hacker news with inline top comments    .. more ..    28 Jul 2017 Best
home   ask   best   2 years ago   
We will stop updating and distributing the Flash Player at the end of 2020 adobe.com
1206 points by mintplant  2 days ago   481 comments top 78
amitt 2 days ago 13 replies      
End of an era.

We built the FarmVille-engine using AS3 and I still think it's one of the best programming languages I've ever used. Static typing, access modifiers, and performant. Low friction for new users (most people had the plugin, we could stream the main binary and assets)

0% chance we could have built the game using any other client-side tech stack available at the time.

methodover 2 days ago 21 replies      
I say this every time someone brings up Flash's failure, but ... It's a tragic failure on Adobe's part. The tools for 2D animations and games in Flash are far beyond anything else out there from a creative standpoint. There isn't a product on the market that comes even close. Everything now is too technical, too specialized.

There are lots and lots of artists and developers out there who learned Flash's toolset and got good at it -- and now all that knowledge is useless. And there aren't even better tools to replace it.

It could have been different. Too bad they let it fail.

sashk 2 days ago 3 replies      
Flash will die 10 years after this -- https://www.apple.com/hotnews/thoughts-on-flash/
baby 2 days ago 6 replies      
This makes me sad.

The internet used to be less "flat". Every website was interactive, animated, had sound, had dimensions to it. Everything was a theme park. Maybe you had to learn a new UI every time but I was amazed a lot back then.

I learned a lot of programming with Action Script, it wasn't the best, but it was easy to get into.

I did my fare share of animating, just because it was so easy to get into. Xiaoxiao was just amazing to me (https://www.youtube.com/watch?v=hw4wzwYeZ0Y).

I did my fair share of games as well, there were so many of them and publishing a game on internet had never been so easy. Orisinal is beautiful (http://www.ferryhalim.com/orisinal/).

Now where do people find such mini games? On mobile. The big mini-game market has shifted and we now have to pay, we now have to download each game individually.

I understand Flash has had a bad track of security vulnerability, but the internet used to be magical, it's the end of an era.

As methodover says it here:

> The tools for 2D animations and games in Flash are far beyond anything else out there from a creative standpoint. There isn't a product on the market that comes even close. Everything now is too technical, too specialized.

seanalltogether 2 days ago 6 replies      
> will be phased out by the end of 2020. At that point, Adobe will stop updating and distributing Flash.

Adobes stance on backwards compatibility in Flash has always been "Don't break the web". Where does this leave all the existing flash content that still exists around the web after 2020? As far as I know, those JS emulators are way to slow for most content.

yoodenvranx 2 days ago 10 replies      
Is there any attempt to save all the classic Flash animations and games like they did with old arcade games? Any "emulators" which can be used to preserve them?
pier25 2 days ago 1 reply      
The Flash player (which is really what's being killed here) was piece of crap, but the Flash ecosystem was amazing.

There is nothing today that offers a similar level of accessible crossplatform development like Adobe Air. Qt is the only thing that comes close.

Sadly Adobe decided to kill the Flash platform. I wrote a long rant here a couple of years back:https://medium.com/@Pier/why-im-finally-breaking-up-with-fla...

Marazan 2 days ago 5 replies      
Adobe abandonment of Flex has to be one of the most perplexing acts of corporate self harm I have witnessed ( and been affected by).

Dominating the Rich Internet Application space and poised to storm corporate apps by levaraging all those Flex Devs via Adobe Air and they... just knife them all in the back and abandon Flex totally.

Just jaw dropping. Inexplicable.

amyjess 2 days ago 4 replies      
As much as I want people to stop using Flash for new projects, I'm worried what this means for preservation. There are a lot of old Flash games and other stuff out there that has never been ported to HTML5 and have been abandoned by their creators. A decade from now, we're probably going to need to run an old OS in a VM just to run this old content.

We're at risk of a digital dark age already, and this is just going to make it worse.

amelius 2 days ago 0 replies      
This is exactly why we shouldn't rely on closed standards and closed viewers: at some point they stop to exist, and there will be content out there that we can't view any longer.
rocky1138 2 days ago 1 reply      
> Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats.

Why not open source it and make Flash the open format instead?

dandare 2 days ago 1 reply      
> Where a format didnt exist, we invented one such as with Flash and Shockwave.


Adobe bought Flash and Shockwave along with Macromedia that invented them 10 year earlier.

Bahamut 2 days ago 2 replies      
I wonder how long will browsers keep Flash around though? I doubt sites like Homestar Runner will just convert everything to HTML/CSS/JS.
kensey 1 day ago 0 replies      
I remember in 1993-1994 playing Cosmic Osmo on a Mac. All the old pre-Myst Cyan games (Manhole, Osmo, Spelunx) were basically HyperCard stacks, which didn't directly allow for any but the crudest animation. But Cyan had integrated MacroMind VideoWorks, which later became Macromedia Director, into Osmo. The effect over other HyperCard stacks was striking. You could actually play little minigames in the Osmo world.

Then I went off to college the next year and found out about the whole "web" thing, and again everything was flat and mostly static. Then Macromedia Shockwave and Flash and Java came along, and it was just like Osmo vs. Manhole, only more so. For a long time, your browser install wasn't complete till you had Java, RealPlayer, Shockwave and Flash installed (and later, QuickTime).

(For nostalgia purposes, Steam has all the Cyan games from Manhole on up as a bundle; you can also play the original Manhole/Osmo/Spelunx in the SheepShaver emulator if you can get hold of firmware plus OS and game discs.)

hprotagonist 2 days ago 1 reply      
I disabled flash on my browsers in 2014, and I have had to manually reenable it exactly twice in the last three years to get content I needed. Both times were for restaurant menus, of all things.

I have fond memories of newgrounds and the real early explosion of browser games, but I'm not going to miss the lag, memory overhead, and security hell one iota.

cpncrunch 2 days ago 1 reply      
What about Adobe Connect? They have been talking about moving to HTML5 for years, but nothing seems to happen. Then recently they announce that if you don't have Flash you can instead download an executable:


Could this be the end of AC, or will they pull something out of a hat at the last minute?

k__ 2 days ago 0 replies      
End of an era...

I did my first project, when I was 14, with Flash, simple animated cartoon. Was super easy and fun.

Today I read we would have Iron Man style UI if Steve Jobs didn't shot down Flash with the iPhone. The reasoning was, nothing we have today had such easy 2D/3D animation features, yes WebGL can do everything Flash can, but it's waaay more complicated.

When I started programming, I liked the idea of Flex, but somehow that never cached on. Later in 2011, when I finished my CS degree, I moved to JavaScript because it was open and rapidly catching up.

I liked the whole openness of JavaScript much more and like I said, the Web platform can theoretically do everything Flash can, but we need better tools. I can do rather much, because I'm a developer, but when I look at me 18 years ago, I didn't know anything about programming and still got things done with Flash.

I also met a few people who build their whole career on Flash. Some media degrees here were basically 80% Flash content creation and I'm still working with people who got into IT by doing Flash, they miss it pretty much...

ash_gti 2 days ago 12 replies      
I wonder what the major use cases are for Flash Player these days?

I assume some of the 'Farm Ville' style web games are probably in Flash still these days.

thekevan 1 day ago 1 reply      
I wonder what will happen to large Flash games sites like Kongregate.
qxxx 1 day ago 1 reply      
I installed Adobe Animate last week, it looks really similar to flash, they even use very similar concepts. I didn't try to write some code yet, but it looks like they use some kind of an action script.
sqeaky 2 days ago 9 replies      
I have seen a massive downtrend in flash use already. Is there anyone building building new and serious projects in it now?
msla 2 days ago 0 replies      
There seems to be more discussion here:


stevenh 2 days ago 0 replies      
Most actual developers currently using Adobe's products will only want to know whether Adobe AIR is safe. It is.


Kenji 2 days ago 3 replies      
Hate flash however much you want. I learned to program with old ActionScript and wrote my first game as a kid (that actually taught me OOP and laid good foundations for JavaScript which is almost identical). To this day, all the applications I wrote still work perfectly. That's an achievement. Not to mention, Macromedia (later: Adobe) Flash was a fantastic environment for minigames and I haven't yet seen anything replace it properly. I weep for today's children, is there a good alternative? I mean, a program where you can scribble, make a movie clip out of it and make it move with code, just like that. And then publish it on the internet effortlessly.
dalbasal 2 days ago 1 reply      
What an epic case study.

How hard it is to EOL anything. How non-standard standards can play a giant role. How important deign/dev tools can be. How hard it is to get designers to accept limits (there were all flash websites just for minor design capabilities)..

senthilnayagam 1 day ago 0 replies      
I still don't understand why don't adobe open source the flash player, so that security team and browser teams can look into it and maintain a secure runtime.
camus2 2 days ago 1 reply      
This is Adobe's fault. They could have open-sourced the player anytime they wanted, they didn't. I don't blame Apple, or Flash-haters or anybody else but Adobe and all its stupid policies. Adobe killed Flash. Nobody else did.
mfabbri77 2 days ago 0 replies      
It would be cool to see the Adobe Flash 2D vector graphics engine opensourced, to perform comparisons with similar engine all around: Agg, AmanithVG, Blend2d, Cairo, NanoVg, Skia, ...
wooptoo 1 day ago 0 replies      
That's quite a commitment for a company, to maintain a piece of software for 25-ish years.

I have fond memories of using Macromedia Flash 4 and 5 many years ago to create animations and simple scripted pages. I loved how well integrated everything was. But I still believe that things are better as they are today: we have more choices in frameworks, better standards, and some great web services which work well on both mobile and desktop.

That being said today I uninstalled the Flash plugin preemptively on my machines just because I am not needing it for any website I commonly use.

guessmyname 2 days ago 0 replies      
I have a bad experience every time I have to declare taxes because the interface was built on top of Flash; many parts of the platform are broken (missing images, inconsistent styling in sub-pages, JavaScript exceptions) and I wonder what the government will do to overcome this change, three years is not much time by government standards.
cestith 2 days ago 0 replies      
Flash Player is not Flash. Flash was the name of the media creation software. Flash Player is not end-of-life because it sucks (which it does) but because in the days of HTML 5, CSS 3, ECMAScript 6/7, Canvas, WebGL, etc a plugin to show that sort of media is redundant to the browser.

The creation tool lives on, although rebranded.

jordache 2 days ago 0 replies      
I would wager flash can still be used to develop movie set UIs, and other internalized use cases. However those can also be utilized outside the realm of web browsers.

It's benefit is a powerful full featured scripting language, in conjunction with a canvas that is easy to achieve pixel accuracy.

eadmund 1 day ago 1 reply      
I miss Flash; it was nice to be able to browse the web normally, with Flash disabled, and then to enable it only for a single function on a single page. It was relatively rare, and it didn't destroy the web.

With JavaScript, I basically have to enable it everywhere, as the web has been destroyed and I must now grant practically every site execute permissions on my computer in order to read content.

cjensen 2 days ago 1 reply      
I feel so bad for the Scratch language, which converted to Flash at exactly the wrong time.
smaili 2 days ago 0 replies      
For fun, here's the famous letter from Jobs himself on Flash - https://www.apple.com/hotnews/thoughts-on-flash/
FRex 2 days ago 0 replies      
This is absolutely awful. There are thousands of great games on ArmorGames and Kongregate that are in Flash. I they consider open sourcing it or at least allowing open source alternatives to grow.
cbhl 2 days ago 0 replies      
Rather than blaming Adobe, I hope some of you will be inspired to go out and build the next vector animation format/authoring tool for the web.
asavadatti 2 days ago 0 replies      
I remember the Nike website being all flash even as late as 2009-2010. I'm glad this abomination is finally done with
otterpro 2 days ago 0 replies      
Does this mean an end of all things related to Flash ecosystem or just Flash itself? I still have Adobe Air apps (as rare as it may seem) that I use regularly. Does anybody know the best way to migrate Adobe Air apps to HTML5? My guess is to use Adobe Animate CC, but it is not free..
misticdeveloper 2 days ago 0 replies      
Yes! HBO's lazy ass will finally be forced to get rid of their horrible Flash web player
humptechtips 2 days ago 0 replies      
Too bad. Mozzilla will not ask me to update flash player as it is literally gone now. I must there are too much memories with flash player as there was a time when you couldn't play a video on youtube without it. #ripadobeflashplayer
samfisher83 2 days ago 0 replies      
It seems like instead of programming for flash player you have to program for each browsers HTML/JS quirks. People trash flash, but these browsers also have security holes. Its hard to make any really complex piece of software completely secure.
dave5104 2 days ago 2 replies      
Anyone know of any command line tools available out there that can convert Flash assets to PNG assets? I have a large number of Flash assets that I will eventually need to (finally) convert over. Hoping there are some easy tools out there available.
edko 2 days ago 0 replies      
Does anybody know if this includes Adobe Air? There is nothing said in the press release.
oblib 2 days ago 2 replies      
The only people who care about the life of this product are those who invested in buying and learning how to use it. I can understand why they care, but I don't.

I decided not to invest in it back when Macromedia bought it because I knew it would be expensive and subjected me to their whims. I thought "Futuresplash" was great and had high hopes for it but I'd already been burned by Adobe's planned obsolescence and I hated the way Macromedia designed their UIs and thought they charged way too much for their products.

I stopped using Adobe's plug-in on my Mac even before Jobs came out and complained about Flash. I considered it a form "spyware" and even if it wasn't it was constantly pestering me to update it and I seldom ever visited a site that used it. As I recall it was a bit of a pain to get rid of it too.

meerita 2 days ago 0 replies      
I made a living with Flash. In fact, I first made Flash before making HTML, CSS.
LyalinDotCom 2 days ago 0 replies      
As things like Flash and Silverlight due i can't help but think that there will be another one of these in-browser techs that is just bound to come back around. What's new is old and what's old is new :D
xupybd 2 days ago 0 replies      
Flash ads were terrible, a blight on the web. But Flex is so much more structured than any JS framework I've used. It wasn't super pretty but it did the job.

RIP a major Flex project I support :(

Samuray 2 days ago 4 replies      
Good thing I spent so much time learning and using Flash. Never again, Adobe.
komali2 2 days ago 1 reply      
>Adobe also notes that it plans to be more aggressive about ending support for Flash in certaingeographies where unlicensed and outdated versions of Flash Player are being distributed.

What did they mean by this line?

marban 2 days ago 0 replies      
Thumbs up if you have jaw-dropping memories of this: https://www.youtube.com/watch?v=9Y-ESJS911c
baalimago 2 days ago 0 replies      
I'm foreseeing someone finding a hole in flash security around 2022 forcing adobe to update it again anyway, sorta like wannadecryptor

but rip all the flashgame websites (if there even is any left)

tapsboy 2 days ago 0 replies      
Interesting, that it will still survive in browsers till 2020. Co-incidentally, today at A+E Networks, we finally migrated all our web properties to HTML5 video playback.
mmmnt 1 day ago 0 replies      
Noooo, whats next? The real player?
Itzcoatl 2 days ago 0 replies      
The cross platform apps arguments can easily being applied to all the {"React native", "Xamarin", etc} bullshit. IMHO.
TekMol 2 days ago 0 replies      
I wonder if WebAssembly is facing a similar fate. Somehow, I always have a "flashy" feeling when reading about it.
tomc1985 2 days ago 0 replies      
What about Flash proper? I imagine sunsetting that would be devastating for the animation industry.
BatFastard 2 days ago 0 replies      
Flash is not dead, only the browser plug in is going away.AIR is still alive and well, for both desktop and Mobile
gumby 2 days ago 0 replies      
What a shame. Not installing flash used to be an excellent way of blocking shitty websites and annoying ads.
digi_owl 2 days ago 0 replies      
Now if only there were not a war of streaming protocols going on...
WalterBright 2 days ago 3 replies      
Since Flash and MS-Paint are going to be dumped, why not open source them?
therethenthat 2 days ago 0 replies      
up in heaven, Steve Jobs is smiling a bit more than usual today :)
partycoder 2 days ago 0 replies      
The irony is that AS3 felt more Java-esque than JavaScript.
TallGuyShort 2 days ago 0 replies      
Long live Homestar Runner!
AaronMT 2 days ago 3 replies      
How is Shumway doing?
geekamongus 1 day ago 0 replies      
And there was much rejoicing.
VicYu 1 day ago 0 replies      
I see, you already have Animate CC.
ipstas 1 day ago 0 replies      
somebody still using this outdated pos?can they kill pdf too?
j45 1 day ago 0 replies      
While Flash Player is meeting it's end, the transferability of existing investments in AS3 to a new endpoint is tough not to imagine due to the kinship of ECMAscript with both JS and AS3.

If AS3 could compile to HTML5/JS endpoints, existing, or archival can in some part live on or be repurposed. The question will be how close it can get compared to existing solutions. There is likely several billions of dollars (likely more) of content that will need to be recreated, and not all of it will, or can be.

With Flash Professional becoming Adobe Animate CC, it wouldn't be surprising if this transferability becomes more of a prominent format. Adobe has been at the core of a lot of rich media formats both online and files with PDF and Flash, and I expect them not to disappear in the world of the tooling to create such experiences.

There is some stewardship and timing on this announcement from Adobe that says the right things to those those who are quietly very excited by WebAssembly, and now have Adobe and others starting to look at it the same way.

tandav 2 days ago 0 replies      
It was EOL in 2010
exodust 1 day ago 0 replies      
Funny how they spruik their Creative Cloud applications in a message about EOL Flash. I'm guessing their marketing managers signed off on the message... "End with a positive note about how awesome we are, and how everyone can subscribe to our products and give us money on a regular basis no matter how infrequently they use the product."

Adobe are so... creepy. I won't miss the pre-ticked "you want McAfee fries with that" box when updating Flash. I wonder how many people didn't see the checkbox and ended up installing McAfee unintentionally.

I still use a browser extension to force Flash player on Youtube simply because it performs better than the HTML player, and provides more flexibility.

givinguflac 2 days ago 0 replies      
Good riddance.
qrbLPHiKpiux 2 days ago 0 replies      
samstave 2 days ago 0 replies      
heh -- I read that as "Flash memory will be EOL by 2020"
kfk 2 days ago 0 replies      
I had my 10 seconds of panic today with this title as I misread Flash into Flask. Anywy, now I that I know it's Flash I am perfectly fine.
codedokode 2 days ago 1 reply      
Without Flash live streams on Youtube cannot be played in Firefox 45 on Windows XP. So Flash is still useful.

And by the way videos in Twitter and Vimeo don't work in both Chromium and Firefox on Windows XP. Because HTML5 video cross-platform compatibility is not perfect and developers have chosen not to encode videos in formats supported on this platform.

How a VC-funded company is undermining the open-source community theoutline.com
998 points by posnet  3 days ago   414 comments top 70
RubenSandwich 3 days ago 8 replies      
Look at this clear dark pattern: https://outline-prod.imgix.net/20170721-QVaxMDgDwdZ1TBufCdq4.... (Image taken from the article.) Want to use our service, then only lists positives. Or these other services, then only list negatives.

If you're reading this Kite. I now have a negative view of your product. We cannot allow corporations to take over open source tools. Donating is perfectly fine and encouraged, but the above example is a downright take over. If you want another tool then create one, don't take over an existing one and use the communities trust of that tool to promote your product.

danso 3 days ago 2 replies      
This situation seems to have the best and worst of open-source. Best, in that the license of the projects allowed them to be forked without too much effort. Worst, in that it shows how easy it is for a project to be subverted once the maintainers are bought (in this case, given a job). It also remains to be seen if the average Atom user will see the difference between the Kite-branded (and, currently, more popular) and the forked versions of these plugins.

Besides the open source issues, this tactic seems to reveal a massive desperation by the Kite folks. There is no way they couldn't have seen how negative this was going to look once people found out. Their ability to attract new users through word-of-mouth and organic advertising must have plateaued. Sneaking their service into a well-used plugin would have given them a boost in users, maybe enough to attract a new round of funding, but they must have known it would cause this kind of bad blood. Especially based on their past reception on HN, which was highly upvoted but in which they never convincingly answered the concerns about uploading users' source code to the cloud:




rawland 3 days ago 2 replies      
Kudos to @mehcode for the fork [1]! And the author @abe33 for the apology [2]! I'm thinking, that @abe33 might not be responsible for this, but was "asked" by his employer (Kite) to do that.

Then, there are alternatives such as sublimetext/vscode, which have the minimap builtin...

Disclaimer: Not affiliated, I prefer n/vim anyways. This is a copy from my comment in the issue. Please read @abe33's comment [2] in the issue. This might explain a thing or two.


[1]: https://github.com/mehcode/atom-minimap-plus

[2]: https://github.com/atom-minimap/minimap/issues/588#issuecomm...

danpalmer 3 days ago 1 reply      
I've tried Kite twice now. Once when it first launched, and once again when I installed autocomplete-python and it persuaded me to give it another go.

So far I have found it utterly unconvincing to the point of near uselessness. It rarely finds anything intelligent to say about my code, and gives a significantly worse view of documentation than Dash (for which I have a hotkey bound for near-instant lookup).

On top of that, I found Kite to use significant resources, there's no way to inspect what it's uploading so now way to ensure you aren't uploading things you don't want to, and the second time I tried it the UI was filled with dark patterns and I found it quite difficult to uninstall (I reverted to just trashing all the files I could find relating to it).

dessant 3 days ago 0 replies      
This is the minimap fork:



It is a featured[1] Atom package, which may point to whom is GitHub endorsing in this issue, though we could see a more direct response from them regarding both minimap and autocomplete-python.

After reading sadovnychyi's reaction[2] to the autocomplete engine selection screenshot, I think forking is also the only remaining step for autocomplete-python.

[1] https://atom.io/packages

[2] https://github.com/autocomplete-python/autocomplete-python/i...

scandox 3 days ago 1 reply      
> Most users who install autocomplete-python close the engine selection prompt, which results in not getting Kite or its benefits

This type of entrepre-narcissism has to be shutdown hard. How deluded does somebody have to be to imagine that putting a confirm-shaming dialogue in an opensource tool is not Advertising?

omginternets 3 days ago 1 reply      
I just uninstalled Kite.

It's a real shame as the service was good, but nothing is good enough to justify advertisements in my work-space. The fight against distraction is hard enough as it is without having to think carefully about where I'm clicking due to dark-pattern UI.

jtokoph 3 days ago 2 replies      
PSA: I removed the whitelisted directory from my local install of Kite and then uninstalled the application. Logging into https://kite.com/settings/files still shows my machine and all of the synced files.

I still had to manually purge my machine and files from that page.

If you think your files were removed, check again.

billdybas 3 days ago 1 reply      
It's nice this is getting more response today - my submission yesterday got no comments.

I almost spit my coffee out when I learned about this (as I'm a minimap user who had no idea this was going on). Not a fan of these shady practices - completely breaks the trust between package maintainer and users.

jchw 3 days ago 1 reply      
I think we need a swift and damning response to this. I'd rather have an even worse walled garden than the Apple 'App Store' than deal with having to worry about my source code getting stolen to be used by some stupid cloud service. I don't even want data collection in my text editor; maybe from the vendor its acceptable but not N times for each plugin. I now feel compelled to vet the network usage of any plugin I install.

Thanks, Kite. I'll make sure to remember this in case anyone ever considers your service.

cronjobber 3 days ago 5 replies      
Google introduced and normalized the spyware/adware business model. Nothing but fawning adoration from programmers.

Microsoft copied the model for operating systems. Token resistance from programmers.

Kite copies the model for programming tools. Too late, programmers.

vultour 3 days ago 2 replies      
Holy shit that 'apology' is a steaming pile of crap. This guy is actively subverting not one but multiple open-source projects and he responds with some pathetic crisis-management sob story and an 'oops, sorry'?
2sk21 3 days ago 3 replies      
Open source is very vulnerable to manipulation. Some years ago, I spent some time trying to understand the PAM module LDAP module on Linux (PAM is used to enable external authentication so its critical code). I found it to be completely impenetrable. We take such components for granted but if someone could inject malware into such code, it could be catastrophic.
git-pull 3 days ago 0 replies      
In short: A startup is taking control of open source editor plugins relevant to their product.

I admire their cleverness.

If it were me: I'd create an extension interface for completion libraries to accept third party plugins. I'd stop at putting in a third party stuff in by default. A sufficiently good plugin API for python-autocomplete shouldn't require it even to know about Kite.

That said, I don't think Kite should be disallowed. If they have a secret sauce that they think can empower completion plugins, give them an API to plugin to.

It's not in the spirit of open source to shut the door on proprietary solutions (IMO). Transparency should be paramount. Normally most Linux users opt-in to using proprietary/blob software/drivers one way or another anyway. Open source projects routinely maintain relationships with vendors (NVIDIA, Intel). It doesn't necessarily mean evil is at work.

Though, as someone who's struggled with the performance and reliability of completion tools, I don't know if I'd personally opt to outsource that functionality. I'd wait and see if our current tools get better.

mercer 3 days ago 0 replies      
Honestly, I feel that at the very least the core team behind Kite should be held accountable for what they're doing. I'm not arguing in favor of an all-out witch hunt, but in the context of developers doing their development thing this kind of behavior should have consequences that potentially might include 'black-listing' at least the higher-level people behind it that thought this was a good idea.
numbsafari 3 days ago 1 reply      
So, what prevents any Atom package from being silently taken over and turned into a private code Hoover? Is there anything in Atom's packaging APIs that ensures plugins that can read source cannot also access the network without permission?
bloomca 3 days ago 1 reply      
If you are looking for the github thread https://github.com/atom-minimap/minimap/issues/588.
jlangenauer 3 days ago 4 replies      
This is one of the things that makes me think software development, like most other professions, should really have a formal code of ethics. If a lawyer or a construction engineer tried to do something equally dodgy, they would very soon find themselves hauled before a professional authority.

It should be made clear to the employees, management and investors of Kite that this is the sort of thing that marks you as someone willing to engage in unethical and underhanded behaviour. I wouldn't hire any such person into any team I manage, and I suspect quite a few other people wouldn't either. Actions have consequences. Especially unethical actions.

dsign 3 days ago 1 reply      
Things like this are bound to happen, as long as people have to pay their bills and they don't get as much retribution as they would like for their work. If the original authors of the plugins that Kite took over had got a dollar from each user, maybe they would have thought it twice before handing over their creations to a company with dubious purposes.

I have been saying it for a long time: we need better and more flexible software markets, and as developers, we should appreciate the work and time of fellow developers and as a matter of principle try to compensate them.

oxguy3 3 days ago 0 replies      
> I apologize in advance that I can't answer any further questions, he wrote. I need to focus on other parts of the business, including continuing to improve the product for our users, and conflict like this is always doubly distracting.

If you don't have time to deal with controversy, maybe don't take actions that will inevitably lead to it, eh?

nv-vn 3 days ago 0 replies      
Can't wait till someone hacks Kite and exposes some major company's source code. Will be very interesting to watch the legal response to that.
roadbeats 3 days ago 2 replies      
> It is unclear what Kites business model is, but it says it uses machine-learning techniques to make coding tools. Its tools are not open source.

I've never heard of such a thing before. Could someone explain how would they use machine learning for building coding tools ?

quantum_state 3 days ago 2 replies      
We, the open source community, need to respond to this pollution firmly and decisively. Apart from removing the sneaky code put in for these types of purpose, we may need to consider adjusting the licensing to forbid such doing ... the entire open source world need to unite against this ... it is threatening the future of open source.
jdenning 3 days ago 1 reply      
The "Kite Effect": when a company implements a marketing strategy that does more to deter potential customers than attract them.
roesel 3 days ago 0 replies      
Whenever I see a screen like this, I just use the "local engine" and make sure I never use the suggested product, ever.

Have fun finding customers Kite...

bauerd 3 days ago 0 replies      
Aaand into the /etc/hosts kite.com goes. Can anyone paying for their product post their other (AWS?) hosts?
deepakkarki 3 days ago 2 replies      
I wonder how the HN ranking algorithm works - even with so much discussion and upvotes/hr this thread has already slipped to #24.I find that awkward!
softawre 3 days ago 0 replies      
For all of you that accidentally sent your BigCorp source to the cloud, are you going to report it to your legal departments?
simias 3 days ago 0 replies      
While this Kite company seems rather scummy, I think it's a bit disingenuous to frame it as an attack on open source. Actually it's the one thing open source can handle better than anything else: just fork the repo and carry on.

Maybe I'm reading too much into the article but it feels like a weakness in open source is exposed when in fact the real problem would be if those applications were closed and you were stuck with crappy software if you didn't want to switch to a brand new tool. How's Skype doing lately?

Open source is vindicated by these scummy tactics, not undermined.

tangue 3 days ago 1 reply      
Time to write Adblock for code editors.
sebleon 3 days ago 0 replies      
> It is unclear what Kites business model is

Their business model is to sell subscriptions to a premium version:https://kite.com/pro#business

aerique 3 days ago 0 replies      
Those animated squiggly lines under the headlines are some of the most annoying things I've recently seen.
thehardsphere 3 days ago 0 replies      
> Although Kite has no business model yet,

This is actually the most ridiculous part of the entire story.

It would be one thing if a corporation was stealing your code and taking over open source projects as part of a detailed plan to make money. That would still be objectionable, but at least there would be a clear motive for these voyeuristic activities.

Apparently, there is no master plan. They're just doing this because they want to be voyeurs and then maybe figure out how to make money off of that somehow later.

AdmiralAsshat 3 days ago 1 reply      
Not sure how the Atom plug-in store works: if this were yum / CPAN / pip, I would think there'd be some way to kick these plugins out of the stores and force anyone who really wants it to install manually. I think that's the best way to tackle this kind of deception: fork it, kick it out of the app stores, and make it difficult as possible for someone to inadvertently download the adware-written version.
toyg 3 days ago 0 replies      
It is somewhat ironic that the community affected is the Atom one, which was supposed to be built by (and for) next-gen cloud-first types who live in the browser. If all data has to live in the cloud, your source code will inevitably get there too - because source code itself is data. Sure, Kite went about it with an anti-pattern, but that makes little difference. Live by the cloud, die by the cloud.

Let's be honest, the real problem here is that Kite's offer is still not good enough. The service they provide at the moment is not worth handing out all your code, unlike with services like GitHub; and their leadership is not seen as smart (or honest) enough to tolerate them taking stewardship of this or that established project - something that happens every day in the OSS world (loads of companies de-facto own this or that OSS project, from RedHat to Google to Ubuntu to IBM, steering as they see fit).

As soon as Kite (or anyone else) can provide a compelling service, people will go to great lengths to use their stuff and give them their code, without any dark pattern being required - ethics be damned.

codepilot 3 days ago 1 reply      
If someone approved their own PR in our team they would have some explaining to do, approving your own PR in an Open Source project - SMH
random3 3 days ago 0 replies      
This is why Open Governance is just as if not more important than the actual OSS License. Foundations such as the ASF can protect from these situations https://www.apache.org/foundation/how-it-works.html
jancsika 3 days ago 1 reply      
Dear free software and/or open source zealots:

Please use your skills and spirit to fork both of the projects in question and put one of your known good actors in charge of each.

Either new project leaders are available and will immediately come forward to claim these projects as their own, or we need to change the subject to FLOSS sustainability.

whack 2 days ago 0 replies      
Honest question: if someone starts a hobby project, open sources it, and later decides to monetize it in some way, is that considered bad form? I can think of many open-sourced projects that are being monetized - eg Reddit/GitLab.

I was under the impression that open-sourcing something literally means just making the code publicly available, and doesn't restrict what the owner chooses to do with the project in future.

intoverflow2 3 days ago 0 replies      
I'm curious to what the ads looked like? I installed it but can't see them and the article only includes it's own ads for razors not pictures of the ads it's talking about.
tzs 3 days ago 0 replies      
It's not clear to me from the article or the comments what it was actually doing.

Looking briefly at kite.com, it looks like they provide a potentially useful tool/service that is kind of an alternative to searching the web for documentation.

What I can't tell is whether what they did was make minimap incorporate results from Kite, so that you were essentially getting the Kite service (or a light version of it) bundled with minimap, or if they were putting ads for the Kite service in minimap, or if they were putting ads for other things in there.

oefrha 3 days ago 0 replies      
I remember the day Kite was launched. I took a brief look, realized it would be uploading entire codebases of mine to their servers, and said no.

The fact that they have since slipped their stupid product into popular open source tools (probably because it isn't as well received as they thought it would be) is very similar to how some douchebags buy up popular browser extensions, then inject ads or do more nefarious things with them. Utterly distasteful.

barking 3 days ago 1 reply      
I'd never heard Kite until today and following a one of the links ended up at Adam Smith's blog a couple of hours ago. I did no more than to read a blog post.Just now I went to checkout from my local tortoisesvn repostitory and instead of the usual local address this was present as the repository url:


I have no idea how that could have happened.

dabei 3 days ago 0 replies      
This is evil. We need a way to deter activities like this. The public shaming on HN is a good first step but this would be forgotten too quickly. Any ideas?
microcolonel 3 days ago 0 replies      
This is a bit hyperbolic. If the original maintainers of a project are making changes you don't like, just fork it.

That said, if I was already unlikely to trust Kite, I don't want to work with them at all given this behaviour. Betraying the trust of a significant portion of your potential customers is a sure way to be exed from an industry you never capitalized on. Congratulations, Kite.

kayoone 3 days ago 0 replies      
I think what Kite is doing isn't very smart, their audience are developers who will usually not put up with stuff like this so easily.
amelius 3 days ago 1 reply      
Can't we have laws against software that combines ads with spyware (or user tracking for that matter)?
sdwisely 3 days ago 0 replies      
For some reason that animated underline makes me feel like I can only read one word per minute.
bluepeter 3 days ago 1 reply      
Bottom of the Kite web site I find this tell: "Made with [love emoji] in San Francisco"
mattbierner 3 days ago 0 replies      
As distasteful as ads are, I'm always concerned about an update that introduces malicious behavior in the background. Something like NPM hyrdra for example, or those Chrome extensions that have been bought out
DrFukushima 3 days ago 0 replies      
Merge request to remove Kite in minimap was closed: https://github.com/atom-minimap/minimap/pull/596
mnm1 3 days ago 0 replies      
Sounds like a replay of uBlock / uBlock origin. The same solution (forking and rebranding) can apply here. If the original authors sell out to Kite and the license permits it, fork it and fuck them.
thrillgore 3 days ago 0 replies      
I personally want to know why Kite decided to show up uninvited in Atom. I don't want this shit, I don't care about it, if I wanted documentation i'd use Sphinx or Doxygen.
daotoad 3 days ago 0 replies      
I think the real dark pattern here is the stupid animated scribbles under the section headers.

WTF?! Is this 1997? Why don't you bring back the blink tag while you're at it!


edem 3 days ago 0 replies      
We can just fork these tools, and re-release them without the malware Kite is injecting. The licenses are MIT AFAIK.
thrillgore 3 days ago 0 replies      
Is there a comprehensive list of Atom extensions that are maintained or used by Kite? Or should I just write off Atom altogether?
Dowwie 3 days ago 0 replies      
I wouldn't be surprised if this leads to click-wrap terms of use prior to installing Atom packages..
mfringel 3 days ago 0 replies      
Two years ago, this would have been called "growth-hacking".What changed?
fh973 3 days ago 3 replies      
That sounds Atom plugin specific. Do Atom plugins not run in some sort of Sandbox?
mychael 2 days ago 0 replies      
Kite is malware. Plain and simple.
rurban 1 day ago 0 replies      
Oh my, just fork it and avoid all the drama.
CodeWriter23 3 days ago 0 replies      
FFS, "Fork this on Github'
trymas 3 days ago 0 replies      
so we'll need to have ad-blockers in our editors now? /s
jwilk 3 days ago 2 replies      
Why is the submission title different than the original one?
threepipeproblm 3 days ago 3 replies      
Psychopaths sometimes have trouble recognizing stuff that is supposed to make them ashamed, i.e. stuff that would reveal their character were it exposed publicly.

Maybe that seems like an over the top comment, and on any individual case, who knows? But I think it explains a good number of these sorts of scandals. Sometimes, the people who get on top are not "ambitious"... sometimes they are actual monsters.

PhantomGremlin 3 days ago 3 replies      
There are those who would argue that foisting systemd onto the Linux community is the quintessential example of "behaving badly".
waynenilsen 3 days ago 1 reply      
I see nothing wrong with this. This is why open source is beautiful. If you don't like what some contributor is doing, fork it. Kite can even pull in updates from the main fork. I think this kind of thing happens all the time just not publicly.
GoToRO 3 days ago 1 reply      
Why not use this to fund open source? Have a checkbox to disable ads if you really want to give people freedom. I just can't see how open source can compete without enough funds.
conradk 3 days ago 1 reply      
To me, it looks like Kite miscommunicated but didn't propagate spyware. From what I understand after reading the related issue on Github, it did not do any requests to its servers without explicit user permission.

And I think the bigger problem is that 3rd party plugins are becoming a thing. Now, it's all about plugins, installing dozens of plugins that are difficult to audit before hand. It's like blindly installing software from torrenting sites, but shinier because it has the Github stamp on it.

18yo arrested for reporting a bug in the new Budapest e-Ticket system marai.me
863 points by atleta  3 days ago   309 comments top 38
goodplay 3 days ago 9 replies      
I remember coming across a serious bug in a site that belonged to a top multi-billion company. My brother also found what essentially an unrestricted privacy leak (and possibly editing access) in a top university (leaked data is sensitive personal information, not academic). Neither of us reported (or exploited) what we found.

Protection from this kind of blame-shifting and misdirected retaliation should be guaranteed by law. Until it is, bugs in critical and important infrastructure will go on unreported, and remain available for malicious actors to exploit.

whatnotests 3 days ago 3 replies      
That's how the DMCA works. Remember the guy who gave a talk about Adobe's PDF creator which purported to produce "secure" documents (required a password) but the feature was easily bypassed.

Adobe had him arrested the day after he gave his talk.

Link to a Wired article here: https://www.google.com/amp/s/www.wired.com/2001/07/russian-a...

EDIT: I have a terrible memory-- thanks to the folks who replied to my comment with corrections.

lebowen 3 days ago 4 replies      
A few years ago I also found a serious bug in a debt collection agencies web software. I ordered a phone and neglected to pay import tax and was chased by the agency. I found their website and saw that they developed their management software in-house and made it available for purchase for other agencies.

They offered a demo which I used to navigate around, in the demo was a reporting tool which essentially allowed you to send raw SQL queries to an AJAX endpoint. Something along the lines of:

http://demosoftware.com/reports/ajax.php?sql=SELECT * FROM debts

I switched out the demo software domain name for the live version and it worked, not only could I query the database there was no authentication preventing me hitting this end point.

At this point I was left with a dilemma, do I "erase" my debt, do I disclose the bug and pay the debt, or simply pay the debt and move on. I chose to pay the debt and move on due to fear of any recriminations. However it has left me uneasy ever since knowing that this company have such bad security and any debtors they are chasing for payments potentially will have all of their personal data leaked.

amingilani 3 days ago 3 replies      
In my country, the laws are draconian and totally against this kind of responsible disclosure. But being a good guy, whenever I find something I write a strongly worded email explaining why the company's IT department messed up, how to test said mess-up, and how they can hire my company to ensure these kinds of stupid things don't happen again.

I've reported several of these issues, sometimes all I get is single reply months later saying: "fixed".. mostly, nothing.

Once I found a SQL injection in a courier service's (very broken) web portal. This was very serious because any idiot could drop all the tables, so I sent an email to the most important worded member of their tiny, yet already bureaucratically structured team. I followed up several times because I knew someone saw my email (I embed beacons in my emails) but gave up after the sixth time. Three months later someone else replied saying "thanks Amin, we've fixed it"

On a separate occasion, a large government agency's emails routinely ended up in my spam folder. It was a huge problem, and they acknowledged it and said they couldn't figure out what was wrong. I took five minutes and found the problem to be a misconfigured server on the domain. The server sending the email thought it was `server-a.governmentdomain.com` but there were no DNS entries pointing the subdomain to the server.I reported this problem with clear instructions to test and fix the issue, but I was called despite the instructions, multiple times, to explain the issue with my words over the phone. This was 2 years ago, last I checked, the issue was still present.

fencepost 3 days ago 2 replies      
Two takeaways, one from this and one from my other past experience.

First, when testing whether you can change a price and have a transaction go through successfully, RAISE THE PRICE. If you lower the price the affected entity may come back and say "See??? He's STEALING from us! Lock him up!" If you've overpaid for something through their web interface that complaint and issue goes completely away.

Second, if you're going to suggest that they contact you for assistance in fixing it also suggest other options. My typical handling for this is with hacked websites, so I'll basically say "Your website has problems X, Y and Z. You should work with whoever you have working on your site to resolve these. If you don't have anyone I may be able to assist you, or I recommend talking with a firm like Sucuri.net which has dealing with and preventing issues like this as their primary business. (My only link with Sucuri is having seen some of their folks do presentations at trade shows.)"

fredsir 3 days ago 1 reply      
We've seen two[1] cases[2] of this in Denmark in the last couple of years surrounding systems that kindergartens are using. The second one is currently (still) being investigated, but the first one was rightfully concluded earlier this year with the "hacker" being acquitted.

In both cases, it was dads of children in the institution that noticed the bugs when they were rightfully using the system and were ignored when notifying the responsible party about it until they "shouted it so loudly" that they couldn't be ignored anymore, in which case they were reported to the police for hacking.

Links below are in danish, but they can probably be translated if needed.

1: https://www.version2.dk/artikel/boernehavehackeren-frifundet...

2: https://www.version2.dk/artikel/interview-hacker-tiltalt-jeg...

angus-g 3 days ago 5 replies      
Side note: this page gives me the weirdest Firefox behaviour I've ever seen: https://gfycat.com/HandyRapidJabiru
pmoriarty 3 days ago 7 replies      
"this outrageous move from the police brought about fierce reaction resulting in tens of thousands of 1-star reviews on the facebook pages of the companies involved"

In the old days, protesters used to physically go and picket in front of company offices. These days, protesters leave one-star reviews. I wonder which is more effective.

SeanDav 3 days ago 1 reply      
Although deeply unfair, this is not unusual, there have been many reported cases of companies shooting the messenger.

Unless the company concerned has a well documented and trusted bug bounty procedure, it can be very risky to report a bug in a system, if it involves any kind of hacking.

What happens is once the "bug" is reported, someone inside the company asks "How did this happen?". Now the person responsible has 2 options, admit it was their fault and the vulnerability exists and risk being accused of incompetence, or say that the system was hacked.

Human nature being what it is, one tends to complain of being hacked, thus snow-balling effects, which lead to the arrest of an 18 year old just trying to help.

My advice: Don't report these types of bugs at all, or if you really feel you must, report anonymously.

abecedarius 3 days ago 1 reply      
> the poor 18 year old 'hacker' who was stupid enough to email them

s/stupid/trusting/. There's no reason to think this guy isn't bright, and he's faced enough trouble without piling on.

anujdeshpande 3 days ago 0 replies      
Sounds a lot like what happens here in India [1].

Also, if such behaviour is systemic, how should we bring about the paradigm shift in handling such events? Such incidents will happen more often across the world as e-governance becomes more predominant.

1 - https://thewire.in/119578/aadhaar-sting-uidai-files-fir-jour...

chx 3 days ago 0 replies      
> We knew that they have been working on an NFC/smart card based system for around 4 years, without any visible result despite having spent over 4 million EURs.

The public procurement process for the current system called RIGO was indeed 2013 but the whole process is much, much older than that. A more than 300 page feasibility study was published in 2011 https://www.bkk.hu/apps/docs/megvalosithatosagi_vizsgalat.pd... And a completely different system, called Elektra was announced in 2004 with a 2006 deadline.

This whole clusterfuck with RIGO starting in less than a year was absolutely unnecessary since the 2011 study already suggested supporting contactless credit cards so once RIGO starts the only ones using this online ticket purchasing system will be those who have a credit card but not a contactless one. This is a (very) rapidly shrinking audience.

TimJYoung 3 days ago 0 replies      
The software industry better start investing more in educating the general public/government officials about how web applications work, or this is only going to get worse with technologies like WebAssembly in the hands of similar companies. If anything, people need to understand that these endpoints can be accessed without a browser, and we can't be arresting people/hauling them in for questioning for sending bad data to such an endpoint. After all, what does "bad data" even mean in such a context ?

Also, a question: does the EU have the legal concept of "fair use" ? I would have thought that messing around with a web application would fall under fair use, given that the web application can, and probably will, be stored on a person's computer. A computer that they (also probably) personally own, I might add...

skinnymuch 3 days ago 1 reply      
The list of bullet points of the egregious flaws in the software just get worse and worse. It's crazy how I thought the first one or two would be the worst since, but it just got worse.
jccooper 3 days ago 0 replies      
This sort of thing teaches people to exploit or ignore rather than report. Anyone who reports should be commended, even if they did real hacking (which using dev tools on a web browser is not.)

Someone's going to probe your system; you should be glad to hear about it in email rather than in the news or your accountants or from angry customers.

nthcolumn 3 days ago 0 replies      
Someone pointed out to me the other day that just connecting to a poorly configured system is illegal in some places (Finland in his case). A form of trespass he said. This was a ship in international waters registered in Russia Federation so not sure whose law applies lol. Perhaps if there were more cases where full advantage was taken of such incompetence with spectacular newsworthy results then people would be more appreciative of the work we do and the laws changed to protect whistle-blowers and activists generally.
minusSeven 3 days ago 1 reply      
> someone found out that the admin password was adminadmin and managed to log in using that.

Wtf ,I thought I was bad at my job.

pmoriarty 3 days ago 2 replies      
"if you just typed in the url (shop.bkk.hu), the site just wouldn't appear. At first I thought they've taken it offline, but it turns out that they just didn't set up the http -> https redirection. And it was left like that for days. If you just heard about it, you couldn't use it. You had to click a link (normal users won't figure out to put an https in front of the host name, even I didn't think of it)."

I'd really like to know which of these is the better solution.

It seems to me that if people go to the http address, they could be redirected to an attacker's address with a simple MITM attack. So there's an argument to be made for not using http at all, even for a legitimate redirect, because it can be so easily MITM'ed.

On the other hand, if the http address is left unused, then people who try it anyway and it fails will be confused. For this solution to work, it seems the users have to be educated to always and only use the https address.

For these reasons, the whole separate http/https scheme seems broken by design.

What's the consensus from the security community as to the right setup here? Am I missing something, or is there a better way?

triacus 13 hours ago 0 replies      
The Hungarian Government Incident Response Center (GOVCERT_Hungary) provides the opportunity to report security vulnerabilities for everyone in an anonymous manner:http://www.cert-hungary.hu/node/397

Better late than never...

beters 3 days ago 4 replies      
When I was in Budapest a few weeks ago, I heard from multiple locals that the metro system was owned by some sort of mafia. I wonder if that explains the subpar security and overreaction to the bug report.

edit: a few weeks ago, not this past summer that is still occurring

ikeboy 3 days ago 1 reply      
>Didn't any of the engineers on the team tell their managers that something isn't right? I find it hard to believe.

Or, the managers knew full well the system was shit and they had no time to fix it, but 80k/month is 80k/month.

odabaxok 3 days ago 0 replies      
All I can think about, what a shame can this be for the developers releasing this software. There must have been a bunch of people working on this and wasn't there no one to say this is wrong?
minademian 3 days ago 0 replies      
this reminds me of a dark joke.

a rabbit was detained by the secret police. the interrogator asks him, "what are you?" the rabbit says, "rabbit"

They torture, beat, and electrocute him for days.

Then, the interrogator asks him, "who told you you're a rabbit?"

qualitytime 3 days ago 0 replies      
Once there was this website which offered phone number to location service.

They had a form you could try the demo where it sent an SMS to verify and only allowed one query.

If you looked at the source of the page it had hidden fields to override the SMS verification and allow multiple queries.

I freaked out some friends for the day and nearly contacted a journalist but lost interest after some weeks.

I could have had my 15 minutes of fame or be on some list, or both.

It's alright, had some fun.

StreamBright 3 days ago 4 replies      
Actually he exploited the bug and purchased a ticket for the fraction of the price and than reported it to the public transportation company. The company that runs the infrastructure (not the public transportation one) followed its internal policy and Hungarian law reported the incident to authorities. Police brought in the guy for questioning.
secult 3 days ago 0 replies      
We had a similar case - National security authority(NBU SR) of a neighboring country got their public web infrastructure hacked after guessing credentials (nbusr:nbusr123). In the end, guys got free after trial because police were unable to unambiguously identify them.
aries1980 3 days ago 0 replies      
Open-source implementation of the password cryptographic method. https://github.com/moszinet/BKKCrypt
SubiculumCode 3 days ago 1 reply      
All I want to say is something off topic,but the only vacation I've had away fro m the kids and with my wife was a week in Budapest, and I miss it. Such a beautiful city, so romantic...and I rode the metro everywhere.

ahh Budapest.


dogmata 3 days ago 0 replies      
I wonder if the outcome would have been the same if instead of marking the price down from 9500HUF to 50HUF it was 9499HUF, the test would have still proved the issue.
ohthehugemanate 3 days ago 0 replies      
As a Deutsche Telekom client, I can say that this quality level is par for the course for T-Systems. Not surprised at all.
wooptoo 3 days ago 0 replies      
Just don't bother with companies who don't have a bug bounty system in place.
Aissen 3 days ago 0 replies      
I thought some CERTs were now doing the reporting as way to shield security researchers from this kind of things ? Or did I hear wrong ?
shanky1323 3 days ago 0 replies      
THIS --> "someone found out that the admin password was adminadmin and managed to log in using that."
willhackett 3 days ago 0 replies      
A sure-fire way to let vulnerabilities go unnoticed and unfixed.
daef 3 days ago 1 reply      
is HN hugging shop.bkk.hu to death?
Negative1 3 days ago 2 replies      
The price of a ticket was client-side authenticated!? I can't fathom the level of incompetence required to do something like this...
kutkloon7 3 days ago 0 replies      
Not really related to the technological side of the story, but I had a horrible experience with the international trains from Budapest. So they don't need a broken electronic system to provide a horrible service ;)

My parents went to buy a ticket at the counter. The lady behind the counter didn't speak English (which is totally OK). Her only communication was a 'go away' movement with her hand, after which she ignore us and signaled for the next customer in line to come to her.

Luckily a colleague of her helped us and gave us careful instruction on the time and platform of the train. After we took the train and sat for a few hours, the conductor of the train came and notified that our tickets were invalid. We argued for some time since the lady behind the counter told us this was the right train. The conductor became mad and told us that we had to pay him 50 euros in cash for some unknown reason (presumably to buy a ticket for the train we were on, but his English was very limited). Note that this was a normal train and there was no shortage of seats. In the end, we chose to get out at the next stop, and take the next train, which was about 3 hours later.

lightedman 3 days ago 0 replies      
Not just reporting it, but having actually exploited it to confirm before reporting it, even if just to test. That was the wrong move.

What should have been done was the second he had the thought that such a vulnerability could exist, he should have notified them that he believes that there is a possibility for one to alter the site code locally to gain unfair pricing, and to ask them if either he could check for them or if they could check using his proposed method.

The second you actually test without permission, you've committed a crime. Jury/court might look at intent later on, but for now, you've committed a crime and are thus subject to arrest.

Verizon Throttles Netflix Subscribers in Test It Doesn't Inform Customers About techdirt.com
589 points by sharkweek  3 days ago   322 comments top 17
cprayingmantis 3 days ago 8 replies      
They're going to keep doing this too until customers start treating internet as a right and utility until then it's just seen as a commodity.

If your local grocery monopoly started rationing out milk to 250ml sold per day there would be protests, investigations, and 10 minute time blocks for it on the nightly news because the people would demand it. The internet just hasn't had this moment yet and it sucks because the momentum for this moment is building but it hasn't reached critical mass. I don't think this moment will happen for another decade at least.

supercanuck 3 days ago 7 replies      
And Netflix is blocking VPN's. The original reason was it didn't have licenses for certain regions, but then what of original content?

I'm tired of being used as a pawn in this bullshit game.

Androider 3 days ago 9 replies      
I'd swear Verizon FIOS is throttling YouTube recently for me, the quality is getting worse and worse. Constant buffering even at 720p. Forget 4K these days, which used to be perfectly fine a year ago. With the current FCC I'm afraid it's just going to get worse.
brainfire 3 days ago 2 replies      
Note this is Verizon Wireless, the cell service company - not Verizon Fios, the home ISP company. They are both under Verizon Communications, but as far as I can tell this "test" only affected wireless customers.
kyle-rb 3 days ago 2 replies      
It was really a great move on Netflix's part to make their own speedtest site, allowing their customers to audit their providers specifically on their Netflix connection.
dsmithatx 3 days ago 1 reply      
They throttled users to 10Mbps to Netflix. The article states this shouldn't be an issue streaming a show at x resolution. I have 5 people and four TV's in my family. It is common to have 4 different shows going on Netflix. We all have different schedules and can't always watch the new OITNB on the same day.

If I'm paying Netflix and paying Verizon for 40+ Mbps wouldn't this impact us? Shouldn't I be able to watch four shows at once if I pay my bill on time?

festizio 3 days ago 2 replies      
I am more sad reading that T-Mobile and Sprint are potentially merging.
coverband 3 days ago 0 replies      
If the test is "At what point will customers notice and start complaining?", it makes sense... :)
nwatson 3 days ago 1 reply      
I'm working from Copenhagen right now. A valid-for-one-month 30GB data + 600 unlimited minutes on Lebara SIM card is $15 (and that includes free international calling to, e.g., USA or Brazil or wherever), and I can re-up at any time. I've been using SIM Card + mobile hot-spot to access the internet, web, VPN, AWS, etc. from a number of places. Speed is very good. I wish it were like this in the US.

Coverage in my home area of North Carolina (the Triad != Triangle) is quite good, Verizon is kind of expensive. It's a lot better than coverage I had living in the SF Bay Area -- whenever I go there I still find so many dead zones.

pxeboot 3 days ago 2 replies      
What were they testing? If users would notice the throttling?
knowaveragejoe 3 days ago 2 replies      
Silence from the opponents to NN.
peteretep 2 days ago 0 replies      

 > while Wall Street cries about this > rise in competition hurting earnings > at least once a week
They link that to a particularly shitty article which really doesn't make the case at all. This has thrown my confidence in the rest of the article.

wallstquant 2 days ago 0 replies      
I get upset when they call it unlimited data and then cap the rate you can download. if you can only download 1 unit an hour, you are effectively capped at 744 Units per month.
menzoic 3 days ago 0 replies      
holtalanm 3 days ago 1 reply      
and so it begins.
mrkrabo 3 days ago 5 replies      
People streaming HD video from cell towers is simply crazy. I'm sure that even supporters of net neutrality understand that a solution must be found.

Caps can't help with that in highly populated areas. The radio spectrum is simply finite. It's physics.

timmaah 3 days ago 2 replies      
I might be all for it if it frees up some bandwidth for the rest of us.

I travel full-time and quite a few places lately the Verizon tower is obviously at capacity. (Strong signal.. slow speeds)

Here be dragons: the same 3D scene implemented with 10 different 3D APIs github.com
562 points by adamnemecek  2 days ago   60 comments top 17
pierrec 1 day ago 1 reply      
This is a really useful codebase to compare what the code looks like for different APIs and the tooling around each (not so much for directly comparing the graphics, which should go without saying, but a lot of people seem to be missing the point here...)

It would be interesting to add an emscripten version, ie. slight modifications to the original C++/OpenGL code to make it compile with emscripten and run in the browser. After some fooling around I got that to work, however nothing shows up because the shaders need to be rewritten for WebGL. Looks like this was already done for the JS/WebGL version, but the shaders are less fancy and clearly don't map 1-to-1 to those in the C++/OpenGL version, so the code will need to be modified a bit either way.

Mikeb85 2 days ago 6 replies      
Very interesting. What's striking is how much better the OpenGL version looks than everything else. Not sure if it's because that was the reference version or if some of the other APIs require more work or the dev is simply unfamiliar with them. The Cycles renderer creates some really cool looking materials on the dragon, but the terrain doesn't look great.

The Metal version in particular looks terrible, but then again low level APIs like Metal, Vulkan and whatever subset of Direct X are all meant for vendors, not individual developers.

ars 2 days ago 2 replies      
I someone has time, could you record each one of these, splice the videos together and upload it, so we can compare them, without actually installing each one?
sipos 2 days ago 2 replies      
The Vulkan version will really add a lot I think. I would guess most people are most interested in an OpenGL to Vulkan comparison. Similarly (possibly more interesting to people, I don't know?) the DirectX version.

Nice comparison.

eponeponepon 2 days ago 1 reply      
Neat. Always interesting to be reminded how far the capabilities have come in so short a time. The PS2 really wasn't all that long ago in the grand scheme of things.

Would be intriguing to see how far older architectures like ps2dev can be pushed on modern hardware.

dmitrygr 2 days ago 3 replies      
I am not an expert in some of these, but I CAN tell you that both GBA and DS can do much better than the author has done here.
gtm1260 2 days ago 0 replies      
Definitely looks helpful as someone starting to get into Graphics Programming, but I can't wait for the Vulkan version!
osmala 1 day ago 1 reply      
A nice project, but I didn't find the license for the source code. As without one no-one can really legally use parts of it for anything that can become serious.

Of course it might be that I have missed it or it is hidden somewhere. I hope it really exists somewhere in the repository, but I didn't find it. I might be too tired to find it and someone else has better luck.

madez 1 day ago 0 replies      
I would be interested in seeing a version of this, where a pixel-identical scene is created using different toolkits.
mastazi 1 day ago 1 reply      
Why is one of the examples called "Unity"? Doesn't Unity just use the lower level rendering APIs or am I missing something?[1][2][3]

[1] https://docs.unity3d.com/Manual/UsingDX11GL3Features.html

[2] https://blogs.unity3d.com/2016/09/29/introducing-the-vulkan-...

[3] https://blogs.unity3d.com/2015/02/19/unity-4-6-3-metal-rende...

lunchladydoris 1 day ago 0 replies      
If you just want to check out a couple static images, check out the author's site [0].

I must be getting into my nostalgic period - I love the GBA version.

[0]: http://simonrodriguez.fr/dragon/

neogodless 2 days ago 1 reply      
How do I view them? Maybe it's because I'm on mobile, but I'm having trouble navigating to the actual images.

Edit: ok if I understand correctly, you need to visit the linked web site, visit each linked repo, and pull each one down? Could you provide a web page with previews, or would the resolution lose all visual differences?

nickelbackfan 1 day ago 0 replies      
It would have been cool if there was a single page with a screenshot of each version to compare
vitoralmeida 1 day ago 1 reply      
How about a pico-8 version?
Fox8 1 day ago 1 reply      
Would love to see how Glide stands up against this.
spyder 1 day ago 1 reply      
ocdtrekkie 1 day ago 1 reply      
When I was in school, I had an assignment to make the same super simple scene in OpenGL and DirectX.

That was when I learned I didn't want to be in a career field that would have me using DirectX.

Petition to open source Flash github.com
528 points by pkstn  1 day ago   235 comments top 48
notacoward 1 day ago 26 replies      
No no no no NO. It's time to get rid of Flash. Open-sourcing will make it live forever.

Flash has very little to offer that is not at this point duplicated (or improved upon) by others. It's also woefully insecure. "Many eyes make all bugs shallow" will only work for the most trivial bugs in the most common code paths. Plenty of vulnerabilities will remain. In open source, they'll be even easier for attackers to find and exploit. If you want something open-source and (mostly) Flash compatible, follow nkkollaw's suggestion: support one of the already-open-source alternatives.

aylmao 1 day ago 0 replies      
I learned to program in ActionScript 2 on Macromedia Flash MX back in high-school. In spite of all the (deserved) hate Flash gets, we got to give it credit too.

- It was a response to the stagnant IE-dominated web that allowed people to experiment and create incredibly rich content that is still hard to replicate.

- It's editor was amazing for introductory programming. It was as easy and intuitive to use as any vector-graphics editor, but you could get really complex on your programming too. It was very visual, very graphical, which helped.

- It was great for animation. I really can't think of anything that compares. There's lots of animation software out there but most are targeted to video. There's lots of libraries for animating Canvas/SVG, but they don't have interfaces/editors for non-programmers. Flash was an amazing middle-ground; a great creative AND technical tool IMO.

- ActionScript was nice; it wasn't daunting, it had types to help you, but they didn't clutter the syntax. If I recall correctly, the tooling wasn't too shabby either, with good auto-complete and suggestions as you type.

It's thus no wonder it caught on like wildfire and there was so much content for it. It was a good option for technical projects and creative ones, beginners and experts. I definitely don't want to see Flash making a comeback on web, but I wouldn't mind seeing it in standalone applications (assuming security doesn't become an issue), and I could see its value on education, granted, with the right editors and tools.

jarym 1 day ago 5 replies      
So much hate for Flash. Yes it has regular security holes, is CPU hungry and a lot of people used it to create some mightily annoying things....

But Flash was a gift from the gods back in the early days of IE and most people forget that. If you wanted to make some HTML look nice you had little more than the dreaded 'blink' tag to work with.

If it weren't for Flash I doubt we'd have anywhere near as advanced CSS, SVG, Canvas and HTML5 bells and whistles that designers can actually use now.

I doubt Adobe will open source it though. They probably know there's a whole heap of other security issues in it that'll get found and exploited as soon as they release it. Your average user won't be able to patch fast enough!

nkkollaw 1 day ago 6 replies      
Why not contribute to well-established open source Flash players?



ransom1538 1 day ago 2 replies      
Again. From my game dev days, the people that really lose (over and over) are the artists. Millions of hours have been sunk into laying out vector graphics with the Flash IDE. Code I understand should eventually be tossed away, but, not art. I guess staring at millions of beautiful vector timelined illustrations changed my opinion - but it is art to me. And like books, I think its a sin to toss. I hope the artists convert their .fla files over and save what they can.
nradov 1 day ago 3 replies      
Chances are that Flash contains licensed third-party IP and thus Adobe couldn't unilaterally open source it even if they wanted to.
simion314 1 day ago 3 replies      
I can't understand why people are against open sourcing some proprietary code, why would it affect you? If you hate Flash that much you will have the opportunity to see the source code and confirm that is bad. All the open source reimplementation are incomplete, so with the opening up of Flash the open source ones could have a look (if license allows) and finish the reimplementation.
mstade 1 day ago 2 replies      
FWIW I posted[1] in the Flash EOL thread the other day that an Adobe employee told me years ago that licensing issues were the main hindrance to open sourcing the Flash player. (Another HN user who said they used to work for Adobe seems to back this up.) A lot of technology in the player was licensed and difficult to remove/refactor such that the player code could realistically be opened up, and there was little business incentive to invest resources into it. I'd imagine the incentives are even less now.

[1]: https://news.ycombinator.com/item?id=14850791

fenomas 22 hours ago 0 replies      
I worked at Adobe near the Flash team back in the day, and the PMs I knew would have absolutely loved to open-source the Player. The problem isn't willingness, it's third-party code, of which there is apparently a lot.

If there was just a button to be pressed, Adobe would have pressed it circa 2010. But at this point, I think open-sourcing Flash Player is the kind of thing where the project to figure out what all would need to be done would cost more than Adobe would want to invest, never mind actually doing the necessary work (both engineering and legal).

gamedna 1 day ago 2 replies      
Flash has generated a tremendous amount of assets that will be lost. Preserving them for historical reasons is extremely important but i am far less interested in preserving the technology than preserving the idea or creation itself. I would love to see an effort around conversion or transcoding flash assets to other technologies. For example, flash movies being rendered to an open standard or flash games being automatically converted to javascript/html5. The content creator deserve to have their legacy recorded and maintained but this is not the solution. (granted it may be a solution for other use cases, but i am not sure what those are)
Anatidae 1 day ago 1 reply      
There could be an issue of opening up even more security issues for people with Flash still installed. That, in turn, will likely lead to an all out campaign to remove Flash from everything possible (maybe not a bad thing at this point).

But, honestly - Flash as a platform hasn't advanced much in quite a while. What it once offered - rich multimedia runtime engine across platforms - is either available in the browser directly or can be attained through even more rich engines such as Unity3D.

rnhmjoj 1 day ago 0 replies      
As long as it stays away from a browser it's perfectly fine.

I am already using gnash to run flash games and a feature complete open source implementation would be very welcome.

pan69 1 day ago 1 reply      

 Notice: The idea is not to save Flash Player, but to open source Flash!
What exactly is being referred to here? The Flash authoring tool I assume? As in, the application that you install on your desktop and use to create Flash animations with?

I think a better description of the purpose of this petition might be a good idea. A lot of people conflate Flash and Flash Player.

JohnTHaller 1 day ago 1 reply      
No, you don't need your silly flash player to play free games in your web browser or offer to users at a payment plan and method of your choosing. We've got this great app store for you to use that only costs $100 a year to submit apps to and we keep 30% of all the money you make on your game.
Animats 1 day ago 0 replies      
Just for historical reasons, it's good to have the source out there. Fifty or a hundred years from now, someone may want very badly to recover some old .swf file.
mirekrusin 15 hours ago 1 reply      
"So Adobe, you're killing Flash now. That's fine since you apparently can't fix it."

Seriously, why start with sentences like that if you really care about it being open-sourced?

midnitewarrior 1 day ago 0 replies      
I don't think anybody wants to see what's actually under the covers. Also, I'm pretty sure they've licensed patents from other participants, so it's not very likely they would bother trying to figure out all those details.

Future history does need a copy they can use in the future to look at web sites of the past though. Content that relies on proprietary technology will be lost in the annals of history.

rhabarba 7 hours ago 0 replies      
Where can I sign a petition to let Javascript die before 2020?
BatFastard 1 day ago 0 replies      
You have to understand the source of the problem. The browsers do NOT want to support this level of plug-in since it is less secure. That is why the Unity plug-in went away, that is why ALL plugs ins are going away. Flash is still alive as AIR in mobile and desktop. But it is DEAD in browsers.
scj 1 day ago 0 replies      
Open sourcing code allows a new vector for finding vulnerabilities. Just because the software reaches its EOL doesn't mean it is removed from every computer.

I believe that open sourcing Flash should be done for the sake of software preservation. But I would recommend 2025 (end of life for Windows 10 and IE11) as the earliest release date.

madshiva 19 hours ago 0 replies      
If you want save flash, just install an virtual machine with WinXP and stay in the past. Too much website still use flash.. come on they have been warned so many times, flash must die.
pkstn 18 hours ago 0 replies      
The idea is not to preserve Flash player as is, but to open source Flash spec to make it possible to archive all the good stuff out there!
Brajeshwar 1 day ago 0 replies      
A bunch of us suggested this to Macromedia around 2005. Unfortunately, it never became a popular topic. Adobe took it over and well; turtles all the way down.
unsignedint 1 day ago 0 replies      
Aren't more of recent application for Flash is to deliver DRMed video while rest moving to something else like HTML5. If this is the case opensource Flash won't really help...
joe_momma 1 day ago 0 replies      
There should just be a Flash only browser with an HTML5 blocker muhahaha.
flashplayer_exe 1 day ago 0 replies      
Browser vendors are already disabling flash by default.There is no need to "kill" anything. Even if it were opensourced today it will still meet the same fate. The only people who care about open sourcing are those who want a standalone flash player for archival purposes.

Gnash works pretty well with non AS3 noninteractive movies and looping swfs. Most games are still broken though.

zwetan 1 day ago 0 replies      
what about petitioning Google so they open source Swiffy ?

To me Google Chrome is the one responsible for killing Flash, Adobe is just playing catch up.

jaimex2 1 day ago 0 replies      
Big star from me.

I never understood the hate flash got, sure it was abused by ads but to this date I have never seen the same level of animated and vibrant websites that were around in its peak.

Everything is the same old bootstrapped template now, its pretty boring.

kahlonel 1 day ago 0 replies      
I would do anything to preserve those white buttons with glowy green borders.
odammit 1 day ago 0 replies      
I would love to see what kind of Simcities are in that source code
cgb223 1 day ago 0 replies      
There are a ton of Black Hat hackers who would love to see this petition become real

Shut it down, the internet is massively more secure without flash

prodikl 1 day ago 1 reply      
ActionScript is still loved by the Starling community. I don't really think i'll miss the swf format, though
yuhong 1 day ago 0 replies      
This will probably take years of course. Hopefully the H.264 patents will expire at least not long afterwards.
adaml2017 22 hours ago 0 replies      
yes! great idea. Also quick observation, Flash is so hard to get rid of because it's still a very useful tool. We're lucky to have had it in the 2000's
dhosek 1 day ago 1 reply      
How about a petition to have Adobe put into all versions of Flash going forward code to disable the flash player on the EOL date so that the danger of security vulnerabilities from the damn thing will be greatly reduced.
covamalia 13 hours ago 0 replies      
Just let it die!
xilni 1 day ago 3 replies      
Dear god no, please just let it die, I don't care about Badger, Badger, snake or Flash hentai flash game nostalgia that much.
dim13 1 day ago 0 replies      
Let it go gracefully.
rbanffy 1 day ago 0 replies      
Please, let it die.
c4ncri 1 day ago 1 reply      
Let flash die. We don't need it. We got HTML5.
imagetic 1 day ago 0 replies      
Let it die.
mtgx 1 day ago 8 replies      
Isn't Flash player's code super-messy by now? (a hint towards that could be all the vulnerabilities found for it every week). Open sourcing it would have to dramatically improve the code quality and in a relatively short period of time (2 years max), otherwise browser vendors would never go along with it (nor should they).

Sounds like a daunting task, especially if no big organization/leader takes up the task of cleaning it up, the way OpenBSD did with LibreSSL.

ram_rar 1 day ago 0 replies      
Its already open sourced. Its called HTML5!
bricss 1 day ago 0 replies      
Burn it to hell
sureste 1 day ago 0 replies      
I support this. In 20 years when no one is using it anymore and the source code is released for academic purposes.
CrankyBear 1 day ago 1 reply      
Really? Really!? All the years we've suffered with this, this insecure "Thing* and you want to give it eternal life in open source? Not just no, but hell no. You want video? Use HTML 5's Theora, H264, or WebM.
jayflux 1 day ago 1 reply      
Even if this did happen I doubt browsers would support it (as already mentioned)If nostalgia is the problem, it would be far less effort to recompile those games into html5
omarforgotpwd 1 day ago 0 replies      
Yikes. How about a petition to burn it with fire? Petition to erase all mention of flash from history books?
BTC-e and its founder charged in 21-count indictment over hack of Mt. Gox justice.gov
426 points by ryanlol  1 day ago   221 comments top 21
openmosix 22 hours ago 12 replies      
The question for me is: why US? He is a Russian citizen, the company is based in Bulgaria, servers in Russia, legal HQ in Cyprus and all the services operated from Seychelles - arrested in Greece. The MtGox hack affected a Japanese company. I'm not debating the nature of the crimes, etc - I am just wondering, when does it become a US case?

I can get the "there were US customers" - but why not Europe? Or Japan? Or Russia? Or Australia? I'm sure BTC-e had customers from all over the world (and money laundry is pretty much a crime everywhere).

So, when does it become "you have broken the US law and you are under arrest"?. Does it work the other way around too? If you start a gay social network in US, can Russia come in (the first time you are flying in one of the Russia's partners territories) and say "you are breaking Russian gay laws, you are under arrest"?

mrb 21 hours ago 3 replies      
BTC-E has been seen by the Bitcoin community as "shady" for years. People have always recommend others to avoid using it. It was rumored to be an easy place to sell stolen Bitcoins. It has always offered strangely convoluted pathways to transfer fiat to financial institutions (see http://bitcoinworldwide.net/how-to-deposit-money-into-btc-e). I'm glad BTC-E finally got taken down. I am not surprised it was involved in illegal activities. One less shady Bitcoin company.

Now the top 12 or so volume-ranked Bitcoin exchanges listed at https://cryptowat.ch are perfectly legitimate trustworthy companies. The ones I'm not sure about are CEX.IO and Luno (not saying they aren't trustworthy, I just don't know them that well) and, well, Bitsquare which as a decentralized exchange is bound to have some shady participants.

lettergram 22 hours ago 12 replies      
I still don't understand, the U.S. is charging a Russian with a white collar crime?

The crime was committed outside the U.S., he didn't come to the U.S., the servers weren't in the U.S., Mt.Gox was based out of Japan, and Greek police arrested him.

I've seen this enough to know this is common, but what is going on with this world?

Dolores12 21 hours ago 6 replies      
1) Arresting btc-e admin made all US customers to lose their balances on btc-e exchange. I highly doubt btc-e will come back online.

2) If you run online exchanger and have a single US customer, then you have to register your operation in USA. I find it ridiculously stupid.

disillusioned 21 hours ago 2 replies      
An interesting comment validated here, from 7 years ago:


mirimir 23 hours ago 1 reply      
Interesting. Bitcoin stolen from Sheep Marketplace also ended up in a BTC-E account.



atmosx 14 hours ago 0 replies      
I would like to know how he was arrested in Greece. Was there an Interpol warrant or something or they just made a phonecall and the Greek authorities promptly put the guy on a ship to US?
grandalf 20 hours ago 1 reply      
This illustrates how the DOJ is years behind when it comes to understanding cryptocurrency technology and markets.

It won't take long for one of the cryptocurrencies with private transactions to rise in dominance, since this sort of crackdown imposes costs and uncertainty on all participants.

If the goal of the DOJ was to fight crime, the most effective approach would have been simply to infiltrate mixers and trace money flows relevant to investigations, something BTC is perfect for.

Instead, this move sends a strong signal to the cryptocurrency community that hardening measures are needed.

For instance: http://zerocoin.org/

techaddict009 18 hours ago 1 reply      
Question is who has the control over BTC-e's crypto?Will they be returned to users?
RachelF 20 hours ago 0 replies      
An interesting analysis of the evidence here:

Breaking open the MtGox case, part 1 http://blog.wizsec.jp/2017/07/breaking-open-mtgox-1.html

stepik777 13 hours ago 0 replies      
They are boasting about how they caught the guy who robbed Mt. Gox but they just did the same - a lot of people just lost access to their money on BTC-e. They are not all criminals, BTC-e was a convenient way to exchange bitcoins to/from rubles and was used by many people in Russia who were interested in cryptocurrencies.
aarongolliver 23 hours ago 0 replies      
The website still says "down for unscheduled maintenance"
agorabinary 23 hours ago 1 reply      
>The takedown of this large virtual currency exchange

I haven't kept up to date on exchange volume. Was btc-e still a popular exchange (up until this takedown of course)?

baby 18 hours ago 0 replies      
I am so happy right now that I moved my litecoins from btc-e to a personal wallet. I've learned my lesson.
SwellJoe 19 hours ago 2 replies      
So, does that mean I can't get the BTC I deposited in BTC-e ages ago? I somehow didn't even know any of this was going down. (I have no idea how much it was...maybe a quarter of a coin, which is a reasonable amount of money today.)
ue_ 22 hours ago 3 replies      
Interesting, I have been using BTC-E for a while, I had no idea this sort of thing happened. Was it knowingly assisted by someone at BTC-E, or did BTC-E just act as a dumb machine?

BTC-E was one of the eastiest ways for me to change BTC and LTC in day trading. Are there comparable websites with small fees? I'm not interested in buying with fiat money.

ryanlol 1 day ago 4 replies      
There's been no mentions of coin seizures anywhere as far as I can tell. Usually you'd see some boasting about that.

Perhaps these guys were actually smart about their cold storage?

sjreese 12 hours ago 0 replies      
Where is the FBI in this? It was a FBI black op against silk road -> follow the money! Who was silk road's bank < Mt Gox - Who bankrupt Mt Gox < FBI Who had access to Trademill database < FBI Who authorized the attack on BitCoin after saying don't use it's not safe < FBI Today the seizure of all BitCoin in BTC-e is done by the FBI - Hopefully the number of FBI SA's going to jail over this Black Op will be limited. But, their greed is transnational to hide their seizure of overseas assets.. that is, What was seized and who accounted for it! Think DrugWar - we will be looking for SA's living beyond their means as with silk road
bigbrooklyn 20 hours ago 0 replies      
gruez 23 hours ago 3 replies      
>Russian National And Bitcoin Exchange

So nothing will happen to the site or its owner, other than maybe they won't be able to transfer out USD.

mikob 20 hours ago 1 reply      
Although I don't understand the US's involvement in this -- a man breaking the rules is being put to justice, and I'm very glad. I'm also impressed by the feds work in the cryptocurrency space. In recent years the fed has really started to reverse the trope of the government not being technologically adept. There are too many that become wealthy through illicit means and it's good news that something effective is being done about it.
How Fear and Outrage Are Sold for Profit medium.com
569 points by tontonius  2 days ago   243 comments top 31
karllager 2 days ago 8 replies      
As a kid, I grew up in a country with almost no advertising. Repeat after me: No ads in the streets, in the TV, in the radio, nowhere.

One day we found a magazine (from another country), which contained ads. Two people smoking cigarettes in a strangely alien world, some kind of jungle - or a safari, maybe.

This image was so strange in many ways: Why is it there in a magazine, that was about something completely different? Who does it speak to? What is this strange world depicted there? Why does it feel a so - unreal? And why do the people smile in the picture, even though it is unreal?

Image a day in your life without coming across an ad. Or a week. Or a year.

Take a breath and imagine what the world would feel like.

The need for advertising is deeply rooted in a society, that overproduces things and where a large part of your survival depends on your skill to sell. My deepest hope is that this world will be regarded just as strange as my kids eyes stopped before the strange picture of the two smokers.

maxxxxx 2 days ago 10 replies      
I don't understand why so many people are addicted to outrage, anger and fear. For a while I played along but then I quickly realized that all this stuff is manufactured to manipulate people. Now I can't even stand watching CNN or watching a campaign ad.
anotherbrownguy 2 days ago 3 replies      
>Journalismthe historical counter to propaganda

"The good old days", except that never existed. Journalism has always been the tool for the powerful to paint a positive picture of themselves to the general public via "unbiased agents" called journalists who are "free to write anything" as long as it serves their masters.

Now that almost anyone can publish their opinion and share it with everyone, the ones who have been doing their thing for hundreds of years are being exposed.

eludwig 2 days ago 4 replies      
A nicely laid out and illustrated article that's well written.

That's about the best I can say. The worst is why? Who is the audience for this? I firmly believe that if you found this article by clicking on a link on the HN homepage, then you already know all this. It's exactly the kind of article we've been reading about in one form or another for 20 years.

If you didn't find this article on the homepage of HN, then the odds are that you will never read it. Why? Because of all of the noise that the very article itself points out!

This is a type of preaching to the choir, imo. Reinforcing to the wrong audience. The points made are fair, but obvious.

But it is pretty! :)

erikb 2 days ago 1 reply      
Is it a coincidence that just yesterday we discussed a similar topic with fear being a product sold to us? https://news.ycombinator.com/item?id=14843080

(This is to increase the discussion spectrum, not to shut down the one started here)

eapotapov 2 days ago 0 replies      
I think the biggest problem is that the media got dissolved within social networksclickbait titles were existing before - just remember tabloids.

the thing is that when you see offline media you see:1. the brand2. you know how reliable is this media3. you usually know the audience and think if you're part of it and trust the media

so in offline, they don't afraid that their reader will buy something else (well they afraid, but it's not a matter of click)

in facebook it's all just titles when reposted and people don't check where exactly it was published before clicking

so it's just like "national examiner" will have a version published in the design of nytimes or anything else - so they will not only have their audience but will try to get a slice of other media's audience

it could have been a quite complex thing to do for offline media as you need to actually print the edition, and pay money for it, but it's free for online, and you get money per view/per click

so i think it's definitely a war between media for this new spread audience on social, there should be a new way to re-establish reliability

frankydp 2 days ago 4 replies      
I would be happy with just opinion free and divisive speech free headlines. If the big outlets could simply start with that, it might be attainable. Words matter.

In the meantime. https://legiblenews.com/

blizkreeg 2 days ago 0 replies      
This is what we've sold for millennia. Right from Roman-era gladiatorial fights (for pure entertainment) to CNN, Fox, or Breitbart disguising entertainment as news, telling you the world is coming to an end.

While we can and should certainly aspire to a different way, plainly presented news and information has few(er) takers in comparison to shock and awe. Humans love drama.

kawera 2 days ago 0 replies      
An interesting book on the subject is "The Science of Fear" by Daniel Gardner: https://www.amazon.com/Science-Fear-Culture-Manipulates-Brai...
hprotagonist 2 days ago 7 replies      
Worship power, you will end up feeling weak and afraid, and you will need ever more power over others to numb you to your own fear.Worship your intellect, being seen as smart, you will end up feeling stupid, a fraud, always on the verge of being found out.

But the insidious thing about these forms of worship is not that they're evil or sinful, it's that they're unconscious. They are default settings. They're the kind of worship you just gradually slip into, day after day, getting more and more selective about what you see and how you measure value without ever being fully aware that that's what you're doing.

And the so-called real world will not discourage you from operating on your default settings, because the so-called real world of men and money and power hums merrily along in a pool of fear and anger and frustration and craving and worship of self. Our own present culture has harnessed these forces in ways that have yielded extraordinary wealth and comfort and personal freedom.

The freedom all to be lords of our tiny skull-sized kingdoms, alone at the center of all creation. This kind of freedom has much to recommend it. But of course there are all different kinds of freedom, and the kind that is most precious you will not hear much talk about much in the great outside world of wanting and achieving and [unintelligible-- sounds like "displayal"]. The really important kind of freedom involves attention and awareness and discipline, and being able truly to care about other people and to sacrifice for them over and over in myriad petty, unsexy ways every day.

That is real freedom. That is being educated, and understanding how to think. The alternative is unconsciousness, the default setting, the rat race, the constant gnawing sense of having had, and lost, some infinite thing.

DFW, 2005.

dkhenry 2 days ago 0 replies      
CCP Grey video on this topic, but from a slightly different perspective


partycoder 2 days ago 0 replies      
In the US, people from places that not even a scholar with a geography major can find on a map are afraid of being attacked by people that don't even know their town exists, and even if they did, I highly doubt they even bothered to go all the way there to just to harm an average rural guy that nobody knows. It's nonsense.
felipeccastro 2 days ago 0 replies      
Great article! And oh, the irony of having a very engaging title...It seems it all boils down to incentives: if the only available way of making money is ads, news agencies will optimize for that. I wonder if new techs like blockchain/ethereum may provide alternative ways of making money with different kinds of incentives (i.e. not optimized for more clicks, but for something else).
transposed 1 day ago 0 replies      
I'm pretty good at not falling victim to this. I don't check facebook. I don't watch TV or the news. I don't listen to the radio. I have a suite of ad-blocking technology. My attention is entirely mine to direct.

Instead I read, listen to podcasts (which are sponsored oftentimes, but it's more relevant and less intrusive), watch recordings of episodes/streams without commercials.

I believe I feel better because of this, and have more knowledge and skills. But I also sometimes feel like I live under a rock when I miss facebook reminders of birthdays, and "haven't heard" about current events that are blaring across all channels.

AdeptusAquinas 2 days ago 2 replies      
I and I am sure a good percentage of the internet population always struggle with articles like this. I don't have an ad blocker, don't have any 'ad-free' subscriptions to anything, yet I never click an ad while at the same time am not particularly bothered by them. They're just noise, and since they register as basically whitespace in my head, noise easily ignored.

I don't feel 'at war' when I go online, and even if my attention is 'captured', it certainly doesn't translate to any purchased products or revenue for the 'aggressors'.

That being said, I don't dismiss that it does occur: as Max Barry the author said, 'the industry is making multiple billions a year - that money comes from someone' (paraphrased). Just not from me.

icanhackit 2 days ago 0 replies      
This was touched on by the study mentioned in the article which researched millions of headlines -- there was a interesting study from Wharton School of Marketing titled What Makes Online Content Viral [1] that demonstrated which emotional valences led to readers sharing content, and the biggest predictor was anger. Interestingly the valence that led to the least amount of sharing was sadness.

[1] http://opim.wharton.upenn.edu/~kmilkman/2012_JMR.pdf

RcouF1uZ4gsC 2 days ago 0 replies      
As the article mentions, this sensationalism was also a problem in the past. I think the big change is the subscription model vs the one-off model. A one-off model whether sold on the street or on the Internet favors a sensational attention grabbing. A subscription model favors long term value which is insight and honesty.

I am happy that some of these traditional newspapers are going back to a traditional model. I would guess that if you compared headlines from newspapers that are subscription vs ad based, the ad based ones have significantly more sensational headlines.

Mefis 2 days ago 2 replies      
"Regardless of the dramatic drop in crime over the last 30 years, more than half the population believes crime is worse than it was in years past."

"The children now love luxury. They have bad manners, contempt for authority; they show disrespect for elders and love chatter in place of exercise." - Socrates

This argument keeps popping up. To confirm it we would need a control group. It is likely that even before social media people believed the state of affairs worse than it actually was. Maybe people are more prone to believe that our condition is deteriorating rather than improving.

laretluval 2 days ago 8 replies      
The narrative that information distribution was more accurate in the past because of "traditional journalism" has always struck me as self-serving.

> Journalismthe historical counter to propagandahas become the biggest casualty in this algorithmic war for our attention.

Is the best solution really to fight propaganda by leaving our information distribution to a selected elite that we have to trust to follow some standards? Journalists are humans just like everyone else, although we've been taught to think of them as super-moral heroes.

Is there a trustless way to implement journalistic standards such as sourcing?

travisl12 2 days ago 1 reply      
I've been feeling that most "news" outlets these days (for a while?) seem like propaganda. But I think I realize now that this propaganda feeling is just a side-effect from trying to sell shit.
stcredzero 2 days ago 0 replies      
I'm going to spread this link as far and wide as I can!



artur_makly 1 day ago 0 replies      
coincidentally i just discovered NYTimes's survey of a multimedia article about the jordanian debacle. they sre asking some deep questions of me:

screenshot : http://imgur.com/a/uzqXRsurvey : https://nyt.qualtrics.com/jfe/form/SV_4INloKlK2qDNyfz?source...

raverbashing 2 days ago 3 replies      
And articles like that miss (or just ignore) that there are reasons to be worried, as small as they might be

A person having Ebola seems to me like a significant fact even though it doesn't represent any danger

These articles want to play a holier-than-though nihilist/"we know better" image but just come across as idiotic.

Overreacting is stupid, but underreacting is naive.

equivocates 1 day ago 0 replies      
Is this article not an example of the very thing it complains of?
mcappleton 2 days ago 1 reply      
I'm very glad I found Hacker news. Sometimes I read the news just cause I'm bored. Now I can just read hacker news which helps me be a better coder instead of draining me of emotional energy
defined 1 day ago 0 replies      
Obligatory xkcd webcomic:


abhishek0318 2 days ago 0 replies      
This article's headline is ironic.
iratewizard 2 days ago 2 replies      
Just an FYI - you will probably cringe when you look back at how you used to type and form sentences.
WalterBright 2 days ago 0 replies      
That article makes me outraged!
smsm42 1 day ago 0 replies      
> This is not your faultit is by design.

Here's where I disagree. It is your fault. You don't have to watch youtube videos. If you do and the result is not to your liking - it's your fault. Nobody stood with a gun to your temple, nobody injected you with mind-suppressing drugs. You just like silly Youtube videos. Own it and stop blaming somebody else, or install site-blocking extension into your browser. Your life is your responsibility, and so is your time, whatever you do with it, including wasting it on silly youtube videos.

gmarx 2 days ago 4 replies      
I noticed his violent crime graph stopped around 2013. Convenient. Yes violent crime is down by the standards of the previous 50 years but I'm pretty sure it has been inching back up over the previous two, at least in cities. Nothing to panic about yet but also nothing to be dismissive about.

Also, though I too long for the old days of journalistic standards, let us a remember one of the side effects what creating the assumption that there is one correct mainstream view of reality and that anything that deviates too much from it is extremism (or today "fake news").

There is almost no such thing as a bias free reporting of facts and events in the news. Many of the things which were in the past dismissed as the views of cranks are now accepted as normal. Surely some of the views expressed in the darker corners of the internet today will someday be considered mainstream and many of the views expressed by the mainstream real news will some day be considered nuts.

Jeff Bezos Surpasses Bill Gates as World's Richest Person bloomberg.com
432 points by fargo  12 hours ago   378 comments top 34
kens 10 hours ago 16 replies      
I think most people don't realize just how much money the richest people have. People generally think of normal(ish) distributions like height, where if you're 10% taller or shorter than average, you're a tall or short person, and 40% taller makes you the tallest person in the world. In comparison, wealth has a very, very long tail, making it hard to comprehend.

Here's what I've come up with to visualize wealth in the United States. Suppose you start counting, going up by 1 million dollars every second, and people sit down when you reach their net worth. Most people will sit down immediately. After about 9 seconds, people in the "1%" will start sitting down. Near the 17 minute mark, billionaires would start sitting down. Donald Trump would sit down just before the hour mark. A day later - an hour and 10 minutes into the second day of billionaires sitting down - Bill Gates would sit, followed by Jeff Bezos just three minutes later.

The point of this is there's a huge range of billionaires (analogous to comparing 17 minutes to a day). The 1% hardly even registers on this scale (a few seconds). (I should also mention that there should be huge error bars on reported net worth numbers.)

vanderZwan 12 hours ago 7 replies      
Hasn't Bill Gates mostly been focused on spending his fortune as effectively as he can on philantropy for the last decade or so? In that light it's more amazing it took that long.
Verdex_2 12 hours ago 4 replies      
_Codemonkeyism 12 hours ago 5 replies      
I was one of the guys writing M$ and annoyed by the shady business practices of Gates.

Today he has my utter respect on how he tranformed and how he spent his money.

m12k 11 hours ago 6 replies      
Officially at least - there is a chance that Putin is actually the richest person in the world: https://www.theatlantic.com/politics/archive/2017/07/bill-br...

"He wasnt saying 50 percent for the Russian government or the presidential administration of Russia, but 50 percent for Vladimir Putin personally. From that moment on, Putin became the biggest oligarch in Russia and the richest man in the world, and my anti-corruption activities would no longer be tolerated."

Dirlewanger 11 hours ago 3 replies      
So when do we think Bezos will go on the typical billionaire philanthropy track? Actually, a better question is probably will he even? At Bezos' age, Gates was already in a backseat role with most of his non-philanthropic ventures. Though he shares some similarities with Gates, he shows no signs of stopping. He seems actually content with Amazon eating the world, and I don't think it will be a net positive for humanity.
JustAnotherPat 11 hours ago 1 reply      
I wonder at what point the world's richest will no longer include those philanthropically inclined like Buffet, Gates, and Bloomberg and will be dominated by the likes of Bezos, Slim, and Ortega. (The jury is still out on Zuckerberg and his dubious initiatives)

Our global economy is trending towards benefiting only the most ruthless, even at the very top.

throwaway328832 7 hours ago 0 replies      
Money frankly is irrelevant beyond a certain point (and most of it is in the form of share holdings anyway).

I'd be more worried about the power/political influence these individuals wield. There is generally an incestuous coterie of the rich that one gets access to after a certain point, where the destruction of freedom is lubricated with champagne and caviar. Bildeberg/IMF/WTO/G20 etc. are symptomatic of such cabals of corporatocracies and their retainers in the state apparatus that wield power over the world.

DannyB2 12 hours ago 3 replies      
This probably does not change Bill Gates' enjoyment of day to day life, or lack thereof, whatever the case may be. It depends on whether Bill Gates is obsessed by these kinds of facts, or whether he can enjoy life without a tiny hand size measuring contest.
bvm 12 hours ago 5 replies      
Is there a measure of the most fully liquid richest person? i.e. the individual that holds the most cash.
shimon_e 12 hours ago 2 replies      
Somewhere there is a community of retailers that hates Amazon as much as Slashdotters hated Microsoft.
neiled 12 hours ago 2 replies      
I was surprised by this. Anyone know the levels of philanthropy of Bezos vs Gates? I've ready many times of the great work and resources (money and otherwise) that Mr Gates has contributed to many causes.
nolok 11 hours ago 0 replies      
I cant entirely decide if I find that graph [1] more impressive or terrifying. Look at the time scale and the speed at which Bezos' net worth increased, while starting at the already insane point of 30 B.

[1] https://assets.bwbx.io/images/users/iqjWHBFdfxIU/iVJAUVVd7l0...

losteverything 10 hours ago 0 replies      
From the article" Anyone who joins Prime shops in retail stores 10 percent less, and that number will keep accelerating as Amazon adds more inventory.

Id love to know the analysis on this.

I deliver to amazon addicts and prime-ers. Although, yes, they order often (5-6 days a week) the volume of items by count is tiny compared to a shopping cart at a store.

droidist2 12 hours ago 0 replies      
Damn it, why did I sell half my Jeff Bezos stock
arsenal 3 hours ago 0 replies      
How much of that money is he actually giving away to uplift other people? A lot to catch up on Bill Gates there
jcmoscon 7 hours ago 0 replies      
So to understand how much money he has let's say Jeff Bezos is walking in the street and sees US$42,000 laying on the ground. He is so rich that it's not worth for him to stop and get the money. It's like you and me seeing a 10 cents coin on the ground. That's his life.
gpawl 5 hours ago 0 replies      
Only on a technicality, because Gates's Net Worth doesn't include money in the foundation that Gates controls.
VMG 12 hours ago 0 replies      
Prime Day paid off it seems
krapp 12 hours ago 2 replies      
Just imagine the quality of head wax he can afford now.
0xbear 10 hours ago 0 replies      
BillG has been giving away something like $2B a year for the past 15 years. He's not really holding onto the title very much.
odiroot 12 hours ago 0 replies      
I wonder how does his security detail look like.
pavlakoos 11 hours ago 0 replies      
Well deserved, I'm afraid.
dluan 11 hours ago 0 replies      
Something in the water in Seattle
swehner 11 hours ago 0 replies      
You guys haven't been keeping up the boycott, have you?!
miguelrochefort 12 hours ago 0 replies      
I call 100 billion by 2019.
_pmf_ 11 hours ago 0 replies      
Best paid CIA operative.
advertising 11 hours ago 0 replies      
Except it's Putin
kooky5489 11 hours ago 0 replies      
It should be Elon Musk!! He is the ultra billionaire we deserve...
dumbfounder 12 hours ago 0 replies      
Congrats dude, well earned. I expect him to put some serious space between him and rest of the pack in the next 10 years.
bmcusick 11 hours ago 4 replies      
This is wonderful news for humanity, in the long term. Bezos is dedicated to expanding humanity into the solar system in a more sensible way than Musk is. O'Neil cylinders are really the way to go for a lot of reasons, and that's the vision that Bezos is dedicated to. More money for that is fantastic.

I just wish there was a Bezos/Gates-level billionaire who care as much about life extension via SENS. That's the only thing of equal importance I can think of that needs long term vision and financial support.

Tomis02 9 hours ago 0 replies      
Kind of surprised to see this so upvoted, I was under the impression that "top N richest people" articles only impress kids and the immature. Don't have a source for it but I'm pretty sure people with more than a few hundred million in the bank couldn't care less if they're richer or poorer than someone else, as they haven't made their fortune by worrying about frivolous things. But that's just me.
efficax 12 hours ago 3 replies      
I find it weird to report on this like it's a race or competition. His net worth bump right now is entirely due to rash market speculation and the recent tech bubble. When the crash comes (and it will), AMZN could easily be down to $500 in a week, and he'll just be insanely rich again.
SEC Issues Report Concluding DAO Tokens, a Digital Asset, Were Securities sec.gov
441 points by uptown  2 days ago   332 comments top 27
mifeng 2 days ago 5 replies      
If you read the actual report (https://www.sec.gov/litigation/investreport/34-81207.pdf), you may notice that the SEC is careful to apply securities law DAO specifically.

In particular, they apply the security test: "did investors invest money with a reasonable expectation of profits derived from managerial efforts of others?" Since DAO was a wisdom-of-crowd VC fund, the answer is a clear YES.

On the other hand, they are careful to say that other token sales MAY be securities but will be treated based on their specific facts and circumstances.

My takeaway is that this doesn't change anything. The SEC is proceeding cautiously: applying securities law in clear-cut cases, "studying the effects" generally.

It's also not a bad thing to comply with securities regulation. FileCoin is doing quite well selling only to accredited investors on CoinList.

joeyspn 2 days ago 4 replies      
BOOM! the game just changed...

> In light of the facts and circumstances, the agency has decided not to bring charges in this instance, or make findings of violations in the Report, but rather to caution the industry and market participants: the federal securities laws apply to those who offer and sell securities in the United States, regardless whether the issuing entity is a traditional company or a decentralized autonomous organization, regardless whether those securities are purchased using U.S. dollars or virtual currencies, and regardless whether they are distributed in certificated form or through distributed ledger technology.

Cshelton 2 days ago 2 replies      
There was no doubt in my mind this was coming.

Still waiting for them to come down hard on a company as an example. In this article it says they won't bring charges in this instance, meaning The DAO, however; if you have taken part in an unregistered sale of securities recently as a U.S. "company", you may want to seek legal advice on how to proceed right away. Maybe a deal can be made with the SEC for "ICO"'s that have occurred recently. Or you may be advised to leave the U.S., which may be the best option.

ilaksh 2 days ago 5 replies      
The SEC should show that it protects everyone's rights and not just large firms with piles of cash to pay to them and to pay expensive lawyers. Otherwise we have to assume that this is largely about trying to tax things.

The way they can do this is by making a real effort to update their technical, documentation, and regulatory programs.

Is there a straightforward way to do an Edgar filing that doesn't require a bunch of training? Is there a web page that clearly lists the requirements for these types of securities in plain English?

How much do the company registrations and filings actually cost? What is the basis for these costs? Because an ICO can be created at no cost. Are the excessive fees due to a lack of modernization or streamlining of the processes, or they simply bribes that line officials' pockets and protect the incumbent firms from poorly funded startups?

In recent cases, how would fees and filings have actually protected anyone? Does the SEC have technical staff or software capable of evaluating Ethereum contracts for validity or safety? If not, how does their regulatory effort provide any benefit, except as an opportunity for them to collect a type of tax and make it harder for startups to compete with large firms where SEC officials have friends working?

rdlecler1 2 days ago 3 replies      
Ironically ether & bitcoin started dropping last night around midnight. Makes me wonder if any SEC folks were involved in insider trading. Anyone care to speculate on what this will do to ether/bitcoin values? Does this concentrate interest in the existing players or does it hurt demand and speculation therefore depressing prices?
EGreg 2 days ago 0 replies      
This is a serious question to the lawyers on HN. In your non-advice way, can you tell us your opinion on the following?

So given that now we have a serious precedent for considering all ICOs aa securities, what are the steps a company needs to take to make sure their ICO is legal under US LAW??

1. Does it need to register the ICO somehow? If so, how exactly are the securities registered?

2.!What regulations apply now? Do the 1933 blue sky laws apply and Regulation D and the usual exceptions - including JOBS act crowdfunding provisions - apply?

3. Can anyone buy the ICO or does the company now need a private placement memorandum?

4. And even so, isn't the secondary market for the tokens constitute "transferring" of securities? What does a company need to make sure all that is legal, short of fulfilling all the reporting requirements of a Public company?

Basically what happens now to all the ICOs done so far by companies like Brave? What are they going to do?

Look at the title of this article and tell me - is it accurate?


m777z 2 days ago 8 replies      
I'm not terribly happy with the decision, though I can't say I'm surprised. I enjoy the drama of the Wild West that is Ethereum and the rest of the cryptocurrency ecosystem. Minimal regulation encourages innovation, while regulated markets can exist for people who want stability and certain guarantees to prevent fraud (or at least make it difficult).

I wonder what would happen if financial regulations became more "optional". I.e. the SEC exists to provide guarantees if a given company wanted to get the SEC's seal of approval but does not enforce most regulations on entities that don't seek SEC approval (and thus investors would know such entities are riskier). I suppose eventually a "too big to fail" company would avoid regulation and consequently go under, and that would be the end of that.

joshuaxls 2 days ago 0 replies      
This is why we've built CoinList: https://coinlist.co

We have seven years of experience running regulatory-compliant online fundraisings via AngelList. Now we're bringing that knowledge to ICOs.

will_brown 2 days ago 1 reply      
When DAO originally made the HN Front page I made this comment [1] calling DAO snake oil and suggested people could lawfully operate their own "DAO" as an Investment Club LLC, specifically Investment Clubs can be exempt from securities laws [2] subject to the restrictions I outlined in my prior comment such as a limit of "100 tokens" (i.e. 100 members to make future investments).

[1] https://news.ycombinator.com/item?id=11707497

[2] https://www.sec.gov/reportspubs/investor-publications/invest...

robbiet480 2 days ago 3 replies      
This appears to only applies to ICOs that offer something that is like a security, such as the DAO, not voucher based ICOs like Primalbase or Storj

EDIT: Added appears to since IANAL

memossy 2 days ago 0 replies      
As a hedge fund manager who just added a token to one of our projects (to help create a resource to combat extremism naturally), I wrote up my thoughts here:


A general rule of tokens is that if they promise a profit they are a scam and if they promise a share of profits a security.

The closer they are to API keys the better in terms of non-securitability.

It is likely that the token usage will gradually bifurcate between those that are "property" and scarce digital assets like Bitcoin (or rarepepes) and those that are API keys.

For our charitable project we've tried to incorporate elements of both to create an interesting token economy to build a useful resource.

Hopefully there will be more of these attempts, both registered as securities and that fall outside of this classification.

dmitrygr 2 days ago 2 replies      
Good. This should help bring some sanity and accountability. they were both quite needed
hellbanner 2 days ago 3 replies      
In another thread commenters speculated that ICO hacks were coming from inside jobs.. does this new SEC report change how the government would handle that? Is fraud of securities different from fraud over imaginary coins now?
williamle8300 2 days ago 0 replies      
You can't change the thirst for freedom inborne in every man via laws. This will only make cryptocurrency slip more easily through their fingers and galvanize efforts to avoid oversight.
kevinr 1 day ago 0 replies      
I dunno what y'all's problem is, the last ruling like this (from the IRS) meant I got to write $200 in Bitcoin losses off on my taxes.
prgmatic 2 days ago 1 reply      
What does this mean if you've bought or sold cryptocurrency within 2017?
iMuzz 2 days ago 2 replies      
> The SEC's Report of Investigation found that tokens offered and sold by a "virtual" organization known as "The DAO" were securities and therefore subject to the federal securities laws. The Report confirms that issuers of distributed ledger or blockchain technology-based securities must register offers and sales of such securities unless a valid exemption applies.

> The agency has decided not to bring charges in this instance, or make findings of violations in the Report

So they aren't going to bring charged to the creators of The Dao. What about the other dApp's based in the US that have already ICO'd (BAT, Augur etc.)? Also, if a company successfully files/gets approved by the SEC, does that mean that NASDAQ can now list tokens?

AFAIK the SEC only cares about securities sold in the U.S. I'd imagine this incentivizes a lot of Token issuers to leave the U.S?

kusmi 2 days ago 0 replies      
I don't understand exactly what this implies. If DAO is a C Corp, will it pay taxes on USD equivalent value of their coin holdings (150$ million going by the report?), or only on what they ultimately convert to USD? What if they use the coins to make purchases directly? If I own a C Corp, can I hide earnings in USD from being taxed by exchanging them for coins I make using some open source block chain?
zallarak 2 days ago 0 replies      
I'm uncertain of how much value the SEC provides. Problems they fail to solve:

* High brokerage fees

* Poor-outcome annuities

* Penny stock trading

* Risky options trading

Tokens are fraught with fraud, but the impetus for research is upon the individual. I fear that regulating this will stifle innovation with little benefit to end-consumers in terms of safety, because people will still get swindled out of their money by other legalized means.

bluesign 1 day ago 0 replies      
So to be security,

- must have investment, - profit expectation, - this profit must come from efforts of others (management)- limited or none voting right

So what is preventing digital currencies classified at securities?

throwaway86328 1 day ago 0 replies      
Isn't it also illegal to buy unlicensed securities? Couldn't the SEC also prosecute individuals who simply bought into these as unaccredited investors?

(I am not a lawyer)

kensai 2 days ago 4 replies      
Look at the beating the market gets right now (as of 13 minutes after the news were posted).


rdlecler1 2 days ago 1 reply      
Anyone care to speculate on what this will do to ether/bitcoin values? Does this concentrate interest in the existing players?
JohnJamesRambo 2 days ago 0 replies      
This is wonderful news. The ICO world was a disgusting mess of ignorance and pyramid schemes.
m1k32h07 2 days ago 1 reply      
Why isn't etherium's price crashing right now? https://ethereumprice.org/
discombobulate 2 days ago 1 reply      
Removed. I'm not from the US.
bitmapbrother 2 days ago 0 replies      
I was watching a YouTube video of a popular Ethereum blogger and he mentioned that one of his acquaintances was charged with tax evasion for not reporting his cryptocurrency income. This person thought he could just pay what he owed and be done with it. Unfortunately, it doesn't work like that. Once they catch you for tax evasion you'll pay whatever you owe in addition to facing tax evasion charges.
Ravens OL John Urschel, 26, retires abruptly, two days after CTE study espn.com
458 points by petethomas  10 hours ago   323 comments top 27
aresant 9 hours ago 8 replies      
A few colorful facts to the story here:

1) 3 years of service vests into NFL pension plan, he just hit qualification - value pegged at $21,360 a year for life (3)

2) He has not publicly commented on his retirement or reasons for it.

3) He has a hugely awesome secondary option - doctorate of math at MIT

4) He was at end of his rookie contract, next year would be the "in the money" year for him so he is clearly leaving a lot of cash on the table.

5) Over three years he "only" earned ~$1.8m http://www.spotrac.com/nfl/baltimore-ravens/john-urschel-145... - which after tax is 7 figures but still not a lot.

6) He has been notoriously thrifty, living on $25k a year and driving a used car (2). So would imagine at some level he has been planning this outcome, or leaving option wide open.

(1) https://www.washingtonpost.com/news/early-lead/wp/2017/07/27...

(2) http://www.baltimoresun.com/sports/bs-sp-ravens-john-urschel...

(3) http://firstquarterfinance.com/nfl-pension-plan-retirement-p...

magic_beans 9 hours ago 5 replies      
"Urschel is pursuing his doctorate at the Massachusetts Institute of Technology in the offseason, focusing on spectral graph theory, numerical linear algebra and machine learning."

This guy has a back-up plan. Good man.

meri_dian 8 hours ago 2 replies      
He clearly loves math so the CTE study may just have been the straw that broke the camel's back. He may have been yearning to fully devote himself to math for a while now.

Regarding the broader debate that seems to be swirling along the lines of 'should we ban Football or not', I strongly believe we should not.

If parents want to prevent their kids from playing football, great, that's their choice to make. But if they allow them to play, we have to keep in mind that only a very small percentage of players will continue on to play in college, and then only another fraction of those players will continue on to play in the NFL. I'm sure that people who play youth and high school football but stop playing after HS graduation have a much lower incidence rate of CTE than players who continue on to play at the collegiate and professional levels. So for the vast majority of football players CTE isn't much a risk.

Because those who do reach the highest levels of the sport make tremendous amounts of money, as long as they are aware of the risks, they should be able to make the decision for themselves.

ineptech 9 hours ago 15 replies      
Has "whether you let your kids play football" joined the long, long list of boolean values that separate members of the Red Tribe from the Blue Tribe?

If not, I think it's inevitable that it will. Someone will try to get their school to close its football program, someone else will complain that the health dangers are exaggerated by the liberal media because football is a red-state passtime, and pretty soon it'll be "Why do you hate America and apple pie" vs "Why do you want children to suffer and die".

grogenaut 9 hours ago 3 replies      
Summary: a national football league player, and PhD in math from mit, John Urschel, abruptly retired 2 days after a study showing 99% of retired NFL players from a study group had chronic brain issues (Cte). This is right before training starts for the season.

Edit: updates. Will point out that any summary is going to miss some facts as it's a summary. But I think people might be more likely to read the article if they could decipher the title. I like the Ravens and I assumed this was a cto of a game company yc startup who quit from the title.

Azkar 9 hours ago 14 replies      
So what's the big picture here? We've suspected for years that football leads to brain trauma. Does that mean the NFL should shut down? Should they continue to operate as normal?

There have been efforts recently to make the game safer for players, but the amount of concussions and injuries seen every season don't seem to be decreasing.

Can you make the game "more safe" without drastically changing the game? Any game played at this high of a speed, with this strong of players is going to have some inherent danger to it.

Do we just need to make the effects more widely known and understood by the players, maybe treat football like smoking with warnings printed on the outside of helmets? Anything less than that and you run the risk of not making your point.

Should I feel bad as a fan for watching football? Is it any worse than buying clothing made by child labor from a third world country?

tnecniv 9 hours ago 1 reply      
I'm amazed he had time to play and do a PhD at MIT. I imagine even in the off season those guys are very busy.
ilamont 9 hours ago 1 reply      
He was profiled in the most recent issue of Tech Review. He said his mother has been asking him to retire for a few years, but he still loved the athletic challenge of playing against top players.
zitterbewegung 9 hours ago 1 reply      
Has he ever been recorded giving a lecture about the Math that he does? I found a paper of his [1]. Looking at his wikipedia he is specializing in spectral graph theory , numerical linear algebra and machine learning. I think following what his next steps will be might be interesting also. Might setup a scholar Google alert.

[1] http://www.global-sci.org/jcm/openaccess/v33n2/pdf/332-209.p...

kraig911 9 hours ago 0 replies      
Well I think the results of the CTE study showed him that though no matter how much he wanted both things, only one of those would be consciously choosable while the latter would all he would have left if he continued.
therajiv 7 hours ago 0 replies      
I ran into this guy randomly at MIT once, during the offseason (last February). He was such a chill guy. Hearing this news makes me like him even more - he's not letting one of his passions get in the way of another.
gburt 9 hours ago 0 replies      
This is a strong testament to the value of the research. The researchers may have saved this guy's brain, if not his life.
otoburb 8 hours ago 0 replies      
>>In August 2015, he suffered a concussion when he went helmet-to-helmet with another player and was knocked unconscious.

"I think it hurt my ability to think well mathematically," Urschel said. "It took me about three weeks before I was football-ready. It took me a little bit longer before my high-level visualizations ability came back."

Losing a high-level cognitive ability must be terrifying; the flood of relief upon regaining his ability (probably slowly?) after 4+ weeks must have made him deeply question his continuing commitment, and then the CTE study pushed him over the edge.

backtoyoujim 9 hours ago 2 replies      
Trying to watch NFL reminds me of the moment in "Django Unchained" when we meet diCaprio's character sitting in a chair watching to slaves beat each other to death.

That moment of that movie comes to me every time the TV producers cut to the team owner sitting in their fancy box in their fancy chair paying lots of African American men to beat each other up for our entertainment and profit.

keeptrying 9 hours ago 3 replies      
There is a significant bias here in that its 99% of NFL players brains * which have been donated to the NFL *.

But honestly even if you could peek into every NFL players brain, I'm sure the likely incidence after 4-5 years of playing would be orders of magnitude greater than whats found in the general population.

sna1l 10 hours ago 3 replies      
For someone so smart, I'm a little surprised it took this CTE study to push him over the edge.

But maybe he wanted more conclusive data before leaving a job which paid him millions. :)

balls187 8 hours ago 0 replies      
"NFL Mathematics Expert"

That's pretty amazing. He scored 43/50 on the Wonderlic (highest in 2014).

Ryan Fitzpatrick scored a 49/50, though it was in the older format.

Angostura 4 hours ago 0 replies      
>In August 2015, Urschel suffered a concussion when he went helmet-to-helmet with another player and was knocked unconscious.

>"I think it hurt my ability to think well mathematically," Urschel said. "It took me about three weeks before I was football-ready. It took me a little bit longer before my high-level visualizations ability came back."

CurtMonash 9 hours ago 2 replies      
I abruptly stopped being a football fan last November.

The immediate reason was Bill Belichick staking his own reputation on Donald Trump's assaults on the media, in a close state in a close election. But CTE was making it hard to remain a football fan anyway.

usgroup 8 hours ago 0 replies      
I admire this sort of decision making. In particular, I admire that he took the risk playing football in the first place but called it at some prerequisite level of damage he was willing to take. I'd imagine that is something he put a hard stop on before embarking on the career: "two concussions max then I'm out whatever".
matt_s 9 hours ago 1 reply      
Something that wasn't pointed out in the article is that the vast majority of cases where a NFL player's family donates the brain to CTE study is where they already were showing some degenerative symptoms.

They can't test for CTE on living people and if someone has it but say dies from a heart attack before ever showing symptoms, they likely aren't donating to the CTE study.

Dirlewanger 9 hours ago 1 reply      
Funnily enough, this story also isn't prominently displayed on their homepage aside from the sidebar in tiny font. Apparently within hours of the NYT study being released, ESPN's reblogging of it disappeared to several page refreshes down their homepage. I can't wait for them to be significantly downsized if not dissolved completely.
cwkid 9 hours ago 0 replies      
This is notable, because Urschel has previously written a piece explaining why he was willing to play football given the risks (https://www.theplayerstribune.com/why-i-play-football/).
ugh123 8 hours ago 0 replies      
Wow, shitty auto-play video without ability to pause. Be warned!
bitL 9 hours ago 0 replies      
Smart. Congrats! Find another sport for needed challenge ;-)
dragontamer 9 hours ago 3 replies      
Football may get a lot of study recently, because its one of the most popular sports.

But Basketball injuries can ruin you for life as well. I have a cousin who has severe amnesia after getting knocked out during a Basketball match. Its like years of his life were wiped away after his concussion. He was a straight-A student too, these sorts of things are severely damaging to your student career.

Brain injuries exist in a lot of sports. Football is particularly dangerous but the dangers in other sports (Boxing, MMA, Basketball, Soccer) are severe as well.

HiroshiSan 9 hours ago 1 reply      
Pev: Postgres Explain Visualizer (2016) tatiyants.com
608 points by insulanian  4 days ago   47 comments top 18
hotdogknight 3 days ago 3 replies      
I needed a version that ran on the command line so I made one here: https://github.com/simon-engledew/gocmdpev
atatiyan 3 days ago 3 replies      
creator of pev here, thanks for all the kind words!
garysieling 4 days ago 2 replies      
Does this store the plans? I like these things, but I'm always a little leery that this will expose my database schema in Google search results.
sgt 3 days ago 0 replies      
This is really great and I think I might start using this. I would also love a standalone version of this that runs outside the browser. Something that can maybe connect directly to my DB.
mistercow 3 days ago 0 replies      
I use this tool often, and it's great. It's a lot easier to wrap your head around plans when the way it displays them.

The one thing I wish it had is either the ability to not save plans automatically, or at least a button to clear the history. As it is, I just pull up a console from time to time and do localStorage.clear()

fnord123 4 days ago 2 replies      
Looks good, but why not dump is as a flame graph?
obiwahn 3 days ago 0 replies      
Looks awesome! How about adding a direction to your graph for people just starting with SQL.
sghall 4 days ago 1 reply      
Cool project. Not a DBA but was interested in playing around with this. Be great to maybe add some example plans here:http://tatiyants.com/pev/#/plans

So if you just want to checkout the interface you can click to load up an example or two.

ris 3 days ago 0 replies      
Something I've wanted from an explain viewer for a long time is simply using the "start time" "end time" information on the nodes to put things in a basic timeline. Most visualisers seem determined to keep the layout as a pimped up version of the tree given to them.
beefsack 4 days ago 2 replies      
I can completely see myself using this on my Postgres projects, but something like this would be most useful for me at work.

How feasible would it be to port this over to MySQL / MariaDB? I know EXPLAIN output on MySQL is much simpler than what you get out of Postgres so my gut feeling would be that it wouldn't be possible.

maxvu 4 days ago 1 reply      
Why, in the example, does the constituent `customerid` join take longer than the forming `orderid` one?
stuaxo 3 days ago 0 replies      
This is great, should really be a part of pgadmin4.
edraferi 4 days ago 0 replies      
Very cool! Now I want to figure out the Postgres EXPLAIN JSON format and start parsing other DBs to fit, just so I can use this tool on them.
dlb_ 4 days ago 0 replies      
Very nice! I wonder if it would be possible to embed that into pgAdmin? Possibly with Electron?
emilsedgh 4 days ago 0 replies      
Absolutely fantastic! Thank You!
isatty 4 days ago 0 replies      
Thank you, this is very useful!
edoceo 4 days ago 0 replies      
Social Media Is the New Smoking theroamingmind.com
427 points by nether  2 days ago   210 comments top 38
mrisoli 2 days ago 7 replies      
> Will browsing your phone anticipating the next notification become a dirty habit that others will shun you for?

It is already frowned upon in some social circles, occasional browsing is okay but some people can go completely off reality when going through their Facebook feed, I have some friends like this(very introverted), when we met at a bar or restaurant we would make a "phones on the table" rule, first to reach for the phone pays the bill.

For me, the hyperbole of social media dependency is how it changed travel experiences. People always took photos of travels, but social media put that into comical territory.

It is bizarre watching other tourists around, how they navigate from spot to spot to get a picture in some of the most famous places on earth without ever stopping to absorb where they were, they never bothered to understand the history or the architecture behind some place, they have 75 pictures of the same place but probably couldn't tell you the color on the walls five minutes after the picture was taken.

I like to stay at hostels and meet other people(especially when traveling alone), there have always been people in their own bubble, but it is crazy how it changed in the last 3-4 years, everyone is so self-envolved on their phones that they are not even aware of their surroundings, you can come in and out of a room without being noticed, I've seen people spend their entire time locked in a room glued to their phones, sometimes even missing meals.

thesuitonym 2 days ago 12 replies      
I don't know about you, but I don't find that I'm missing out on anything by pulling my phone out when I'm waiting for my car to warm up. I don't think I'm wasting time because when I start getting bored with a movie that I'm watching, I pull out my phone and check my messages.

I don't miss the ten minutes of watching the news before leaving for work that has been replaced with ten minutes of Facebook. Maybe reading a novel for an hour after work is a better use of my time than reading Reddit for an hour, but maybe it's not?

I'm probably not super typical with my social media consumption, but I only use social media to fill the time when my kids are doing their own thing, my wife is on something, and I don't really have time to engage in some activity.

I get that social media is new and alarming that it's such an integral part of our lives, but maybe we need to step away from these hype grabbing headlines. What's the difference if a 10 year old is posting on Instagram, to a 10 year old in the 80s with a Polaroid? If kids talk on snapchat instead of over the fence in the backyard?

Again, I want to stress that I'm not saying we shouldn't look into the negative effects of social media. We certainly should. But we also shouldn't assume these things are bad because people with poor impulse control are ruining their lives.

Nightshaxx 2 days ago 2 replies      
I think that the basic idea of the article is frighteningly true; social media is becoming that thing I use when I feel sick, bored, or just want to escape reality.

The problem is smoking feels the same wiether 1 person is doing it or 1 million people do it; social media only really works when everyone you know does it. This makes it even scarier when you realize this will make it exponentially harder for we as a society to make a decent dent in social media: if your high depends on others, you might pressure others into sustaining your high.

thinbeige 2 days ago 4 replies      
I remember one vacation which was the first after many years: I was lying at the beach enjoying the view. I was so happy that I could afford some vacation after years of suffering and watching millions of vaction pictures from my friends on Facebook.

Avid for revenge, I took a picture of the stunning beach view and wrote in big letters 'MY LIFE IS BETTER THAN YOURS'. At that moment I realized what Facebook is about (without posting anything).

WheelsAtLarge 2 days ago 2 replies      
If Social Media Is the New Smoking then I'm smoking 12 packs a day. HELP!

Seriously,there is truth in this statement. People are sinking into their phones and computers and we all think it's amusing. Living peacefully in a society is hard enough when we have to learn to deal with one another. What will happen when we lack those abilities because all we need to do is interact with our technology? Red lights need to be popping up all over the place.

oliv__ 2 days ago 6 replies      
> "That the dude off in the corner consuming his Instagram feed will be looked at the same as the guy standing at the street corner sucking on a Marlboro."

I don't think that's ever going to happen. Social networks, contrary to smoking, are built on the very nature of human beings: being social animals. And that's certainly not going away. It would be like wishing that the buddies socializing on the corner would be looked at the same as the guy smoking next to them.

There's no doubt that our natural inclination to socialize is being used and twisted through these slot-machine social networks, but if you're going to wish for something, wish for better social networks, or better education to help people control themselves, just not for humans to stop being social.

pan69 2 days ago 3 replies      
Early January I removed the Facebook, Instagram and Twitter apps from my phone (don't really use any other social media). Since that time I think have have logged into Facebook twice (desktop browser) only to be presented with a barrage of gunk on which I closed the browser tab. See yasss...

Every once in a while I will scroll through my Twitter feed (desktop browser). I follow a lot of pixel art artists so I get to see some interesting things.

However, I don't want this on my phone anymore. My phone will only have the actually utilities I need. Phone, SMS, maps, email and a decent battery life.

Also, I turned off all notifications on my phone as well. I.e, don't interrupt me. I'll get to it when I get to it.

goalieca 2 days ago 4 replies      
Smoking causes self-harm through use. But do cigarette companies build a giant FBI file on you in order to sell it for profit to others? others who believeInformation is power and want to manipulate you for political and economic success?

As you can tell, I'm on the cynical side of things. It hurts my social life no doubt. Perhaps this is similar to being a non-smoker in the 40s. Hell, I bet that I'm a victim of second hand social media.

voidifremoved 2 days ago 7 replies      
I broke my phone about a year ago, and it took a few days to sort out a replacement.

In that time I went through exactly the same process I did when I quit smoking. I became aware suddenly of all the time, all the gaps, all the moments that I had filled with a quick look at my phone.

And once it passed - elation, freedom, seeing the world with open eyes and a clear head.

I was sad when my new phone arrived, and looking back I wish I had found a way to stay clean.

kartan 2 days ago 1 reply      
Today I'm going to answer cynism with cynism:

> will social media become the new smoking?

No. Smoking produces cancer, that makes some people really worried. It is even worst if you are pregnant.

> Will browsing your phone anticipating the next notification become a dirty habit that others will shun you for?

No. Unless there are other more cool ways of social media. If you are still using My Space, maybe you already feel like this.

> There are a few instances where it works well but for every 1 nugget of goodness that there is, there are 4 nuggets of bad.

Supported by which data?

> I know I am sounding negative here, but it is the truth.

Ooooh, it's the true. Duh.

> I always feel better after interacting with someone face-to-face.

Me too. Social media doesn't exclude the possibility to have human interaction unless you are in a 90s movie connected to a VR headset. If that happens, you are trapped in "the computer world" and lost for ever.

> social media will never feel like a true genuine connection.

Because it is not. Reading a newspaper doesn't feel either as a "genuine connection", but keeps me up to date with the news. Sending a mail doesn't feel either as a "genuine connection", but I get my job done.

> While naive to believe so, I have to hope that when my son becomes ready to consume the social media lifestyle, by then it will have been a passing fad and ostracized like the cigarette packages of today.

Or he can be educated to understand for what is useful, and for what not, and what are the risks. Abstinence education doesn't work.

dawhizkid 2 days ago 1 reply      
I'm so, so glad I grew up in a world without social media (with the exception of maybe Myspace blowing up when I was in HS).

I can't imagine that growing up with an iPhone and access to FB/IG/Snap from elementary school onward is a healthy experience for kids from a mental health/social anxiety POV. I guess only time will tell.

I'd also imagine being a teacher these days would suck because of phones. I don't know how schools manage that these days.

colept 2 days ago 1 reply      
In college social media consumed me. Instead of going out and having fun I was watching my friends go out and have fun. It got to such a bad point that I was lurking enviously across random profiles.

In 2013 I gave up Facebook and it felt like a deadweight lifted. I stopped worrying about what acquaintances were up to. Friends and I kept in touch through conventional conversation. I endured the same awful feeling with Instagram when I moved 3000 miles away from my friends and family.

Everyone is crafting an online identity of how they want to appear and we all know we're doing it. There's little room for raw, unedited perception. Every moment has to be post card or else you don't measure up. Networks like Facebook and Instagram are a self-fulfilling prophecies of low self esteem.

snarfy 1 day ago 1 reply      
I enjoy my solitude. Maybe it's a slight bit of mental illness, but I cannot stand notifications. I'll use my phone when I want to, not when it wants me to. When I'm in a waiting room, it's amusing to watch everybody else on their phones, except maybe an old guy in the corner.

Then I realize I'm the old guy in the corner.

tudorw 1 day ago 0 replies      
Yes, if you follow the lifecycle from exclusive expensive gadget only the rich can afford down to ubiquitous device which affords no status it would seem likely that conspicuously demonstrating you are beholden to the little box will be avoided by the upper strata, not being busy and not needing a phone because you have 'people' for that will be the new norm. The truly wealthy will be carrying a book.
martinald 2 days ago 1 reply      
I often wonder if social media is the reason behind the dismal productivity gains we've seen in the last decade.

I think this is a really well thought article. I can sort of see the equivalent of The Insider in 20 years time, with Zuck at a congress hearing saying that 'social media' is not addictive.

m3kw9 2 days ago 0 replies      
Your attention is now helping how the corporation want you to use your time to help them make money. It all seem like a win win but your share of win is much lower. You miss out on introspection of yourself or other matters, that's just the tip or the iceberg
spraak 2 days ago 0 replies      
I'm sitting here watching my child at the park and reading Hacker News. I don't use social media but definitely am addicted to being distracted.
djyaz1200 2 days ago 0 replies      
"It's the new smoking, an expensive/unhealthy pacifier for poor people."

by djyaz1200 62 days ago on: Facebook cancer of our generation"

bogomipz 2 days ago 0 replies      
>"After watching a man almost wander into the street while browsing his phone, my wandered a bit; will social media become the new smoking?"

The opening sentence is about not paying attention and yet it contains two glaring errors, spelling and grammatical.

Did this individual really not even bother to proof read their opening sentence? Maybe the author might be better asking "is blogging the new fast food?"

chayesfss 2 days ago 3 replies      
sitting is the new smoking, social media is the new smoking, sugar is the new smoking...
syphilis2 2 days ago 0 replies      
I feel it's clear the fad is waning, but that's my experience among my crowd. For young children, for grandparents, maybe for other countries it's not the same. For example Facebook's trendiness is in that familiar slow motion fall. The same one blogs experienced, or Instant Messenger. But "social media"? No, contrary to my experience, social media is still trending up. It should be interesting to see the backlash grow, the holdouts dig in, and the slow fade to irrelevance and memory. In ten years you might ironically send a foodie to your friends alongside a status update about how cute your cat is. Or a hamburger themed math problem presented by a Minion. Or maybe social media is the new jeans (long term) or the new beer (very long term).
habosa 2 days ago 0 replies      
I think the analogy is true, but in a much more serious way. Smoking is the defining health issue of the previous generation. Everyone did it, and nobody knew (or wanted to admit) that it was slowly killing them. The companies knew, but there was too much money at stake.

I think social media addiction and general internet addiction is destroying the mental health of millions of people around the developed world and nobody is doing much about it. Just as we look back now and go "oh my god they used to smoke in restaurants!" our children may say "holy crap look at this picture of my parents on the phone while they walk!". It's all-consuming.

rubicon33 2 days ago 0 replies      
I removed social media from my life years ago because I found that it wasn't helping me in any way whatsoever. I'm not sure I would go as far as to declare it a social epidemic on the level of smoking, yet it's hard not to worry about (what seems to be) the growing fixation young people have on their social media lives [1] over their real life. I genuinely wonder what it's like to grow up as a teenager in the social media world we live in today.

[1] http://abcnews.go.com/Technology/wireStory/teenage-driver-li...

kermire 1 day ago 0 replies      
Though I do like the culture of taking photos instead of experiencing the moment, I do not think social media is the new smoking. People like to be distracted and absorbed. Social media is just an option. There are a dozen other alternatives. It has a different effect on different people. Some get really into it but there are others who just don't care. Fear mongering is easy when it sounds believable. I refuse to accept the equivalence until there's some unbiased research backing these claims.
calebgilbert 2 days ago 1 reply      
I've been developing since 2000 in some form or other and have gone from a true believer who thought the internet would save the world, to someone who thinks it's had an immeasurably negative impact on any number of levels.

That said, comparing it to smoking is not broad enough. It's more like social media (and by extension the internet) is more like the 'new water' - a fundamental aspect of living whether we like it or not at this point. For instance, even if you don't partake in social media, the top political figures of the day are, and thus your life is being directly affected one way or the other.

mjn 2 days ago 0 replies      
Reminds me of an article from 5 years ago, "The Cigarette of This Century", comparing cigarettes and smartphones. Although that one is looking more at their social roles than their health effects.


donatj 2 days ago 0 replies      
This is an incredibly interesting and apt comparison.

My mother who's trying albeit mostly failing to wean herself from smoking has become addicted to social media to the point where she becomes actively hostile when her internet is out.

She is literally addicted to Facebook in the exact same way as cigarettes. She needs her fix.

I think for people who become easily addicted to things, it's a very easy thing to become addicted to.

draw_down 2 days ago 0 replies      
The stigma against smoking has a considerable class element to it nowadays. If a technology comes along that allows more affluent people to avoid looking at the phone then this could happen. On the other hand, smart watches offered that functionality among other things and don't seem to have changed much of anything, socially speaking.
dsjoerg 2 days ago 0 replies      
I had exactly the idea of OP's title but never bothered to write an article around it. 100% agree.
empressplay 2 days ago 0 replies      
I quit smoking over a decade ago, but only because I had a S60 phone with an IRC client lol
Aron 2 days ago 0 replies      
No. It's not the new smoking. There's an uncomfortable process involved with acculturating to social media and it will continue to evolve, but there is far more upside when used well which is hard to say with smoking.
seizethecheese 2 days ago 0 replies      
Oh, the irony. After all, this platform is a form of social media.

And before you say "it's different", HN is just a different flavor of clickbait from FB, more in tune with what happens tickles your feels.

Aron 2 days ago 0 replies      
I'll tell you what the new smoking is. Driving around in a gas car. Hey Ford, cough cough, I'm trying to breathe here.
losteverything 2 days ago 0 replies      
There is no possible way to reverse the damage to the lungs caused by active or passive smoke(ing)

The comparison is not a strong one

mahyarm 2 days ago 0 replies      
I would say the international increase in obesity and all of the health problems it creates is the new smoking TBH.
joh-nan-drew 1 day ago 0 replies      
Addictions aren't necessarily bad. Some need drugs to help get by. Others junk food. TV shows. Validation. I indulge in a number of things when I just want my brain to turn off. I let my desires run on autopilot and give myself what I need.

Sometimes, these can reveal important things about our personalities. One of my addictions is particular kinds of information. Complex and novel ideas, long-form essays, "insight porn." The type of things I gravitate towards reading tells a lot about me and what I find interesting in this world. I'd like to make some kind of dent in the universe in these spaces I find interesting before I die. Sure it might suck when I end up reading too much at the expense of something else, but what can I say, that's what I enjoy.

For those whose lives revolve around social media like Facebook or Instagram, their attention might be largely allocated towards validation, a sense of belonging, identity. Things that are not necessarily new to a post-Facebook world. In an alternative universe, maybe they're doing some other kind of social climbing or image-crafting. I'd never hold that against somebody if that's what they're wired towards. I say, own it and use it as an asset in your life.

An addiction is a habit, and a habit is merely a stable pattern of human behavior. All of our non-novel behaviors are habits. The things our mind gravitates towards are habits. I think it crosses into a "negative addiction" once a habit starts to become detrimental to something we want out of our lives. That's when we should be concerned.

We are flawed, suboptimal creatures. It's ok to give into our addictions, good and bad. We should incorporate addictions as constraints in our models of living, working, interacting. We'll always have them. In my experience, trying to get rid of certain habits hurt me because they served a function to my well-being or personality.

You need to understand your own addictions. If a sense of belonging is important to your personality, you will feel a void in your life without it. There's a reason why poor men in third world countries might partake in cockfighting culture with other men rather than spend it on food.

That being said, I don't think the negatives of social media are all that bad. I would argue that grade school is way more toxic than social media. Social media usually makes a convenient target for those in the "good old days before technology," "humans need authentic human connection" camp.

I am willing to extend a platform+API metaphor and grant that social media (the platform) allows us to build an external layer of ourselves (the API) that becomes the means with which others interact with us while while we hide our internals, but you'll have to convince me that that's mostly a bad thing. I don't think appealing to an "authentic human connection" value works. Sounds like a win for technology if you ask me!

Here's the thing. Social media is still a choice. Contrast this to the toxic and unnatural environment that is high school, which is forced upon us.

Social media feeds our insecurities? Well, high school created them in the first place.

Technology almost always affords you the freedom to engage or disengage. Take online dating for example. In the "good old days," men would have to impress and court a whole family just to date one person -- you're essentially dating a whole family. Now you can just find someone online within minutes, and start connecting with the one person you actually want to. Is some dude harassing you online? You're free to block him with the click of a button or just turn off the app. Sure there are tradeoffs, but the key here is choice.

Think freedom to respond to a text whenever you want vs being "on-call" all the time.

I hate to be the bearer of bad news, but if you are hanging out with people who are constantly on their phones, then the truth is, they are making a personal choice to disengage from that situation, and they value more whatever's going on in the "real internet world" rather than the "tiny bubble" that is the room you guys are sitting in. Maybe the latest meme or what's happening in North Korea is more interesting. The actual problem is a mismatch between you and your company. Technology simply affords them choices in dealing with social expectations they might not actually want.

Facebook is not the end game, and technology can do better. But I think pointing fingers at social media for ruining us all is a bit silly.

Mz 2 days ago 0 replies      
Social Media: Promotes cancerous growth. And it smells bad to boot.
watertorock 2 days ago 1 reply      
Toxic and popular with no benefit?
Fear is Americas top-selling consumer product laphamsquarterly.org
422 points by oblib  3 days ago   316 comments top 29
komali2 3 days ago 33 replies      
I'm slowly trimming away the means I acquire news, because it's all becoming so editorialized. Twitter is bombarded with bots and flamewars, reddit is a lost cause, and news.google.com is mainly driven by larger syndications that have mastered the "Big Headlines Sell" strategy.

That leaves HN and my little local papers, Mountain View Voice and its ilk. Great for local stories and tech news, but I feel like I'm missing out on what's going on in the world. Every time I dip my feet in global news, it's screamed at me, dripping in panic: "Trump DID A THING!!!" "Cops Shoot a Guy AGAIN WHY DID THEY DO THAT?!!"

Are there any good general global news sources that don't try to manipulate my emotions as I read them? Paid or free.

aleyan 3 days ago 1 reply      
This is not this essay's first time[1] making it to this front of hacker news. And I am glad for it, because Petrified Forrest essay is great, and Lapham's whole issue[2] on fear is fantastic.

Unfortunately two pieces I found most relevant for HN crowd from this issue so far aren't available on Lapham's Quarterly website. They are a moralistic Japanese 17th century account of an entrepreneur in "All the goodness gone from tea"[3] and Joseph Heller's bit on "Corporate Welfare" in "Something Happened"[4]. Hope you enjoy reading them as much as I have.

[1] https://news.ycombinator.com/item?id=14589087

[2] http://laphamsquarterly.org/fear

[3] https://books.google.com/books?id=ux89AAAAIAAJ&lpg=PA93&ots=...

[4] https://books.google.com/books?id=b2AiWB98p5sC&lpg=PT14&ots=...

erikb 3 days ago 5 replies      
I wanted to complain about the title not really making the right distinction, that fear is not a product but a sales method. However, the author actually understands that distinction and really talks about fear being the product. That also implies that people desire fear and that fear is produced with industrial efficiency.

Interesting thought.

FRex 2 days ago 1 reply      
Sounds awfully close to Poland, all of it. The underdog, truly strong but weakened by enemies, surrounded by enemies, chosen by god[1], threatened by Russia, spies, jews, terrorists, ebola, etc.

I'm no joke starting to see the value of Chinese, Singaporean, etc. and maybe even North Korean (!!) censorship - people can't be fucking idiots and destroy the country over stuff on the news if it's not on the news.

I couldn't imagine the level of fear and paranoia USA and Poland have applied to a country like Singapore, Lithuania or South Korea and Japan even. They'd be burning themselves alive daily by the thousands on the streets out of sheer fear of 'enemies' and so on.

Another problem is that 'fear' doesn't exist in a vacuum, I've yet to see 'fear' on its own. It's always mixed with politics (PiS calls everyone bolsheviks, communists, Russian/German/EU spies, traitors, etc.), racism (ebola, Syrian refugees), religion (Syrian refugees), etc. a.k.a. all the things Singapore censors.. isn't that curious.

[1] https://en.wikipedia.org/wiki/Christ_of_Europe

alecco 3 days ago 0 replies      
Playing devil's advocate, all this fear and anxiety (as @coldtea properly states) is an engine of the economic machine of the western world.

What I'd argue is that is all twisted for idiotic reasons. For example, it would be good to have fear of death used to push society towards things like cures for cancers. And anxiety used to push ourselves to reach our potential instead of seeking validation in superficial things expressed in Instagram pictures.

But we humans like the quick fix and the advertising lobby delivers. We have 50% of the blame here. Same with the unhealthy foods and drinks we take all the time.

To improve our behaviour we need incentives like most animals.

ivanhoe 2 days ago 0 replies      
To be honest I think this was pretty obvious to anyone living outside the US, especially after 9/11. And unfortunately for the rest of the world, it's nothing US exclusive, scaring people into obedience is the oldest trick in the book. Fear has been always one of the main selling point for politicians, ever since the beginning of time. When faced with a common threat (real or not) people tend to unite under a leader who they hope will protect them, and it's any totalitarian ruler's wet dream. Frightened people are easier to control and far more likely too look the other way on whatever irregularity or injustice, as it will always seem unimportant compared to the threat and fear they feel.
mxfh 3 days ago 2 replies      
A not so convincing conservative (counter) narrative that lumps up the arguably questionable nature of trigger warnings with a russian imposed nuclear doomsday scenario?

That assumption that a russian bomb was merely a copy of the the American effort, spying helped it speed up, but mostly prevented costly mistakes for the soviets is just another example of american exceptionalism.

Would rather watch Adam Curtis' Power of Nightmares again, blaming the culture of fear rightly and mostly on the rise of neoconservatives.

mancerayder 3 days ago 1 reply      
Without a doubt the business news has a greater interest in delivery of facts on the ground than your typical national newspaper. To that end I pay for (and only pay for) the Financial Times due to their attempt to seek out truth. For example, on controversial issues they'll have editorials from both sides, long articles, and they publish letters criticizing and correcting articles. As it's investment-minded and British owned, there's more of an international focus.

The sad thing about the FT is how expensive it is.

Investors tend to care about facts more than feelings, so objectivity becomes a worthwhile pursuit. When you're investing in a commodity, foreign currency and so forth, you're going to read everything with squinted eyes, looking for the facts.

ethn 3 days ago 3 replies      
I think it's quite ridiculous that any author can get away with the obscure clairvoyant claim that people are really irrational and desire to be fearfulit's a claim contrary to primitive animal and human psychology alike. The motivation to go buy products associated with fear has nothing to do with fear itself even when you explicitly define fear as an uncomfortable uncertainty.

The reason to want to know fear, why fearful subjects are even discussed, is the quite natural rational thirst for information about uncertainty. Thus, you would expect them to purchase services that provide information about and that mitigate uncertainty. Much of the financial economy is purposed as a mitigation to uncertainty, because uncertainty causes an inherent inefficient allocation in resources in order to prepare for the uncertain event. If there is uncertainty, the rational agent is forced to prepare for it with capital (be it financial or physical). This causes there to be an unused buffer of resources that cannot be allocated to more pressing utilizations. Instead, the rational agent is obliged to maintain a buffer, and even incur more transactional costs in maintaining that very buffer. Uncertainty is expensive, and the rational agent thus seeks to understand all disturbances to mitigate the cost of uncertainty.

tl;dr The author is actually engaging in the cheap literary trope where the general population lacks rationality and the author is the exception for pointing it out.

oblib 3 days ago 0 replies      
Laphams Quarterly is an absolute treasure. This issue is especially timely and informative (to say the least).
yuhong 2 days ago 0 replies      
It is funny how the US focuses on "intellectual property" over selling actual goods. We have been running a trade deficit since the 1980s I think. This reminds me of patent trolls for example.
coldtea 3 days ago 0 replies      
The 2nd top-selling consumer product: the first is anxiety (for your body, social status, income, career, etc.).
DanielBMarkham 2 days ago 0 replies      
The internet promised to make every man a publisher, and it has succeeded. The problem is that most professional publishers shouldn't be publishers, much less the average person. There's simply too much money to be made with eyeballs. A press with no overhead is a race to the bottom with a cast of billions, many of whom would fight to the death over pennies.

I tell my friends to monitor and severely cut their intake of news. Ingesting news today is a profoundly emotionally unhealthy thing to do, and to the degree people ingest it, they are usually over-the-top in their fear of various things, the vast majority of which are no threat to much of anybody.

We've always had this situation with small publications. As a former freelance journalist, what I've seen over the past several years is that the big publications, after being brought over to Facebook and Twitter for better access to readers, are being forced to play this game too -- while they continue to lay-off staff and reduce costs. There's more than a whiff of desperation I see in the majority of headlines from most major news sources. It is a sad thing.

lutorm 3 days ago 0 replies      
Funny, I just watched this: https://youtu.be/JrBdYmStZJ4?t=22s

Seems pretty apt.

NumberCruncher 2 days ago 0 replies      
Evergreen: http://www.aaronsw.com/weblog/hatethenews

Tl,dr: None of these stories [the news] have relevance to my life. Reading them may be enjoyable, but its an enjoyable waste of time. They will have no impact on my actions one way or another.

amelius 3 days ago 3 replies      
Also: "Fear of missing out"

It's essentially what our culture seems to be based on nowadays. Thanks Facebook, thanks Google.

Hasknewbie 2 days ago 0 replies      
"Fear itself these days is Americas top-selling consumer product"

Isn't that the point Michael Moore was making in Bowling For Columbine all those years ago? We are only rediscovering what we already knew.

avs733 2 days ago 0 replies      
In some sick way I am a little impressed with Fox News...the comments in this thread seem to indicate they have effectively won the battle they chose to fight by making everything seem biased. Nihilism isn't intended as a political strategy but it is an effective one.
nathan-wailes 3 days ago 0 replies      
Hey all, I'm interested in this topic and created several summaries for my own use (below). Since this article is somewhat long and isn't as easy to understand as it could be, I figured other HNers might find these summaries useful:


Short plain-English summary of the major things he says in the article:

People in the US are generally much safer than in the past, but they also seem to be more afraid than in the past, and it seems to be because there are powerful groups that benefit (or believe they benefit) from this state of affairs: those associated with or members of the news media, the military and its private-sector suppliers, politicians, the very rich, and the police.

This shift to having the public generally fearful seems to have started in 1949 when we in the US learned that the Soviet Union had nuclear weapons. Consensus in Washington became that the Soviet Union was a more immediate and serious threat than it probably really was, and the news media sold papers by stirring up fear of WW3. In the 1960s the news media made people afraid of the possibility of an actual armed revolution within the US by leftists. With the fall of the Berlin Wall the news media and politicians shifted to fear of drugs, and since 9/11 it has been terrorism.


The main ideas / questions discussed, in his words:

[Motivating problem:] In no country anywhere in the history of the world has the majority of a population lived in circumstances as benign and well-lighted as those currently at home and at large within the borders of the United States of America. And yet, despite the bulk of reassuring evidence, a divided but democratically inclined body politic finds itself herded into the unifying lockdown imposed by the networked sum of its fearssexual and racial, cultural, social, and economic, nuanced and naked, founded and unfounded.

[Main questions:] How does it happen that American society at the moment stands on constant terror alert? Why and wherefrom the trigger warnings, and whose innocence or interest are they meant to comfort, defend, and preserve? Who is afraid of whom or of what, and why do the trumpetings of doom keep rising in frequency and pitch?


Paragraph-by-paragraph-ish main ideas (as far as I could tell), in his words:

Fear [is] the oldest and strongest of the human emotions.

[There is] real fear and neurotic fear, the former a rational and comprehensible response to the perception of clear and present danger, the latter free-floating, anxious expectation attachable to any something or nothing that catches the eye or the ear.

Im old enough to remember when Americans werent as easily persuaded to confuse the one with the other. I was taught that looking fear straight in the face was the root meaning of courage.

[After] August 1949, when the Soviet Union successfully tested a [nuclear] bomb, my further acquaintance with fear was for the most part to take the form of the neurotic.

The Cold War with the Russians produced the doctrine of mutual assured destruction. For the everybodies whose lives were the stake on the gaming table, [this] didnt leave much room for Teddy Roosevelts looking real fear straight in the face.

Expectant anxiety maybe weakens the resolve of individual persons, but it strengthens the powers of church and state.

Fear is the most wonder-working of all the worlds marketing tools. Used wisely, innovatively, and well, it sells everything in the storethe word of God and the wages of sin, the divorce papers and the marriage certificate, the face cream and the assault rifle, the grim headline news in the morning and the late-night laugh track.

[He tells a story of working as a reporter in NYC in 1962, receiving a press release from the Russians about new weapons tech, and having the editor of the paper mold it into a front-page fear-soaked story, presumably motivated by the desire to sell more papers.]

Expectant anxiety sells newspapers.

The Cold War was born in the cradle of expectant anxiety; so were the wars in Vietnam and Iraq.

The innovative and entrepreneurial consensus in Washington resurrected from the ruins [of Russia post-WW2] the evil Soviet Empirestupendous enemy, world-class and operatic, menace for all seasons, dread destroyer of American wealth and well-being.

Fattened on the seed of openhanded military spending (upward of $15 trillion since 1950) the confederation of vested interest that President Eisenhower identified as the military-industrial complex brought forth an armed colossus the likes of which the world had never seen.

The turbulent decade in the 1960s raised the force levels of the public alarm. The always fearmongering news media projected armed revolution; the violent fantasy sold papers, boosted ratings, stimulated the demand for repressive surveillance and heavy law enforcement that blossomed into one of the countrys richest and most innovative growth industries.

The tearing down of the Berlin Wall in 1989 undermined the threat presented by the evil Soviet Empire, and without the Cold War against the Russians, how then defend, honor, and protect the cash flow of the nations military-industrial complex? The custodians of Americas conscience and bank balance found the solution in the war on drugs.

The stockpiling of domestic fear for all seasons is the political alchemists trick of changing lead into gold, the work undertaken in the 1990s by the presidential campaigns pitching their tents and slogans on the frontiers of race and class.

Like the war on drugs, the war on terror is unwinnable because [it is] waged against an unknown enemy and an abstract noun.

[The War on Terror] is a war that returns a handsome profit to the manufacturers of cruise missiles and a reassuring increase of dictatorial power for a stupefied plutocracy that associates the phrase national security not with the health and well-being of the American people but with the protection of their private wealth and privilege.

Unable to erect a secure perimeter around the life and landscape of a free society, the government departments of public safety solve the technical problem by seeing to it that society becomes less free.

The war on terror brought up to combat strength the nations ample reserves of xenophobic paranoia, the American people told to live in fear.

Given enough time and trouble over the last sixteen years, their collective fear and loathing collected into the cesspool from which Donald J. Trump became the president of the United States.

microcolonel 3 days ago 0 replies      
Don't watch cable news, your life will be better. If you're not already convinced that most cable news is editorialized for political gain, then surely you're convinced that is unhealthy to rubberneck at every problem in the world.
richev 2 days ago 0 replies      
Article needs editing for length and clarity.
fl0wenol 3 days ago 0 replies      
I got excited for just a split second on the off chance the author meant the Monolith Productions title back in 2005.
apexalpha 2 days ago 0 replies      
The joy of your country having a neutral public broadcaster...
valuearb 2 days ago 0 replies      
I hope the author found their point, because I went 3 pages in and gave up looking for one.
TazeTSchnitzel 2 days ago 0 replies      
The writing style is pretentious, and for the life of me I can't see why trigger warnings, of all things, are being spun into this narrative. Perhaps betrays a lack of understanding of the concept from the author.
uptownfunk 3 days ago 0 replies      
Brilliant magazine.
arkis22 3 days ago 0 replies      
I would have thought it was sex
colanderman 2 days ago 0 replies      
Maybe I'm dumb, but I can't glean the meaning of this partial (verbless) sentence?

> Not the outcome envisioned by Franklin Delano Roosevelt, but the one raising the question addressed in this issue of Laphams Quarterly.

Laphams Quarterly is highly regarded, so I would expect such non-sentences especially at the start of a paragraph, complete with a drop-cap to be culled by the editor (or author, who is in this case the same person). Or am I just not intelligent enough to understand this style of writing? (Even inserting a well-placed is does not clarify this sentence for me.)

Aside, Im surprised the article doesnt touch on why fear is so delectable to the American palate. I suspect its that humans expect fear, like how we expect work, pain, hierarchy, and other objectively unpleasant things which we seek out when lacking, to restore balance to an otherwise saccharine existence. Americans in fact have very little to rightly fear, thus our lizard brains instinctively latch on to anything to fill that void in our lives.

Flash will be EOL by 2020 adobe.com
399 points by Manishearth  2 days ago   4 comments top 4
dang 2 days ago 0 replies      
Comments moved to https://news.ycombinator.com/item?id=14848786, which has the original source and was submitted a bit earlier.
scott_karana 2 days ago 0 replies      
Can we link to the actual announcement instead of Techcrunch's regurgitation?


campuscodi 2 days ago 0 replies      
Here's the real announcement, not this regarbled blog spam with no technical details: https://blogs.adobe.com/conversations/2017/07/adobe-flash-up...
First Human Embryos Edited in U.S technologyreview.com
413 points by astdb  1 day ago   241 comments top 31
plaidfuji 12 hours ago 6 replies      
I've seen most of these arguments for and against gene editing before, but the fact of the matter is that it will come down to the economic competitiveness of nations, as always.

What concerns me in the long term is that gene editing will cause human genomes to converge to a single gold standard with proven mental and physical benefits, thereby reducing our species' genetic diversity and leaving us more vulnerable to a mass extinction event. A "zero day exploit" that everyone missed in the popular new cancer-fighting edit.

eggie 1 day ago 4 replies      
We would need a very particular set of conditions for embryonic editing to be justifiable under a medical dogma that aims to "do no harm." Both parents would need to carry a large common set of recessive deleterious alleles, as this would make embryonic selection of non-carriers very difficult. Then we would need the editing system to be so reliable as to not introduce off-target mutations. In a preimplantation setting, we can't easily observe if non-desired mutations have been introduced in some cells, as this would require sequencing every cell in the developing embryo. Serious disease introduced through chimeric errors in the editing process would be a real possibility, and there is no feasible way we could guard against this result using sequencing as it would require destruction of the embryo.

A more realistic scenario would be to develop a human embryonic stem cell culture that has been edited as desired and then implant this into a developing blastocyst at a point at which it would take over the and develop into the fetus. This is done with mice and there is no reason it wouldn't work for humans. I think that most people would find this much more abhorrent than directly editing the germline. However, it would be much safer for the engineered proband and would not require a "perfect" editing system that we do not have.

kanzure 23 hours ago 4 replies      
here's a TODO list i made for possibly interesting genome editing targets: http://diyhpl.us/wiki/genetic-modifications/

Many of these have low demonstrated correlation or significance so don't just blindly load everything on that document into your at-home CRISPR kit http://www.the-odin.com/gene-engineering-kits/ but it should be a good starting point for thinking about what can be modified, improved, disimproved, etc.

sethbannon 1 day ago 5 replies      
I am so insanely excited for the potential of this technology. There are many ethical questions here, but the potential benefits far outweigh the downsides. In the near future, we can detect and eliminate genetic disorders, ensuring no child has to suffer from these defects any longer. Long term, this gives us a tool to take control of our own evolution in a way never before possible.

Couldn't be more excited for what's possible.

artur_makly 14 hours ago 1 reply      
"Although none of the embryos were allowed to develop for more than a few daysand there was never any intention of implanting them into a womb"

oh im sure human trials have begun by the time mass articles like this surface.

i've met young gententic research students who told me they went to work for labs based in Latam simply because they were allowed to do perform any experiments deemed illegal in the US - to get a precious few years of a head start.

albertTJames 1 day ago 2 replies      
Ethics questions need to be raised now, and guidelines have to be decided. The future of humanity is in gene editing. It should not depends on the lazyness of law makers and outrage of godfearing creatures to decide the fate of humanity. It is time we take our evolution into our own hands.
pcnonpc 11 hours ago 2 replies      
"The BGI Cognitive Genomics Project is currently doing whole-genome sequencing of 1,000 very-high-IQ people around the world, hunting for sets of sets of IQ-predicting alleles. I know because I recently contributed my DNA to the project, not fully understanding the implications. These IQ gene-sets will be found eventuallybut will probably be used mostly in China, for China. Potentially, the results would allow all Chinese couples to maximize the intelligence of their offspring by selecting among their own fertilized eggs for the one or two that include the highest likelihood of the highest intelligence. Given the Mendelian genetic lottery, the kids produced by any one couple typically differ by 5 to 15 IQ points. So this method of "preimplantation embryo selection" might allow IQ within every Chinese family to increase by 5 to 15 IQ points per generation. After a couple of generations, it would be game over for Western global competitiveness."


What do you think about this? From what I gather, the Chinese and much of East Asia do not have cultural resistance against using genetic engineering to increase their children's IQs. I will even guess that the governments will encourage their populations to use it.

Will the US, in particular the educated portion of the population, will adopt the practice soon after it is proven safe?

If China starts to do that en masse, Europe and the US will likely criticize them initially. Will they then be forced to adopt the practice soon afterwards? If so, how many years of lag approximately? How much resistance will there be on adopting the practice especially considering the left's belief on everyone's fundamental equality?

The denial about the importance of intelligence is quite obvious now at least by a significant percentage of Americans and Europeans. (They claim "hard work and culture are what matter.", ignoring twins and adopt studies) Will they wait for 1-2 generations until it's so obvious they cannot compete when they start to use genetic engineering themselves?

dr_ 22 hours ago 4 replies      
I realize that scientific consensus is that gene editing should not be permitted to enhance human performance - be it mental or physical. But if one nation ignores this consensus, and starts producing "super humans" wouldn't other nations be compelled to follow?Otherwise, over time, wouldn't their citizens, and their nation, slowly fall behind as a country of power and status?Just a thought.
WalterBright 1 day ago 5 replies      
Gene editing is probably the only way humans can colonize space. By adapting people to different gravities, air chemistry and pressure, radiation, etc., the need for life support equipment can be significantly reduced, and the quality of life of the colonists can be improved.
thosakwe 14 hours ago 3 replies      
In my class just Monday, we watched a film titled Gattaca, which tells the story of a society fueled by eugenics, where most births are in-vitro modified babies, and there is clear discrimination against those with "imperfect" genes. It's crazy how close these things are to reality.
roceasta 1 day ago 2 replies      
The talk is of 'genetic enhancement' but the potential benefit seems more boring and necessary to me: removal of many new and as-yet-unidentified mutations. It is thought that these have been accumulating generation by generation since about 1800 when child mortality started to fall.
djohnston 9 hours ago 0 replies      
We already have a clear division in health along socioeconomic lines, but delivberately encoding our inequalities into our DNA is a future I could skip.
Mikeb85 23 hours ago 2 replies      
As if there wasn't enough inequality in the world, now the rich will be able to afford to make their offspring genetically superior to everyone else's. Have fun with a 1% that are literally overlords.
noir-york 15 hours ago 1 reply      
Evolution made us, then we discovered it, and now we can directly code it.

Pity evolution didn't give us the intelligence, restraint and good judgement to make sure that we will not screw this up. And we will.

A myriad of reasons will be given. Medical reasons - how could one refuse? Then parents: "Harvard is expensive and I want to give my child the best chance I can afford". Then nation states will feel pressure to 'level the genetic playing field'.

On the other hand, with AI soon replacing us, apparently, we can fight back and enhance ourselves!

chiefalchemist 23 hours ago 1 reply      
Wasn't there a HN post/thread a week or so ago about some scientist having a (new-ish) theory about DNA and the role specific genes play? If there's enough doubt that there's still room for other theories, is CRISPR really a good idea?
stillhere 10 hours ago 0 replies      
Seems like a more socially acceptable form of Eugenics since society seems to value advanced science more than it does traditional mate selection based on desired physical traits.
mmirate 1 day ago 1 reply      
Well this is exciting, but hopefully it will advance beyond "genetic disease". Or maybe in the future we will be able to expand our definition of that term, to include all genetic predispositions to suboptimal traits? (e.g. slow observation-decision loop, hedonism, sentimentalism/too-much-empathy, neuroticism, etc.)

Either way - hopefully, when this tech is completed, we will be able to accept and enjoy that our descendants will literally be superior beings to us, and not look upon them with too much envy.

k__ 14 hours ago 1 reply      
Sounds nice, but I don't want children, I want myself to be improved.
vivekd 9 hours ago 0 replies      
I think enough people recognize the ethical issues inherent in designer babies enough that we are in no danger of reaching that point. I think the tech could have great applications in livestock and curing genetic defects.
nonbel 22 hours ago 1 reply      
Yet another mainstream news report on CRISPR before any scientific report is available.
ysleepy 12 hours ago 1 reply      
Why do in on human embryos instead of any other animal?At this stage, it must be for publicity reasons alone. Tasteless in my view.
gehwartzen 1 day ago 1 reply      
"Now Mitalipov is believed to have broken new ground both in the number of embryos experimented upon and by demonstrating that it is possible to safely and efficiently correct defective genes that cause inherited diseases."

Seems a little early for such a claim based on embryos that only developed for a few days.

ziikutv 13 hours ago 0 replies      
Wow it's a Brave new world.
jlebrech 15 hours ago 0 replies      
Reactivate Vitamin C synthesis, etc.
analog31 23 hours ago 0 replies      
In the future, every dissertation will include in its Acknowledgements section, the student's parents, faculty advisor, and gene editor.
SiempreZeus 6 hours ago 0 replies      
You want a Gattaca world?? This is how you get a Gattaca world.
cellis 1 day ago 3 replies      
CRISPR is coming. I seriously think with CRISPR we could see several trillion dollar companies. From cancer and aids cures to fundamentally altering what it means to be human, this is all within the near grasp of CRISPR ( if what i've been reading is to be believed ).
theRhino 12 hours ago 0 replies      
question is did they use emacs or vim?
thrwaway655366 18 hours ago 0 replies      
aphextron 22 hours ago 0 replies      
Cozumel 1 day ago 2 replies      
Related: 'Unexpected mutations after CRISPRCas9 editing in vivo' http://www.nature.com/nmeth/journal/v14/n6/full/nmeth.4293.h...
MS Paint is here to stay windows.com
443 points by richardboegli  2 days ago   296 comments top 42
opdahl 2 days ago 16 replies      
What is, and has been great about MS Paint is that no matter what Windows machine I have been on, I know that I have had it available. No matter if it's my old grandma's computer, if I have needed to quickly do something simple with an image, MS Paint has always been there for me. Now that will no longer be the case. If I have to download and install it on the computer before I use it, then what is the point? It will be faster to just google "MS paint online free" and click the first link.
carlosrg 2 days ago 9 replies      
This thread shows clearly the negativity around everything Microsoft does, especially if you compare to other technology companies. Apple deprecates some API or removes a feature? "It's the future, you have to adapt, etc" Microsoft deprecates a toy program made 25 years ago, but still offers the option of downloading it for free? "How dare they, I want it in the base install, etc"
piyush_soni 2 days ago 1 reply      
I find the title very contradictory to the article. It's going to "stay", but in the Windows Store (so you have to download), and with very subtle words they say that it's not going to get any updates. So, no Microsoft, you're saying it's going to go more than you're saying it's going to stay.
SwellJoe 2 days ago 2 replies      
I just want to take a moment to rant about what an awful user experience Paint 3D was for me. I was using Windows for a short while because graphics under Linux weren't working well (GPU was new at the time, it took a couple of months for it to become reliable enough to use as a daily driver under Linux), and installed the Creator's update, which setup Paint 3D as the default program for every image file it could recognize. Paint 3D is a joke for all the image stuff I want to do; cropping, resizing, highlighting, mostly, and the user interface was pretty confusing all around.

And, I couldn't figure out how to uninstall it! It wasn't uninstallable in the normal ways, and I don't think I ever figured out how to do so.

I won't miss Paint, and I never used it, but I definitely don't consider Paint 3D an upgrade or improvement. And, I really hate Microsoft's standard practice of replacing file associations even if I've already setup my own before one of their apps gets installed (I had a couple of other tools setup for images, and they got replaced in the defaults for like 30 file types). They do it with pretty much every app they distribute. It's presumptuous.

roselan 2 days ago 1 reply      
That's a clickbait title if I ever saw one. It seems Microsoft is trying to force uwp apps down our throats. It is sad because classic programs systematically feels snappier and are more efficient. They show their age, but are definitely less annoying than their sexier windows 10 version.

I don't know how many time I tried =really tried= to use the photo app or the new remote desktop app, but I always come back very frustrated to the classic version.

foxfired 2 days ago 4 replies      
> The original art app isnt going anywhere except to the Windows Store for free!

Does it mean that from now on we would have to download it?

partiallypro 2 days ago 0 replies      
They never said it was going away, they said it was deprecated. The media spun it, either out of ignorance or headline porn/clickbait.
Waterluvian 2 days ago 4 replies      
One more thing pushing me to interface with an online store. One less reason for picking Windows for my "toolbench" computer.

The paranoid in me is expecting there to be a catch to this new paint application. Ads? DLC?

faeyanpiraat 2 days ago 3 replies      
Okay so when I first heard this, I was kind of enraged, because I use paint daily for screenshots, ad-hoc cropping and stuff.

And when I tried Paint3D in the past it was garbage. Someone in this thread said that it is actually easy to crop with it, and I tried again, and yes it is actually a bearable experience, but scaling the image gives a crappy quality, so it is a no-go.

Then I got the Win+Shift+S screen clipping tool, which is awesome, it only gets the clipped screenshot into the clipboard, which is a half-assed solution, but then I remembered I got evernote, and made Win+Shift+D save the clipboard into a new note.

This way I can instantly take a screenshot in an already cropped way, and save it for future use, and Evernote can easily Annotate the image with text, or arrows, which is sufficient.


jagermo 2 days ago 0 replies      
An excellent example on how to generate media buzz. You would have to pay a decent amount of money if you wanted to achieve something similar with ads.
nsxwolf 2 days ago 1 reply      
Not having it installed by default will kill off MS Paint.
malekpour 2 days ago 4 replies      
There are much better free [web based] alternatives for WordPad, Paint and Notepad these days and I prefer to use those over these obsolete applications. These are not useful applications, we just like them because of nostalgia.

I doubt if Microsoft is removing Paint because of OS base image size. It should be more about source code maintenance and UI consistency. Both WordPad and Paint got ribbon user interface for Windows 7 and calc.exe has been replace by a modern Windows Store app in Windows 10.

Why should Microsoft spend time and resource to keep these applications up to date while majority of users are using better free alternatives?

Dolores12 2 days ago 0 replies      
If i had to download something anyway why would i download MS Paint and not a better alternative? So they are killing it.
fiatjaf 2 days ago 1 reply      
Is there an alternative to MS Paint that can be easily installed and used?

Not GIMP or other complicated things, I want my 4-year-old son to use it.

comeonnowreally 2 days ago 1 reply      
Disappointing comments in this thread. Lots of worthless complaining, and scant technical talk on solutions to this barely significant 'problem'.

If you want to keep the original mspaint.exe and don't want to use the Store for some reason, you can literally just copy it from any Windows 10 install media prior to RS3. Or from a running system. It's not difficult.

Overtonwindow 2 days ago 0 replies      
For many it seems Paint is their first experience with Windows, since my first was an Apple II GS, I remember Mouse Paint.
kazinator 2 days ago 1 reply      
You absolutely need MS Paint on Windows.

For one thing, it provides workarounds for horrible stability and functionality issues with image printing out of the Windows Shell (Windows Explorer).

I think it provides the only way to print an image 1:1 (original scale) without installing third party software. I.e. 600 pixels of a 600 dpi image actually measure one inch. Not all images are photographs that can be scaled; sometimes they are patterns for some real-world object.

How would a Windows user, say, crop an image without MS Paint, using only a vanilla Windows install with no 3rd party anything?

vxNsr 2 days ago 1 reply      
Honestly the biggest takeaway from this was that they were still developing mspaint.
eco 2 days ago 0 replies      
And here I was defending Microsoft in the other thread... This is much worse (for all the reasons people have already listed) than deprecating and eventually removing it which is what the original article implied was happening.
cardiffspaceman 2 days ago 0 replies      
The article really says,

We thought MS Paint was so great, we decided to list all the features that Paint 3D has that are similar to what MS Paint has. And we want to mention that Paint 3D is FREE!

These are the results for searching "MS Paint" on windows.com:


laythea 2 days ago 0 replies      

We are taking paint away from you and allowing you to come and get it through our funnel, erm... store.

nmeofthestate 2 days ago 0 replies      
One reason for this is surely Microsoft trying to get people to use their store.
radicalbyte 2 days ago 0 replies      
If they want to cut the bloat they can better look at fixing their installers. I don't need a copy of every installer ever used in my windows and program directories. Those folders are almost always the largest folders on my PC.
Oras 2 days ago 0 replies      
I quite like the way Microsoft is listening back to users, welcome back Microsoft!
the_wheel 2 days ago 0 replies      
I'd bet this was the plan all along. People are talking about Paint 3D.
cjsuk 2 days ago 1 reply      
Im beginning to think that Microsoft's new strategy is to optimistically break all their products by adding the store front and telemetry to them. Neither of which are needed or wanted in the majority of cases.
WalterBright 2 days ago 1 reply      
snissn 2 days ago 0 replies      
If they really want to make their core / long time users happy they would release the "Old MSPaint" from windows 95 as a stand alone app
hasenj 2 days ago 2 replies      
So .. what? It always struck my as a toy program (kind of like how Notepad seems like a toy text editor).

When was the last time you could get anything done with MS Paint?

FlashGit 2 days ago 0 replies      
Yay, at minimum 7 Mb freed up going forward. People will remember this joyous occasion, would rate 10/10 again.
boobsbr 2 days ago 0 replies      
Well, I'll just install Paint.NET then.
mnyxn 2 days ago 0 replies      
they should have found better way to go viral. I am not motivated to use paint3D. people using MSpaint are also be able to use MSexcel to paint.It's been used not because microsoft produced minimal tool made huge impact! actually the other way around!
LyalinDotCom 2 days ago 0 replies      
253 comments here as of the time when i am seeing the post... really folks? :)
talmand 2 days ago 0 replies      
I'm sensing a PR ploy on the level of Coke and New Coke shenanigans.
blocker_chain 2 days ago 0 replies      
Nice! Can't remove a classic and glad they listened to the people
gwbas1c 2 days ago 0 replies      
Where's the link? Specifically, how come this blog page doesn't link to the app in the app store?

Anyway, I agree that MS Paint needs to be built-in to Windows. It's like Notepad for images. Something that's reliable that we know that works and how to use.

mycat 2 days ago 0 replies      
Will users' revolt stop this advancement? I'm serious.
Piccollo 2 days ago 0 replies      
You boobs, just use Photoshop.
baalimago 2 days ago 0 replies      
but now it's probably going to be bundled up with all kinds of crap, such as ms pain(t) 3d
eklavyaa 2 days ago 0 replies      
well now I can always have a place to paste print screen :)
gchokov 2 days ago 1 reply      
Microsoft doesn't have any taste. No, it's should not be on the store. Tasteless company..
unabridged 2 days ago 0 replies      
With GPU passthrough becoming quite usable I don't think I'll ever put windows on bare metal again. And in my VMs I'll just be using evaluation copies.

I left MS office for open/libreoffice a few years ago and haven't looked back. The idea of having a store built into my operating system makes me ill, I already have enough of that with android. I can't really imagine giving MS any more money (except possibly when buying a laptop), and I'm not sure what they can do to change it.

The Million Dollar Homepage as a Decaying Digital Artifact harvard.edu
445 points by sjmurdoch  4 days ago   150 comments top 34
_kst_ 4 days ago 2 replies      
I can still access http://www.milliondollarhomepage.com/

I can't currently access the article at https://lil.law.harvard.edu/blog/2017/07/21/a-million-squand...

[Insert joke about irony here.]

schiffern 4 days ago 0 replies      
>Of the 2,816 links that embedded on the page (accounting for a total of 999,400 pixels), 547 are entirely unreachable at this time. A further 489 redirect to a different domain or to a domain resale portal, leaving 1,780 reachable links

Looking at the million dollar homepage, many of the links were never valid:

http://paid & reserved/

http:// paid and reserved - accent designer clothing/

http://reserved for edna moran/

http://paid & reserved for paul tarquinio/ (1200 pixels)

http://pending order/

These links are all shown in plain red ("link to unreachable or entirely empty pages") in the "visualization of link rot," so it looks like the authors didn't account for invalid URLs.

Houshalter 4 days ago 4 replies      
Gwern has a good summary of the research in this: https://www.gwern.net/Archiving%20URLs

>In a 2003 experiment, Fetterly et al. discovered that about one link out of every 200 disappeared each week from the Internet. McCown et al 2005 discovered that half of the URLs cited in D-Lib Magazine articles were no longer accessible 10 years after publication [the irony!], and other studies have shown link rot in academic literature to be even worse (Spinellis, 2003, Lawrence et al., 2001). Nelson and Allen (2002) examined link rot in digital libraries and found that about 3% of the objects were no longer accessible after one year.Bruce Schneier remarks that one friend experienced 50% linkrot in one of his pages over less than 9 years (not that the situation was any better in 1998), and that his own blog posts link to news articles that go dead in days2; Vitorio checks bookmarks from 1997, finding that hand-checking indicates a total link rot of 91% with only half of the dead available in sources like the Internet Archive; the Internet Archive itself has estimated the average lifespan of a Web page at 100 days. A Science study looked at articles in prestigious journals; they didnt use many Internet links, but when they did, 2 years later ~13% were dead3. The French company Linterweb studied external links on the French Wikipedia before setting up their cache of French external links, and found - back in 2008 - already 5% were dead. (The English Wikipedia has seen a 2010-2011 spike from a few thousand dead links to ~110,000 out of ~17.5m live links.) The dismal studies just go on and on and on (and on). Even in a highly stable, funded, curated environment, link rot happens anyway. For example, about 11% of Arab Spring-related tweets were gone within a year (even though Twitter is - currently - still around).

resf 4 days ago 3 replies      
Decaying in more than one way. The JS files on milliondollarhomepage.com start with:

I guess someone didn't keep backups?

krallja 4 days ago 4 replies      
The Million Dollar Homepage is not decaying (it is still serving its million dollar purpose) - it is the Web itself that has decayed. The brittleness of URIs is on full display. "Cool URLs don't change," but most of these URLs were never cool: they had to rent coolness from Internet cool kid Alex Tew.
glenstein 4 days ago 2 replies      
The article seems to be suggesting that the Million Dollar Home Page has in some sense failed to fulfill it's promise because many of the links are now dead. I don't follow that logic at all. To me it seems that the MDHP's job was to be an iconic piece of internet history, and they've entirely fulfilled their end of the bargain.
sixQuarks 4 days ago 3 replies      
I actually purchased a $300 spot on this. I did get quite a few clicks, but very low-quality traffic. Mostly, I got lots of offers from copycat sites to join their "billion dollar" homepage or whatnot.

It's crazy how many copycats came out, very unoriginal thinking going on.

ChuckMcM 4 days ago 1 reply      
I think in many ways it is not a 'decaying digital artifact' as it is an excellent representation of the fallacy upon which a lot of the Internet hangs. In the Library of Alexandria you didn't have scrolls disappear because the kingdom where they originated had been crushed under the boot of an invader. But the Internet is no great library, no respository of knowledge, or an oasis of independent thought. The Internet is a conversation in a crowded room with amplified shotgun microphones pointed at all who walk through it.
AdmiralAsshat 4 days ago 0 replies      
I'm not sure why the article considers it "squandered": it did its job as long as the advertisers cared to maintain their links.

It hardly seems fair to blame a billboard being in disrepair if the company it advertised no longer exists.

narrator 4 days ago 0 replies      
I think all the broken links just goes to show that failure in business is the norm or that someone who thought it would be a good idea to promote their company on this service is probably not good at running business.
aidos 4 days ago 2 replies      
Would be interesting to know how many people on the million dollar homepage are on HN. I imagine there's a wonderful cross over between the two groups.

Even though its with a business we're not doing now, my business partner and I are on there.

Edit: don't think it deserves a downvote - is it not an interesting question? I bet there are loads of serial entrepreneurs on both

ernsheong 4 days ago 3 replies      
FWIW, I'm building https://PageDash.com as a private web archive to address the problem of link rot, beginning from a personal level. Launching in late August. Think of it as a private version of perma.cc.
brosky117 4 days ago 16 replies      
I just heard about the "Million Dollar Homepage" for the first time last week. Would this idea (or one like it) work today? Making a million dollars for something so bizarre, fun, and straightforward sounds amazing. Can anyone reference other attempts at similar ideas?
hellbanner 4 days ago 0 replies      
A more modern variant, https://catbillboard.wordpress.com/

"Million Dollar Cat Billboard project sells 10 000 squares (places on a billboard) $100 dollars each to make worlds first ever cat billboard and put it up in 10 cities around the globe for a month. To proudly show your cat to the world you need to buy at least one square. But of course you can buy as many of them as you wish as long as they are available."

tejtm 3 days ago 0 replies      
As good a time as any to trot out my hobby horsewith suggestions on how to mitigate data rot. Aimed at science, but more broadly applicable.

"Identifiers for the 21st century"https://doi.org/10.1371/journal.pbio.2001414

note/claimer/disclaimer: Although I am included as an author I do not write that well.

smegel 4 days ago 0 replies      
It's amazing how well designed the ads within the image are...it's a big jumble but many of them stand out quite strongly with just a single word. I wonder if they designed ads with the surrounding color context taken into account.
amelius 4 days ago 0 replies      
This homepage demonstrates what an average city would look like without any regulation.
cdevs 4 days ago 2 replies      
My first web page ever is in there. I'm not sure how special of a thing that is I don't know how many icons are involved.

Also I wonder how Word got around to me about things like this in the days of MySpace and yahoo as my internet.

Gargoyle 4 days ago 0 replies      
Do this with an ICO, with your space verified via smart contract.

It's all in the marketing!

rxlim 4 days ago 3 replies      
I wonder how he got everything to fit as more and more space was sold and if it was a manual process? It must have been like playing Tetris on expert mode.
pul 3 days ago 0 replies      
Worst of all, only 8 of the 3306 links use https. 11 years really is an eternity in internet years.
philip4534 4 days ago 1 reply      
Xanadu lost.
Shorel 2 days ago 0 replies      
Everytime I find something interesting, it goes to Pocket.

That provides me with a digital copy, and it is automatically sync with my Kobo reader.

mathattack 3 days ago 0 replies      
1780/2816 links being reachable is actually much higher than I'd expect over 12 years. I'm not sure if that's what I would have predicted from the outset.
johnbowers112 4 days ago 0 replies      
Here's an archive of the article for those having trouble accessing it:https://perma.cc/A6ZZ-79X6
pishpash 4 days ago 2 replies      
Whatever happened to DOI? (Or leveraging Google's knowledge of redirects?) A lot of rot is hosting changes; the documents, if the author cared, could well be hosted somewhere else.
5_minutes 3 days ago 0 replies      
An interview with the creator would've been a nice addition to the story.
Nursie 4 days ago 1 reply      
Oh wow, I remember that.

1 million pixels for only a dollar each!

That guy made a nice bundle off the idea, it got picked up and hyped by the media so much I'm sure the companies that bought in got some ROI, or at least some publicity. Such was the extent of the dot com bubble that this sort of nonsense could happen and everyone cheered...

peter303 4 days ago 2 replies      
I wonder what the "rot factor" is for scientific citations? Some professional societies I am in mandate URLs for bibliographical references. Most of the time these are peer-reviewed articles. But they can be softer references like Wiki reviews, data repositories, etc.
mavhc 3 days ago 0 replies      
All the links except twitter on the homepage are broken
chenster 3 days ago 0 replies      
I'm just jealous.
keyboardmonkey 4 days ago 0 replies      
it was always destined to decay, was always going to be a one-off success. interesting in it's success juxtaposed by its immediate pointlessness.
malthazzar 4 days ago 0 replies      
the left of the yellow coupons ad in the right middle
fatjokes 4 days ago 2 replies      
I didn't realize you bought the pixels permanently. How did the owner keep up with serving costs?
Passwords Evolved: Authentication Guidance for the Modern Era troyhunt.com
424 points by Spydar007  1 day ago   206 comments top 29
koolba 1 day ago 9 replies      
This is a nice article. Only thing missing is calling out "secret questions" as asinine.

I loathe when sites require you to set them up as it requires manually generating a series of N-length random strings (ex: eZDWzazuMw0ZzD4nKhxXXVN3) and saving the pair (question plus random text) as metadata associated with the account. Not exactly pulling teeth but it's pretty annoying to manually do that for 3-5 entries.

Even worse offenders are the sites that don't even let you enter a value in a text box but instead require you to pick from a drop down with a handful, say 10-15, of entries (cough United Airlines cough).

And the very worst offenders are the ones that, after successfully authenticating with your password, ask you for the answers to the secret questions every single time you log in (cough again United Airlines cough).

tomp 1 day ago 8 replies      
Ah, passwords.

Look, webmasters, the simple truth is - I don't care. I have a default password that is very simple to memorise (and hence guess/hack), that I use for most logins, because frankly, I just don't care. Unless you're vitally important to my life (email, Facebook, backup, services that I use so often that they keep my personal/credit card data), your login/password is just an annoyance for me, as is your password security policy.

I commend reddit and webshops that allow "checkout as guest", that recognise this.

MarkMc 1 day ago 3 replies      
This is a great article, but it doesn't acknowledge that there is sometimes a tradeoff between security and profit.

For example, imagine a typical user who tries to choose a password:

User: I want my password to be "monkey"

System: Sorry, that password is in the dictionary

User: OK, I want my password to be "monkey1"

System: Sorry, that password is on a list of exposed passwords

User: Grrr! OK, I want my password to be "monkeymonkey"

System: Sorry, that password is on a list of exposed passwords

User: Grrr! OK, I want my password to be "monkeyfuckyou!!!"

System: Sorry, that password is on a list of exposed passwords

User: Screw this, I'll just sign up with one of your competitors.

waynecochran 1 day ago 6 replies      
Math tells us longer passwords are better than longer alphabets, yet I am often forced to add special characters. If I have 12 character password over an alphabet of 26 characters, there are 26^12 possible passwords. If I have the choice between adding 5 special characters or increasing the length of my password by 5 characters, math says do the latter:

 (26 + 5)^12 = 7.88 x 10^17 < 26^(12 + 5) = 1.13 x 10^24
That's over six orders of magnitude higher. How come supposedly computer savvy people don't know the difference between x^N and N^x?

BlackFly 1 day ago 0 replies      
For anyone who is thinking about using unicode for passwords, remember to normalize the unicode before hashing it. Different human input devices may output different codepoints for what appears to a human to be the same character/string. Obviously make sure you manage the decoding/encoding as well.
karrotwaltz 1 day ago 0 replies      
Here is what NIST has to say about allowing the user to display the password on screen:

> In order to assist the claimant in successfully entering a memorized secret, the verifier SHOULD offer an option to display the secret rather than a series of dots or asterisks until it is entered. This allows the claimant to verify their entry if they are in a location where their screen is unlikely to be observed.

aidos 1 day ago 2 replies      
On systems that disable the pasting of passwords: could I give a special shout-out to Apple OSX which, in 2017, still refuses to allow users to paste a passphrase when the ssh agent pops up a window to request it?
dustinmoris 8 hours ago 0 replies      
One thing which I find Troy constantly misses to advertise and which I personally think is a much better solution than using password managers and each individual system having to develop their own login + verification and security system is to use 3rd parties to authenticate.

I am a big fan of password managers, but I don't think there is a need for them, because WE ALREADY HAVE ALL OUR EGGS IN ONE BASKET: email.

If someone gets access to your email address then they have effectively access to every single service you signed up with that email. Therefore every single service might as well just use Google/Hotmail/Microsoft/etc. to authenticate their users instead of building their own login system and asking people to come up with a new password which forces them effectively to use a password manager and yet another place to store all eggs in one basket.

The password to your email account == the password to your password manager.

If we would all just rely on Google/Hotmail/Microsoft/Facebook logins then we would be even more secure then everyone having to use a password manager, and it would be a much better user experience. Also I am pretty sure that Google + Microsoft + Facebook have a lot more talent + resources to secure their accounts then every new service which pops up every day. Let them do the security and you focus on your actual business value...

kutkloon7 1 day ago 7 replies      
The problem with a password manager is that you don't have easy access to one when you're on a different machine.

A better way is to use a scheme that hashes your username, service name, and master password to generate a password. A problem is that this doesn't always comply with the arbitrary demands on your password.

This is why these arbitrary demands need to die: they make the only way to securely and conveniently access accounts from different devices impossible.

zwily 1 day ago 3 replies      
Does anyone provide a regularly updated bloom filter of exposed passwords you could use for meeting the last point? Seems like something Troy could do...
brightball 1 day ago 0 replies      
When I talk about security, the question I like to pose is this:

Imagine every password for every one of your users is published...can you identify people? How would you clean up the mess? Imagine a malicious person logged into EVERY one of your user accounts and tampered with them, changed email addresses, etc. Can you identify it? Can you clean it up? Can you prevent it from happening again?

If the answer to any of those is no...then you're sitting on a time bomb.

Start with the assumption that the username and password is convenient but unreliable, then move forward with actual security.

xoa 1 day ago 1 reply      
While I think there is growing recognition that password based authentication is a highly suboptimal path dependency, we're also stuck with them on the majority of systems/services for the time being. Even if UI and market standards for cryptographic based auth finally gets improved, it'll still be a long haul for it to grow in usage. That being said this seems like a solid overall listing of the basics that all password using services should follow, except as koolba said earlier "Security" Questions (scare-quotes extremely intentional) were always a horrible anti-user & anti-security idea and should be eliminated everywhere.

My only actual quibble/concern with this piece is in the "Notify Users of Abnormal Behaviour" section. I agree it's a good idea in principle to perform notifications, the only niggle though is that some common forms of notification are not authenticated in general, and in practice that particularly means email. I have only ever seen a few companies, even in the financial sector, that sign emails (and without that more aggressive automated domain anti-forging is hard too). At least from the stats I've seen on my own servers and for users I'm responsible for, "Notification/Alert" emails are an ever greater favorite of spearphishers & spammers. A lot of the major companies deal with this by using better authenticated purpose-made notification systems or even just text messages, but email still enters in, and if the practice spreads I'd expect to see a lot more places just using email. I think it's worth being careful about getting users trained into any habit that might lead them to immediately assume something from an unauthenticated source is real and should be clicked. This might be an area that'd be worth coming up with better standards and UI for as well.

jimktrains2 1 day ago 3 replies      
The problem with passwords on the web is that they require sending and trusting private credentials to someone else. As devs we need to working on making better systems (e.g. TLS client certs and SRP (e.g. TLS-SRP or PAKE)) more usable.

It's not a magic bullet and not something a switch can be flipped on, but the status quo is terrible.

SeoxyS 1 day ago 2 replies      
One thing that bothers me about this article, and the way everyone does passwords is this assumption that the output of a cryptographic had function is alphanumeric. It's not, is binary. Store the actual data in your database, not the base16 representation! This applies to anything, not just passport hashesdon't transmit around data as base64 unless you're actually using a medium that requires it (e.g. email)
shadowashe 1 day ago 1 reply      
passwords are clearly still a gigantic problem in infosec for the users https://blog.binaryedge.io/2017/07/24/antipublic-password-an...
_nothing 1 day ago 2 replies      
Whenever a site requires special characters, it just ends up limiting me to one of the few memorized passwords I have that matches the criteria, most of which are barely 8 characters long.

I use LastPass but I don't like using the password generator because I want to be able to log in on mobile or other computers when necessary, but I don't do so enough to justify signing up for a subscription (I dislike subscription models) that would allow me to access use it on mobile.

I wish I could just use giant password strings on all of my sites.

rietta 1 day ago 0 replies      
Excellent read. I've finally decided to do what I've been saying I would do for two years and create an open source demo Ruby on Rails application that applies these principles using the Devise gem and a few others. Will show it supporting multiple two factor strategies as well as account lockout, recovery, and access downgrading based on confidence. It's a private repo at the moment but I will share as soon as its worth showing.
Someone1234 1 day ago 2 replies      
I like the concept of "Notify Users of Abnormal Behaviour" but how. I mean that in a technical sense. This XKCD seems to apply[0].

People take for granted that an organisation can just hook into a bunch of paid external services, GeoIP, Browser/Device Database, etc. First off, there's a great many organisations who cannot or will not be able to use an external GeoIP database for example, and even if they could how is a threshold of "abnormal" determined?

I too love Facebook's implementation. How do I make that without hooking into half a dozen paid external providers? I'm legitimately asking, because this seems like a "research team and five years" type of issue.

[0] https://xkcd.com/1425/

utexaspunk 1 day ago 0 replies      
Is there an independent body that certifies that a site uses good practices? I mean, I have no way of knowing whether a website is storing my password in the clear (unless they email my password to me), using a symmetric cypher, a site-wide salt, etc. It would be nice if a trustworthy party could investigate a site's security practices and certify that they are doing things properly.
pishpash 1 day ago 1 reply      
A person only has so many memorizable passwords that they can hold at a time; the entropy source is very very low rate. Revealing any memorizable password to stupid random sites is itself an antipattern.
iooi 1 day ago 2 replies      
What is the consensus on not allowing previously used passwords?

i.e., when changing your password: "You used this password too recently, you can not use your last 20 passwords"

ojr 1 day ago 1 reply      
No mention of how to authenticate on mobile? I don't think a guidance on how to authenticate for the Modern Era is complete without having a mobile solution
wepple 1 day ago 2 replies      
I'm curious; why aren't we dropping the use of passwords in favor of U2F?

I guess for one; not everyone wants to buy and carry a key. But we're at the point where you have to have a password manager anyhow, a token isn't that much more of a burden.

BucketSort 1 day ago 1 reply      
I believe eventually passwords will become cognitive thumbprints. I.e. instead of a password, we play a short game, type in some text of which the cadence can be analysed.
Piccollo 1 day ago 0 replies      
I like my passwords 1, 2, 3, and 4 5.
EGreg 1 day ago 1 reply      
Or you can move beyond passwords.


ss248 1 day ago 5 replies      
>Embrace Password Managers

I disagree. Author pointed out "all eggs in one basket" issue, but it doesn't look like he completely understands the whole problem. The main problem is that passmanager holds a lot of metadata.

For example, you use unique password with high entropy for every service you use. Once attacker gets your one master password (through zero-day or just by watching you type it), potential damage is massive. He doesn't have to try to find where you are registered, password manager will tell everything, about every single account and possibly more; some people even store credit card/banking info in passmanager. At that point it's over, you lost.

"... if (password manager) gets compromised it's going to be bad news. But this is an exceptionally rare event compared to the compromise of an individual service which consequently exposes credentials."

This is not an argument at all. Let's consider the situation when individual service gets compromised. Attacker has thousands of salted hashes. With good hash algorithm, he have to spend considerable amount of time cracking every single hash. He doesn't target you in particular. You are just one of many. If attacker cares about you, after cracking hash and getting your password, he has to do a lot of research (trying to find other sites where you used that password and hope you didn't change anything there) to make any use of it. Objectively, he doesn't actually have much. So going after popular services you use, just to get your password, doesn't look like a good attack vector in the first place.

People should know, that password manager is just a glorified notepad file with one password. By using them you are trading safety in situations when attacker targets you, for safety in situations when attacker targets someone else and you are just a collateral damage. If you must, use them only for information you don't care to lose.

Crack WPA/WPA2 Wi-Fi Routers with Aircrack-Ng and Hashcat github.com
467 points by braxxox  3 days ago   131 comments top 16
throwasehasdwi 3 days ago 6 replies      
I'm not sure why this is amazing enough to make the first page but W/E it's HN :). Just so less informed are aware, this has been feasible for maybe 7 years (since GPU calculation became possible).

Just so nobody freaks out, this is cracking weak passwords, not broken WPA.

I have myself cracked countless WiFi passwords when security testing. It's easy if the passwords are bad, which is maybe 90% of the time for home networks and 60% for businesses. The attack is completely passive if you don't want to be noticed, and with a cheap dish you can pickup both ends of the handshakes from up to around a quarter mile away (line of sight).

aerovistae 3 days ago 4 replies      
I attempted to do this once and it turned out to be monumentally difficult. I got as far as setting up a bootable kali thumb drive before getting stopped in my tracks by hardware incompatibilities and unexpected behaviors and errors. These articles make it sounds a LOT easier than it is. I was very disappointed because I was really excited about it.
polpo 3 days ago 3 replies      
4,733,979 out of the 14,344,391 passwords (33%) in the rockyou.txt dictionary file used for cracking in this guide are too short to be WPA2 passwords, which have a minimum length of 8 characters. Are aircrack and/or hashcat smart enough to not bother hashing those short passwords?
yedpodtrzitko 3 days ago 2 replies      
Is there anything novel in there? On a first sight it seems just like a guide done hundred times before...
bobsgame 3 days ago 4 replies      
I had the idea a long time ago to make a dd-wrt image which would automatically crack the vulnerable routers within distance, detect the model, and install a compatible version of itself in order to spread virally and create a mesh network. I'm not going to pursue it because it probably breaks a lot of laws, but I'm still curious if it would have been possible. Does anyone know if this is actually feasible? Maybe the radios can't handle that sort of thing?
webaholic 3 days ago 3 replies      
To the script kiddies out there who read this: Do not try this on others wifi. It is a crime in the USA to crack network routers. Although the chance of you getting caught is low, better be safe than sorry.
thinkxl 3 days ago 0 replies      
wifite2[1] is a wrapper tool that does all this automatically.

Not trying to say that easier is better, in this case. Just wanted to show this tool for those who don't know it.

[1] - https://github.com/derv82/wifite2

edit: added wifite initially, replaced it with wifite2

infamousjoeg 3 days ago 5 replies      
How long does the cracking process take? I remember WEP only taking 10 minutes using aircrack-ng in BackTrace... I imagine this takes substantially longer.
buschtoens 2 days ago 0 replies      
The deauthentication packet looks interesting. Does that mean, that I could annoy the hell out of my neighbors by constantly forcing all of their devices to reconnect?
nictrix 2 days ago 1 reply      
The DSL provider in my area sets up customer's wireless networks with their home or mobile phone number as the password. If you know that number or can look it up in public records then you're in. If you can't find it maybe use a dictionary pertaining to the area code of phone numbers and then you're in. When the protocol changes to something more secure, the ISP's customer will still be as insecure as they always were.
billfor 2 days ago 0 replies      
Just fyi if you are using Kali the rockyou list is already in /usr/share/wordlists.

Also to reduce the size of the pcap file, you may want filter it for EAPOL packets only:

tshark -r input.pacp -R "eapol || wlan.fc.type_subtype == 0x08" -w small.pcap

nikkwong 2 days ago 1 reply      
Can someone help me understand why, from a technical perspective, it is necessary to capture the handshake?
nextstep 3 days ago 1 reply      
Does this only crack single word passwords? If my password was two common dictionary words or a common word plus a single number, would this try that possibility?
rootsudo 3 days ago 2 replies      
Honestly, why reinvent the wheel. Use Wifite2 with a proper password list and done.
tambourine_man 3 days ago 0 replies      
Anyone tried Apple's Airport drivers and Linux on VirtualBox?
baalimago 3 days ago 0 replies      
most people don't change password on their routers anymore
How Chrome OS, Termux, YubiKey and Duo Mobile make for great usable security lessonslearned.org
396 points by walterbell  17 hours ago   141 comments top 41
AdmiralAsshat 11 hours ago 6 replies      
I'm not sure how much extra "security" you're really getting out of staying strictly within ChromeOS. Yes, Secure Boot is disabled. However, the ChromeOS partition is still encrypted, and you can manually encrypt any of your crouton chroot environments, so someone looking at the thing still wouldn't be able to peek into the contents. If you're asked, "Why is this in Developer Mode?", you can answer, "I'm a developer."

Additionally, once Developer Mode is enabled, you must hit Ctrl+D to move past the warning screen every time. It is incredibly easy to inadvertently hit Enter or Spacebar, and then have the Chromebook wipe itself and restore to factory settings. I've done it inadvertently myself, and have heard multiple reports of a developer's spouse/child accidentally clicking it, too. Unless a Border Patrol agent knew exactly what they were doing, I'd be willing to bet they'd accidentally wipe it as well.

Finally, while I'm aware that disabling Secure Boot in theory opens you up to an Evil Maid attack, what is the likelihood that border patrol/customs would have a malicious OS on hand, and the know-how to flash it? Worst -case scenario, if you suspect they've tampered with the OS, simply hit Spacebar yourself as soon as you get it back, restore Secure Boot, and then start over from scratch!

As an aside, if you are confined to ChromeOS, I highly recommend Caret as an editor. It's a FOSS, Sublime clone chrome app that works swimmingly on Chromebooks.

serf 16 hours ago 3 replies      
So, be inconvenienced in every aspects important to a dev but gain a bit of confidence in your machine (as long as you trust Big-G)?

verified boot seems like the only advantage here. You can buy an ebay business-grade laptop with TPM for 40 bucks USD readily, and they don't require reliance on Google or the requirement that one uses a neutered OS. (yes, yes, it's secure. It's a users' platform. Development on chrome OS at this point is an act of masochism.)

If secure travel is your thing, stash your data on a cloud provider and pull it later after you arrive at your destination. Go whole-hog and travel without an SSD and buy a cheap one at your destination with cash. Sprinkle in some libreboot for more confidence.

It'll still be cheaper than a 200 dollar chromebook, and you probably won't have to deal with some of the worlds' worst chicklet keyboards.

P.S. don't travel with a yubikey that isn't partnered with another. Would be a bummer to lose.

andrepd 7 hours ago 1 reply      
So, the solution to the uncertain threat of airlines picking your luggage and stealing your computer or its data is... giving over your data to somebody that it's certain it's spying on you and whose business model is to comb over your data.

How is this not "you won't catch me, I'll just throw myself off a bridge"?

Also, termux has ~600 packages. Debian has 50,000. Besides the basics, you're liable to need packages you just don't have in termux, which makes it a serviceable environment in a pinch, but not one where you want to do your work on.

Sodman 12 hours ago 1 reply      
I've been running the Chromebook Pixel 2015 as my primary dev machine since it came out. Unlike the author however, I've opted for the less-secure "dev mode" on the laptop, and do everything in crouton. (Java web / Android, mostly).

It may not be as secure, but it's hella convenient (still use 2FA). ChromeOS boot is < 5 seconds, and I just stay there for web browsing / netflix. Dropping into crouton is another < 5s when I need to do dev work, or play steam games.

Everything important on the laptop is backed up to some cloud service or another, but it's expensive enough that I'd be distraught if I lost it (plus they stopped selling them).

I'd be more worried about somebody straight up stealing the laptop than any other security risks I may be running by running in dev mode.

I love the idea of natively developing in ChromeOS, but at this point it just seems like more hassle and fighting the system than it's worth.

le-mark 16 hours ago 1 reply      
This blog post details using a chromebook as a temporary device, such that you can travel with a blank machine, and provision at your destination with the data and apps you may need:

> It's pretty neat to consider the possibility of pre-travel "power washing" (resetting everything clean to factory settings) on an inexpensive Chromebook and later securely restore over the air once at my destination. ... the engineering challenge here was to find something powerful enough to comfortably use exclusively for several days of coding, writing, and presenting, but also cheap enough that should it get lost/stolen/damaged, I wouldn't lose too much sleep. ... I could treat it as a burner and move on.

Edit; I've been using a de-chromed chromebook for over a year as my primary dev machine and really like it. I developed and launched one side project with it. The model I have (Acer C720) is a dual core Centrino, 2GB of ram, and I upgraded the m2 sata to 120GB. For Python/PHP/Ruby, it's great. I would not do Java development on this set up though. Java IDEs eat battery life and I imagine jvm startup time is a burden on this, although I haven't even installed Java to find out.

Edit 2: to clarify, this is not about removing chromeos, but to use chromeos for it's security features. The article goes over using Termux to get a basic development/work environment setup on chromeos. Plus a lot other helpful tips.

I offered my experience de-chroming as an example, I really like the platform. Apologies if that was confusing.

pilif 13 hours ago 3 replies      
> When things get completely borked (which in two weeks of heavy use only happened a couple of times for me)

how are people willing to live with this? I would be furious if I had to lose all my state and (for all intents and purposes) restart my machine multiple times in two weeks.

And if this "borking" happens right before or during a presentation (the author was writing about using this setup for giving talks on), this would be very embarassing for me and extremely annoying for the audience.

A work/presentaion machine has to be rock solid for me. No compromises, no workarounds and most certainly no "completely borked". Just pure solid.

devy 12 hours ago 4 replies      
One of the BIGGEST drawbacks using a Chromebook with 11.6 inch screen that nobody here talks about yet, is the grainy and crappy 1366 x 768 screen resolution! I've been a long time Macs guy anything inferior than RetinaDisplay will considerably straining my eyes before I am used to it. Dell XPS 13 included.
fredley 17 hours ago 3 replies      
I tried using a Chromebook as a dev machine several years ago - before Android apps. The chroot situation worked well enough, but the dev-mode boot was a deal-breaker.

Back then, if a Chromebook's local storage filled up, it would factory-reset itself. Is this still the case? This is one big thing keeping me from trying this again (which I'm very tempted to do so after reading this article). Investing in setting up a dev environment like this is fun, but only the first time around...

qb45 5 hours ago 0 replies      
Nearly every how-to and blog post I've found on "Chromebooks for developers" essentially starts with either: "Boot into Developer Mode" or "Install Debian/Ubuntu as the main OS". I'll just say it: This is bad advice. It would be akin to recommending that friends jailbreak their shiny new iPhone. You're obviously free to do as you wish with your own gear, but recognize that at Step 1, you'll have lost most of the core security features of Chromebook

Well, it's possible to temporarily unlock firmware write protection and replace Google key with your own and run self-signed kernels and arbitrary distribution securely. But indeed, I haven't heard of anyone actually going through the effort to do so.

bgrohman 5 hours ago 0 replies      
"As far as Debian/Ubuntu (and crouton), that's fine as far as it goes, but then you don't end up with a Chromebook, just a cheap mini-notebook with flaky drivers."

Hmm, I'm not sure about that. I went the Crouton route on my $169 Chromebook, and now I have both ChromeOS and Ubuntu. Plus I can switch between them quickly. And if I understand Crouton, the chroot is actually using the same kernel and drivers as ChromeOS. I haven't had any driver issues. And it's easy to set up encryption for your chroot. I think it's a good solution.

rkeene2 2 hours ago 0 replies      
For all of those of you using DOD CACs or USG PIVs (NIST SP 800-73) smartcards there is also CACKey[0] for ChromeOS, of which I am the author.

I worked with Google to port it to ChromeOS when ChromeOS grew certificate provider support.

[0] https://cackey.rkeene.org/

mkohlmyr 16 hours ago 1 reply      
I used my CB30 as a dev machine for a little while, both using cloud environments (koding, codeanywhere) and using vscode under crouton.

It is so close to being usable. It is such a user friendly operating system, it just falls short on a few significant fronts.

1. Developer mode should be friendlier to use (no horrible noises on boot, no delayed boot time).

2. It needs support for electron-based/alike apps to run natively in browser windows without crouton. E.g. vscode.

Aissen 14 hours ago 2 replies      
Regarding the TOTP app, I generally prefer FreeOTP to Google Authenticator/Duo/Authy, etc. It might not provide push codes, but at least the implementation is Open Source and the binaries come from a trusted source.
albertgoeswoof 3 hours ago 2 replies      
What's the alternative solution for a cloud/remote based factory wipe, travel and restore? Is there anything on Linux that offers the same quality of user experience without being hampered by chromeOS and dealing with Google/a 3rd party?
cosatelo 8 hours ago 0 replies      
Chrome OS always has me torn. Its a beautiful well designed OS with a great concept behind it, however, its obviously non-usable from a privacy standpoint.
chx 15 hours ago 1 reply      
In March, we have seen reports of Android Studio possibly coming to Chrome OS. Android Studio would mean IntelliJ IDEA and the entire family of IntelliJ IDEs. That would make this an even better idea.
cjsuk 14 hours ago 1 reply      
Yubikeys tend to wear out your USB ports after a bit I found, at least on my X201 and the X61 that preceded it.
atopuzov 17 hours ago 1 reply      
I love my C201, also not very expensive. I opted for the 4Gb version. My first setup was chromeos + crouton then I moved to linux on a sd card. I noticed I never boot into chromeos anymore so I got rid of it.
geogriffin 10 hours ago 0 replies      
The chromeos security model praised in this article seems quite too conservative for devs to me, considering the inconvenience trade-offs:

- persistent state is discouraged, but not disallowed. in fact, when the browser is exploited, any/all internal state necessarily must be be accessable and modifiable. i'm taking an educated guess that persistent browser internal state is less guarded against exploitation than external inputs.

- once pwned, most of your important data can probably be captured and accounts taken over before you ever decide to reboot. it's a PITA to have to reboot before accessing anything sensitive; no one should have to think/remember to do that. (maybe if chromeos were serious about preventing persistent threats, they'd force a reboot every night?)

- yes, it's defense-in-depth, but security is a game of trade-offs, where convenience often trumps technical security mechanisms in terms of increasing security overall.

I enable dev mode, but I appreciate the "stateless" sentiment in terms of encouraging data backup. i think I end up backing up my data (git push, etc.) more often than I would on a non-chromeos laptop, because it "feels" like more a necessity; especially after my 2 yr-old son hit the spacebar during that god-awful dev-mode bootup warning screen, and proceeded to factory-reset my chromebook.

grondilu 4 hours ago 0 replies      
I used to own a chromebook and I loved it... until it failed.

I had computers that failed before, and usually I could manage to repair them somehow, most often by using a linux liveUSB, but with this chromebook, I've tried many things but I could not do anything. No access to BIOS, not bootable USB, nothing. Complete black box.

So I'm not sure I'll buy an other chromebook anytime soon.

andmarios 10 hours ago 1 reply      
As a side point about Termux, Android 7 finally stopped hijacking the control+space combination, so you can use emacs efficiently.

Termux is really useful, giving you an almost complete linux environment in Android phones and tablets. You can install it via Google Play, no need for root or any modification to your device. Add an external keyboard and you can work on the go.

g00gler 12 hours ago 1 reply      
Don't do it!

I got a Lenovo 14" IdeaPad N42-20 and desktop to replace my 256gb MacBook Pro.

It turned out to be a bad idea, mostly because the screen is terrible. It's the same resolution as the Samsung 3 mentioned in the article.

It also seems so small compared to a 15". Side-by-side windows isn't very nice, either.

I find myself working less because I don't feel like sitting at my desk or using the Chromebook.

limeblack 7 hours ago 0 replies      
I have tried using Chrome OS as my main device and I'm basically going to use this post to rant a little. Why does Chrome OS have to use basically a dock like Macs.

I would love and probably use Chrome OS as main device if it looked like this: https://i.stack.imgur.com/9MCqo.png

devy 12 hours ago 0 replies      
Also, it feels like this Samsung Chromebook 3 is just tiny bit (I am sure it isn't but it feels that way) of upgrade from the famous Dell mini 9[1] from almost a decade ago.

It was super hackable and most people bought it installed hackintosh on it and with a near perfect hardware compatibility with OS X Snow Leopard. A few friends of mine went to Africa for a few months with Dell Mini 9 and were able to freelance their with a fully functional yet super affordable hackintosh Mac. I wish Dell can have another of those netbook lines with compatible hardwares.

[1] https://en.wikipedia.org/wiki/Dell_Inspiron_Mini_Series#9_Se...

math0ne 3 hours ago 0 replies      
Some cool idea's at play here but termux is so limiting I would have a hard time getting any real work done.
talkingtab 13 hours ago 2 replies      
I have a potential application for a U2F keys and I'm wondering why you recommend the $18 Yubikey on Amazon versus the $10 one that is also FIDO certified. Is there a difference in the function or some other important difference?
kasey_junk 13 hours ago 1 reply      
Does chromeOS allow you to remote wipe the box? That seems like that would be another advantage to this in the case of theft (note: definitely not in the case of the box being confiscated by a lawful authority).
free_everybody 6 hours ago 1 reply      
Great article! Here's a thought.

Why not get a used MacBook Air off Ebay for ~$400? Top notch OS, great support, sturdy design, great battery life...

JepZ 15 hours ago 1 reply      
While I like the idea and the listed apps are just awesome (didn't know about termux, wow), the whole setup depends too much on google services for my taste :-/
omnifischer 13 hours ago 0 replies      
Wondering if Google would themselves launch such a workspace. https://www.youtube.com/watch?v=mfLc4U8pnPkThe idea is to have a vnc/remote-desktop style machine on AWS. Just need only a client (secure chromeOS)
tkubacki 12 hours ago 0 replies      
My current view is that best what average fullstack dev can do is still to buy beefy desktop with linux/nvidia + windows on virtualbox/vmware (for Windows stuff). Additional cheap Chromebook is nice but eg. IntelliJ is to heavy for it.
jhoechtl 16 hours ago 1 reply      
This certainly makes a great dev environment for golang as for development golang has very reasonable requirements.
noja 15 hours ago 1 reply      
What does this achieve? How does this stop anyone compelling you to do your fancy setup?
alexnewman 8 hours ago 1 reply      
It would be perfect..... But no copy and paste in termux
digi_owl 11 hours ago 0 replies      
I can't help but wonder if _sec has jumped the shark...
VikingCoder 13 hours ago 0 replies      
I bought the exact same machine, Samsung Chromebook 3, as soon as I realized I could run Termux on it.

I'm using it to poke at languages I'd normally never have the time to experiment with.

I'm on the train for about an hour every day, and I wouldn't feel comfortable with a "real" laptop - too likely to be stolen. But for $169? Not such a big loss.

I'm also really excited about how rock-solid this thing is, as a way to hand a kid a computer that can really teach them programming.

homakov 13 hours ago 0 replies      
Usable? Scanning codes and plastic sticks? Not really
korzun 12 hours ago 1 reply      
I have been using the YubiKey for over a year now, and the novelty wore off.

I lost my key a couple of weeks ago and was surprised how easy it was to get back into my accounts with just my phone. There is no point in using something like that if providers allow you to failover to more conventional authentication methods without any hassle; the keys are useless. They are not going to add manual verification for a couple of people who lost their YubiKey.

YubiKey is useful for instances when you want to grant somebody access to something with just a key. I don't see it going beyond that anytime soon.

m-j-fox 14 hours ago 1 reply      
Cool. Question: what are your editor options? Any gui-based emacs or atom? If not, do you at-least have text-based emacs in termux?
tostitos1979 16 hours ago 2 replies      
I'm a bit confused (did skim article only). Is this running ChromeOS or Linux? Can I get steam games like stardew valley to run on it?
kaputsmack 14 hours ago 0 replies      
As long as you don't mind Google spying on everything you do.
Sci-Hubs cache of pirated papers is so big, subscription journals are doomed sciencemag.org
400 points by happy-go-lucky  7 hours ago   172 comments top 25
TeMPOraL 6 hours ago 14 replies      
I'm very happy to see SciHub going strong - for all the obvious reasons. Now let's just hope they back up to IPFS (if they do, I'll happily pin some of it).

I want to go off a tangent here, though. Now that open access (whether arXiv or SciHub style) is becoming the norm, I wonder what can be done to improve the format of scientific papers? Like e.g. making them more like this:


instead of regular PDFs?

welder 7 hours ago 1 reply      
Good riddance, limiting access to scientific articles is a detriment to the advancement of humanity.
CorvusCrypto 1 hour ago 2 replies      
How does this doom subscription journals? I mean it would be nice but realistically it just means they move to exploit the university subscriptions since the professors can't admit use of illegally obtained copies. They can further exploit the authors since many journals require payment from the author for submission and some journals charge in the hundreds. One might say "just publish to a different journal" but it's not that easy. Because of the heavy reliance on Impact Factor in scientific publishing, it is the journals with those high impact factors that the authors will try to publish to. Regardless of whether or not they are being pirated.

This is sad to say, but in reality I think this isn't going to massively impact things for the publishers. Academia at its core is where the problem lies. Sure paid subscriptions are a big part of things, but it's the stuff most don't realize (the authorship fees and institution sub fees) that give the publishers power.

fsloth 7 hours ago 2 replies      
Basically, the publishers asked for this. Denying open access to old papers from humanitys point of view is wastefull. The planet is full of hungry minds. Who knows where the next Ramanujan comes from and which discipline he or she chooses but given the non existent transaction cost of reading an old paper it would be beyond silly if they could not do it for free.
headcanon 7 hours ago 5 replies      
The change won't be immediate though. I don't think universities, which are journals' bread and butter, are going to stop their subscriptions anytime soon. Stopping a journal subscription because everyone is using sci-hub anyway (even if they researchers really are on an individual basis) might open the door for copyright suits against the universities, which would undoubtably be more expensive than just keeping the subs going, especially since its just a line item in an accountant's book. I'm sure it will happen eventually, but journals might have enough time for some to pivot to some more nuanced business model before they go bust.
dekhn 6 hours ago 3 replies      
The origin of the web was to disseminate scientific knowledge. The guardians of that knowledge- the journal publishers- have absolutely failed to make a viable business model out of this, while many companies who adopted the web made billions.

While I do not use Sci-Hub, I think that users who use it are doing so morally and ethically (in the sense of conscientious objection). i hope they are also willing to pay penalties if they are found to be violating copyright (this is generally considered a requirement for intential protest).

philipkglass 6 hours ago 2 replies      
I had quite a bit of exposure to pirate journal archives before sci-hub arrived. A couple of easy improvements that I saw with past pirate libraries, that it'd be nice to have on sci-hub:

- Strip download watermarks ("Downloaded by Wisconsin State University xxx.xxx.xxx.xxx on January 12, 2017 13:45:12"). Many times, journals published by the same publisher do the watermarking similarly so you need write just one pdftk (or other PDF manipulation software) script for every journal under their banner. At worst, it's a one-script-per journal effort.

- PDF optimization. A lot of publishers produce un-optimized PDFs that could be 25% (or more) smaller with a completely lossless space optimization pass. This should save storage/network costs for access to individual papers and, more importantly, reduce the burden for bulk mirrors.

(I'd contribute the scripted passes myself if I had contacts within sci-hub.)

drewda 4 hours ago 0 replies      
I'm all for Sci-Hub disrupting the dominance of RELX Group (a.k.a. Elsevier) and other for-profit publishers that make such a big profit off the backs of researchers (who write and edit for free) and grant-making organizations (who fund those researchers).

But it's unfortunate that Sci-Hub is also disrupting non-profit scholarly associations that cover their own budgets through journal subscriptions. In these cases, the fact that libraries and readers have to pay for access to an article is somewhat balanced out by the fact that those fees are going to pay for staff, conferences, and the other worthwhile activities of the non-profit associations.

koolba 7 hours ago 3 replies      
So is Sci-Hub like Oink[1] for scientific papers?

EDIT: For those not familiar, Oink was a torrenting site but what distinguished it from the tons of other sites was how highly curated it was. High quality audio, proper grouping and genres, and best of all you could request anything that was missing and the community would magically add it.

[1]: https://en.wikipedia.org/wiki/Oink%27s_Pink_Palace

darawk 4 hours ago 0 replies      
The death of for-profit scientific journal companies will be a beautiful thing for the world. It's really rare to see something that is so purely valueless. This industry is sort of unicornlike - they've managed to extract rents in an area where they add literally zero value. It's truly an amazing thing, and it will be even more amazing to watch it die.
sixdimensional 6 hours ago 2 replies      
So, fundamental question here - if scientific articles (or anything that can be copy protected, etc.) can be released online in this manner to "free the knowledge", and yet, given such free access, there are still people that will pay for a subscription to access the same scientific articles, wouldn't that be the best solution?

I see people commenting that just because of this release, universities won't cancel their subscriptions to the journals. Well, that would be great - let them keep paying, while the content also gets out for free.

This is like the trend where you can pay what you want for stuff, or nothing. I wonder if that model would apply to scientific research - pay what you want for the paper, or nothing - but if you want to support that research.. hopefully people would still pay.

Just thinking out loud... probably already been thought of or wouldn't work (or I'm just self-defeatist). :)

sillysaurus3 7 hours ago 4 replies      
I was surprised that it's still considered rude to link to sci-hub: https://news.ycombinator.com/item?id=14714577#14715252

Anyone know if this is a typical sentiment? I'm just curious if it's true that many researchers are offended by this movement, and what the reasons are.

I firmly believe that there are always two sides to any topic, so we should explore the flipside. What are some arguments against blatantly opening up access to paywalled articles?

return0 7 hours ago 0 replies      
The Noah's Pirate Ark that will save all of humanity's knowledge from unreliable publishers.
biomcgary 6 hours ago 0 replies      
I've met the author of the study, Daniel Himmelstein, who is quite passionate about making information free. Projects in his github account (https://github.com/dhimmel) tend to use a CC0 license. Some of his work involves aggregation of data (e.g., https://github.com/dhimmel/hetionet) that is encumbered and he has put a lot of effort into making it as free as possible. His project carefully documents the license for each data point and he took the time to ask copyright holders that do not provide an explicit license to do so.
philipkglass 7 hours ago 1 reply      
I don't think that sci-hub is going to kill off institutional journal subscriptions in the developed world. It's similar to how developed-country universities didn't stop buying licensed software and start passing around cracked versions to their faculty and students. Journal revenue isn't going to plummet like CD sales after Napster, because it's not individuals doing most of the purchasing in the first place.

Individuals and institutions in poor countries may well turn to sci-hub. I certainly have. But I would venture that not much of the journals' revenue came from individuals or poor institutions in the first place. I didn't pay to read paywalled papers before sci-hub either; I got them via authors' sites or personal contacts, or just didn't get to read them at all.

bogomipz 5 hours ago 1 reply      
Can someone who's familiar with this research paper subscription model that is threatened a la Elsevier explain to me how we got here?

I am curious if at one time did Universities publish these independently and were they more accessible to the public? When did this practice of restricting access to papers via subscriptions begin?

kazinator 4 hours ago 0 replies      
They should expand into engineering: I don't see any IEEE or ISO standards in there, for instance.
andrepd 3 hours ago 0 replies      
Thanks! That reminds me I should donate to Sci-Hub!
turc1656 3 hours ago 0 replies      
Looks like Aaron Swartz's vision for the free, collective ownership of mankind's scientific knowledge is well on its way. I wish he were still alive to see Sci-Hub in action.
sonium 6 hours ago 1 reply      
This will be a catalyst for open-access
vbuwivbiu 6 hours ago 0 replies      
and it's better than all of their websites!
joelthelion 7 hours ago 0 replies      
If only. I'm convinced they will find a way to shut her down.
revelation 6 hours ago 1 reply      
Does Sci-Hub actually have all the papers or are they just retrieving them on-demand?

Publishers are tracking mass downloads (see the Aaron Swartz case) so given some of the very obscure papers I've retrieved from Sci-Hub I assume it's unlikely they downloaded them beforehand. My go-to assumption for how it works is that a bunch of people have donated access to their university network access and Sci-Hub is just a load-balancing / cache layer.

agumonkey 5 hours ago 0 replies      
Anybody mirrored (or attempted to do so) libgen ?
mcappleton 5 hours ago 0 replies      
It's not just the publishing industry that is the problem. It is merely a symptom of the greater malaise in higher education as a whole.

The focus is on degrees, not on true learning. So much of what occurs is in universities is total waste. But people put up with it to get the paper. As long as people keep blindly giving absurd sums of money to get the paper, these expensive publications will last. The answer is for people to wake up and value learning over a diploma. When that happens, then finally issues like this will go away. Heck, as a bunch of people have pointed out, many of these papers aren't even for real learning. They are worded in such a way as to make them sound smart to their peers, but unintelligible to the public.

Learn Ethereum smart contract programming ethereumdev.io
402 points by ym705  3 days ago   233 comments top 19
kbody 3 days ago 10 replies      
The sad reality of Ethereum:1. Bitcoin is slow and expensive, Ethereum is the future2. Ethereum software has security hole, gets hacked3. Ethereum fans say it's an experiment there are lots of things that will transform Ethereum (Casper/PoS, Raiden, zkSNARKs, Enterprise Alliance)4. Low price getting pumped by Ethereum Foundation & big-holder affiliates5. Back to #1

We've seen it happen again (DAO) and again (Parity) and it will keep happening, because it's broken by design. 90s cypherpunks that pioneered this ideas had considered Turing complete design and discarded it for cryptographic state-machines that allow for formal verification.

I appreciate the experimentation, but the takeover-the-world echo-chambers of ethereum that don't focus at all on the real tech behind it and ignore everything negative is pretty disappointing. Especially because we keep getting new people buying this and becoming the greater fools.

When talking about engineering on such a critical subject, people should be way more responsible. If Bitcoin had the same attitude regarding security like Ethereum does, we wouldn't be here and cryptocurrencies would be a joke.

Lazy engineering comes at great cost as time goes by and the illusion of security is unveiled.

staticelf 3 days ago 8 replies      
The problem I see with Ethereum is that it is way too complex. I have read perhaps at least 10 times on their home page without even understanding what it does, what problems it solves etc.

This is the sole reason why I don't think it will be successful in it's current state. With most successful tech or services or whatever the core idea is often super simple to grasp and you can instantly see the benefit. I don't see this with Ethereum.

Even with bitcoin which is complex the benefits are instantaneous for the common man. Decentralized system, no single entity controls it. It is a fixed amount of bitcoins so like a mineral it's value is probably going to be stable in the long run and also each bitcoin will increase in value when more people get interested. It's easy to send coins to anyone in the world, at any time.

What does Ethereum do? Smart contracts is probably the key word but I don't understand how it works or how it will benefit me. Why bother?

hackermailman 3 days ago 2 replies      
If you are considering writing a smart contract, you should read this first https://github.com/ConsenSys/smart-contract-best-practices for Solidity security pitfalls, and hopefully have some idea of invariants/contracts to verify expected properties of your smart contract https://www.cs.cmu.edu/~rjsimmon/15122-s16/lec/01-contracts.... and additionally hope the EVM doesn't have unexpected behavior.

Anybody know if the legality of exploiting leaky smart contracts has been tested? Since a lawyer can exploit a badly written contract I wonder if somebody who finds a flaw in a smart contract can legally just jack all the coins or alternatively, write purposely obfuscated contracts (underhanded Solidity contest) to run a scam.

hexhex 3 days ago 3 replies      
I didn't have high expectations for Solidity considering the recent vulnerabilities, but even these were disappointed. If some guy writes this kind of code at home, alright, but this as the alleged foundation for our future financial system? Frightening.

Just one example: "Our function EndLottery() must be only accessible by the owner of the lottery." [0]

function EndLottery() public { if (msg.sender == owner) { ... }}

What about code guards? Not to speak of decent typing, etc. etc.

[0] https://ethereumdev.io/managing-multiple-users-a-simple-lott...

g00n 3 days ago 3 replies      
Maybe it's because I don't have a use for it yet, or at least don't know if I have a use for it. But, the whole Ethereum universe seems vague and seems like they could explain it more than they do. "Install Ethereum wallet, write a contract, ..., Profit!" ?? Is there a better source that might explain what it is, how it works (a glancing explanation not a full network inner workings)??
kristianc 3 days ago 2 replies      
Does this not seem like the kind of area where you don't want people writing hacky, proof of concept code?

The idea of people coding up weekend projects on Ethereum, putting them behind flashy websites and encouraging large scale adoption terrifies me, to be honest.

omarforgotpwd 3 days ago 5 replies      
Programmable smart contracts are a great idea in a world where programmers write bug free code. That world does not exist yet. Until we have near-perfect code writing AIs every new smart contract is just a disaster waiting to happen.
throw2016 3 days ago 2 replies      
The problem with crypto coins is some have bought in and thus are vested making balanced discussion impossible. We see even with something as trivial as choice of programming language some can become very religious in their support. When money becomes involved expecting rational discussion is perhaps naive.

Money is a social construct that needs societal consent and a framework to manage it that is accountable to the societies rules and regulations. So a random person can't just create money or value out of thin air. There is no value being created here.

They can make a private coin, and convince others to use it between themselves, there were and still exist many such private arrangements in traditional economies, but the value only exists for those who choose to trust this system, and can never hope to replace the main economic currency.

Bitcoin and other coins exists in this space of a private coin based on mutual trust and of no real value to the main economy. Holders of such coins would of course love for it to become a real currency and continue making outlandishly self serving arguments about the economy so they can gain something out of nothing. But that begins to resemble a pyramid scheme powered exclusively by greed and self interest to the exclusion of that society's interests.

dullgiulio 3 days ago 2 replies      
I know this might sound like a joke, but it is not: how about documenting how to actually test and debug smart contracts? Is there even a way to do so? How about fuzzying?
JustNothing 3 days ago 1 reply      
Am I misreading the code? Isn't the EndLottery function completely broken? It looks like it finds the first user who bet less than the winning number. So, in order to win you should play ASAP and bet epsilon > 0, right?.
anilshanbhag 3 days ago 1 reply      
Here is a cool application - https://predictiontoken.github.io/#TRMP. It lets people bet on outcomes and bets be settled in a decentralized manner. There is a video in the link if you want to understand how it is accomplished.
Keeeeeeeks 3 days ago 0 replies      
I think we need an Etudes for Ethereum contract development and best practices; there are like 4 different "make a smart contract that juggles millions of assets on the shutter" tokens and sites, but few that focus on security and how to vigorously remind people that mistakes are worth millions of dollars
pknerd 3 days ago 4 replies      
Is there any other crypto platform allow to write dApps for blockchain?
k__ 3 days ago 1 reply      
They talk about storing money in the contract.

Does this mean I will be "charged" right in the moment I "store" money in the contract?

Or does it mean I'll be charged when the contract gets "destroyed" and the money "in the contract" is sent to some address?

I'm asking because both sides have problems.

If I don't get charged when storing money in the cotract, I could spend it elsewhere until the contract resolves.

If I get charged when storing money, someone could write contracts that never resolve to purge money.

andreasgonewild 3 days ago 0 replies      
Please, enough with the JavaScript already; there are thousands of saner means of expression already existing or waiting to be discovered. Writing flawless, verifiable contracts is the worst use-case ever for that stinking pile of a language. I wonder how many missing bazillions it's going to take for the world to wake up and move on.
rmetzler 3 days ago 3 replies      
I took a glance at the lottery example [1] and I wonder: isn't the owner of the lottery able to change the outcome so the winningNumber is always in his favor?

[1]: https://ethereumdev.io/managing-multiple-users-a-simple-lott...

EternalData 3 days ago 0 replies      
There needs to be a separation of the underlying technological fundamentals of ETH and its economic reality -- which is, like anything else, likely to go through bubble phases.
theptip 3 days ago 0 replies      
Pretty much sums up the state of Ethereum/Solidity development right now;

Step 1, install wallet. Step 2, deploy contract.Step 3, learn about Solidity....Testing? Nah.

rdiddly 3 days ago 1 reply      
Thread warning: I'm actively downvoting any argument that tries to address (read: not address) a cryptocurrency's flaws by changing the subject.Example:

Person A: Cryptocurrency X is insecure isn't it.

Person B: So is { the dollar | driving | flying | the internet | * }.

Microsoft Paint to be killed off after 32 years theguardian.com
398 points by barking  3 days ago   381 comments top 63
mwexler 3 days ago 14 replies      
All the comments that "you can just use X to do Y" is missing the point that Paint just works, for almost every value of Y. No argument, Paint.net is great, snipping tool solves the grab and crop, but for most anything else you need to do in a hurry, you need a quick paint program. It's like removing Notepad: we all know hundreds of editors we would replace it with, from Notepad++ to vim/emacs... but isn't nice that when you aren't on your box, you know the core set of tools that are always there? (In other news, Fedora announces dropping grep, lc, and ls from the distro, in favor of python: "most users are devs, let them write their own tools" they stated in a press release).

Paint3D takes longer to load, and has made the simple... much less simple. While we can all say "Yes, that's the way of tech", it's just not necessary.

And yes, I still miss my 1/8" jack on my iphone. Every single day. And stay off my lawn, you whippersnappers.

AdmiralAsshat 3 days ago 14 replies      
Pity that they don't open source it. I've gone through multiple image editors on Linux, and none of them have the simplicity of Paint. The layout and functionality is incredibly intuitive. You drop someone into Paint, and even if they've never seen it before, they can start doing stuff within a minute or so. You drop the same person into GIMP, and five minutes later they're still trying to figure out how the hell to select a paintbrush.

I understand that every image editor is trying to compete with Photoshop, but sometimes I don't need Photoshop. I just need to paste my clipboard so that I can crop, circle something, or annotate with some text and a crudely drawn arrow. There really is nothing else comparable that can do that as quickly or as easily as Paint.

4ndr3vv 3 days ago 4 replies      
MS hasn't said they're going to remove it:

[Deprecated Apps] ...are not in active development and might be removed in future releases [1]

Its clearly not being actively developed, but there's no indication its going anywhere just yet.

[1] https://support.microsoft.com/en-us/help/4034825/features-th...

shawnbaden 3 days ago 1 reply      
Im surprised no one has mentioned Hal Lasko (The Pixel Painter). Hal started using Microsoft Paint when he got a computer on his 85th birthday until his death at 99 in 2014. He made some great looking art bit by bit.

https://vimeo.com/70748579 - The Pixel Painter


cabaalis 3 days ago 17 replies      
This is silliness. I Win+R, mspaint at least 10 times a day. I paste in screenshots and quickly cut out just a portion of them. Or leave the screenshot there for later review. Why don't they just remove the file browser? Or how about mouse support?
halcy0n 3 days ago 1 reply      
There is a whole subculture of artists who use MS paint as a means to make a specific form of art. Also this actually saddens me that sure there could be other low budget tools but without one baked into the OS think about the kid bored in school who can no longer stumble into mspaint and start doodling in class.
srikz 3 days ago 2 replies      
Off topic, but what caught my eye in the article was this:

> Now Microsoft has announced that, alongside Outlook Express, Reader app and Reading list, Microsoft Paint

For those who don't know Reader was introduced in Windows 8 as a PDF reader with annotation support (worked with Stylus in just black colour).

I always hoped it would get more features and could become comparable to Preview on Mac. But sadly it was never updated for Windows 10. I still use it as I don't like using Edge for PDFs and Ebooks. Nothing wrong with it, but I hoard a lot of tabs and every time I open a PDF several tabs will open up. Would really like my browser and ebook / PDF viewer to be separate apps.


also RIP Paint. Gave me great joy as a kid and the constraints challenged me in fun ways to create 'interesting' art

Jeema101 3 days ago 1 reply      
Paint has always been a handy tool for me for making annotated screenshots as well as lightweight image manipulation. I use it on a fairly regular basis at work.

I forsee the result of this being lots of people Googling 'download ms paint' in the future and ending up with malware on their system. Seems kind of shortsighted if you ask me.

NicoJuicy 3 days ago 2 replies      
Weird, in the comments i almost don't see paint dot net ( https://www.getpaint.net/ ) get mentioned? Awesome free tool, between paint and photoshop. Support for layers, ...
symlinkk 3 days ago 0 replies      
I wanted to hate on this decision but honestly Paint 3D is a much better version of MS Paint.

For instance in MS Paint if you write some text in a textbox and then de-select the textbox it's extremely hard to select it again so that you can edit the text. And if you make a square selection and then use the edges of the square to expand your selection, you'll actually stretch the image under it, which I found unintuitive and odd.

I think the biggest mistake here was creating a new application called Paint 3D and discontinuing the original one. That's bound to create bad PR. Instead they should have "updated" the original Paint to become Paint 3D, just like they "updated" calc.exe.

eksemplar 3 days ago 2 replies      
It's probably the Microsoft product I use the most outside of windows, visual studio and outlook. If it could save pictures without a background I probably wouldn't need any other image editor.

I probably use it around 10 times a week professionally, much more than I use Word (I do most of my writing and notetaking in standard text editors and only use Word when it's time to style it or save to PDF).

So this is terrible news to me.

melling 3 days ago 1 reply      
Is Kitra the best alternative?


This is an opportunity for open source options to get a lot more users.

xg15 3 days ago 0 replies      
So their big shift of making Windows an OS more focused on creation than consumption starts by... nixing Paint.

Why? It's a dickish enough move on it's own, but I can't understand the reason behind it. This will surely generate a huge PR backlash wgen actually implemented, with even more people trying to block the update... for what exactly? The article doesn't even talk about a planned replacement.

What is their plan?

Jaruzel 3 days ago 0 replies      
Paint XP for Windows 10 seems to be a good go-to alternative:


Although, it's a shame that it's an installer, and not just a zip-file.

rosseloh 3 days ago 0 replies      
Time to go find the executable and save it somewhere.

I use mspaint for one thing, but it does that one thing beautifully. When I'm designing large complicated structures to eventually build in Minecraft, there's nothing quite like zooming all the way in to a blank canvas, turning on the grid, and drawing the floorplan pixel by pixel.

mspaint does this so well because of its simplicity. 20 basic colors, single-pixel drawing (with the ability to do lines and boxes if necessary), and not much else. It's fast, it's simple, and since it's just an image file, it's no problem to transfer the design to another computer (where you can open it right up again in mspaint and have all the same tools).

I've played around with the "new" paint, Paint 3D, and as far as I've seen, there isn't even the ability to put down a 1x1 grid. Basically, they removed a bunch of the "paint" features in order to add the "3D" features.

stordoff 3 days ago 1 reply      
What alternatives does Windows have built-in? I use mspaint a fair amount to black out sensitive areas of screenshots or for cropping images to a specific size (scale then shave x pixels off the sides to get a specific aspect ratio), but not often enough that I feel like setting up an alternative on all my machines.
jcadam 3 days ago 0 replies      
If it weren't for MS Paint, I would have absolutely no image manipulation tools available to me at work :)
bonoboTP 3 days ago 2 replies      
I never used the new MS Paint after the ribbon-redesign for Windows 7. The XP version was so intuitive, precise and clean. Actually it's possible to use the XP version in newer Windows editions, but it involves some tinkering.
danijelb 3 days ago 1 reply      
Interesting to notice, syskey.exe is also going to be removed. Wonder how it will affect fake tech support scammers.
BatFastard 3 days ago 3 replies      
Question is why does MS after 32 years still include incredible WEAK tools like Paint and Notepad?

They should spent a little and buy up some of the great tools out there and include them in windows.

frou_dh 3 days ago 0 replies      
For me, the program lost its charm when they introduced the antialiased shapes, soft brushes etc (Win7?). The MSPaint aesthetic was all about rough and ready aliased drawing.
mhh__ 3 days ago 2 replies      
Why kill it though?

If they were going to replace it with something good enough to challenge Adobe (pls do, they need some competition) then sure. Paint can't need that many maintainers?

vtlynch 3 days ago 2 replies      
Paint is one executable file, no? Getting rid of this does literally nothing to combat bloat and seems like a pointless move that will irritate users.
kin 3 days ago 0 replies      
Paint is the one program I miss the most from Windows other than the Windows file explorer and window management. Paint clones don't seem to cut it. Preview doesn't cut it for me either. Everything else seems to offer a subset of Paint in a more complicated manner. I don't quite know how to explain it.

Is it possible to DL an executable of Paint and run it in Wine?

peterburkimsher 3 days ago 2 replies      
Paint is still my preferred way to save screenshots. Press the Print Screen button, paste into Paint, draw a red line, save.
maxxxxx 3 days ago 0 replies      
I always find it fascinating that they can redesign the whole OS with almost every release but thinks like cmd, notepad, Wordpad or paint stay unchanged for decades (?) despite having huge feature gaps. They surely should be able to find one or two devs that can put some ongoing effort into these.
EdSharkey 3 days ago 0 replies      
I'm surprised Microsoft CAN kill off Paint, given how much they cater to big corporate interests and keeping things backwards compatible.

For example, I've heard stories that Notepad can never be upgraded nor removed from Windows because there are big corporate users that have binary monkey-patched Notepad in order to achieve some business goals. They literally have to keep Notepad unchanged from Windows 3.x days or else some big corporate entity won't upgrade Windows when the upgrade comes out.

I think that's one reason that Windows desktop and its apps are such a hodge-podge representation of Windows UX over the years.

I can't believe Paint isn't absolutely mission critical to some big company somewhere, maybe its design wasn't conducive to monkey-patching.

av3csr 3 days ago 3 replies      
There goes my screenshot editing software
b0rsuk 3 days ago 0 replies      
There's an implicit fallacy that MS Paint did a lot of good and the world would be a sad place without it. No, something else would fill that niche. The same nostalgia argument has been used for MS Windows, Internet Explorer, etc.
makecheck 3 days ago 0 replies      
As a 3rd-party developer I could almost understand retiring apps (too many dependencies on deprecated stuff, ancient code base is too hard to maintain, etc.).

Yet built-in apps are much more special. For one, many people consider built-in apps to be "the OS" as much as the OS itself. And two, if there is any development team that can continue supporting an ancient code base, it's the OS vendor: if they really have to, they can do things other companies can't (like privately continue to ship functions that are now publicly unavailable). It should always be more in their interest to evolve rather than redo.

donretag 3 days ago 1 reply      
I remember when I first started using OSX (forgetting OS9 and prior for now) and being shocked that there is no built-in paint program. There still is not one. Paint works amazing well for very quick edits, which is all I really ever need to do.
agentgt 3 days ago 1 reply      
Every time GIMP crashes on my Mac (been meaning to figure out why but for some reason its when I copy and paste) I think of Microsoft Paint and I would love it if Apple had an analog.

Its sad because other than MS Excel, MS Paint is one of the few MS apps I know how to use. I am so bad with word and powerpoint. Even my knowledge of Excel is pretty bad. I have been known to even load up simple datasets in Postgres,Pandas, or even R because of my sheer incompetence and inability to navigate menus.

Minesweeper is also pretty cool and underrated albeit boring after a few... errr 100s of plays.

krylon 3 days ago 0 replies      
I have not used MS Paint in many, many years, but I have some fond memories of playing with it on my first PC.

I can understand, though, how this upsets people that have made it part of their workflow. For simple tasks, Paint is nice because it starts really fast compared to e.g. GIMP. And it's on every ____ing Windows machine, you can rely on that. Same as notepad or calc. These programs, after all, are there for a reason.

(I am not on Windows 10, my work laptop runs Windows 7, and at home I don't use Windows, so this does not affect me directly.)

eco 3 days ago 0 replies      
I'm amazed just how few people in the comments here actually read past the clickbait headline. Paint is deprecated. It isn't being removed for the time being. Beyond adding a ribbon menu and some brushes Paint hasn't received meaningful updates since XP so it should really come as no surprise that it would be deprecated.

If Microsoft's history is any indication Paint will be around for another decade, and continue to work if you just download it from some MS Paint nostalgia fansite for decades later.

bane 3 days ago 0 replies      
OS X/MacOS doesn't have a "paint" analogue. So users have to run around and install a bunch of things or buy things to replace it. It's a PIA on new systems, and I still am not quite sure what a good new user replacement is.

Years ago when I first learned GUI programming, a simple paint application was the 2nd or 3rd example given.

I hope they replace it with something, I consider such a tool an essential part of any modern GUI OS.

xyzzy4 3 days ago 0 replies      
I wonder if they check the usage statistics before getting rid of it? Because surely there are millions of people using it every day. Don't they care about the users?
keithpeter 3 days ago 0 replies      
Does anyone else here remember the little booklet that came with Windows 95 where they showed you how to produce little projects with Notepad, Wordpad and Paint?

The idea being that even with the bare OS, you had a few tools to work with and some tutorials that exposed features of the OS in a systematic way.

Anecdote: I'm still to this day showing colleagues at work the wonder of the Windows button and the power of Ctrl-Z, Ctrl-Y and within a document window Ctrl-F.

LyalinDotCom 3 days ago 0 replies      
Nick Craver had the most funny tweet on this subject today:

"Theyre killing MS Paint in the Windows 10 Fall Update. Were trying to migrate our design team to alternatives now."

ROFL... had to read that one twice.


StreamBright 3 days ago 0 replies      
Literally the most used desktop MS application for me.
RyanRies 3 days ago 0 replies      
Deprecation is not the same thing as removal.They're not removing Paint. They are just not developing it any more. They may still leave it in the OS for years to come; maybe even indefinitely. There are a lot of deprecated programs that still ship with Windows.
kelvin0 3 days ago 0 replies      
I'm waiting for Geos Paint to make a comeback:


davidiach 3 days ago 0 replies      
I still use Paint for things like shrinking the size of an image or editing screenshots. Sad to see it go.
Yahivin 3 days ago 0 replies      
I may as well shamelessly self promote an alternative: https://danielx.net/pixel-editor/

It's simple, fast to start up, and you can drop images in from your desktop.

jstewartmobile 3 days ago 0 replies      
First they came for the desktop gadgets, and I did not speak outBecause I did not use desktop gadgets.

Then they came for Purble Place, and I did not speak out Because I did not play Purble Place.

Then they came for my MS Paint and there was no one left to speak for me...

borski 3 days ago 0 replies      
drngdds 3 days ago 0 replies      
They say it might be "removed in future releases." But isn't Windows 10 supposed to be the "last" version of Windows, just perpetually updated? It would be really strange if a system update removed Paint.
skc 3 days ago 0 replies      
Just use paint.net
subbu 3 days ago 0 replies      
The best use of MS Paint I have seen is by Sal Khan for his initial versions of Khan Academy videos. He used pretty much all features of MS Paint effectively.
racl101 3 days ago 0 replies      
What's a few kilobytes. Just keep the program. Worry about the important stuff. Like everything else wrong with Windows 10. This is the least of it.
booleandilemma 3 days ago 1 reply      
Does this mean I'm going to have to wait 10+ seconds for GIMP to open up if I want to work with a screenshot?
epx 3 days ago 0 replies      
They could improve it to make it Preview.app-like. I use Preview in Mac a lot, it is great.
verri 3 days ago 0 replies      
Does this mean that half of the bitmap OLE objects will break in a few months to come?
squidbot 3 days ago 0 replies      
"Goodbye Old Paint"
pdm55 3 days ago 0 replies      
I use Paint as my scanner connection. So simple, it just works.
faragon 3 days ago 0 replies      
Please, Microsoft, don't remove the Paint program.
notadoc 3 days ago 0 replies      

People use Paint surprisingly often, surely they know this.

excalibur 3 days ago 3 replies      
Let's get rid of the handful of useful features left in Windows. Next time around we'll take care of that pesky calculator, and then we're coming for notepad.
Chronos 3 days ago 0 replies      
This is because Homestuck ended, isn't it?
jasonrhaas 3 days ago 0 replies      
wodenokoto 3 days ago 0 replies      
Not even 30 minutes ago, I saw a MS sponsored add for Paint on Facebook.

But then again, unlike this article, I don't consider a rewrite with new functionality as killing off an app, even if the rewrite has "3D" attached to the title.

Spooky23 3 days ago 1 reply      
Makes sense. Microsoft is missing out on recurring revenue. They purged the other image tool (the MS Office one that let you view TIFFs), and now they're killing paint.

I'm sure there will be a Windows 10 Creators Pack for Creation for Personal Users (not to be confused with a creators update) available on 4 different channels for $6.99/mo. The stable branch will not have the ability to open JPEGs or save to a format other than clip art, but a new revisions will be delivered daily.

Google and a nuclear fusion company have developed a new algorithm theguardian.com
358 points by jonbaer  1 day ago   112 comments top 19
abefetterman 1 day ago 3 replies      
This is actually a really exciting development to me. (Note, what is exciting is the "optometrist algorithm" from the paper [1] not necessarily googles involvement as pitched in the guardian). Typically a day of shots would need to be programmed out in advance, typically scanning over one dimension (out of hundreds) at a time. It would then take at least a week to analyze the results and create an updated research plan. The result is poor utilization of each experiment in optimizing performance. The 50% reduction in losses is a big deal for Tri Alpha.

I can see this being coupled with simulations as well to understand sources of systematic errors, create better simulations which can then be used as a stronger source of truth for "offline" (computation-only) experiments.

The biggest challenge of course becomes interpreting the results. So you got better performance, what parameters really made a difference and why? But that is at least a more tractable problem than "how do we make this better in the first place?"

[1] http://www.nature.com/articles/s41598-017-06645-7

briankelly 1 day ago 4 replies      
From the actual journal article:

> Two additional complications arise because plasma fusion apparatuses are experimental and one-of-a-kind. First, the goodness metric for plasma is not fully established and objective: some amount of human judgement is required to assess an experiment. Second, the boundaries of safe operation are not fully understood: it would be easy for a fully-automated optimisation algorithm to propose settings that would damage the apparatus and set back progress by weeks or months.

> To increase the speed of learning and optimisation of plasma, we developed the Optometrist Algorithm. Just as in a visit to an optometrist, the algorithm offers a pair of choices to a human, and asks which one is preferable. Given the choice, the algorithm proceeds to offer another choice. While an optometrist asks a patient to choose between lens prescriptions based on clarity, our algorithm asks a human expert to choose between plasma settings based on experimental outcomes. The Optometrist Algorithm attempts to optimise a hidden utility model that the human experts may not be able to express explicitly.

I haven't read the full article nor do I understand the problem space, but the novelty seems overstated based on this. Maybe they can eventually collect metadata to automate the human intuition.

Edit: here's their formal description of it: https://www.nature.com/articles/s41598-017-06645-7/figures/2

dwaltrip 1 day ago 4 replies      
There was a talk about the state of nuclear fusion by some MIT folks linked here on HN a few days ago. One of the biggest takeaways was that many fusion efforts are very far away (3 to 6+ orders of magnitude) on the most important metric, Q, which is energy_out / energy_in. Additionally, much press and public discussion completely fail to discuss this and other core factors that actually matter for making fusion viable.

I remember Tri-alpha being listed on one of the slides near the bottom left of the plot, 4 or 5 orders of magnitude away from break even, where Q = 1 (someone please correct me if I'm remembering incorrectly).

Is the 50% improvement described in the article meaningful, as that would only be a fraction of an order of magnitude?

I understand the broader concept of combining experts and specialized software on complex problems is a powerful idea -- I'm just wondering if this specific result actually changes the game for Tri-alpha.

EternalData 1 day ago 5 replies      
Google might try to become the conglomerate of all forward-facing things but it is somewhat funny to see how through it all, it's their advertising revenues that form the core of the business.
yousefvi 1 day ago 0 replies      
As a psychologist, this looks an awful lot like computerized adaptive testing methods, only instead of estimating some parameter vector about a person, you're estimating some parameter vector about plasma.

Even the title "optometrist algorithm" is telling, because that paradigm is a basic model for how a lot of testing is done, except that it's not the optometrist doing it, it's a computer.

DrNuke 1 day ago 0 replies      
Diversification of the business, me thinks... nuclear is so big (but slow) that a penny invested today may become a tenner tomorrow, just in case.
siscia 1 day ago 7 replies      
I do have a naive question.

Suppose a big breakthrough comes out of a private company, and such innovation is necessary to use nuclear fusion.

The company will be free to do whatever it pleases with the technology or it will somehow "force" to let other use, maybe behind the payment of some royalties.

janemanos 16 hours ago 0 replies      
Maybe I'll see commercial fusion within my lifetime... how nice is that!
ZenoArrow 1 day ago 0 replies      
Sounds like some promising results, hopefully this approach will continue to be useful.

Addressing the wider article, it always surprises me that the focus fusion approach is never mentioned in fusion articles put out by the mainstream media. I don't know what to attribute that to, but it's surprising that one of the most promising fusion approaches is constantly overlooked.

To give an idea how drastically overlooked focus fusion is, here's a graph showing R&D budgets for different fusion projects...


... and here's a graph showing energy efficiency of fusion devices (running on deuterium I believe)...


You'd think that the second most efficient device would've gotten more than $5 million in funding over 20 years (I think the original funding was from NASA back in 1994).

mtgx 1 day ago 1 reply      
I think their universal quantum computer (to be announced later this year) could accelerate fusion research even more, as I imagine it could more accurately simulate the atom reactions and experiments on it. Practical quantum computers may just be what we were missing to finally be able build working fusion reactors.

The millions of possible "solutions" and algorithms for working fusion reactors may be what has made fusion research so expensive and fusion reactors seem so far away. Quantum computers may be able to cut right through that hard problem, although we may have to wait a bit more until quantum computers are useful enough to make an impact on fusion research. I don't know if that's reaching 1,000 qubits or 1 million qubits.

rurban 16 hours ago 0 replies      
No, they have not. They developed a very useful new program.

But simple assisted hill climbing is not a new algorithm, you might call it "Wizard" though. This would attract the right audience.

j7ake 20 hours ago 1 reply      
how does this nuclear fusion company hope to make money ? Their product is decades in the future.
suzzer99 1 day ago 4 replies      
Am I the only one that never reads these articles but just goes straight to the comments? It seems like reporters always get the facts bungled and go for the simple story - out of necessity of course.
JohnJamesRambo 1 day ago 1 reply      
Google didn't enter the race. They helped a company with some calculations.
grnadav1 1 day ago 1 reply      
You jusk KNOW Elon Musk is gonna beat'em to it ;)
Necromant2005 20 hours ago 0 replies      
It's nothing. Even if Google is invented something we will never see a product customer can purchase.
MrQuincle 1 day ago 4 replies      
There are two directions within the energy world that I don't completely get. One of them is hydrogen storage, the other nuclear fusion.

From what I always understood is that the high-energy neutrons produced by the fusion reaction irradiate the surrounding structure and that there is still considerable nuclear waste (although lifetimes are better than with nuclear fission). Do the scientists not care or is this outdated info?

hailmike 1 day ago 0 replies      
I want to start placing "Google and " before stating my accomplishments.

"Google and a nuclear fusion company have developed a new algorithm"

sounds way better than:

"Nuclear fusion company has developed a new algorithm using Google"

They may not mean the same, but in today's world faking it until you make it might pay off.

quickben 1 day ago 3 replies      
Outside of the title being misleading, I'm sceptical. It's one thing to have the hardware for research, and completely other to have the expertise for the research.

Google entered the self driving cars research, and we have yet to see them driven around.

This heavily reminds me of Intel and their diversification, up until recently, they were in IoT, makers market and what not. One solid push from AMD and they jumped out of everything way too fast to track.

Google seems the same with the nuclear fusion. They have the advertising money to throw around, but that just it, they are in different segment, and from investing side I'm more inclined to stay away from their stock then buy it.

Remotely Compromising Android and iOS via a bug in Broadcom's WI-FI Chipsets exodusintel.com
351 points by pedro84  1 day ago   148 comments top 13
thomastjeffery 1 day ago 6 replies      
Why does Broadcom insist on proprietary drivers?

How could it possibly be detrimental for Broadcom to have free software drivers?

This article is a poignant example that it is detrimental for them to continue to keep their drivers proprietary.

swerner 14 hours ago 1 reply      
Fortunately, this is being addressed in software updates.Unfortunately, people who own older devices are left with the vulnerability forever. The iPhone 4S alone sold ~60 million units (according to Wikipedia) and did not (and most likely will not) receive any updates.
Animats 1 day ago 2 replies      
C's lack of array size info strikes again:

 memcpy(current_wmm_ie, ie->data, ie->len);
where "ie" points to data obtained from the net.

yifanlu 1 day ago 2 replies      
The article mentions

> Broadpwn is a fully remote attack against Broadcoms BCM43xx family of WiFi chipsets, which allows for code execution on the main application processor in both Android and iOS.

But it doesn't go into any details on this privilege escalation actually works for iOS and more specifically that it doesn't require additional exploits. Can anyone explain this in more detail? If this actually allows code execution on iOS application processor, that means we have a jailbreak right?

shock 1 day ago 6 replies      
This is kind of scary :(. How does one ensure that they aren't vulnerable to this bug?
nyolfen 1 day ago 0 replies      
i've been hearing people complain about the seriousness of this attack vector for years. i'd be surprised if there weren't intelligence agencies that have utilized it already.
samat 14 hours ago 1 reply      
Could please someone explain, 1) if firmware is stored on a Wifi chip or rather loaded during the boot process?

2) Do apple/google have binary image from Broadcom or rather source code?

It is quite interesting how this patch production/delivery process works.

IshKebab 14 hours ago 0 replies      
How long until someone unleashes this? There are going to be millions of vulnerable Android phones for at least a couple of years to come. Surely it will happen.
cpach 19 hours ago 0 replies      
If anyone wonders, this was patched in iOS 10.3.3 https://threatpost.com/apple-patches-broadpwn-bug-in-ios-10-...
rca 19 hours ago 0 replies      
http://boosterok.com/blog/broadpwn/ shows a simple check using hostapd to see if a device is vulnerable
mangix 1 day ago 1 reply      
I do wonder why most mobile chips are broadcom. There's decent competition from Qualcomm atheros and mediatek.
amazingman 1 day ago 1 reply      
I already updated my phone. Is the iOS update that patches this available over a cell network? If not, as is usually the case, isn't that Not Good?
anon4728 23 hours ago 0 replies      
Proprietary drivers, firmware blobs and ASICs are a national security threat. Without open code reviews, auditing and functional verification it's impossible to trust there are both a minimum of exploitable bugs and/or backdoors in a given software-hardware stack. This may require some sort of confidentiality rubric but there's no shortcut to getting around this vital need.
Amazon raised Prime Day prices, misleading consumers, says vendor foxbusiness.com
355 points by buckbova  3 days ago   279 comments top 36
SwellJoe 2 days ago 19 replies      
I've become more and more disillusioned by Amazon over the years. Prices are now almost never the best; I only buy from them when I need something quickly (and can't get it locally). NewEgg (nearly) always has better tech prices. Walmart often has better prices on everyday items and I can have it immediately. I just bought a pair of tweezers at my local grocery store for two bucks that was $6 on Amazon for the same make/model; sure, it's a terrible item to sell online because it's tiny and cheap and shipping it with prime shipping probably costs as much as the item itself, but I thought they'd solved that problem with "add on" items.

I mean, Amazon is still a very good customer experience, but when I'm buying something big I always comparison shop now. As recently as a couple years ago, I would just buy it. No thought to whether it might be cheaper elsewhere. The convenience of Prime, plus the reasonable confidence that the price would be competitive with everybody else, was enough to where I didn't bother comparison shopping.

Obviously, Amazon isn't hurting. But, I can't help but think that having more of their longtime customers starting to comparison shop is a bad thing.

sokoloff 2 days ago 3 replies      
There were real deals on Amazon hardware devices (Echo, Fire, etc). Most everything else was "meh".

camelcamelcamel.com is your friend to research how good of a deal it really is. (no affiliation, just a happy user)

jchw 2 days ago 1 reply      
Not only is this not new for traditional vendors, it's not even new for the internet. Scummy sellers on Steam do the same thing right before sales every single year. Oh well. At least some quite nice Anker stuff was actually on sale. You can never have enough USB chargers these days.

Just like in the case of Steam, I'm more apt to believe it's sellers that are doing this than Amazon. While both stand to benefit, sellers stand to benefit much more overall.

Although it's never going to be perfectly accurate, I recommend anyone who shops Amazon for expensive stuff use a price tracking service, like CamelCamelCamel, to see exactly how good a deal on Amazon really is. Again, not perfect, but at least you can then get some context for what the price is currently showing up as.

taurath 2 days ago 2 replies      
It's clear to any layperson willing to do research that they did so - I looked up several items on a few price history websites, and found that while they did have lower than normal prices, it was more like a 4% discount off the bottom instead of the 40% they claimed. The Yeti microphones seemed to be the absolute worst - they have never ever been $150, more like $90, and they were on sale for $85 or so.
cavisne 2 days ago 1 reply      
Wirecutter found an improvement over last year (0.54% of deals good value vs 0.008%).


Will have to wait for their full write up but there genuinely were a lot of quality items for the lowest price ever.

snarfy 2 days ago 2 replies      
"Order within the next 5 hours and receive free next day shipping".

Hmm. OK. click

"Please review your order. $8.99 for next day shipping or free two day shipping."

Uh, OK. 'Check two day shipping. Submit'

"Your order has been placed. Delivery date - 5 days from now"

Clubber 2 days ago 2 replies      
That's pretty standard for what I call the "scam economy" that is the US for the past 20 years. Watch any commercial.
partiallypro 2 days ago 2 replies      
My issue with Amazon lately isn't just the prices no longer being the lowest, it's that a big chunk of their products are counterfeits. I honestly have no idea how they haven't tamped down on that. If I shop at Wal-Mart, Target, Footlocker, etc, etc I know the products I buy aren't going to be fakes; no so with Amazon. I have started buying less stuff on there after a number of products have come back as fakes. I use Prime Video more than any other service now, but there's only maybe 2 shows I even care about on there.
illegal_in_ca 2 days ago 3 replies      
Er, is this not illegal in the USA? It is in Canada:

The Act prohibits false or misleading representations to the public as to the ordinary selling price of a product, in any form whatsoever. Ordinary selling price is validated in one of two ways: either a substantial volume of the product was sold at that price or higher, within a reasonable amount of time (volume test); or the product was offered for sale, in good faith, for a substantial period of time at that price or a higher price (time test).[0]

[0] http://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/02...

joshwa 2 days ago 1 reply      
When I worked at a very large bricks/ecommerce retailer, the FTC had their eye on us for decades, so we had very complex pricing rules to make sure that we established "regular price" for a certain number of days before an item could be put on sale, and could only stay on sale for a certain percentage of on-sale days, then once "marked down" or "clearance" could never have the price raised again.

I'm guessing the FTC will have their eye on Amazon pricing soon.

ballenf 2 days ago 1 reply      
If you look at revenue and profit analysis from Amazon, it's clear that they are still customer focused. It's just that advertisers are now a bigger customer than the "real" customers. Amazon makes more money off of sponsored listings than selling the item sponsored. Kinda crazy.
freshhawk 2 days ago 0 replies      
Back at an old startup when I had a lot of data from clothing retail websites, including historical prices and sale status, I ran some queries out of curiosity to look for this.

I'm pretty cynical but I was still shocked at the number of results. This seems to be a completely normal practice. Price and being on "SALE" seemed to be optimized or A/B tested almost separately. And the "regular price" field on sale items was garbage data that correlated with nothing.

j79 2 days ago 2 replies      
I saw a lot of comments saying "Prime Day" was really "Prime Marketing Day". Seems that was the case.
1024core 2 days ago 0 replies      
I use Google Shopping ( http://shopping.google.com/ ) to compare prices. We saved over $300 on a King-sized bed when we wanted to upsize our bed.
robryan 2 days ago 0 replies      
I suspect RRP/ MSRP have nearly always been useless. Comparison is the only way to get a true sense of what a regular market price is for something. Too often I will see something on a 50%+ off sale which might just be matching the market or actually 5-10% off where the rest of the market is at.

After all, why would a retailer ever discount more than 10-20% off what everyone else is charging, outside of a clearance?

SeanDav 2 days ago 0 replies      
For me, Amazon used to be synonymous with quality, convenience and peace of mind. That has now changed, it is now merely convenient and subject to increasing competition. This last year I cancelled my Amazon Prime and now using Amazon far less than I used to.

Amazon has dropped the ball.

kbenson 2 days ago 1 reply      
So, just like every other store, before the sale, they jack up the prices to make the markdown look more extreme.

What, have people never shopped in Sears/Macys/Mervyns or any other department store since the beginning of time?

Seriously, the only response I can come up with to this news is "Well... duh."

JumpCrisscross 2 days ago 1 reply      
Note that producers can't contractually force independent retailers to obey certain prices under antitrust rules. Hence MSRPs being merely "suggested".
em3rgent0rdr 2 days ago 1 reply      
Not really newsworthy. This is one of the oldest tricks in the book. "Everything is worth what its purchaser will pay for it." -Publilius Syrus (1st century BC)
didibus 2 days ago 0 replies      
For some reason, I can't take this seriously coming from fox news. They seem to be having an agenda with the current president, and Amazon has been getting hit as a collateral for feuds against the Washington post.

Either way, the article concludes with the vendor saying he think its just an issue with tweaking their algorithms, and not an actual tactic from Amazon.

Is there any other source that claim the same?

beluis3d 2 days ago 1 reply      
Udemy does this as well for all of their products.
post_break 2 days ago 0 replies      
Off topic but I just picked up those shoe deodorizers for $10 at the container store and they have actually knocked down the stench emanating from my hiking shoes.
isubkhankulov 2 days ago 1 reply      
Amazon created a second black friday. I'm impressed by Jeff Bezos!
awkwarddaturtle 2 days ago 0 replies      
A few years ago, the word on the street was that bezos agreed to boost prices to reward the longtime shareholders/hedge funds/etc. And as expected, the prices on amazon have noticeably increased and the shares are at all-time highs.

Amazon is large enough now that they have a "captive market".

nodesocket 2 days ago 1 reply      
I bought a Brother laser printer with toner for $80 shipped in two days. Happy Amazon consumer here. You'll have to rip Prime out of my cold dead hands.
freewizard 2 days ago 0 replies      
I feel the same based on price of items I watched. I'm curious any site like camelcamelcamel can help quantify this "scam" :)
vermontdevil 2 days ago 0 replies      
aka these Labor Day, Black Friday, and other annual sales by your nearest retailer. Same old.
zitterbewegung 2 days ago 0 replies      
There were good deals on shoes. I bought shoes for $36.20 (New Balance) that retail for $51.
losteverything 2 days ago 1 reply      
Article is worth reading. Imo the upping of price after demand increase is awful.

Also, i do not think those addicted to Amazon care about these types of things. They keep ordering and ordering. Convenience is the name of their game

adjkant 2 days ago 0 replies      
Keepa is a great extension for price tracking on Amazon directly embedded into the page.


camel_gopher 2 days ago 0 replies      
Amazon bumped the price of a $20 Britta water filter by $15 when I went to purchase it a second time. Odd how that can happen.
org3432 2 days ago 1 reply      
How do you fact check Fox?
wynemo 2 days ago 0 replies      
haha, this is similar to what JD do in China.
SCAQTony 2 days ago 2 replies      
FOX is fishing for how Amazon could be hurting consumers so as to get anti trust litigation going. It is not illegal to be a monopoly but if it is hurting consumers it is fair game.

My opinion Amazon is NOT hurting consumers but rather Trump and the Republicans want to hurt it. YMMV

jedberg 2 days ago 3 replies      
Maybe I'm in the minority here but I don't have a problem with this. If they raise the price based on demand, and I still deem it a good price, then who was harmed here? Sure I paid more than I needed to but I still paid less than I felt it was worth to me.
grennis 2 days ago 1 reply      
Go to a brick and mortar jewelry store, everything is 100% off.
Why Im Learning Perl 6 evanmiller.org
419 points by mpalme  1 day ago   350 comments top 34
StevePerkins 1 day ago 11 replies      
> Concurrency is hard and if you want M:N thread multiplexing (i.e. WEB SCALE CODE, where application threads arent pinned to pthreads) your options today are precisely Erlang, Go, .NET, and Perl 6.

Putting aside the "web scale" jokes (http://www.mongodb-is-web-scale.com/), this statement is still absurd.

Every major language, or at least the ones that matter for backend development, has support for thread multiplexing / coroutines / fibers, whatever. Perhaps not in the core language syntax or standard library. But it's easy to implement with native code, and so SOMEONE has implemented it in a library if the language has an FFI.

Java, and all of the other JVM-based languages in turn, have Quasar (http://docs.paralleluniverse.co/quasar/).

Ruby has support for primitive fibers baked into the standard language (https://ruby-doc.org/core-2.1.1/Fiber.html), and likewise community gems with more robust functionality like Quasar.

Python 3 likewise has this out of the box (https://www.python.org/dev/peps/pep-0492/).

The list goes on and on: https://en.wikipedia.org/wiki/Coroutine#Programming_language....

Verdex_2 1 day ago 3 replies      
For some reason, when I started my software engineering career I got it into my head that I needed to learn as much as I could about programming languages.

I learned ruby, perl5, python, lisp, forth, ml, ocaml, scheme, haskell, r, c#, java, lua, c++, factor, idris, asm, erlang, prolog, rust, d. But that wasn't quite enough because haskell and idris kept on talking about complicated type theory stuff. So I also learned lambda calculus, type theory, set theory, domain theory, topology, category theory, information theory, sub-structural logic.

What I'm trying to say is that I'm not afraid of learning new things. Even if they seem hard or esoteric.

When I heard that perl6 was ready, I took a look. I like the idea of a lot of what is present in the language (hey look, a grammar engine, that's neat). But ultimately, I decided that it was too much stuff that I would have to learn. Maybe that's just a perception problem on my part, but I have to think that they have some sort of problem if someone like me feels overwhelmed by all of the things that you have to grok in order to understand the language.

Steeeve 1 day ago 5 replies      
I hate perl6. I hate it because I tried to get involved in the project early on, and it led me down the Haskell rathole. I don't know what Haskell looks like today, but a decade or more ago it was the hardest language to pick up that I had ever experienced. It was as if I had a solid background in latin languages and I was trying to pick up Chinese based on a handful of tutorials written by a tourist on the back of a napkin.

But it has been a decade and I am truly impressed with what it has turned into. Unfortunately, it has to re-gain mindshare as if it was starting from scratch. It might be a little bit harder actually, because there are a variety of scripting languages these days that are easy to learn, and there are still more than a few people who actively don't like Perl.

I really liked this slideshow: http://tpm2016.zoffix.com/#/

It gives a good review of Perl6 from early 2016. The video is an hour and a half, but it only takes a few minutes to scan through the slides and find the interesting pieces. (left and right arrow to navigate the slides)

fundabulousrIII 1 day ago 4 replies      
I'll stick with Tcl if I'm going to use a glue language that has green thread like functionality and an event loop. early choices were tcl or perl: went Tcl and never looked back.

As far as web development in perl..well have fun convincing everyone on the node.js and python bandwagons to move 'back' to perl. Glad it works for you.

ricardobeat 1 day ago 2 replies      
Crystal (http://crystal-lang.org) has fibers and channels. Current implementation isn't multi-threaded but it's being worked on. So you'll get that concurrency + nice syntax + types + a wonderful stdlib.

EDIT: as seen in other responses, options abound: Python 3, Elixir, D, Dart and more all have built-in concurrency primitives, not to mention that discarding nodejs because of "callback hell" is at this point laughable.

IceDane 1 day ago 3 replies      
> Why is this important? Concurrency is hard and if you want M:N thread multiplexing (i.e. WEB SCALE CODE, where application threads arent pinned to pthreads) your options today are precisely Erlang, Go, .NET, and Perl 6.

I guess the author doesn't know about Haskell? The concurrency story for Haskell is great, and using the right library, you can literally just define types for the routes for your backend and then ask it to generate JS for your frontend.

joosters 1 day ago 4 replies      
Maybe it's because I'm old, but I don't see the appeal of M:N multiplexing in a programming language (i.e. 'green threads' or some other user-level context switching)

For long-running tasks, if they are I/O bound you can use non-blocking I/O and event loops. If they are CPU bound, then use threads or separate processes. The two techniques can be combined to scale well across multiple cores.

The OS is designed to schedule workloads, it has decades of development in doing this, and has all the system-wide information needed to schedule tasks well across the CPUs. why re-implement the wheel in your programming language?

SeanDav 1 day ago 2 replies      
Without a "Major" sponsor, or a "Rails" type killer application, Perl 6, or indeed any language, will struggle to get significant traction.

It is of course possible to gain slowly over time, but with numerous languages competing, that path may be a dead-end.

athenot 1 day ago 1 reply      
I'm glad Perl6 finally went the route of MoarVM. I always felt that ParrotVM (which was supposed to also run Python and Ruby) was a terrible distraction and scope creep. The idea was laudable but it would have required buy-in from the other communities. As much as I like Perl, I don't think that would have been fair to them, as Python and Ruby have evolved into their own respective identities.
aduitsis 1 day ago 2 replies      
Read the article, very informative. Pleasantly surprised to find out that it doesn't mention at all language traits like syntax, but focuses on the features of Perl6's underlying VM, specifically MoarVM.
mempko 1 day ago 1 reply      
Best argument to use Perl 6 is that it's fun. Like really fun. Whatever language you are using is boring. Perl 6 is just damn fun. It's like your favorite language but with dollar signs, and funner.
nige123 1 day ago 0 replies      
Perl 6 is indeed fun - it's even optimised for it [1]!

I'm enjoying using it for command-line tools and web applications - it's expressive and scales with the problem space.

1. https://perl6advent.wordpress.com/2015/12/20/perl-6-christma...

krylon 1 day ago 6 replies      
Can anyone recommend a good book on Perl 6? Are there any (even bad ones)?

Right now I feel the major reason that keeps me from investing time in Perl 6 - besides adoption by distros - is the lack of a good book, like the Lama and the Camel book for Perl 5. It's kind of frustrating after having waited so long.

throwaway7645 1 day ago 1 reply      
Perl6 is indeed a very nice language that I've been watching for a few years. As soon as the performance beats Python and the stability is solid I'll probably switch over from Python...there's just a lot there.
pmontra 1 day ago 2 replies      
On a sidenote

> or Nginx or Node.js without the callback cacciatore.

What's a cacciatore in this context? It means hunter in Italian. Probably something messy if it means the same as callback hell.

contingencies 1 day ago 1 reply      
Great quote on perl5...

In #devops is turtle all way down but at bottom is perl script. - @devopsborat

ainar-g 1 day ago 2 replies      
Can Perl6 merge all of its generated VM code into one "package"? One of my favourite things about Go is that you can statically compile everything and then deployment basically becomes scp.
jypepin 1 day ago 10 replies      
why is everybody saying they are put off by Go? Did we pass the "trend" phase and now it's cool to say go sucks?
16bytes 1 day ago 3 replies      
Even though this could more properly be called, "Why having language support for M:N thread multiplexing is important", I thought it was a refreshing article on why I might actually use a bit of perl6.

Last year I attended a conference and saw Larry Wall speak. It was an overview of Perl 6 and I was completely underwhelmed. Larry spent about half the time talking about unicode support. It wasn't a boring talk, but I never felt a moment when I said, "Awesome! This is a pain point in some other languages and I would pick up perl6 if this ever happened again."

I don't want to write perl6 completely off, but I have found that perl6 advocates have not done a great job on why you would actually want to use it. It's hard to justify learning "different" syntax just because someone says, "hey, it's fun!".

Rjevski 1 day ago 3 replies      
My personal issue with Perl is how much of a mess the syntax is (10 different ways of doing the same thing), and the lack of a standard library (CPAN is not a viable replacement).
hardwaresofton 1 day ago 1 reply      
It's pretty cool to see Perl adding this feature. My rubric for the three big scripting languages (once upon a time?) was:

Perl: Good at regular expressions, and proper per-processor core threading, Bad because what you wrote will be indecipherable to future you

Python: Very expressive (without being too much), lots of library support, good drop-to-c/do-stuff-fast support, sensible support for object and functional programming paradigms that evolved over time, super useful stdlib. Bad because GIL

Ruby: ???? at least it's beautiful? seems to only be used in codebases that are rails-based which is basically a red flag for me now due to personal preference

It looks like Perl just got another killer feature

rastapasta 1 day ago 0 replies      
thanks for touching the heart of an old perlmonk :)
libeclipse 1 day ago 2 replies      
Thing that really gets me about perl is the syntax, it's horrendous.

No other reason, that's all. Just the syntax.

jonbarker 1 day ago 0 replies      
Does this not help with handling this issue in python or is this considered a hack? http://effbot.org/zone/thread-synchronization.htm
cutler 23 hours ago 3 replies      
Perl 6 carries 2 pieces of baggage from its predecessor - prefixing variables with "my" to create lexical scope and the obligatory "use v6;" at the top of every script. Why can't an advanced language like Perl 6 scope variables without littering "my" everywhere? You don't see it in any other mainstream language I can think of.
pvdebbe 1 day ago 2 replies      
I like writing bash scripts a lot and perl is a natural step-up with powerful libraries to use. As others have said, the major obstacle for me has been the lack of great literature.
spion 1 day ago 0 replies      
Needs a correction re: node.js. It does have await and does switch context now.
grondilu 1 day ago 1 reply      
> Guess what it outputs?Nothing! Just kidding, youll see a lot of distressed messages from tasks that passed out wait for the phone to ring, and woke up wearing someone elses OS thread.

Well, as a matter of fact I really got no output at all :(

Paul_S 1 day ago 1 reply      
This would've been so much easier if they just called Perl 6 something else. Would've saved them so much aggravation.
_pmf_ 1 day ago 2 replies      
> Concurrency is hard and if you want M:N thread multiplexing (i.e. WEB SCALE CODE, where application threads arent pinned to pthreads) your options today are precisely Erlang, Go, .NET, and Perl 6

Why mention .NET here? Async code in .NET works with a dispatcher thread (-pool) under the hood, which is nothing like the greenish threads that the other systems offer. Am I missing something?

saysorry 1 day ago 0 replies      
I ctrl+F searched these comments for the word "hipster", 0 matches. If this was about JavaScript though...
Thaxll 1 day ago 2 replies      
Perl is pretty much dead, I don't anyone still using that beside legacy code.
kazinator 1 day ago 0 replies      
All I think about when I hear M:N thread multiplexing is "1992 is calling to have its stupid threads hacks back".

M:N is what you do when you don't have real kernel thread support. You hacked N user space threads per process (N:1) but then 1990 rolled in and cheap SMP with M processors started to spread across the land, so you needed N:M to take a bit of advantage of that.

mapcars 1 day ago 1 reply      
It's terrible that you put Erlang on a list with other languges/VMs.

>Theres no GIL, so unlike Those Other Languages

There is no GIL in EVM as well, but playing with the words you make it look like "all are the same". This does not deserve top HN and just stupid.

If your Perl6 VM is _so_ great, why didn't you mention anything about what's really important like preemptive scheduling which has been Erlang's unbeatable feature since the beginning? Less hype and more details, please.

Docker operations slowing down on AWS jeremyeder.com
422 points by pradeepchhetri  1 day ago   164 comments top 17
chx 1 day ago 21 replies      
And then people consider me a dinosaur when I say, no cloud, just rent a server or two (not colo! just dedicated servers). Your average web service does not need to scale near infinitely; for the same amount of money you pay to Amazon you can overprovision 3-5-10 times and that'll handle your spikes. No surprises. Same amount of work: EC2 and bare metal both gives you a root prompt, go from there. These days you can get things provisioned with 24 hours -- some providers will do it in minutes. Of course, Amazon provides a lot of services beyond basic EC2 instances but if you use them you have a very ugly vendor lock and heaven forbid you want to do something else in the future...

This is like a double trap many try to sell to startups: a) you need to scale across many machines and b) the way to scale is the cloud. My take: a single machine (or two for HA) will be enough, if you really want to go big separate the web server from the database but that's it. And yes, I am in the website performance business, I worked on the video purchase platform of one of the largest British television stations and even that didn't require more than a single database server and a single Redis server for caching layer. Harken to https://stackoverflow.com/questions/5131266/increase-postgre... this question from 2011 discussing speeding up from like a thousand inserts per second at the cost of data loss -- today you will write on an SSD and don't need to risk data loss. Does your web site / app really get a thousand writes every second? I thought not. Does it even get a thousand reads? If not, then why are you building a complex database cluster...?

The other day I saw quad E7-4870 (yeah won't win any single thread contest but has 40 cores and 80 threads) 512GB RAM servers for $299 a month, with 1TB RAM for $499. Had a low end 2TB SSD for boot and you could add 8x1TB HDD w/ HW RAID for $40...

sudhirj 1 day ago 3 replies      
While the article is factually correct, the tone strikes me as being disingenuous. The problem seems to be that the servers were running on gp2 disks, which offer a performance baseline with free short term bursts based on credits collected. The author has just realised that for consistent throughput, they would have to choose provisioned throughput and pay accordingly.

This isnt some conspiracy by AWS, though. Its all in the documentation and isnt even hard to find. If you want X ops per second baseline with occasional bursts you pick option A, or if you want consistent Y ops per second you provision and pay for Y. Read the manual - not having read the docs or explored the console is not an excuse to say that a service provider is being shady or rent seeking.

BurritoAlPastor 1 day ago 3 replies      
The author's takeaways include moving disks to io1. This is a bad bargain in most cases, and particularly bad in the ~500 IOPS range (which is what I'm seeing in the Grafana screenshot there).

gp2 disks get 3 iops per gig "free", bursting up to 3k. (They don't burst after 1 tb, because your baseline performance is higher than the burst rate.) io1 is 25% more expensive per-gb, and you pay by the IOPS on top of that.

A 175gb gp2 disk will give you 525 IOPS baseline, at $17.50 a month. I'm guessing his volume is about 40gb, doing math backwards from his bottlenecked IOPS; a 40gb io1 with 500 IOPS will cost you $83.75 a month! And on top of that, AWS will cap you hard at that 500 IOPS; the gp2 can still burst if needed.

I know of two general cases where io1 disks are worthwhile: if you need more than 10k IOPS, or if you have very high IO requirements but very stable disk space usage (e.g. high-performance RRDs). Crack open Excel and do the math; it's worth the five minutes to check.

(Also, your burst balance is available as a Cloudwatch metric, as I recall! Set alarms on that shit!)

user5994461 1 day ago 0 replies      
Performance management 101 on AWS volumes:

1) The IO of a disks is proportional to the size of the volume. You need to get bigger volumes to get more performances. 3 io/GB

2) The high performance volumes (io1/PIOPS) are extortion. It's cheaper to pay for a bigger regular volume (gp2) that comes with a higher IO quota than to pay for the special high performance volume.

3) Each instances type has a disk performance cap. They are lower than you think.

4) Don't use t2 instances for anything that requires non negligible sustained IO.

P.S. Clearly the author is just discovering AWS.

shusson 1 day ago 2 replies      
tldr: AWS EC2 has the concept of I/O credits for storage. If your instance runs out of credits, bad things, which may seem completely unrelated, will happen.

I was having similar issues last week and did not consider I/O credits. I think AWS could do better at notifying you if your EC2 instance gets into this state (without having to set up a cloud watch alarm).

x7467 1 day ago 0 replies      
We hit the IOPS limit on AWS many times, both on VMs and SQL instances. The solution was always to artificially inflate the size of the underlying storage, as you get 3 IOPS per GB on persistent disks (the other option was to buy IOPS, but this somehow always turned out to be way more expensive).

This issue was on a "pros" section when we decided to move our operations to GCP, when you get 30 IOPS per GB on persistent storage, so 10x more than on AWS. One way or another, if you really need _a lot_ of IOPS, you better stick with a local (ephemeral) SDD storage just bear in mind it will vanish along with your VMs.

rixed 1 day ago 1 reply      
In other words, if you do not rate limit yourself then others will rate limit you.
notacoward 1 day ago 0 replies      
The debugging story was interesting, but what really sticks out for me is that Amazon has pretty tight QoS working for distributed storage. That's actually a really hard problem - much harder than its better known networking equivalent. As much as I might curse the Amazon business folks for using it to screw customers, I also have to give kudos to the engineers for implementing it.
eikenberry 1 day ago 3 replies      
Why not use an ephemeral volumes for the docker data. This is a CI system, so the docker images are all transient anyways. Seems like an easy way to avoid the I/O credits.
chucky_z 1 day ago 1 reply      
A 1TB gp2 volume is cheaper than an 1TB, 3000 iops io2 volume, and provides nearly-identical characters.

Only use io2 if you have a latency sensitive application or need more than 10,000 iops. Even then you can RAID10 some gp2 volumes together and with enhanced networking get I believe 30k iops out of one instance.

whatnotests 1 day ago 0 replies      
+100 points to the excellent debugging skill demonstrated by the author.

It's great to see someone in top form.

jgrant27 1 day ago 0 replies      
I think after a decade of "Cloud" hype that many customers are finally realizing that the costs/benefits of using a provider are just more complicated and more expensive for most of their needs.
nvivo 1 day ago 1 reply      
EBS optimized VMs looks nice on paper, you can choose the size and pay for your needs only. But the once you start to use the disk in production you see the problems.

In short, if you want to use the disk a lot, you need to pay a lot. If your app is slow on aws and uses EBS as storage, increase the disk size, not the VM instance type. This is true mostly for database performance, which once the RAM is filled, relies on IO a lot to get new pages from disk.

qaq 1 day ago 0 replies      
if you don't need to deal with HIPAA PCI DSS etc. going with DO, Vultr and the like would save many startups considerable $ compared to AWS.
vacri 1 day ago 1 reply      
How do you flip a volume on the fly? I thought you had to do the "snapshot > make new volume > reattach" route

edit: thanks for the info, znep(hit my comment limit, hence the edit... )

fapjacks 1 day ago 1 reply      
For me, this style of writing really detracts from whatever the article might actually say.
nailer 1 day ago 1 reply      
If you're interested in IO performance, maybe don't run Docker - whose main advantage over VMs is fast IO - on top of VMs unnecessarily?

Triton and OpenShift add proper isolation to Docker and hence provide fast IO since you're not adding a layer of Xen.

Elixir 1.5 released github.com
472 points by eugene_pirogov  2 days ago   158 comments top 20
josevalim 2 days ago 2 replies      
Official announcement: https://elixir-lang.org/blog/2017/07/25/elixir-v1-5-0-releas...

We have published a draft version of the announcement since the release notes are not super helpful for those unfamiliar with Elixir. Is it possible to update the link to the official announcement? Thank you!

EDIT: We are done with the changes on the draft. We've added asciicinema snippets to show some features, improved the section on Calendar changes and also mentioned the compilation time improvements (expect at least 10% faster compilation).

FlyingSnake 2 days ago 6 replies      
Elixir is truly an under-appreciated language. I've only toyed with it, and I'm really impressed with the whole ecosystem. Elixir, Phoenix, Ecto, Hex, etc all make a great ecosystem, and the awesomeness that is BEAM/OTP is just amazing. I loved the hot code deploys, and updating a system while it's running is something I've never seen before in action. Also Rustler is a great way to write CPU intensive NIF code too.
deedubaya 2 days ago 4 replies      
I highly recommend playing with Elixir or another purely functional language. I've only gone through the Programming Elixir book[1], but it has fundamentally challenged how I think about solving problems in other languages.


Existenceblinks 2 days ago 4 replies      
It's a fast-paced development! That's pretty great. I hope core team would consider slowing down a bit and catch up with Deployment, Monitoring(which Phoenix team working on it) and Platform(e.g. http/2) departments.

v1.5 seems to have a bunch of bug fixes and deprecation (Hah! I'm not sure if it's like move fast and break thing). It is potentially the case.

In every important part, there seems to have a solo smart person working on it. E.g. Cowboy(I know it's erlang but Phoenix depends on it significantly), Distillery. That could be a good thing. Less people may catch up with each other faster. It also mean a load of works! And also mean some convention are out of sync (e.g. configuration which I think Conform is the proper way lately)

pjungwir 2 days ago 4 replies      
Can anyone doing Phoenix in production share their typical HTTP response times?

I built a small Phoenix project about a year ago, and compared to Rails it wasn't quite as fluent but still pretty nice. But ever since then, I've been trying to decide if the extra development time is worth it for the performance gains. I get that Elixir is more scalable, and I love how the RAM requirements compared to Rails are tiny, but what I still haven't been able to really answer is the latency improvement. According to these benchmarks it is about as fast as Django:


Is that really the best I can hope for?

nichochar 2 days ago 1 reply      
There's quite a few nifty little things in this one.

I'm not sure I like the child_spec change, personally I like the supervision mode to be explicit when calling children.

I do like the developer tools, the breakpoint support, the UTF8 for atoms (which I'm realizing we may want in our DSL since we're converting user input strings to atoms), and the @impl that allows to explicitly declare which functions are there for an interface.

Overall, it's amazing to be part of the elixir community, rarely have I seen such emulation, positivity, speed of growth, and effectiveness achieved so fast for a language. Congrats @josevalim for bring the power of BEAM through a wonderful syntax!

stefanchrobot 2 days ago 3 replies      
Congrats on the new release! While this is all great news, it's still quite hard to get a full-time Elixir job outside of US. Kind of like staring at the candy shop display while it's closed. I'm wondering how to make this happen. I'm in a place where Elixir is just not going to happen and seems unreasonable to expect that I'll be able to convince people to switch to it right after joining a new place. Seems like the only option is to find spare time for playing with Elixir, but that proved to be difficult when I need to invested time in a different stack that actually helps me pay the bills.
artellectual 2 days ago 0 replies      
I think this is the best news all week! Congrats to the Elixir team. I love working with Elixir. Hopefully I will be able to contribute to the ecosystem soon. Excited about the future.
sergiotapia 2 days ago 1 reply      
I haven't had this tingly feeling since when I first used Ruby/Rails 2. Elixir is growing and setting the bar of what "developer ux" means.

mix testmix docsGenserver Pattern matching

The list goes on, you find yourself in The Zone more often.

alberth 2 days ago 0 replies      
I would love to see these 2 year old performance benchmarks updated where Elixir scaled to 2m connection on a single node.


s0l1dsnak3123 2 days ago 0 replies      
Congrats to the Elixir core dev team for another fine release. The improvements to iEX's debugging capabilities are going to make a big difference to day-to-day developer UX. Thanks!
mrmicahcooper 2 days ago 0 replies      
What an amazing release! I've never been as excited about a language and its ongoings as I am with Elixir. Thank you Elixir team for creating such a great language and making all of your work so accessable, transparent, and friendly.

Well done!

fnordsensei 2 days ago 4 replies      
What frontend stack fits Elixir most symmetrically? Is there a "ClojureScript" to Elixir's "Clojure"?
raphy 2 days ago 0 replies      
Great news, all those debugging improvements look great. I was actually considering how break points would help me on my current debugging.

I've been using Elixir for almost two years now and it's no silver bullet, but overall it has been a really great experience.

cooervo 2 days ago 0 replies      
Good news from elixir and erlang
olavolav 2 days ago 1 reply      
That, great news, I'm especially curious about this line here:

[ExUnit] Show code snippet from test source file in case of test errors

ExUnit backtraces have historically been a bit hard to read sometimes IMHO.

Touche 2 days ago 3 replies      
What do people use as a PaaS provider for Erlang/Elixir?
saurik 2 days ago 1 reply      
"Using () to mean nil is deprecated" <- interesting.
BigIQ 2 days ago 1 reply      
Could somebody explain the @impl feature in a little more detail. I'm confusing the terminology of callback functions I think.
logingone 2 days ago 5 replies      
Is Elixir being used exclusively for web development? If not, what else are people using it for?
       cached 28 July 2017 02:11:01 GMT