navigate around, in the demo was a reporting tool which essentially allowed you to send raw SQL queries to an AJAX endpoint. Something along the lines of:

http://demosoftware.com/reports/ajax.php?sql=SELECT * FROM debts

I switched out the demo software domain name for the live version and it worked, not only could I query the database there was no authentication preventing me hitting this end point.

At this point I was left with a dilemma, do I "erase" my debt, do I disclose the bug and pay the debt, or simply pay the debt and move on. I chose to pay the debt and move on due to fear of any recriminations. However it has left me uneasy ever since knowing that this company have such bad security and any debtors they are chasing for payments potentially will have all of their personal data leaked.

2
goodplay 11 hours ago 9 replies      
I remember coming across a serious bug in a site that belonged to a top multi-billion company. My brother also found what essentially an unrestricted privacy leak (and possibly editing access) in a top university (leaked data is sensitive personal information, not academic). Neither of us reported (or exploited) what we found.

Protection from this kind of blame-shifting and misdirected retaliation should be guaranteed by law. Until it is, bugs in critical and important infrastructure will go on unreported, and remain available for malicious actors to exploit.

3
amingilani 6 hours ago 2 replies      
In my country, the laws are draconian and totally against this kind of responsible disclosure. But being a good guy, whenever I find something I write a strongly worded email explaining why the company's IT department messed up, how to test said mess-up, and how they can hire my company to ensure these kinds of stupid things don't happen again.

I've reported several of these issues, sometimes all I get is single reply months later saying: "fixed".. mostly, nothing.

Once I found a SQL injection in a courier service's (very broken) web portal. This was very serious because any idiot could drop all the tables, so I sent an email to the most important worded member of their tiny, yet already bureaucratically structured team. I followed up several times because I knew someone saw my email (I embed beacons in my emails) but gave up after the sixth time. Three months later someone else replied saying "thanks Amin, we've fixed it"

On a separate occasion, a large government agency's emails routinely ended up in my spam folder. It was a huge problem, and they acknowledged it and said they couldn't figure out what was wrong. I took five minutes and found the problem to be a misconfigured server on the domain. The server sending the email thought it was `server-a.governmentdomain.com` but there were no DNS entries pointing the subdomain to the server.I reported this problem with clear instructions to test and fix the issue, but I was called despite the instructions, multiple times, to explain the issue with my words over the phone. This was 2 years ago, last I checked, the issue was still present.

4
whatnotests 11 hours ago 3 replies      
That's how the DMCA works. Remember the guy who gave a talk about Adobe's PDF creator which purported to produce "secure" documents (required a password) but the feature was easily bypassed.

Adobe had him arrested the day after he gave his talk.

Link to a Wired article here: https://www.google.com/amp/s/www.wired.com/2001/07/russian-a...

EDIT: I have a terrible memory-- thanks to the folks who replied to my comment with corrections.

5
fredsir 6 hours ago 1 reply      
We've seen two[1] cases[2] of this in Denmark in the last couple of years surrounding systems that kindergartens are using. The second one is currently (still) being investigated, but the first one was rightfully concluded earlier this year with the "hacker" being acquitted.

In both cases, it was dads of children in the institution that noticed the bugs when they were rightfully using the system and were ignored when notifying the responsible party about it until they "shouted it so loudly" that they couldn't be ignored anymore, in which case they were reported to the police for hacking.

Links below are in danish, but they can probably be translated if needed.

1: https://www.version2.dk/artikel/boernehavehackeren-frifundet...

2: https://www.version2.dk/artikel/interview-hacker-tiltalt-jeg...

6
angus-g 11 hours ago 5 replies      
Side note: this page gives me the weirdest Firefox behaviour I've ever seen: https://gfycat.com/HandyRapidJabiru
7
pmoriarty 12 hours ago 6 replies      
"this outrageous move from the police brought about fierce reaction resulting in tens of thousands of 1-star reviews on the facebook pages of the companies involved"

In the old days, protesters used to physically go and picket in front of company offices. These days, protesters leave one-star reviews. I wonder which is more effective.

8
TimJYoung 1 hour ago 0 replies      
The software industry better start investing more in educating the general public/government officials about how web applications work, or this is only going to get worse with technologies like WebAssembly in the hands of similar companies. If anything, people need to understand that these endpoints can be accessed without a browser, and we can't be arresting people/hauling them in for questioning for sending bad data to such an endpoint. After all, what does "bad data" even mean in such a context ?

Also, a question: does the EU have the legal concept of "fair use" ? I would have thought that messing around with a web application would fall under fair use, given that the web application can, and probably will, be stored on a person's computer. A computer that they (also probably) personally own, I might add...

9
SeanDav 6 hours ago 1 reply      
Although deeply unfair, this is not unusual, there have been many reported cases of companies shooting the messenger.

Unless the company concerned has a well documented and trusted bug bounty procedure, it can be very risky to report a bug in a system, if it involves any kind of hacking.

What happens is once the "bug" is reported, someone inside the company asks "How did this happen?". Now the person responsible has 2 options, admit it was their fault and the vulnerability exists and risk being accused of incompetence, or say that the system was hacked.

Human nature being what it is, one tends to complain of being hacked, thus snow-balling effects, which lead to the arrest of an 18 year old just trying to help.

My advice: Don't report these types of bugs at all, or if you really feel you must, report anonymously.

10
minusSeven 2 hours ago 1 reply      
> someone found out that the admin password was adminadmin and managed to log in using that.

Wtf ,I thought I was bad at my job.

11
anujdeshpande 8 hours ago 0 replies      
Sounds a lot like what happens here in India [1].

Also, if such behaviour is systemic, how should we bring about the paradigm shift in handling such events? Such incidents will happen more often across the world as e-governance becomes more predominant.

1 - https://thewire.in/119578/aadhaar-sting-uidai-files-fir-jour...

12
nthcolumn 5 hours ago 0 replies      
Someone pointed out to me the other day that just connecting to a poorly configured system is illegal in some places (Finland in his case). A form of trespass he said. This was a ship in international waters registered in Russia Federation so not sure whose law applies lol. Perhaps if there were more cases where full advantage was taken of such incompetence with spectacular newsworthy results then people would be more appreciative of the work we do and the laws changed to protect whistle-blowers and activists generally.
13
skinnymuch 10 hours ago 1 reply      
The list of bullet points of the egregious flaws in the software just get worse and worse. It's crazy how I thought the first one or two would be the worst since, but it just got worse.
14
ohthehugemanate 44 minutes ago 0 replies      
As a Deutsche Telekom client, I can say that this quality level is par for the course for T-Systems. Not surprised at all.
15
secult 1 hour ago 0 replies      
We had a similar case - National security authority(NBU SR) of a neighboring country got their public web infrastructure hacked after guessing credentials (nbusr:nbusr123). In the end, guys got free after trial because police were unable to unambiguously identify them.
16
shanky1323 29 minutes ago 0 replies      
THIS --> "someone found out that the admin password was adminadmin and managed to log in using that."
17
chx 9 hours ago 0 replies      
> We knew that they have been working on an NFC/smart card based system for around 4 years, without any visible result despite having spent over 4 million EURs.

The public procurement process for the current system called RIGO was indeed 2013 but the whole process is much, much older than that. A more than 300 page feasibility study was published in 2011 https://www.bkk.hu/apps/docs/megvalosithatosagi_vizsgalat.pd... And a completely different system, called Elektra was announced in 2004 with a 2006 deadline.

This whole clusterfuck with RIGO starting in less than a year was absolutely unnecessary since the 2011 study already suggested supporting contactless credit cards so once RIGO starts the only ones using this online ticket purchasing system will be those who have a credit card but not a contactless one. This is a (very) rapidly shrinking audience.

18
pmoriarty 11 hours ago 2 replies      
"if you just typed in the url (shop.bkk.hu), the site just wouldn't appear. At first I thought they've taken it offline, but it turns out that they just didn't set up the http -> https redirection. And it was left like that for days. If you just heard about it, you couldn't use it. You had to click a link (normal users won't figure out to put an https in front of the host name, even I didn't think of it)."

I'd really like to know which of these is the better solution.

It seems to me that if people go to the http address, they could be redirected to an attacker's address with a simple MITM attack. So there's an argument to be made for not using http at all, even for a legitimate redirect, because it can be so easily MITM'ed.

On the other hand, if the http address is left unused, then people who try it anyway and it fails will be confused. For this solution to work, it seems the users have to be educated to always and only use the https address.

For these reasons, the whole separate http/https scheme seems broken by design.

What's the consensus from the security community as to the right setup here? Am I missing something, or is there a better way?

19
odabaxok 7 hours ago 0 replies      
All I can think about, what a shame can this be for the developers releasing this software. There must have been a bunch of people working on this and wasn't there no one to say this is wrong?
20
minademian 7 hours ago 0 replies      
this reminds me of a dark joke.

a rabbit was detained by the secret police. the interrogator asks him, "what are you?" the rabbit says, "rabbit"

They torture, beat, and electrocute him for days.

Then, the interrogator asks him, "who told you you're a rabbit?"

21
kutkloon7 3 hours ago 0 replies      
Not really related to the technological side of the story, but I had a horrible experience with the international trains from Budapest. So they don't need a broken electronic system to provide a horrible service ;)

My parents went to buy a ticket at the counter. The lady behind the counter didn't speak English (which is totally OK). Her only communication was a 'go away' movement with her hand, after which she ignore us and signaled for the next customer in line to come to her.

Luckily a colleague of her helped us and gave us careful instruction on the time and platform of the train. After we took the train and sat for a few hours, the conductor of the train came and notified that our tickets were invalid. We argued for some time since the lady behind the counter told us this was the right train. The conductor became mad and told us that we had to pay him 50 euros in cash for some unknown reason (presumably to buy a ticket for the train we were on, but his English was very limited). Note that this was a normal train and there was no shortage of seats. In the end, we chose to get out at the next stop, and take the next train, which was about 3 hours later.

22
ikeboy 10 hours ago 1 reply      
>Didn't any of the engineers on the team tell their managers that something isn't right? I find it hard to believe.

Or, the managers knew full well the system was shit and they had no time to fix it, but 80k/month is 80k/month.

23
beters 11 hours ago 3 replies      
When I was in Budapest a few weeks ago, I heard from multiple locals that the metro system was owned by some sort of mafia. I wonder if that explains the subpar security and overreaction to the bug report.

edit: a few weeks ago, not this past summer that is still occurring

24
qualitytime 8 hours ago 0 replies      
Once there was this website which offered phone number to location service.

They had a form you could try the demo where it sent an SMS to verify and only allowed one query.

If you looked at the source of the page it had hidden fields to override the SMS verification and allow multiple queries.

I freaked out some friends for the day and nearly contacted a journalist but lost interest after some weeks.

I could have had my 15 minutes of fame or be on some list, or both.

It's alright, had some fun.

25
StreamBright 8 hours ago 4 replies      
Actually he exploited the bug and purchased a ticket for the fraction of the price and than reported it to the public transportation company. The company that runs the infrastructure (not the public transportation one) followed its internal policy and Hungarian law reported the incident to authorities. Police brought in the guy for questioning.
26
dogmata 6 hours ago 0 replies      
I wonder if the outcome would have been the same if instead of marking the price down from 9500HUF to 50HUF it was 9499HUF, the test would have still proved the issue.
27
SubiculumCode 7 hours ago 0 replies      
All I want to say is something off topic,but the only vacation I've had away fro m the kids and with my wife was a week in Budapest, and I miss it. Such a beautiful city, so romantic...and I rode the metro everywhere.

ahh Budapest.

:-)

28
wooptoo 4 hours ago 0 replies      
Just don't bother with companies who don't have a bug bounty system in place.
29
Aissen 6 hours ago 0 replies      
I thought some CERTs were now doing the reporting as way to shield security researchers from this kind of things ? Or did I hear wrong ?
30
willhackett 4 hours ago 0 replies      
A sure-fire way to let vulnerabilities go unnoticed and unfixed.
31
daef 6 hours ago 1 reply      
is HN hugging shop.bkk.hu to death?
32
Negative1 9 hours ago 2 replies      
The price of a ticket was client-side authenticated!? I can't fathom the level of incompetence required to do something like this...
6
Ethereum from scratch Part 1: Ping ocalog.com
532 points by mjfl  3 days ago   123 comments top 9
1
canada_dry 3 days ago 7 replies      
Though I meet the criteria as stated (knowledge level wise - I'm a retired IT Exec/long time geek), yet this still is a bit too esoteric for me.

As one of the 'killer apps' for ethereum is smart contracts, I'd like to see this explained in a 'for dummies' high level way, then decomposed into the finer technical chunks needed to make it happen.

2
mjfl 3 days ago 12 replies      
Hi all, I'm the author of the post, and also the creator of the website. I'm writing this series of posts to demonstrate the site. Do you guys get what the site's trying to do?

Hope you enjoy the post. If you have any constructive criticism you'd like to give regarding either the post or the website, let me know!

3
mgbmtl 3 days ago 1 reply      
I like the intro, very clear! I also like the narrative cross-referencing the docs, which people will sooner or later need to do as well. I have to admit that I only glanced over the code.

This caught my attention: "In the EndPoint specification, it demands the "BE encoded 4-byte" address, which is exactly what's outputted by self.address.packed."

Does this mean that Ethereum only supports IPv4?

I searched around and only found this, dating back to 2014: https://github.com/ethereum/wiki/wiki/IPv6

4
andrewbinstock 3 days ago 1 reply      
Java Magazine published an article on Ethereum, explaining how it works, and how to access from Java [1]

[1] http://www.javamagazine.mozaicreader.com/JanFeb2017#&pageSet...

5
mjfl 3 days ago 0 replies      
Hi! Thank you all for the attention! I was not expecting it!

It seems that the user registration emails are causing a 500 server error and I'm working on a fix.

Edit: I'm bypassing the email confirmations for now, if you got a 500 error, please try to login using the account you signed up with. It should work, otherwise email me at mflynn210 <at> gmail.com.

6
Artlav 3 days ago 1 reply      
Neat. I contemplated writing something like that, only without the "import rlp" cheat.

Basically, there were a lot of blind spots in the official documentation and it took me a while to figure out things like how to make a proper key recovery id or which endianness to use where in the messages.

How far have you been able to get to? I still can't quite wedge into the mainnet - the nodes keep disconnecting me for unknown reasons some time after, and finding a new node to connect to takes a while.

My node does works rather well on the ropsten testnet, however.

7
zagdul 3 days ago 1 reply      
Wasn't the purpose of bitcoin to eventually hit a limit someday? Isn't the creation of Ethereum just devaluing bitcoin?
8
mdevere 3 days ago 0 replies      
excellent thank you
9
aqsheehy 3 days ago 0 replies      
Ponzi pumping
7
Why Should I Start a Startup? ycombinator.com
565 points by craigcannon  4 days ago   279 comments top 44
1
Mz 4 days ago 11 replies      
He sounds twice exceptional -- gifted, but with some sort of learning disability or handicap of some sort.

Twice exceptional people often appear to be "average" but find an "average" or normal life enormously frustrating. Because of having some sort of handicap, it can take a lot to get them going. Once they get going, they often outperform others. Life is vastly better for them when they can create their own niche because they simply do not fit in to normal societal expectations very well, try though they might.

No insult intended. I fit that profile, as do both my sons.

So, perhaps a good summary is if you are bright, but having trouble finding your niche, then starting your own company is a means to create your own niche. This is exactly what I have always told my oldest son. From an early age, it was clear to me he would not make a good employee. But that doesn't mean he won't eventually be successful. He just needs to grow his own.

2
andkon 4 days ago 3 replies      
I'd like to fill out the "maybe" part of his "If you answer yes three times, then maybe starting a startup is for you" bit.

I answer a very strong yes to all three of those. Always have. But a startup, despite my always having worked in them and run one of my own for three years, was resolutely not a good idea for me.

It took a lot of self-discovery to see myself not as an entrepreneur, but as an artist, and it's frustrating, because it sure took me a while to admit it. I spent all my time and money and effort trying to be successful as a startup founder, and expecting that I'd eventually feel the spark that I know can drive me. But now I look at the creative work I do on my own, even though I still have a full-time job, and I feel the same connection that Michael describes here, which I had chased for so long.

The irony is that pretty much every idea I have uses the technical skills i built as a startup founder. But hey. Time to do what I always should have.

3
nathan-wailes 4 days ago 3 replies      
Great post! I love reading pre-company autobiographical accounts from successful founders, as I find it to be a great way to get ideas for what pre-company experiences might best prepare me to be successful myself.

Some additions I would make to Michael's list for "Why to start a start-up":

- As a founder you get a level of control over what problem you're solving that you'll rarely have as an employee.

- You also get a level of control over who you're working with that you'll rarely have as an employee.

- You also escape having your income determined by the market for labor, and instead have it determined by the market for your product.

Those three things are very, very important to me, and I suspect also to many other founders.

4
agentultra 4 days ago 8 replies      
> 1. The vast majority of startups are not successful

This alone is why 90% of people will not choose to work at a startup. You will work long hours, for crap pay, and you'll be waiting in line if there is an exit.

The odds of there being an exit worth anything to anyone other than a founder are small enough to not even worth considering.

If you are a founder you're gambling on your chances. There are ways to mitigate the risk but there's no sure thing.

Don't start a startup if you do not have the financial security to basically lose everything you put in.

Don't start a startup if you have family that depends on your income. You could choose to eat ramen and sleep on the floor of a college dorm room. Your kids (and CPS) might not appreciate it.

I agree the motivation is very important. I disagree that you cannot find the same motivation in a more stable organization (or can't motivate yourself). I recently finished reading, Extreme Ownership [0], and I bring that with me to work. People need to be responsible for outcomes: that's not unique to startups. You can also find that motivation internally and share it with your colleagues as you go.

[0] https://www.amazon.ca/Extreme-Ownership-U-S-Navy-SEALs-ebook...

5
falcolas 4 days ago 2 replies      
So, does "personal responsibility for [...] failure" really apply when there is a 90% failure rate? Seems like short of failing to execute, it's more a game of chance than something you can influence.

That is, it's seems like its a lot like video poker: you can cause yourself to lose, but you can't make yourself win.

I would also think that getting into an industry with such a high failure rate would be terrible for someone who takes such personal responsibility for the outcome: most of the time they're going to consider themselves a failure. In the worst case, serial failures.

6
seddona 4 days ago 0 replies      
"there is a certain type of person who only works at their peak capacity when there is no predictable path to follow, the odds of success are low, and they have to take personal responsibility for failure (the opposite of most jobs at a large company)."

I have never really stopped to consider my own motivations for doing a startup but this sums it up. Do a startup because you have to, not because you want to.

7
jaypaulynice 4 days ago 3 replies      
I like this post. I wish I really started a startup in college or right after. A regular corporate job turns you into a zombie and you become out of touch with reality especially if you're well paid and well fed. A lot of people are unprepared for the hard life.

If anything, you'll learn more about life in 6 months than you will in decades. It's not just the technical stuff. You'll learn who your real friends are. Being broke and thinking you might go homeless will make you sympathize with the homeless. Co-founders will try to screw you. If you're married, you'll soon find out if your spouse really loves you or just the regular income. Fake people pop up everywhere trying to take credit for your hard work.

I think a startup is akin to the street life without the street creds.

8
TheAlchemist 4 days ago 0 replies      
Very interesting post ! The 3 questions really resonate with me. Usually when talking startups, people talk about changing the world, having and impact etc. Your take seems much more personal, and also that's the way I feel it (although I can't explain that to me rationally).

The 3rd is so true - in big corps, you think you're responsible for this and that because you're the tech lead, project manager or whatever. But most of the time, that's not really true - nothing bad will happen to you if you don't deliver. When you're starting a startup you suddenly realize what personal responsibility means.

Anyway, thanks for a great post !

9
nurettin 4 days ago 0 replies      
Why create a startup?

Because you have a product and the development and marketing skills to persuade people to keep on using it. It's easy to get sidetracked with colorful terminology and complex definitions.

10
mwseibel 4 days ago 7 replies      
Hey folks - happy to answer questions here
11
gravyboat 4 days ago 0 replies      
I would rather just run small businesses and side projects. Still a pretty high chance of failing, but if they do fail you still learn and it doesn't impact your bottom line that badly.
12
nnd 4 days ago 1 reply      
> Do I seek the hard challenges that most people shy away from?

Arguably, you can find much harder challenges working for a bigco, at least when it comes to engineering challenges.

Also, surprisingly one of the biggest factors involved when it comes to starting a startup is not mentioned: idea itself.

13
tristanho 4 days ago 2 replies      
Loved this post, thanks! You mentioned the 3 constraints under which you (and many founders) thrive in:

* Being the underdog

* Hard challenges most people shy away from

* Personal responsibility for outcomes

Why are some people best under those conditions? Is it something trainable, or inherent?

14
eriktrautman 4 days ago 0 replies      
A lot of replies are focusing on the outcomes implied by the OP's checklist -- if you answer "yes" on all, you'll be more likely to succeed financially. As a founder, I think it's far more important to focus on the journey aspects of it. Meaning, if you check the boxes, just maybe you have the mindset that will make you happiest when you're in the midst of all that hustling and struggling in the game. That mindset is what keeps you in it... if you're reward-focused, then you're going to burn out and lose direction.

So let's reframe the discussion from "do you have what it takes to be successful in a startup?" to "do you have what it takes to love the sufferfest grind of each day along the way so the outcome is just a nice reward at the end?"

15
graycat 4 days ago 0 replies      
For someone considering a startup, again, once again, yet again, over again, one more time, the probability of being successful in a startup, say, estimated from all the startup efforts, is at best useless and otherwise misleading and, thus, worse.

Instead, what matters for an estimate is the conditional probability of success given other information. It's quite possible for the probability of success to be quite low but the conditional probability of success, given other facts, events, situations, etc. that hold, quite high.

The OP's nice words about working in a big company are also deceptive. In fact, especially in technology, those jobs can be darned unstable, vulnerable, and short lived. If by then have a house mortgage, three kids on the way to college, maybe some kids who need some help like the author of the OP, getting fired at a big company can be one heck of a bummer.

So, ASAP, while young and making good bucks in tech, look all the time for a startup opportunity. Maybe get one going in your house den, basement attic, garage, wherever. Pay attention to, learn about, at least dip toes into startups. Start small, don't invest more than pocket change, and LEARN.

Then think of your kids: What are they going to do? Are they going to have to start all over, from zero, like the author of the OP did? Or, pay attention to a family with a good, stable family business (e.g., with a geographical barrier to entry and a very broad customer list), hopefully not much to do with anything unstable like tech, where the kids can learn the business and, thus, at least learn about business and, hopefully, later move into the family business. For having a good life, that can beat the heck out of anything can learn in political science at Yale.

With high irony, my experience is that the families that can afford to pay full tuition, room, and board at an Ivy League college didn't go to an Ivy League college and, instead, made their money in small-medium business -- ran 10 McDonald's well, was the leading plumbing supply house for a radius of 50 miles, owned a lot of rental property, had a really good independent insurance agency going where they knew nearly everyone in town relevant to the business, etc.

If want a child in law or medicine, likely it helps a lot for at least one parent to be in law or medicine.

Startup? Really, in the US, for a full career, there really isn't much alternative but to do a successful startup. The question is not whether but how. So, learn how. If really know how and are determined, then the chances of success should be good, not bad.

16
abhikandoi2000 4 days ago 0 replies      
Should one also do a startup, when a startup seems to be the only possible path to "see something happen"?
17
quadcore 4 days ago 0 replies      
I like it. Though I don't think that's the answer I would give. From my experience, I wanted to start a startup because it was like god himself gave me a mission. And I couldn't turn away from that responsibility. I fucking deeply cared about what I was gonna do. It was so much more important than everything else for me. I was freaking Frodo bringing the ring to mordor.

So yeah, everything he said, plus the quest.

18
taurath 4 days ago 6 replies      
I do find it rather hilarious that he dropped interest in yale for being too academic, but during my (failed) interview as a web developer at Twitch about 5 years ago, the questioning had to do with only academic subjects like graph traversal algorithms - they proudly stated when I applied that 90% of their employees come from an Ivy league background.

Here's who I think should start a startup:

- People with the backing of their families and resources to get into Yale and every other college other than Harvard (thank god!), and have the means that failure is not so much of a risk.

- People who really need to do this thing, and can maintain their passion and drive and make it the largest part of their lives. And if that thing requires a lot of money to do, the ability to raise money, or already have money.

Both of the above need to be able to physically and mentally handle the 90% failure chance. The author clearly could.

19
ashwinaj 4 days ago 0 replies      
> I cannot promise that doing a tech startup will make you rich (in fact the odds are against you becoming rich), but I can promise that it is one of the most challenging things you can choose to do. It will push you past your limits, force you to learn faster, and maybe show you that once in a while the impossible is possible.

Couldn't have said it better! Bookmarked, thanks for explaining it in simple terms. I find myself fumbling to explain this to my non-startup friends.

20
sna1l 4 days ago 0 replies      
"About 2 months after being kicked out of school I suddenly felt pissed off again. I realized that my school, some of my friends, and even some of my family members thought I would never graduate from college. My motivation came back instantly." -- this passage seemed kinda weird to me. Seems like he got his motivation back due to spite?

His 3 questions at the end also seem to point to him having a chip on his shoulder.

21
throw4141 4 days ago 2 replies      
I've tried to start a startup, 2 times. I failed both times.

And now I have 0 money left, the family that cannot help me, I don't have a job and can't find one and thankfully I have some friends that are giving me a place to sleep.

Should I start another startup? I wish. Will I do it? I don't know how.

I wish I had a magic idea and some people to invest in it, but not living in the Valley and not having a clue on how to find great ideas I'm kinda stuck.

I'm already looking for a job, the problem is that I have the fear that the more I wait for the next startup and the more it'll be harder to build a product from scratch because the expectation from all markets will be higher.

Ideas?

22
elmar 4 days ago 0 replies      
Why Most Startups Fail and How To Avoid The Same Fate

http://www.brianhonigman.com/why-startups-fail/

23
rahimshamsy 4 days ago 1 reply      
Is the desire to transform as a person a good enough reason? Very few endeavors are as challenging as solving a problem by building a profitable business around it, and having the pleasure of meeting and working with a variety of people.
24
jcroll 4 days ago 1 reply      
> I cannot promise that doing a tech startup will make you rich (in fact the odds are against you becoming rich)

Ok, so what path has the least resistance for getting rich for a skilled developer?

25
tanilama 4 days ago 3 replies      
The startup starts up because of money is often time uninspiring. It is a good thing that we have fewer startups like that. If you don't have a good problem, plz don't make a startup for it.
26
polpenn 4 days ago 1 reply      
Okay! Let's do it! I want to start a start-up. What do I do?
27
yousifa 4 days ago 0 replies      
What does your data show regarding success rate for people like you vs those who build companies because of the need to have something exist?

What are specific challenges you see in each case?

28
blizkreeg 4 days ago 1 reply      
You should not start a startup. I like to think of it differently. It's semantics but I find that it aligns my thinking better. You should start a business if:

- you are strongly driven _by the idea_ of doing business, i.e., at some point in your evolution, you become Walt Whitman. A business, which

- solves a problem, makes a product, or offers a service, that

- you think can you do better and make money while doing so, and

- you would rather face the uncertainty of it not working out than be employed working on a thing you are not motivated by.

You should not start a startup if things such as exits, raising VC, optics of running a startup, or some such affair is of primary concern to you. They should be in the service of running the business and serving its needs, not the other way around.

This is not a script that applies to just some lifestyle, sustainable businesses, in the parlance of SV. This is the same script that even the largest, most profitable, and most impactful companies (cue the disruption adjectives) on the planet have followed.

29
basic1point0 3 days ago 0 replies      
I really like the way intellect is defined in this post. It's mostly persistence that guides you to success.
30
sophiamstg 4 days ago 0 replies      
Well, this is so motivating for a specific population, but I don't think majority thinks this way... after all paying bills come first..
31
jokoon 4 days ago 0 replies      
Didn't bill gates say something like "startups are needed, because you need failure so that some startups can succeed".
32
raresp 4 days ago 0 replies      
If you're asking yourself the question "Why Should I Start a Startup?" than you sholdn't start a startup.
33
Windson 3 days ago 0 replies      
This article got so many upvotes just because it's wrotten by Twitch's founder.
34
idlewords 4 days ago 1 reply      
The casino explains why you should play dice.
35
crb002 4 days ago 0 replies      
Garage. It worked for Apple, Google, and HP.
36
desireco42 4 days ago 0 replies      
Because I can. Also, bootstrap if at all possible. Independence can't be valued enough.
37
gaius 4 days ago 0 replies      
The only way to win is not to play
38
known 4 days ago 0 replies      
When you can/will dismantle a "Pyramid scheme"
39
jondubois 4 days ago 0 replies      
Building a successful tech startup is easy but extremely unlikely.
40
keeptrying 4 days ago 0 replies      
You shouldn't .
41
_ao789 4 days ago 0 replies      
Fucking great post man. Really hits home.
42
rjurney 4 days ago 0 replies      
You shouldn't. Work in open source instead. If that project takes off, start a company. This way you benefit everyone instead of just yourself if you fail. Which you probably will.
43
CryptoFascist 4 days ago 8 replies      
This is nothing but a pitch by YCombinator to get rubes to work for pitiful amounts of money and likely fail, so that YCombinator can capture the vast profits from the few that succeed. It's YCombinator's business model.
44
carsongross 4 days ago 0 replies      
Here is a practical reason to start a startup:

You are married to someone who makes enough money to push your marginal tax rate on income to the point (it can hit 55%+ in places like CA) that you might as well take a flier on a startup rather than pulling a W4.

8
A hacker stole $31M of Etherhow it happened, and what it means for Ethereum freecodecamp.org
514 points by HaseebQ  3 days ago   410 comments top 45
1
kanzure 3 days ago 0 replies      
2
ckastner 3 days ago 7 replies      
> Having sounded the alarm bells, a group of benevolent white-hat hackers from the Ethereum community rapidly organized. They analyzed the attack and realized that there was no way to reverse the thefts, yet many more wallets were vulnerable. Time was of the essence, so they saw only one available option: hack the remaining wallets before the attacker did.

> By exploiting the same vulnerability, the white-hats hacked all of the remaining at-risk wallets and drained their accounts, effectively preventing the attacker from reaching any of the remaining $77,000,000.

> To prevent the hacker from robbing any more banks, the white-hats wrote software to rob all of the remaining banks in the world. [...]

One argument I keep hearing in favor of cryptocurrencies is that they are beyond the control of individual governments and their regulation through legislation and law enforcement.

Next time, I'm going to use this case as a counterexample, because when the solution to the problem of "hackers robbing banks" is "vigilantes robbing the remaining banks", something is very wrong with your system, and it is certainly not something for the general public.

3
owenversteeg 3 days ago 13 replies      
I think the fundamental problem here is an economic one. Make three assumptions:

1) most contracts worth implementing in Ethereum are fairly complex

2) even given great developers, bugs are inevitable in complex code

3) the budget of the contract-makers' security team MUST be smaller than that of the hackers

You quickly see that if the chance of a bug is nonzero, "smart contracts" don't make economic sense. If you have a $100k contract, and you spend $5k on security (which would absolutely destroy most companies' margins by the way) you'll be facing hackers that are EACH willing to spend up to $90k or so. Let's say all the experts in this example world are $200/hr. You spent 25 expert-hours on security. But you're being hacked by people who spent 450 expert-hours on hacking you.

With that in mind, would YOU want to use a smart contract? Spend 5% of the contract value instantly on security, and risk losing 105%? This isn't a normal loss by the way, where you can prosecute someone or sue somebody. No, this is the instant, digital theft of the entire value of the contract, to an anonymous digital address where it will be quickly blended in with hundreds of millions of dollars of similar thefts a month.

4
shadowmint 3 days ago 5 replies      
This is a very pro-Ether take on what happened, but ultimately it comes to the right conclusion:

> The problem is that his programming toolchain allowed him to make these mistakes.

Damn straight. The problem is that the model of 'public by default, opt in for security' is fundamentally daft in this context. There's quite a good read on that particular topic here too http://hackingdistributed.com/2017/07/20/parity-wallet-not-a....

...but hey, if this ends up making Ethereum better, more secure and more robust as a result, then that's a good thing; it probably does need a different better language to express code in.

Just remember...

> certainly you should not store any money in a hot wallet that youre not comfortable losing.

5
dawidloubser 3 days ago 1 reply      
As long as Ethereum apps are powered by a deeply-flawed programming language (Solidity) and VM (EVM), this will happen over and over again.

Writing provable, secure software is difficult, and highly unlikely if your environment doesn't force the correct mindset. Solidity (poorly named) was made with the primary goal of being easy for JavaScript / Node hackers to use.

The cost of this is now illustrated through the repeat 'hacks' of bad 'smart contracts'.

6
icelancer 3 days ago 2 replies      
>"Its important to understand that this exploit was not a vulnerability in Ethereum or in Parity itself."

I mean.... I guess. It's a feature of Ethereum, if we're going to weasel around.

7
jlebar 3 days ago 0 replies      
"Its going to take a lot of work to develop the training and discipline to treat smart contracts the way that banks treat their ATM software."

https://web.archive.org/web/20160406115607/https://www.bloom...

ATMs are not secure because of their software. They are secure despite their software.

Maybe eth will reach the point where the police will come after people who try heists like this. That seems much harder than coming after someone who stole $30m from a series of ATMs, though.

8
gciruelos 3 days ago 3 replies      
Nothing was stolen. All I see is a programmer abiding by the contracts.
9
esseti 3 days ago 2 replies      
But now, how can the hacker spend it or transoform to USD? To spend them if on online stuff is rather ok, execpt the fact that the items (if are a phisical objects) needs to be sent to an address. If he's going to transoform them to USD or BTC or whatever they need to use a platform, which asks for ids and co.

so, how can he get rich without getting caught?

10
JohnJamesRambo 3 days ago 2 replies      
As an Ethereum investor, this hack has shaken my belief in Ethereum ever making sense as an ecosystem. Smart contracts which will always be fallible plus irreversible blockchain transactions seems like a peanut butter and tuna fish sandwich.

I moved my money out of Ethereum for now.

11
verytrivial 3 days ago 1 reply      
I'm sort of confused[1] that formal proofs are not mandatory tools in this space. There's some Herculean effort underway[2] to create verified HTTPS stack. The failure mode in that case is maybe, sort of data leakage or server control that might be worth something to someone. In the Etherium case, they just walk away with cash. It takes a sort of hubris (or is it foolishness?) to think you can just be very very careful and it will all work out okay.

[1] Actually, its more schadenfreude, partly with the audacity of the speculator and system market makers, and partly at the mindless waste these proof of work/stake systems require.

[2] https://project-everest.github.io/

12
Steeeve 3 days ago 0 replies      
> In the end, attacks like this are good for the community.

I'm sorry, but what a bunch of baloney.

13
Cakez0r 3 days ago 2 replies      
I have to expect that some bug like this has surely happened with a traditional bank too, causing them to lose a bunch of money. Humans inevitably write buggy software regardless of the platform. The difference with blockchain-based currencies is that their failures are forced to happen in public. I'd be interested to know what banks do when they discover that something doesn't add up in their ledger. I can't believe that it has never happened and never will.
14
seanwilson 3 days ago 0 replies      
Hmm, so don't most courts consider the spirit of a law/contract as opposed to the exact wording to get around people finding obscure loopholes in the phrasing? That's one area a computer is not going to be forgiving about.

Obviously in this case, reassigning the wallet owner is completely against the spirit of the smart contract. What solutions are there to this? All I can think of is for contract coders to use a language that allows contract constraints to be specified more easily (e.g. "owners cannot be reassigned") and have it verified by the language. Maybe this is a good application of formally verified code but the language being used doesn't seem built with that in mind.

15
GrumpyNl 3 days ago 0 replies      
The keep telling me Crypto's are safe.Everybody controls them. I haven't heard of any banks that have been robbed several times this year from these amounts of money. Sounds like me that crypto coins are the easiest hackable sources right now.
16
joeyspn 3 days ago 0 replies      
> a hacker pulled off the second biggest heist in the history of digital currencies.

This is not accurate... the MtGox hack was ~$100M, Bitfinex ~$60M, the DAO $50M, so this would be the 4th, not 2nd.

17
BadBougie 3 days ago 0 replies      
"Ethereum is a descendant of the Bitcoin protocol, and improves on Bitcoins design"

Misleading statement

18
PhilWright 3 days ago 2 replies      
Is it possible to track where the money goes from the hackers account onwards? Or is then opaque? How easy will it be for the hacker to move the funds around so it cannot be traced back to the theft?
19
bitcoinmoney 3 days ago 0 replies      
Lol. The author really knows how to make click-bait articles. Same guy here: https://www.highstakesdb.com/2375-haseeb-qureshi-admits-to-c...
20
pmoriarty 3 days ago 5 replies      
"smart contracts can also do things that normal contracts cant, such as enforce a set of rules entirely through unbreakable cryptography."

Isn't "unbreakable" a bit of a dirty word in the security community? Is there really such a thing as "unbreakable cryptography"?

21
seanalltogether 3 days ago 0 replies      
There's a quote from John Carmack that heavily influences my take on OOP and DRY programming in general.

"A large fraction of the flaws in software development are due to programmers not fully understanding all the possible states their code may execute in."http://www.gamasutra.com/view/news/169296/Indepth_Functional...

As long as ethereum contracts support stateful OO contracts, they are bound to run into these kinds of bugs.

22
gspetr 2 days ago 0 replies      
"There is no avoiding war; it can only be postponed to the advantage of others." -- Niccolo Machiavelli

If he was alive today, perhaps he would have said:

"There is no avoiding professional security audit; it can only be postponed to the advantage of cybercriminals."

Their statement is the biggest joke[0]:

"This body of code continues to have no known security issues."

This reminds me of:

"Beware of bugs in the above code; I have only proved it correct, not tried it." - Donald Knuth

[0] https://blog.ethcore.io/the-multi-sig-hack-a-postmortem/

23
mholmes680 2 days ago 1 reply      
I know very little of Ethereum aside from the articles that pop up here, but I'm trying to compare this event to my existing currency. I have cash under my bed, i have it in 10+ accounts in financial institutions, and most of it is insured by the FDIC... so I've reduced my risk profile greatly.

Does ethereum/ether allow me offline wallets? Can i have multiple accounts/wallets and easily administrate them? Is any agency insuring this yet? If so, then isn't this also user-error here? Don't allow a wallet of $X size that you can't afford to have disappear?

24
peter303 3 days ago 0 replies      
Just like the Hans Christian Andersen story:"The emporer has no clothes"
25
thinkloop 3 days ago 0 replies      
What's the fairest distribution of the recovered white-hat funds:

- return them exactly as they were, with the unlucky people completely losing funds

- distribute them back among everyone based on the % of total funds that were in their wallets

26
vasilipupkin 3 days ago 0 replies      
Maybe I'm wrong, but people seem to view smart contracts as theoretically infallible replacement for normal contracts. They to me are nothing of the sort, just some code that makes certain money transfers and disbursements more efficient than if implemented differently. So, of course there will be technical problems and hacks, just like when regular corporations get hacked in the non crypto world
27
nodesocket 3 days ago 1 reply      
Do we have any idea if the wallets that were stolen from were individuals, companies? How angry would you be if you lost millions and there was nothing you can do.
28
didibus 2 days ago 0 replies      
Definitely it seems defensive measures should be built into the programming toolchain of Ethereum. Like it probably shouldn't allow eval at all.

That said, any form of eval should also be a red flag for security. It seems like in this case cost won over security. And that is fundamentally the biggest threat to security.

29
dynjo 3 days ago 0 replies      
Criminals stole $40m USD

http://www.telegraph.co.uk/news/2017/04/25/brazilian-bandits...

What does it mean for the dollar?

Answer: Nothing, but people improved their security so it doesn't happen again.

30
artursapek 3 days ago 0 replies      
You gotta love the hooded figure with overlay of CSS + HTML snippets. Hackers give me the chills!
31
staticelf 3 days ago 0 replies      
I am a programmer and I don't understand Ethereum. Sure I haven't really read up on it but if I don't understand it, how will the common man?

I have little faith in this kind of system. Could anyone here explain to a noob how Eth would be any better than Bitcoin?

32
e79 3 days ago 0 replies      
Manual code review would have likely helped. A tool like this maybe?

https://ericrafaloff.com/introducing-the-solidity-function-p...

33
bitmapbrother 2 days ago 0 replies      
I don't get why the author keeps referring to the stolen ether as "counterfeit". It's not counterfeit, it's just stolen ether that will be reintroduced into the economy just as stolen bills are.
34
andretti1977 3 days ago 3 replies      
How did the white hats understood the vulnerability? I don't know anything about ethereum so i'm honestly asking. Is there a public log of the method invocations so they could see the hacker was exploiting that exact vulnerability and decided to replicate it?
35
kovacs_x 3 days ago 1 reply      
What I'd like to know as a developer- what was the "great" idea with the "call forwarding" in specific contract function?!

What would be the valid use case, why author decided he should put it there beforehand?

36
mdekkers 3 days ago 0 replies      
As an aside, every time I see a headline with "Hacker" and an image of a hoodie with binary and mostly dark colour tones, my expectation of the quality of content to follow drops significantly.

Having said that, the actual article is pretty good...

37
pm24601 2 days ago 0 replies      
And this is reason #457, why I will not use a digital currency. No protection or recourse from fraud or theft.
38
richardknop 3 days ago 1 reply      
So many Ethereum related posts on front page every day lately. Is this some sort of marketing campaign or the sudden increase is just because of the hack?
39
Dowwie 2 days ago 1 reply      
The world's most expensive security audit...
40
bitmapbrother 2 days ago 0 replies      
Would it make sense to introduce some sort of escrow service into smart contracts to prevent such thefts in the future?
41
heliumcraft 3 days ago 1 reply      
Again, Gavin Wood did NOT write the change that caused this, he wasn't even the reviewer.
42
formula1 3 days ago 2 replies      
The developer shouldn't have executed arbitrary text. Hopefully we can just fork, blacklist the stolen transactions and pretend this didn't happen.
43
Temasik 3 days ago 0 replies      
another hardfork?

ethereum oldskool?

44
EdSharkey 3 days ago 7 replies      
Stories like this make me consider whether programmers that engage in commerce should be forced (yes, by law) into guilds that have rigid journeyman and apprenticeship stages before the programmer gets to touch the production environment. Specialized, official, bonded developer roles need to be established.

Our community cannot continue operating in the hacker mode wherever money is involved.

45
catherinezng 3 days ago 0 replies      
Great read. Thanks!
9
Apple Machine Learning Journal apple.com
483 points by uptown  5 days ago   126 comments top 18
1
exhilaration 5 days ago 7 replies      
For anyone curious about why Apple is allowing its researchers to (anonymously) publish papers like these on an Apple blog, it's because of this:

Apples director of AI research Russ Salakhutdinov has announced at a conference that the companys machine-learning researchers will be free to publish their findings. This is an apparent reversal of Apple's previous position.

Refusing permission to publish was said to be keeping the company out of the loop and meaning that the best people in the field didnt want to work for Apple.

From: https://9to5mac.com/2016/12/06/apple-ai-researchers-can-publ...

We will see whether this move is sufficient to attract the top talent they're looking for.

2
skywhopper 4 days ago 3 replies      
Is anyone else amused by the irony of using machine-learning-trained image generator in order to provide data to a machine-learning-trained image recognition program? I'm sure the researchers themselves and plenty of people here could come up with all sorts of logical reasons why this is fine, and very possibly given the right protocols it would be fine. But this sort of approach seems to lend itself toward increasing the risks of machine-learning. ie, you're doubling down on poor assumptions that are built-in to your training criteria or which creep into the neural net implicitly, because you are using the same potentially flawed assumptions on both ends of the process. Even if that's not the case, by using less real, accurately annotated data, you're far less likely to address true edge cases, and far more likely to overestimate the validity of the judgments of the final product compared to one with less synthetic training. And if there's one thing the machine learning community doesn't need any more of, it's overconfidence.

Edit: oops, turns out I mistakenly responded to the content of the paper instead of the fact that it exists and the form of its existence. Sorry.

3
Stasis5001 4 days ago 1 reply      
A lot of academic papers actually aren't all that great, for a variety of reasons. Normally, you can use citations, journal, and author credentials to get a sense of whether a paper is even worth skimming. The only "paper" on the "journal" right now looks like it's just a watered-down, html-only version of https://arxiv.org/abs/1612.07828!

Seems like more of a PR stunt than anything useful, but who knows.

4
zo7 4 days ago 0 replies      
It's interesting how much criticism they're getting because Apple formatted their blog to be anonymous and watered down, but they're clear in their first technical post that it is just an overview of work that the researchers are presenting at CVPR [1].

So the researchers at Apple are still getting credit for their work in the scientific community, but the PR-facing side of their work is anonymous, probably for some aesthetic reason (this is Apple, of course)

[1]: https://arxiv.org/abs/1612.07828

5
ericzawo 5 days ago 4 replies      
The most Apple thing ever is that they called it a "journal" and not a "blog."
6
bschwindHN 4 days ago 0 replies      
Going off on a bit of a tangent, but I feel like Apple's niche in AI will be with on-device processing. The iPhone 7 already has an FPGA onboard, and I would guess the next iPhone will have more/more powerful chips. Training would probably still have to happen on their servers though due to the dataset sizes needed. I might just be full of shit though, I'm not much of an AI developer.
7
KKKKkkkk1 5 days ago 4 replies      
Why no author names on the article?
8
tedmiston 5 days ago 2 replies      
The top comment on Product Hunt from Ryan Hoover raised a good point about Apple's timing with this:

> This launch is particularly interesting because this isn't typical for Apple, a fairly secretive and top down company (when it comes to external communications). Timing makes a lot of sense with their upcoming launch of ARkit, Apple Home, and the inevitable "Siri 2.0", among other things.

https://www.producthunt.com/posts/apple-machine-learning-jou...

9
pseudometa 4 days ago 0 replies      
I would really like to see the names of people who are working on the research. They reference other papers and give their authors credit, but was disappointed to not see the Apple employees get credit.
10
Angostura 4 days ago 1 reply      
I'll be keeping an eye out for acrostics with the author's name.
11
mattl 5 days ago 5 replies      
What's powering this site? Doesn't look like WebObjects.
12
acdha 4 days ago 3 replies      
I really wish this had an Atom or RSS feed
13
0xCMP 5 days ago 2 replies      
So we're def getting some form of facial recognition in the new iPhone with stuff like this being published.

Feels like an early post to show they've done some advanced work in making sure you can't trick them.

14
plg 4 days ago 0 replies      
I like the font. Is is possible/legal to use the SF Pro Text webfont?

PS I know the desktop font is available for download at the apple developer site ... but I'm talking about the web font

15
mrkrabo 4 days ago 0 replies      
No <title>?
16
dekhn 4 days ago 0 replies      
calling this a "journal" and making it anonymous is disingenuous.
17
gjvc 4 days ago 0 replies      
I'm betting that sjobs would not have approved this
18
joshdance 5 days ago 0 replies      
Surprising. Hopefully we see more of this.
10
Show HN: A Set of Dice That Follows the Gambler's Fallacy github.com
522 points by xori  4 days ago   230 comments top 47
1
andy_wrote 4 days ago 4 replies      
There's a probability model called the Plya urn where you imagine an urns containing numbered balls (colored balls in a typical example, but to draw the comparison with dice we can say they're numbered 1-6), and every time you draw a ball of a certain color, you put back more balls according to some rule. A few probability distributions can be expressed in terms of a Plya urn, see https://en.wikipedia.org/wiki/P%C3%B3lya_urn_model.

A fair 6-sided die would be an equal number of balls numbered 1-6 and a rule that you simply return the ball you drew. You can get a gambler's fallacy distribution by, say, adding one of every ball that you didn't draw. I read the code as a Plya urn starting with 1 ball 1-N and doing that on each draw plus reducing the number of balls of the drawn number to 1.

Also related, in 2d space, is the idea of randomly covering the plane in points but getting a spread-out distribution, since uniformity will result in clusters. (If you're moving a small window in any direction and you haven't seen a point in a while, you're "due" to see another one, and vice versa if you just saw a point.) Mike Bostock did a very nice visualization of that here: https://bost.ocks.org/mike/algorithms/

2
ideonexus 4 days ago 18 replies      
A great application for this is in randomizing playlists. My friends, who are also CS grads and should know better, have often complained that their MP3 players, CD carousels, etc play the same music too often claiming that the random is broken, when a song repeating in a short period of time or other songs never playing is what you would expect from a truly random selection. Using this algorithm, you'd be sure to hear all of your songs. I'm guessing most music services already do something like this.
3
Pfhreak 4 days ago 6 replies      
Interesting, and at first I was excited about the possibilities in something like D&D, where a series of bad rolls can have you feeling down. "I'm due for a critical hit any swing now..."

Players would love that! Make my hero feel more heroic! The inevitable comeback!

But then I thought about the inverse case -- you are doing really well, and now you are due for a failure. Or series of failures. That would feel awful.

We have a lot of emotions around dice rolling. I wonder if players really want from their dice. Would players prefer dice that are secretly unevenly weighted towards good rolls? Would they still want those dice if they knew they were weighted?

4
doodpants 4 days ago 2 replies      
> I made a chatbot that rolled dice, and it was constantly criticized for being "broken" because four 3's would come up in a row.

> These accusations would come up even though they (all being computer science majors) know it's possible (although unlikely) for these events to happen. They just don't trust the black box.

I am reminded of the approach that GamesByEmail.com used to address this criticism:http://www.gamesbyemail.com/News/DiceOMatic

5
nickm12 4 days ago 1 reply      
I had the privilege of studying probability from G-C. Rota. One of my favorite quotes from him was "Randomness is not what we expect", which he used to describe the phenomenon of people disbelieving that random data was actually random. Another great was "This will become intuitive to you, once you adjust your intuition to the facts."
6
cableshaft 4 days ago 1 reply      
There was an old flash video game I worked on a long time ago where I did exactly this. I had a boss with two main attacks, and I didn't want it to be super predictable A/B/A/B, so I had it pick between A and B randomly, then reweight the probabilities, so if it picked A, instead of 50% A, 50% B it'd now be 25% A, 75% B. If it picked A again it'd be down to like 12.5% A, 87.5% B. If B then got chosen, it'd flip flop to 75% A, 25% B, etc. The result was it mostly went back and forth between the two, but would do some attacks 2 or 3 times in a row before switching back to the other.

You can actually play it right here and go direct to the Boss Fight if you wanted to: http://briancable.com/clock-legends/

7
bigato 4 days ago 5 replies      
Now I really want physical loaded dice which follow the gambler's fallacy! Is it too crazy of an idea?
8
vanderZwan 4 days ago 0 replies      
A similar, simpler idea is sometimes used in games: you put all choices in a "bag", then draw from the bag until it's empty, then put everything back.

Tetris is the go-to example. Tetris has seven tetronimos, and in most modern implementations you're guaranteed to see them in sets of seven in random order.

http://tetris.wikia.com/wiki/Random_Generator

This is pretty essential to make competitive play err on the side of skill rather than randomness: pro-players can anticipate and plan for this. For fun, here's a recent Tetris head-to-head speed-run from Awesome Games Done Quick, with pretty good narration about the tactics involved:

https://www.youtube.com/watch?v=PeNB4w99FiY&t=1h21m15s

9
hesdeadjim 4 days ago 2 replies      
This reminds me of Sid Meier's talk at GDC about having to game the random number system because of player's expectations:

http://www.gdcvault.com/play/1012186/The-Psychology-of-Game-...

More often than not, true RNG in game design takes a back seat to fun.

10
Thespian2 4 days ago 1 reply      
For board games, like "Settlers of Catan" where resources are generated based on rolls of 2d6, one could use an analog version of this with a cup containing 36 chits, of the numbers 2-12 according to the normal distribution, _without_ replacement. You would still get the randomness of ordering, but over 36 draws/turns would get a complete "average" distribution.

If that is a bug or a feature is left as an exercise for the reader.

11
kator 4 days ago 2 replies      
I often use google "flip a coin"[1] for stupid things and the other day I was wondering why almost every single time it came up heads. I started to wonder if there was a browser rng problem or the code was crazy etc.

[1] https://www.google.com/search?q=google+flip+a+coin

12
closed 4 days ago 1 reply      
At first I was confused, because statistical models that aren't temporally independent are very common.

But it's very clear from the comments that having dice that aren't independent between rolls is incredibly in demand :o, and having the right words to google can be tricky.

(I feel like there's an important lesson there)

13
onetwotree 4 days ago 0 replies      
Video games, especially competitive ones, do this to limit the effect of randomness on the outcome of the game, while still keeping the sequence of random events unpredictable enough to "feel" random and preventing simple exploits.

DoTA2 uses a simple distribution based on the number of "rolls" since the last successful one - P(N) = P0 * N, where P0 is the base probability and N is the number of rolls since the last successful one[1].

It keeps both "hot" and "cold" streaks from being too much of an issue, although that doesn't stop players from cursing the RNG gods when they lose.

[1] http://dota2.gamepedia.com/Random_distribution

14
eriknstr 4 days ago 1 reply      
> I made a chatbot that rolled dice, and it was constantly criticized for being "broken" because four 3's would come up in a row.

> These accusations would come up even though they (all being computer science majors) know it's possible (although unlikely) for these events to happen. They just don't trust the black box.

This reminds me of a talk [1] given at Game Developer's Conference (GDC) about the game Civilization, in which the Sid Meyer -- creator of said game -- spent a bit of the time talking about the difference between fairness and perceived fairness. The talk is only an hour long and worth watching.

[1]: https://www.youtube.com/watch?v=AJ-auWfJTts

15
root_axis 4 days ago 1 reply      
This reminds me of an article discussing the perceived outcome of RNG decisions in video games. In many types of games, the system will display a percentage chance of success for a given action which allows the player to make risk assessments regarding possible choices. Unfortunately, the unmodified RNG behavior creates an unpleasant experience for the user because the unweighted random outcomes feel "unfair" when failure streaks pop-up, thus, game designers almost always introduce some type of magic cushioning to the RNG so that the user never faces too many repeated failures.
16
_Marak_ 4 days ago 5 replies      
I'm probably very wrong, but I still feel there is some undiscovered science when it comes to RNG and the fallacy of the maturity of chances ( Gambler's Fallacy ).

Einstein believed the universe was deterministic. Just because it appears to us that there is no correlation between independent events ( the roll of a dice ), does not mean that there isn't some underlaying variable that we are unable to measure or perceive which is affecting the outcome of the roles.

17
rivo 4 days ago 0 replies      
The quote at the end is meant as a joke but it's interesting how often this is true. A lot of magic tricks rely on being prepared for different outcomes, while often trying for the least likely one first. This unlikely outcome happens surprisingly often and therefore makes the effect even more unbelievably amazing.

I had a friend think of a playing card and any number (1-52). She picked the 6 of spades and the number 15 which is exactly the position where the card was located. It was only the third time I had done this trick with anybody.

Obviously, card and number picking is not uniformly random, especially when you influence their choice (e.g. "pick a large number"). But the odds of someone guessing the exact combination should still be extremely low.

A lot of what you see from David Blaine on TV is exactly this. He always has a backup plan but more often than not he doesn't need it.

18
YCode 4 days ago 1 reply      
I wonder if this could be / has been applied to loot tables in video games in order to keep the player interested in playing.

I've designed a few loot tables and the Gambler's Fallacy is a criticism I often have to deal with when people don't understand why a given item hasn't dropped despite them having killed a mob enough times to statistically warrant it.

19
erikb 4 days ago 0 replies      
And then there's also the gamblers wisdom: If the dice was facing a 6 for too many times in a row, look for another game.
20
methodin 4 days ago 1 reply      
It's always nagged me that statistical problems are scoped so small. Surely in saying there's 6 outcomes on a dice you'd obfuscated the billions of interactions between atoms and input possibilities in doing so. Thrower A and thrower B will undoubtedly throw slightly different which might actually constraint the outcomes and skew the 1 in 6 percentages?

It's similar to me to condensing 30 characters to 5 via an algorithm. You can go one direction but not the other and if your model was centered around the resulting 5 it doesn't really reflect what's actually happening which may skew the probabilities quite a bit. e.g. if the algorithm was "if first letter is not q, then first letter in output is q". If you were saying each has an equal percentage of occurring it'd be flat out wrong.

* I am not a statistician and have no idea what I'm talking about

21
jonjonjonjon22 4 days ago 0 replies      
I'm not a programmer but I've thought about this a lot. It'd be interesting to know if my simple solution here has something wrong with it.

My idea is based on time - if we assign each song to a 1/1000th of a second, we play the song that matches the 1000th of a second when the next song is called.

In this case, I'm referring to the 1/1000th of a second of current time of day. Depending on the songs position in the second that I change tracks, is what song gets played.

A bit more randomness (if this is needed) could come if we use Pi - for example, we can run through a series in Pi which adds to the ID of the song. Differing track lengths then do the job of ensuring that we always wind up on a different song in the loop.

The above seems to my layman's eye to be a simpler solution, at least.

22
smallnamespace 4 days ago 0 replies      
This shows up a lot (predictably) in actual games, e.g. Hearthstone sells you digital cards, and the randomization specifically guarantees that the time between rare cards is capped [1].

Having unusually bad luck (e.g. opening 100 packs and not getting a single legendary card, when the average would be every ~20 packs) feels bad and probably loses Blizzard a customer, so the solution is to cut off the downside tail of the distribution.

[1] https://www.reddit.com/r/hearthstone/comments/3z7jyh/pity_ti...

23
18nleung 4 days ago 1 reply      
How exactly does the roll() method work? Can't seem to parse the meaning of `runningSum` and `mark`.

 roll() { const sum = this.state.reduce((p, c) => p + c, 0) const r = Math.random() * sum let runningSum = 0 let result = -1 for (let i = 0; i < this.state.length; i++) { const mark = this.state[i] runningSum += mark if(r < runningSum && result === -1) { result = i this.state[i] = 1 } else { this.state[i]++ } } // Add 1, so the die roll is between 1 -> size of die return (result + 1) }

24
colanderman 4 days ago 0 replies      
A simpler (albeit quite deterministic) way of accomplishing this is to use an LFSR [1] or the CRC [2] of an incrementing counter. Such a sequence of values "looks random" under many measures but also has the probability that you will eventually get an even distribution of values (after the period of the counter).

[1] https://en.wikipedia.org/wiki/Linear-feedback_shift_register

[2] https://en.wikipedia.org/wiki/Cyclic_redundancy_check

25
vacri 4 days ago 0 replies      
On a related note, a colleague once worked at a place where they did this for on-call: Everyone has an on-call score. Every week, the person on-call had their score set to zero, and everyone else incremented by one. You could plan out the next couple of months this way, and it provided an elegant way for new hires to take their place - they start at zero, and were generally familiar enough by the time their number came around.

There were some housekeeping rules to work around the organicness of human life - if someone went on holiday they kept their score, for example - but overall it seemed to work.

26
biafra 4 days ago 0 replies      
How do I run this code? I thikn I succesfully installed the package with npm. There were some warnings but no error. But how do I run:

> const RiggedDie = require('gamblers-dice')

> const die = new RiggedDie(20) // for a d20

> console.log(die.roll()) // 1 -> 20

> console.log(die.roll()) // keep using the same instance

Do I put it in a file?Do I copy paste it into a REPL? If so what provides that REPL?

I am always surprised when sample code providers assume I know their languages ecosystem.

UPDATE: Apparently I can use "node" as a REPL for this.

27
nerdponx 4 days ago 3 replies      
This "unfair RNG" issue was big in Dota 2 (a popular video game) for a while. They ultimately implemented something similar and AFAIK now all "random" effects use it.
28
careersuicide 4 days ago 0 replies      
Just wanna say: I love this.
29
biesnecker 4 days ago 0 replies      
In 2010 I asked a similar question on StackOverflow for choosing the option that would have the correct answer in multiple choice tests: https://stackoverflow.com/questions/3099153/better-random-fe...
30
Tade0 4 days ago 0 replies      
Kudos for the "I don't get it" section.
31
mysterydip 4 days ago 0 replies      
This will be great for game developers as many a player has complained that the RNG wasn't "fair" because they got so many fails in a row or never saw a critical hit or whatever, even though it was mathematically correctly random. Thanks, looking forward to using it!
32
dmartinez 4 days ago 0 replies      
I like to think of this as "human random". It's easier to get along with people using this type of algorithm.
33
dllthomas 4 days ago 0 replies      
Sure, the Gambler's Fallacy has worked out poorly in the past... but doesn't that mean it's due?
34
dcookie 4 days ago 0 replies      
This reminds me of the first scene in Rosencrantz & Guildenstern Are Dead. https://www.youtube.com/watch?v=RjOqaD5tWB0
35
emodendroket 2 days ago 0 replies      
This actually seems like it would be pretty good for applications like games or playing random songs.
36
gpawl 4 days ago 0 replies      
The NBA Draft Lottery is similar in spirit:

https://en.wikipedia.org/wiki/NBA_draft_lottery

37
IncRnd 4 days ago 0 replies      
Bingo cards (the real ones, not the theoretical ones) often have human interaction as one of the steps in their creation. This is so they appear random, distinct, without patterns, etc.
38
zem 4 days ago 0 replies      
reminds me of a very interesting demonstration from martin gardner. draw a 6x6 grid, and write a random digit in each cell, proceeding row by row. now count the number of pairs of consecutive (x, x) going horizontally versus vertically; you will almost always get doubled numbers in the columns because that's how random numbers work, but almost never in the rows, because when people are trying to generate "random" numbers by hand they avoid runs or other patterns.
39
exabrial 4 days ago 0 replies      
A good application for this would be prevent "Starvation" when doing random rewards in a video game. For instance, if a special item is to be dropped after defeating a boss...
40
snake_plissken 4 days ago 0 replies      
Random question I've always had issues resolving: if the Gambler's Fallacy is real, how can you detect loaded dice?
41
ProgrammerMatt 4 days ago 2 replies      
Can someone explain to me why there is such a large discrepancy for the different sides for math.random()? seems fairly large
42
sebnap 4 days ago 1 reply      
I think they didn't trust your programming skills as much as the possibility of absurd sequences :D
43
mwexler 4 days ago 0 replies      
Finally, Spotify's shuffle algorithm can be fixed! Thank goodness you created this.
44
overcast 4 days ago 0 replies      
"A terrible idea is born." :D I can only imagine what will be made on top of this.
45
andrepd 4 days ago 1 reply      
Eh, I thought this was something more mathematical, like non-transitive dice (https://en.wikipedia.org/wiki/Nontransitive_dice). Apparently it's... a weighted random number generator? in node.js?
46
mighty_bander 4 days ago 0 replies      
Pshaw. Make real dice that do that and I'll get excited.
47
Sawamara 4 days ago 0 replies      
This is actually useful for many rpg games.
11
How a VC-funded company is undermining the open-source community theoutline.com
642 points by posnet  7 hours ago   247 comments top 53
1
RubenSandwich 6 hours ago 4 replies      
Look at this clear dark pattern: https://outline-prod.imgix.net/20170721-QVaxMDgDwdZ1TBufCdq4.... (Image taken from the article.) Want to use our service, then only lists positives. Or these other services, then only list negatives.

If you're reading this Kite. I now have a negative view of your product. We cannot allow corporations to take over open source tools. Donating is perfectly fine and encouraged, but the above example is a downright take over. If you want another tool then create one, don't take over an existing one and use the communities trust of that tool to promote your product.

2
danso 3 hours ago 1 reply      
This situation seems to have the best and worst of open-source. Best, in that the license of the projects allowed them to be forked without too much effort. Worst, in that it shows how easy it is for a project to be subverted once the maintainers are bought (in this case, given a job). It also remains to be seen if the average Atom user will see the difference between the Kite-branded (and, currently, more popular) and the forked versions of these plugins.

Besides the open source issues, this tactic seems to reveal a massive desperation by the Kite folks. There is no way they couldn't have seen how negative this was going to look once people found out. Their ability to attract new users through word-of-mouth and organic advertising must have plateaued. Sneaking their service into a well-used plugin would have given them a boost in users, maybe enough to attract a new round of funding, but they must have known it would cause this kind of bad blood. Especially based on their past reception on HN, which was highly upvoted but in which they never convincingly answered the concerns about uploading users' source code to the cloud:

https://news.ycombinator.com/item?id=11497111

https://news.ycombinator.com/item?id=13977982

https://www.reddit.com/r/programming/comments/4erqgq/kite_pr...

3
danpalmer 4 hours ago 1 reply      
I've tried Kite twice now. Once when it first launched, and once again when I installed autocomplete-python and it persuaded me to give it another go.

So far I have found it utterly unconvincing to the point of near uselessness. It rarely finds anything intelligent to say about my code, and gives a significantly worse view of documentation than Dash (for which I have a hotkey bound for near-instant lookup).

On top of that, I found Kite to use significant resources, there's no way to inspect what it's uploading so now way to ensure you aren't uploading things you don't want to, and the second time I tried it the UI was filled with dark patterns and I found it quite difficult to uninstall (I reverted to just trashing all the files I could find relating to it).

4
rawland 5 hours ago 1 reply      
Kudos to @mehcode for the fork [1]! And the author @abe33 for the apology [2]! I'm thinking, that @abe33 might not be responsible for this, but was "asked" by his employer (Kite) to do that.

Then, there are alternatives such as sublimetext/vscode, which have the minimap builtin...

Disclaimer: Not affiliated, I prefer n/vim anyways. This is a copy from my comment in the issue. Please read @abe33's comment [2] in the issue. This might explain a thing or two.

--

[1]: https://github.com/mehcode/atom-minimap-plus

[2]: https://github.com/atom-minimap/minimap/issues/588#issuecomm...

5
dessant 5 hours ago 0 replies      
This is the minimap fork:

https://atom.io/packages/minimap-plus

https://github.com/mehcode/atom-minimap-plus

It is a featured[1] Atom package, which may point to whom is GitHub endorsing in this issue, though we could see a more direct response from them regarding both minimap and autocomplete-python.

After reading sadovnychyi's reaction[2] to the autocomplete engine selection screenshot, I think forking is also the only remaining step for autocomplete-python.

[1] https://atom.io/packages

[2] https://github.com/autocomplete-python/autocomplete-python/i...

6
scandox 4 hours ago 1 reply      
> Most users who install autocomplete-python close the engine selection prompt, which results in not getting Kite or its benefits

This type of entrepre-narcissism has to be shutdown hard. How deluded does somebody have to be to imagine that putting a confirm-shaming dialogue in an opensource tool is not Advertising?

7
jtokoph 25 minutes ago 0 replies      
PSA: I removed the whitelisted directory from my local install of Kite and then uninstalled the application. Logging into https://kite.com/settings/files still shows my machine and all of the synced files.

I still had to manually purge my machine and files from that page.

If you think your files were removed, check again.

8
tnone 4 hours ago 1 reply      
The answer to this should be a resounding "fuck off and don't come back".

Open source is great because it is generally free of this pushy and disingenuously non sense. Defection over cooperation leads to the detriment of the commons.

9
oxguy3 12 minutes ago 0 replies      
> I apologize in advance that I can't answer any further questions, he wrote. I need to focus on other parts of the business, including continuing to improve the product for our users, and conflict like this is always doubly distracting.

If you don't have time to deal with controversy, maybe don't take actions that will inevitably lead to it, eh?

10
jchw 3 hours ago 1 reply      
I think we need a swift and damning response to this. I'd rather have an even worse walled garden than the Apple 'App Store' than deal with having to worry about my source code getting stolen to be used by some stupid cloud service. I don't even want data collection in my text editor; maybe from the vendor its acceptable but not N times for each plugin. I now feel compelled to vet the network usage of any plugin I install.

Thanks, Kite. I'll make sure to remember this in case anyone ever considers your service.

11
cronjobber 3 hours ago 5 replies      
Google introduced and normalized the spyware/adware business model. Nothing but fawning adoration from programmers.

Microsoft copied the model for operating systems. Token resistance from programmers.

Kite copies the model for programming tools. Too late, programmers.

12
vultour 2 hours ago 2 replies      
Holy shit that 'apology' is a steaming pile of crap. This guy is actively subverting not one but multiple open-source projects and he responds with some pathetic crisis-management sob story and an 'oops, sorry'?
13
omginternets 5 hours ago 0 replies      
I just uninstalled Kite.

It's a real shame as the service was good, but nothing is good enough to justify advertisements in my work-space. The fight against distraction is hard enough as it is without having to think carefully about where I'm clicking due to dark-pattern UI.

14
mercer 2 hours ago 0 replies      
Honestly, I feel that at the very least the core team behind Kite should be held accountable for what they're doing. I'm not arguing in favor of an all-out witch hunt, but in the context of developers doing their development thing this kind of behavior should have consequences that potentially might include 'black-listing' at least the higher-level people behind it that thought this was a good idea.
15
billdybas 3 hours ago 1 reply      
It's nice this is getting more response today - my submission yesterday got no comments.

I almost spit my coffee out when I learned about this (as I'm a minimap user who had no idea this was going on). Not a fan of these shady practices - completely breaks the trust between package maintainer and users.

16
thehardsphere 35 minutes ago 0 replies      
> Although Kite has no business model yet,

This is actually the most ridiculous part of the entire story.

It would be one thing if a corporation was stealing your code and taking over open source projects as part of a detailed plan to make money. That would still be objectionable, but at least there would be a clear motive for these voyeuristic activities.

Apparently, there is no master plan. They're just doing this because they want to be voyeurs and then maybe figure out how to make money off of that somehow later.

17
oefrha 18 minutes ago 0 replies      
I remember the day Kite was launched. I took a brief look, realized it would be uploading entire codebases of mine to their servers, and said no.

The fact that they have since slipped their stupid product into popular open source tools (probably because it isn't as well received as they thought it would be) is very similar to how some douchebags buy up popular browser extensions, then inject ads or do more nefarious things with them. Utterly distasteful.

18
2sk21 3 hours ago 3 replies      
Open source is very vulnerable to manipulation. Some years ago, I spent some time trying to understand the PAM module LDAP module on Linux (PAM is used to enable external authentication so its critical code). I found it to be completely impenetrable. We take such components for granted but if someone could inject malware into such code, it could be catastrophic.
19
jlangenauer 2 hours ago 3 replies      
This is one of the things that makes me think software development, like most other professions, should really have a formal code of ethics. If a lawyer or a construction engineer tried to do something equally dodgy, they would very soon find themselves hauled before a professional authority.

It should be made clear to the employees, management and investors of Kite that this is the sort of thing that marks you as someone willing to engage in unethical and underhanded behaviour. I wouldn't hire any such person into any team I manage, and I suspect quite a few other people wouldn't either. Actions have consequences. Especially unethical actions.

20
jancsika 1 hour ago 1 reply      
Dear free software and/or open source zealots:

Please use your skills and spirit to fork both of the projects in question and put one of your known good actors in charge of each.

Either new project leaders are available and will immediately come forward to claim these projects as their own, or we need to change the subject to FLOSS sustainability.

21
numbsafari 3 hours ago 1 reply      
So, what prevents any Atom package from being silently taken over and turned into a private code Hoover? Is there anything in Atom's packaging APIs that ensures plugins that can read source cannot also access the network without permission?
22
bloomca 5 hours ago 1 reply      
If you are looking for the github thread https://github.com/atom-minimap/minimap/issues/588.
23
sdwisely 10 minutes ago 0 replies      
For some reason that animated underline makes me feel like I can only read one word per minute.
24
intoverflow2 18 minutes ago 0 replies      
I'm curious to what the ads looked like? I installed it but can't see them and the article only includes it's own ads for razors not pictures of the ads it's talking about.
25
nv-vn 2 hours ago 0 replies      
Can't wait till someone hacks Kite and exposes some major company's source code. Will be very interesting to watch the legal response to that.
26
codepilot 32 minutes ago 0 replies      
If someone approved their own PR in our team they would have some explaining to do, approving your own PR in an Open Source project - SMH
27
bauerd 2 hours ago 0 replies      
Aaand into the /etc/hosts kite.com goes. Can anyone paying for their product post their other (AWS?) hosts?
28
AdmiralAsshat 42 minutes ago 1 reply      
Not sure how the Atom plug-in store works: if this were yum / CPAN / pip, I would think there'd be some way to kick these plugins out of the stores and force anyone who really wants it to install manually. I think that's the best way to tackle this kind of deception: fork it, kick it out of the app stores, and make it difficult as possible for someone to inadvertently download the adware-written version.
29
dsign 2 hours ago 0 replies      
Things like this are bound to happen, as long as people have to pay their bills and they don't get as much retribution as they would like for their work. If the original authors of the plugins that Kite took over had got a dollar from each user, maybe they would have thought it twice before handing over their creations to a company with dubious purposes.

I have been saying it for a long time: we need better and more flexible software markets, and as developers, we should appreciate the work and time of fellow developers and as a matter of principle try to compensate them.

30
barking 50 minutes ago 1 reply      
I'd never heard Kite until today and following a one of the links ended up at Adam Smith's blog a couple of hours ago. I did no more than to read a blog post.Just now I went to checkout from my local tortoisesvn repostitory and instead of the usual local address this was present as the repository url:

>"http://adamsmith.cc/"

I have no idea how that could have happened.

31
roesel 3 hours ago 0 replies      
Whenever I see a screen like this, I just use the "local engine" and make sure I never use the suggested product, ever.

Have fun finding customers Kite...

32
quantum_state 3 hours ago 2 replies      
We, the open source community, need to respond to this pollution firmly and decisively. Apart from removing the sneaky code put in for these types of purpose, we may need to consider adjusting the licensing to forbid such doing ... the entire open source world need to unite against this ... it is threatening the future of open source.
33
jdenning 4 hours ago 1 reply      
The "Kite Effect": when a company implements a marketing strategy that does more to deter potential customers than attract them.
34
roadbeats 6 hours ago 2 replies      
> It is unclear what Kites business model is, but it says it uses machine-learning techniques to make coding tools. Its tools are not open source.

I've never heard of such a thing before. Could someone explain how would they use machine learning for building coding tools ?

35
dabei 2 hours ago 0 replies      
This is evil. We need a way to deter activities like this. The public shaming on HN is a good first step but this would be forgotten too quickly. Any ideas?
36
tangue 5 hours ago 1 reply      
Time to write Adblock for code editors.
37
amelius 2 hours ago 1 reply      
Can't we have laws against software that combines ads with spyware (or user tracking for that matter)?
38
kayoone 2 hours ago 0 replies      
I think what Kite is doing isn't very smart, their audience are developers who will usually not put up with stuff like this so easily.
39
CodeWriter23 12 minutes ago 0 replies      
FFS, "Fork this on Github'
40
Dowwie 1 hour ago 0 replies      
I wouldn't be surprised if this leads to click-wrap terms of use prior to installing Atom packages..
41
sebleon 4 hours ago 0 replies      
> It is unclear what Kites business model is

Their business model is to sell subscriptions to a premium version:https://kite.com/pro#business

42
tzs 4 hours ago 0 replies      
It's not clear to me from the article or the comments what it was actually doing.

Looking briefly at kite.com, it looks like they provide a potentially useful tool/service that is kind of an alternative to searching the web for documentation.

What I can't tell is whether what they did was make minimap incorporate results from Kite, so that you were essentially getting the Kite service (or a light version of it) bundled with minimap, or if they were putting ads for the Kite service in minimap, or if they were putting ads for other things in there.

43
DrFukushima 1 hour ago 0 replies      
Merge request to remove Kite in minimap was closed: https://github.com/atom-minimap/minimap/pull/596
44
microcolonel 29 minutes ago 0 replies      
This is a bit hyperbolic. If the original maintainers of a project are making changes you don't like, just fork it.

That said, if I was already unlikely to trust Kite, I don't want to work with them at all given this behaviour. Betraying the trust of a significant portion of your potential customers is a sure way to be exed from an industry you never capitalized on. Congratulations, Kite.

45
bluepeter 3 hours ago 0 replies      
Bottom of the Kite web site I find this tell: "Made with [love emoji] in San Francisco"
46
fh973 4 hours ago 3 replies      
That sounds Atom plugin specific. Do Atom plugins not run in some sort of Sandbox?
47
thrillgore 1 hour ago 0 replies      
Is there a comprehensive list of Atom extensions that are maintained or used by Kite? Or should I just write off Atom altogether?
48
thrillgore 1 hour ago 0 replies      
I personally want to know why Kite decided to show up uninvited in Atom. I don't want this shit, I don't care about it, if I wanted documentation i'd use Sphinx or Doxygen.
49
toyg 2 hours ago 0 replies      
It is somewhat ironic that the community affected is the Atom one, which was supposed to be built by (and for) next-gen cloud-first types who live in the browser. If all data has to live in the cloud, your source code will inevitably get there too - because source code itself is data. Sure, Kite went about it with an anti-pattern, but that makes little difference. Live by the cloud, die by the cloud.

Let's be honest, the real problem here is that Kite's offer is still not good enough. The service they provide at the moment is not worth handing out all your code, unlike with services like GitHub; and their leadership is not seen as smart (or honest) enough to tolerate them taking stewardship of this or that established project - something that happens every day in the OSS world (loads of companies de-facto own this or that OSS project, from RedHat to Google to Ubuntu to IBM, steering as they see fit).

As soon as Kite (or anyone else) can provide a compelling service, people will go to great lengths to use their stuff and give them their code, without any dark pattern being required - ethics be damned.

50
jwilk 1 hour ago 1 reply      
Why is the submission title different than the original one?
51
GoToRO 6 hours ago 1 reply      
Why not use this to fund open source? Have a checkbox to disable ads if you really want to give people freedom. I just can't see how open source can compete without enough funds.
52
waynenilsen 3 hours ago 1 reply      
I see nothing wrong with this. This is why open source is beautiful. If you don't like what some contributor is doing, fork it. Kite can even pull in updates from the main fork. I think this kind of thing happens all the time just not publicly.
53
conradk 4 hours ago 1 reply      
To me, it looks like Kite miscommunicated but didn't propagate spyware. From what I understand after reading the related issue on Github, it did not do any requests to its servers without explicit user permission.

And I think the bigger problem is that 3rd party plugins are becoming a thing. Now, it's all about plugins, installing dozens of plugins that are difficult to audit before hand. It's like blindly installing software from torrenting sites, but shinier because it has the Github stamp on it.

12
Master Card, Cisco, and Scotiabank Join the Enterprise Ethereum Alliance entethalliance.org
447 points by 52-6F-62  5 days ago   163 comments top 21
1
dpc_pw 5 days ago 4 replies      
How pointless.

The whole point of Bitcoin was to have uncensorable, decentralized asset that can be used to exchange value without any trust etc.

That is the only reason we endure this utterly shitty and inefficient blockchain thing, and we exchange money for this otherwise pointless online points.

I have no problem with ETH as cryptocurrency / smart contract platform. But this whole Enterprise Ethereum Alliance is just one big BS. Etherum community is trying to pump ETH value by associating with brand names, and corporations are trying to pump their stock value by presenting themselves as innovative. BS - empty words and marketing gimmicks. Just read through that page.

Just watch Blockchain vs. Bullshit:https://www.youtube.com/watch?v=SMEOKDVXlUo

2
abrkn 5 days ago 5 replies      
At this time, there are 78 comments to this post, none of them addressing technical concerns. Quite unusual for HN.

I've devoted my life to cryptocurrency since 2011 and still question whether or not this system even makes sense. It seems too expensive with the technology we have today. Once privacy, such as zk-SNARK, is added, it becomes unreasonable.

Perhaps this is what a bubble looks like. I wasn't there for the dotcom boom. Loss of critical thinking.

3
Asdfbla 5 days ago 5 replies      
Always surprises me a bit because it seems to me like those large corporate players don't necessarily need all the features offered by Ethereum (or Bitcoin), especially proof-of-work, since there's enough non-adversarial cooperation between them that a simple distributed ledger with traditional (efficient) consensus mechanisms would suffice for most of their applications. They wouldn't have to deal with the drawbacks of Ethereum's very strict threat model.

I'm curious what applications they have in mind, or if they maybe just participate to get in on the hype and explore their options.

4
Veelox 5 days ago 3 replies      
It seems like Ethereum is getting a lot more industry support than Bitcoin ever did.

If Ethereum continues it looks like it could kill off Bitcon, the looming possibility of a hard fork might be contributing make that happen really soon.

5
Animats 5 days ago 1 reply      
Where are the press releases from Master Card, Cisco, and Scotiabank about this? Press releases of "big company partners with little company", coming from the little company, are always suspicious. It may just mean "they signed up for our mailing list".
6
Torai 5 days ago 5 replies      
> The EEA describes itself as a standards group designed to help enterprises build their own interoperable technology, mostly using private versions of the ethereum blockchain.

Ether price soaring right now, but isn't Master Card's bussiness direct competition of the public Ethereum blockchain as a payment system?

7
otto_ortega 5 days ago 1 reply      
Based on this, it seems to me that financial corporations didn't want to take the risk of decentralized crypto-currencies making them obsolete, so they decided to create their own crypto-currency, one they can control...
8
52-6F-62 5 days ago 3 replies      
I heard the head of R&D (of Scotiabank) talk at a conference a little over a month ago and at the time he made it seem like Scotiabank had experimented with existing cryptocurrencies and blockchain tech and were disatisfied and thought it would be some time before the technology was approachable for their bank. I guess they were just playing coy.
9
CalChris 5 days ago 1 reply      
I suppose the Enterprise Ethereum Alliance should be contrasted with IBM and friends Hyperledger. These are a couple of well backed consortia which from 30,000 feet are similar.

https://www.hyperledger.org/

10
cmurf 5 days ago 1 reply      
Andhra Pradesh, one of the four who have joined this alliance in the announcement, is a state of India. Visakhapatnam is its largest city, with just about 50 million people, more than the state of California.
11
Abishek_Muthian 5 days ago 0 replies      
Title didn't mention the significant partner showcased in the website - 'Andhra Pradesh Government'. The first state govt (India) outside the US to join the alliance. AP was recently divided into separate state (Telengana) and lost it's capital (Hyderabad- home to top IT MNC's) to it. They are actively investing in Fintech, including a new institute for blockchain - http://www.apeita.in/blockchain/
12
spocklivelong 5 days ago 1 reply      
I'm really surprised at seeing Govt. of Andhra Pradesh here. Curious how they got here in the first place.
13
evanvanness 5 days ago 0 replies      
If you'd like an easy way to keep up to date on Ethereum: http://www.weekinethereum.com
14
lpasselin 5 days ago 8 replies      
What are the advantages Ethereum has over Bitcoin, except faster transactions?
15
45h34jh53k4j 5 days ago 3 replies      
If you are into the EEA, you should check it out its cousin, the Monero Enterprise Alliance: https://mea.business/
16
whazor 5 days ago 0 replies      
Ethereum itself can be used as a financial language, which can be quite revolutionary for the banking industry. Instead of using the proof of work consensus, banks could have their own consensus method. Which does allow for the order of scale that the real world needs.
17
33W 5 days ago 1 reply      
I see the mastercard logo, but not included in the list.
18
wideem 5 days ago 5 replies      
Ethereum as a currency will never go mainstream with a price swings like this
19
ComodoHacker 5 days ago 0 replies      
No mention of Master Card. Mods please edit the title.
20
iosDrone 5 days ago 0 replies      
To the moon!
21
jdlyga 5 days ago 2 replies      
It's too bad that Etherium prices are down so much right now from a few weeks ago.
13
Computational Linear Algebra fast.ai
498 points by julianj  1 day ago   51 comments top 12
1
thearn4 1 day ago 2 replies      
Looks like a reasonable overview of applications of dense linear algebra operations, with very specific applications in mind.

I feel like iterative Krylov subspace methods should be around somewhere, but to be honest I'm not sure what the applications space for linear inverse problems looks like in the deep learning domain. So maybe that wouldn't quite fit (despite me finding it to be pretty cool, and these methods sort of eating the lunch of most other inverse methods).

I'd round out the course maybe with a read through of Trefethen-Bau, Numerical Linear Algebra for those new to the topic area.

2
rabreu08 1 day ago 2 replies      
Looks like a good course. I think it would benefit if they added some module on implementing some basic Linear system of equations solvers, like gradient or steepest descent. Or even GMRES/MINRES or so.. The amout of knowledge that i gained from trying to implement these was remarkable.
3
flor1s 10 hours ago 0 replies      
Thanks for sharing this, it seems like a lot of interesting material is being discussed. The audience seems to be more like the hacker news visitor than the average student though, as it feels like little hand holding is provided.

I've just started lecture 1 but I already felt some minor frustrations:

- One of the links in the first lecture is to a notebook about intro to convolutions but that notebook is just a big code dump.

- After executing the exercises, you lose the expected answer. It might be better if the answers were included as a comment in the code fragment.

- Sometimes the given answers are not actually the answer but just the computation performed as part of getting the answer. I.e. for the matrix-matrix products section in lecture 1 the suggested answer is just the resulting matrix from doing the matrix product, but according to the question in the text the answer should be the actual cheapest shop.

- Is this a USF course or a fast.ai course?

I don't know if the author is planning on improving the material, because right now it feels a bit like a beta version.

4
fdej 1 day ago 2 replies      
> Locality: traditional runtime computations focus on Big O, the number of operations computed. However, for modern computing, moving data around in memory can be very time-consuming

I need to nitpick here... Big O notation is a way to describe growth rates of functions. You can count data movements (or anything else) with Big O.

5
lemming 1 day ago 3 replies      
For someone with an ancient undergrad math background and only "interested observer" level of machine learning knowledge, would it be better to do this course before tackling the deep learning one?
6
ceyhunkazel 1 day ago 0 replies      
Top-down approach is the best approach to teach and learn well done!
7
will_pseudonym 1 day ago 0 replies      
I'm hooked by the title and excited by teaching people about the linear algebra gospel. Powering search engines forever.
8
taw55 1 day ago 1 reply      
Would one get much out of this course with only minimal ML background?
9
kyrre 1 day ago 1 reply      
Why 'computational' and not 'numerical'?
10
stuartaxelowen 1 day ago 5 replies      
... What part of linear algebra isn't computational?
11
ianai 1 day ago 0 replies      
I've been wanting to do a math refresher in linear or modern algebra for a while...tempting.
12
unityByFreedom 1 day ago 0 replies      
I'm excited to do this after I get through as much of the DL course as I can. Maybe that's a bit backwards but whatever.

Thanks for your hard work, Rachel! Really curious what you two will get up to next.

14
Ways a VC says no without saying no unsupervisedmethods.com
381 points by RobbieStats  3 days ago   169 comments top 41
1
AndrewKemendo 3 days ago 8 replies      
These are all still pretty fast No's in my experience.

The worst No's are the ones where they ask to do Due Diligence and then never open the dropbox folder. Or if you are on your fifth meeting and they just keep trying to pump you for competitive information.

So how do you know when you get a Yes?

When you get a wire or a check. That's the only way.

Even a signed note or Equity docs don't mean anything until that money clears.

The best No's I've had were from Bessemer and a16z years ago. Almost immediate and right to the point that they wouldn't invest, with specific reasoning/metrics behind them. A++ would get told no again.

2
chris_va 3 days ago 3 replies      
From the VC side, it looks like this:

"LOOK AT ME LOOK AT ME LOOK AT ME! Ok, what do you have? 40 slides that tell me nothing other than you have a big vision and if you own 10% of <insert market here> it will be worth a lot."

At this point, VC options are:

1) Hard pass (crazies, maybe 60% of people pitching), but you want them to still refer their friends for better deal flow, so <insert excuse here> that makes them feel better about rejection.

2) Soft pass (30%): maybe they have something, hard to tell without spending weeks figuring out what they really meant, and if the team is even the right team to be solving the problem, much less actually competent. Give them some <come back when> that doesn't ruffle them too much.

3) Next stage of funnel: The 10% that actually got their concept across, explained why they are a good team to implement it instead of the other 10 people you heard with the same idea, and why now is the right time. Enter diligence, and hopefully you can convince the other partners that you aren't crazy by taking a chance on them.

3
yodon 3 days ago 4 replies      
As an entrepreneur, I find it valuable to have coffee with entrepreneurs I don't know and listen to their pitches, founder-to-founder. When I do this, just like VC's, I find most of the pitches I hear are terrible ideas pitched by people with no knowledge/experience of the industry/problem they are trying to solve.

Why do I find this helpful? Because I watch my own reaction to the experience. I've just met this person. They've just told me their dream, the thing they quit their job to do, invested years of their life in, and it's an absolutely terrible, terrible idea. What do I do?

If I can, I give them good advice within the confines of what they are trying to do. And in almost all cases that's as far as I can go.

I just met this person and they just met me. It's not my job or my place to crush their dreams and the odds are vanishingly close to zero percent they'd listen to me if I tried, so I don't (think about all those VC rejections, how many of those VC rejections causedthe entrepreneur to drop the idea? The answer is probably pretty close to zero).

Even with close friends, it's very dicey whether to say "I think that idea is a mistake" because most entrepreneurs are so driven by passion (and need to be).

Each time I hear one of those terrible pitches, I try to remember this is why VC's don't want to tell people solid no's, and this is why I should be so appreciative for every hint of criticism I've ever received. Because people will absolutely tell you your idea is great and they'll almost never tell you what's profoundly wrong with it. I put as much truth and as much insight into my answers and observations on those painful pitches as I think the entrepreneurs can hear, and hope they'll eventually internalize it and pivot in a better direction, because "please, for the love of god and your family and mortgage, stop what you're doing now" simply isn't an ansewer the entrepreneur will be able to hear from a stranger (or probably even a close friend).

4
lisper 3 days ago 4 replies      
He left out an important one: sometimes VCs say no by saying yes. It goes like this:

VC response: We're really interested and we want to do the deal, we just need to wait to hear from partner X who is currently out of town.

Translation: We are about to fund one of your competitors, and we want to string you along as far as possible in the hopes that we can distract you from other fundraising efforts so that you will be less of a threat to our baby.

Comment: It's not a "yes" until the check clears. (And even then you should probably wait two weeks just to be sure.)

5
lpolovets 3 days ago 0 replies      
Most of these basically bucket into "I'm not interested" or "I'm not interested at this time, but I think that might change in the mid-term future."

Why are there so many ways to say No? Because just saying "no" is rude -- although some of the 15 alternatives in the Medium post are even worse because they waste a founder's time. It's like if a recruiter reaches out to you: most people don't reply, or they reply with something like "sorry, this is not a great fit" or "I'm not looking at this time."

FWIW, there are many VCs (though probably not the majority) that give concrete reasons when saying No. When I got into venture capital 5 years ago, many peers told me to be vague in order to maintain option value in a company's future fundraises. That sounded dumb to me because if I were a founder I would want feedback, so I try to give useful feedback when I'm passing. That's worked out well over time, and founders whose companies I passed on often introduce me to other founders, or reach out when they're fundraising again.

6
kinkrtyavimoodh 3 days ago 4 replies      
I don't like the tone of this piece.

It makes it sound like all startups out there have a RIGHT to be funded, and annoying, idiotic VCs just say no them... how mean of them.

But plenty of startup ideas are BS, plenty of founders are incompetent, and they don't automatically deserve a VC's ear, let alone their money. Why do they think they have the right to an audience? I know that you can have exceptions (Harry Potter was rejected by some 12 publishers before Bloomsbury took it), but if no VC is willing to even listen to you, consider that you are the problem, and not the VC industry.

I know that a bit of boundless optimism on behalf of the founders is needed for startups to succeed, but exercise that optimism in your own time and on your own dime.

7
jscheel 3 days ago 1 reply      
I got some good advice in 500 a few years ago when trying to raise a Series A. We were getting the "location" excuse over and over. It usually went something like, "we love what you are doing, and we would probably invest in you, but your location is a non-starter for us." The truth, as was illuminated to me during, is that they just aren't interested. If you were a compelling enough business for the investor, your location would not be a factor. If you can prove that you are succeeding in your location, then the location obviously isn't an issue. Too many investors saw our location as an easy out, and it took a while to understand that. We had way too much hand-wringing about upending our families and moving to the Valley to try to secure investment, when we should have just been looking inward at our own shortcomings.
8
jedberg 3 days ago 6 replies      
The most frustrating no I've gotten, repeatedly, is "We'd love to get in on this as soon as you find a lead investor".

Translation: We don't really believe in your idea or you, but if you get a big player to put some money in we'll be happy to follow them.

9
jroseattle 2 days ago 0 replies      
Best "no" conversation I ever heard.

Us: how did you like our pitch?

VC: we're a no, because we don't trust your unit economics.

Us: fair enough. Could you please share some scenarios you've invested in where there were parallel unit economics to us? We'd like to understand what you know about our space and where those economics make sense to investors such as yourselves.

VC: certainly! We have an investment in <X> that's in your space, and their unit economics look great! The assumptions you have and the ones they have are about the same, but look at their margins!

Us: ummm, so that's a function of revenue/price that we don't believe is even feasibly attainable. Our margins are smaller because we think the per-unit revenue is going to be challenged. It's why our numbers are fairly skeptical.

VC: well, we believe they can reach that (unfounded) level of revenue.

Within a year, the company this group funded was raising a Series A to stay alive because -- drum roll please -- the unit economics were not panning out.

I say this is the best "no" because we had hard feedback on what worked for them. It also let us know they didn't really understand how price in our market space was going to have downward pressure. Our approach was to start very cheap, then improve over time. These investors weren't interested in that approach; rather, they went with the team who had "better margins".

We learned a lot, and kept learning, from this investor's "no".

10
jacquesm 3 days ago 2 replies      
The reason VCs say no 'without saying no' is because they would like to keep the door open in case you and your crazy idea - against all odds - succeed and need a follow on investment a while from now.

The reason they say no to begin with is because you are not pitching in a vacuum, you are pitching together with another 1,000 or so companies in a year, 900 of those will get 'no' right off the bat, 100 will get a meeting (or two) dedicated to reviewing their proposition in more detail, 10 of those will enter due diligence (at substantial risk to the VC in case the deal does not go through) and maybe 8 out of those 10 will get funded.

The amount of time wasted on worthless pitches by people that don't stand a chance of getting funded is very large, and no amount of feeling that you are entitled to funding is going to get you funded unless you manage to convince the other side of the table that you are one of those 10, which means you need to look better than the other 990. Good luck!

11
dfjpitcher 3 days ago 0 replies      
Gave a presentation to an analyst at DFJ. Showed her an alpha prototype. She said, very interesting, but we really wanted to fund <competition>. That other company was in a similar space, but did not have the product that we demoed. Then they got funded by DFJ and in 6 months, that company released an inferior clone of our demo. In 2-3 years they got acquihired by Google (the founders did not do very well judging from their subsequent LinkedIn jobs), and Google shut the product down. Our product grew bootsrapped and has been feeding us for 10 years, without making anybody rich, just comfortable.
12
keithwhor 3 days ago 0 replies      
I think the thing to realize here is that "no"s aren't personal.

Well, I mean, sometimes they are. But they're usually not. A $1B fund has roughly three years to allocate that $1B in resources --- that's nearly $1M a day. You need to make sure that the speed at which you're expected to invest doesn't detract from the quality of deals, so your bar has to be extremely high.

I think a valuable skill to develop as a founder is to recognize the difference between; "no, but I like you" and "no, and I don't like you / don't care." This industry is built on relationships. Unfortunately there will be a ton of people who just don't give a shit about you. But the ones that do, they're going to help unlock doors for you, and even if you get a "no", focus on recognizing real "clicks" with people.

13
tommynicholas 3 days ago 0 replies      
There are two versions of this one:

"VC response: Wed love to get in on this as soon as you find a lead investor!"

The first is "talk to us when you have a lead". That's not helpful and it's bullshit. When you have a lead you can always raise as much money as you want - I do not contact these VCs back when I get a lead.

"We are 100% committed for at least $X00,000 if you get a lead or fill out the rest of the round" - very helpful, shows conviction, etc. This version is still not great, but look everyone can't be a lead, and having good folks 100% committed with $$ amounts shows a lead you have interest and will quickly fill out a great round around their check.

Don't do the former, only do the latter.

14
emiliobumachar 3 days ago 0 replies      
Pg:

"Here's a test for deciding whether a VC's response was yes or no. Look down at your hands. Are you holding a termsheet?"

From http://paulgraham.com/guidetoinvestors.html

15
KirinDave 3 days ago 0 replies      
Best "No" I've heard recently: "Are you way too early this time? Because last time you were way, way too early."
16
redm 3 days ago 0 replies      
The one that was missed is where the VC is really excited during the meeting, does more research after the fact, and then switches to one of the provided answers. In my experience, VC's don't do any research UNTIL they are excited.
17
Alex3917 3 days ago 0 replies      
Trying to recognize noes from investors strikes me an being a bad framework for thinking about business. Of all the investors whom I've asked if they'd like to receive an email update every time we add a zero to our core metrics, I've yet to have a single one say no. It's your job to make a good product with good economics, marketing, retention, etc., and to consistently grow your metrics. If you're not willing to actually do this and demonstrate progress on a regular basis then why would you expect anyone to fund your company?
18
EGreg 3 days ago 4 replies      
Seriously, with all the new crowdfunding and ICO options, why fight to convince the gatekeepers like VCs when you can first try to convince some percentage of the population to each put in a small amount?
19
rdlecler1 3 days ago 1 reply      
Of all the VCs I spoke with, ba16z was the best. They were proactive in reaching out (2nd3rd/4th+ teir VCs are lazy), they gave you a quick no, acknowledging their fallibility, and telling you why they passed. That said if you randomly email a VC and don't hear back, they're not obligated to respond. They get hundreds of inbounds each month and 99%+ are simply uninvestable.
20
Mz 3 days ago 0 replies      
I have had a class in Negotiation and Conflict Management. If you haven't had any training in negotiation, at least get a copy of the book "Getting to Yes." It is short and research-based.

It takes time to broker a deal. (Of course, that doesn't mean every single person is being straight up honest with you every single time they communicate.)

This article kind of admits to being perhaps unnecessarily snarky. ("Note: Im normally not this cynical, but this article was fun to write ") I don't have experience trying to woo VCs for an investment. But closing a big deal tends to be time consuming due to the slow process of gradual exposure of pertinent info on both sides.

So, I am reluctant to take this article too seriously.

21
pcsanwald 3 days ago 0 replies      
There are a bunch of variants for B2B as well:

"We see you have X reference clients, and usually like to see X+2 reference clients"

"We'd like to see you get a little further along in terms of product/market fit, and then let's talk"

22
netvarun 3 days ago 1 reply      
"Let me circle back."
23
dccoolgai 3 days ago 1 reply      
Having never been around the West Coast tech scene much, it sometimes seems that there is almost a tacit expectation that someone "owes" you money for your idea. Without commenting on whether that is "bad" or "good", it's just interesting to compare it to the attitude most of the people I know who start businesses on the East Coast who would find it at least odd if not right outlandish that someone would give you money before you demonstrated in some concrete way that you have the ability to tender it back with some form of interest.
24
miiiiiike 3 days ago 1 reply      
It's not just VCs. Over the past three years I've noticed that more and more people in general are giving "positive sounding words" instead of a yes or no. Designers, developers, writers, business people, from every part of the world.

The best people I've worked with have always gotten back to me right away with a concrete yes or no. I do the same, anything else is a waste of time. As soon as someone starts giving me anything like the responses in the article I move on.

25
vit05 3 days ago 0 replies      
So how do you know when you get a Maybe? Every time you do not get a yes, does it mean you got a no?

I have contact some VC using emails and showing my MVP. Usually they ask some questions, or give some advice. Sometimes they say No, but for now... Other times they said that it is not a fit for us. One of them say that we are in a different country and that he preferred to talk in person.

26
websitescenes 3 days ago 0 replies      
I've experienced at least two of these responses in the last few months. Your write up has confirmed some of my suspicions. Tying to raise funds is hard! Luckily I have enough saved for a six month runway, that will get me to beta and hopefully a yes on some venture capital. Thanks for sharing.
27
jaxomlotus 3 days ago 0 replies      
> VC: Thanks, but this isnt a fit for us right now. Lets keep in touch.

I don't see what's wrong with this. It's a clear no without slamming the door on a future investment should the scenario change. If the VC would say "VC: Thanks, but this isnt a fit for us ever" that would be shortsighted.

28
rdtsc 3 days ago 1 reply      
Is it a pretty safe bet to say if VC-s are not calling you asking to invest, there is little chance you'd get them to invest by calling them.

Also there 0 downsides for them just stringing you along as other pointed out. "We are totally interested, lets see your details blah blah" then pawn you off to Hayden.

29
jaoued 3 days ago 0 replies      
So funny to read and so true. Moral of the story, best money to secure is the one from customers. Much more difficult to get but so rewarding and the types of answer we get from prospective customers does not exceed 3.
30
dboreham 3 days ago 0 replies      
Well, statistically whatever the VC is saying, it means "no".
31
danm07 3 days ago 0 replies      
In my experience, everything but "yes" means no.
32
ourcat 2 days ago 0 replies      
In my experience, some would just never come to Terms and just 'ghost'.
33
kalal 3 days ago 0 replies      
I never got this business in business. If your idea is really good, then you don't need to ask for money.
34
lafar6502 2 days ago 0 replies      
Boo hoo hoo, bad daddy not giving candy when asked...
35
fuzzieozzie 3 days ago 0 replies      
Everything short of seeing the money in your bank account is some version of "No."

Now get back to work!

36
erik_landerholm 3 days ago 0 replies      
My shortened version of the answer to this topic: if they don't say yes, it's no.
37
Odenwaelder 3 days ago 0 replies      
Why not just say "no"?
38
losteverything 3 days ago 0 replies      
Im curious, are there serial pitchers? Round after round of "nos"
39
rickdeaconx 3 days ago 0 replies      
This is so painfully accurate.
40
graycat 3 days ago 0 replies      
Here I consider just early stage information technology VC -- later stage and bio-medical can be much different.

Yup, from my experience, the OP has what a lot of VCs do.

One thing for an entrepreneur to do is to read some remarks from a VC or their firm about what their interests are. Then, when their interests well cover my startup, I write them and explain how their interests cover my startup. So, sure, I rarely hear back with anything and otherwise nearly always just as some in the OP.

So, then I get pissed: (A) They said what their interests were; (B) I wrote them showing how their interests covered my startup, but (C) they ignored my contact. Bummer. So I used to, sometimes, wait a week or two and then write them and say that they were so unresponsive that there would be no way we could work together successfully and stated that I withdrew my application.

Since then, in part I wised up. By process of elimination, I began to conclude some basic facts about VCs.

(1) Mostly their stated "interests" don't much matter.

(2) They actually do have some interests and these are nearly universal across VCs and their firms: They are interested in traction, significant and growing rapidly, especially in a large market.

(3) Really, the situation is essentially as in the old Hollywood line, "Don't call us. We'll call you." Or, really, VCs want to learn about the startup from existing buzz, virality, etc. They want to see the product/service, play with it, and try to estimate how successful it will be in the market.

(4) For a first step, for a VC, (1)-(3) is about all that matters.

Actually, (1)-(4) seem to be so astoundingly uniform that they must have some common cause. My guess at the common cause is the larger LPs, e.g., pension funds; they insist on (1)-(3).

For me, I'm a sole, solo founder, toilet cleaner, floor sweeper, ..., computer repair technician, systems administrator, ..., programmer, user interface designer, data base administrator, software designer, product manager, CTO, COO, and CEO with a tiny burn rate. Some venture funding could have made some of the work go faster, but really I haven't needed venture funding and don't really need it now.

But with all the above, there is a surprising situation: My burn rate is so low that I can continue self-funding until my Web site is live. Then, if users like my work, soon I'll have enough revenue from routine efforts running ads that I will have plenty of free cash for organic growth without equity funding. If I get that growth, then I'll have a life style business with, again, plenty of free cash for more organic growth.

About that time, some VCs will learn about my startup and give me a call. They will expect that my company has about five co-founders, each with maxed out personal credit cards, has a business bank account close to $0.00. They will assume that the company and each of the co-founders is just desperate for an equity check on just any terms, say, because each of the co-founders has a pregnant wife. Then the VCs will believe that they can play hard to get, strike a hard bargain, and grab control of my company for next to nothing.

At that time I will check my computer, confirm the name of their VC firm, and let them know the date long before when I sent them a description of my company they ignored. So, I'd inform them that they were too late, that my plane has already left the runway, and no tickets were for sale.

So, now sometimes I write VCs just for fun, so that if my startup does work and they do call me, then I can tell them that I wrote them and they ignored my contact!

To me a biggie point is that apparently the VCs want nothing to do with any business planning, crucial core secret sauce technology, etc. To me, such things are the keys to the big successes the VCs must have toget the investment returns theirLPs have in mind to invest inVCs. Further, such planning, special technology are the keys to themany amazing technology successesof US national security.

Well, again, apparently VCs want towait for traction significant andgrowing rapidly.Maybe that approach will usuallybe okay for VCs:At least apparently the VCs believethat on the way to a big company,a startup will nearly always needsome equity capital.

But for a sole, solo founder with a tiny burn rate andwriting software,the VCs can miss out:That is, by the time theVCs want to invest,the founder will no longerwant or need the investment.

A big example of such a sole, solofounder success was the Canadianromantic match making site Plenty ofFish.

41
graycat 3 days ago 0 replies      
In the last few years, for early stage, information technology venture capital, the situation has been changing radically:

A blunt fact is, that the VCs very much need big wins, commonly, say, 30% ownership in a company with exit value $1+ billion. Moreover, even more seriously, to get their limited partners (LPs) excited, they need some ~30% ownership in another Microsoft, Apple, Cisco, Google, or Facebook. That's just the facts of life. To pass the giggle test, that's the game they are playing, the business they have chosen.

We need to keep in mind, beyond Moore's law and the Internet, the examples Microsoft, Apple, Cisco, Google, or Facebook don't have a lot in common. So, we can't hope to extract much in the way of predictive patterns by just external empirical observations.

So, if VCs or anyone is to find another Microsoft, ..., Facebook, they they will have to look deeper than just patterns from external observation.

Also we should keep in mind, say,

http://www.kauffman.org/newsroom/2012/07/institutional-limit...

and

http://www.avc.com/a_vc/2013/02/venture-capital-returns.html...

on the average venture capital return on investment. One word summary, the average return is poor, not high enough to excite LPs.

Here is a hint at the nature of the radical change: At

http://a16z.com/2014/07/30/the-happy-demise-of-the-10x-engin...

Sam Gerstenzang, "The Happy Demise of the 10X Engineer"

with in part

"This is the new normal: fewer engineers and dollars to ship code to more users than ever before. The potential impact of the lone software engineer is soaring. How long before we have a billion-dollar acquisition offer for a one-engineer startup? "

So, a solo founder building a company worth $1 billion?

Of course, there is half of an example -- the Canadian, Internet based, romantic matchmaking service Plenty of Fish with a solo founder, with two old Dell servers, $10 million a year in revenue, all just from ads from Google. He added people and sold out for $500+ million. So, his ~$500 million is half of the $1 billion A16Z mentioned.

So, what are the causes of the radical changes?

(1) Cheap Hardware.

From any historical comparison, within computing or back to steamships, now computer hardware is cheap, dirt cheap; transistors are cheap; so are compute cycles, floating point operations, main memory sizes, hard disk space, solid state disk space, internal data rates, LAN and Internet data rates, etc. Dirt cheap.

(2) Infrastructure. It used to be that an information technology startup could expectd to have to build or at least wrestle with lots of infrastructure. Now quite broadly, getting the needed infrastructure is much easier and cheaper.

So, nearly any room in the industrialized world with a cable TV connection can be a quite active server farm because the rest of the infrastructure, to a local Internet service provider, a static IP address, a domain name, and plenty of Internet data rate for a quite serious business, is right at hand.

Of course, the big quantum leap ineasy infrastructure is the cloud, from, say, Amazon, Microsoft, etc.

(3) Software. Now software is much easier. There is a lot of open source software, excellent software for quite reasonable prices, etc. And really it's much easier just to write new applications level software. Web pages, graphics, database operations, algorithms, etc., all are much easier.

So, with (1)-(3), a solo founder with a good idea for a startup to be worth $1+ billion can for darned little cash write the software, bring up the idea as a Web site, run ads, get publicity, and, if users come, get good revenue.

It's easy to argue that at current ad rates, a server costing less than $1500, kept busy, could generate monthly revenue $200+ K for investment by the founder of basically just their own time. Such a solo founder with that revenue, then, will just laugh at any suggestion that he should take an equity check, form a Delaware C-corporation, and report to a BoD. Instead he will just form an LLC and remain 100% owner.

Then, the main issue now is the evaluation of the basic idea of the sole founder. Or if the idea is really good and VCs wait until there is traction significant and growing rapidly, then the VCs will be too late. Or, the solo founder wrote the software, has one server from less than $1500 in parts connected to the Internet, has a static IP address and a domain name, has done and is doing some publicity things, and otherwise is running the business each month for not much more than pocket change, for less than a lot of people spend on McDonald's or pizza or Chinese carryout. Literally. So, the founder's startup is just dirt cheap to run. If enough users like the site to keep the server busy, then the founder is getting maybe $200 K a month in revenue, plenty to grow the size of the server farm, and in a few months buy a nice house, for cash, put several nice new cars in the garage, for cash, and spend a hour each afternoon in the nice infinity in-ground pool. Then a VC calls and wants to invest $10 million for 30% of the business and have the founder report to a BoD of a Delaware C-corp. -- we're talking LOL.

Does that situation happen very often yet? Nope. But now it is just such situations that the VCs desperately need in order to get a significant fraction of ownership in $1+ billion exit values.

Or, put very bluntly, the VCs desperately need really exceptional startups. For Microsoft, ..., Facebook, there are no visible patterns. The founders no longer need big bucks for a team of developers, expensive servers, and communications data rate.

Net, for the projects the VCs must have, by the time they want to invest according to their old rules, a solo founder with a good idea has already got plenty of revenue for rapid organic growth and a life style business and won't accept an equity check.

Again, so far there are not a lot of examples of such solo founder startups, but the radical change and the big deal for the VCs is that it is just such startups that stand to be the exits the VCs desperately need. So, for the next Facebook, etc., by the time the VCs call the founder, all they will hear back are laughs, and the VCs will have to push back their chairs, think a little, and realize that they just missed out. The VCs will see that, really, there has been a radical change and they must make some radical changes or just miss out and go out of business.

So, finally we discover that the core idea is what is just crucial because for a good idea a solo founder can do the rest alone for essentially just his own time as the investment. So, to evaluate startups, must evaluate the idea at just the idea stage and just hope that the founder will accept a check.

15
The Million Dollar Homepage as a Decaying Digital Artifact harvard.edu
391 points by sjmurdoch  1 day ago   139 comments top 32
1
_kst_ 21 hours ago 2 replies      
I can still access http://www.milliondollarhomepage.com/

I can't currently access the article at https://lil.law.harvard.edu/blog/2017/07/21/a-million-squand...

[Insert joke about irony here.]

2
schiffern 16 hours ago 0 replies      
>Of the 2,816 links that embedded on the page (accounting for a total of 999,400 pixels), 547 are entirely unreachable at this time. A further 489 redirect to a different domain or to a domain resale portal, leaving 1,780 reachable links

Looking at the million dollar homepage, many of the links were never valid:

http://paid & reserved/

http:// paid and reserved - accent designer clothing/

http://reserved for edna moran/

http://paid & reserved for paul tarquinio/ (1200 pixels)

http://pending order/

These links are all shown in plain red ("link to unreachable or entirely empty pages") in the "visualization of link rot," so it looks like the authors didn't account for invalid URLs.

3
Houshalter 22 hours ago 4 replies      
Gwern has a good summary of the research in this: https://www.gwern.net/Archiving%20URLs

>In a 2003 experiment, Fetterly et al. discovered that about one link out of every 200 disappeared each week from the Internet. McCown et al 2005 discovered that half of the URLs cited in D-Lib Magazine articles were no longer accessible 10 years after publication [the irony!], and other studies have shown link rot in academic literature to be even worse (Spinellis, 2003, Lawrence et al., 2001). Nelson and Allen (2002) examined link rot in digital libraries and found that about 3% of the objects were no longer accessible after one year.Bruce Schneier remarks that one friend experienced 50% linkrot in one of his pages over less than 9 years (not that the situation was any better in 1998), and that his own blog posts link to news articles that go dead in days2; Vitorio checks bookmarks from 1997, finding that hand-checking indicates a total link rot of 91% with only half of the dead available in sources like the Internet Archive; the Internet Archive itself has estimated the average lifespan of a Web page at 100 days. A Science study looked at articles in prestigious journals; they didnt use many Internet links, but when they did, 2 years later ~13% were dead3. The French company Linterweb studied external links on the French Wikipedia before setting up their cache of French external links, and found - back in 2008 - already 5% were dead. (The English Wikipedia has seen a 2010-2011 spike from a few thousand dead links to ~110,000 out of ~17.5m live links.) The dismal studies just go on and on and on (and on). Even in a highly stable, funded, curated environment, link rot happens anyway. For example, about 11% of Arab Spring-related tweets were gone within a year (even though Twitter is - currently - still around).

4
resf 23 hours ago 3 replies      
Decaying in more than one way. The JS files on milliondollarhomepage.com start with:

 /* FILE ARCHIVED ON 5:47:20 Aug 6, 2015 AND RETRIEVED FROM THE INTERNET ARCHIVE ON 20:45:17 Aug 24, 2015. JAVASCRIPT APPENDED BY WAYBACK MACHINE, COPYRIGHT INTERNET ARCHIVE. ALL OTHER CONTENT MAY ALSO BE PROTECTED BY COPYRIGHT (17 U.S.C. SECTION 108(a)(3)). */
I guess someone didn't keep backups?

5
krallja 23 hours ago 4 replies      
The Million Dollar Homepage is not decaying (it is still serving its million dollar purpose) - it is the Web itself that has decayed. The brittleness of URIs is on full display. "Cool URLs don't change," but most of these URLs were never cool: they had to rent coolness from Internet cool kid Alex Tew.
6
glenstein 22 hours ago 2 replies      
The article seems to be suggesting that the Million Dollar Home Page has in some sense failed to fulfill it's promise because many of the links are now dead. I don't follow that logic at all. To me it seems that the MDHP's job was to be an iconic piece of internet history, and they've entirely fulfilled their end of the bargain.
7
sixQuarks 20 hours ago 3 replies      
I actually purchased a $300 spot on this. I did get quite a few clicks, but very low-quality traffic. Mostly, I got lots of offers from copycat sites to join their "billion dollar" homepage or whatnot.

It's crazy how many copycats came out, very unoriginal thinking going on.

8
ChuckMcM 19 hours ago 1 reply      
I think in many ways it is not a 'decaying digital artifact' as it is an excellent representation of the fallacy upon which a lot of the Internet hangs. In the Library of Alexandria you didn't have scrolls disappear because the kingdom where they originated had been crushed under the boot of an invader. But the Internet is no great library, no respository of knowledge, or an oasis of independent thought. The Internet is a conversation in a crowded room with amplified shotgun microphones pointed at all who walk through it.
9
AdmiralAsshat 21 hours ago 0 replies      
I'm not sure why the article considers it "squandered": it did its job as long as the advertisers cared to maintain their links.

It hardly seems fair to blame a billboard being in disrepair if the company it advertised no longer exists.

10
narrator 22 hours ago 0 replies      
I think all the broken links just goes to show that failure in business is the norm or that someone who thought it would be a good idea to promote their company on this service is probably not good at running business.
11
ernsheong 23 hours ago 3 replies      
FWIW, I'm building https://PageDash.com as a private web archive to address the problem of link rot, beginning from a personal level. Launching in late August. Think of it as a private version of perma.cc.
12
brosky117 23 hours ago 15 replies      
I just heard about the "Million Dollar Homepage" for the first time last week. Would this idea (or one like it) work today? Making a million dollars for something so bizarre, fun, and straightforward sounds amazing. Can anyone reference other attempts at similar ideas?
13
aidos 22 hours ago 2 replies      
Would be interesting to know how many people on the million dollar homepage are on HN. I imagine there's a wonderful cross over between the two groups.

Even though its with a business we're not doing now, my business partner and I are on there.

Edit: don't think it deserves a downvote - is it not an interesting question? I bet there are loads of serial entrepreneurs on both

14
tejtm 12 hours ago 0 replies      
As good a time as any to trot out my hobby horsewith suggestions on how to mitigate data rot. Aimed at science, but more broadly applicable.

"Identifiers for the 21st century"https://doi.org/10.1371/journal.pbio.2001414

note/claimer/disclaimer: Although I am included as an author I do not write that well.

15
hellbanner 16 hours ago 0 replies      
A more modern variant, https://catbillboard.wordpress.com/

"Million Dollar Cat Billboard project sells 10 000 squares (places on a billboard) $100 dollars each to make worlds first ever cat billboard and put it up in 10 cities around the globe for a month. To proudly show your cat to the world you need to buy at least one square. But of course you can buy as many of them as you wish as long as they are available."

16
mathattack 7 hours ago 0 replies      
1780/2816 links being reachable is actually much higher than I'd expect over 12 years. I'm not sure if that's what I would have predicted from the outset.
17
rxlim 15 hours ago 2 replies      
I wonder how he got everything to fit as more and more space was sold and if it was a manual process? It must have been like playing Tetris on expert mode.
18
Gargoyle 20 hours ago 0 replies      
Do this with an ICO, with your space verified via smart contract.

It's all in the marketing!

19
cdevs 22 hours ago 2 replies      
My first web page ever is in there. I'm not sure how special of a thing that is I don't know how many icons are involved.

Also I wonder how Word got around to me about things like this in the days of MySpace and yahoo as my internet.

20
5_minutes 5 hours ago 0 replies      
An interview with the creator would've been a nice addition to the story.
21
mavhc 4 hours ago 0 replies      
All the links except twitter on the homepage are broken
22
philip4534 23 hours ago 1 reply      
Xanadu lost.
23
amelius 22 hours ago 0 replies      
This homepage demonstrates what an average city would look like without any regulation.
24
pishpash 21 hours ago 2 replies      
Whatever happened to DOI? (Or leveraging Google's knowledge of redirects?) A lot of rot is hosting changes; the documents, if the author cared, could well be hosted somewhere else.
25
chenster 12 hours ago 0 replies      
I'm just jealous.
26
Nursie 20 hours ago 1 reply      
Oh wow, I remember that.

1 million pixels for only a dollar each!

That guy made a nice bundle off the idea, it got picked up and hyped by the media so much I'm sure the companies that bought in got some ROI, or at least some publicity. Such was the extent of the dot com bubble that this sort of nonsense could happen and everyone cheered...

27
keyboardmonkey 16 hours ago 0 replies      
it was always destined to decay, was always going to be a one-off success. interesting in it's success juxtaposed by its immediate pointlessness.
28
peter303 21 hours ago 2 replies      
I wonder what the "rot factor" is for scientific citations? Some professional societies I am in mandate URLs for bibliographical references. Most of the time these are peer-reviewed articles. But they can be softer references like Wiki reviews, data repositories, etc.
29
johnbowers112 20 hours ago 0 replies      
Here's an archive of the article for those having trouble accessing it:https://perma.cc/A6ZZ-79X6
30
smegel 19 hours ago 0 replies      
It's amazing how well designed the ads within the image are...it's a big jumble but many of them stand out quite strongly with just a single word. I wonder if they designed ads with the surrounding color context taken into account.
31
malthazzar 16 hours ago 0 replies      
the left of the yellow coupons ad in the right middle
32
fatjokes 23 hours ago 2 replies      
I didn't realize you bought the pixels permanently. How did the owner keep up with serving costs?
16
80-year Harvard study has been showing how to live a healthy and happy life harvard.edu
433 points by t23  3 days ago   164 comments top 23
1
rubicon33 3 days ago 21 replies      
What I take from this article is that social interaction is extremely important to ones health, and it's something that we largely taken for granted. In the age of computers and secluded work environments, I think we need to be aware of the effect that even casual interaction has on our mental and physical health. I have some personal/anecdotal experience which back this research up and affirms my belief that communication and interaction with others is vital.

I've been working from home for a number of years. During this time I've on average spoken with and interacted with 1 person every day - my wife.

I occasionally go out, occasionally see family members, but the majority of my day-to-day work is quiet, alone, working at a computer.

- I have been more sick in recent years than ever before in my life. This is even compared to previously living in a major city and taking public transportation.

- I have been experiencing sharp mental decline especially in the last year. Solving complex problems is much more challenging.

- My memory is suffering. Even my wife has begun to notice, I forget little things and have developed an "aloof professor" disposition that wasn't natural to me.

- I now find social interaction more difficult. I'm more akward, and find myself over-thinking previously natural interactions.

- Lastly ... I'm far more depressed. I just don't enjoy much these days. I wake up, work, don't talk to many people.

The TLDR here is that I urge everyone to tend to their social garden. I let mine decay for too long, and I'm paying the price now. I am beginning the process of restoring connections, and getting out more, and I'm already noticing an improved mood.

Oh and I should mention - I'm naturally an introvert so this reclusive lifestyle was all too comfortable for me.

2
fernly 3 days ago 0 replies      
I find this perfectly credible because almost exactly the same conclusions were stated by Putnam in the classic _Bowling Alone_ [1]. A couple of pull-quotes from that,

> Dozens of painstaking studies... have established beyond reasonable doubt that ... [t]he more integrated we are with our community, the less likely we are to experience colds, heart attacks, strokes, cancer, depression and premature death of all sorts...

> ... the positive contributions to health made by social integration and social support rival in strength the detrimental contributions of ... risk factors like ... smoking, obesity, elevated blood pressure, and physical inactivity.

> ...as a rough rule of thumb, if you belong to no groups but decide to join one, you cut your risk of dying over the next year in half.

Putnam was surveying a large number of studies, not just the Harvard one.

[1] Putnam, Robert D, Bowling Alone: The Collapse and Revival of American Community; https://www.amazon.com/Bowling-Alone-Collapse-American-Commu...

3
indescions_2017 3 days ago 4 replies      
I've got a simple hack I employ when in a new city. All through my twenties, I moved basically every year or two. Most of the time I had a network of family or associates to drawn upon before arrival. But often, I'd find myself a complete stranger, knowing not a single soul.

What I'd do is this: find a local diner, not a touristy place, but a real local institution and landmark. And then eat dinner there every single night at the same time. If constrained budget wise, look for the early bird dinner specials. Become a regular. Trade gossip with the wait-staff, complement the cooks on their sublime creations, chat up the little old ladies, engage the workmen about their craft. After a few weeks you'll find yourself invited to birthday parties and have the opportunity to give back your own time and energy, shovelling a driveway or helping out at a food drive.

A summer time variant: farmers markets. They typically have the same vendors every week and will remember you if you purchase a quart of organic honey and ask with genuine interest questions about their practise. Offer to get them started on Facebook / Shopify. Pretty soon, word spreads and you're no longer a stranger in town!

4
glbrew 3 days ago 2 replies      
I don't know the nuances of this study but I am curious about the role of personality. I have lived much of my life with large groups of caring family and friends and I was miserable. I have lived parts of my life as relatively isolated and reclusive and was enormously happy. Have any related studies accounted for personality? 5,10,20% of the population might be the exact opposite?
5
smallgovt 3 days ago 4 replies      
The article seems to argue that healthy relationships CAUSE physical health.

How do you actually prove that the relationship between the two attributes is causal versus correlated?

For example, one could conclude, instead, that being in good physical health is the cause of successful relationships.

6
aschearer 3 days ago 4 replies      
If you like this you may also enjoy "The Village Effect" by Susan Pinker[1]. In the book the author documents various ways in which social connectedness impacts our well being.

As this article and book say "loneliness kills", but what does that mean for those of us who want to live long and healthy lives? Do we need to start scheduling social time alongside gym time? Will a hug a day keep the doctor away? Should we join organized religions or get married strictly for the health benefits?

[1]: https://www.goodreads.com/book/show/22933077-the-village-eff...

7
stewbrew 3 days ago 2 replies      
The sad thing about this is, nothing of this is news. I did some health research in the 1990s and read tons of studies telling you the same things. One of the best predictors for subjective well-being was whether people had 3+ really close friends.

IMHO there is something wrong with this kind of research that rehashes known facts but doesn't really go any deeper than what was already known before. My gratulations to the researchers involved for getting the funding for such a long running study.

8
polpenn 3 days ago 0 replies      
Note that what they reportedly found is a stronger positive correlation between relationships and happiness than between money and fame and happiness (just based on the article):

"Close relationships, more than money or fame, are what keep people happy throughout their lives, the study revealed"

So going after fame and money doesn't necessarily lead you to become unhappy (if we interpret the results as causal). Quality personal relationships just makes you even happier.

Also, I'm curious to what extent cultivating meaningful relationship serves as a coping mechanism for people with little money or social status (alternatively, focusing on making money and acquiring high social status to compensate for poor personal relationship development skills). My impression, based on my observations from people I've met in developing countries, is that low income / social status people tend to have richer and active communities and personal relationships. High status individuals tend to be lonelier. But this could just be confirmation bias.

9
rdudekul 3 days ago 0 replies      
In Summary:

Our relationships and how happy we are in our relationships has a powerful influence on our health.

Close relationships, more than money or fame, are what keep people happy throughout their lives, the study revealed.

Loneliness kills. Its as powerful as smoking or alcoholism.

Good relationships dont just protect our bodies; they protect our brains.

The key to healthy aging is relationships...

10
mcableton 3 days ago 0 replies      
This is a great article. I agree with the comments here that says working at home can really squish your mood. It makes me wonder about social security. I remember some comments here about if they got rid of it, grandma would have to move in. Well, according to this article, that might be the best thing for grandma! I work from home but have been staying with my in laws since we had a baby. It has been great for my mental health.
11
faragon 3 days ago 1 reply      
Bertrand Russell already put most of that in a book in 1930: "The Conquest of Happiness" [1]

[1] Some quotes: https://en.wikiquote.org/wiki/The_Conquest_of_Happiness

12
numbsafari 3 days ago 0 replies      
A suggestion: take up a social hobby.

I taught social dance for a number of years. This is a great avenue for expanding your social interactions, getting healthy, building self awareness... blah blah blah. There's a great Argentine Tango scene in SF, just sayin, folks.

There's also joining a hiking group or a walking group. Great to get out, get active, and get social.

Or engage with an after school program, or mentorship organization.

You have, like, so many options.

13
Lxr 3 days ago 1 reply      
There's no mention of how they sort correlation from causation. Does being physically healthy perhaps also lead to happier relationships?
14
elyrly 3 days ago 0 replies      
Please take the time to actually read the book, this article doesn't do it justice.

https://www.amazon.com/Triumphs-Experience-Harvard-Grant-Stu...

15
Strategizer 2 days ago 0 replies      
Assuming that good relationships imply good aging, I'd like to know how do they work. How much would differ a long relationship from 2 middle relationships to 7 short relationships?

If there's already any study about it, please share it with me, I'd love to read it!

16
danr4 3 days ago 0 replies      
While it does shed a light on the "quest for meaning", this study is not useful as long as we lack the understanding of the role of personality. I think a good analogy is researchers finding that a certain disease kills, but not knowing how do you contract that disease and what you can do to cure it. It might help you identify your situation, but not how to change it.
17
Dowwie 3 days ago 0 replies      
"Taking care of your body is important, but tending to your relationships is a form of self-care too. That, I think, is the revelation.
18
Aron 3 days ago 1 reply      
Let's all have a drink to that! Cheers!
19
zeteo 3 days ago 6 replies      
This reads like someone consciously decided "Hey, let's build the ultimate poster boy for bad statistical studies!".

1. Sample bias: "Why just study WEIRD [1] subjects? Let's do male Harvard graduates!" (Yes, half the study included inner city men, and one eighth of the duration featured women. It's still super heavily biased towards Harvard men.)

2. Correlation is not causation: "Hmm, health is correlated with relationship satisfaction. Could there be a common cause for both? Or maybe people like to hang out with healthier peers? No, the clear conclusion is that working on your relationships magically makes you healthier."

3. Inconsistent data collection: "Those '30s nincompoops were measuring skulls and handwriting. We'll stop doing that and take MRIs instead. But it's still the same study!"

[1] https://schott.blogs.nytimes.com/2010/07/14/weird/

20
LoSboccacc 3 days ago 2 replies      
Don't worry too much this study is bullshit

Step 1 - be an adult white male graduated at the beginning of an unprecedented and unique economic boom

Step 2 - graduate out of the most prominent college of the period

Step 3 - watch your asset grow themselves

Step 4 - enjoy the life without never have to worry about job security, housing, spending power

Yeah no shit sherlock. I guess being upper middle class does wonder to one life. Meanwhile we have to contend with constant worry about our future, our kids future and one misstep in our career path can and will landslide into a life of regrets.

And this study just say 'socialize' and everything else will magically go away.

21
megamindbrian 3 days ago 0 replies      
TLDR: year 0 - 29 - Experience as much trauma, stress, and failure as you possibly can.30+ - Stop giving a fuck about your unaddressed trauma and find a new reason to strive to stay alive.

https://en.wikipedia.org/wiki/Synaptic_pruning

22
gojomo 3 days ago 2 replies      
Step 1: Achieve admission to, and enroll at, Harvard.

Step 2: ?

Step 3: HAPPY LIFE

--

As a male in 1938.

23
thegenius2000 3 days ago 1 reply      
I don't mean to be offensive or inflammatory, but how is this a discovery? Yes, money and success don't buy you happiness; living in a complete community is healthy. How was this not completely obvious?
17
Pev: Postgres Explain Visualizer (2016) tatiyants.com
512 points by insulanian  17 hours ago   42 comments top 18
1
hotdogknight 8 hours ago 3 replies      
I needed a version that ran on the command line so I made one here: https://github.com/simon-engledew/gocmdpev
2
sgt 6 hours ago 0 replies      
This is really great and I think I might start using this. I would also love a standalone version of this that runs outside the browser. Something that can maybe connect directly to my DB.
3
atatiyan 11 hours ago 0 replies      
creator of pev here, thanks for all the kind words!
4
garysieling 15 hours ago 2 replies      
Does this store the plans? I like these things, but I'm always a little leery that this will expose my database schema in Google search results.
5
mistercow 12 hours ago 0 replies      
I use this tool often, and it's great. It's a lot easier to wrap your head around plans when the way it displays them.

The one thing I wish it had is either the ability to not save plans automatically, or at least a button to clear the history. As it is, I just pull up a console from time to time and do localStorage.clear()

6
obiwahn 10 hours ago 0 replies      
Looks awesome! How about adding a direction to your graph for people just starting with SQL.
7
stuaxo 2 hours ago 0 replies      
This is great, should really be a part of pgadmin4.
8
fnord123 15 hours ago 2 replies      
Looks good, but why not dump is as a flame graph?
9
ris 5 hours ago 0 replies      
Something I've wanted from an explain viewer for a long time is simply using the "start time" "end time" information on the nodes to put things in a basic timeline. Most visualisers seem determined to keep the layout as a pimped up version of the tree given to them.
10
sghall 14 hours ago 1 reply      
Cool project. Not a DBA but was interested in playing around with this. Be great to maybe add some example plans here:http://tatiyants.com/pev/#/plans

So if you just want to checkout the interface you can click to load up an example or two.

11
maxvu 13 hours ago 1 reply      
Why, in the example, does the constituent `customerid` join take longer than the forming `orderid` one?
12
beefsack 16 hours ago 2 replies      
I can completely see myself using this on my Postgres projects, but something like this would be most useful for me at work.

How feasible would it be to port this over to MySQL / MariaDB? I know EXPLAIN output on MySQL is much simpler than what you get out of Postgres so my gut feeling would be that it wouldn't be possible.

13
edraferi 15 hours ago 0 replies      
Very cool! Now I want to figure out the Postgres EXPLAIN JSON format and start parsing other DBs to fit, just so I can use this tool on them.
14
dlb_ 14 hours ago 0 replies      
Very nice! I wonder if it would be possible to embed that into pgAdmin? Possibly with Electron?
15
emilsedgh 16 hours ago 0 replies      
Absolutely fantastic! Thank You!
16
isatty 15 hours ago 0 replies      
Thank you, this is very useful!
18
edoceo 16 hours ago 0 replies      
Rad
18
Open Bazaar decentralized Bitcoin marketplace openbazaar.org
390 points by amingilani  1 day ago   241 comments top 32
1
SamPatt 1 day ago 7 replies      
I work on OpenBazaar and I'm happy to answer questions.

This website links to the current version of OpenBazaar, but we're just about to launch a completely new version, which you can read about here:

https://medium.com/openbazaarproject/openbazaar-2-0-p2p-trad...

The 2.0 is built with Go and uses IPFS. It's open source and we welcome any developers into the project:

https://github.com/OpenBazaar/openbazaar-go

2
jasode 1 day ago 3 replies      
Seems to be some confusion...

To clarify OpenBazaar's "No Transaction Fees", it means there are no marketplace platform fees.

To compare with ebay, to sell an item for $500 and charge $20 for shipping ($520):

- eBay fee: ~10% of final bid value + 10% of any shipping charge added on = $52

- PayPal fee: 2.9% of payment = $15.08

The bitcoin network would eliminate the PayPal fees. (The bitcoin fees would still exist but presumably would be lower than 2.9%)

The OpenBazaar platform would eliminate the eBay platform fees.

3
vit05 1 day ago 2 replies      
People are talking about drugs or questioning that it is not exactly for free. But my big question, from the point of view of someone who has owned a small online store, is security for the buyer. In a completely p2p transaction, the biggest difficulty lies in the assurances that the two parties are completely satisfied with the deal. The first purchase is the most important move in any market, paying a premium so that everything goes well is not so bad.
4
Dowwie 1 day ago 1 reply      
Chris

If I understood the docs correctly, openbazaar 1.0 server is written in Python but since it's release the team has worked on V2 in Go.

I'd really appreciate learning the motivation for the migration to Go and think others may as well. Go programs are faster than Python programs but lo and behold is a viable v1 - a server whose performance may have been good enough?

Please, enlighten!

5
mike-cardwell 1 day ago 4 replies      
Installed. Run. First screen: Select your language. English already selected. Hit "Next". Nothing happens. No apparent way of actually selecting a language or proceeding. Uninstalled.
6
avaer 1 day ago 3 replies      
> How are there no fees and restrictions?

_Someone_ is paying the TX fees. Who? It can't be a single party, especially the developers, without betraying the decentralization.

> Pay with 50+ cryptocurrencies on OpenBazaar: Bitcoin, Ethereum, Litecoin, Zcash, Dash, etc. Seller receives payment in Bitcoin

How does this work without a middleman or central party?

7
blairanderson 1 day ago 0 replies      
Shouldn't need to be said, this does not remove fees from BTC/Ether transactions.

The feature is that it does not ADD fees to use the platform.

8
symlinkk 1 day ago 2 replies      
It's not anonymous at all right now. I believe they're working on Tor support for the future however.
9
ycui1986 10 hours ago 0 replies      
Not sure if anyone used Open Bazaar on Hacker News. I tried it and forget to close it. After 24-hours, this program leaked 4GB memory. How could the developer let this happen?
10
bigbass1 1 day ago 0 replies      
Dont know why this is even being discuss just use syscoin with VPN,TOR and ZEC and your sorted and everything is on the blockchain no servers to be traced. This is the setup https://www.reddit.com/r/DarkNetMarkets/comments/5s63o3/guid...
11
Xeoncross 1 day ago 2 replies      
Nothing is free, so here are my brief ideas for funding this:

- Ads

- "premium features" for sellers

- "promoted" sellers

- Fees for those that want to be "Secure Escrow and Dispute Resolution" accounts

12
hellbanner 1 day ago 2 replies      
Hello, I am looking for a decentralized store that lets me:

* Host digital goods (like run a server, or issue an asset ID that can be redeemed on a bittorrent style network for the file download)* Receive payment > register an asset or return a download key to the account of the user who sent it.

I want automated digital good downloading, paying & receiving BTC. (Bitpay, Stripe etc pay in BTC but seller receives $Currency)

13
dang 1 day ago 0 replies      
15
hdhzy 1 day ago 2 replies      
I can't find details on dispute resolution. Are they using multisig escrow transactions like Silk Road?
16
SpeakMouthWords 1 day ago 4 replies      
How does the unit economics work here? To my understanding, BTC (even after SegWit) has non-negligible transaction fees. Is this site just eating into VC money to make things feeless?
17
mkj 1 day ago 0 replies      
Is there currently a plan how the OB company will make money?
18
kepler 1 day ago 1 reply      
Seems interesting but I couldn't get pass the language setup on Mac.
19
phaed 1 day ago 0 replies      
Would like to see a sellers API / webhooks for automation.
20
erlend_sh 1 day ago 0 replies      
What's the business model for openbazaar.org, i.e. the core team? How are you going to sustain development?
21
headmelted 1 day ago 0 replies      
Aaaannnnndddd..... Silk Road has re-launched.

I actually think technologically this looks like quite the achievement, but it's hard for me to see this being used at all for legal commerce. It's just so much of an audience barrier to trade exclusively in cryptocurrencies.

I like the use of Multisig though. Nice touch.

22
omarchowdhury 1 day ago 1 reply      
In the crypto-darknet community, the word is that this is where the drug trade is going to move to after the recent busts of the past weeks.
23
strictlyCrypto 1 day ago 0 replies      
Is there a business model? Compensation for continued development?
24
optimalsolver 1 day ago 2 replies      
What's the point if it doesn't support Tor or some other anonymizing service?
25
HirojaShibe 1 day ago 0 replies      
I cannot wait for 2.0 it has been a longtime coming.
26
acover 1 day ago 2 replies      
How does this work? Where is the store list stored?
27
davidgerard 1 day ago 1 reply      
Does this version still require the vendor to keep their PC online 24/7?
28
bobsgame 1 day ago 1 reply      
It's just like Napster->Kazaa->Gnutella all over again! In 10 years there will be iTunes.
29
ultim8k 1 day ago 0 replies      
This is huge!
30
dghughes 1 day ago 0 replies      
Ah the good ole days when I had $5 in my wallet and paid by taking the $5 note out and handing it to the cashier.
31
matthewbauer 1 day ago 6 replies      
Am I the only one here that gets a little terrified by this kind of thing? I mean I'm fine if they're just selling recreational drugs. But, we all know that there are much worse things people will be selling on these crypto markets than just plain old LSD and marijuana. Can we find a way to help law enforcement police at the very least the really, really bad stuff?
32
notindexed 1 day ago 1 reply      
Don't wanna be the partypooper but Blockmarket wins the dex marketplace niche ;-)

http://syscoin.org/

19
Show HN: $200 Solar Self-Sufficiency Without Your Landlord Noticing medium.com
465 points by nikodunk  2 days ago   179 comments top 38
1
grecy 2 days ago 4 replies      
I built a very similar system into my Jeep-house.

I have two 100W panels on the pop-top roof, a charge controller and a dedicated solar battery (isolated from the engine-starting battery) that runs my fridge, water pump, UV treatment lamp, interior lights, air compressor and charges all my electronics (laptop, kindle, cameras, etc.) directly from 12V DC.

I can leave the Jeep parked without running the engine for days and easily have enough energy to meet my needs.

The system has been amazing, and it's fantastic to be electricity self-sufficient in remote West Africa, where grid power is often non-existent

More details and photos here: http://theroadchoseme.com/jeep-build-complete

2
galdosdi 2 days ago 8 replies      
Cool! The one thing I notice the author gets wrong is (out of modesty perhaps) claiming the system isn't very financially successful. But it actually is!

> 200W system payback period: $300 / $48 = 6.5 years until payback

> Either way you cut it, this is not a money saving machine. Energy prices are just too low.

That represents like a 16% rate of return with little risk, which any investor would take in a second.

However, the $66 battery expires after about 8 years, you're saving more like $40, not $48, to amortize the cost of replacing the battery every 8 years. So the actual rate of return is more like 13%, which is still very attractive. You'll never find any investment/savings product that returns half that well at such a low risk and is so accessible to anyone with $300.

We've hit the point where solar is very economical! It's exciting!

3
diafygi 2 days ago 2 replies      
I work in solar, and your panel really, really, REALLY needs to be secured from wind. Luckily, they make ballast mounts that don't require screwing into the roof[1][2].

[1]: http://www.orionsolarracking.com/commercial-roof-mount/balla...[2]: https://www.civicsolar.com/products/racking-mounting/applica...

4
ChuckMcM 2 days ago 3 replies      
Fun stuff. I've built several systems just like this one for camping, they let you keep things like iPads or laptops charged and they aren't noisy like running a generator.

Something that my wife discovered was that an igloo "lunchmate" cooler was perfect to hold the battery and charge controller. Makes it easy to carry. I recommend using Anderson Powerpole connectors (https://powerwerx.com/anderson-power-powerpole-sb-connectors) to make it easy to set up and tear down. I typically use one pair of colors for the connections to the battery, and another pair of colors for the panel to charge controller.

5
pilom 2 days ago 2 replies      
> Unless you live on an RV or a boat it doesnt make financial sense yet

If you're curious about what a system for an RV does look like, I work remotely full time in an RV and built my own system: https://therecklesschoice.com/2016/04/29/diy-rv-solar/

6.5 times the solar, 15 times the storage, 20 times the inverter (but mine is overkill for us honestly).

6
sitkack 2 days ago 2 replies      
Please bolt the panel down, if wind picks it up and blows it off the roof it could easily kill someone.
7
mdb333 2 days ago 2 replies      
A couple nice things about SF on this topic:

1. Davis Stirling (Housing related laws) mandates that building associations cannot prohibit owners from installing solar panels. Basically, they have to work with you to find a way and can't just say no.

2. As of this year, SF is the first city to require that all new buildings (10 stories or less) have solar installed.

8
Cerium 2 days ago 1 reply      
The last place I worked we did this (though with some permission). One of the guys made friends with some people at a thin film solar plant down the street. He got a bundle of manufacturing rejects (300w panels that only made 280) for free. We strung them up on the roof and were raking in the kWh. Enough to charge 3 electric vehicles without paying the power company.
9
reaperducer 2 days ago 1 reply      
Will the landlord notice? Maybe not. Will the wife notice all the wires all over the place? You bet!
10
adrianmonk 2 days ago 2 replies      
> Renters dont need permission from their landlords to place things on their windowsill and rooftops if its not altering the building

This has never been the case in any apartment community I've lived in, ever. Every time I've looked into anything like this, the lease says I have to follow community rules, and those rules include stuff like pool hours and parking but also say I can't put foil in my windows, have a window AC unit, etc.

I'm sure there are some landlords who won't notice or won't care if you do this, but it's just not true in general that renters only need permission for things that alter the building.

11
gopikori 2 days ago 0 replies      
I have a similar setup at my apartment in India. It is functional since more than two years now. Its total 140Watt panels, popping out of my bedroom window [Photo: https://photos.app.goo.gl/S4WR5gbrGu0z8IQB2]. It has a 12V battery and 10A solar charge controller. It produces good enough energy to power my room. I hate inverters, all my lights/fans in room are based on DC 12V. I use car chargers to charge mobile phones and to run a LED wall clock.
12
luxpir 2 days ago 0 replies      
He mentions fridge/freezer - I'll just draw attention to this project[0] where the smart guy uses a chest freezer as a fridge with an external thermostat. It has better insulation and design (cool air stays in when open), so ends up much more efficient and can be run on minimal power. Just 90 seconds of run time per hour.

There are other ways to do this in mobile setups, or with inverters in any setup, using mini-freezers, simple electronics to turn the inverter on/off and a small panel. See /r/vandwellers[1].

[0] - https://www.treehugger.com/kitchen-design/man-retrofits-free...

[1] - https://www.reddit.com/r/vandwellers/search?q=freezer&restri...

13
Xeroday 2 days ago 1 reply      
Quite a side note: If you're renting in SF, your landlord needs to provide you with heating (http://sfrb.org/topic-no-257-minimum-heat-requirements)
14
maxmax 2 days ago 3 replies      
For heating, you could bring in a small refrigerator rather than a resistive load. Get something besides heat for your power.
15
cjonas 2 days ago 2 replies      
Obvious Problems:

1: You're not using a pure sine wave inverter so right off the back you are losing significant efficiency (Most the things you're charging use DC power anyways so it would be better to just get a nice DC charger).

2: If you are discharging your battery past 50%, you're going to significant reduce it's life span.

16
WheelsAtLarge 2 days ago 1 reply      
Nice hack. Can it power a fan for a night? That might save you some money in cooling, which would help with payback.

I won't be using it for my apartment but it has great potential for an off the grid light power use workshop. Good job, thanks for showing.

Just a note, the biggest expense these days in solar power installations, home, is the manpower and incidentals needed to install it. Reduce that and solar power replacement begins to look good. As we saw here, where there were no installation costs.

17
olegkikin 2 days ago 1 reply      
It better be attached well. If there's a windy day, and that thing flies off and kills someone, you will not only be liable, you will have to live for the rest of your life with it.
18
jaclaz 2 days ago 1 reply      
JFYI, the back of the envelope calculation is about energy "created", this assumes that you actually consume it, i.e. that on average you would use that energy (while it is within the battery capacity range), if you leave for - say - 1 month, it is 1/12 less.
19
SwellJoe 2 days ago 1 reply      
I've been using rooftop solar for many years; I live in an RV (for a total of about 7 years, spread across two different RVs, both with solar on the roof). I currently have a 400W system. It makes extremely good economic sense in my case, because it enables me to live comfortably off-grid for weeks or months at a time; which can save hundreds of dollars a month in RV park fees, when I'm traveling.

But, the talk of powering water heater, heating, AC, etc. from a little DIY solar system is extremely optimistic. I've done the math, and I couldn't run my AC from the number of solar panels that I could fit on my roof. I can fit 900 watts worth, an additional couple hundred watts on the truck, if I really wanted to get extreme and was willing to connect/disconnect them every time I drove the truck away from the RV. That's just not enough. It could power a small window unit as long as the sun is up, but overnights would kill a small battery bank dead (like dead dead, not just discharged, as repeatedly discharging below about 50% reduces the life of lead acid batteries by a huge amount) in short order.

With a big enough inverter and a bigger battery bank, you can run microwave or toaster oven for short periods of time (I do). But any big amperage device that runs for extended periods of time (like heating, AC, and water heater) is not in the cards for small solar systems.

Battery replacement also needs to be taken into account. In my experience, you get about 3 good years, and another year of limping along, from this kind of workload on this kind of battery. He's being more kind to his batteries than I am to my batteries (I usually end up running down to about 60% each day when off grid), so he might get another good year. But they probably won't even be limping along after five years.

But, the good news is that solar panels are extremely durable. They're often warrantied for 25+ years! And, the expected output after that length of time is still pretty good. So, if batteries get better, our systems today will get better just by replacing one component, because everything else is gonna keep working forever (well, cheap charge controllers die sometimes, but the panels are practically forever parts).

20
bvanderveen 2 days ago 1 reply      
Can't imagine why OP has an inverter in the stack when everything connected to it is DC.
21
agumonkey 2 days ago 0 replies      
I've been chatting a bit about thermal building design. This article reminds me that for most entertainment or work, we don't need much energy.

Cost comes from AC, heater, fridges. Other household appliances too but these are transient.

But with carefully dimensionned walls, you can slow the heat spread enough to avoid AC most of the time.

Surely we could keep our energy needs low if we wanted to.

22
anderspitman 2 days ago 0 replies      
I'm hoping to build a similar system in the next year or two. Biggest difference is I plan on building battery banks out of lithium-based 18650 cells. You can salvage them from old laptop batteries, even dead ones (one bad cell can bring the whole battery down, even if the other cells are fine). 18650s are also used in Tesla's car batteries [0] and Powerwall. They literally just cram thousands of them in there. There are some youtubers who have done tons of stuff with them [1][2].

[0] https://youtu.be/NpSrHZnCi-A

[1] https://www.youtube.com/user/jehugarcia

[2] https://www.youtube.com/user/nocrf50here

23
URSpider94 2 days ago 1 reply      
Have you talked to your landlord about adding solar panels to the roof? He/she could install them and connect them to your apartment's service, which means you would get the power and the savings -- though you might reasonably expect some of the savings to go towards higher rents in the future. With the tax advantages, it's almost a no-brainer.

It's even possible to apportion power between multiple units with PG&E in California. They even allow "neighborhood solar", where you can benefit from a larger system installed elsewhere, like over a parking lot.

I would also +1 the other comments about thinking really hard about whether your system is safe in the event of high winds. Solar panels are basically large sails, you'd be surprised what a 50 or 60 mph wind gust (likely to happen once or twice a year) can do. If you plan on doing this, check your lease - many landlords forbid putting things on the roof or hanging outside windows, or running wires on the exterior of the building.

24
winter_blue 2 days ago 1 reply      
I wonder if you can mount this over a roof rack for a plug-in hybrid car like he Chevy Volt/Bolt. It'd be an amazing way to charge your car.

Although, 200 W might be a bit too low for the Chevy Volt. It draws circa 100 W when charged via the slow charger that you plug in to an outlet.

25
gwbas1c 2 days ago 1 reply      
These already exist as self-contained kits: https://www.amazon.com/dp/B00GV3XRDW/ref=asc_df_B00D5RVMAM50...

What I think would be interesting is to use a relay to fall back to grid power once the battery dies.

26
wfunction 2 days ago 0 replies      
This is awesome. The one question on my mind is: is there really no barrier to doing this, like regulation of some kind? I would imagine there's an added fire risk with that kind of battery at home?
27
ruffrey 2 days ago 2 replies      
How safe is it to keep that battery indoors? Don't batteries need some ventilation?
28
SingletonIface 2 days ago 1 reply      
> I wish I could run a water heater, heating or fridge off this system to use the excess 270Wh of the daily energy production.

Or better yet, be able to sell the excess power. In the future power grid this will be possible.

29
sand500 2 days ago 1 reply      
If we are talking about being green, what is the carbon footprint of manufacturing all those things vs the equivilent carbon to geberate thr electricity the solar panels provide?
30
mrbill 2 days ago 0 replies      
After Hurricane Ike (and 8 days without power) I built almost this exact setup to power my CPAP machine in case of another long-term power outage.
31
lubujackson 2 days ago 1 reply      
Cool. One caveat in SF (and elsewhere, I'm sure): since I work from home my electricity usage is way higher than the PG&E norm (which itself seems aspirationally low). Of course, PG&E uses this to charge me huge "overage" charges so using a solar panel to offset some of those charges might actually make this economically viable.
32
scotty79 2 days ago 0 replies      
You could save some energy by driving Led lights directly from the 12V battery. Not through an inverter.

Doeasn't matter in this case though since one of the things he's running is electric heater. When you are usin lights you are just getting bit more heating comming from inverter.

33
snowwindwaves 2 days ago 1 reply      
I find the title kind of click baity, "$200 solar self sufficiency for my bedroom" would be more accurate
34
msangi 2 days ago 1 reply      
Does the panel produce the same amount of energy every season?I know that in most of Europe the production during summer months is way higher than during winter and that needs to be taken into account
35
kogepathic 2 days ago 1 reply      
The author's calculations for the capacity of the battery are very wrong and the battery will not last many years the way he's using it.

Deep cycle lead-acid batteries should not be discharged below 50% (known as Depth of Discharge, or DoD) unless you really want to kill them quickly. The author's calculations assume he can drain the battery 100% (35Ah), which while technically correct, will kill his battery very quickly.

Unfortunately the manufacturer doesn't provide any data on the capacity over discharge cycles at different DoD's [0], but I can guarantee the author will significantly shorten the battery's lifespan by discharging it so deeply.

If you want some idea of the effect of DoD on battery health, Hoppecke have a very good chart in their datasheet on page 43. [1] At 50% DoD, the battery will last for approximately 3000 cycles, or 8 years. At 90% DoD, the battery will only last for 1500 cycles or 4 years.

If you want to go for 100% DoD in solar, you're looking at Redox flow or Lithium battery technologies, both of which are more expensive than Lead-Acid.

There are other problems with this setup as well. At $17, the charge controller is very unlikely to support an equalization charge mode, which is required to periodically balance the cells within the battery to ensure a long lifespan. The author would be better off skipping AC entirely and charging their MacBook/iPad from a car charger which operates on 12V. DC lights can also be purchased quite inexpensively. The AC inverter is likely putting out something closer to a square wave than a sine wave, and the low voltage cut-off is far too low to avoid damaging the battery.

This is really a case of "you get what you pay for" and for such cheap components, the system will not perform well or last for very long.

If this sounds really negative, I'm sorry. I want more people to become energy independent, but if you follow the author's example, you're going to have a very bad time. If you are seriously interested in going off grid, you should invest in quality components like Victron, Outback, Studer, Hoppecke, etc. Something like the Victron EcoMulti would be a good choice for someone who wants an easy to use system that's been designed for longevity. [2]

[0] http://www.expertpower.us/exp12350

[1] https://www.hoppecke.com/fileadmin/Redakteur/Hoppecke-Main/P...

[2] https://www.victronenergy.com/solar-pv-inverters/ecomulti

36
agumonkey 1 day ago 0 replies      
How hard would it be to add regenerative braking to that ? if not already installed.
37
arcaster 2 days ago 0 replies      
Why not build a small super-capacitor or lithium ion bank that you'd charge at work?

Also, unless you have perfect weather (I.e. the Bay Area) and require no energy for HVAC this system is almost useless.

38
mchannon 2 days ago 8 replies      
Far more cost-effective would have been to skip the battery and just put a cheap chinese pure-sine-wave grid-tie inverter to bridge between the wall outlet and the panel.

It's simple- it has a 110V line cord and plugs into the outlet, sending current the opposite way of normal. Do a search on your favorite e-commerce site for "grid tie inverter" and you'll see what I mean.

These cheap inverters have most of the same safeties as the UL 1703 certified variety, and as long as you don't exceed current ratings (not likely with a little 200W panel) you're able to apply the power to your electric bill, without futzing with a lead-acid battery.

20
Pass: A standard Unix password manager passwordstore.org
401 points by jaybosamiya  3 days ago   199 comments top 31
1
jbg_ 3 days ago 3 replies      
I've used this for a long time, and along with its Git integration (pushing/pulling to/from a repository on my own server, accessed over SSH) and a GPG key stored on a Yubikey Neo, I've got basically seamless sync between two laptops, a desktop and an Android phone, without using any third-party service.

The "Password Store" app on Android is compatible with `pass` and supports Git and NFC for using the Yubikey Neo to decrypt the passwords.

2
guillaume20100 2 days ago 6 replies      
I recommend using Pass or Keepass, because we can see the source code. But like all these password managers, you need to synchronize your password vault.

If you do not want to synchronize your vault among all your devices, but still want to have a unique password per site, try LessPass[1]. LessPass is a stateless open source password manager.

Disclaimer I am the creator of LessPass

[1] https://lesspass.com/

3
allerhellsten 3 days ago 1 reply      
Pass is pretty awesome, but nowadays I've switched to gopass: https://github.com/justwatchcom/gopass - much better support for teams, structured secrets, binary secrets and quite a few other improvements. Oh, and it's (mostly) drop-in compatible.
4
dsacco 3 days ago 2 replies      
Note that pass was developed (and is maintained) by Jason Donenfeld (zx2c4), the same person who developed Wireguard, the new VPN protocol.

Not that my opinion is worth a whole lot, but this is the password manager I would choose to use if I wasn't using 1Password. Where many other password managers use convoluted constructions with (e.g.) AES and PBKDF2, this is very straightforward GPG.

5
mrhigat4 3 days ago 3 replies      
I use pass and love it. It provides a lot of flexibility. To fix the "website metadata is leaked in filenames" issue, I use another project by Jason, ctmg[0]. I changed the pass directory to be one directory deeper, encrypted it and just do `ctmg open` when I boot to open my password list (similar to unlocking a keypassX store) then use pass as normal. On shutdown, the opened folder is re-encrypted automatically. You could also set a ctmg close on a timer if you don't want the list to be available during your entire session after open.

Other things I do:

* store all the files as .toml files so I can rip specific keys with a custom script.

* Have a directory for web so `pass web` will give me all websites. Have a script to fill username pass for each.

* Have a directory for contacts. Then wrote a script to generate vCard files by crawling and pulling keys, base64 profile images and all.

* use syncthing to keep all devices up to date.

It's pretty slick workflow IMHO

[0] https://git.zx2c4.com/ctmg/about/

6
alex_duf 3 days ago 4 replies      
I don't like the fact someone with access to my hard-drive can figure out all the services I'm using just by looking at the filenames.

It's convenient yes, but I prefer one encrypted file that contains it all.

7
planetjones 3 days ago 2 replies      
With all the discussion about 1password and its decision to "more or less" move to the web and a subscription based model, I had a TODO to look at what the open source community had; especially regarding browser plug-ins, mobile apps, etc. I don't understand why a simple problem like password management, needs a subscription and a private company to create software for the problem.

This post seems to have saved me the trouble of Googling myself. I am installing on the Mac and iOS as we speak.

8
tombert 3 days ago 3 replies      
I love Pass, but the problem I've had is that I always feel like I have to spend a bunch of time setting it up when I'm on Windows.

I understand it's the standard UNIX password manager, so I suppose I don't have a ton of room to complain, and most of my computers are Mac or Linux, so it's not a huge deal, but I think it increases the barrier of entry a ton of people.

That said, I think Pass is awesome, and having my passwords stored in Github makes me really happy.

9
JetSpiegel 3 days ago 3 replies      
Using this and something like rofi-pass:

https://github.com/carnager/rofi-pass/

Gets me really close to the holy grail of password managers. Browser integration is possible too with PassFF:

https://github.com/passff/passff

10
fwx 3 days ago 3 replies      
How does this compare to other popular solutions? Specifically, KeepassX / Keepass2 which are the most common solutions I've seen most Unix / Linux users employ. Can we objectively state which one is a better solution?
11
Aissen 3 days ago 1 reply      
I've been using password managers for while now, but I've recently discovered pass-rotate: https://github.com/SirCmpwn/pass-rotate

It's basically a rotation manager ! Very powerful and lets you properly change your passwords regularly on many websites (like the proprietary Dashlane Password Changer or Lastpass' similar feature).

12
adtac 3 days ago 3 replies      
Isn't copying the password to clipboard a vulnerability?

I think a better idea would be to fill in the password through something like xdotool

13
wallunit 2 days ago 1 reply      
I wrote a similar password manager (without knowing that pass already exists): https://github.com/snoack/mypass

But I ended up storing everything into one single encrypted file, rather than having one file per password. Though I see the point about the UNIX philosophy (i.e. "everything is a file"), but that way you'd leak information, i.e. what the passwords stored are for.

Anyway, I'd appreciate any feedback on mypass.

14
rkeene2 3 days ago 0 replies      
Related: hunter2[0], a password manager which uses a smartcard to manage the keys for each password, and supports multiple users.

[0] https://chiselapp.com/user/rkeene/repository/hunter2/

15
zabil 2 days ago 1 reply      
I started with pass and switched to gopass because it automatically pushes new passwords to your remote git repository.

I use a fish script to hook it up to https://github.com/junegunn/fzf for easy search and copying to the clipboard. https://github.com/zabil/thanksforallthefish/blob/6145e98691...

16
ben0x539 2 days ago 0 replies      
I've seen pass mentioned like a million times but I didn't realize there were so many third party extensions for it, the comments here are pretty helpful. Thanks for the submission!
17
nickjj 3 days ago 1 reply      
I've been using pass for a long time now. I have over 200 passwords stored.

I like it because you can use it to store sensitive info along with metadata, not just single field passwords. It's also super easy to access the info on the command line with ways to auto-copy passwords to your clipboard (which expires after 45 seconds).

I did a write up on it a while back at https://nickjanetakis.com/blog/managing-your-passwords-on-th....

18
alexnewman 2 days ago 3 replies      
I use pass on all my devices. IOS, chromebook and cli. I freaking love it! passforios is still on testflight but so good. Only a few issues with passforios:

- It forgets my github password everytime i upgrade- I honestly don't like the fact that I can't turn off the pin. 4 digits with unlimited retries.- It can't merge sometimes. I think they should be more aggressive about git rebase

19
Accacin 2 days ago 0 replies      
I'm currently a Lastpass user. I know, trusting them to store my passwords is probably not a great idea but it works on Windows, macOS and Linux and my iPhone with no problems at all.

Would I like to move to something that isn't stored online? Yes, of course but I haven't found a decent solution that works everywhere.

Any recommendations?

20
darrmit 3 days ago 1 reply      
I think pass is awesome if you have the workflow that supports it, but for the vast majority (myself included) it's entirely too difficult to setup and maintain. Particularly if you're using Windows regularly.
21
lower 3 days ago 0 replies      
I've been using this for a while and am very happy. Especially the ability to use a private git repository for synchronization of laptop and desktop makes this convenient.
22
tobias2014 2 days ago 1 reply      
If you're using XMonad, you definitely want to use the pass addon in the xmonad-contrib package: https://hackage.haskell.org/package/xmonad-contrib-0.13/docs...

I would claim that there isn't a more convenient password management solution than this.

23
tuxninja 2 days ago 0 replies      
If anyone needs a quick tutorial on pass I wrote about some it's features a while back http://tuxlabs.com/?p=450
24
leighflix 2 days ago 2 replies      
Alright guys, I tried using this as I was curious, and miserably failed.

Found out I needed GPG, and some encryption key or ID and whatnot. I have no clue what these things are and would like to know.

How can I learn about this encryption stuff like keys and RAS and whatnot? (Books n Articles)

25
qrv3w 2 days ago 0 replies      
For those interested, I've been working on something similar but for journal entries instead of passwords. [1]

[1]: https://github.com/schollz/gojot

26
amelius 3 days ago 5 replies      
Anybody else here simply hashing their master password with the domain name of the website?

I think this is something the browser should offer by default.

27
homakov 2 days ago 0 replies      
Did anyone here NOT write their own pw manager?
28
molsson 2 days ago 0 replies      
Implemented as 700 lines of shell script?! Why?
29
leshow 3 days ago 0 replies      
I've used pass for years, it's great.
30
thesmallestcat 3 days ago 2 replies      
No, no it's not.
31
hasenj 3 days ago 2 replies      
If it becomes standard, people would use it without a master password, and then stealing passwords via malicious scripts will become very easy.
21
Why Good People Leave Large Tech Companies thinkgrowth.org
399 points by scdoshi  2 days ago   241 comments top 29
1
RealityNow 2 days ago 13 replies      
This post rings eerily true. Recently had a company all-hands where the CEO said basically the exact same lines. The whole "if you don't love working here, then you should leave" bit made me cringe. Easy for you to say when you've got a significant equity share in the company.

The saddest realization I've had working at companies is how power-hungry people are, how little respect the people in power often have for those "below" them, and how important politics is even in a field like engineering that you'd expect to be meritocratic. Sweeping decisions are often made in a small room of a few "higher-ups" without any input or regard for those "below" them. Providing counter-arguments that question the decisions of the executive caste is often seen as a threat (how dare you question your leader?). The shy and humble rockstar coder who kicks ass gets little recognition while the smooth-talking sycophant gets accolades and climbs the ladder.

Corporations are authoritarian tyrannies with strict hierarchies. America was founded on the principles of democracy, but we tolerate tyranny in our workplace. The only way to change this is to remove the asymmetric dependency of the employee on the employer (eg. UBI).

2
andrewstuart 2 days ago 1 reply      
This is why its always possible to hire great developers - because some companies and hiring managers think that people should be not just great developers, but willing to jump through ridiculous hoops to work there.

If you want to hire people, drop the attitude of "we don't want people who aren't willing to prove how much they want to work here". Instead, give them every reason to want to work for you.

3
maxxxxx 2 days ago 3 replies      
"But the CEO never noticed that the payoff had ended for the other 95% of his company."

It seems a lot of C*Os forget this after a while. For a lot of rank and file employees the stock price makes no difference.

4
AVTizzle 2 days ago 3 replies      
>> "I was visiting with an ex-student whos now the CFO of a large public tech company."

>> "(By coincidence, the CEO was an intern at one of my startups more than two decades ago.)"

Admittedly, this isn't adding to the discussion at hand. Just one amateur writer picking apart another's writing style, but...

Is it just me, or do those lines serve no purpose except to boost the author's own ego and sense of self-importance?

I feel like they don't serve the reader in taking away the lesson in the least. They really strike me as an attempt to remind the reader of the writer's own value and importance.

Maybe I'm being too cynical...

5
drawkbox 2 days ago 1 reply      
Just another revolution of the wheel of the infamous "How Software Companies Die"[1] which has this balancing note: "The environment that nurtures creative programmers kills management and marketing types - and vice versa."

When a product innovation company turns to medium size, the process comes in with the executives and soon after innovation dies, but the product market value is realized and efficient. The problem comes if the leadership isn't repeating the cycle.

A company can thrive if they stay innovative and invest in new products always though, most of those companies are engineer led because it leads to happy development/value-creation: Amazon, Google, Microsoft (except for the Ballmer era), Valve/Epic in the gaming industry etc.

[1] http://www.cs.cmu.edu/~chuck/jokepg/joke_19970213_01.txt

6
mrbill 2 days ago 2 replies      
When I worked for a large multinational energy services firm, one of the bosses I had (they changed every 2-3 years) was a huge bully. One of those "great coworker, bad manager" types. My wife had passed away, and as a result, my performance had dropped.

One of his lines (verbal in person, not on paper) was "If you don't want to work here, there are plenty of people that do."

He was the only boss I've ever had that made me consider leaving a job I'd had for 7+ years (at the time) simply because of who my manager was. Needless to say, about a year later when he called a meeting to announce that he was leaving for a competitor, my back popped as my shoulders un-tensed.

7
dba7dba 2 days ago 0 replies      
My buddy told me a story of what he saw at his company. It was an interaction between a CFO and a new lead developer at a small tech/startup company that actually had been around quite a while.

It went something like this.

Dev: Can we get 2 21" monitors for developers?

CFO: Why? Laptop LCD and that old 19" monitor seem to work together just fine.

Dev: Yeah, but we can be more productive if each dev can get 2 x 21 inch monitors.

CFO: Uhh, no. I get more year end bonus for every dollar I save for the company. So maybe we will revisit this later?

8
supergeek133 2 days ago 3 replies      
Ugh. So much this. Story time.

Doing work with a 3rd party firm on some simple dev work (integration into a few partner APIs). We're a big Azure customer, 3rd party knows this. Gives us ARM templates for resources needed to deploy.

Get on the phone with the IT folks internally, state we need these ARM templates deployed and monitored. Queue two week (plus) process, 100 questions, and department to department costs (all of it is outsourced) which are quite outrageous.

The costs are so high that they probably wash any revenue/profit from the partnership.

You know what? I have access to one of our Azure subscriptions. I'll just do it myself guys, to hell with the consequences.

Usually this results in noise later, but screw it, I made us money now versus incurring additional cost and made some money later.

9
krylon 2 days ago 0 replies      
My first job after my training was at a really small company, about 10 employees plus the CEO/owner. And he was just like that CFO, too. The size of the company does not necessarily make a difference.

Still, having done my training at a slightly Dilbert-esque multinational corporation, I made a point of working for small-ish companies since.

Of course, small-ish companies bring their own share of problems, but all in all, I prefer that smaller companies tend to be less bureaucratic.

And I like the personal touch - at one company (~15 people), the CEO/co-owner walked up to each employee every morning and greeted them, shaking their hand. He was in some aspects a fairly difficult boss, but that little gesture made up for most of the difficulty.

The problem with a company treating employees like they were arbitrarily replaceable is that employees will treat the company the same way. If a company wants employees to identify with the company, to want to work at that specific company, it has to do better than that.

10
mnm1 2 days ago 2 replies      
This attitude of "you really have to want to work here or you ought to leave" justifies a lot of insanity. I've heard it from companies who make potential employees jump through ridiculous hoops to even get a chance at a job. Here's reality for people who suffer from this delusion: most people don't give a fuck and are just looking for a job. They're applying to dozens or hundreds of jobs (yes, even in software), and expecting them to know everything there is to know about your company just to apply (like providing a detailed cover letter) is downright insane. This is how companies with such an attitude problem attract "yes-people," suckups and other undesirables and miss out on real talent that isn't going to stand on its head just to get a chance at an interview. Likewise, as the article points out, this toxic attitude is just as bad at retaining employees as it is at getting them in the first place. What I'd like to see is the second part of this story. How these people then hired another 50 software engineers with actual talent in the bay area. Most companies I speak to have trouble finding one or two, let alone 50. And all because of an incredibly naive and stupid attitude of the company's execs. This is indeed a case where the founders should have been replaced with proper executives, though I'm not sure 'proper' executives would have made a better decision.

As an aside, one shortcut to weeding out shitty companies is to simply filter out companies that say shit like, "we are on a mission to change the world." That's a guaranteed bad time.

11
ck425 2 days ago 1 reply      
The company I work for at the moment has two values/myths that have worked really well at preventing situations like this. Early on, just before I joined at around the 150 person stage, the employees self organized values. One of these was Daytime is Precious. Interestingly it was applied equally to the idea of don't waste time (meetings etc) and to the idea that everyone has a life outside of work. The second was the idea that teams are anonymous, and decide themselves what they work on.

In reality these are ignored at times when required. But they're so embedded in company culture that you need a pretty good reason to do so and more importantly most employees are comfortable challenging management when they do.

I'm not sure how to replicate this but letting employees set the company values once you get to a certain size is likely a good call.

12
erikb 2 days ago 0 replies      
I'm surprised that Steve is working for such a long time in the start-up industry and seemingly hasn't caught on that the in-company politics won't evolve, because the meta-company politics of the start-up world are already efficient.

If you don't consider jobs and companies as something that should live longer than you, it's totally fine as it is. Switching jobs is not a big deal, if you have lots of new options and get paid well. When small start-ups get the next innovation loop better than the current set of big companies it's fine, because people still make money, just a set of different people.

People who want to make money by working, still make money. People who want to make money by investing, still make money. New innovation really happens, no matter if the current people on top get it or not.

13
quotemstr 2 days ago 9 replies      
The most important lesson for people in power in big tech companies: FORMAL PROCESS IS THE ENEMY. Don't let the accumulation of gatekeepers and approvers and other capital-P Process let things become 100x harder than they need to be.

Do not confuse difficulty with prudence. Your organization will become slow and ossified by default unless you take specific steps to maintain flexibility. One of these steps is to install a culture of change. Things that are easily undone should not require approval to be done in the first place.

Do not allow long-timers in your organization use "caution" or "good engineering practice" as an excuse to slow everyone else down. Emphasize that the most important part of software development is moving fast. Let new people try new things. Minimize the number of people who can say "no".

Most of all, do not just _believe_ people who talk about best practices and software "quality" and stuff like that. Most of the time, they're just finding fancy-sounding ways of saying "nothing should change unless I say so".

14
partycoder 2 days ago 0 replies      
Because companies grow not only horizontally but vertically.

Vertical structures create encapsulation of individuals and that leaves room to exploit information asymmetries.

e.g: stealing credit, favoritism, etc... rigging the game to their favor.

At the late stages of this game, people like this can get away with anything: hiring and promoting their friends, openly insulting people, just openly lie knowing nobody can do anything about it, etc.

15
arcanus 2 days ago 2 replies      
Anyone have a guess as to what company this was?
16
iends 2 days ago 0 replies      
At my current company we have an inverted, but similar problem. Startup A got bought by Company B. Company B doubles down on technology from Startup A, which ultimately leads to a big acquisition by private equity for the combined A/B.

Private equity firm cuts out RSUs and focuses on eeking out high margins without raising salary compensation to offset changes. All the senior people from Startup A and a number of senior people from B all jump ship within 6 months.

17
jcrben 2 days ago 0 replies      
It's good that big companies do dumb stuff like this. Otherwise the world would be even more dominated by oligopolies.

Hopefully they don't wise up.

18
Eridrus 2 days ago 3 replies      
Despite the overall theme of this interaction, opening an office in the East Bay seems more employee friendly than keeping them in Palo Alto.
19
mc32 2 days ago 0 replies      
Siloes is a big reason good people leave; a somewhat corollary is people think that with experience at bigco and an alphabet soup of technologies they can take that to another co and impress.

Some do impress but others have limited lateral experience and so don't fit very well into any place but at prev bigco. But, but, I have five years of experience in X at bigco Y.

20
bastijn 2 days ago 1 reply      
I can't entirely follow the article. What I read is a CEO of a 10k+ employee company had to relocate to grow and sustain growth. A team of 70 people was affected. He made the (right|wrong, pick as you like) decision 70 people leaving now is better than 10k+ having to miss out on the future opportunities.

That is what I read from this article. Though all is speculation as there is no real information in there apart from a quote you can be for or against.

This is not "why good people leave large tech companies". It a sole example of a very small group in a very specific situation. Relocation loses people yes. But not amass and not as a hidden thing. The company is well aware of it. The quote itself was there for years and it is not why people left.

Large tech companies that loose good software people for instance often do so because they apply their hardware processes to software teams as well. In addition they don't want to spend money of software, software has to come for free right! The hardware is expensive but the software is a thing we had to add as cheap as possible. That means deny requests for fancy work setups; my hardware guys can work with one 19" monitor why do they need 2 24"?

Have no separate career ladder for the technical people, I.e. You can only grow into exec or fellow if you switch to the people's route and forget the technical (I.e. General managers, directors etc but no levels above lead software architect of a (smaller) department).

Now that loses people.

P.s. I work in a large tech company. 100k+. We recently resolved the last part but not yet entirely the former. Coincidence is that I'm being relocated in January 2018. It brings about 20 minutes additional travel time for me, but for most others it doesn't. Like the article. However, I'm not seeing how losing me (and some others) would outweigh the benefit of having the entire NL software group in a single location.

21
iamleppert 2 days ago 0 replies      
After years of working at a big tech company, I left primarily because there was no interesting work left to do, and the place had become very political.

Another sign its time to leave: when the company starts doing "reorgs". Get out as soon as you can!

22
walshemj 2 days ago 0 replies      
Ah the tail wagging the dog again sounds like facilities and I suspect hr have got to much power.

I know that the CEO when facilities where pushing for people to move to some industrial estate near Heathrow with zero pubic transport links "word class Telco's don't have a head office in a F%^king shed at Heathrow"

23
omot 2 days ago 0 replies      
Omg this sounds exactly what happened at Uber.
24
known 2 days ago 0 replies      
Good people leave their Bad managers;
25
frozenport 2 days ago 4 replies      
I'd like to remind people that large companies are the only ones capable of hiring junior engineers who might not be at full productivity at day 0. This is especially true of the C++ ecosystem.
26
jsmo 2 days ago 0 replies      
I left a large tech company for very similar reasons.
27
khazhoux 2 days ago 1 reply      
Executives: "You should care about the mission, not the money!"

(as they keep all the money to themselves)

28
linuxray 2 days ago 1 reply      
you did not mention something in this article. check again and re-post.
29
coretx 2 days ago 1 reply      
Hmm. Really?! I worked for various large corporates, studied for a MBA after my IT career; found out about ethics and other ontologically speaking really valuable things in life hence left. But really, besides personal spectives and/or ego's.

:: Henry Mintzberg basically said it all in 2004 already: https://books.google.nl/books?hl=nl&lr=&id=zsYAeVgwHDQC&oi=f... ISBN-13: 978-1576753514, ISBN-10: 1576753514"Managers Not MBAs: A Hard Look at the Soft Practice of Managing and Management Development"

22
On Password Managers tbray.org
389 points by tmorton  3 days ago   333 comments top 54
1
tptacek 3 days ago 17 replies      
The 1Password situation is complicated, and is a lot less sketchy than Bray's summary would lead you to believe. 1Password has not in fact phased out their native applications or required people to use 1Password.com to store passwords (it would be insane for them to do so).

There are four issues that I'm currently aware of with 1Password:

1. They've converted from flat to subscription pricing.

2. They're pushing people to a 1Password-managed cloud sync system instead of the a la carte sync they were doing before.

3. They're promoting cloud vaults and hiding local vaults, and the Windows version of 1Password has apparently never used local vaults.

4. Now that they have 1Password.com, first-time enrollment in 1Password requires you to interact, once, with 1Password.com.

Of these, only (4) is a serious security concern. Their last release further eliminated the native app's dependency on 1Password.com. I'm confident they'll get all the way towards decoupling them, but I'm not them, so grain of salt.

I have no relationship with 1Password other than as a happy customer and as someone who does research in the field they work in. Having said that: I strongly recommend that you be very careful about what password manager you choose to use. The wrong password manager can be drastically less secure than no password manager. I recommend 1Password, and there's currently no other commercial password manager that I recommend. I'm sorry I can't go into more detail than that. :(

2
tedmiston 3 days ago 8 replies      
Just to be clear, it's still 100% possible to keep your 1Password vault in Dropbox etc and not use the SaaS version [1]. I felt like this fact was buried in the article.

Edit: Here's the link to buy the standalone license [2] which is hard to find on the site now.

In a post from the founder one week ago [3] he said, "We know that not everyone is ready to make the jump yet, and as such, we will continue to support customers who are managing their own standalone vaults. 1Password 6 and even 1Password 7 will continue to support standalone vaults."

[1]: https://support.1password.com/sync-with-dropbox/

[2]: https://agilebits.com/store

[3]: https://blog.agilebits.com/2017/07/13/why-we-love-1password-...

3
pixelmonkey 3 days ago 7 replies      
I use Enpass on Linux, Windows, OS X, Android, and iOS. I also use the Chrome extension. It has a similar user experience to 1Password, but is actually serverless (you sync your encrypted blob to a cloud service of your choice, or not at all). I wish Enpass were open source, but I can understand their decision not to make it so -- its desktop application is free and its mobile apps include a small perpetual license fee ($10 per user, one-time). The format of the encrypted blob is a simple SQLCipher database that uses your (memorized) master password as the secret key, so even though the application is closed source, the data seems to be stored in an open format. Overall, it's probably the best option on the market in a very bad category of software. After evaluating them all, IMO, you should run away from 1Password, Dashlane, Lastpass, etc and use Enpass instead. Even better if the place you sync your encrypted blob is protected by strict 2FA and has good (enforceable) privacy policies.
4
vikingcaffiene 3 days ago 2 replies      
Good security hygiene is like a diet or exercise plan: the most effective one is the one you will stick with. Most users don't follow good habits because its a giant pain for non technical users to get set up. 1p's subscription plan is aimed squarely at those people and I think its a great idea. It's reasonably secure and easy to set up everywhere. That is a big deal in my mind. Yes, its not bullet proof but its a 100000% better than what the current status quo is.

Additionally, managing your own password vault is a lot like managing your own email server. There's advantages but I feel that the disadvantages are substantial. For one, the likelihood that you, one person, are going to do a better job of securing your stuff than a dedicated team is optimistic at best. Keeping your password vault safe is literally this companies full time gig and they have entire teams dedicated to it. Do I think they are infallible? Of course not. I'm not an idiot. But I think they are going to do a better job than me at keeping my stuff safe. I happily will pay for that every month.

The authors point about the 1p web portal is a good one. I don't use it out of similar concerns. Besides that, I really could not be happier with 1p as a password management solution. They have a good track record (no hacks that I am aware of) and I want the company I trust with literally the keys to my kingdom to be profitable and motivated to keep improving.

5
jwr 3 days ago 0 replies      
I wish AgileBits didn't conflate two issues:

* I have no problem with subscription pricing, software that is maintained needs to be sold in a subscription model, period. Anyone who thinks otherwise is deceiving themselves.

* I do have a problem with entering my password (that is used to encrypt my data) into a JavaScript environment.

Give me native apps, charge me in a subscription model, don't force me into a web site version, and all will be fine.

6
harrisonjackson 3 days ago 2 replies      
With a couple UI/UX enhancements, Apple could take over the iOS/MacOS marketshare of these products with Keychain. It's already possible to use keychain in your workflow for password management, it's just not super convenient.

I'd switch from Lastpass, if Apple made it easier to autofill and autogenerate passwords and added support for sharing / teams.

7
braink 3 days ago 1 reply      
I totally agree with Tim Bray's post. The bottom line is that the pestering that I get from AgileBits makes me, as a customer, really doubt their integrity after trusting them for years. Why are they trying to force me do to this? Obviously because they want more money (but are betraying their own oft-stated security attitudes) and maybe even for some other reason (the backdoor thing?).
8
jaclaz 3 days ago 1 reply      
IMHO this part is where the nail is hit right on the head:

>Why is AgileBits doing this? For the same reason that Adobe has been pressuring its customers, for years now, to start subscribing to its product, rather than buying each successive version of each app. A subscription business is much nicer to operate than one where you have to go out and re-convince people to re-buy your software.

It is the part (common to many other software vendors) where they stress the "I am doing this for your own good" that irks me.

You want to change your business model? Fine.

Do you believe that this new one is better? Fine.

Do you want to convince me that you are changing the "old" model (which BTW you used until a nanosecond ago) becasue it is better for me? Hmmm.

9
LordHeini 3 days ago 3 replies      
At our company we use keepass2 with a db file synced by dropbox.Works nicely. Keepass can save all sorts of stuff alongside passwords (like credentials, api-tokens...) and there is an app too (for android at least).Might get a bit clunky if lots of people change a lot of stuff all the time but for us it is not a problem.
10
chipotle_coyote 3 days ago 4 replies      
I'm a 1Password user, and have synced my vault between devices through both Dropbox and iCloud at various points. I can't help but feel like either there's something I'm missing or something everyone else is missing, which statistically means that it's most likely me. But:

When I sync with iCloud, Apple can't read my vault--even though it's on their servers, it's strongly encrypted with my passphrase, and the encryption/decryption happens on my devices.

When I sync with Dropbox, Dropbox can't read my vault--even though it's on their servers, it's strongly encrypted with my passphrase, and the encryption/decryption happens on my devices.

When I sync with AgileBit's own cloud... doesn't the sentence go exactly the same way? Quoting from their own current web page: "Every time you use 1Password, your data is encrypted before a single byte ever leaves your devices."

So even if the vault is on AgileBits' own servers, isn't it _no more and no less secure_ than the third-party syncing solutions they offer? Maybe that's not the case, and things actually function differently--but I haven't seen anyone describe why that would be the case. Again, maybe I'm just missing it. But I keep missing it. And it's not in Tim Bray's article, either. He's fine with putting it on somebody else's server if that server is run by Dropbox, but not if it's run by the company that he's trusting to encrypt it against people hacking Dropbox? How is this is materially different than using iCloud, Dropbox, or any other solution that puts a copy of my vault on someone else's servers for syncing purposes?

If the real argument is that there should always be a way to use a password manager with _no_ cloud-based syncing solution, I'm on board with that; it'd be a requirement for some businesses. But that doesn't seem to be the argument that's being made. And if the real argument is that you don't like subscription pricing models, that's fine. I don't like them, either. But that's not an argument about security--it's an argument about pricing models.

11
moskie 3 days ago 3 replies      
The one place that 1Password doesn't meet my needs is in ChromeOS.

The browser plugin requires the machine you're on to have the 1Password app running in the background, which is how it gets its data from the local (and synced) vault. But there is no 1Password ChromeOS app (and I don't think it's really even possible for there to be something like that in ChromeOS), so the browser plugin does not work in Chrome on ChromeOS devices.

A while back, I think the 1Password synced vault files would also have an HTML file you could load up in a browser, which would then communicate locally with the encrypted vault to gain access to your passwords, which was a workaround on ChromeOS. I'm not sure of the security implications of that process, but it isn't supported anymore.

I really like the locally synced vault with browser plugin functionality, but the fact that there isn't a solution on ChromeOS has been a sticking point for me. I've gone the route of having Google store 1Password generated passwords via Chrome's password features, for sites that I regularly access via ChromeOS, which works, but feels excessive.

12
rrix2 3 days ago 1 reply      
More and more, I'm recommending that friends and family get a Mooltipass[1]. It's open source, it works on any platform that supports USB HID (including mobile devices using an OTG cable), it's got multiple browser plugins, and it allows you to have "two factor" auth by seperating the pin-protected crypto key from the device itself using smart cards.

The device can be backed up, and the cards can be backed up too (since unfortunately it's not doing the crypto on the card, the card is just a verifiable pin-protected way to store the AES key) and it's an obscure enough looking device that it's not yet an easy theft target.

[1]: https://www.themooltipass.com/

13
danirod 3 days ago 2 replies      
I've been using password managers (KeePass, in my case) for about a year and all I can think is, why I didn't start using them earlier. It is cheaper to generate a long, random password using alphanumerical and special characters than trying to think a clever yet memorable unique password by myself, and probably more secure.

Plus, it's true that you end up storing other sensible things that are not passwords, such as API or recovery keys, because it's acts like a vault.

14
danr4 3 days ago 3 replies      
The only cloud based password manager I'm willing to use is Dashlane[1]. It's supposedly "zero knowledge", and although you can never be 100% there isn't some bug waiting around to be exploited, it's a compromise I'm willing to make (the lesser evil). They also have several complementing features like encrypted notes, auto saving receipts, credit cards, batch password changer with quite a few major sites.

I'm not affiliated with them, it's just I never see them on HN compared to mainstream applications like LastPass, 1Pass, OneLogin and such.. and I think their services are better. Plus their support is great.

On the other hand, if everybody starts using it maybe it'll become a bigger target for hackers. so don't tell everyone :)

[1] http://dashlane.com

15
grimborg 3 days ago 2 replies      
Why is the 1password login the same as the encryption password for all my other passwords? There is absolutely no reason why I should ever send them my encryption password. If they would make these two passwords separate and handle all encryption/decryption locally, I think that would solve the issue for me.
16
trjordan 3 days ago 1 reply      
If I understand correctly, the main problem here is that if a password manager at some point asks you for a password in an online environment, they're subject to coercion. This is especially dangerous if you're using auto-updating code like Javascript in a browser or code on a remote service, because it could get backdoored at any time and you wouldn't notice.

Isn't the real problem auto-updating code with access to a network? 1password.com is certainly another vector that fits this description, but if you don't trust AgileBits to manage 1password.com securely, why would you trust them to manage the app on your machine securely? Or the auto-updating Chrome plugin?

I'm not denying that there's more surface area by creating a login, but I think it's a false dichotomy to say that the app is "offline" and the website is "online". They both have network access, and if AgileBits or a random hacker can change the app's code, they'll do that. That change will be mindlessly delivered to your computer, and the bad guys will have all your passwords.

17
darrmit 3 days ago 2 replies      
I'm glad to see this getting more attention because it has been brewing for months and 1Password is essentially doing what they promised they wouldn't - forcing users to the subscription/online model my phasing out support for local vaults.

I'm not mad at the subscription. I'd pay them the few bucks a month happily for what is an excellent application cross-platform. I AM mad at the forced cloud sync.

My current plan is to keep using 1PW 4 on Windows as long as possible and then re-evaluate when I absolutely have to. KeePass is a close alternative, but nowhere near as polished at this point.

18
archagon 3 days ago 0 replies      
Over time, it's become clear to me that the only business model with true longevity is open source. When I was first looking into password managers several years ago, I wanted something very simple: an iOS tool that could securely and locally encrypt a data blob with a memorized master password. 1Password did this job well for many years. Unfortunately, as with many App Store offerings, the pressing need for Agile Bits to grow has distorted the fundamental nature of the product. I was first alarmed when they added TouchID authentication: a seemingly innocuous feature, but one that necessarily stored your master password somewhere other than your head. (Fortunately, this was disabled by default.) Subsequently, features got added that stored your data on remote servers and even required you to send your master password over the web. I ignored this for the most part, but recent talk of this becoming the only use case for 1Password has put me on red alert. It's evidently time for me to start looking into OSS alternatives for my password manager, just as I have with a number of other tools in recent years.

Unfortunately, it seems that many companies these days are more interested in developing services rather than deftly solving specific user problems. Whether or not this is financially sound, it's an ongoing assault on my workflow. I can't live in fear of every utility on my system pivoting to a new business model! Fundamental software needs to be stable, and there's a good reason why most of our essentials (compression, video playback, web browsing, etc.) are free and open source.

Going forward, I hope we discover more ways to collectively fund open source software projects, large and small, because everything else is just an IOU for another future shakeup.

19
StavrosK 3 days ago 2 replies      
This is only tangentially related, but I believe it's time to have a unified login standard for the web. Not in the OAuth sense, as that's hard to do, but just a small, machine-readable file that tells your password manager "to log this user in, just submit credentials to /whatever/url/".

That way, your password manager would show a "login" button on the browser's toolbar when you visited any page in a site, you'd click it, and you'd be logged in (or possibly be asked for a two-factor code or be redirected to a two-factor page) immediately and certainly.

Is there anyone here who's working on a password manager who'd like to develop this with me? I've been wanting to write a spec and Django/Python implementation of it.

20
malchow 3 days ago 1 reply      
I totally missed this switch by AgileBits. Does anyone know how to ensure that the data file continues to be synced to Dropbox or iCloud, not AgileBits? (Looking into my configuration, it would appear that AgileBits has silently moved my data from iCloud to the AgileBits cloud.)

EDIT: Found: https://support.1password.com/sync-with-dropbox/

21
laurencei 3 days ago 1 reply      
I have 1Password and I love it.

But my biggest fear that I have is; if my laptop was ever pwned in some way, due to some noval 0-day etc - is that everything stored in 1Password could be compromised. But more importantly - the hackers would have an address book of banks, servers, databases etc that I have access to.

I dont know if there is a solution - but I feel it is like putting all your eggs in one basket.

22
pc86 3 days ago 4 replies      
Does anyone know anything about Dashlane? I had a free commercial account from a previous employer and it seemed nice, other than the popup every time you logged in to an unknown website asking you to save your credentials. I'm pretty sure that was configurable, though.

I don't see Dashlane spoken about much in these conversations (I have no affiliation).

23
chiefalchemist 3 days ago 0 replies      
Question: When you add additional hardware (e.g., Yubikey) how does that effect the integrity (?) of your PWM (e.g., LastPass)?

I'm comfortable (in a I have no choice sorta way) that there is always some risk. Therefore, my next best choice is to mitigate that risk as much as possible. Obviously nothing is perfect, but it seems that using a Yubikey (or similar) raise the bar pretty high.

Yes? No?

p.s. Does anyone know of the legal implications of a Yubikey? That is, can a court order you to turn it (and PW) over? Or is there some protection from such things?

Note: I'm not doing anything nefarious. I'm just wanting to lower my sec risks, as well as maintain a respectable level of digital liberty.

24
nomagicbullet 3 days ago 0 replies      
I've never seen a corporate post with more comments by employees than the one where 1Password tries to explain their subscription model [1]. It makes it looks like they want to bury non company comments.

And I am a current 1Password customer and had been for years, but that post doesn't inspire confidence in me.

[1] https://blog.agilebits.com/2017/07/13/why-we-love-1password-...

25
oxguy3 3 days ago 0 replies      
> And anyhow I'm obviously a lame-ass hypocrite because I use the 1Password Chrome plugin to fill in forms for me, and this means I type the master password into a browser.

Actually, you don't. When you click the 1Password button in your browser, it sends a request to the 1Password app on your computer via localhost, which then opens a pop-up for you to enter your password. You're entering it in the 1Password app, not in Chrome.

26
markroseman 3 days ago 0 replies      
In 1Password's case, I understand their desire to switch over to subscription pricing, and also have some sympathy with the notion that moving people to a cloud-based model reduces confusion and complexity (including their support costs). I also have no doubt that they now intend to take security as seriously in the future as they have in the past.

Beyond the not-insignificant risks of them screwing up, despite the best of intentions, there's nothing that prevents a change of company direction/priorities that could greatly increase the risk of a significant security breach. New senior people get brought in, crises happen that lead to poor decisions for financial or other reasons, and companies get sold to people who may well have completely different priorities.

27
santiagobasulto 3 days ago 0 replies      
Completely irrelevant to this post. A long time ago I was in an Android "workshop" in one of these Google conferences and I saw a tall guy with a cowboy hat and slippers walking around and talking to people. I though to myself, "what a funny guy". We chatted for a little while and I didn't know if he was a "Google evangelist" (those that can talk tech but can barely code) or if he was just serving coffee (he was super humble and relaxed). Then I learned that was Tim Bray, one of the "creators" of XML. I never underestimated anyone anymore (I was young and stupid, sorry).
28
peterkshultz 3 days ago 8 replies      
Any password manager recommendations such that people don't need to deal with 1Password's cloud-based storage?
29
lifeisstillgood 3 days ago 0 replies      
It feels like a comparison of the available options out there is something "useful to the world".

I am not too sure how to do that but would value comments from people who have used open source password managers, or even read the code!

Shall we?

My assumptions for this list of recommended apps is at minimum:

- a single file in a well-known format is stored on a cloud service, and can be read / updated from different devices and platforms

- as this is encryption, we prefer open source code and trusted binary makers

My experience:

I use pwSafe on iOS (binary from some random guy). This backsup to dropbox.

I have a python script based on pypwsafe3 that can read the file on Linux. I have not yet tried BI-directional

I know pwSafe is based on Schneier's windows version, but frankly I have not tried to find the code or validate the binary.

So - is it worth building some kind of knowledge base here?

30
guelo 3 days ago 3 replies      
Against all recommendations I reject all password managers. I feel like all security software is eventually compromised, most frequently by business folks as in this case. Instead I use a tiny notebook that I keep in my wallet. I pick long 12+ character passwords myself, not super randomized but I haven't heard of a brute forcing attack in a long time. It allows me to easily meet weird password requirements. I feel pretty secure that it's not on a computer. Admittedly I also use Firefox's password manager to avoid typing them in all the time. I trust Mozilla for now, though I wouldn't be surprised if they are eventually compromised as their market share goes down.
31
bsilvereagle 3 days ago 2 replies      
Encryption Wizard [1] solves issues 1-4, but is severely lacking on #5 (device syncing). It also has no mobile support.

I've performed a cursory search to see if any OSS password manager comes close to EW on features, but didn't find anything:

* Supports CAC encryption/decryption

* Allows you to store contacts public certs

* Allows keys to decrypt

* Generates passphrases

* Allows multiple keychains to be opened at once

If anyone is looking for a (probably not profitable) OSS project/business, I would pay probably upwards of $100 for a perpetual/source available license for an Encryption Wizard clone with a mobile client & some built-in support for syncing.

[1] https://www.spi.dod.mil/ewizard.htm

32
raverbashing 3 days ago 1 reply      
I use password managers, but I think the usual way of thinking about them is wrong

Besides password reuse being not recommended, the main issue is: most websites don't give a eff about whether they store your password correctly or not

It's a trust asymmetry, they ask you to provide a password (and most ask one with a lot of BS restrictions) THEN md5 it and put it on the database, or worse

And as said by the article (and implied by the above paragraph), there are better ways of obtaining someone's password - pwd managers are not the weakest link, at least not now

33
zeta0134 3 days ago 2 replies      
"2. Install a camera anywhere I work and focus it on my hands"

I feel like we need to be talking about this more. For all the hullabaloo concerning password strength and encryption key length, MANY of our secret key entry methods would be quite easily defeated by a common webcam and a pair of human eyeballs.

That's kind of scary! It's not about to make me stop using passwords, but it is going to make me stop and think before I log into anything in a coffee shop.

34
Sweetlie 3 days ago 3 replies      
I'm surpised nobody cited lesspass, https://lesspass.com/#/

Nobody store your password it's pure stateless, you can access the software by the official website, your website, web plugin, the terminal

see this blog: https://blog.lesspass.com/lesspass-how-it-works-dde742dd18a4

35
FabioFleitas 3 days ago 1 reply      
Are there any good password managers that don't have enforce going to the cloud, but work nicely with larger teams? A few people in the comments are recommending using keepass with a shared Dropbox file, but that doesn't work as well when you want different people having access to different passwords on teams.

Anyone know of a good alternative to 1Password or LastPass for teams?

36
malchow 3 days ago 1 reply      
Is it still the case that the 1Password Master Password is never transacted over the web, even on 1Password.com? The encrypt/decrypt is done in the browser?
37
wdr1 3 days ago 0 replies      
What I don't understand is: why isn't the responsibility of the browser?

The browser can verify who am I, likely in a more rigorous way than a password.

The browser can already handle interaction with the server on behalf of the user.

Sure, the user flow would need to be sorted out (e.g., to confirm the user's intent), but it seems much better than the current system we've been using since the days of .htaccess.

38
nthcolumn 3 days ago 0 replies      
The single point of failure is my own memory. I never commit passwords to anything else. Frequent user of password recovery for online sites. Will never use a password manager trojan for obvious reasons imho.
39
corybrown 3 days ago 3 replies      
I've moved from LastPass to KeePass, but the biggest thing I miss from LastPass (other than the better browser integration) is a good CLI client. Lastpass-cli is great, and kpcli just isn't.

Anyone have a recommendation for a good CLI client that isn't `pass`? (I don't want to deal with GPG)

40
heisnotanalien 3 days ago 0 replies      
I get your point but the truth is if the government REALLY wants your data then they're going to get it. It's not hard to install a physical keylogger for example and you'd never notice.
41
akurilin 3 days ago 0 replies      
Any alternatives to 1Password / LastPass that support Google's SSO? I tried TeamsID before and I was ok but not nearly as feature-full as I was hoping: e.g. no automatic auto-fill on the page you land on, no password generation for new websites.
42
nicktrocado92 3 days ago 0 replies      
What do you guys think of keeper [1]?

[1] https://keepersecurity.com/vault/

43
draw_down 3 days ago 0 replies      
Sure they haven't disabled the ability to keep your own password vault. It would be ruinous to do so at this point, even if they wanted to. But I think the writing on the wall is awfully legible.
44
deedubaya 3 days ago 0 replies      
I thought 1Password confirmed that the cloud based storage is the default for new users -- existing and more security conscious users can still use whatever data store they choose?
45
reiichiroh 2 days ago 0 replies      
Does anyone know the state of LastPass for Applications which would be installed locally onto Windows?
46
bokglobule 3 days ago 1 reply      
Frankly I think people are insane to use any of these password manager products, whether SaaS or local. You're trusting a 3rd party to exercise control over your most sensitive digital information. Since the majority of people on HN are developer-types, you'd think "we" would write a little code, if necessary, for ourselves to make it easier to remember passwords. Basically a little DIY.

IMO, this will end badly.

47
amelius 3 days ago 0 replies      
If only I had a keyboard with an NFC chip, and some password software on my phone ...
48
ctingom 3 days ago 0 replies      
I'm still using 1Password Version 3.8.22 on my Mac. Should I upgrade?
49
xoa 3 days ago 0 replies      
I agree with where he's coming from overall. Password managers [1] are a very important practical security measure that general users should be utilizing for the foreseeable future, and one where a good UI (as 1P and other commercial ones offer) is a genuine security feature, not just a nice-to-have, because their security implications are directly tied to how much users utilize them. That means while technical users will always have solid OSS solutions no matter what, it's worth paying attention to what major proprietary ones are doing too. This shouldn't be dismissed purely because KeePass variants or whatever exist.

And I definitely don't like the business incentives subscription models generally create when it comes to standalone software development (as opposed to a server-based service), and so far the major moves to them I have experienced (such as Adobe's) have reinforced my concerns. While in the short term individual personalities can of course do whatever, I think in the medium to long term it's very hard for development direction to stay divorced from whatever the direct economic incentives of the business model are. In turn thinking about that is one of the more important factors in thinking about to what degree a company can be depended on over the years. Because:

1. Humans have a strong tendency to favor the status quo unless there is a disruption (HN crowd likely deals with this frequently, such as with the immense power of defaults in UI design).

2. Low constant noise triggers less consideration then occasional larger spikes, even if the former adds up to more in the same time period.

3. There is direct loss associated with stopping.

4. Lock-in increases.

subscriptions are well known to be a lot stickier and less sensitive to stagnating software, pricing changes, etc., then per-version purchases are. Companies can put out "being able to focus on the longer term!" but fundamentally subscriptions remove a significant form of customer-oriented hard discipline and incentives. Some devs might be able to continue the same without it, but many clearly cannot. And I want to emphasize that this isn't at all necessarily because of any maliciousness or even greed, no "haha now we have them where we want them". It's just that a lot of humans will lose focus without some sort of hard-to-subvert, reasonably fast outside feedback loop. Subscriptions also encourage feature development and testing towards a single vertical ecosystem, even if other approaches would be perfectly viable.

AgileBits says they're keeping standalone licenses, but I see nothing about reasonable feature parity. I also agree that one of the best ways to assuage concerns is full honesty, including acknowledging obvious conflicts of interest, and in that light I agree it would have been valuable to see at least something about how this boosts their revenue, and how they're aware of the risk of making standalone licenses second class citizens and will watch for it. They've been a solid company and made a solid product overall however, so I'm willing to give them the benefit of the doubt here for now. It'd be a shame if they ultimately do go sub-only at some point, even if data can be trivially dumped to other programs.

Maybe by that time though progress will be made on finally getting websites away from password authentication entirely and in turn PMs can be rendered mostly a historical artifact.

As as an aside, though I think this blog is aimed at a general audience there are a few misunderstandings that are significant, since they're not that complex but feed misunderstandings. For example:

>In the 1Password app's sync model, however, one assumes they use the pretty-secure HTTPS-based APIs for each of these products, machine to machine, no JavaScript in the loop.

The author himself correct states that in 1Password's (or KeePass or any other client based encrypted database setup) case they're using purely offline-app endpoint encryption, and part of the entire point of that is that the transport mechanism is irrelevant. There is no need to trust anything beyond what exists on the endpoint. This matters because it relates to some of the other concern points he raises, not just cloud storage location but for example "backdoor code in a future 1Password app release that sends the goodies to the enemies". An endpoint password manager that allows abstracting sync from the application itself, at least optionally, in turn can be isolated from any net access (and/or any attempts monitored) which reduces that threat profile as well.

----

1. Effectively a mediocre reimplementation of public key auth on top of 90s-era website authentication practices that have proved sticky.

50
blubb-fish 3 days ago 0 replies      
i don't want to repeat myself ... but Bruce Schneier's PasswordSafe and only Bruce Schneier's PasswordSafe is the real deal!
51
dawnerd 3 days ago 0 replies      
1password should just release a paid (subscription even) self-hosted version. They already have the domain bit in their apps, I can't imagine it being too much effort to work with any host.
52
vbezhenar 3 days ago 2 replies      
53
netrap 3 days ago 1 reply      
How can you talk about 1Password but not KeePass?
54
ss248 3 days ago 1 reply      
Password managers are the definition of "putting all your eggs in one basket". You need to compromise 1 (ONE) password to get access to EVERYTHING. They are a lot more convenient, but barely more secure than a plaintext notepad file. And some people actually storing bank accounts and credit cards info there. This is insane to me.
23
Claude Shannon: How a Genius Thinks, Works, and Lives medium.com
357 points by seycombi  3 days ago   96 comments top 19
1
JoeDaDude 2 days ago 0 replies      
Arthur Lewbell, who knew Shannon personally, wrote a eulogy for him [1] and included photos of his "gadgeteers paradise" toy room[2][3] which is mentioned in the article.

I collected photos of the gadgets he built to play games (now in the MIT Museum) and put them on this list in boargamegeek[4].

[1] https://www2.bc.edu/arthur-lewbel/Shannon.html

[2] https://www2.bc.edu/arthur-lewbel/toys1.jpg

[3] https://www2.bc.edu/arthur-lewbel/toys2.jpg

[4] https://boardgamegeek.com/geeklist/143233/claude-shannon-man...

2
madaxe_again 2 days ago 1 reply      
I went to school with his grandson - incredibly, ridiculously, intelligent guy, who was the only person three years ahead at the school - I and one other were two ahead, and a dozen or so were a year ahead.

That said, I always felt for the chap, as socially inept didn't begin to cover it (as someone who graduated school two years early I can say with surety that it wasn't solely the temporal displacement that fettered his sociality - it was definitely a factor for us all, but he couldn't/wouldn't communicate even with other maths geeks), and I could only see him pursuing a career in academia - which he is.

I also felt for him as as a mathematically brilliant Shannon expectations couldn't have been higher - I was going to cap this off by saying I'm sure he'll do great things, but instead, I'll say I hope he has a happy life.

3
sillysaurus3 2 days ago 11 replies      
One thing that occurred to me is that if Einstein or Shannon hadn't discovered their respective theories, someone else would have. It probably wouldn't have taken very long, either.

I'm not sure what to do with this information, but it seems true.

4
gboudrias 2 days ago 10 replies      
As a psychology enthusiast (and soon to be student), I'm quite annoyed with our fascination with "geniuses".

It seems obvious that people who are very famous in their field became "very intelligent" because of a combination of hard work and genetics. But it's as if these books capitalize on the faint hope of being a repressed genius of some sort. I highly doubt Einstein or Shannon (as the article implies) ever saw themselves as more than passionate. And the ego required to want to find your inner genius goes contrary to the enormous humility they seemed to display.

That aside, these books and articles all make the same mistake of studying a single person after the fact. It's similar to mimicking Steve Jobs: That's not how he became Steve Jobs. We literally cannot know how much luck was involved in his (or Einstein's) success. Might as well study the lives of lottery winners.

So if not that, how can we maximize our potential and generally better ourselves intellectually? Simply by referring to the very vast fields of learning, motivation and general cognitive science.

But "learn the science" doesn't have quite the same ring to it as "how to be Einstein", now does it?

5
stevenj 2 days ago 0 replies      
Interestingly, I just listened to a decent podcast with Ed Thorp (an interesting man in his own right) who briefly talked about his work with Shannon.

https://www.bloomberg.com/news/audio/2017-07-14/ed-thorp-the...

6
datashovel 2 days ago 0 replies      
Was curious enough about the thesis paper, I went searching for it.

http://dspace.mit.edu/bitstream/handle/1721.1/11173/34541425...

7
atsaloli 2 days ago 0 replies      
8
roceasta 2 days ago 0 replies      
>But if his tendency to follow his curiosity wherever it led sometimes rendered him less productive, he also had the patience to keep coming back to his best ideas, over the course of years.

[snip]

>He never argued his ideas. If people didnt believe in them, he ignored those people.

I think there's a connection here which reveals a common misconception about intellectual creation, namely that scientific theories are born in a legalistic fashion by criticism, argument and debate. In reality the role of criticism is to defend against ideas we don't like. Ideas we do like are shielded from explicit criticism, for instance by ignoring critics, and allowed to grow in our brains over time. It's a pleasure to return to such ideas again and again, while they remain interesting, so 'patience' isn't required either.

9
danm07 2 days ago 1 reply      
Boy is this article filled with unwarranted hyperbole. And Tim Ferris, really?

Substance is overwhelmingly like a self-improvement article, cherrypicking details to support whatever point the author stands to posit.

10
zzzeek 2 days ago 2 replies      
> "Letters he didnt want to respond to went into a bin labeled Letters Ive Procrastinated On For Too Long. ... Inbox zero, be damned."

moving things to folders is... the definition of "inbox zero"?

11
s73ver 2 days ago 1 reply      
I read The Idea Factory, about Bell Labs, and they had a few sections on Shannon. Honestly, from what I read, it sounds like the guy didn't want to work, or have a job. And the Fates were kind, and dropped him into a situation where not only was he able to make that a reality, but he was able to provide several meaningful contributions to the fields of programming and information theory while doing so. He was able to not have to "work", and get to be part of some pretty amazing stuff.
12
petraeus 2 days ago 2 replies      
I bet there would be many more geniuses with ubi
13
AceJohnny2 2 days ago 0 replies      
> During World War II, those friends included Alan Turing, with whom Shannon struck up a lively intellectual exchange during Turings fact-finding trip to study American cryptography on behalf of the British government.

This little tidbit has always fascinated me from a What-If perspective, because of course because of the War and secrecy, Turing and Shannon did not discuss cryptography, the Bombe (Turing's Enigma-cracking machine) or the Colossus (arguably the first electronic computer, except its very existence remained a secret until the 1970s).

How would've things gone had they been able to talk freely?

14
lubujackson 2 days ago 0 replies      
There seems to be a lot of parallels in how Shannon lived and how Feynman lived. Obviously, Feynman was more gregarious, but they both found inspiration and solace in curious play. I think more than curiosity, which most people have, they both showed a profound disinterest in hiding their interests or fear of looking dumb.

That might be the biggest difference between smart guys who work jobs and geniuses who pave new paths. It is both sad and empowering because it means we simply get in our own way when we try to be "serious adults".

15
booleandilemma 2 days ago 1 reply      
I've seen 3 Claude Shannon articles on HN in the past 2 weeks. What's the occasion?
16
lhuser123 2 days ago 0 replies      
Well, I find it very motivational.
17
mathperson 2 days ago 1 reply      
Honestly it is hard for me to regard as very credible an author who openly admits not knowing who shannon was before starting this book..
18
Graziano_M 2 days ago 0 replies      
You lost me at "10'000 hours".
19
asdfologist 2 days ago 1 reply      
24
Firefox marketshare revisited andreasgal.com
389 points by ronjouch  4 days ago   504 comments top 72
1
JohnTHaller 4 days ago 9 replies      
One additional cause of new Chrome installs taking over from Firefox: bundleware. Chrome is foisted upon users as install-by-default bundleware when users install or update lots of different apps, especially free antivirus apps on Windows. Just clicking "Continue" when your free antivirus on Windows updates will cause Chrome to be installed and set as the default browser. Here's an image of Avast tricking you into installing Chrome: http://imgur.com/hNZLbmL

I've had to fix this for three family members previously as they were using a free antivirus and couldn't figure out why their browser looked different and didn't have an ad-blocker now.

2
epoch1970 4 days ago 19 replies      
I think the "Why?" section's conclusions are off the mark. It basically blames Google's advertising of Chrome for Firefox's decline, and even goes so far as to say "Firefoxs decline is not an engineering problem."

While I don't doubt that Google's advertising of Chrome has drawn away some Firefox users, I also don't think that we can ignore or deny the many controversial changes to Firefox that have likely had an impact, too.

Just off of the top of my head I can think of things like:

* Frequent breakage of extensions when first switching to the more rapid release schedule.

* Frequent and disruptive UI changes that didn't bring users much benefit, such as Australis.

* Removing the ability to easily disable JavaScript.

* Taking many years to get multiprocess support working. (Not that I'm suggesting they should have rushed it, of course.)

* The inclusion of Pocket and Hello.

* Sponsored tiles.

* Users who report experiencing poor performance and high memory usage.

* Disruption caused by requiring signed extensions.

* The removal of support for OSes or OS releases that are moderately older, but still do have active users.

I'm sure there are others that I'm forgetting.

Even if they seem minor, those are the kinds of things that can cause users to switch away from Firefox, or not even start using it in the first place. Losing a small number of users for a variety of minor reasons can add up very quickly, as well. Furthermore, those issues don't really have anything to do with Google or Chrome.

3
ssivark 4 days ago 6 replies      
> Firefoxs decline is not an engineering problem. Its a market disruption (Desktop to Mobile shift) and monopoly problem. There are no engineering solutions to these market problems. The only way to escape this is to pivot to a different market [...]

Privacy is the one problem that Mozilla/Firefox can address, which Google and Microsoft will be fundamentally conflicted about addressing. It is also a growing market; that is the market Firefox should be aiming for!

It seems to me that Mozilla/Firefox folks don't appreciate this at a deep level. They are eroding user trust in the attempt to gather data for engineering better features. Eg. see the recent controversy regarding Firefox's usage of Google Analytics: https://news.ycombinator.com/item?id=14753546 .

I made some comments on that thread, on how Mozilla/Firefox could try to win the privacy market. I don't want to repeat those comments, so I'll just link to them: https://news.ycombinator.com/item?id=14754672

4
dhekir 4 days ago 2 replies      
Some crappy companies such as Eurostar currently experience issues in their website when using Firefox (e.g. impossibility of using vouchers in some cases), and when you contact customer support, they clearly state that "Chrome is recommended" for better results, and that "there are known issues with Firefox". I initially thought it was due to some Firefox add-ons, but even with all of them disabled, things do work better in Chrome.

I've also seen other (somewhat badly-designed) websites where using Chrome leads to less issues, probably because its developers are only testing with it and using non-standard or legacy features/plug-ins. Because of those issues, I am forced to recommend family members to try Chrome when things seem broken, to the point that some have now switched to it by default. I really hope this will not become another IE-like situation...

5
dannysu 4 days ago 7 replies      
It's not just marketing. It's also Google websites that only work with Chrome.

For example, Hangout. I can no longer use Hangout using Firefox.

Or I think Gmail Inbox, which also came out only working on Chrome initially.

It's the sum of all these things that look very much like "best viewed with internet explorer" type stuff. I don't ever want to go back to such a world.

6
carussell 4 days ago 3 replies      
Side note. From Andreas's post:

> looks like the site requires a login now. It used to be available publicly for years and was public until a few days ago

I'm no longer a Mozillian, but stuff like this is really, really weird. I'm referring in general to things being hidden or locked upMozilla as an organization operated more openly than anything else I can think of, which is part of what used to make it so beautiful (and successful)but specifically, I'm talking about sign ins.

I stopped touching stuff on developer.mozilla.org 5+ years ago (or even consulting it, really), but I was reading some docs on the site last week and saw something that was so outright wrong that I felt it had to be fixed. I tried to, and it turns out that you have to use GitHub to sign in. The idea of requiring a social media sign in for a Mozilla web property is one of the most un-Mozilla things possible and really blew me away.

7
blunte 4 days ago 1 reply      
Google definitely has been a (major) contributor to the decline of Firefox, both with all the google site notices suggesting users switch to Chrome and the works-on-chrome-first features of Gmail, Drive, etc. That last issue is years old, but I would bet it got a lot of people to first try Chrome.

Another factor could have been Mozilla's defaulting to Yahoo for search (and the difficulty some people had with changing and keeping the change to another search provider). For quite a few years Yahoo has not been very good at search, and Mozilla's insistence on teaming up with them probably brought Mozilla's name down.

8
Touche 4 days ago 3 replies      
I still believe that Mozilla biggest mistake with mobile was not Firefox OS, it was that they started on Android too late. They should have been on Android from day one, but they weren't, and when they did build Fennec, it was really bad. They eventually fixed it, but by that point Chrome for Android was already out.

And then they pivoted to Firefox OS. At a time when WebOS had already failed, Nokia had already failed, and the writing was on the wall for Blackberry and Windows Phone. It was already well known that the market couldn't support another mobile OS, and that was the moment they decided to build one, totally bizarre.

I firmly believe that if Mozilla had gone all-in on Firefox for Android at the time when Android's browser was just atrociously bad, they could have been the hip option there, and had a leg-up on Chrome for Android.

To everyone that says "people don't install 3rd party browsers on mobile", that's 100% wrong. Chrome for Android was a 3rd party browser for several years and was popular.

9
osoba 4 days ago 2 replies      
Maybe this is a good opportunity for Firefox to abandon its "forced mediocrity" model.

The vanilla installation of Firefox lacks basic UI components (mouse gestures for example), lacks session management, and the bookmark and history interfaces look like they were made in 1995.

When you click an old entry in History I don't understand why it's so difficult for the selection to stay near the formerly clicked item, instead of it selecting the top most entry forcing you to scroll all the way down again if you want to open another entry that's near the previously clicked entry.

Why can't Bookmarks employ a simple logistic classifier? OK I've stopped using Firefox's bookmark system a long time ago (because its so shitty) but if I were to be still using it I would expect the browser to be smart enough to figure out that if all my bookmarks from a certain site are in a specific bookmark folder that most likely means this new bookmark from that same site should go there and should be offered as the 1st choice.

Now, yes, of course you can add all these features in a slow JavaScript-based addon which will eat your memory and cpu time and allow the Firefox team to blame the addons when something goes wrong with Firefox, but at some point you have to reconsider if this is such a good idea.

Sure very few people use mouse gestures in Firefox and adding them out of the box could be interpreted as bloat, but maybe if more users even knew what mouse gestures were and how useful they are, they would start considering them a fundamental aspect of a browser's interface and not just a fancy knick-knack.

I miss the old Opera so much :(

10
cpeterso 4 days ago 1 reply      
The article's ADI charts do not account for Mozilla moving Windows XP and Vista users from the Firefox release channel to the ESR (Extended Support Release) channel in March 2017 [1]. New versions of Firefox do not support XP or Vista, but XP and Vista users will continue to receive ESR security updates at least through 2018 Q1. You can see a similar "drop" in Mozilla's Firefox Hardware Report [2].

[1] https://blog.mozilla.org/futurereleases/2016/12/23/firefox-s...

[2] https://hardware.metrics.mozilla.com/

11
shmerl 4 days ago 2 replies      
It is indeed a monopoly problem. Google should be required to give browser choice in such ads, same as MS were.

What I worry about, is the increasing situation of "best viewed in Chrome" and sites starting to break in Firefox. That's going to be very bad.

12
blauditore 4 days ago 1 reply      
I've been saying this for years, that Chrome's market share is mostly caused by Google's aggressive advertisement. Many users don't even know exactly what a browser is, they just clicked that button at some point because the text next to it told them to do so.
13
rossdavidh 4 days ago 4 replies      
While Firefox on mobile is virtually nonexistent, what this post asserts just doesn't look true to me. He's basically asserting that Chrome is where Internet Explorer was in the late 90's, but when I see what browser people are using for presentations, or when I am pair-programming or otherwise able to see directly what people are using, I see Firefox commonly. Outside the U.S., I don't have much visibility, but the StatCounter data (https://www.netmarketshare.com/browser-market-share.aspx?qpr...) which shows Firefox on the increase in the last year, looks a lot more like what I am witnessing.
14
notatoad 4 days ago 3 replies      
With every new version, i give firefox another try and it always just feels sluggish compared to chrome. The UI is not as responsive and the pages don't seem to load as quickly. I don't know if there's any actual data or measurements to back this up and i haven't tried to measure any speed differences, but for me the reason I use chrome instead of firefox is absolutely an engineering problem and not a marketing one.

I'd much rather use a Mozilla product than a Google one, but chrome is simply a better browser.

15
owly 4 days ago 2 replies      
Lots of haters on here! :) Like most of you, I use all browsers to test sites and applications. But Firefox is my main browser on all platforms for a bunch of reasons and I have no issues with performance. It has all the add-ins I need. I like the way it looks compared to the alternatives. The test pilot add-ins have been great. https://testpilot.firefox.com/experimentsAnd last but not least, by using it I'm supporting the open web and not feeding a monopoly.
16
norea-armozel 4 days ago 0 replies      
I think half the problem with Firefox is that it has a marketing problem. Most folks today just trust Google and so Chrome is a product that has trustworthiness that will stand out for folks especially on the matter of speed/reliability. If Mozilla wants to do anything to save their project then they have to start re/building their brand recognition and trustworthiness among COMMON USERS (technical users tend to inform themselves so it's really not an issue IMO beyond actually talking to us). It'll be an uphill battle all the way but I think they'll find it's worth it.
17
FollowSteph3 4 days ago 1 reply      
I disagree with the article. When Firefox first got popular the default was internet explorer which was already installed on your computer. However because Firefox was so far ahead word spread and people took the time to install it.

These however there is no really big advantage to using Firefox over chrome, and when the difference is that close marketing and convenience will win. In other words if Firefox would've been on or with internet explorer years ago it would never have gained the market share it did in the first place.

It's not just a marketing issue but a combination of a marketing and engineering issue.

18
jchw 4 days ago 1 reply      
I find it pretty amusing that nobody is going to acknowledge the idea that maybe, just maybe, there's also a component of the fact that Firefox has simply fallen behind Chrome in many aspects, losing the preference of many developers and power users. They are far from the majority, but there are without a doubt cascading effects. Google's marketing is probably only getting more aggressive because there's going to be diminishing returns the further they go.
19
moocowtruck 4 days ago 0 replies      
I was expecting a bit more than blaming google... The reason I stopped using firefox is because it became nothing more than a 'meh' chrome clone and slowly killed its ecosystem.
20
swiley 4 days ago 0 replies      
They argue they're privacy minded and then remove control from the user.

Everyone who doesn't care about control is just going to use chrome, edge or IE so going after that market is probably not a good use of resources.

I don't quite get the whole performance thing, chrome eats memory constantly and trashes the machine which is something firefox doesn't do. It's single threaded though so shitty pages will hang it.

21
Karunamon 4 days ago 0 replies      
I really don't think the author backed up their hypothesis here. I'd place a lot more of that blame on Mozilla's poor decision-making (detailed elsewhere in this thread) than any amount of google.com popups.

If I were to boil it all down, (and I say this with zero snark), I'd say that they have little to no differentiation with Chrome. It looks like Chrome, it will soon be no more powerful than Chrome, it's developed ignoring community input like Chrome, and the kiss of death: it performs worse than Chrome.

With all that in mind, why not just use Chrome like those popups suggest I should, and get a speed boost while I'm at it? (Note: open source politics do not factor into this)

22
mcjiggerlog 4 days ago 2 replies      
I really want to like Firefox Android (addons are awesome!) and try it out every now and then, but every time I just end up uninstalling and reverting to Chrome.

The number one reason is that scroll seems to work differently to every single other app I have installed. It's "sticky" and doesn't feel native. It also takes a noticeable amount of time to render the page when scrolling quickly, which is not something I've ever noticed with Chrome. What gives?

23
ksk 4 days ago 1 reply      
Its quite surprising that Google has avoided anti-trust scrutiny for as long as it has.
24
Aissen 4 days ago 1 reply      
I've been a firm Firefox on Android user for years, but I recently switched to Brave. While Desktop performance is acceptable, Android cold-launch performance is very bad, and Chromium-based browser beat it to the punch. And the native (implemented in C++) adblocking means better performance than uBlock Origin.

Too bad, I really liked Firefox Sync, it was such a superior solution (for privacy, at least).

25
buster 4 days ago 1 reply      
So not true. I try Firefox once in a while, but Chrome still is more responsive and has the better UI -> better UX.

Basically i am waiting for a Servo-based browser which will hopefully change the UX in favor of Mozilla again.

Oh, and PLEASE Mozilla. Unify that f* search toolbar into the adress bar, already. It's stupid.

26
hendersoon 4 days ago 1 reply      
I used Firefox since it was called Phoenix in 2002. Fifteen years. None of my friends or acquaintances used Firefox. I was the last man standing.

I switched to Vivaldi last month due to webextensions breaking fully functional mouse gestures in the Firegestures addon. They finally forced me away. Thankfully Vivaldi exists!

27
dep_b 4 days ago 0 replies      
I don't use Firefox that much because I'm mostly on macOS, but every time I use Windows and I open Firefox it seems more snappy again. I am making sure nobody in my family uses Chrome because it's a resource hog and effectively helps the same kind of monopoly we had with Internet Explorer.
28
iopq 4 days ago 0 replies      
I love the chart that goes from -7% to -22%

it cuts off exactly where you would think there's ten times fewer Firefox users

29
PeterStuer 4 days ago 0 replies      
Long term FF user here. I still use it as I stand behind the independence, but ...I have found FF speed and stability gradually lacking. What was once a fast and lean browser has turned into a behemoth. Of course, part of it is beyond their control as it seems more and more publishers only QA on Chrome nowadays leaving FF behavior in the 'hope and pray' category of UX. I'll stick with it for now, but saying I'm at the verge of switching wouldn't be far from the truth. If it were not for the ideological, I would have switched to Chrome long time ago.
30
rrggrr 4 days ago 0 replies      
Extensions are tipping in favor of Chrome. Many of the extensions I use are Chrome only.
31
reacweb 4 days ago 0 replies      
For me, the compelling feature of Firefox over chrome is that using Firefox portable, I can avoid company policy and configure proxy to bypass bluecoat filter.
32
nevir 4 days ago 0 replies      
> This explains why the market share decline of Firefox has accelerated so dramatically the last 12 months despite Firefox getting much better during the same time window.

(this quote is from the article, in reference to Google aggressively advertising Chrome)

I'm pretty sure that all the ads mentioned in the article have been around for far longer than 12 months. What else might have happened 12 months ago to influence the decline?

33
remir 4 days ago 0 replies      
The reality is that for a while, Chrome was simply a better browser. Extensions "just worked", it silently auto-updated (huge for non technical users), was very secure (anti-phishing), it came with Flash, sandboxing from day 1, etc...

I installed Chrome on the PCs of family members and it was trouble free for them. No need to update Flash separately, no random crashes, the anti-phishing is great, too.

34
makecheck 4 days ago 0 replies      
I really wish Google's Chrome spam wasn't "working" because I am so tired of it (and anything like it). This is a variation of the "Here's what's new in the app that you didn't know you updated!" dialogs that developers seem to like now.

If I could have software and services not totally derail what I was trying to do, that would be greaaaaaat.

35
Rjevski 4 days ago 0 replies      
One of the issues I see with Firefox is that they did some stupid stuff like Pocket, Hello and this awful Australis UI that as a result alienated a lot of power users.

Power users are Firefox's best chance at regaining market share, and some of those users are now gone as a result of Mozilla's stupid decisions.

36
ashitlerferad 4 days ago 0 replies      
Since my 10AM EST blog post comment has not been approved . I'll paste it here:

"...the falling off the cliff is just the snowball effect of bad management and decisions made many years ago. Its to late now to stop the bleeding as-is. The solution is right there, although obvious, its probably to much for Mozilla to undertake at this point."

37
rubatuga 4 days ago 4 replies      
Well maybe if they updated their shitty UI, I would be inclined to install it. Why cant firefox combine the search and address bar like every other major browser? Why cant Firefox ditch their slow animations, buttons, menus, and do with less skeumorphisms? They need a serious refresh if I were to ever start using it again.
38
apeace 4 days ago 0 replies      
It strikes me that the reason Firefox rose to prominence in the first place was because of the same thing: web sites all over put banners on the top of their pages (for IE users), saying something like "You should upgrade to a modern browser".

The difference is that in those days, it was the developers of many different web sites doing it. I did it on many sites I worked on. We were sick of working in IE and wanted a browser that followed web standards we could all use.

I don't think Chrome's dominance is a bad thing. Because if Chrome ever breaks the web for developers, we'll just do it all over again (or force Chrome to follow us, as we did with NaCL vs. WebAssembly).

39
HellDunkel 4 days ago 0 replies      
I know how much better Chrome is yet i stick with Firefox all because of the idea of a free web.

It is slow. the ui sucks. it looks dated. it crashes far too often and eats up loads of mem. Don't blame Google for its ads, the problems are homegrown. Its sad to say this but i guess i will turn my back on it too if things dont change.

40
digi_owl 4 days ago 0 replies      
For me at least Firefox have been burning bridges like crazy.

The change in UI to Australis i could deal with, as it could be mitigated with extensions.

But "recently" they changed to GTK3 on *nix, and are now in the process of making extensions less potent.

All this makes it harder to continue using Firefox where it used to be the flagship browser.

41
zimbatm 4 days ago 1 reply      
Chrome has other advantages as well.

If you buy into the Google Suite then you get synched profiles. Firefox has the same but the account is only useful for keeping Firefox in sync whereas Google's also give you access to all their other products, plus oauth to third party services.

Google Chrome exists inside of an ecosystem, which means that is stays simple. On the other hand, Mozilla has a tendency of treating the browser as a goal in itself, which is understandable but creates things like the Pocket extension and other UX complexities.

Android's unremovable Google search doesn't open the default browser but presents the result in a Chrome WebViewer.

42
gator-io 4 days ago 0 replies      
Here is a view of browser market share with detectable bot traffic removed.

https://truemarketshare.com

Firefox is dropping, but not collapsing. And my opinion as to the primary reason why is the Yahoo default search.

43
twobyfour 4 days ago 0 replies      
Returning to a browser monoculture would be a loss for the web and its users.
44
corford 4 days ago 2 replies      
Maybe Firefox is slow on Linux but on Windows I don't notice a difference between it and Chrome. If anything FF starts faster on my Win10 box. The UI is just as snappy and I vastly prefer FFs settings dialogs to the kid gloves one in Chrome.

Also can't remember the last time FF crashed on me (and I usually have hundreds of tabs open for weeks/months on end).

Dev tools are a toss up but I tend to use the ones in FF more than Chrome, probably simply out of habit.

Once servo becomes mainline (and assuming it delivers on its promise) I can't see why anyone would choose anything other than FF.

\_()_/ works for me

Edit: I'm not big on extensions but do have a few installed: session manager, foxyproxy, one tab and fireshot.

45
nfriedly 3 days ago 0 replies      
> ...Firefox Desktop is probably headed for extinction over the next couple years,...

Yikes! I hope that was an exaggeration! I'm a long-time Firefox user on desktop and mobile, and I certainly don't want to see it die on the desktop.

I prefer FF both because of the motivations behind the browser, and because on Android it supports extensions, making it much more useful to me.

I do wish they'd release an iOS version that had the ad blocking of Firefox Focus, and the tabs and Sync and such from regular Firefox.

46
usharf 3 days ago 0 replies      
It is really a shame as Firefox is really great to use these days. I've noticed that when switching back from safari and chrome. I now use it both on macOS, Linux and on my iOS devices, where I mostly use Firefox Klar for privacy. I find the the sync feature is very useful (bookmarks, history, passwords) and I trust Mozilla more than I do google. Those notices though, when I do use google services are frustrating and annoying, not to say off putting.
47
morekozhambu 4 days ago 0 replies      
I was a firefox fan until recently. I guess it was firefox 51 or so and I switched to chromium purely for usability and performance sake. The page loading and bookmarks management was horrible at that point. Not sure how it is now.
48
abiox 4 days ago 2 replies      
> Firefoxs decline is not an engineering problem

possibly. however for me, technical problems are why i avoid it in general.

i still use it a bit, as i'm lazy about switching between user accounts with various services and separate browsers makes this easy.

sadly, nearly every day firefox will crash, often when i'm not even using it. it happens so often i don't even get annoyed anymore... it's just normal. my system is a fairly new build and nothing else crashes (or at least, so infrequently i don't recall anything).

49
johndoe489 4 days ago 0 replies      
I originally switched to Chrome soon after it came out because it was fast.

I still use it today because usability wise it's just better for me.

I can't for the life of me get used to a separate search box. The "omnibar" is simply fantastic. Coupled with turning off "search suggestions" in the Settings, you have a wiki on hand pretty much. Anything you type will match a personal bookmark, or a personal search. Or title of a page visited earlier. This means I don't need to make bookmark in many cases. I can also manage omnibar to give optimal results by making random, useless searches in a private window, which again, is so easy to use in Google Chrome (Ctrl Shift N). And then if a search match is inconvenient for speed or just not useful anymore, just shift+del to remove it.

Firefox completelty lost me when I looked back and it was like version "52" instead of the version 14 or something I was one, just a year or two later. I was like "what the hell??" "WOW what are all these amazings updates they made?" Only to realize barely anything changed at all.

And lately they just lost me completely as a developer. They wanted to integrate the Firebug extension, arguably the most useful aspect of Firefox for developers. I kept using Firefox for firebug for years, while Chrome was my main browser. But since they integrated it, it just performs worse. It's so damn slow and unusable, meanwhile Google console just gets better and better.

50
dandare 4 days ago 0 replies      
Dear Mozilla team, I for a change think Chrome is better browser than Firefox.

I am not talking about the performance of JavaScript, compliance with standards or developer tools, no, I am talking about Firefox's outdated UI and inconsistent user experience. Chrome is slick and fast while FF often lags, wastes space in the tabs and address bar and confuses me with additional search bar.

51
bla2 4 days ago 3 replies      
Google has been pushing chrome on their sites for years. Firefox's drop in desktop is recent. So just marketing can't be the explanation.
52
badpenny 4 days ago 0 replies      
Now and again I'll try switching to Firefox but it's just incredibly sluggish compared to Chrome so I end up switching back.
53
ue_ 4 days ago 8 replies      
I've seen people frequently say that they don't use Firefox because Chrome is faster, and despite being a Firefox user myself, it's close to what I've noticed. In Chrome (on GNU/Linux and mobile at least), pages seem to load instantly. I don't know why that is, but apparently it's not just me who has noticed this. Meanwhile, the most frequent complaint about Chrome is RAM usage, and only when using many tabs. Most people don't use many tabs.

It's a shame that Chrome which appears to be on track to become the most popular browser by a considerable margin is proprietary software. And before I get a reply telling me that Chromium exists, I know that - but I also know that it's not Chromium that's popular.

I think it is also a shame for two more reasons: Mozilla wants to make Firefox look like Chrome, probably to replicate features which seem to draw users in, by changing the extensions API to make it less powerful, by supporting standardised DRM in the browser (though this is a different issue) etc. Secondly, we may see a world in which only Webkit matters, and standards no longer rule, similar to the situation with Internet Explorer years ago. This will also put pressure on Mozilla and other "third party" browser authors to support features just because Webkit supports them, or even to break standard features so that they render like they do in Webkit.

I'd probably get shouted at for thinking it would become a "monopoly", but that's exactly what it is, just not in the legal sense.

54
MichaelMoser123 4 days ago 1 reply      
I would be glad to use firefox on Windows, but there are installation problems, after install the browser crashes on any attempt to use it (on my Linux VM it works just fine).

The firefox people should take care of such details when they deal with the most widely used desktop OS.

55
sriram_iyengar 4 days ago 0 replies      
I'm a firefox user for a very very long time - i do not remember using IE or Chrome for any serious time - i'm using mac for a decade now and not even safari !Have never found firefox disturbing my dev work anyday.Will continue to use firefox.
56
tschellenbach 4 days ago 0 replies      
Chrome is just a (much) better product. Combination of building a better product and a lot of advertising.
57
bahjoite 4 days ago 1 reply      
Not included in these numbers are installs of Trisquel's Abrowser and The Tor Project's TorBrowser. Both are rebadged Firefox and neither one is downloaded from or phones home to Mozilla. I don't suggest that this would make much difference to the numbers.
58
fimdomeio 4 days ago 2 replies      
I want to use firefox, I really do. But I can distinguish when it's running and when it's not by my macbook fan noise. And yes I've tried all kinds of clean ups. but it just sits there on the background consuming 40% of a cpu while doing nothing.
59
tonmoy 4 days ago 1 reply      
Forefox installation numbers maybe declining, but how does it compare with any browser install? Maybe desktop growth has stagnated, maybe with always updating OS and Firefox itself, people just don't need to "install" Firefox anymore?
60
kevin_thibedeau 4 days ago 0 replies      
It couldn't possibly have anything to do with breaking extensions once again.
61
baybal2 3 days ago 0 replies      
Firefox looses marketshare because they hired talentless GUI designers who made thing not better, but actually worse
62
rocky1138 4 days ago 0 replies      
> Mozilla publishes aggregated Firefox usage data in form of Active Daily Installs (ADIs) here (Update: looks like the site requires a login now. It used to be available publicly for years and was public until a few days ago). The site is a bit clumsy and you can look at individual days only so I wrote some code to fetch the data for the last 3 years so its easier to analyze (link).

These two things are probably related :)

63
satysin 4 days ago 0 replies      
I can only speak for myself but I didn't leave Firefox for Chrome because of advertising. I left because a year ago Firefox was painful to use. Sync was (might still be?) incomplete, setting up quick searches was annoying, font rendering was poor, HiDPI support was crap, overall performance was noticeably slower than Chrome and they announced killing off advanced XPCOM based extensions so I figured I would just change over now rather than later.
64
spiderfarmer 4 days ago 0 replies      
I love you Firefox, but you're horrible on retina screens. Just scrolling takes 2 times as many CPU cycles when compared to Safari. It's troubling because I'm the biggest Firefox supporter I know and even I switch to Safari when I hear the CPU fan spinning.
65
maxharris 4 days ago 0 replies      
I don't use Firefox because it's a power hog compared to Safari.
66
zimbatm 4 days ago 0 replies      
One thing the author didn't touch upon is the amount of manpower available on both sides. I am under the impression that Google has much less people involved in the construction of their browsers.
67
self_awareness 4 days ago 0 replies      
I didn't switch from Firefox to Chromium because Google puts the "Chrome" name all over the place. I did the switch because Chrome is 2x faster than Firefox.
68
faragon 4 days ago 0 replies      
Firefox: please lower the priority of the religious stuff (Rust, etc.), and increase the priority for actual work involving better user experience.
69
smegel 4 days ago 0 replies      
Prevent Javascript from running HTML5 videos and I will switch in a heartbeat.

But I guess Mozilla is just as corrupt as Google...

70
baalimago 4 days ago 0 replies      
firefox is important.

don't let it fall

71
oconnor663 4 days ago 1 reply      
> monopoly position in Internet services such as Google Mail, Google Calendar and YouTube

Seriously?

72
cocktailpeanuts 4 days ago 0 replies      
I have both Chrome and Firefox installed but try very hard to stay away from using FF unless I'm testing cross-platform stuff or if I want to sign into multiple accounts of a same service (one on chrome and one on firefox)

And this has nothing to do with monopoly. That's just a rationalization for their fuckup. I don't even know where to start, let me just list a couple:

1. The "Yahoo.com" by default is the worst: I know users can switch to google, etc. but if a developer like me doesn't even want to go through trouble, why would any ordinary person go through all the trouble when they can just use chrome? And we all know Yahoo doesn't provide customer-centric search results but ad-optimized results to squeeze out revenue.

2. Bad performance: YES IT IS ALL ABOUT ENGINEERING. As someone who keeps a lot of tabs open I can't use firefox because the cpu level reaches the stratosphere if i keep opening tabs and leave them around. The firefox browser performance sucks. Period.

But I think the main reason FF is failing is because the developers are out of touch with the reality, just like in this article where one of the developers complain it's because Google is pushing chrome through monopoly. He's forgetting that before Chrome, it was Firefox who won despite MS pushing IE through monopoly.

If the developers were more self-aware, they wouldn't have let all this happen.

25
Things to learn in React before using Redux robinwieruch.de
368 points by callumlocke  4 days ago   103 comments top 10
1
k__ 4 days ago 7 replies      
My first project with React was a mess, mostly because of Redux. Not because it's bad, but because the lead dev was adamant about using something Flux like. First we had Flummox, than he rewrote everything in a week with Redux, that was 2 years ago, before Redux had sane async helpers.

In my current project (where I'm the lead, haha) I'm trying to got state/props all the way.

I think for most apps it's more than enough AND it's easier to get started for new devs.

React is really easy. I mean coming from Ember and ExtJS, its API is a walk in the park and you can get really far without extra state management.

One thing that is important for this approach, minimize nesting.

You don't want to pass down everything from the app, to the screen, to the list, to the item. etc.

Instead of doing:

 <List items={items} />
do it like that

 <List> {items.map(i => <Item item={i}/>)} </List>
No nesting of screens (top-level components), no (hidden) nesting of components. This may seem kinda strange, because the first example has no dependency to the Item component, but it gives the component that uses the List direct access, which simplifies props-passing immensely.

This doesn't work for all apps, but it's a good starting point.

I ended up with 2 folders, screens and components, that are both simply flat lists of component files.

2
spinlock 3 days ago 0 replies      
I'd rather use Redux without React than React without Redux. Sure there's some boilerplate but we use typescript so the redux boilerplate seems trivial in comparison.

Redux keeps your app _simple_. That's not the same as easy. It means that you can reason about your app as it grows and new features are added. When you run into problems like: this page is taking too long to load because we do calculations x, y and z on the server to push the data to the app. But z takes forever to compute and makes the initial page load painful. With Redux, you can move z to an async endpoint and just load x and y on page load (put the component that needs z in a loading state). Then, fire an ajax request when the component mounts to get z. When that call returns, it updates your store and the component that needs z transitions from loading to loaded.

I took me a couple of hours to do the above in a Redux app and decrease the page load from 2 seconds to 300ms. And it didn't add complexity to the app that would make it difficult to maintain. I don't even want to think how long that refactor would take if the state had been managed with React.

And ... don't even get me started on how easy -- and fast -- it is to test a Redux app. Zero side-effects means zero setup and teardown between specs.

3
sghiassy 4 days ago 3 replies      
The rush to use Redux for every React project is one of the most annoying parts of the React community; using a tool just to use it, before understanding if you need it or not. This article summarizes a lot of good points.
4
acemarke 3 days ago 0 replies      
As usual, this is an excellent article by Robin. Well-written, and full of great information.

It's worth noting that both the React and Redux teams (including Dan Abramov and myself) agree that you should focus on learning React first, and _then_ learn Redux. That way there's fewer new concepts and terms to learn at once, and once you understand React, you'll have a better appreciation for what kinds of problems Redux can help solve. That's not to say you _can't_ learn them both at once, just that it's the suggested approach that will work best for most people.

5
hippich 4 days ago 0 replies      
As a general rule do not use `this.react` inside `setState({ ... })` - this will cause you problems eventually due state updates being async.

If you need to use state to set new state, use functional callback instead - https://facebook.github.io/react/docs/react-component.html#s...

6
tchaffee 4 days ago 0 replies      
Worth a read. It summarizes in one place much of what I learned bit by bit from various other articles.
7
captainmuon 4 days ago 8 replies      
I wish React would come with a standard way to handle Ajax (or a convention or semi-standard library would emerge). (Edit: "comes along" in the sense that immutability-helpers, redux and create-react-app come along with react. I'm not proposing to add anything to the react module. I'm not the world's best expert on react, but before downvoting can you please assume I know a little bit of what I'm talking about?)

Something that:

- Can fetch JSON according to criteria from an API

- Caches stuff locally (just in memory, or in local storage) in case of duplicate calls

- Deals with multiple concurrent calls, and merge them (e.g. fetching 1 and then 2,3,4 before 1 finishes -> either cancel 1, or wait until it finishes, and then fetch only the last requested item.

- And all the stuff I can't think about right now, like cancellation and timeouts

Plug your pure component into one of these, tell it about your API, and you're done. It's really error prone to write these containers yourself. And I think Redux doesn't really help much with Ajax.

8
noncoml 3 days ago 2 replies      
IMHO Redux is a heavy, clunky and awkward practice that is only holding React back.

My advice to anyone reading this forum is give MobX a try before deciding to commit to Redux.

9
bernadus_edwin 3 days ago 1 reply      
People should learn eventEmitter or PubSub before learn redux
10
TotallyHuman 4 days ago 7 replies      
I don't understand why anyone would use React at all with the ridiculous license.
26
Monospaced Programming Fonts with Ligatures hanselman.com
352 points by riqbal  2 days ago   230 comments top 43
1
Stratoscope 2 days ago 17 replies      
> Picking a programming font is like picking a religion. No matter what you pick someone will say you're wrong. Most people will agree at least that monospaced fonts are ideal for reading code and that both of you who use proportionally spaces fonts are destined for hell, or at the very least, purgatory.

I guess I'm destined for hell or purgatory then.

Hanselman is not alone. I had the CEO of one company look over my shoulder and ask, "Mike, I don't understand how you can program in a proportional font. How can that possibly work?"

He wasn't interested in the answer, he just wanted to make a point to me and our teammates that what I was doing was weird and wrong.

I would hope for people to have more intellectual curiosity than this. One of the best ways to learn is to let your assumptions be challenged: talk with people who do something differently from you and find out why they do it.

It's been said that a programmer should learn a new programming language every year or so, and especially learn a new kind of language that will teach you different ways to think about code.

Similarly, I think every programmer should try coding in a proportional font, at least for a while. It may show you new ways to think about how you format your code, as it did for me when I got curious many years ago and tried it.

For example, it cured the bad habit I had of lining up too many things in columns, like this:

 myFunctionThatDoesStuff(someArgument, andThisCalculatedOne(anArgumentThatMeansSomething, anotherWordyName));
Obviously that won't work in a proportional font, so it forced me to try this instead:

 myFunctionThatDoesStuff( someArgument, andThisCalculatedOne( anArgumentThatMeansSomething, anotherWordyName ) );
This indentation-only style has many advantages, and of course it works just fine in a monospaced font too. In fact the Rust/Servo team recently switched to it from their former column-aligned style.

2
Jakob 2 days ago 9 replies      
I like switching fonts every couple of years just to keep it fresh.

My font right now is Iosevka: https://be5invis.github.io/Iosevka/ A font generated from its source code. You can build your own variant. It has ligatures as well.

I like that its not as wide as many other monospace fonts.

3
rocky1138 2 days ago 4 replies      
This is a deeply personal choice, I feel. I am not a fan of using ligatures in programming code as it gives some abiguity around how many characters are in a given ligature.

To each his/her own, I guess.

4
TeMPOraL 2 days ago 5 replies      
> I frankly can't understand how tiny font people can function. It gives me a headache to even consider programming at anything less than 14 to 16pt and I am usually around 20pt.

What? I can't understand how such large font people can function. I mean, how large (or dense) are your screens? Is that a Macbook thing?

I'm at... something small. Hard to tell exactly, because on my laptop screen, all following fonts look pretty much the same size, while having different configured values:

- IntelliJ - Monospaced, size 12

- Emacs - (:family "Hack" :foundry "unknown" :slant normal :weight normal :height 76 :width normal)

- xterm - xterm*faceName: Hack:size=8:antialias=false

So 8 / 12pt (which one is pt?) and/or 76 somethings. People at work say I'm crazy working with such small text, but frankly, anything larger for me feels like wasting tons of vertical space, which is of short supply given the (IMO completely idiotic) market standardization on 16:9 and 16:10 displays.

5
edejong 2 days ago 6 replies      
Apparently I'm one of the two users of proportionality spaced fonts for coding. I've used this now for five years and I don't understand why developers still see this need to code as if monospaced terminals is all that's available. Especially on large screens with high dpi it reads much faster. It also makes it less awkward to use editor unicode substitution for display purposes.
6
yla92 2 days ago 1 reply      
I love Firacode and use it in Android Studio/IntelliJ but it has this bug[0] where "=" is invisible in Gnome terminal. So, I had to switch to Fira Mono[1], the parent of Fira Code, from Mozilla. Fira Mono doesn't have cool ligatures but it's a good font and works pretty well.

[0] : https://github.com/tonsky/FiraCode/issues/162[1] : https://github.com/mozilla/Fira

7
Wintamute 2 days ago 3 replies      
I'm mystified how any one finds these more readable. Form over function if you ask me.
8
amk_ 2 days ago 2 replies      
I really like the giant, triple-line === ligature for JS in Fira Code. Makes it super-obvious when you are doing strict vs sloppy equality checks.
9
ericmo 2 days ago 0 replies      
One thing that really annoyed me in some monospaced fonts with ligatures is the [] ligature, I never understood why would someone rather see a box instead of two brackets. I'm no typographer, but I think that it makes the text lose its uniformity, because [] and [0] will look weird close to each other.

I guess I'm not alone in this, because in the Fira Code repo there's this commit from 2 months ago: "Remove [] ligature from specimen".

10
sqeaky 2 days ago 1 reply      
Tiny font person reporting in. I can easily read 9pt font scaled to 80% or 90% in Qt Creator on my 4k monitor. Some of my other coworkers are unsure if I even have text on my screen. I do it because I can fit 4 split views of 120 columns text on my screen (at 90%, 5 at 80%).

Right now I only have 3 split views, Unit tests, the header and the source file I am working on.That window does not take up the full screen and I have plenty of space for a build VM another text editor for scripts and notes, a file manager and a few consoles.

11
twobyfour 2 days ago 1 reply      
I'm not sure that ligatures would be an improvement for legibility or editing code.
12
Pxtl 2 days ago 2 replies      
Honeslty, this should be handled by the language itself. If a language supports unicode, why not support for not-equals instead of "!="? Then provide a pre-processor that will replace all your ugly "!=" with the correct mathematical symbol.
13
tambourine_man 2 days ago 0 replies      
I get really excited about this kind of thing.

At the same time, I'm amazed that we, developers of all people, still use mostly software from the 80's. At least conceptually, if not actual code.

I mean, our tools can be as awesome as we want them to be. An illustrator is at the mercy of others to improve his daily software. We're not.

And yet, we get all fired up when we are able to display thousands of colors, some pseudo GUI feature like menus or divisors by patching fonts or have text appear at the opposite end of the line simultaneously. Madness right? I know.

I'm as guilty as the next guy, my editor is Vim (on the terminal) and I spend ridiculous amounts of time tweaking tmux, bash/zsh and fetishizing over color schemes.

I can't help but feel that by now we should have an OpenGL rendered environment where something like SublimeText's minimap would be easy and Hollywood style interfaces possible, albeit excessive.

14
jbmorgado 2 days ago 1 reply      
For some people this might be great but for me this is a total sensorial overload, I tried to use some of these fonts in the past and I just loose track of the code.

Did anyone experience the same in the begging and grew to actually like these fonts or was it always a "love at first sight" experience for you that use them?

15
timothevs 2 days ago 1 reply      
I am a huge, huge fan of the free font Input[1]. Just love how customizable it is, so much so, that Ive replaced Pragmata Pro with Input on Sublime.

[1] http://input.fontbureau.com/

16
jsingleton 2 days ago 0 replies      
I think Scott updated the sample used for the screenshots after putting it in the post.

The code is listed as:

 // FIRA CODE object o; if (o is int i || (o is string s && int.TryParse(s, out i)) { /* use i */ } var x = 0xABCDEF; -> --> ==> != === !== && ||<=< </><tag> http://www.hanselman.com <=><!-- HTML Comment --> i++; #### ***
I think what was actually used is:

 // FIRA CODE ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789!@#$%^&*()_+={}[]<>/?'";:~` object o; if (o is int i || (o is string s && int.TryParse(s, out i)) { /* use i */ } var x = 0xAB_DE_F; -> --> ==> != === !== && ||<=< </><tag> http://www.hanselman.com <=><!-- HTML Comment --> i++; #### ***
The underscores in the hex literal are not part of the font, which looks like it is confusing some people.

A couple of those lines are new C# 7 features (patterns and literals) that appear to have been partially lifted from this blog post: https://blogs.msdn.microsoft.com/dotnet/2017/03/09/new-featu...

I wrote a section on C# 7 for a new chapter in the upcoming second edition of my book from last year. There are loads of useful new features in C# 7 (and 6 if you're still on 5) and I thought I recognised those snippets.

17
kazinator 2 days ago 2 replies      
That www thing looks like shit. Just, no.
18
pitaj 2 days ago 0 replies      
I really like the ligatures in Iosevka ligatures when working with Javascript, especially with `=>` (which it turns into a fat arrow). It's not really that significant, but it's a nicety that enjoy.
19
dannysu 2 days ago 0 replies      
Oh, I didn't even know ligatures is a thing. Learned something.

When coding in Haskell, I used to use the vim-haskellConcealPlus [1] plugin for vim to swap chars being display into nicer unicode chars for various operations.

I'm no longer using it now because it wasn't monospaced and moving around lines was jarring.

If only there's a way to combine the benefits of the two. Monospaced font with ligatures seems to only work for operators that take the same amount of space as their ligature counterpart.

 [1]: https://github.com/enomsg/vim-haskellConcealPlus

20
seanmcdirmid 2 days ago 0 replies      
I really want someone to come out with a proportional font with programming-oriented ligatures; they make more sense with a proportional font because unusual "widths" are no longer a concern. I've foresworn monospaced fonts, but really like what they did in hasklig. I can get the same effect if I do my own editor (replace => with unicode ), but not with an off the shelf editor.

I tried to figure out how to hack open sans to do this, but the tool chain and steps needed to modify a font aren't well documented as far as I can tell.

21
whalesalad 2 days ago 0 replies      
Really looking forward to having this capability in Sublime Text. I really love Fira Code. It looks great in Emacs for Clojure development and is right at home with my powerline-esque ZSH theme.
22
brianberns 2 days ago 0 replies      
I tried some of these fonts in Visual Studio and quickly learned that any ligature that contains a hyphen (e.g. "->") doesn't work, due to a limitation in the Windows Presentation Framework. :(

https://github.com/tonsky/FiraCode/issues/259

23
gdwatson 2 days ago 0 replies      
One of the things I love about DejaVu Sans Mono is that it has a human-designed oblique version and doesn't rely on my editor to automatically distort the font. I'd love to try Fira Code, but what do the ligatures look like auto-slanted?

(Oblique and italic are both slanted styles of font; the difference is that a true italic has some cursive features and an oblique does not.)

24
Finbarr 2 days ago 1 reply      
Fira Code looks really nice. Shame Sublime Text doesn't support ligatures. Seems to be the most voted for idea for development: http://sublimetext.userecho.com/forums/1-general/
25
kps 2 days ago 2 replies      
It's $CURRENT_YEAR. Just let people write for already.
26
coaxial 2 days ago 1 reply      
I personally love hasklig. Iterm2 has it on the Mac, but I'm sol on Ubuntu.

Is there any good terminal app that supports ligatures? I tried konsole, but the font looked like it wasn't getting any anti-aliasing and was harder to read as a result.

I love terminator, but it doesn't support ligatures.

What do you use?

27
zitterbewegung 2 days ago 0 replies      
This is sort of off topic but every time I see a new font on anywhere I just try it out . At this point I think the fonts that I prefer are probably a set where they all fall into a global maxima of my utility .
28
KirinDave 2 days ago 1 reply      
I figured I'd leave this here: I rebuild Iosevka with the Haskell ligature mode on default. I use this for a lot of things (although recently it's gotten no use as I've been working in Emacs).

Since it's a bit of a process to rebuild Iosevka, I just bundled the artifacts: https://goo.gl/gsFm8P

(Please excuse the redirection, this got a LOT of downloads and I have a big azure credit so I hosted it there and youw ould not believe what a pain it is to host simple linkable files on Azure).

29
draw_down 2 days ago 2 replies      
It slightly alters the monospacing which would drive me batty when coding, but cool idea. Especially for displaying code like in a blog post or other non-interactive use.
30
bwidlar 2 days ago 0 replies      
My favorite, Luculent:http://eastfarthing.com/luculent
31
cbeley 2 days ago 0 replies      
While I've had people say I'm crazy, I don't think I could ever give up my current font I've been using for years now: https://github.com/belluzj/fantasque-sans . It's both readable and fun. Keeps me extra happy throughout the day. :)
32
Garet_Jax 2 days ago 0 replies      
The edges of the WWW symbol need to align with the old symbol if they are doing it right.

The && also breaks out of alignment. Alignment is the whole reason I am using mono-spaced fonts.

My history:IBM VGA (strange j, h, k, etc.),Courier,Bitstream Vera Sans,Lucida Sans Italics (only proportional font, but it looked great at the time),Consolas,Kids Play.

33
spdustin 2 days ago 0 replies      
If only Sublime Text supported fonts with ligatures I miss out on these amazing fonts!
34
jayshua 2 days ago 2 replies      
Ligatures are great, but I just love the cursive italics used by Operator Mono. Haven't justified the price to myself yet, but am considering it since I haven't been able to find any other fonts that do cursive italics.
35
ww520 2 days ago 1 reply      
I switched to Source Code Pro font couple years ago and never look back.

https://github.com/adobe-fonts/source-code-pro

36
hatsunearu 2 days ago 0 replies      
I don't like that --> has a continuous line. that gap in the middle gives me a very clear indication of how many -s there are in the arrow.
37
mcv 2 days ago 1 reply      
Can you have a ligature that displays a warning when you mix tabs and spaces? Because that would actually be useful.
38
sqeaky 2 days ago 0 replies      
I am glad -> was included, but why not ==. Isn't that a comparison operator in many languages?
39
taeric 2 days ago 0 replies      
Wait, since when were the different length dashes considered ligatures? Same for not equals.
40
zeveb 2 days ago 2 replies      
My only real concern is that it makes 0x123 look like 0123. Otherwise, pretty cool.
41
nijaru 2 days ago 1 reply      
What sort of application do people use to design fonts and add ligatures?
42
megamindbrian 2 days ago 0 replies      
I love this.
43
xyzxyz998 2 days ago 0 replies      
Crazy idea but i'd like to see a monospaced version of Comic Sans Neue. The proportional version is very well done.
27
How a Reddit forum has become a lifeline to opioid addicts in the US theguardian.com
284 points by urahara  4 days ago   368 comments top 20
1
gooseus 4 days ago 26 replies      
What I find fascinating and disappointing is how much the opioid crisis isn't being talked about or addressed proportional to other societal issues.

Billions of dollars of private research being poured into self-driving cars by our greatest minds and millions of dollars in lobbying against gun laws all in the name of preventing unnecessary human deaths... yet according to Ben Bernanke (and his references), opioid overdose killed more people in 2015 than automobile accidents and firearms related crimes combined [1].

I'm curious whether the disproportionate concern has more to do with the perception of drug addicts as weak and deserving of their fate or because they're not a group that can be profited from politically or commercially or is overdosing just not as easy to solve as gun crime or automobile deaths?

Personally, I find all those excuses to be sad and bullshit so I'm hoping it's something else entirely.

[1] https://www.brookings.edu/wp-content/uploads/2017/06/es_2017...

2
averagewall 4 days ago 5 replies      
In the HN-popular utopian future where automation has made most people unemployed and living on UBI, we're supposed to be able to pursue our dreams without the pressure to feed ourselves. But in reality, many people don't have dreams or the motivation to pursue them and end up as drug addicts/alcoholics/gangsters which is just easier.

I used to laugh at the idea that people need jobs to feel fulfilled. I thought those must be quite helpless people who can't even make their own hobbies. But from personal experience, I found that dreams are for young people and people with demanding jobs. They're a grass-is-greener fantasy when they're out of reach but deteriorate into boring unrewarding work when you actually do them. Working for a company is especially fulfilling because you more productive than you can be on your own. You feel more useful. You feel important and needed.

So I think the idea of widespread happy unemployment isn't going to work. It might still happen but I think it'll be a tragedy, not a paradise unless we can find something else that takes the place of work.

3
VonGuard 4 days ago 3 replies      
I am almost ashamed to admit I have read these forums for years as a sort of exercise in voyeuristic schadenfreude. I just love reading about drug culture, watching drug movies, etc. Just like I love gangster movies. I can't explain it. A few things I have learned:

/r/glassine is probably the most interesting. They rate heroin bags in the Pittsburg area. It's supposed to be for everywhere, but it's mostly Pennsylvania

/r/opiates is a place where addicts confide in each other and practice harm reduction. They do not source. They tell hilarious, sad, amazing stories. Lots of personal confessions and "whole life of an addict" style narratives. Overall, a good community for addicts to find a safe space, instead of a place that hounds them for not being in recovery.

/r/stims is where the meth heads hang out. Occasionally you get these great "I'm on meth and here's everything in my mind right now" text barfs, but mostly I feel like this is an empty sub

/r/researchchemicals is where people discuss Shulgin chemicals and beyond.

/r/drugnerds is amazing. Papers. Lots of them.

/r/drugporn is where people post photos of their drugs, and then a week later the picture is taken down because Missoula Police saw it and arrested them through the GPS sig in the photo.

/r/noids is where people discuss synthetic cannabinoids, which are horrible. Never use these.

The rabbit hole goes very, very deep. Check /r/DarkNetMarkets/

4
mherdeg 4 days ago 2 replies      
Not covered in this Guardian article: the somewhat scarier /r/opiaterollcall (recently banned) and /r/cripplingalcoholism (not scary, just a discussion forum).

I have been consuming reddit via the https://www.reddit.com/r/all/gilded/ feed and it is just WILD what kind of weird and worrying stuff is going on.

5
Animats 4 days ago 3 replies      
Around my area, I believe a lot of people use [opioids] out of boredom. Theres no jobs, no way to have fun besides video games and riding four-wheelers and motorcycles. Theres nowhere to go except a run-down mall over in another county.

Sizable numbers of people get into opiates out of boredom? I thought this was driven by people with chronic pain.

6
unionjack22 4 days ago 4 replies      
I can't recall a similar degree of concern and push for treatment during the crack/cocaine epidemic in the 80-90's and the meth epidemic of the 00's. What is it about the opioid/heroin epidemic that differentiates it from those prior?
7
socrates1998 4 days ago 0 replies      
I wonder if marijuana legalization is inversely correlate with this issue? As in, the areas that have legalized marijuana have seen a drop in opiates?
8
virtuexru 4 days ago 0 replies      
The fact that fentanyl (which is 100x more powerful than morphine) is so readily available/mixed with common drugs across the United States is excruciatingly horrifying.
9
RealityNow 4 days ago 1 reply      
What is the solution to this opioid epidemic?

As an outsider not well-versed in this topic, my guess is that the root cause here is hopelessness, struggle, and boredom caused by poverty and unemployment.

The solution then would be to employ people and give them a sense of purpose, or at least get them out of poverty.

I'm a huge proponent of a universal basic income (UBI), though I'm not sure that a UBI would fix this problem. Thus it seems as if some sort of government jobs program may be necessary. Giving people meaningful well-paying jobs in science and technology would do wonders in getting people off these ridiculous addictions.

10
ryfm 4 days ago 1 reply      
i stopped smoking thanks to r/stopsmoking. 500 days and going strong.
11
abrkn 4 days ago 0 replies      
In other news, Hansa Market, a Dark Web Marketplace, Bans the Sale of Fentanyl[1]

[1] https://www.nytimes.com/2017/07/18/business/dealbook/hansa-m...

12
OscarTheGrinch 4 days ago 1 reply      
r/stopdrinking is also a very supportive community.
13
naiveattack 4 days ago 0 replies      
TED: Everything you think you know about addiction is wrong

https://www.ted.com/talks/johann_hari_everything_you_think_y...

14
corndoge 4 days ago 1 reply      
There are tons more of these forums and Reddit is probably the least trafficked out of all those I know about.
15
nickeleres 4 days ago 0 replies      
I just scoured that sub for 30 minutes and all I saw was people bragging out their pills, showing off their heorin, and fantasizing about using Fentanyl....
16
rhcom2 4 days ago 0 replies      
/r/darknetmarkets was a really interesting place after the Alphabay shutdown too. A lot of opioid addicts very scared about their supply and withdrawal symptoms.
17
fapjacks 4 days ago 2 replies      
Kratom saves lives.
18
unabridged 4 days ago 5 replies      
>The obvious counter-argument is silencing them strengthens their argument and makes them a martyr. I don't buy that argument at all, it's far more dangerous to allow them to indoctrinate and appeal to all the fringe disenfranchised youth which they've become frighteningly effective at. In any case it's clear reddit can be used for good like in this article, I'm just not so sure it's a net positive to society as another poster argued.

This is the road to censorship, burning books, and confiscating servers. Some people are fine with censorship, because they imagine people who think like them as the censors.

You can only fight ideas with better ideas. Kicking them out and silencing them, says to them you can't compete. You can't offer them an argument as to why they should tolerate foreigners, other races, etc. It seems obvious to you now, but the ideals of tolerance and equality took years and years of discourse to dominate public consciousness.

19
icpmacdo 4 days ago 7 replies      
I think Reddit is interestingly a net social positive. For all the bad things that come out of it you can often see users helping others in a pretty significant way.
20
tigershark 4 days ago 4 replies      
If you ask me I'd rather spend money to save a child killed by a car, financing self driving cars, than waste money trying to save people that don't want to be saved and that, even after being revived tens of times, continue to abuse drugs until their death, as per the other thread last week.
28
Announcing Rust 1.19 rust-lang.org
315 points by steveklabnik  3 days ago   79 comments top 5
1
Cieplak 3 days ago 1 reply      
Great running into you at Shizen @steveklabnik!

Just started using Rust in a serious capacity this month to secure some C++ functions that are called by our Erlang apps, with great assistance from Rustler [1]. Several people have complained to me about the decision to remove async IO from Rust, but I'm really grateful that it happened, because it lets Rust focus on being the best at what it is. Erlang's concurrency primitives and Rust's performance & security are a match made in heaven.

[1] https://github.com/hansihe/rustler

2
JoshTriplett 3 days ago 2 replies      
Incredibly excited to see unions available in stable Rust now!

The release notes mention my RFC, but a huge thanks also to Vadim Petrochenkov for the implementation, and all the myriad RFC contributors.

3
static_noise 3 days ago 7 replies      
One thing that recently surprised me is that Rust lacks default values and named arguments for functions.

Some consider it a counterpattern or bad memory to be able to not fill out all parameters or reference them by name. However some interfaces easily require like 50 different function parameters that cannot be removed in a simple way and they all make sense in different configurations. Without default values and named parameters you're lost there. I don't get this design decision on Rust side at all.

4
jmull 3 days ago 6 replies      
Hm. I'm not sure about the addition of unions. Why add something that is unsafe to read or write? You need an additional mechanism to let you know which type it is OK to access.

They mention the case where the type can be distinguished by the lest significant bit, but wouldn't it be better to handle that case as an enum? That is, the least significant bits define the enum tag, while the remaining bits define the associated value.

(By the way, I really mean this as a straight question, not a criticism in the form of a rhetorical question. I really don't know enough about it to be criticizing it.)

5
ofek 3 days ago 4 replies      
Wow, a break yielding a value from within a loop is awesome! Do any other langs have that?
29
Show HN: Cinc GitHub for recipes cinc.kitchen
360 points by keithasaurus  5 days ago   152 comments top 60
1
bruce_one 5 days ago 3 replies      
I'm a huge fan of the fact this does weight conversions (cooking by weight is now my favourite, and I've been looking for a site that is just weights, so this looks like a win to me :-) ).

One note I'd make, though, is that US, UK and Australian cups are all different sizes. (and possibly others?)

And from the one recipe I saw it looks like you're using UK cups? But, possibly not as well... Either way, it might be worth calling that out, or allowing for cup-type specification similar to how you do for weights?

Somewhat related, some sites call out egg weights too, and that might be something to try and do here too? (Because, if nothing else, egg weights are often written on the carton which acts as a guide; even if people don't actually weigh them.)

Another thought, again... Some kind of showcasing? A la Github's explore, or even "awesome" pages? I might be off, but to me discovery is really important for recipes and I love browsing "cookies" or "desserts in a hurry" or similar; and pages akin to that with community curation could be nice?

Hmm, another random idea... Some kind of more granular forking to facilitate things like "do you have a stand mixer?" and that kind of distinction? (Coupled with "equipment switches" maybe?) In the past I've done recipes that required something I didn't have, and I've had to tweak fairly aggressively to make it work, but when/if it did work, maybe adding that feedback into the recipe would be valuable? e.g. user ticks "don't have a dehydrator", and recipe tweaks to "use your oven and set it low", etc.

Anyway... It looks awesome! Keep doing what you're doing, and I'll use it :-) Just some random thoughts that came to mind :-)

2
NickBusey 5 days ago 5 replies      
This looks promising and fairly well done, but it's lacking a few critical features IMO. The first obvious one is a way to Diff a recipe and it's Forks (unless I missed that).

The harder and maybe more important one, is an issue that GitHub itself still hasn't figured out how to solve either. There should be a process for a fork of a recipe being able to explain why it is better than the original, and have the fork be able to be voted on so that the 'best' fork as voted by the most users becomes the canonical 'Chicken Noodle Soup' recipe, or at least display the forks on main recipe ranked by popularity.

3
Jaepa 5 days ago 3 replies      
The idea for this has been around for a for a while. http://forkthecookbook.com/ goes back to 2012.

And its an interesting idea. Recipes can't be copyrighted and and recipes are generally derivative. The data is generally well structured, and fairly standardized (ingredients, equipment, instructions, photo, with optional fields for prep & cook time, servings, notes, difficulty, etc). But there are two primary issues:

1. Recipes don't really have a single inheritance. For example, I cook a lot & really enjoying cooking, but when I'm trying to make something new, I won't follow a recipe. I will read a bunch recipes, and try to understand the underlying ideas & steal the ones I think are interesting, then implement my own. So say I look up Tufo Matar find 3 recipes the make my own, if I want to contribute which recipe do I fork?

2. This may have been dealt with by the use of stars. when I was using forkthecookbook, there was no way of "bookmarking" recipes and the so users forked them, which lead to the results having huge number of identical forks. That being said it seems like the star system may resolve that. But currently it looks as though unmodified copies of the recipes still appear in the Forks list, which makes it harder to find benifical changes. Also it would be nice to have a history section with a message summarizing what changed.

All that said this does look nice.

Additionally, a nice feature to have would be to "import" a recipe, though since phrasing of a recipe is protected this gets a little bit legally complicated.

4
zdrummond 5 days ago 4 replies      
Nice!

It is clear you put a lot of care into this, and I am sure there is a bucket full of features you want to get to, but I have a big request.

What I really want is one step beyond a place to store recipes. I want a meal planning site! I want to create a pool of recipes that we like, and plug in how often this week we will eat at home. Then outcomes a grocery list and a plan for each day. Maybe it even sees what we have liked, and suggested new recipes to add to the pool.

I am this close to pulling the trigger on PlateJoy, but my biggest hurdle is I can't add recipes I _know_ we like to their list of experimental (to us) meals.

Really, I don't mind/enjoy cooking, but never seem to carve the time out to plan an entire family of four's meals a week in advance.

5
xyclos 5 days ago 1 reply      
Should have the fork icon be an actual fork rather than the github icon.
6
keithasaurus 5 days ago 2 replies      
If anyone wants to know the stack it's Django/Postgres on the backend, and an Elm SPA frontend. All data goes through an undocumented REST API.
7
justboxing 5 days ago 1 reply      
This looks great! Congrats on shipping!!

I like that you have a scaling feature. => https://www.cinc.kitchen/info/features

I know this may be too much to ask, but if you are taking requests, some basic nutritional info (ex: Protein content, avg. calories) might make it even more awesome for those of us tracking daily calories, protein (for atheletes etc). I understand things like sodium, fat might vary depending on how much salt or oil the person cooking the recipe uses, so maybe this might not be feasible to implement...

8
roryisok 5 days ago 1 reply      
I love this, signed up straight away. I've also recently discovered cookingforengineers.com and I love their card recipe system. it would be so cool if you could add something similar - I hate the traditional model of recipes, I always have to read and re-read them several times.

I'm not sure how you would go about adding this though, its quite different from the structure you have already

9
mch82 5 days ago 0 replies      
Maybe a button to order the ingredients from Amazon or similar?

Edit: And maybe a shopping basket in case someone wants to order ingredients from a few recipes.

Edit (again): And don't forget about letting people order the equipment too.

10
acalderaro 5 days ago 2 replies      
Someone correct me if I'm wrong, but should the "What's the name mean" in the about section be "What does the name mean?" or "Whats the name mean?"

The first is "proper" the second is colloquial. At least that's what I thought.

11
jordanwallwork 5 days ago 1 reply      
I went for a pretty ambitious test recipe (Heston Blumenthal's Egg in Verjus, Verjus in Egg), unfortunately I'm not able to save it - it's complaining that one of my ingredients is an invalid weight - 3.3 grams Gellan F. If I remove it then it complains about the ingredient before it, so I'm wondering if there's an ingredient limit? It's at about the 40th listed ingredient. It took me ages to input everything so I do hope I'm able to save it!

The recipe entry experience was great though, some small details that I think would improve things even further:

- Esc should clear the 'text entry' modal, I kept clicking this by accident when wanting to add a new section heading and it was a nuisance having to click the 'close' link

- '+ Ingredient section' should replace last ingredient row if blank

- Would be nice to have section headings (similar to 'ingredient sections' for recipe methods) to break up recipes with multiple discrete sections - Hard to find errors in long recipe. Could be more prominant, or add a 'jump to next error' button?

12
AAAton 5 days ago 6 replies      
neat idea!

A weird piece of feedback: Something about the UI gives me a substantial feeling of loneliness.

13
gyrocode 5 days ago 1 reply      
Interesting idea... Phrase "fork a recipe" just got a new meaning.
14
omnimus 5 days ago 0 replies      
Is it open-source project? Are you looking for contributions? I am passionate cook - designer - frontenddev. I struggle with recipe sites and where to save mines. If this was somehow libre and had future i might want to contribute.
15
DerfNet 5 days ago 1 reply      
this is a great idea. How many times have you looked at reviews on recipes.com or whatever and the first 10 include a half dozen substitutions, basically making a different end product entirely? each of those reviews could instead be a fork. awesome!
16
LostCharacter 5 days ago 1 reply      
Nice site! I look forward to using it in the future. One thing - when using lastpass to generate a password, it fails to fill the first password and only fills the "repeat" portion. Likewise, it fails to fill the username field for login.
17
yellowapple 5 days ago 1 reply      
So I'm trying to submit my cheesy toast recipe as a test. Unfortunately, I can't:

- "1 slice" (of bread) is not a valid quantity

- "to taste" (of black pepper) is not a valid quantity

Oh well. I guess I won't be using this then, at least not yet.

18
trwhite 5 days ago 0 replies      
Nice idea. You should get Schema Json (http://schema.org/) on this so the recipes can be crawled properly.
19
overcast 5 days ago 1 reply      
Looks like a more complex version of what I had created with imadefood over a year ago. Similar features, with the branching, etc. I've been working on an iteration into a slightly different direction. As it didn't pick up any steam. Good luck :)

As others have stated below, forkthecookbook, forkingrecipes, and also recipelabs. All do basically the same thing. I just don't think there is enough market for it. Certainly was a fun little project though!

https://news.ycombinator.com/item?id=10853665

20
fanpuns 5 days ago 0 replies      
Nice project, I like the format of entering new recipes. I think you will get good uptake even from users who don't know what GH is :)

Is this project open source or does it plan to be at some point? I've looked at some of the other projects out there that are similar, but many seem to die based on the founder running out of steam or getting busy with other stuff. I would really be interested in contributing to this or a a similar project if anyone has a suggestion for one that is open.

21
whatnotests 5 days ago 1 reply      
AMAZING idea.

Please allow me to G+ connect or facebook connect, b/c I don't want to have yet another password to remember, and I'd like to (maybe?) share some activity on Cinc with my FB peeps.

Just a thought.

22
jstoja 5 days ago 0 replies      
I really like it. I often look for a receipe with many likes online and have to read dozens of comments to adjust it...

For example the receipe of some cake where nearly all commenters advise to put 1/4 of the sugar advised. If you don't read the comment, chances are that even with a recipe approved by many people it tastes like shit.

I really hope this will grow and success!

23
azeirah 5 days ago 0 replies      
Please pay someone to add a few thousand recipes, and please keep working on this for a few years. This can be huge.
24
joepour 5 days ago 0 replies      
This is really cool, congratulations on shipping!

Have you thought about simplifying the UI by changing "Forks" to something like "Twists" or Takes (as in 'my twist on' or 'my take on').

We all understand what I fork is but the average user will likely get confused, and not just because a fork is a kitchen utensil!

25
bruth 5 days ago 1 reply      
Wow! My friend and I had this idea years ago.. possibly pre-GitHub. I am glad someone finally made it! Well done. My particular interest was seeing how a recipe deviates from the original.. a recipe graph of sorts. That would a fun way to visually explore and find related recipes that are similar in ingredients.
26
taherchhabra 5 days ago 1 reply      
Is there a way to compare how it actually tastes? , These days I am baking cakes by watching recipes on youtube, the texture always comes correct and I use exact weights as described but the taste is somewhat lacking.It would be good if we can give reference to a local cakeshop for its similarity to the recipie
27
jdjdjdhjehd 3 days ago 0 replies      
Why does your terms of service mention a web development agency?
28
melicerte 5 days ago 0 replies      
Nice idea. Just that code is a universal language, english is not. Is there any way to handle multiple languages for a same recipe outside of forking? forking is one way to adresse this issue but there would not be any other value to the fork than translating a recipe.

Just asking

29
markdown 5 days ago 0 replies      
Viewing source made me sad. One would think that recipes of all things would survive the appification of the web.
30
x0 5 days ago 1 reply      
Is there a way to do pull requests? I'd like to go through and convert a few people's F to C.
31
tylerdurrett 5 days ago 0 replies      
Next step: npm cook spaghetti-and-meatballs

In all seriousness though, definitely looking forward to a public API. Great work!

32
joshumax 5 days ago 0 replies      
I started a teensy bit of work on something sorta like this a while ago: https://github.com/joshumax/git-cooking

Glad to see somebody actually brought a similar idea to fruition :)

33
jerrysievert 5 days ago 1 reply      
might I ask that recipes be presented in h-recipe format? (http://microformats.org/wiki/h-recipe) it's simple to do, and works really well.
34
midgetjones 5 days ago 0 replies      
I think this is a brilliant idea, but I wonder if the terminology should be changed? I think the concept of saving a copy of a recipe, then editing it would come much more naturally to the 99% of people who have never heard of github.
35
qrv3w 5 days ago 0 replies      
This is cool!

A couple weeks ago I was looking for a way to find similar recipes (forked recipes, in a way) and I ended up making my homebaked solution. [1]

[1] https://timetomakefood.com/find

36
enobrev 5 days ago 0 replies      
I've been wanting to try this for a while. This looks great! Nice to see some excellent suggestions in this thread as well, that I definitely never thought of. I hope this is successful, as I'm a huge fan of the idea.
37
INTPenis 5 days ago 0 replies      
But it's not really like github for recipes until you solve the url interface.

I should be able to go to a user and their recipes with the same ease as on github. Having unique IDs for recipes exposed in the URL isn't really necessary.

38
amadeusw 5 days ago 1 reply      
Looks great! I'm inclined to host my recipes there.

But before I do that, what is the future for this site?

* Do you monetize by getting a cut from the shopping cart? * Will I be able to easily download my data in the future, like I do with git repositories?

39
52-6F-62 5 days ago 2 replies      
This is a great idea!

My one criticism right off the bat is the name --the pronunciation isn't immediately obvious. ("Sink?", "Kink?", "Kins?", "Since?")

Then again, I don't know if that's just me...

40
julee04 5 days ago 1 reply      
this is a crazy fast site! can you share what you are using to host and serve it?
41
TekMol 5 days ago 0 replies      
Interesting project, well executed!

Are you storing the recipes in Git repos or in the Postgres DB?

If in Postgres, what is the format? Do you put each receipe in a single JSON field? If not, what does the data structure look like?

42
rkuykendall-com 5 days ago 0 replies      
Love it!

Would be most useful to me with calorie support. I see some users are hacking it by adding it to the title or in the notes. That should be a strong hint.

43
zitterbewegung 5 days ago 1 reply      
I'm working on a project and having a API for recipes would be great. I see there is a mention on your ToS but I don't see where you could access it?
44
kbanman 5 days ago 0 replies      
Very well done!

I had started on a similar idea a while back, but never got around to it. Even have a cute domain for it (pifork.com) in case you're interested :)

45
damerms 5 days ago 1 reply      
46
linopolus 5 days ago 0 replies      
Another site totally unusable without JS enabled, where it could be just used to add dynamics to otherwise nicely generated HTML..
47
Toast_ 5 days ago 1 reply      
Looks good. I think you should also consider adding the "keto" diet on there as well. Maybe meals < 10 net grams of carbs?
48
thearn4 5 days ago 1 reply      
An analog to Travis CI for this would be interesting and delicious.

An analog to Docker images would be something like Blue Apron or Hellofresh I guess.

49
rcpt 5 days ago 2 replies      
"guthub"
50
yousifa 4 days ago 0 replies      
Would like to pm you. Can you please put your contact info in your profile or email me (in my profile)
51
amelius 5 days ago 2 replies      
> Chicken Alfredo Pasta with Sweet Potato Noodles (480 Calories per Serving)

You probably mean 480 kilo calories.

52
macygray 5 days ago 0 replies      
I have a feature request: add diffs and ability to show who have starred and who have forked your recipe
53
dgfgfdagasdfgfa 5 days ago 0 replies      
Looks good!

The mix of Sans-Serif and Serif is a little weird.

54
joombaga 5 days ago 1 reply      
How are you doing volume to weight conversions? Do you have a big table of weights-by-volume for different ingredients?
55
boromi 5 days ago 1 reply      
Does this not support issues and comments? If not those would be welcome additions.
56
kwhitefoot 4 days ago 0 replies      
Minus marks for blank window if JS is disabled.
57
williamle8300 4 days ago 1 reply      
Are sign-ups disabled? Not getting my confirmation email
58
m3kw9 5 days ago 0 replies      
I was sold on Forking, I'm sure no pun intended
59
livas 5 days ago 0 replies      
this is a pretty cool thing. just maybe they can change that design. Anyway, i like that.
60
k__ 5 days ago 0 replies      
Seeing metric units written out feels kinda odd.

Otherwise very nice idea :)

30
Say Goodbye to Spain's Three-Hour Lunch Break citylab.com
257 points by danso  4 days ago   224 comments top 28
1
mcjiggerlog 4 days ago 10 replies      
Literally nobody here takes 3 hour lunch breaks. A lot of offices have 2 hours, yeah, but this is becoming less and less common regardless. Small shops do close for 3 hours in the middle of the day, but they are open till about 9pm which is a lot more useful than being open in the middle of the day. It also should be noted that there are actually 5 meals in a spaniard's day. There's a mid-morning and late-afternoon snack, which is the actual reason for the "late" lunch and dinners.

Also, all changing the timezone would do is give us useless light early in the morning and less light in the evening to go out and play sports, hang out in the park etc. People would still eat at the same time regardless. It gets dark at 6pm in the winter and 10pm in the summer. It's not exactly crazy.

2
professorTuring 4 days ago 2 replies      
I'm from Spain and this article does not represent Spain. Let me expand on this.

The typical workday in Spain (no matter if you are a worker or in an office) goes from 7:00/9:00 to 15:00/18:00. This is usually a 8 hours work day (a lot of unpaid extra hours are quite typical in any IT job).

Usually there are two stops before lucnh, one at the beginning of the day, usually 15 minutes to have a coffee with coworkers and another one of 15-20 minutes at midday (11:00/12:00) to have a piece of fruit or just another coffee.

At lunch there are two options, the ones that leave job at 15:00 usually eat at 15:30 - 16:00 (quite late but quite common), the rest takes an hour to have lunch (usually two dishes and dessert [a bit too much I admit]) and they are allowed to leave normally when they make 8 hours at work.

There are a lot of flexibility if you are not public facing so you can play a bit with the arriving/living time (usually you are allowed to arrive up to 10:00 in the morning).

Only people who lives really close to home (up to 10/15 minutes) goes there to have lunch with their family and they usually also take a power nap of 15 minutes more or less.

Spanish siesta is for Fridays and holidays.

3
jorgemf 4 days ago 5 replies      
This is a non-sense of article as other spaniards have commented. The only companies that close 3 hours in the middle of the day are the shops, usually small shops. They do it because for long part of the year no one goes to the street from 2pm to 5pm, because it is so fucking hot. So instead, our culture close the shops at those times but keep them opens until 9pm or later. It is very common to see shops full of people from 7pm to 9pm.

Some offices have 2 hours lunch break, which I also find non-sense. But 1 hour is usually not enough for us for lunch, we don't eat sandwiches, we are used to do a proper meal with 2 dishes, dessert and coffee.

We also eat quite late, around 2pm or 3pm, but that is mostly because our time doesn't match the Solar time. We should have 1,5 hour less in our clocks. Which makes we really eat at 12:30-1pm of sun time. That is what most countries do as well.

We do take naps, only in summer on our holidays. Usually from 3pm to 5pm, because as I said, it is so fucking hot in summer at those hours. But any foreign who is here in summer does the same (actually probably more % of foreigns take naps than spaniash). People who also have an intense 8hours day job from 7am to 3pm they also take naps, because they wake up quite early and the social life starts at 6-7pm.

Bonus: we don't add chorizo to the paella. The chorizo is mostly for the bbq

4
franciscop 3 days ago 4 replies      
I am sorry but this is totally backwards. As a Valencian Spaniard I want to set the record straight.

First, siesta is not dead. However, it is considered mostly a holiday luxury or reserved for small shops. It is normal in the extremely hot summer, after lunch we stop for 1h or so. While I do not do siesta, I would say about half+ of the people I know do it (holiday times). I would also say it is highly coupled with the summer heat wave though, in winter not so many people do it.

Then, late lunch. First off, Spain is actually in the "wrong" time zone. We are at the same longitude as UK but it's 1 hour later here. What this means in practical terms is that when it's 2pm here, it is in 1pm relative to the light-time/circadian clock.

However that still does not totally explain the really late lunches. The main reason for that is that we have "almuerzo" at around ~11am (note: the word "almuerzo" in some zones in Spain is "lunch", and in some others it's a mid-morning snack, or second breakfast as I like to call it. I mean here the mid-morning snack). It depends on the job, on the person and on many things, but it's not uncommon that it consists of a mid-sized sandwich of Spanish bread. This [random] image is a quite accurate picture of the places where almuerzo is had and on the type of almuerzo we eat: http://cdn.traveler.es/uploads/images/thumbs/es/trav/2/s/201...

So as you can see, we have a different, important course around 10:30-11:30 that makes us not remain hungry until lunch. Some people prefer lighter snacks of course. Also, breakfast is normally light as we don't have to worry about hunger since we have our almuerzo later on. Normally you'd combine breakfast and almuerzo; if you have too much breakfast then you have a light almuerzo or nothing at all, and the same otherwise.

5
jordigh 4 days ago 1 reply      
This is also part of Mexican culture, sort of. In Mexico City, we would break for lunch around 13:00-14:00 and just take our sweet time, no pressure at all to go back into the office. The workday would end around 18:00-19:00. I think this has its pro and contra, you get a nice big break in the middle of the day, time to enjoy your meal, but also you end up staying in the office way too late. Commute times of one hour are not unusual in Mexico City either, so your whole day is basically gone on the job.

Note that eating schedules may also be different from the Anglosphere. It took me a while to get used to a light meal around noon and a heavy meal around 17:00, which seems more common in the US and Canada. In Mexico the big meal of the day is around 14:00 and you might have a lighter meal, almost a snack, around 21:00 before bed.

Going home for lunch to eat with your family is a bit of an old-fashioned custom in Mexico, but I hear some people still do it. None of my coworkers in the tech sector did, though. We were all mostly young too.

6
untog 4 days ago 6 replies      
Hardly surprising, and probably positive for many Spaniards, but it still makes me a little sad that every country is converging on a very similar way of working.

Globalisation makes it inevitable, of course, but does Monday-Friday, 9-5 really make sense? Why not 8-6 Monday-Thursday with a three day weekend? We developers are often lucky that we can dictate our own hours and experiment with this, but I'd be fascinated to see an entire nation adapt to it and see the effects.

7
readhn 4 days ago 12 replies      
In the startup arena im in (USA) folks often work 8-9am till 7-8pm with half hour to hour MAX lunches.

No one complains, people just burnout and move on in 1-2-3 years. No one gets overtime. It would be nice to have an open discussion with HR or whoever but its a sensitive topic, in this culture you are not "allowed" to tell how much you actually work...

I guess its a "dirty little secret" but 9-5 does not exist anymore (honestly probably never did, at least in my field).

8
logronoide 3 days ago 1 reply      
Spaniard here; this is absolutely not true. 3 hour lunch breaks it's a myth. May be shops in small towns and villages.

One hour break for lunch is the norm. May be two, but it's not very common.

There is an exception here: in summertime, a lot of companies reduce the working hours from 8 to 7 hours. They start at 8am and leave at 3pm. The sum of these hours must be distributed along the rest of the days of the year. So you work 7 hours in summer, and 8 and half the rest of the year. This summertime schedule comes from the days when Air conditioning systems did not exist, and literally working in Spain in the afternoon is impossible.

It's really funny to read about Spanish topics from a poorly informed journalist...

9
scruti 4 days ago 3 replies      
I lost the count of times that I had to explain here in UK than we Spaniards don't go home to take a nap every day at lunch time.

Nowadays this 3 hours break mainly affect the small shops instead of offices/big companies.

And, being honest, was quite useful since shops closing at 8 pm allow people doing their shopping chores when leaving the office/school/uni...

Edit: My English... U_U'

10
maxxxxx 4 days ago 1 reply      
This makes sense. In the village I grew up at a lot of people walked home over lunch and came back to work two hours later. This was great but with commutes it doesn't make sense.
11
pc2g4d 3 days ago 0 replies      
I spent a month in Salamanca and fell in love with the siesta. In that fairly small town it seemed the traditional siesta rhythm was in full swing. We'd go home in the afternoon, eat a delicious lunch, take a nap, and then head back. This was only possible because home was a pretty short walk away. I found this fit with my natural night-owl tendencies and I've always wished something similar could work in the United States. Unfortunately, when your workplace is 20+ minutes from home it makes absolutely no sense. Another thing lost to modernity.
12
menor 3 days ago 0 replies      
Another spaniard here, reading the article you get the impression that Spain is some kind of dictatorial country, where the government dictates which times you are allowed to work. It is not, companies have freedom to choose, unless you work for the public administration (where I lived, they work 8 to 15).

BTW I live in Germany now and still do a daily 30 mins siesta after lunch.

13
dispo001 4 days ago 0 replies      
It depends on the type of work but in general it seems the most fun to have more flexibility.

In stead of starting at 6:00 one could start between 5:00 and 7:00. Then have a break between 11:00 and 13:00 for 30 min or 3 hours, whatever the fuck you want.

This is of course assuming we would allow people to enjoy life (An Utopian idea most people would fight against)

14
spaniard_dev 3 days ago 0 replies      
This article is full of bullshit, prejudgements and false facts. There is probably one nap bar in the whole Spain and he had to add it to the article.
15
santialbo 4 days ago 2 replies      
Just a note: These working hours happen just in retail.
16
coldtea 3 days ago 0 replies      
>What remained is a highly distinctive national timetable not found in any other European country, where it has often been read as a peculiarly exotic form of madness

First, of all, there's nothing "mad" about it. As if the 9-5 (or 9-8) schedule religiously held everywhere, and first created for factory workers, is "rational".

>After starting work between 8 and 9 a.m., hungry workers hold out for a lunch break scheduled as late as 1:30 or 2:30. As if in compensation for this long wait

Nothing particularly strange about this either. In lots of counties people eat lunch later, or much later, than 12:00, and dinner much later than 7-8. Usually it has to do with hotter climates (which Spain, Greece, Mexico, Argentina, Middle Eastern countries, etc qualify for) and longer, sunnier, days.

>Most stores and many businesses close down until the late afternoon, before a final burst of office hours between 5:30 and 8 (or sometimes 4 to 7). Spaniards then head home at an hour when most people in other countries are cleaning up their dinner dishes, rarely getting food on the table any earlier than 10 p.m. This pushes bedtime past midnight for many.*

And that's a problem because?

17
rodolphoarruda 3 days ago 0 replies      
I had a concall 2 days ago with a Spaniard from Madrid. They are leaving the office by 3pm now in summer time. That means a lot of daylight time to do whatever else you want.
18
gadders 3 days ago 1 reply      
I remember going to work in the small Madrid office of a private large bank in 20 or so years ago.

Being keen, I turned up at 8.30am and then waited for an hour for someone to arrive. The office was then closed and everyone turfed out from 12pm-2pm, but the working day didn't finish until around 7pm.

19
geodel 3 days ago 0 replies      
I have seen same thing in India. In small towns most of the markets will close down for few hrs in afternoon. In summers to avoid heat and in winter to sit in sun. Again with globalization I think this is going away in India too.
20
Oletros 3 days ago 0 replies      
What a shitty article, it is not even for Spain, it is a new initiative from Catalan government to rationalize the daily schedule for their inhabitants.

Catalonia is an region of Spain.

21
clock_tower 3 days ago 0 replies      
"Lunch break" sounds like it's paid or semi-paid; it seems a bit deceptive here. It sounds from the article like the Spanish are putting in 8-hour days, but interrupting them in the afternoon, so that instead of working 9 to 6 they work 9 to 8 or 9 to 9. Thus the streets busy until midnight, for example; this is a case of different scheduling, not lazy southerners.
22
sengork 3 days ago 0 replies      
I wonder how many of those important business decisions/discussions are made during the lunch breaks.
23
duxup 4 days ago 1 reply      
With lunch breaks like that... what do parents do? Go see their kids, because if not when do they see them on workdays?
24
scalesolved 3 days ago 0 replies      
I've worked for two different tech companies in Barcelona, neither had lunch breaks longer than an hour.

When I moved from the UK I was shocked that 9-5 was not the norm, in both places the schedule was more 9-7 with the same amount of lunch time as in the UK and far more pressure to stay on later than 7.

25
pvaldes 3 days ago 0 replies      
I wonder why some foreigners seem to be unable to grasp the simple concept of different climates...

I have a 1 hour lunch break, and nobody take 'siestas' in my city regularly.

26
snvzz 3 days ago 0 replies      
Title says Spain, but it really is about Catalonia.
27
erikb 3 days ago 0 replies      
Goodbye.
28
faragon 3 days ago 2 replies      
That's separatist propaganda: Catalonia, a Spanish region where separatists are ruling and expect to do a referendum against the rule of law in October so the region can exit Spain and the European Union and be "free", is "better" than the "lazy Spain". Rationale: in Spain there is no such thing as generalized three-hour lunch break. In fact, most industries have short lunch pause (e.g. 7 to 15:30h), and most offices take just one hour (e.g. 9 to 18h). That's only true for shops (e.g. 9:30..13:30h and 17..21h), and that's how shops work almost everywhere, not a specific thing of Spain.

I forgot to add that Catalans, myself included, have a lot to learn from other Spanish regions: e.g. in Madrid there is commercial freedom, so shops can chose when they can open, without the permission of the feudal^W local government.

       cached 24 July 2017 15:11:01 GMT