hacker news with inline top comments    .. more ..    30 Jul 2017 Best
home   ask   best   2 years ago   
Sci-Hubs cache of pirated papers is so big, subscription journals are doomed sciencemag.org
604 points by happy-go-lucky  2 days ago   235 comments top 30
TeMPOraL 2 days ago 18 replies      
I'm very happy to see SciHub going strong - for all the obvious reasons. Now let's just hope they back up to IPFS (if they do, I'll happily pin some of it).

I want to go off a tangent here, though. Now that open access (whether arXiv or SciHub style) is becoming the norm, I wonder what can be done to improve the format of scientific papers? Like e.g. making them more like this:


instead of regular PDFs?

welder 2 days ago 1 reply      
Good riddance, limiting access to scientific articles is a detriment to the advancement of humanity.
fsloth 2 days ago 2 replies      
Basically, the publishers asked for this. Denying open access to old papers from humanitys point of view is wastefull. The planet is full of hungry minds. Who knows where the next Ramanujan comes from and which discipline he or she chooses but given the non existent transaction cost of reading an old paper it would be beyond silly if they could not do it for free.
philipkglass 2 days ago 3 replies      
I had quite a bit of exposure to pirate journal archives before sci-hub arrived. A couple of easy improvements that I saw with past pirate libraries, that it'd be nice to have on sci-hub:

- Strip download watermarks ("Downloaded by Wisconsin State University xxx.xxx.xxx.xxx on January 12, 2017 13:45:12"). Many times, journals published by the same publisher do the watermarking similarly so you need write just one pdftk (or other PDF manipulation software) script for every journal under their banner. At worst, it's a one-script-per journal effort.

- PDF optimization. A lot of publishers produce un-optimized PDFs that could be 25% (or more) smaller with a completely lossless space optimization pass. This should save storage/network costs for access to individual papers and, more importantly, reduce the burden for bulk mirrors.

(I'd contribute the scripted passes myself if I had contacts within sci-hub.)

icelancer 1 day ago 0 replies      
Alexandra Elbakyan's work is one of the most positive and important things to happen in the last 3 decades in the field of science, which has been gradually losing its luster due to the bastardization and devaluation of the field by politicians and salespeople using it like hucksters.

Elbakyan's work has inspired me to only publish my work in jornals that embrace open access and open data. I'll be damned if I am a slave to impact factor and other haughty metrics.

headcanon 2 days ago 5 replies      
The change won't be immediate though. I don't think universities, which are journals' bread and butter, are going to stop their subscriptions anytime soon. Stopping a journal subscription because everyone is using sci-hub anyway (even if they researchers really are on an individual basis) might open the door for copyright suits against the universities, which would undoubtably be more expensive than just keeping the subs going, especially since its just a line item in an accountant's book. I'm sure it will happen eventually, but journals might have enough time for some to pivot to some more nuanced business model before they go bust.
dekhn 2 days ago 3 replies      
The origin of the web was to disseminate scientific knowledge. The guardians of that knowledge- the journal publishers- have absolutely failed to make a viable business model out of this, while many companies who adopted the web made billions.

While I do not use Sci-Hub, I think that users who use it are doing so morally and ethically (in the sense of conscientious objection). i hope they are also willing to pay penalties if they are found to be violating copyright (this is generally considered a requirement for intential protest).

sixdimensional 2 days ago 2 replies      
So, fundamental question here - if scientific articles (or anything that can be copy protected, etc.) can be released online in this manner to "free the knowledge", and yet, given such free access, there are still people that will pay for a subscription to access the same scientific articles, wouldn't that be the best solution?

I see people commenting that just because of this release, universities won't cancel their subscriptions to the journals. Well, that would be great - let them keep paying, while the content also gets out for free.

This is like the trend where you can pay what you want for stuff, or nothing. I wonder if that model would apply to scientific research - pay what you want for the paper, or nothing - but if you want to support that research.. hopefully people would still pay.

Just thinking out loud... probably already been thought of or wouldn't work (or I'm just self-defeatist). :)

drewda 2 days ago 0 replies      
I'm all for Sci-Hub disrupting the dominance of RELX Group (a.k.a. Elsevier) and other for-profit publishers that make such a big profit off the backs of researchers (who write and edit for free) and grant-making organizations (who fund those researchers).

But it's unfortunate that Sci-Hub is also disrupting non-profit scholarly associations that cover their own budgets through journal subscriptions. In these cases, the fact that libraries and readers have to pay for access to an article is somewhat balanced out by the fact that those fees are going to pay for staff, conferences, and the other worthwhile activities of the non-profit associations.

koolba 2 days ago 3 replies      
So is Sci-Hub like Oink[1] for scientific papers?

EDIT: For those not familiar, Oink was a torrenting site but what distinguished it from the tons of other sites was how highly curated it was. High quality audio, proper grouping and genres, and best of all you could request anything that was missing and the community would magically add it.

[1]: https://en.wikipedia.org/wiki/Oink%27s_Pink_Palace

CorvusCrypto 2 days ago 2 replies      
How does this doom subscription journals? I mean it would be nice but realistically it just means they move to exploit the university subscriptions since the professors can't admit use of illegally obtained copies. They can further exploit the authors since many journals require payment from the author for submission and some journals charge in the hundreds. One might say "just publish to a different journal" but it's not that easy. Because of the heavy reliance on Impact Factor in scientific publishing, it is the journals with those high impact factors that the authors will try to publish to. Regardless of whether or not they are being pirated.

This is sad to say, but in reality I think this isn't going to massively impact things for the publishers. Academia at its core is where the problem lies. Sure paid subscriptions are a big part of things, but it's the stuff most don't realize (the authorship fees and institution sub fees) that give the publishers power.

darawk 2 days ago 0 replies      
The death of for-profit scientific journal companies will be a beautiful thing for the world. It's really rare to see something that is so purely valueless. This industry is sort of unicornlike - they've managed to extract rents in an area where they add literally zero value. It's truly an amazing thing, and it will be even more amazing to watch it die.
sillysaurus3 2 days ago 4 replies      
I was surprised that it's still considered rude to link to sci-hub: https://news.ycombinator.com/item?id=14714577#14715252

Anyone know if this is a typical sentiment? I'm just curious if it's true that many researchers are offended by this movement, and what the reasons are.

I firmly believe that there are always two sides to any topic, so we should explore the flipside. What are some arguments against blatantly opening up access to paywalled articles?

biomcgary 2 days ago 0 replies      
I've met the author of the study, Daniel Himmelstein, who is quite passionate about making information free. Projects in his github account (https://github.com/dhimmel) tend to use a CC0 license. Some of his work involves aggregation of data (e.g., https://github.com/dhimmel/hetionet) that is encumbered and he has put a lot of effort into making it as free as possible. His project carefully documents the license for each data point and he took the time to ask copyright holders that do not provide an explicit license to do so.
return0 2 days ago 0 replies      
The Noah's Pirate Ark that will save all of humanity's knowledge from unreliable publishers.
return0 1 day ago 0 replies      
The academic world has missed some decades of advancement of communication. In a world where all published science is open for meta-processing, the burden of validating science would shift to search engines. There would be search engines competing with scientific-SEO of course, but in the medium-run this would improve scientific writing, and possibly speed up science in general. In the end there will always be some private actors doing the work of "ranking" scientists. Academics are hanging on to the current peer-review journals precisely because they don't want to give that power to other actors.
pdimitar 1 day ago 0 replies      
I'll be that guy who will gladly eat some downvotes for this apparently unpopular opinion:

"Science" and "subscription" (or any monetary incentive) don't compute in a single sentence. Aren't scientists funded by governments and/or corporations? Why should anyone pay them a royalty above that?

It's a legit question and not trolling, don't mistake my slightly angry tone for degrading please.

philipkglass 2 days ago 1 reply      
I don't think that sci-hub is going to kill off institutional journal subscriptions in the developed world. It's similar to how developed-country universities didn't stop buying licensed software and start passing around cracked versions to their faculty and students. Journal revenue isn't going to plummet like CD sales after Napster, because it's not individuals doing most of the purchasing in the first place.

Individuals and institutions in poor countries may well turn to sci-hub. I certainly have. But I would venture that not much of the journals' revenue came from individuals or poor institutions in the first place. I didn't pay to read paywalled papers before sci-hub either; I got them via authors' sites or personal contacts, or just didn't get to read them at all.

turc1656 2 days ago 0 replies      
Looks like Aaron Swartz's vision for the free, collective ownership of mankind's scientific knowledge is well on its way. I wish he were still alive to see Sci-Hub in action.
filedrawer 1 day ago 0 replies      
I work for a scholarly publisher and I'd be very interested in hearing about whataside from costwould cause you to go to Sci-Hub for a paper?

Is it reading experience? Site performance? Difficulty in navigating publishers' sites?

Are there any good experiences you can point to? I'm really interested in making this better.

revelation 2 days ago 1 reply      
Does Sci-Hub actually have all the papers or are they just retrieving them on-demand?

Publishers are tracking mass downloads (see the Aaron Swartz case) so given some of the very obscure papers I've retrieved from Sci-Hub I assume it's unlikely they downloaded them beforehand. My go-to assumption for how it works is that a bunch of people have donated access to their university network access and Sci-Hub is just a load-balancing / cache layer.

bogomipz 2 days ago 1 reply      
Can someone who's familiar with this research paper subscription model that is threatened a la Elsevier explain to me how we got here?

I am curious if at one time did Universities publish these independently and were they more accessible to the public? When did this practice of restricting access to papers via subscriptions begin?

kazinator 2 days ago 0 replies      
They should expand into engineering: I don't see any IEEE or ISO standards in there, for instance.
daveheq 1 day ago 0 replies      
Now if we could get the government version of this...
andrepd 2 days ago 0 replies      
Thanks! That reminds me I should donate to Sci-Hub!
sonium 2 days ago 1 reply      
This will be a catalyst for open-access
joelthelion 2 days ago 0 replies      
If only. I'm convinced they will find a way to shut her down.
vbuwivbiu 2 days ago 0 replies      
and it's better than all of their websites!
agumonkey 2 days ago 0 replies      
Anybody mirrored (or attempted to do so) libgen ?
mcappleton 2 days ago 1 reply      
It's not just the publishing industry that is the problem. It is merely a symptom of the greater malaise in higher education as a whole.

The focus is on degrees, not on true learning. So much of what occurs is in universities is total waste. But people put up with it to get the paper. As long as people keep blindly giving absurd sums of money to get the paper, these expensive publications will last. The answer is for people to wake up and value learning over a diploma. When that happens, then finally issues like this will go away. Heck, as a bunch of people have pointed out, many of these papers aren't even for real learning. They are worded in such a way as to make them sound smart to their peers, but unintelligible to the public.

Petition to open source Flash github.com
545 points by pkstn  3 days ago   239 comments top 48
notacoward 3 days ago 26 replies      
No no no no NO. It's time to get rid of Flash. Open-sourcing will make it live forever.

Flash has very little to offer that is not at this point duplicated (or improved upon) by others. It's also woefully insecure. "Many eyes make all bugs shallow" will only work for the most trivial bugs in the most common code paths. Plenty of vulnerabilities will remain. In open source, they'll be even easier for attackers to find and exploit. If you want something open-source and (mostly) Flash compatible, follow nkkollaw's suggestion: support one of the already-open-source alternatives.

aylmao 3 days ago 0 replies      
I learned to program in ActionScript 2 on Macromedia Flash MX back in high-school. In spite of all the (deserved) hate Flash gets, we got to give it credit too.

- It was a response to the stagnant IE-dominated web that allowed people to experiment and create incredibly rich content that is still hard to replicate.

- It's editor was amazing for introductory programming. It was as easy and intuitive to use as any vector-graphics editor, but you could get really complex on your programming too. It was very visual, very graphical, which helped.

- It was great for animation. I really can't think of anything that compares. There's lots of animation software out there but most are targeted to video. There's lots of libraries for animating Canvas/SVG, but they don't have interfaces/editors for non-programmers. Flash was an amazing middle-ground; a great creative AND technical tool IMO.

- ActionScript was nice; it wasn't daunting, it had types to help you, but they didn't clutter the syntax. If I recall correctly, the tooling wasn't too shabby either, with good auto-complete and suggestions as you type.

It's thus no wonder it caught on like wildfire and there was so much content for it. It was a good option for technical projects and creative ones, beginners and experts. I definitely don't want to see Flash making a comeback on web, but I wouldn't mind seeing it in standalone applications (assuming security doesn't become an issue), and I could see its value on education, granted, with the right editors and tools.

jarym 3 days ago 5 replies      
So much hate for Flash. Yes it has regular security holes, is CPU hungry and a lot of people used it to create some mightily annoying things....

But Flash was a gift from the gods back in the early days of IE and most people forget that. If you wanted to make some HTML look nice you had little more than the dreaded 'blink' tag to work with.

If it weren't for Flash I doubt we'd have anywhere near as advanced CSS, SVG, Canvas and HTML5 bells and whistles that designers can actually use now.

I doubt Adobe will open source it though. They probably know there's a whole heap of other security issues in it that'll get found and exploited as soon as they release it. Your average user won't be able to patch fast enough!

nkkollaw 3 days ago 6 replies      
Why not contribute to well-established open source Flash players?



ransom1538 3 days ago 2 replies      
Again. From my game dev days, the people that really lose (over and over) are the artists. Millions of hours have been sunk into laying out vector graphics with the Flash IDE. Code I understand should eventually be tossed away, but, not art. I guess staring at millions of beautiful vector timelined illustrations changed my opinion - but it is art to me. And like books, I think its a sin to toss. I hope the artists convert their .fla files over and save what they can.
nradov 3 days ago 3 replies      
Chances are that Flash contains licensed third-party IP and thus Adobe couldn't unilaterally open source it even if they wanted to.
simion314 3 days ago 3 replies      
I can't understand why people are against open sourcing some proprietary code, why would it affect you? If you hate Flash that much you will have the opportunity to see the source code and confirm that is bad. All the open source reimplementation are incomplete, so with the opening up of Flash the open source ones could have a look (if license allows) and finish the reimplementation.
mstade 3 days ago 2 replies      
FWIW I posted[1] in the Flash EOL thread the other day that an Adobe employee told me years ago that licensing issues were the main hindrance to open sourcing the Flash player. (Another HN user who said they used to work for Adobe seems to back this up.) A lot of technology in the player was licensed and difficult to remove/refactor such that the player code could realistically be opened up, and there was little business incentive to invest resources into it. I'd imagine the incentives are even less now.

[1]: https://news.ycombinator.com/item?id=14850791

fenomas 2 days ago 0 replies      
I worked at Adobe near the Flash team back in the day, and the PMs I knew would have absolutely loved to open-source the Player. The problem isn't willingness, it's third-party code, of which there is apparently a lot.

If there was just a button to be pressed, Adobe would have pressed it circa 2010. But at this point, I think open-sourcing Flash Player is the kind of thing where the project to figure out what all would need to be done would cost more than Adobe would want to invest, never mind actually doing the necessary work (both engineering and legal).

gamedna 3 days ago 2 replies      
Flash has generated a tremendous amount of assets that will be lost. Preserving them for historical reasons is extremely important but i am far less interested in preserving the technology than preserving the idea or creation itself. I would love to see an effort around conversion or transcoding flash assets to other technologies. For example, flash movies being rendered to an open standard or flash games being automatically converted to javascript/html5. The content creator deserve to have their legacy recorded and maintained but this is not the solution. (granted it may be a solution for other use cases, but i am not sure what those are)
Anatidae 3 days ago 1 reply      
There could be an issue of opening up even more security issues for people with Flash still installed. That, in turn, will likely lead to an all out campaign to remove Flash from everything possible (maybe not a bad thing at this point).

But, honestly - Flash as a platform hasn't advanced much in quite a while. What it once offered - rich multimedia runtime engine across platforms - is either available in the browser directly or can be attained through even more rich engines such as Unity3D.

rnhmjoj 3 days ago 0 replies      
As long as it stays away from a browser it's perfectly fine.

I am already using gnash to run flash games and a feature complete open source implementation would be very welcome.

pan69 3 days ago 1 reply      

 Notice: The idea is not to save Flash Player, but to open source Flash!
What exactly is being referred to here? The Flash authoring tool I assume? As in, the application that you install on your desktop and use to create Flash animations with?

I think a better description of the purpose of this petition might be a good idea. A lot of people conflate Flash and Flash Player.

JohnTHaller 3 days ago 1 reply      
No, you don't need your silly flash player to play free games in your web browser or offer to users at a payment plan and method of your choosing. We've got this great app store for you to use that only costs $100 a year to submit apps to and we keep 30% of all the money you make on your game.
Animats 3 days ago 0 replies      
Just for historical reasons, it's good to have the source out there. Fifty or a hundred years from now, someone may want very badly to recover some old .swf file.
midnitewarrior 3 days ago 0 replies      
I don't think anybody wants to see what's actually under the covers. Also, I'm pretty sure they've licensed patents from other participants, so it's not very likely they would bother trying to figure out all those details.

Future history does need a copy they can use in the future to look at web sites of the past though. Content that relies on proprietary technology will be lost in the annals of history.

scj 3 days ago 0 replies      
Open sourcing code allows a new vector for finding vulnerabilities. Just because the software reaches its EOL doesn't mean it is removed from every computer.

I believe that open sourcing Flash should be done for the sake of software preservation. But I would recommend 2025 (end of life for Windows 10 and IE11) as the earliest release date.

BatFastard 3 days ago 0 replies      
You have to understand the source of the problem. The browsers do NOT want to support this level of plug-in since it is less secure. That is why the Unity plug-in went away, that is why ALL plugs ins are going away. Flash is still alive as AIR in mobile and desktop. But it is DEAD in browsers.
mirekrusin 2 days ago 1 reply      
"So Adobe, you're killing Flash now. That's fine since you apparently can't fix it."

Seriously, why start with sentences like that if you really care about it being open-sourced?

madshiva 2 days ago 0 replies      
If you want save flash, just install an virtual machine with WinXP and stay in the past. Too much website still use flash.. come on they have been warned so many times, flash must die.
joe_momma 3 days ago 0 replies      
There should just be a Flash only browser with an HTML5 blocker muhahaha.
unsignedint 3 days ago 0 replies      
Aren't more of recent application for Flash is to deliver DRMed video while rest moving to something else like HTML5. If this is the case opensource Flash won't really help...
Brajeshwar 3 days ago 0 replies      
A bunch of us suggested this to Macromedia around 2005. Unfortunately, it never became a popular topic. Adobe took it over and well; turtles all the way down.
pkstn 2 days ago 0 replies      
The idea is not to preserve Flash player as is, but to open source Flash spec to make it possible to archive all the good stuff out there!
flashplayer_exe 3 days ago 0 replies      
Browser vendors are already disabling flash by default.There is no need to "kill" anything. Even if it were opensourced today it will still meet the same fate. The only people who care about open sourcing are those who want a standalone flash player for archival purposes.

Gnash works pretty well with non AS3 noninteractive movies and looping swfs. Most games are still broken though.

zwetan 3 days ago 0 replies      
what about petitioning Google so they open source Swiffy ?

To me Google Chrome is the one responsible for killing Flash, Adobe is just playing catch up.

rhabarba 2 days ago 0 replies      
Where can I sign a petition to let Javascript die before 2020?
jaimex2 3 days ago 0 replies      
Big star from me.

I never understood the hate flash got, sure it was abused by ads but to this date I have never seen the same level of animated and vibrant websites that were around in its peak.

Everything is the same old bootstrapped template now, its pretty boring.

kahlonel 3 days ago 0 replies      
I would do anything to preserve those white buttons with glowy green borders.
adaml2017 2 days ago 0 replies      
yes! great idea. Also quick observation, Flash is so hard to get rid of because it's still a very useful tool. We're lucky to have had it in the 2000's
odammit 3 days ago 0 replies      
I would love to see what kind of Simcities are in that source code
cgb223 3 days ago 0 replies      
There are a ton of Black Hat hackers who would love to see this petition become real

Shut it down, the internet is massively more secure without flash

prodikl 3 days ago 1 reply      
ActionScript is still loved by the Starling community. I don't really think i'll miss the swf format, though
yuhong 3 days ago 0 replies      
This will probably take years of course. Hopefully the H.264 patents will expire at least not long afterwards.
dhosek 3 days ago 1 reply      
How about a petition to have Adobe put into all versions of Flash going forward code to disable the flash player on the EOL date so that the danger of security vulnerabilities from the damn thing will be greatly reduced.
xilni 3 days ago 3 replies      
Dear god no, please just let it die, I don't care about Badger, Badger, snake or Flash hentai flash game nostalgia that much.
covamalia 2 days ago 0 replies      
Just let it die!
dim13 3 days ago 0 replies      
Let it go gracefully.
rbanffy 3 days ago 0 replies      
Please, let it die.
c4ncri 3 days ago 1 reply      
Let flash die. We don't need it. We got HTML5.
imagetic 3 days ago 0 replies      
Let it die.
ram_rar 3 days ago 0 replies      
Its already open sourced. Its called HTML5!
bricss 3 days ago 0 replies      
Burn it to hell
sureste 3 days ago 0 replies      
I support this. In 20 years when no one is using it anymore and the source code is released for academic purposes.
CrankyBear 3 days ago 1 reply      
Really? Really!? All the years we've suffered with this, this insecure "Thing* and you want to give it eternal life in open source? Not just no, but hell no. You want video? Use HTML 5's Theora, H264, or WebM.
jayflux 3 days ago 1 reply      
Even if this did happen I doubt browsers would support it (as already mentioned)If nostalgia is the problem, it would be far less effort to recompile those games into html5
omarforgotpwd 3 days ago 0 replies      
Yikes. How about a petition to burn it with fire? Petition to erase all mention of flash from history books?
mtgx 3 days ago 8 replies      
Isn't Flash player's code super-messy by now? (a hint towards that could be all the vulnerabilities found for it every week). Open sourcing it would have to dramatically improve the code quality and in a relatively short period of time (2 years max), otherwise browser vendors would never go along with it (nor should they).

Sounds like a daunting task, especially if no big organization/leader takes up the task of cleaning it up, the way OpenBSD did with LibreSSL.

BTC-e and its founder charged in 21-count indictment over hack of Mt. Gox justice.gov
451 points by ryanlol  3 days ago   243 comments top 21
openmosix 2 days ago 13 replies      
The question for me is: why US? He is a Russian citizen, the company is based in Bulgaria, servers in Russia, legal HQ in Cyprus and all the services operated from Seychelles - arrested in Greece. The MtGox hack affected a Japanese company. I'm not debating the nature of the crimes, etc - I am just wondering, when does it become a US case?

I can get the "there were US customers" - but why not Europe? Or Japan? Or Russia? Or Australia? I'm sure BTC-e had customers from all over the world (and money laundry is pretty much a crime everywhere).

So, when does it become "you have broken the US law and you are under arrest"?. Does it work the other way around too? If you start a gay social network in US, can Russia come in (the first time you are flying in one of the Russia's partners territories) and say "you are breaking Russian gay laws, you are under arrest"?

mrb 2 days ago 3 replies      
BTC-E has been seen by the Bitcoin community as "shady" for years. People have always recommend others to avoid using it. It was rumored to be an easy place to sell stolen Bitcoins. It has always offered strangely convoluted pathways to transfer fiat to financial institutions (see http://bitcoinworldwide.net/how-to-deposit-money-into-btc-e). I'm glad BTC-E finally got taken down. I am not surprised it was involved in illegal activities. One less shady Bitcoin company.

Now the top 12 or so volume-ranked Bitcoin exchanges listed at https://cryptowat.ch are perfectly legitimate trustworthy companies. The ones I'm not sure about are CEX.IO and Luno (not saying they aren't trustworthy, I just don't know them that well) and, well, Bitsquare which as a decentralized exchange is bound to have some shady participants.

lettergram 2 days ago 12 replies      
I still don't understand, the U.S. is charging a Russian with a white collar crime?

The crime was committed outside the U.S., he didn't come to the U.S., the servers weren't in the U.S., Mt.Gox was based out of Japan, and Greek police arrested him.

I've seen this enough to know this is common, but what is going on with this world?

Dolores12 2 days ago 6 replies      
1) Arresting btc-e admin made all US customers to lose their balances on btc-e exchange. I highly doubt btc-e will come back online.

2) If you run online exchanger and have a single US customer, then you have to register your operation in USA. I find it ridiculously stupid.

disillusioned 2 days ago 2 replies      
An interesting comment validated here, from 7 years ago:


mirimir 2 days ago 1 reply      
Interesting. Bitcoin stolen from Sheep Marketplace also ended up in a BTC-E account.



atmosx 2 days ago 0 replies      
I would like to know how he was arrested in Greece. Was there an Interpol warrant or something or they just made a phonecall and the Greek authorities promptly put the guy on a ship to US?
grandalf 2 days ago 1 reply      
This illustrates how the DOJ is years behind when it comes to understanding cryptocurrency technology and markets.

It won't take long for one of the cryptocurrencies with private transactions to rise in dominance, since this sort of crackdown imposes costs and uncertainty on all participants.

If the goal of the DOJ was to fight crime, the most effective approach would have been simply to infiltrate mixers and trace money flows relevant to investigations, something BTC is perfect for.

Instead, this move sends a strong signal to the cryptocurrency community that hardening measures are needed.

For instance: http://zerocoin.org/

ue_ 2 days ago 3 replies      
Interesting, I have been using BTC-E for a while, I had no idea this sort of thing happened. Was it knowingly assisted by someone at BTC-E, or did BTC-E just act as a dumb machine?

BTC-E was one of the eastiest ways for me to change BTC and LTC in day trading. Are there comparable websites with small fees? I'm not interested in buying with fiat money.

RachelF 2 days ago 0 replies      
An interesting analysis of the evidence here:

Breaking open the MtGox case, part 1 http://blog.wizsec.jp/2017/07/breaking-open-mtgox-1.html

techaddict009 2 days ago 1 reply      
Question is who has the control over BTC-e's crypto?Will they be returned to users?
aarongolliver 2 days ago 0 replies      
The website still says "down for unscheduled maintenance"
ryanlol 3 days ago 4 replies      
There's been no mentions of coin seizures anywhere as far as I can tell. Usually you'd see some boasting about that.

Perhaps these guys were actually smart about their cold storage?

agorabinary 2 days ago 1 reply      
>The takedown of this large virtual currency exchange

I haven't kept up to date on exchange volume. Was btc-e still a popular exchange (up until this takedown of course)?

stepik777 2 days ago 0 replies      
They are boasting about how they caught the guy who robbed Mt. Gox but they just did the same - a lot of people just lost access to their money on BTC-e. They are not all criminals, BTC-e was a convenient way to exchange bitcoins to/from rubles and was used by many people in Russia who were interested in cryptocurrencies.
baby 2 days ago 0 replies      
I am so happy right now that I moved my litecoins from btc-e to a personal wallet. I've learned my lesson.
SwellJoe 2 days ago 2 replies      
So, does that mean I can't get the BTC I deposited in BTC-e ages ago? I somehow didn't even know any of this was going down. (I have no idea how much it was...maybe a quarter of a coin, which is a reasonable amount of money today.)
bigbrooklyn 2 days ago 0 replies      
gruez 2 days ago 3 replies      
>Russian National And Bitcoin Exchange

So nothing will happen to the site or its owner, other than maybe they won't be able to transfer out USD.

mikob 2 days ago 2 replies      
Although I don't understand the US's involvement in this -- a man breaking the rules is being put to justice, and I'm very glad. I'm also impressed by the feds work in the cryptocurrency space. In recent years the fed has really started to reverse the trope of the government not being technologically adept. There are too many that become wealthy through illicit means and it's good news that something effective is being done about it.
sjreese 2 days ago 0 replies      
Where is the FBI in this? It was a FBI black op against silk road -> follow the money! Who was silk road's bank < Mt Gox - Who bankrupt Mt Gox < FBI Who had access to Trademill database < FBI Who authorized the attack on BitCoin after saying don't use it's not safe < FBI Today the seizure of all BitCoin in BTC-e is done by the FBI - Hopefully the number of FBI SA's going to jail over this Black Op will be limited. But, their greed is transnational to hide their seizure of overseas assets.. that is, What was seized and who accounted for it! Think DrugWar - we will be looking for SA's living beyond their means as with silk road
Jeff Bezos Surpasses Bill Gates as World's Richest Person bloomberg.com
452 points by fargo  2 days ago   404 comments top 35
kens 2 days ago 16 replies      
I think most people don't realize just how much money the richest people have. People generally think of normal(ish) distributions like height, where if you're 10% taller or shorter than average, you're a tall or short person, and 40% taller makes you the tallest person in the world. In comparison, wealth has a very, very long tail, making it hard to comprehend.

Here's what I've come up with to visualize wealth in the United States. Suppose you start counting, going up by 1 million dollars every second, and people sit down when you reach their net worth. Most people will sit down immediately. After about 9 seconds, people in the "1%" will start sitting down. Near the 17 minute mark, billionaires would start sitting down. Donald Trump would sit down just before the hour mark. A day later - an hour and 10 minutes into the second day of billionaires sitting down - Bill Gates would sit, followed by Jeff Bezos just three minutes later.

The point of this is there's a huge range of billionaires (analogous to comparing 17 minutes to a day). The 1% hardly even registers on this scale (a few seconds). (I should also mention that there should be huge error bars on reported net worth numbers.)

vanderZwan 2 days ago 7 replies      
Hasn't Bill Gates mostly been focused on spending his fortune as effectively as he can on philantropy for the last decade or so? In that light it's more amazing it took that long.
Verdex_2 2 days ago 4 replies      
_Codemonkeyism 2 days ago 5 replies      
I was one of the guys writing M$ and annoyed by the shady business practices of Gates.

Today he has my utter respect on how he tranformed and how he spent his money.

m12k 2 days ago 6 replies      
Officially at least - there is a chance that Putin is actually the richest person in the world: https://www.theatlantic.com/politics/archive/2017/07/bill-br...

"He wasnt saying 50 percent for the Russian government or the presidential administration of Russia, but 50 percent for Vladimir Putin personally. From that moment on, Putin became the biggest oligarch in Russia and the richest man in the world, and my anti-corruption activities would no longer be tolerated."

Dirlewanger 2 days ago 3 replies      
So when do we think Bezos will go on the typical billionaire philanthropy track? Actually, a better question is probably will he even? At Bezos' age, Gates was already in a backseat role with most of his non-philanthropic ventures. Though he shares some similarities with Gates, he shows no signs of stopping. He seems actually content with Amazon eating the world, and I don't think it will be a net positive for humanity.
JustAnotherPat 2 days ago 1 reply      
I wonder at what point the world's richest will no longer include those philanthropically inclined like Buffet, Gates, and Bloomberg and will be dominated by the likes of Bezos, Slim, and Ortega. (The jury is still out on Zuckerberg and his dubious initiatives)

Our global economy is trending towards benefiting only the most ruthless, even at the very top.

throwaway328832 2 days ago 0 replies      
Money frankly is irrelevant beyond a certain point (and most of it is in the form of share holdings anyway).

I'd be more worried about the power/political influence these individuals wield. There is generally an incestuous coterie of the rich that one gets access to after a certain point, where the destruction of freedom is lubricated with champagne and caviar. Bildeberg/IMF/WTO/G20 etc. are symptomatic of such cabals of corporatocracies and their retainers in the state apparatus that wield power over the world.

DannyB2 2 days ago 3 replies      
This probably does not change Bill Gates' enjoyment of day to day life, or lack thereof, whatever the case may be. It depends on whether Bill Gates is obsessed by these kinds of facts, or whether he can enjoy life without a tiny hand size measuring contest.
nolok 2 days ago 0 replies      
I cant entirely decide if I find that graph [1] more impressive or terrifying. Look at the time scale and the speed at which Bezos' net worth increased, while starting at the already insane point of 30 B.

[1] https://assets.bwbx.io/images/users/iqjWHBFdfxIU/iVJAUVVd7l0...

bvm 2 days ago 5 replies      
Is there a measure of the most fully liquid richest person? i.e. the individual that holds the most cash.
shimon_e 2 days ago 2 replies      
Somewhere there is a community of retailers that hates Amazon as much as Slashdotters hated Microsoft.
neiled 2 days ago 2 replies      
I was surprised by this. Anyone know the levels of philanthropy of Bezos vs Gates? I've ready many times of the great work and resources (money and otherwise) that Mr Gates has contributed to many causes.
losteverything 2 days ago 0 replies      
From the article" Anyone who joins Prime shops in retail stores 10 percent less, and that number will keep accelerating as Amazon adds more inventory.

Id love to know the analysis on this.

I deliver to amazon addicts and prime-ers. Although, yes, they order often (5-6 days a week) the volume of items by count is tiny compared to a shopping cart at a store.

droidist2 2 days ago 0 replies      
Damn it, why did I sell half my Jeff Bezos stock
arsenal 2 days ago 0 replies      
How much of that money is he actually giving away to uplift other people? A lot to catch up on Bill Gates there
VMG 2 days ago 0 replies      
Prime Day paid off it seems
jcmoscon 2 days ago 0 replies      
So to understand how much money he has let's say Jeff Bezos is walking in the street and sees US$42,000 laying on the ground. He is so rich that it's not worth for him to stop and get the money. It's like you and me seeing a 10 cents coin on the ground. That's his life.
krapp 2 days ago 2 replies      
Just imagine the quality of head wax he can afford now.
gpawl 2 days ago 0 replies      
Only on a technicality, because Gates's Net Worth doesn't include money in the foundation that Gates controls.
0xbear 2 days ago 0 replies      
BillG has been giving away something like $2B a year for the past 15 years. He's not really holding onto the title very much.
odiroot 2 days ago 0 replies      
I wonder how does his security detail look like.
4010dell 1 day ago 0 replies      
Ok, thanks for the info. Now, i can pass rest of my day miserably.
pavlakoos 2 days ago 0 replies      
Well deserved, I'm afraid.
dluan 2 days ago 0 replies      
Something in the water in Seattle
swehner 2 days ago 0 replies      
You guys haven't been keeping up the boycott, have you?!
advertising 2 days ago 0 replies      
Except it's Putin
miguelrochefort 2 days ago 1 reply      
I call 100 billion by 2019.
_pmf_ 2 days ago 0 replies      
Best paid CIA operative.
dumbfounder 2 days ago 0 replies      
Congrats dude, well earned. I expect him to put some serious space between him and rest of the pack in the next 10 years.
kooky5489 2 days ago 0 replies      
It should be Elon Musk!! He is the ultra billionaire we deserve...
bmcusick 2 days ago 4 replies      
This is wonderful news for humanity, in the long term. Bezos is dedicated to expanding humanity into the solar system in a more sensible way than Musk is. O'Neil cylinders are really the way to go for a lot of reasons, and that's the vision that Bezos is dedicated to. More money for that is fantastic.

I just wish there was a Bezos/Gates-level billionaire who care as much about life extension via SENS. That's the only thing of equal importance I can think of that needs long term vision and financial support.

Tomis02 2 days ago 0 replies      
Kind of surprised to see this so upvoted, I was under the impression that "top N richest people" articles only impress kids and the immature. Don't have a source for it but I'm pretty sure people with more than a few hundred million in the bank couldn't care less if they're richer or poorer than someone else, as they haven't made their fortune by worrying about frivolous things. But that's just me.
efficax 2 days ago 3 replies      
I find it weird to report on this like it's a race or competition. His net worth bump right now is entirely due to rash market speculation and the recent tech bubble. When the crash comes (and it will), AMZN could easily be down to $500 in a week, and he'll just be insanely rich again.
SpaceX Is Now One of the Worlds Most Valuable Privately Held Companies nytimes.com
415 points by iloveluce  2 days ago   291 comments top 24
loeg 2 days ago 11 replies      
> Mr. Musk faces competition from another billionaire. Blue Origin, a rocket company founded by Jeff Bezos, the chief executive of Amazon, aims to send tourists and supplies into space.

Is that line even close to true? Last I heard Blue Origin was years away from revenue and far behind SpaceX in terms of capability and manufacturing.

skinnymuch 1 day ago 1 reply      
Forbes seems to have always been wrong about Musk's net worth unless I'm missing how it works. By my estimations, now he should be worth around $23B. $11B from Tesla. $11.5B from SpaceX.

Obviously they haven't updated for this news yet, but they still won't be at $23B.

Regardless, going from having invested all is PayPal money by 08 and in dire straits to being $20B+ 9 years later is awesome. And depending on what narrative you believe, money to this degree isn't what he cares about anyway.

Kudos to Elon, SpaceX, and everyone working there.

strictnein 1 day ago 4 replies      
I mean, SpaceX is great and all, but it's no Cargill or even in the same league as Cargill or other similar companies like Koch (which is #2 in the US):


 Revenue: US$109.6 billion (2017)[1] Net income: US$2.835 billion (2017)[1] Total assets: US$55.8 billion 25% of all United States grain exports 22% of the US domestic meat market

dbosch 1 day ago 3 replies      
"World's most valuable privately held companies".Sounds weird, no?

What about Vitol (https://en.wikipedia.org/wiki/Vitol), Saudi Aramco, Koch Industries (https://en.wikipedia.org/wiki/Koch_Industries) ... etc ?

yellow_postit 2 days ago 1 reply      
As much as I'd love to invest I'm glad they're avoiding the short term outlook being publicly traded would demand.
gaius 1 day ago 5 replies      
It makes me sad that SpaceX, a company that actually invents and makes stuff, is mentioned alongside Uber whose only product is evading taxes and regulations
Overtonwindow 1 day ago 3 replies      
The best thing Mr. Musk can do, in my humble opinion, is to never, ever take SpaceX public.
martinmusio7 1 day ago 0 replies      
Thinking about it a bit more, I don't believe that Blue Origin and SpaceX are competitors. In a sense yes, but they will not fight for customers. I believe there is very much demand for their services.
protomyth 1 day ago 2 replies      
Shouldnt the title include some qualifier like tech company, because there are private companies like Cargill out there that have yearly revenue above $20 billion.
mxschumacher 1 day ago 0 replies      
No it is not. One of the most valuable private startups maybe.

Here's the top 15: https://en.wikipedia.org/wiki/List_of_largest_private_non-go...

NumberCruncher 1 day ago 1 reply      
And what about Basecamp with its 100 billion valuation?
omarforgotpwd 1 day ago 4 replies      
In what world is SpaceX valued at $20B while Uber is valued at $69B?
fnord123 1 day ago 0 replies      
So what are the most valuable private companies? Ikea, Bloomberg, Dell, Koch, Cargill, Bechtel, most of the big 5 accountancy firms...

I'm not so sure SpaceX is "one of the world's most valuable privately held companies".

Animats 1 day ago 1 reply      
Space-X is, at long last, getting their launch rate up. 9 Falcon-9 launches so far this year. For a while, they had commercial customers canceling because they were way behind on their launch schedule. It's quantity of successful launches that makes money in that business.

Not much is happening at the Brownsville TX site, where Space-X still hasn't done much more than pile up dirt and wait for it to settle. They're building on beach sand. They really need that site so they can have more pad time.

JumpCrisscross 2 days ago 3 replies      
Excellent news, even if the round is peculiarly undersized. First time I've seen them be so coy with the identity of the investor, too.
skinnymuch 1 day ago 0 replies      
It's surprising how little money was taken in this round. You'd have expected something closer to $1B. I'm sure $350M will help enough and it has been over 2 years since the last funding. So maybe it's fine. They can keep raise again soon if need be.

Especially with Bezos pumping $1B into Blue Origin a year.

martinmusio7 1 day ago 2 replies      
Bezos is coming .. already $1B a year from Amazon stock. And Amazon is more successful every year. I am very curious how things will go.
miheermunjal 1 day ago 0 replies      
as an engineer doing non-hardware engineering, it is always satisfying to watch SpaceX succeed from afar.
RikNieu 1 day ago 0 replies      
Is it just me or does it seem absurd that a company like Snap would have a comparable market valuation to SpaceX...
cli 1 day ago 3 replies      
Is a private company's value akin to a public one's market capitalization? How is this determined?
supernumerary 1 day ago 0 replies      
Gradatim Ferociter baby
_pmf_ 1 day ago 1 reply      
Privately held, taxpayer funded, like most of Musk's endeavors.
bitxbitxbitcoin 1 day ago 0 replies      
No surprise there.
Apple Removes Apps from China Store That Help Internet Users Evade Censorship nytimes.com
399 points by mcone  14 hours ago   395 comments top 43
coldcode 12 hours ago 17 replies      
You cannot do business in China without doing what they tell you. Period. Either you do it or you leave. I work for a big company (you would all know) and we have a large business unit in China, they own 52% of it. They decide what goes in and how customers can use it. We don't get to decide anything without government approval. It's so easy to claim the West shouldn't do what the leadership of China wants in China, but in reality the only alternative is to abandon China to those who will do what they are ordered to. The market is too large to leave. If you don't agree to their rules you don't play in their sandbox.
bobjordan 1 hour ago 0 replies      
My business has an AWS China account and below is the email I received on Friday. It is definitely a crackdown year, on several fronts even other than the internet. Like this year I was forced to pay a $300 fine because I didn't report to the police station within 24-hrs of re-entry while living in my own leased home. Now, my company is not huge but I've employed +100 people and we pay a lot of taxes, social insurance, provide jobs for local families. They do not give a shit about that you will follow the laws of China to do business here or you will be thrown out.

Overall, this year has really chilled my enthusiasm for getting too comfortable with the thought of living here the rest of my working life. In this age with so many elite Chinese being trained and educated abroad, it is really hard to beleive things are going in this directon. I mean, IT Is already hard enough, we need a server in our office that is connected to another server in France, and we need it reliable and without issue. Making this type of stuff even harder on us as a business is really irritating. I really do tell myself every day "if it was easy everybody would be doing it".

"Dear Customer, According to the telecom regulations and the requirement of MIIT/MPS and Internet supervision agency, please check up two parts below. The illegal over the wall proxy sites and provide hosting campaign service for illegal over the wall proxy sites.All main domains which dont have ICP recorded number via MIIT and All websites which have illegal content. We will continuously receive notification from the regulators to close such services or shut down server deployment immediately. In case your will be involved in any consequences of such violation, please stop immediately if you have such illegal services and deployment. Thanks for your understanding and cooperation.

Regards,AWS China (Beijing) Region operated by SINNET"

janandonly 14 hours ago 10 replies      
What happens in China now could happen in 5 years in the rest of the world.

For "security" reasons or "fight agains terrorism", while it's really a fight between those in power and those who want power :-(

The need for IPFS, webRTC and other non-centralized protocols becomes more pressing every day, to defend everyone who is stuck in between.

pipio21 13 hours ago 5 replies      
Just common sense, given that the China gobertment has made usage of VPNs illegal.

What do you expect?

People in China could continue using app store accounts created in other countries as usual.

And most educated people continue using VPNs too. Normal people are becoming experts in encription, security...

It worries me more that countries like the UK and the US want to follow China, in that order.

Tepix 11 hours ago 1 reply      
You don't need their closed app store. Free workaround:

apply for a free Apple developer account,

compile your own copy of https://github.com/mtigas/OnionBrowser or https://github.com/yuyao110120/ShadowVPN-iOS and

install it on your own iDevice

perfectstorm 26 minutes ago 0 replies      
Doesn't iPhone supports native VPN in Settings ? How are they going to prevent users from using that ? I mean it's not as easy as downloading a dedicated app and logging in but using the Settings app is not much of a work.
abecedarius 11 hours ago 2 replies      
If you build in the ability to censor, you can't disclaim responsibility when a state makes you do it. We'll see the same sort of thing in Russia, the UK, and so on. Apple can still act, if they wish, by not locking down their users. I know that'd be a big step for them.
adamnemecek 14 hours ago 1 reply      
Hey Timmy, what was all that talk about customer security?


And here I was, almost believing you.

libeclipse 14 hours ago 2 replies      
What a despicable joke of a country. And shame on Apple for aiding them while they made such a massive deal of user rights in the US.
nsxwolf 11 hours ago 0 replies      
Why hasn't iMessage been blocked in China? Does apple run a special compromised version of it there, or has China simply not made banning it a priority yet, or is iMessage simply not as secure as we have been told?
saurik 14 hours ago 1 reply      
They also require a paid developer subscription to get access to the Network Extensions capability (needed to build a VPN protocol extension) in order to make sure people who develop these apps can't just provide IPA files for normal users in China to "sideload" using tools such as my Cydia Impactor.
mauvehaus 13 hours ago 4 replies      
This from the company that removed the headphone jack from their phones while crowing about the "courage" involved in making the decision.

I'm not going to pretend to believe that Tim Cook's letter (cited elsewhere) was much more than a PR move in a country they were unlikely to face any substantial consequences for (at least publicly) standing up to the government, or that I really believe that corporations have a responsibility to protect basic human rights (though it would be nice if they did). Still, it'd be nice if corporations didn't try to have it both ways and maintain an image as a courageous force for good when it was convenient while washing their hands of responsibility for any actual action when it became difficult.

imron 13 hours ago 1 reply      
Alternative title:

Apple complies with law in countries where it operates.

maxxxxx 14 hours ago 3 replies      
That's why corporations will never help against dictatorship. They may do it if it's convenient but in the end they will prioritize money over everything else and fall in line with dictatorships. Happened during the Nazi time, it's happening in China now.
saimiam 10 hours ago 2 replies      
I see a lot of very cogent arguments defending Apple as only following the law when it comes to VPN laws of China.

I'm not old enough to know this first hand but I believe the anti-apartheid movement against South Africa was started by students and spread to the corporate world before world governments stepped up to ban doing business with South Africa.

This seems to be a specific example of corporate advocacy leading governmental policy.

If the Chinese government's rule over the Chinese people is so egregious to the world, I think Apple would be on solid ground if they refused to do business in China and also refused to do business with Chinese companies outside China.

mnm1 8 hours ago 0 replies      
The entire Apple platform is designed to restrict the user and prevent anything that Apple doesn't want to happen from happening. This is Apple's decision only and it's in line with all their other decisions that restrict a user's freedom on their closed, non free platform. If people wanted a platform that would run whatever software they wanted without restrictions, they shouldn't have bought Apple period. That's just dumb to expect a closed, non free platform that censors by default to suddenly do a 180 turn and become free. But hey, it's not like people haven't been saying this for decades now is it? Oh right, people like RMS have but most consumers are too stupid to listen. This is the outcome.
skybrian 13 hours ago 0 replies      
They probably had to do it to keep the official store available in China, but this is why supporting side-loading of apps like Android does would be a good idea.
humanrebar 14 hours ago 2 replies      
At what point does Apple itself bear some responsibility for censoring people?

EDIT: Would downvoters please explain their objection to the question? "Apple isn't to blame" and some thoughtful elaboration would be better than just downvoting.

baozilaile 4 hours ago 0 replies      
To all in HN:

It is a huge market which helping the people in China break the GFW (Great Fire Wall).You can start a startup for that :)

drefgert 12 hours ago 0 replies      
Tech companies must play a long political game and spend their vast fortunes to lobby, to own media and influence policy and control the message.

Once they do this the will no longer be in conflict with governments and their policy.

Take note in coming years as the tech barons buy up media to control the message.

They will of course do this and then the real problem will not be uppity governments but mega tech corporations who semi covertly run the world.

bigtoine123 12 hours ago 1 reply      
This is horrible, but in England and America, I'm 100% certain that similar policies will be applied - in the name of law, and public security.
jonbarker 4 hours ago 0 replies      
saurik 14 hours ago 0 replies      
They also require a paid developer subscription to get access to the Network Extensions capability (needed to build a VPN protocol extension) in order to make sure people who develop these apps can't just provide IPA files for normal users in China to "sideload" using tools such as my Cydia Impactor.
retox 13 hours ago 0 replies      
Profits before people, the Apple motto.
belltaco 11 hours ago 0 replies      
But with Windows/Linux its still possible to install apps on you own, unlike the locked down app store.
w8rbt 10 hours ago 0 replies      
samcat116 9 hours ago 1 reply      
I assume they are still allowing manual VPN configurations right? They are only removing apps that configure it automatically for you. Not downplaying the impact of this, just clarifying.
Crontab 14 hours ago 1 reply      
This is awful, but in England and America, I foresee similar policies will come - in the name of law, safety, and security.
csomar 8 hours ago 0 replies      
Apple tailors to countries. They made an iOS without facetime for Dubai specifically.

It's a good thing, however, that they are fighting for privacy where they can.

oneplane 14 hours ago 0 replies      
It's not very surprising considering that it's the local law and everyone will have to follow it or get out...

It isn't going to actually prevent anyone from tunneling past the great firewall of course, so it's more like a gesture than an actual effective decision from the government.

ComodoHacker 6 hours ago 0 replies      
Russia is next. They just have passed a law to ban VPNs and anonymous proxies.
secfirstmd 11 hours ago 0 replies      
Terrible news.

So lets start tackling the problem and figuring out ways to help the averave Chinese person evade censorhip without developer accounts and the knowledge to compile...

shpx 11 hours ago 0 replies      
Stallman was right.
pmarreck 12 hours ago 1 reply      
Perhaps some free-speech provision should be part of the Universal Declaration of Human Rights
vkou 10 hours ago 0 replies      
Isn't it wonderful that the iPhone is a walled garden, and with the flick of a switch, an entire category of software cannot be ran on it?

The fact that this switch exists is the real tragedy here - not the fact that Apple chose to use it.

sipCom19 12 hours ago 1 reply      
Apple is free to do what it wants, I'm free not to buy their stuff.
gigatexal 11 hours ago 0 replies      
I wonder what Orwell would have thought of modern China.
joseph4521 13 hours ago 4 replies      
Seems that Apple is just following, with much delay, the law of People's Republic of China. I don't understand why some people think companies should be above the law.
allenleein 12 hours ago 1 reply      
What would Steve Jobs do?
adamnemecek 14 hours ago 4 replies      
Hey Timmy, what was all that talk about customer security?


And here I was, almost believing you.

You're a coward.

microcolonel 14 hours ago 1 reply      
Next China will outlaw Linux for having an IPSec implementation in it, lol. What a sad country that believes liberty comes after wealth, and in relative terms may never have either.
the_common_man 6 hours ago 1 reply      
I find all this outrage about Apple not taking a stand highly amusing.

Practically every single product used in the western world is made in China. Please report back if you can get rid of all those products at a _personal_ level. For a start, looks like I have throw this laptop away. Not going to happen.

Ravens OL John Urschel, 26, retires abruptly, two days after CTE study espn.com
477 points by petethomas  2 days ago   334 comments top 28
aresant 2 days ago 9 replies      
A few colorful facts to the story here:

1) 3 years of service vests into NFL pension plan, he just hit qualification - value pegged at $21,360 a year for life (3)

2) He has not publicly commented on his retirement or reasons for it.

3) He has a hugely awesome secondary option - doctorate of math at MIT

4) He was at end of his rookie contract, next year would be the "in the money" year for him so he is clearly leaving a lot of cash on the table.

5) Over three years he "only" earned ~$1.8m http://www.spotrac.com/nfl/baltimore-ravens/john-urschel-145... - which after tax is 7 figures but still not a lot.

6) He has been notoriously thrifty, living on $25k a year and driving a used car (2). So would imagine at some level he has been planning this outcome, or leaving option wide open.

(1) https://www.washingtonpost.com/news/early-lead/wp/2017/07/27...

(2) http://www.baltimoresun.com/sports/bs-sp-ravens-john-urschel...

(3) http://firstquarterfinance.com/nfl-pension-plan-retirement-p...

magic_beans 2 days ago 5 replies      
"Urschel is pursuing his doctorate at the Massachusetts Institute of Technology in the offseason, focusing on spectral graph theory, numerical linear algebra and machine learning."

This guy has a back-up plan. Good man.

meri_dian 2 days ago 2 replies      
He clearly loves math so the CTE study may just have been the straw that broke the camel's back. He may have been yearning to fully devote himself to math for a while now.

Regarding the broader debate that seems to be swirling along the lines of 'should we ban Football or not', I strongly believe we should not.

If parents want to prevent their kids from playing football, great, that's their choice to make. But if they allow them to play, we have to keep in mind that only a very small percentage of players will continue on to play in college, and then only another fraction of those players will continue on to play in the NFL. I'm sure that people who play youth and high school football but stop playing after HS graduation have a much lower incidence rate of CTE than players who continue on to play at the collegiate and professional levels. So for the vast majority of football players CTE isn't much a risk.

Because those who do reach the highest levels of the sport make tremendous amounts of money, as long as they are aware of the risks, they should be able to make the decision for themselves.

ineptech 2 days ago 15 replies      
Has "whether you let your kids play football" joined the long, long list of boolean values that separate members of the Red Tribe from the Blue Tribe?

If not, I think it's inevitable that it will. Someone will try to get their school to close its football program, someone else will complain that the health dangers are exaggerated by the liberal media because football is a red-state passtime, and pretty soon it'll be "Why do you hate America and apple pie" vs "Why do you want children to suffer and die".

grogenaut 2 days ago 3 replies      
Summary: a national football league player, and PhD in math from mit, John Urschel, abruptly retired 2 days after a study showing 99% of retired NFL players from a study group had chronic brain issues (Cte). This is right before training starts for the season.

Edit: updates. Will point out that any summary is going to miss some facts as it's a summary. But I think people might be more likely to read the article if they could decipher the title. I like the Ravens and I assumed this was a cto of a game company yc startup who quit from the title.

Azkar 2 days ago 14 replies      
So what's the big picture here? We've suspected for years that football leads to brain trauma. Does that mean the NFL should shut down? Should they continue to operate as normal?

There have been efforts recently to make the game safer for players, but the amount of concussions and injuries seen every season don't seem to be decreasing.

Can you make the game "more safe" without drastically changing the game? Any game played at this high of a speed, with this strong of players is going to have some inherent danger to it.

Do we just need to make the effects more widely known and understood by the players, maybe treat football like smoking with warnings printed on the outside of helmets? Anything less than that and you run the risk of not making your point.

Should I feel bad as a fan for watching football? Is it any worse than buying clothing made by child labor from a third world country?

tnecniv 2 days ago 1 reply      
I'm amazed he had time to play and do a PhD at MIT. I imagine even in the off season those guys are very busy.
ilamont 2 days ago 1 reply      
He was profiled in the most recent issue of Tech Review. He said his mother has been asking him to retire for a few years, but he still loved the athletic challenge of playing against top players.
zitterbewegung 2 days ago 1 reply      
Has he ever been recorded giving a lecture about the Math that he does? I found a paper of his [1]. Looking at his wikipedia he is specializing in spectral graph theory , numerical linear algebra and machine learning. I think following what his next steps will be might be interesting also. Might setup a scholar Google alert.

[1] http://www.global-sci.org/jcm/openaccess/v33n2/pdf/332-209.p...

kraig911 2 days ago 0 replies      
Well I think the results of the CTE study showed him that though no matter how much he wanted both things, only one of those would be consciously choosable while the latter would all he would have left if he continued.
otoburb 2 days ago 0 replies      
>>In August 2015, he suffered a concussion when he went helmet-to-helmet with another player and was knocked unconscious.

"I think it hurt my ability to think well mathematically," Urschel said. "It took me about three weeks before I was football-ready. It took me a little bit longer before my high-level visualizations ability came back."

Losing a high-level cognitive ability must be terrifying; the flood of relief upon regaining his ability (probably slowly?) after 4+ weeks must have made him deeply question his continuing commitment, and then the CTE study pushed him over the edge.

gburt 2 days ago 0 replies      
This is a strong testament to the value of the research. The researchers may have saved this guy's brain, if not his life.
therajiv 2 days ago 0 replies      
I ran into this guy randomly at MIT once, during the offseason (last February). He was such a chill guy. Hearing this news makes me like him even more - he's not letting one of his passions get in the way of another.
backtoyoujim 2 days ago 2 replies      
Trying to watch NFL reminds me of the moment in "Django Unchained" when we meet diCaprio's character sitting in a chair watching to slaves beat each other to death.

That moment of that movie comes to me every time the TV producers cut to the team owner sitting in their fancy box in their fancy chair paying lots of African American men to beat each other up for our entertainment and profit.

keeptrying 2 days ago 3 replies      
There is a significant bias here in that its 99% of NFL players brains * which have been donated to the NFL *.

But honestly even if you could peek into every NFL players brain, I'm sure the likely incidence after 4-5 years of playing would be orders of magnitude greater than whats found in the general population.

sna1l 2 days ago 3 replies      
For someone so smart, I'm a little surprised it took this CTE study to push him over the edge.

But maybe he wanted more conclusive data before leaving a job which paid him millions. :)

balls187 2 days ago 0 replies      
"NFL Mathematics Expert"

That's pretty amazing. He scored 43/50 on the Wonderlic (highest in 2014).

Ryan Fitzpatrick scored a 49/50, though it was in the older format.

CurtMonash 2 days ago 2 replies      
I abruptly stopped being a football fan last November.

The immediate reason was Bill Belichick staking his own reputation on Donald Trump's assaults on the media, in a close state in a close election. But CTE was making it hard to remain a football fan anyway.

dragontamer 2 days ago 3 replies      
Football may get a lot of study recently, because its one of the most popular sports.

But Basketball injuries can ruin you for life as well. I have a cousin who has severe amnesia after getting knocked out during a Basketball match. Its like years of his life were wiped away after his concussion. He was a straight-A student too, these sorts of things are severely damaging to your student career.

Brain injuries exist in a lot of sports. Football is particularly dangerous but the dangers in other sports (Boxing, MMA, Basketball, Soccer) are severe as well.

jrwiegand 1 day ago 0 replies      
Yeah, it is likely the smartest decision for him. I have watched him play his whole career (Ravens fan). He is good but he would have likely bounced around the league as a backup and got cut in the next few years due to age. With this decision he is starting a career that will be enjoyable, safe and well paying. You cannot beat that. Good luck #64.
Angostura 2 days ago 0 replies      
>In August 2015, Urschel suffered a concussion when he went helmet-to-helmet with another player and was knocked unconscious.

>"I think it hurt my ability to think well mathematically," Urschel said. "It took me about three weeks before I was football-ready. It took me a little bit longer before my high-level visualizations ability came back."

matt_s 2 days ago 1 reply      
Something that wasn't pointed out in the article is that the vast majority of cases where a NFL player's family donates the brain to CTE study is where they already were showing some degenerative symptoms.

They can't test for CTE on living people and if someone has it but say dies from a heart attack before ever showing symptoms, they likely aren't donating to the CTE study.

usgroup 2 days ago 0 replies      
I admire this sort of decision making. In particular, I admire that he took the risk playing football in the first place but called it at some prerequisite level of damage he was willing to take. I'd imagine that is something he put a hard stop on before embarking on the career: "two concussions max then I'm out whatever".
Dirlewanger 2 days ago 1 reply      
Funnily enough, this story also isn't prominently displayed on their homepage aside from the sidebar in tiny font. Apparently within hours of the NYT study being released, ESPN's reblogging of it disappeared to several page refreshes down their homepage. I can't wait for them to be significantly downsized if not dissolved completely.
cwkid 2 days ago 0 replies      
This is notable, because Urschel has previously written a piece explaining why he was willing to play football given the risks (https://www.theplayerstribune.com/why-i-play-football/).
ugh123 2 days ago 0 replies      
Wow, shitty auto-play video without ability to pause. Be warned!
bitL 2 days ago 0 replies      
Smart. Congrats! Find another sport for needed challenge ;-)
HiroshiSan 2 days ago 1 reply      
How Chrome OS, Termux, YubiKey and Duo Mobile make for great usable security lessonslearned.org
463 points by walterbell  2 days ago   170 comments top 42
serf 2 days ago 4 replies      
So, be inconvenienced in every aspects important to a dev but gain a bit of confidence in your machine (as long as you trust Big-G)?

verified boot seems like the only advantage here. You can buy an ebay business-grade laptop with TPM for 40 bucks USD readily, and they don't require reliance on Google or the requirement that one uses a neutered OS. (yes, yes, it's secure. It's a users' platform. Development on chrome OS at this point is an act of masochism.)

If secure travel is your thing, stash your data on a cloud provider and pull it later after you arrive at your destination. Go whole-hog and travel without an SSD and buy a cheap one at your destination with cash. Sprinkle in some libreboot for more confidence.

It'll still be cheaper than a 200 dollar chromebook, and you probably won't have to deal with some of the worlds' worst chicklet keyboards.

P.S. don't travel with a yubikey that isn't partnered with another. Would be a bummer to lose.

AdmiralAsshat 2 days ago 7 replies      
I'm not sure how much extra "security" you're really getting out of staying strictly within ChromeOS. Yes, Secure Boot is disabled. However, the ChromeOS partition is still encrypted, and you can manually encrypt any of your crouton chroot environments, so someone looking at the thing still wouldn't be able to peek into the contents. If you're asked, "Why is this in Developer Mode?", you can answer, "I'm a developer."

Additionally, once Developer Mode is enabled, you must hit Ctrl+D to move past the warning screen every time. It is incredibly easy to inadvertently hit Enter or Spacebar, and then have the Chromebook wipe itself and restore to factory settings. I've done it inadvertently myself, and have heard multiple reports of a developer's spouse/child accidentally clicking it, too. Unless a Border Patrol agent knew exactly what they were doing, I'd be willing to bet they'd accidentally wipe it as well.

Finally, while I'm aware that disabling Secure Boot in theory opens you up to an Evil Maid attack, what is the likelihood that border patrol/customs would have a malicious OS on hand, and the know-how to flash it? Worst -case scenario, if you suspect they've tampered with the OS, simply hit Spacebar yourself as soon as you get it back, restore Secure Boot, and then start over from scratch!

As an aside, if you are confined to ChromeOS, I highly recommend Caret as an editor. It's a FOSS, Sublime clone chrome app that works swimmingly on Chromebooks.

Sodman 2 days ago 1 reply      
I've been running the Chromebook Pixel 2015 as my primary dev machine since it came out. Unlike the author however, I've opted for the less-secure "dev mode" on the laptop, and do everything in crouton. (Java web / Android, mostly).

It may not be as secure, but it's hella convenient (still use 2FA). ChromeOS boot is < 5 seconds, and I just stay there for web browsing / netflix. Dropping into crouton is another < 5s when I need to do dev work, or play steam games.

Everything important on the laptop is backed up to some cloud service or another, but it's expensive enough that I'd be distraught if I lost it (plus they stopped selling them).

I'd be more worried about somebody straight up stealing the laptop than any other security risks I may be running by running in dev mode.

I love the idea of natively developing in ChromeOS, but at this point it just seems like more hassle and fighting the system than it's worth.

le-mark 2 days ago 1 reply      
This blog post details using a chromebook as a temporary device, such that you can travel with a blank machine, and provision at your destination with the data and apps you may need:

> It's pretty neat to consider the possibility of pre-travel "power washing" (resetting everything clean to factory settings) on an inexpensive Chromebook and later securely restore over the air once at my destination. ... the engineering challenge here was to find something powerful enough to comfortably use exclusively for several days of coding, writing, and presenting, but also cheap enough that should it get lost/stolen/damaged, I wouldn't lose too much sleep. ... I could treat it as a burner and move on.

Edit; I've been using a de-chromed chromebook for over a year as my primary dev machine and really like it. I developed and launched one side project with it. The model I have (Acer C720) is a dual core Centrino, 2GB of ram, and I upgraded the m2 sata to 120GB. For Python/PHP/Ruby, it's great. I would not do Java development on this set up though. Java IDEs eat battery life and I imagine jvm startup time is a burden on this, although I haven't even installed Java to find out.

Edit 2: to clarify, this is not about removing chromeos, but to use chromeos for it's security features. The article goes over using Termux to get a basic development/work environment setup on chromeos. Plus a lot other helpful tips.

I offered my experience de-chroming as an example, I really like the platform. Apologies if that was confusing.

andrepd 2 days ago 1 reply      
So, the solution to the uncertain threat of airlines picking your luggage and stealing your computer or its data is... giving over your data to somebody that it's certain it's spying on you and whose business model is to comb over your data.

How is this not "you won't catch me, I'll just throw myself off a bridge"?

Also, termux has ~600 packages. Debian has 50,000. Besides the basics, you're liable to need packages you just don't have in termux, which makes it a serviceable environment in a pinch, but not one where you want to do your work on.

pilif 2 days ago 3 replies      
> When things get completely borked (which in two weeks of heavy use only happened a couple of times for me)

how are people willing to live with this? I would be furious if I had to lose all my state and (for all intents and purposes) restart my machine multiple times in two weeks.

And if this "borking" happens right before or during a presentation (the author was writing about using this setup for giving talks on), this would be very embarassing for me and extremely annoying for the audience.

A work/presentaion machine has to be rock solid for me. No compromises, no workarounds and most certainly no "completely borked". Just pure solid.

devy 2 days ago 5 replies      
One of the BIGGEST drawbacks using a Chromebook with 11.6 inch screen that nobody here talks about yet, is the grainy and crappy 1366 x 768 screen resolution! I've been a long time Macs guy anything inferior than RetinaDisplay will considerably straining my eyes before I am used to it. Dell XPS 13 included.
fredley 2 days ago 3 replies      
I tried using a Chromebook as a dev machine several years ago - before Android apps. The chroot situation worked well enough, but the dev-mode boot was a deal-breaker.

Back then, if a Chromebook's local storage filled up, it would factory-reset itself. Is this still the case? This is one big thing keeping me from trying this again (which I'm very tempted to do so after reading this article). Investing in setting up a dev environment like this is fun, but only the first time around...

mkohlmyr 2 days ago 1 reply      
I used my CB30 as a dev machine for a little while, both using cloud environments (koding, codeanywhere) and using vscode under crouton.

It is so close to being usable. It is such a user friendly operating system, it just falls short on a few significant fronts.

1. Developer mode should be friendlier to use (no horrible noises on boot, no delayed boot time).

2. It needs support for electron-based/alike apps to run natively in browser windows without crouton. E.g. vscode.

Aissen 2 days ago 2 replies      
Regarding the TOTP app, I generally prefer FreeOTP to Google Authenticator/Duo/Authy, etc. It might not provide push codes, but at least the implementation is Open Source and the binaries come from a trusted source.
VikingCoder 2 days ago 0 replies      
I bought the exact same machine, Samsung Chromebook 3, as soon as I realized I could run Termux on it.

I'm using it to poke at languages I'd normally never have the time to experiment with.

I'm on the train for about an hour every day, and I wouldn't feel comfortable with a "real" laptop - too likely to be stolen. But for $169? Not such a big loss.

I'm also really excited about how rock-solid this thing is, as a way to hand a kid a computer that can really teach them programming.

andmarios 2 days ago 1 reply      
As a side point about Termux, Android 7 finally stopped hijacking the control+space combination, so you can use emacs efficiently.

Termux is really useful, giving you an almost complete linux environment in Android phones and tablets. You can install it via Google Play, no need for root or any modification to your device. Add an external keyboard and you can work on the go.

g00gler 2 days ago 1 reply      
Don't do it!

I got a Lenovo 14" IdeaPad N42-20 and desktop to replace my 256gb MacBook Pro.

It turned out to be a bad idea, mostly because the screen is terrible. It's the same resolution as the Samsung 3 mentioned in the article.

It also seems so small compared to a 15". Side-by-side windows isn't very nice, either.

I find myself working less because I don't feel like sitting at my desk or using the Chromebook.

atopuzov 2 days ago 2 replies      
I love my C201, also not very expensive. I opted for the 4Gb version. My first setup was chromeos + crouton then I moved to linux on a sd card. I noticed I never boot into chromeos anymore so I got rid of it.
qb45 2 days ago 1 reply      
Nearly every how-to and blog post I've found on "Chromebooks for developers" essentially starts with either: "Boot into Developer Mode" or "Install Debian/Ubuntu as the main OS". I'll just say it: This is bad advice. It would be akin to recommending that friends jailbreak their shiny new iPhone. You're obviously free to do as you wish with your own gear, but recognize that at Step 1, you'll have lost most of the core security features of Chromebook

Well, it's possible to temporarily unlock firmware write protection and replace Google key with your own and run self-signed kernels and arbitrary distribution securely. But indeed, I haven't heard of anyone actually going through the effort to do so.

chx 2 days ago 1 reply      
In March, we have seen reports of Android Studio possibly coming to Chrome OS. Android Studio would mean IntelliJ IDEA and the entire family of IntelliJ IDEs. That would make this an even better idea.
albertgoeswoof 2 days ago 2 replies      
What's the alternative solution for a cloud/remote based factory wipe, travel and restore? Is there anything on Linux that offers the same quality of user experience without being hampered by chromeOS and dealing with Google/a 3rd party?
cjsuk 2 days ago 1 reply      
Yubikeys tend to wear out your USB ports after a bit I found, at least on my X201 and the X61 that preceded it.
bgrohman 2 days ago 0 replies      
"As far as Debian/Ubuntu (and crouton), that's fine as far as it goes, but then you don't end up with a Chromebook, just a cheap mini-notebook with flaky drivers."

Hmm, I'm not sure about that. I went the Crouton route on my $169 Chromebook, and now I have both ChromeOS and Ubuntu. Plus I can switch between them quickly. And if I understand Crouton, the chroot is actually using the same kernel and drivers as ChromeOS. I haven't had any driver issues. And it's easy to set up encryption for your chroot. I think it's a good solution.

talkingtab 2 days ago 2 replies      
I have a potential application for a U2F keys and I'm wondering why you recommend the $18 Yubikey on Amazon versus the $10 one that is also FIDO certified. Is there a difference in the function or some other important difference?
kasey_junk 2 days ago 1 reply      
Does chromeOS allow you to remote wipe the box? That seems like that would be another advantage to this in the case of theft (note: definitely not in the case of the box being confiscated by a lawful authority).
korzun 2 days ago 1 reply      
I have been using the YubiKey for over a year now, and the novelty wore off.

I lost my key a couple of weeks ago and was surprised how easy it was to get back into my accounts with just my phone. There is no point in using something like that if providers allow you to failover to more conventional authentication methods without any hassle; the keys are useless. They are not going to add manual verification for a couple of people who lost their YubiKey.

YubiKey is useful for instances when you want to grant somebody access to something with just a key. I don't see it going beyond that anytime soon.

geogriffin 2 days ago 0 replies      
The chromeos security model praised in this article seems quite too conservative for devs to me, considering the inconvenience trade-offs:

- persistent state is discouraged, but not disallowed. in fact, when the browser is exploited, any/all internal state necessarily must be be accessable and modifiable. i'm taking an educated guess that persistent browser internal state is less guarded against exploitation than external inputs.

- once pwned, most of your important data can probably be captured and accounts taken over before you ever decide to reboot. it's a PITA to have to reboot before accessing anything sensitive; no one should have to think/remember to do that. (maybe if chromeos were serious about preventing persistent threats, they'd force a reboot every night?)

- yes, it's defense-in-depth, but security is a game of trade-offs, where convenience often trumps technical security mechanisms in terms of increasing security overall.

I enable dev mode, but I appreciate the "stateless" sentiment in terms of encouraging data backup. i think I end up backing up my data (git push, etc.) more often than I would on a non-chromeos laptop, because it "feels" like more a necessity; especially after my 2 yr-old son hit the spacebar during that god-awful dev-mode bootup warning screen, and proceeded to factory-reset my chromebook.

cosatelo 2 days ago 0 replies      
Chrome OS always has me torn. Its a beautiful well designed OS with a great concept behind it, however, its obviously non-usable from a privacy standpoint.
grondilu 2 days ago 0 replies      
I used to own a chromebook and I loved it... until it failed.

I had computers that failed before, and usually I could manage to repair them somehow, most often by using a linux liveUSB, but with this chromebook, I've tried many things but I could not do anything. No access to BIOS, not bootable USB, nothing. Complete black box.

So I'm not sure I'll buy an other chromebook anytime soon.

free_everybody 2 days ago 1 reply      
Great article! Here's a thought.

Why not get a used MacBook Air off Ebay for ~$400? Top notch OS, great support, sturdy design, great battery life...

rkeene2 2 days ago 0 replies      
For all of those of you using DOD CACs or USG PIVs (NIST SP 800-73) smartcards there is also CACKey[0] for ChromeOS, of which I am the author.

I worked with Google to port it to ChromeOS when ChromeOS grew certificate provider support.

[0] https://cackey.rkeene.org/

devy 2 days ago 0 replies      
Also, it feels like this Samsung Chromebook 3 is just tiny bit (I am sure it isn't but it feels that way) of upgrade from the famous Dell mini 9[1] from almost a decade ago.

It was super hackable and most people bought it installed hackintosh on it and with a near perfect hardware compatibility with OS X Snow Leopard. A few friends of mine went to Africa for a few months with Dell Mini 9 and were able to freelance their with a fully functional yet super affordable hackintosh Mac. I wish Dell can have another of those netbook lines with compatible hardwares.

[1] https://en.wikipedia.org/wiki/Dell_Inspiron_Mini_Series#9_Se...

ufmace 1 day ago 0 replies      
Anyone know why the author seems to be setting up to SSH into Termux? It looks like Termux itself has a perfectly good console, what's the deal with trying to SSH into it from a local client?
JepZ 2 days ago 1 reply      
While I like the idea and the listed apps are just awesome (didn't know about termux, wow), the whole setup depends too much on google services for my taste :-/
limeblack 2 days ago 0 replies      
I have tried using Chrome OS as my main device and I'm basically going to use this post to rant a little. Why does Chrome OS have to use basically a dock like Macs.

I would love and probably use Chrome OS as main device if it looked like this: https://i.stack.imgur.com/9MCqo.png

m-j-fox 2 days ago 1 reply      
Cool. Question: what are your editor options? Any gui-based emacs or atom? If not, do you at-least have text-based emacs in termux?
omnifischer 2 days ago 0 replies      
Wondering if Google would themselves launch such a workspace. https://www.youtube.com/watch?v=mfLc4U8pnPkThe idea is to have a vnc/remote-desktop style machine on AWS. Just need only a client (secure chromeOS)
jhoechtl 2 days ago 1 reply      
This certainly makes a great dev environment for golang as for development golang has very reasonable requirements.
tkubacki 2 days ago 0 replies      
My current view is that best what average fullstack dev can do is still to buy beefy desktop with linux/nvidia + windows on virtualbox/vmware (for Windows stuff). Additional cheap Chromebook is nice but eg. IntelliJ is to heavy for it.
noja 2 days ago 1 reply      
What does this achieve? How does this stop anyone compelling you to do your fancy setup?
math0ne 2 days ago 0 replies      
Some cool idea's at play here but termux is so limiting I would have a hard time getting any real work done.
alexnewman 2 days ago 1 reply      
It would be perfect..... But no copy and paste in termux
digi_owl 2 days ago 0 replies      
I can't help but wonder if _sec has jumped the shark...
homakov 2 days ago 0 replies      
Usable? Scanning codes and plastic sticks? Not really
tostitos1979 2 days ago 2 replies      
I'm a bit confused (did skim article only). Is this running ChromeOS or Linux? Can I get steam games like stardew valley to run on it?
kaputsmack 2 days ago 0 replies      
As long as you don't mind Google spying on everything you do.
First Human Embryos Edited in U.S technologyreview.com
436 points by astdb  3 days ago   273 comments top 34
plaidfuji 2 days ago 6 replies      
I've seen most of these arguments for and against gene editing before, but the fact of the matter is that it will come down to the economic competitiveness of nations, as always.

What concerns me in the long term is that gene editing will cause human genomes to converge to a single gold standard with proven mental and physical benefits, thereby reducing our species' genetic diversity and leaving us more vulnerable to a mass extinction event. A "zero day exploit" that everyone missed in the popular new cancer-fighting edit.

eggie 3 days ago 5 replies      
We would need a very particular set of conditions for embryonic editing to be justifiable under a medical dogma that aims to "do no harm." Both parents would need to carry a large common set of recessive deleterious alleles, as this would make embryonic selection of non-carriers very difficult. Then we would need the editing system to be so reliable as to not introduce off-target mutations. In a preimplantation setting, we can't easily observe if non-desired mutations have been introduced in some cells, as this would require sequencing every cell in the developing embryo. Serious disease introduced through chimeric errors in the editing process would be a real possibility, and there is no feasible way we could guard against this result using sequencing as it would require destruction of the embryo.

A more realistic scenario would be to develop a human embryonic stem cell culture that has been edited as desired and then implant this into a developing blastocyst at a point at which it would take over the and develop into the fetus. This is done with mice and there is no reason it wouldn't work for humans. I think that most people would find this much more abhorrent than directly editing the germline. However, it would be much safer for the engineered proband and would not require a "perfect" editing system that we do not have.

sethbannon 3 days ago 5 replies      
I am so insanely excited for the potential of this technology. There are many ethical questions here, but the potential benefits far outweigh the downsides. In the near future, we can detect and eliminate genetic disorders, ensuring no child has to suffer from these defects any longer. Long term, this gives us a tool to take control of our own evolution in a way never before possible.

Couldn't be more excited for what's possible.

kanzure 2 days ago 4 replies      
here's a TODO list i made for possibly interesting genome editing targets: http://diyhpl.us/wiki/genetic-modifications/

Many of these have low demonstrated correlation or significance so don't just blindly load everything on that document into your at-home CRISPR kit http://www.the-odin.com/gene-engineering-kits/ but it should be a good starting point for thinking about what can be modified, improved, disimproved, etc.

artur_makly 2 days ago 1 reply      
"Although none of the embryos were allowed to develop for more than a few daysand there was never any intention of implanting them into a womb"

oh im sure human trials have begun by the time mass articles like this surface.

i've met young gententic research students who told me they went to work for labs based in Latam simply because they were allowed to do perform any experiments deemed illegal in the US - to get a precious few years of a head start.

albertTJames 3 days ago 2 replies      
Ethics questions need to be raised now, and guidelines have to be decided. The future of humanity is in gene editing. It should not depends on the lazyness of law makers and outrage of godfearing creatures to decide the fate of humanity. It is time we take our evolution into our own hands.
dr_ 2 days ago 4 replies      
I realize that scientific consensus is that gene editing should not be permitted to enhance human performance - be it mental or physical. But if one nation ignores this consensus, and starts producing "super humans" wouldn't other nations be compelled to follow?Otherwise, over time, wouldn't their citizens, and their nation, slowly fall behind as a country of power and status?Just a thought.
WalterBright 3 days ago 5 replies      
Gene editing is probably the only way humans can colonize space. By adapting people to different gravities, air chemistry and pressure, radiation, etc., the need for life support equipment can be significantly reduced, and the quality of life of the colonists can be improved.
pcnonpc 2 days ago 2 replies      
"The BGI Cognitive Genomics Project is currently doing whole-genome sequencing of 1,000 very-high-IQ people around the world, hunting for sets of sets of IQ-predicting alleles. I know because I recently contributed my DNA to the project, not fully understanding the implications. These IQ gene-sets will be found eventuallybut will probably be used mostly in China, for China. Potentially, the results would allow all Chinese couples to maximize the intelligence of their offspring by selecting among their own fertilized eggs for the one or two that include the highest likelihood of the highest intelligence. Given the Mendelian genetic lottery, the kids produced by any one couple typically differ by 5 to 15 IQ points. So this method of "preimplantation embryo selection" might allow IQ within every Chinese family to increase by 5 to 15 IQ points per generation. After a couple of generations, it would be game over for Western global competitiveness."


What do you think about this? From what I gather, the Chinese and much of East Asia do not have cultural resistance against using genetic engineering to increase their children's IQs. I will even guess that the governments will encourage their populations to use it.

Will the US, in particular the educated portion of the population, will adopt the practice soon after it is proven safe?

If China starts to do that en masse, Europe and the US will likely criticize them initially. Will they then be forced to adopt the practice soon afterwards? If so, how many years of lag approximately? How much resistance will there be on adopting the practice especially considering the left's belief on everyone's fundamental equality?

The denial about the importance of intelligence is quite obvious now at least by a significant percentage of Americans and Europeans. (They claim "hard work and culture are what matter.", ignoring twins and adopt studies) Will they wait for 1-2 generations until it's so obvious they cannot compete when they start to use genetic engineering themselves?

roceasta 3 days ago 2 replies      
The talk is of 'genetic enhancement' but the potential benefit seems more boring and necessary to me: removal of many new and as-yet-unidentified mutations. It is thought that these have been accumulating generation by generation since about 1800 when child mortality started to fall.
thosakwe 2 days ago 3 replies      
In my class just Monday, we watched a film titled Gattaca, which tells the story of a society fueled by eugenics, where most births are in-vitro modified babies, and there is clear discrimination against those with "imperfect" genes. It's crazy how close these things are to reality.
Mikeb85 2 days ago 2 replies      
As if there wasn't enough inequality in the world, now the rich will be able to afford to make their offspring genetically superior to everyone else's. Have fun with a 1% that are literally overlords.
chiefalchemist 2 days ago 1 reply      
Wasn't there a HN post/thread a week or so ago about some scientist having a (new-ish) theory about DNA and the role specific genes play? If there's enough doubt that there's still room for other theories, is CRISPR really a good idea?
Noos 1 day ago 0 replies      
I don't think the modest raise in IQ would be worth a society that considers children as products they can alter to specification. Bill McKibben in Enough wrote eloquently about the existential dread that could happen if we somehow managed to select for musical skill for example. It's one thing to deal with your talent or lack of it in terms of the randomness of normal life, another thing to realize you are little more than a racehorse that has been bred because your parents want you to be something.
noir-york 2 days ago 1 reply      
Evolution made us, then we discovered it, and now we can directly code it.

Pity evolution didn't give us the intelligence, restraint and good judgement to make sure that we will not screw this up. And we will.

A myriad of reasons will be given. Medical reasons - how could one refuse? Then parents: "Harvard is expensive and I want to give my child the best chance I can afford". Then nation states will feel pressure to 'level the genetic playing field'.

On the other hand, with AI soon replacing us, apparently, we can fight back and enhance ourselves!

djohnston 2 days ago 0 replies      
We already have a clear division in health along socioeconomic lines, but delivberately encoding our inequalities into our DNA is a future I could skip.
mmirate 3 days ago 1 reply      
Well this is exciting, but hopefully it will advance beyond "genetic disease". Or maybe in the future we will be able to expand our definition of that term, to include all genetic predispositions to suboptimal traits? (e.g. slow observation-decision loop, hedonism, sentimentalism/too-much-empathy, neuroticism, etc.)

Either way - hopefully, when this tech is completed, we will be able to accept and enjoy that our descendants will literally be superior beings to us, and not look upon them with too much envy.

patkai 1 day ago 0 replies      
I know very little about this topic, but let me shoot: isn't this method for improving competitiveness misguided and shortsighted? How about working on emotional intelligence, better education and talent management, better food in schools, better child care, more support for disadvantaged families - there is so much we can do... Or is it just not about improving society, but individuals (with deep pockets)?
k__ 2 days ago 1 reply      
Sounds nice, but I don't want children, I want myself to be improved.
stillhere 2 days ago 0 replies      
Seems like a more socially acceptable form of Eugenics since society seems to value advanced science more than it does traditional mate selection based on desired physical traits.
nonbel 2 days ago 1 reply      
Yet another mainstream news report on CRISPR before any scientific report is available.
vivekd 2 days ago 0 replies      
I think enough people recognize the ethical issues inherent in designer babies enough that we are in no danger of reaching that point. I think the tech could have great applications in livestock and curing genetic defects.
gehwartzen 3 days ago 1 reply      
"Now Mitalipov is believed to have broken new ground both in the number of embryos experimented upon and by demonstrating that it is possible to safely and efficiently correct defective genes that cause inherited diseases."

Seems a little early for such a claim based on embryos that only developed for a few days.

ysleepy 2 days ago 1 reply      
Why do in on human embryos instead of any other animal?At this stage, it must be for publicity reasons alone. Tasteless in my view.
analog31 2 days ago 0 replies      
In the future, every dissertation will include in its Acknowledgements section, the student's parents, faculty advisor, and gene editor.
jlebrech 2 days ago 0 replies      
Reactivate Vitamin C synthesis, etc.
ziikutv 2 days ago 0 replies      
Wow it's a Brave new world.
cellis 3 days ago 3 replies      
CRISPR is coming. I seriously think with CRISPR we could see several trillion dollar companies. From cancer and aids cures to fundamentally altering what it means to be human, this is all within the near grasp of CRISPR ( if what i've been reading is to be believed ).
thrwaway655366 2 days ago 0 replies      
SiempreZeus 2 days ago 0 replies      
You want a Gattaca world?? This is how you get a Gattaca world.
idibidiart 1 day ago 0 replies      
Evolutionary logic is like a massive legacy codebase without any tests. Fuck with it at your own risk. You could definitely get lucky and improve functionality but you'll never know what you'll be breaking.
theRhino 2 days ago 0 replies      
question is did they use emacs or vim?
aphextron 2 days ago 0 replies      
Cozumel 3 days ago 2 replies      
Related: 'Unexpected mutations after CRISPRCas9 editing in vivo' http://www.nature.com/nmeth/journal/v14/n6/full/nmeth.4293.h...
14 Years After Decriminalizing Drugs, Portugals Bold Risk Paid Off mic.com
372 points by cirrus-clouds  1 day ago   121 comments top 16
lmickh 1 day ago 11 replies      
Find it misleading that almost all of the recent articles on this subject talk about decriminalization as the cause for the drop in drug related health issues.

They shifted a significant chunk of money to health services. If it proves anything, it is only that health services can reduce drug related health issues. Without a control, there is nothing to point to regarding criminalization vs decriminalization. People are now paid to go out to drug dens and offer medical help. You can't simply say "people were scared to get help before" when instead you start sending help straight to their location.

Even when an article mentions the change in spending/focus, it is framed in the context of legalizing drugs. No one is making articles titled "After years of improving health services, Portugal's drug policy paid off".

I get that some folks want to legalize drugs, but make an argument for it that doesn't involve this twisting of results to match the desired outcome.

shawnee_ 1 day ago 2 replies      
Portugal's performance in perspective: Only three people for every million die of a drug overdose in Portugal, which puts one of the eurozone's poorest countries in a different league than rich international powerhouse Germany (17.6 per million) and in a different universe than social democratic utopia Sweden (69.7 per million).

There's a fascinating documentary called American Addict on what nearly happened before this happened:

"In 1971 President Richard Nixon declared war on drugs. He proclaimed, Americas public enemy number one in the United States is drug abuse. In order to fight and defeat this enemy, it is necessary to wage a new, all-out offensive(Sharp, 1994, p.1). Nixon fought drug abuse on both the supply and demand fronts." [source]

Before criminalization, the trend in society was to start treating people who are afflicted with addictions like the sick people they are, rather than like criminals. There was an entire movement toward recovery as a necessary way of life for some people who cannot moderate alcohol intake (or drugs or whatever), just like insulin is a way of life for diabetics whose pancreases can't moderate insulin.

Addiction is not a moral issue; it should not be criminalized. It is a medical issue. It is a mental health issue. When it's caught early enough, and treated with the proper mental health regimen, it does not have to be debilitating.

Instead, what happened with war on drugs was mass-market criminalization... essentially forcing alcoholics and addicts forced into debilitation (hiding / shame)... leading to further desire for escapism through the addiction. It's a terrible cycle, and the worst part of it is that some counties have made things like DUIs into their bread-and-butter mainstream source of revenue.

It's hard to say what the trend today is going toward. The privatization of jails is especially disconcerting; like society wants to trick itself into thinking that the more people it has locked up the "safer" it is.


untangle 1 day ago 4 replies      
The singular focus on "drug deaths due to overdose" tells an important part of the story, but not the whole story. For example, per Wikipedia, drug use may have doubled after decriminalization.* If so, that's an acceptable tradeoff to me but may not be to others.

* https://en.wikipedia.org/wiki/Drug_policy_of_Portugal

justaaron 19 hours ago 0 replies      
I want to point out that this is merely a heroin-inspired "harm reduction" law that removes the criminal penalties from having some arbitrary few number of days supply of any particular illegal substance. (10 days)

It does not recognize any distinction between substances and retains a "shame on you" psy-ops bureau that users caught with minor amounts of said substances are referred to, in lieu of the criminal justice system. This "toxic-dependency" panel has sanctions available including monetary fines and revocation of ones passport or other travel restrictions, to bend one to their ways.

This set of laws does not treat the SUPPLY chain at all!

If one has an amount of substance greater than the threshold one can expect charges of traffic/distribution, which then will collapse after the 1 year investigation results in the non-election to pursue such charges, which has meanwhile resulted in the de-facto punishment of 1 year of weekly(some interval) police-station-sign-ins and a form of house arrest.

It's not a complete set of laws, and while it did manage to dispatch the heroin crisis of years past, it doesn't make any distinction, and thus is impeding efforts towards home cultivation of cannabis being legalized, etc.

De-criminalization, like medical cannabis, has the unfortunate tendency of providing laurels to rest upon, and thus impeding further progress. (observe Spains cooperatives, where signed members cooperatively grow and share in the crop)

Basically, Portugal has a very mature attitude to many things: letting the golden dreams of empire fade as they should, accepting that some people behave rashly and putting an emphasis on harm reduction etc.The emergency services here generally are excellent, professional, and calm in demeanour.I don't think that in practice one notes any major difference in drug usage in society with regards to the rest of Europe, I think one simply notes a bit less paranoia.

By comparison, I find it very odd that more than 15 states in the USA have medical or legal cannabis, yet harm reduction for heroin seems to be missing, and hence I'll just say that some people like to learn the hard way :D

drefgert 1 day ago 2 replies      
The critical part missing from portugals policy is that drugs must be legal to buy and sell (via controlled channels).

Decriminalizing use helps, but legalizing sales take out the crime and ensures the health of users through clean product.

11thEarlOfMar 1 day ago 1 reply      
It would be illustrative to see a control of some type, perhaps deaths due to alcoholism. Seeing that trend against the heroin trend would help to illustrate the impact of decriminalization relative to other efforts or changes in law or society.
wwwater 9 hours ago 0 replies      
There is an amazing TED talk by Johann Hari on that topic https://www.ted.com/talks/johann_hari_everything_you_think_y...
petre 19 hours ago 1 reply      
Romania is on the last place according to the chart in the article and drug possesion is a criminal offense in this country. It's punishable by two to five years in jail. The rehab is inside the penitenciary, so you first go to jail, then to rehab.

Also it's quite interesting how just about every country that's close to the Netherlands, save for France which criminalizes posession, is at the top of the chart.

I've been to Lisbon and was approached countless times on the street by shady individuals trying to sell drugs, usually mj/hash but also coke, maybe one time out of ten. This is not a widespread thing in the rest of Portugal, just in Lisbon's very touristy city centre where.

marze 1 hour ago 0 replies      
Is this a correct summary?


150 deaths/million/year


3 deaths/million/year

cpncrunch 1 day ago 2 replies      
In Canada we seem to have de-facto criminalization for possession for personal use. The problem we have now is that 80% of heroin is laced with fentanyl (at least in Vancouver), and it's causing a huge overdose problem. Even cocaine and MDMA is now sometimes cut with fentanyl.

Not sure what the solution is, but perhaps a combination of stronger penalties for dealers, more resources for treating addiction, and legalising weed.

tompazourek 1 day ago 3 replies      
When I saw the chart I thought, what's wrong with Estonia?
randyrand 1 day ago 0 replies      
> People caught with less than a 10-day supply of a drug

That's a tiny amount. Punishing people that like to buy in larger quantities for convenience seems silly. They should have come up with a another or increased metric to determine who the dealers were.

perilunar 17 hours ago 0 replies      
> As Joo Goulo, the architect of Portugal's decriminalization model, told Hari, "using drugs is only a symptom of some suffering, and we have to reach the reasons."

Not necessarily. Using (harder) drugs is no more an indication of mental health problems than using alcohol. Many people use drugs recreationally without becoming addicted.

randomstudent 13 hours ago 1 reply      
This article is very weak... They cherry pick a single metric (overdose-related deaths) and use that to prove Portugal's policy is the best thing ever.

Other metrics that are relevant: Has drug use increased or decreased? What about the burden of disease associated with drug use? Also, even more importantly: What has happended to deaths in other countries over time?

Odenwaelder 17 hours ago 0 replies      
Has this guy walked the streets of Lisbon? You can't walk 50m without being offered drugs. It sucks.
vivekd 1 day ago 1 reply      
Counterpoint, overdoes deaths increased during some years and drug use has markedly increased:

Also the chart supporting less overdose deaths seems to be actually a chart about all drug induced deaths, and not just overdose deaths, which means it could include HIV/AIDS, once a big killer of heroin users which we can now treat for much better.


Show HN: The JavaScript Way, a book for learning modern JavaScript from scratch github.com
508 points by bpesquet  2 days ago   105 comments top 15
bpesquet 2 days ago 8 replies      
Hi all, author here.

Backstory: I'm a CS engineer/teacher and this book is a side project started in December 2016. You can read a bit more about it here: https://medium.com/@bpesquet/walk-this-javascript-way-e9c45a....

The writing process is now completed and I'm actively looking for feedback to make the book better. Any opinion or advice about content, pricing, or that hastily created Leanpub cover would be greatly appreciated. However, please keep in mind that this is a self-published effort still far from being polished and open to improvement.

I'd also like this thread to stay focused on the book itself, not on the merits/weaknesses of JavaScript or the usefulness of choosing it as a first programming language.

Thanks in advance!

ryanmarsh 2 days ago 10 replies      
I just got home from teaching JavaScript to a room full of people who've never written a line of code in their life.

This book is missing something critical that most intros to JavaScript overlook:

How does the student set up the plumbing and run their code?

It's amazing how much of a hump this is for many trying to get started. It also amazes me how oblivious most of us programmers are to it.

"Just open Chrome Dev Tools" or "put this in a file and run Node" are really strange computer tasks to someone who has never typed and executed code.

sAbakumoff 1 day ago 1 reply      
I think that the best book ever about JS for everyone, especially for those starting from scratch is https://github.com/getify/You-Dont-Know-JSyou simply don't need anything else
le-mark 2 days ago 1 reply      
Very, very nice. I briefly went over some chapters and I especially admire the 'no framework' approach you've taken. I believe there's a real need for a book like this, kudos to you for making it happen! What inspired you to create this?
internalfx 2 days ago 2 replies      
Another great JS book on github...


eksemplar 1 day ago 0 replies      
If you ask me all that you need to know about modern JavaScript is that it exists mainly to sell online learning material.

But I may be a bitter old man and your resource looks pretty good.

ThomPete 1 day ago 1 reply      
This is great!

I am fairly familiar with programming having done both AS, Lingo and PHP I understand code when I see it. I am however not a programmer but more a technically oriented product designer and so I don't get to practice as often.

I have been trying to get into javascript and while I understand all the fundamentals it's still not something that I feel comfortable doing which is a shame as it's kind of the language of the internet.

Skimming through this books it looks like the perfect way for me to spend my next two weeks of vacation so thank you so much.

Is there a way to to donate to you?

Having made something as comprehensive as this you need to think about how to break it up so that you keep users engaged and so that you cam maximise your revenue. Selling books is mostly a spike and then long slow ramp towards halt so make sure you keep your content alive.

If I may come with two suggestions.

1. Make a forum for your readers perhaps in the form of an online reading group so that you have someone to go through the book with.

2. Make a step by step email course where you go through the book and have people turn in assignments perhaps even in forums.

3. Let people hire you as a private teacher perhaps build up . a network of private teachers. (Ok that was three suggestions)

These I think would be great ways to monetize.

dotnetkow 2 days ago 0 replies      
Saw this on Reddit last night, poked around on a few pages. It's great! Love the movie list example on this page: https://github.com/bpesquet/thejsway/blob/master/manuscript/.... Going from "for" loops into map/filter/reduce concepts is an excellent way to teach!
jchien17 2 days ago 3 replies      
Should one learn ES2015 before learning ES5? Is there any value or need to learn ES5 if you're not maintaining an old codebase?
noir_lord 1 day ago 0 replies      
This is incredible.

GF wants to learn to program, she has a strong math/finance background and I think she'd be good at programming but the web can be a bit overwhelming in totality.

leke 1 day ago 0 replies      
I love the tl;dr section. It's basically what I have do when reading books, in order to recall the essential information without having to read the entire chapter again. Well played.
scottmf 1 day ago 2 replies      
Looks great. I love modern JS, and the faster everyone can move on, the better!

I didn't see any async/await stuff though, is there a reason for that? I'd imagine it would make some code much easier to follow.

baalimago 2 days ago 1 reply      
Didn't know "var" was outdated. Good stuff, thanks!
minademian 1 day ago 0 replies      
this looks promising. I like how it teaches the concepts using plain Javascript without focusing on a tool or library. Kudos.
partycoder 1 day ago 0 replies      
What all these tutorials omit is the tradeoffs JavaScript and node incur in order to be simple and friendly.

- In JavaScript: no type annotations, numbers are floating point numbers, garbage collected, no multi-threading in the language spec. There are some ways to workaround these limitations, but they're not a part of the language.

- The concurrency model of node, based on libuv event loop. This dictates what node is good for and what is not good for. Short lived tasks = good. Long lived tasks = bad (service degradation + cascading failures bad)

Amazon Hub amazon.com
423 points by danial  2 days ago   331 comments top 60
Balgair 2 days ago 16 replies      
Oh wow, I guess the company at my old Apt complex got bought out. Those racks are the exact same.

Still, those were terrible ideas. FedEx, USPS, and UPS all just dropped the boxes off on our door. The others made us use those machines. It wasn't too bad to go down and get the packages. Oh wait, then you forgot your phone and had to go all the way back up to get it to get the unlock codes off of your email. Then you had to be certain that your email would not send the code email into spam, so that sucked.

But if you were out of town or on vacation or just stressed from work or had a spam email mis-identification then it was a spawn worse than Satan. The system started to charge you, like 5$/day or something, for non-picked-up packages after like day 3. Guess who got a nasty surcharge after spending a month away for work and no email to tell me that things would get surcharged? Yeah, 150$ for some random thing my sister sent me unannounced was not a lot of fun.

And no, the apt complex signed onto this AFTER we moved in and with no notice on the lease or an update to us. I did get the complex to pay that crazy fee after storming in one morning and yelling a lot. Idiots.

As long as there is no charge for packages that don't get picked up and no 'max time' it can sit in a robo-bin, these things work great. If there is any charge at all, in any way whatsoever, avoid them like the plague, they are horrible.

nihonde 2 days ago 3 replies      
As is so often the case, this is already a solved problem in Japan. When a package arrives, I'm alerted to its presence when I RFID my key to open the lobby door. Then I RFID my key again on the package locker and the locker with my stuff pops open.

The issue with lockers filling up too quickly or packages sitting in them too long is handled by the shipping company, which has sufficiently good customer service to contact me about re-delivering items that aren't reaching me. Also, my neighbors would be mortified if their deliveries ever inconvenienced someone else in the building, so it's somewhat self-policing in that sense.

The amount of over-engineering that goes into overcoming the shortcomings of customer service and lack of basic etiquette in America is amusing and sad. Amazon seems to be an emerging leader in finding solutions for social breakdowns that could be easily solved if people cared more about doing a good job or about extending basic courtesies to their fellow citizens.

veridies 2 days ago 7 replies      
This morning, an Amazon deliveryman walked a few steps toward my house, threw a package about fifteen feet to the door (denting the case inside), and then walked back to his van. I still can't find a specific way to complain about the delivery. Forgive me if I'm not excited about Amazon building their own private mailboxes, but I don't think they have any real understanding of their own shortcomings.
cbhl 2 days ago 3 replies      
The biggest problem with this is that packages are bursty -- your mail room is always bursting around Christmas time.

I saw one apartment complex this year that had a twist on the package robot concept -- there's an iPad at the door of the mail room, and you type in the code from your package, the iPad takes your photo and then unlocks the mail room door using a solenoid.

The UPS guy? Scans the barcodes on the packages, then wheels them in and drops them off on cheap metal shelves inside -- no need to pay an employee to manage the mail room 24/7. More residents/packages? Just buy a few more shelves. Resident wants to pick up a package as soon as Amazon buzzes them? No problem. Resident wants to pick up at 2am? Great.

The only problem is you have to trust your neighbors to not steal your packages.

ohyes 2 days ago 0 replies      
I had something like this at an apartment I lived in, it was called 'package concierge.'

It was mostly nice, but where I lived there were issues with execution of the idea. At peak times (holidays) the package robot would get full, because people wouldn't pick up their stuff in a timely manner.

The package robot also had to be loaded by an employee of the building... until then the package hung out in the mail room like normal, but you could only get your package from the package robot... so if the package showed up and no one was around to load the robot, or was slacking off on loading the robot, it actually took longer to get your stuff.

When it worked, however, it was good to be able to pick up your package when you got home from work at midnight without having to talk to anyone or sign anything. Also getting notified via email that you had something waiting was nice.

polskibus 2 days ago 6 replies      
Been using InPost Paczkomaty for ages.https://twoj.inpost.pl/pl/przesylki/paczkomaty

established 2006, helped bring down the cost of deliveries at the same time improved convenience of online shopping when DHL,etc. always wanted to come to your flat when you were at work

netinstructions 2 days ago 5 replies      
Was kind of hoping this is something individual home owners could install near the front door so packages aren't left on the steps.

If you fill out the form it asks what kind of property you have, and single family homes is an option, but then it says "your property does not meet our requirements at this time." I wonder if enough people select that though...

clvcooke 2 days ago 4 replies      
Looks like Amazon picked up the buffer box [1] idea. Such a shame Google bought them and shut them down, it had such potential.

[1] https://en.wikipedia.org/wiki/BufferBox

bastijn 1 day ago 1 reply      
In NL you can deliver your package to a drop off point near your house. Usually these are supermarkets or other kind of shops. I always pick my local supermarket which is anyway on my way home. It is open until 22.00 on working days so no issues there.

It is not like this Amazon box but it does also not have the other things to worry about (packages arriving on holidays and costs surcharged thereafter). The shops get a little extra earnings and they handle sending back etc. When not picked up. The service is free of charge for customers.

I guess Amazon box would be a tad more convenient to go to as they are at your doorstep (every single house is their intention, didn't get the site really?) but to be honest, you are visiting your supermarkets anyway. At least in NL where they are close. US might be a bit different here due to distance? Though you can do other shops as well, and usually there is one within say 1-2km.

sumitgt 2 days ago 8 replies      
My apartment uses LuxerOne (https://app.luxerone.com), and it is the best amenity IMO.

One problem of Amazon Hub v/s LuxerOne is that I don't think Amazon Hub will work with packages from other retailers.

creo 1 day ago 1 reply      
We have that in Europe for years. It works great for me. There is no communication struggle with anyone nor planning involved and its cheaper. You'll get phone message and mail that there is package to take and from that moment you have 48 hours to pick it up. If you don't do it within time limit, package gets back into warehouse so you can go there or request home delivery for few euros.
rtpg 2 days ago 4 replies      
I get that the post office as a whole is useful, but on an organizational level it probably would make more sense for everyone to have to go to the post office to pick up their deliveries in this day and age.

Personal deliveries to your doorstep is a pretty luxurious service, if you think about it in abstract. Plus it seems inefficient for these delivery people to go to a bunch of people's houses and drop things off (when people are mostly not home) when we could all just change our daily commutes slightly when we need to.

crashedsnow 2 days ago 0 replies      
We have a security gate and I installed a network-enabled lock for which I can remotely add temporary security codes that we then specify in the order from Amazon. This results in the UPS guy completely ignoring it and leaving the package outside the gate in plain view for package thieves. Delivery drivers are like cab drivers used to be before Uber/lyft. There's no accountability baked into the process. Someone please invent Lyft for deliveries.
quantumwannabe 2 days ago 0 replies      
This just looks to be Amazon Locker[1] for apartment buildings. I've seen the lockers in hotels and around town for several years.

[1] https://www.amazon.com/b?node=6442600011

dcw303 2 days ago 1 reply      
My apartment in Tokyo has a similar system, and the apartment before that. I'd guess that most modern buildings within the 23 wards have it too. Don't know about other cities. You use the same electronic key that you need to get into the building foyer.

All domestic delivery companies (Kuro Neko, Sagawa, etc) will drop into them without a second thought. FedEx are a bit more annoying that you have to call ahead and authorize them to use a bin, but that's ok.

I only have trouble with some things through Japan Post where a signature or ID is required, which is annoying but understandable when they are delivering something like a credit card.

Nition 2 days ago 1 reply      
"You can pick up any package" says the video while showing a whole sequence of packages of roughly the same dimensions.
revelation 2 days ago 1 reply      
Looks like a Packstation:


They are nice, but it's a bit of a trade-off: 50% chance there is an empty opening in the station, 50% chance it's full and they dump the packet at some service center miles away where you stand in line for half an hour and get your package late.

smpetrey 1 day ago 0 replies      
As a person who regularly commutes from Brooklyn to Manhattan for work I'm never home to accept my Amazon deliveries. To make matters worse, the local UPS, FedEx and USPS offices always "lose" my package only to have either never show up or it is re-delivered weeks later with no notification.

Why don't they just leave it in vestibule or on my doorstep? Thieves. All delivery carriers just plain refuse to leave packages unattended.

This solution is basically an Amazon locker or PO Box that lives in my lobby? Sounds awesome. Amazon Hub might not make sense in rural areas but Amazon's biggest target lives in urban areas. I'm so ready for this.

alecco 1 day ago 1 reply      
This model doesn't work already.

I ordered some PC parts to an Amazon Locker and got my Amazon account suspended indefinitely. I can't log in to it. But they didn't block the other half of the order that didn't make any sense to get (a case).

They asked my ccard billings via fax (shrug). After struggling with my hotel's terrible computer and fax I managed to send it to them. No answer. I asked and only then they responded in a short email it was not legible. Terrible support.

Also the delivery of the case was delayed several days so I lost it but had to pay for it anyway.

They managed to make me never buy from Amazon again. My account was over 10 years old. Had problems with deliveries a year ago, too. (that was why this time I tried an Amazon Locker)

wanghq 1 day ago 0 replies      
Lesson learned: if you have some idea, buy a domain name, and have one static page to explain the idea, and use a form service to collect feedback :)

It's interesting to see that amazon doesn't mind using a 3rd party form service to collect information (https://amazon29.au1.qualtrics.com/jfe/form/SV_8nWssUBen1xjL...) even though they have enough tech power to do that.

primigenus 2 days ago 1 reply      
Hopefully at some point in the future apartments/houses just come with privileged access entryways that you can manage, and delegate time-gated access to delivery services. That way the delivery person can just let themselves into your "airlock", put the package there, and leave without getting undue access to your private home and without it being a public space (like a porch) that requires a social contract to not be broken in order to remain secure.

Today's too early though, since IoT (eg. a connected doorlock) seems untrustworthy. What are some solutions that could be used to approximate it, I wonder?

bschwindHN 1 day ago 0 replies      
Here's a video demonstrating this kind of system in Japan:


The cool thing is when you scan in with an IC card, the lobby door will notify you of the package. That same IC card also lets me unlock my door and open the delivery locker. There's also a panel in my room which lights up when a package is sitting in the locker for me.

erickhill 2 days ago 0 replies      
I wish my office's building was able to support one of these. Our neighborhood USPS will often swing by after the office doors lock. They will say things like "unable to deliver" but never deliver during office hours. When you buy from Amazon, you never know if UPS (never a problem) or USPS is going to be the deliverer. It makes Prime shipping nearly worthless for many of us.

But we don't own this building, and at least right now I can't imagine where one of these things might go.

losteverything 1 day ago 0 replies      
It says from any carrier.

To receive from the usps, among other things, you must have an address, a approved mail receptacle and a safe and secure location.

The "space" in the mailbox is protected and is virtually owned by the usps.

I could not deliver to a box that is not postal approved. I suspect the missing piece of info is an agent would have to palce a parcel into a Hub locker. Like the ups store does today.

jk2323 2 days ago 1 reply      
Old news. They have this already in China and they have something similar in Germany. In Fact, AFAIK they even had something like this in the former GDR.
43224gg252 2 days ago 2 replies      
So... a mailbox?
plumeria 2 days ago 0 replies      
Who do they charge for this service? The retailer, the delivery company, the landlord, or the end consumer?
ikeboy 2 days ago 1 reply      
I'm hopeful this will improve deliverability - amazon sellers have noticed recently an increase in items returned because "shipping address undeliverable", and amazon forces us to eat the shipping cost - often on items delivered by Amazon themselves (amazon logistics).
djhworld 1 day ago 0 replies      
I suppose if you live in a block of flats, this would be useful.

I tend to use Amazon Lockers a lot anyway, there's one just outside my tube station (Transport for London let Amazon put one there, which I thought was smart)

eli 1 day ago 0 replies      
Seems like UPS Access Point and whatever the equivalent FedEx program is called already mostly solve this for me.

If I'm not home, UPS leaves the package at a nearby participating business (which you can select from a list online if you wish). I picked a check cashing place that's already on my walk home. It's free and they'll hold packages for something like two weeks.

I guess YMMV if you're not in an urban center.

otto_ortega 1 day ago 0 replies      
I got a chance to try Amazon Lockers recently while on a trip in Seattle, I can't say anything but good things.

It is very convenient not having to worry about if there will be someone at the time they try to deliver your package or that they just drop it around so it could get lost (specially if it is something expensive)

At least with Amazon Lockers they give you 3 days to pick the package and return it after that, I assume they can do something similar with these, after 3 days packages are returned to the nearest carrier retail outlet.

paulcole 2 days ago 0 replies      
They could OCR all the return addresses and figure out who's buying what and target ads accordingly. They could also x-ray all the packages for even more insight into consumer behavior. And if a package is coming from a competitor, offer the recipient the option to receive an Amazon gift card in exchange for refusing delivery and returning to sender. Or just paste Amazon ads all over every package in the Hub. Yes I work in marketing why do you ask.
madamelic 2 days ago 2 replies      
I am kind of waiting for the day Amazon gets hit with an anti-trust or something.

Amazon is nice, but a bit tired of Amazon's attempt to collect everyone's data about everything.

glenneroo 1 day ago 0 replies      
What's wrong with the "pick-up stations" option? I have a list of 9 different places (post office, gas station, optician, pizzeria, drug store, etc.) within 15-minute walking/transit distance which I can select to have my stuff delivered. Alternately I can enter a neighbor's name/address or select a safe place. Is this only an option in Europe?
justicezyx 2 days ago 2 replies      
Amazon is reinventing the whole daily retailing experience piece by piece.

There does not seem anyone on the market now can be a meaningful competitor at all. The close-loop virtuous cycle now extends to a degree that probably only Alibaba can rival (in China).

I don't think this is Bezos' original vision, but Amazon grows to a point such ideas just come out naturally.

The resistance seems futile now, all retailers should consider how to operate in the model created by Amazon.

voltagex_ 2 days ago 0 replies      
AusPost has Parcel Lockers which are fantastic, except they won't accept courier deliveries, only "standard" packages (USPS, Royal Mail, Auspost itself). I get a push notification and an SMS. There's a QR code in the app which is used to open the door to the locker.

Strangely, I got two DHL packages recently so maybe they've changed the rules.

tapmap 2 days ago 0 replies      
Isn't there a startup out there that will pick up your packages for you when you're out? Or will allow your neighbour to pick them up?
samcat116 1 day ago 0 replies      
We have had a similar product at my University for the past two years. I honestly couldnt imagine college without it. I have little faith that my residential office could manage that many packages. Plus free next day pickup for most things on Amazon is amazing. Order by 10pm and its there at 8am the next day.
chiph 1 day ago 0 replies      
I'm wondering how anti-theft these are. I (and my neighbors) just lost some mail because some thieves pried open the cluster mailbox. I imagine these would be a really attractive target.
19890903 1 day ago 0 replies      
There aren't enough companies doing USEFUL hardware. To see such a handy tool from Amazon is a breath of fresh air. What are some useful hardware companies that you can think of?
jageen 1 day ago 0 replies      
Rakuten introduce same kind of service in 2014,Where you can set your password to unlock box.


Nerada 2 days ago 1 reply      
Pretty much Australia Post's Parcel Lockers.


TranquilMarmot 2 days ago 0 replies      
Isn't this just Amazon Locker? There are ton of them here in Seattle, one right next door to me. Biggest issue is the thing is ALWAYS full so I can never actually get anything shipped to it.
alexobenauer 2 days ago 2 replies      
Wildly unnecessary. Apartment complexes have mailbox systems where they leave a one-time key in your mailbox to a special package-sized box. No touchscreen or Amazon needed.
devdoomari 1 day ago 0 replies      
well there's a convenient-store version of this in Korea...

which is a +1 for the convenient store (more ppl coming in -- more chance to sell stuff)and +1 for the buyer

sixQuarks 2 days ago 1 reply      
Amazon needs to solve the cardboard box overload issue. Too many boxes to break down all the time, and sometimes overfilling the bin.
chw9e 1 day ago 0 replies      
If these things supported refrigeration it would be pretty convenient for future deliveries from Whole Foods
empath75 2 days ago 1 reply      
Every apartment I've ever lived at just has deliveries left at the leasing office. It seems like it works fine.
banach 1 day ago 0 replies      
Oh, they mean a "mail box".
cargo8 2 days ago 2 replies      
Is this just Amazon Locker rebranded?
felipesabino 2 days ago 0 replies      
[off-topic] Anyone else really annoyed by the buggy scroll making the page jump up and down?
quickthrower2 1 day ago 0 replies      
My solution is to tell them to leave it round the back, under the verandah
arxpoetica 2 days ago 0 replies      
Something like this for international shipments would be awesome.
odiroot 1 day ago 0 replies      
I think we already have it here in Germany, if I understand correctly. DHL is always experimenting with new ways to avoid ringing your doorbell.
e40 2 days ago 0 replies      
Not new, and I tried to use it several times, and the boxes at the 7-11 near my house are never free.
gist 1 day ago 0 replies      
Where this will end up is that Amazon will figure out a way to put these at private residential homes [1] and the property owners will be able to earn extra cash. Won't work in all places or on all types of properties but I can definitely see it being possible in certain locations.

[1] After figuring out how to defeat any zoning issues.

homero 1 day ago 0 replies      
How's it get your email?
orliesaurus 2 days ago 0 replies      
What's next? Amazon Buses to get you to work?
2_listerine_pls 2 days ago 0 replies      
I hate Amazon. These guys want to control every aspect of the chain.
nightski 2 days ago 2 replies      
Wow that looks like an example of over engineering if I have ever seen one. USPS has been using a simple key system for ages.
Remotely Compromising Android and iOS via a bug in Broadcom's WI-FI Chipsets exodusintel.com
367 points by pedro84  3 days ago   156 comments top 13
thomastjeffery 3 days ago 6 replies      
Why does Broadcom insist on proprietary drivers?

How could it possibly be detrimental for Broadcom to have free software drivers?

This article is a poignant example that it is detrimental for them to continue to keep their drivers proprietary.

Animats 3 days ago 2 replies      
C's lack of array size info strikes again:

 memcpy(current_wmm_ie, ie->data, ie->len);
where "ie" points to data obtained from the net.

yifanlu 3 days ago 2 replies      
The article mentions

> Broadpwn is a fully remote attack against Broadcoms BCM43xx family of WiFi chipsets, which allows for code execution on the main application processor in both Android and iOS.

But it doesn't go into any details on this privilege escalation actually works for iOS and more specifically that it doesn't require additional exploits. Can anyone explain this in more detail? If this actually allows code execution on iOS application processor, that means we have a jailbreak right?

swerner 2 days ago 1 reply      
Fortunately, this is being addressed in software updates.Unfortunately, people who own older devices are left with the vulnerability forever. The iPhone 4S alone sold ~60 million units (according to Wikipedia) and did not (and most likely will not) receive any updates.
shock 3 days ago 6 replies      
This is kind of scary :(. How does one ensure that they aren't vulnerable to this bug?
nyolfen 3 days ago 0 replies      
i've been hearing people complain about the seriousness of this attack vector for years. i'd be surprised if there weren't intelligence agencies that have utilized it already.
samat 2 days ago 1 reply      
Could please someone explain, 1) if firmware is stored on a Wifi chip or rather loaded during the boot process?

2) Do apple/google have binary image from Broadcom or rather source code?

It is quite interesting how this patch production/delivery process works.

IshKebab 2 days ago 0 replies      
How long until someone unleashes this? There are going to be millions of vulnerable Android phones for at least a couple of years to come. Surely it will happen.
mangix 3 days ago 1 reply      
I do wonder why most mobile chips are broadcom. There's decent competition from Qualcomm atheros and mediatek.
cpach 2 days ago 0 replies      
If anyone wonders, this was patched in iOS 10.3.3 https://threatpost.com/apple-patches-broadpwn-bug-in-ios-10-...
rca 2 days ago 0 replies      
http://boosterok.com/blog/broadpwn/ shows a simple check using hostapd to see if a device is vulnerable
amazingman 3 days ago 1 reply      
I already updated my phone. Is the iOS update that patches this available over a cell network? If not, as is usually the case, isn't that Not Good?
anon4728 2 days ago 0 replies      
Proprietary drivers, firmware blobs and ASICs are a national security threat. Without open code reviews, auditing and functional verification it's impossible to trust there are both a minimum of exploitable bugs and/or backdoors in a given software-hardware stack. This may require some sort of confidentiality rubric but there's no shortcut to getting around this vital need.
Google and a nuclear fusion company have developed a new algorithm theguardian.com
365 points by jonbaer  3 days ago   114 comments top 19
abefetterman 3 days ago 3 replies      
This is actually a really exciting development to me. (Note, what is exciting is the "optometrist algorithm" from the paper [1] not necessarily googles involvement as pitched in the guardian). Typically a day of shots would need to be programmed out in advance, typically scanning over one dimension (out of hundreds) at a time. It would then take at least a week to analyze the results and create an updated research plan. The result is poor utilization of each experiment in optimizing performance. The 50% reduction in losses is a big deal for Tri Alpha.

I can see this being coupled with simulations as well to understand sources of systematic errors, create better simulations which can then be used as a stronger source of truth for "offline" (computation-only) experiments.

The biggest challenge of course becomes interpreting the results. So you got better performance, what parameters really made a difference and why? But that is at least a more tractable problem than "how do we make this better in the first place?"

[1] http://www.nature.com/articles/s41598-017-06645-7

briankelly 3 days ago 4 replies      
From the actual journal article:

> Two additional complications arise because plasma fusion apparatuses are experimental and one-of-a-kind. First, the goodness metric for plasma is not fully established and objective: some amount of human judgement is required to assess an experiment. Second, the boundaries of safe operation are not fully understood: it would be easy for a fully-automated optimisation algorithm to propose settings that would damage the apparatus and set back progress by weeks or months.

> To increase the speed of learning and optimisation of plasma, we developed the Optometrist Algorithm. Just as in a visit to an optometrist, the algorithm offers a pair of choices to a human, and asks which one is preferable. Given the choice, the algorithm proceeds to offer another choice. While an optometrist asks a patient to choose between lens prescriptions based on clarity, our algorithm asks a human expert to choose between plasma settings based on experimental outcomes. The Optometrist Algorithm attempts to optimise a hidden utility model that the human experts may not be able to express explicitly.

I haven't read the full article nor do I understand the problem space, but the novelty seems overstated based on this. Maybe they can eventually collect metadata to automate the human intuition.

Edit: here's their formal description of it: https://www.nature.com/articles/s41598-017-06645-7/figures/2

dwaltrip 3 days ago 5 replies      
There was a talk about the state of nuclear fusion by some MIT folks linked here on HN a few days ago. One of the biggest takeaways was that many fusion efforts are very far away (3 to 6+ orders of magnitude) on the most important metric, Q, which is energy_out / energy_in. Additionally, much press and public discussion completely fail to discuss this and other core factors that actually matter for making fusion viable.

I remember Tri-alpha being listed on one of the slides near the bottom left of the plot, 4 or 5 orders of magnitude away from break even, where Q = 1 (someone please correct me if I'm remembering incorrectly).

Is the 50% improvement described in the article meaningful, as that would only be a fraction of an order of magnitude?

I understand the broader concept of combining experts and specialized software on complex problems is a powerful idea -- I'm just wondering if this specific result actually changes the game for Tri-alpha.

EternalData 3 days ago 5 replies      
Google might try to become the conglomerate of all forward-facing things but it is somewhat funny to see how through it all, it's their advertising revenues that form the core of the business.
ZenoArrow 3 days ago 0 replies      
Sounds like some promising results, hopefully this approach will continue to be useful.

Addressing the wider article, it always surprises me that the focus fusion approach is never mentioned in fusion articles put out by the mainstream media. I don't know what to attribute that to, but it's surprising that one of the most promising fusion approaches is constantly overlooked.

To give an idea how drastically overlooked focus fusion is, here's a graph showing R&D budgets for different fusion projects...


... and here's a graph showing energy efficiency of fusion devices (running on deuterium I believe)...


You'd think that the second most efficient device would've gotten more than $5 million in funding over 20 years (I think the original funding was from NASA back in 1994).

mtgx 3 days ago 1 reply      
I think their universal quantum computer (to be announced later this year) could accelerate fusion research even more, as I imagine it could more accurately simulate the atom reactions and experiments on it. Practical quantum computers may just be what we were missing to finally be able build working fusion reactors.

The millions of possible "solutions" and algorithms for working fusion reactors may be what has made fusion research so expensive and fusion reactors seem so far away. Quantum computers may be able to cut right through that hard problem, although we may have to wait a bit more until quantum computers are useful enough to make an impact on fusion research. I don't know if that's reaching 1,000 qubits or 1 million qubits.

yousefvi 3 days ago 0 replies      
As a psychologist, this looks an awful lot like computerized adaptive testing methods, only instead of estimating some parameter vector about a person, you're estimating some parameter vector about plasma.

Even the title "optometrist algorithm" is telling, because that paradigm is a basic model for how a lot of testing is done, except that it's not the optometrist doing it, it's a computer.

DrNuke 3 days ago 0 replies      
Diversification of the business, me thinks... nuclear is so big (but slow) that a penny invested today may become a tenner tomorrow, just in case.
siscia 3 days ago 7 replies      
I do have a naive question.

Suppose a big breakthrough comes out of a private company, and such innovation is necessary to use nuclear fusion.

The company will be free to do whatever it pleases with the technology or it will somehow "force" to let other use, maybe behind the payment of some royalties.

rurban 2 days ago 0 replies      
No, they have not. They developed a very useful new program.

But simple assisted hill climbing is not a new algorithm, you might call it "Wizard" though. This would attract the right audience.

janemanos 2 days ago 0 replies      
Maybe I'll see commercial fusion within my lifetime... how nice is that!
j7ake 2 days ago 1 reply      
how does this nuclear fusion company hope to make money ? Their product is decades in the future.
suzzer99 3 days ago 4 replies      
Am I the only one that never reads these articles but just goes straight to the comments? It seems like reporters always get the facts bungled and go for the simple story - out of necessity of course.
JohnJamesRambo 3 days ago 1 reply      
Google didn't enter the race. They helped a company with some calculations.
Necromant2005 2 days ago 0 replies      
It's nothing. Even if Google is invented something we will never see a product customer can purchase.
grnadav1 3 days ago 1 reply      
You jusk KNOW Elon Musk is gonna beat'em to it ;)
MrQuincle 3 days ago 4 replies      
There are two directions within the energy world that I don't completely get. One of them is hydrogen storage, the other nuclear fusion.

From what I always understood is that the high-energy neutrons produced by the fusion reaction irradiate the surrounding structure and that there is still considerable nuclear waste (although lifetimes are better than with nuclear fission). Do the scientists not care or is this outdated info?

hailmike 3 days ago 0 replies      
I want to start placing "Google and " before stating my accomplishments.

"Google and a nuclear fusion company have developed a new algorithm"

sounds way better than:

"Nuclear fusion company has developed a new algorithm using Google"

They may not mean the same, but in today's world faking it until you make it might pay off.

quickben 3 days ago 3 replies      
Outside of the title being misleading, I'm sceptical. It's one thing to have the hardware for research, and completely other to have the expertise for the research.

Google entered the self driving cars research, and we have yet to see them driven around.

This heavily reminds me of Intel and their diversification, up until recently, they were in IoT, makers market and what not. One solid push from AMD and they jumped out of everything way too fast to track.

Google seems the same with the nuclear fusion. They have the advertising money to throw around, but that just it, they are in different segment, and from investing side I'm more inclined to stay away from their stock then buy it.

Apples refusal to support Progressive Web Apps is a detriment to the web medium.com
362 points by jaffathecake  2 days ago   437 comments top 48
christiangenco 2 days ago 17 replies      
I think a lot of commenters here are missing the point and getting distracted by push notifications (who wants a website spamming them with notifications?) and loading screens (hardly a feature).

Apple supporting PWA (Progressive Web Apps) is hugely important because it enables a future where web apps can natively support browser, Mac/Windows/Linux desktop, and mobile iPhone/Android/Windows native mobile with a single codebase of open technologies.

Why is that important? By fragmenting development effort, the overall product isn't as good on any platform.

There's an app I'm making on the side to keep track of your contacts (like a personal customer management system). This needs to store all your contacts offline, because it'd be too much friction to load everyone you've ever taken notes on over the network every time you open the app.

Right now, the only way for me to accomplish that on iOS is to make a native app. This means I had to learn an entirely new technology stack (React Native and XCode), completely rewrite my views, tie everything into my backend, and go through Apple's Byzantine approval process (which I still haven't done because I can't figure out why my app compiles and runs locally but complains about libraries not being linked when I try to archive it to upload to the app store).

This is unnecessary duplication of work that could've been spent writing new features, makes it harder to add new front-end features in the future (because now they have to be added in two places), and adds a huge lag in the time it takes me to push changes to the iOS client (weeks, vs. the seconds it takes to push a change to the web client).

If apple supported PWA, I would've spent my time making the database keep a local syncing copy on the browser (with minimongo or pouchdb), and then every platform would've benefited from faster page loads and offline syncing.

Until Apple adds PWA support, I can't make as good stuff, and people can't use the better stuff.

jaffathecake 2 days ago 3 replies      
Safari engineers have attended all service worker working group meetings, and they do contribute. However, I do share the frustrations over transparency.

It's tough to get developers to care about things like offline-first, because it's tough for them to convince managers to allow them to spend time on a feature that won't work on iOS (since it won't work in Safari, and Apple has banned other browser engines on their platform).

Ultimately it's users that lose out but also the web as a platform, as it pushes people, like the author of the article, towards walled-garden solutions like native apps.

Apple is looking for service worker use-cases, so if it's something you're interested in, let them know https://lists.webkit.org/pipermail/webkit-dev/2017-July/0292....

pluma 2 days ago 8 replies      
I think push notifications and offline support are the real killer features that Apple currently doesn't support.

It's kind of funny as a web developer because for the longest time Apple seemed to be the one pushing the mobile web forward but now that web apps are reaching for feature parity with native, Apple's initial momentum seems to be ancient history.

It seems Apple still thinks of the mobile web as a content delivery platform rather than an application platform. Their proprietary additions (mostly CSS) largely focused on making things prettier, their rationale for opting out of standard features (e.g. autoplay) often only work under the assumption that the only use for those features would be in the context of traditional content pages.

You want an app? Develop for our walled garden we tightly control to offer our users the best possible experience. If you want it on the web, stick to creating content our users can consume in Mobile Safari, our app for reading websites.

rsynnott 2 days ago 3 replies      
As an iOS user, I'm actually quite glad that websites can't send me push notifications on it. And app loading screens are a feature?

If people _insist_ on making phone apps as websites, there's Cordova and all that. Such apps are never very good, of course. I still haven't seen a website-based desktop/phone app that wasn't a clunky non-native-looking resource-hogging mess.

nothis 2 days ago 3 replies      
IMO convoluted JavaScript hacks aren't the solution to "cross platform development" I'd want to settle on. Do I really want my weather app to be running on top of the browser app? And as far as cross-platform compatibility goes, we're now at a point where websites tell you to please load them with Chrome for the "full experience", that just reminds me of when websites used to tell you to please use Internet Explorer. So much for "Apple mobile Safari is the new Internet Explorer", lol. Push notifications for browsers are a weird concept, anyway.
interpol_p 2 days ago 12 replies      
I hate using web apps. On desktop, mobile, wherever. The author's list of things they want supported by Mobile Safari is just aggravating:

> Here are a list of things you still cant do with mobile safari due to Apples refusal to support them:


> Create an app loading screen

> Use push notifications

> Add offline support

> Create an initial app UI to load instantly

> Prompt installation to the home screen through browser-guided dialog

Why do I want these things, as a user. App loading screens?

I love the web. I love hyperlinks, text and images. The web of connections that lead you to information. Everything in that list is detrimental to a good experience on the web.

I don't want push notifications, I barely enable them for native apps. And it bugs the hell out of me when every second website in desktop Safari prompts to send me push notifications. No. Why would I want this on mobile?

Same thing with the home screen. I love the fact that the address bar in my web browser is my history, my reminders, my bookmarks, my open tabs. I start typing what I want and I'm there. Finding native apps on my home screen is only just getting to the same place with Spotlight, why would I want to make the web worse by sticking icons for pages on my home screen?

And browser-guided dialogs to put more icons on my home screen? Seriously?

This author's post is a great argument against web apps on mobile.

ino 2 days ago 5 replies      
All browsers still suck at basic functionality.

Here's a quick short list of things that developers still have to write because the current implementations are broken, buggy, inconsistent or absent:

- Date pickers.

- Image upload [1].

- Autocomplete and datalist.

- Range pickers.

- Upload time remaining without javascript.

- Number min/max/step, use up/down keys to increment/decrement.

- Form elements that are unable be styled by CSS.

- Color picker (arguably not as important as the others, and some OS color pickers suck anyway).

[1] Basic things like resize image on the browser prior to uploading. Size, aspect ratio, crop could be hinted by the html or chosen by the user. Server check is still needed, but upload size and times would be reduced drastically.

Shouldn't those be more important?

ebbv 2 days ago 0 replies      
Maybe I'm just an old fogey but I don't like Progress Web Apps. I think this whole movement of trying to make web apps more native-like is wrong headed and stems only from developers who have only ever written web apps wanting to write native apps but not wanting to learn how to do it properly.

As a user I don't want to have web apps giving me notifications or having loading screens. I have always liked that the web was tightly sandboxed and limited in what it can do. The nature of the web; where when I follow a link I'm basically installing your application -- sight unseen -- means that what your app can do needs to be tightly controlled and limited.

As a developer, if I want to make a native app for any platform, I'll write a native app. If you don't want to learn Objective-C or Swift, that's fine. There's plenty of ways to write Native applications iOS using cross platform languages like C++.

Frankly, those languages are easier to write testable, dependable code in than JavaScript anyway.

Rjevski 2 days ago 0 replies      
PWAs and any of those Javascript-powered "apps" are shit. I am glad Apple is against them. Even the best JS apps with perfect UX (those are rare, but they exist) still feel relatively slow compared to a native counterpart.

I don't want to pay with UX if some "developers" can't be bothered to learn new languages and insist on doing JS everywhere.

linopolus 2 days ago 1 reply      
As an iOS user, one thing I surely don't want are more web apps. The web is for content (including APIs Robbe used by native apps) not for apps, if on desktop or mobile. Here's why:

- lower performance. It can't be as fast as native as long as there's still the browser underneath- non-native experience. I use iOS because I like it better than android. I like the UI and UX, how it looks and feels. I don't want an web app, with an UI feeling different, looking different and behaving different.- multi-platform. All platforms will never have the same capabilities and features. You will always have to use the least common denominator or hack your things around.

Apple provides ObjC and Swift, the latter being a terrific way to develop apps, in my humble opinion a far better language and environment than JS (or JS). Just use it, your users will thank you.

illuminati1911 2 days ago 3 replies      
"all sorts of great features that youd normally associate with native apps, like push notifications, offline support, and app loading screensbut on the web! Awesome."

I didn't know app loading screens were "a great feature".

Anyway I really don't see the point of PWAs or much future for them anyway. Even if Apple started supporting these with Safari, the web apps still could not interact with different hardware components/sensors, iOS SDK's etc.

React Native already brought a platform which allows making apps with native components and good performance with JS + decent access to hardware and iOS and still it's barely used outside of hobby projects.

I'm sorry, but native apps aren't going anywhere.

VeejayRampay 2 days ago 1 reply      
I'll just recycle a comment from a few days ago, it's (un)surprisingly fitting:

"You know the rule, Apple ALWAYS gets a pass. No matter what they do, no matter how bad they treat their customers, no matter how awful their "upgrades" are, no matter how non-configurable and locked-in their products get over time, no matter the lack of innovation for the past 5 years, they always get a pass. Deal with it, that Jobs residue works its magic for a loooooong time."

cjCamel 2 days ago 0 replies      
This is a frustrating article - the issue really is that Safari doesn't support Service Workers and Web App Manifests, which are the canonical way of making PWAs.

Safari should support Service Workers[1], because they allow you to safely intercept and modify navigation and resource requests, and cache resources in a very granular fashion, securely and on a different thread to your app JS. This is great for performance and offline/spotty reception.

The Web App Manifest[2] is the file that allows developers to "appify" the site, by prompting the user to add to their home screen (only once they hit a certain usage rate), show a splash screen etc. But that's a nice to have compared to Service Workers.

[1]: https://developer.mozilla.org/en/docs/Web/API/Service_Worker...

[2]: https://developer.mozilla.org/en-US/docs/Web/Manifest

waitwutt 2 days ago 0 replies      
What. Having a really hard time following what is exactly preventing the author from doing any of these:

> Create an app loading screen> Use push notifications> Add offline support> Create an initial app UI to load instantly> Prompt installation to the home screen through browser-guided dialog

All of these things are possible in Safari, no? It just doesn't support ServiceWorkers?

Aside: as a web security guy I think serviceworkers are a tragedy. Any crappy site you accidentally visit and immediately hit the back button on gets 10 minutes of freebie time to execute Javascript, roam your local network, exploit "slow" browser vulns, eat your bandwidth, etc. Gone are the days when the only things running Javascript are your open tabs.

jpttsn 2 days ago 1 reply      
OP builds part of this argument based on "Apple isn't responsive to my complaints about web apps."

Apple isn't responsive to complaints in general. Are they less responsive to web app complaints than other complaints? Otherwise, the argument holds no water.

josefwasinski 2 days ago 2 replies      
I can see why apple is hesitant to do this. But there is definitely a middle ground.

Require the same developer registration process as they currently do for iOS apps. Then require some apple provided javascript to provide access to these needed functions. App review as before.

At that point they can do interesting things: charge per 1000 installs, enforce the use of apple pay. They can operate a business model that is slightly different, but the same at its core - tax developers for access to their user base/platform.

programminggeek 2 days ago 0 replies      
I don't think Apple's customers are clamoring for Progressive Web App support as much as they are wanting other features.

The average customer (of which Apple has millions worldwide) wants a device that solves some basic desires like taking pictures, making phone calls, texting, email, etc.

I don't see how this feature serves enough of those customers for Apple to care more about it than something that will sell computers (in some form or another).

quadrangle 2 days ago 0 replies      
When I think "progressive web" I think of progressive enhancement. https://en.wikipedia.org/wiki/Progressive_enhancement i.e. make regular non-JavaScript websites as a foundation and add JavaScript just to enhance that.

I suppose this is a compatible idea, but the PWA idea is based on everything going in the wrong direction generally. PWA aims to make everything "app" like even when it's not warranted. The vast majority of apps and PWAs don't need to exist at all. People don't need all this JavaScript interactive excess.

What I like about PWAs: a move away from everyone downloading ridiculous numbers of apps for each website. What I don't like about PWAs: turning websites into apps when not needed.

jaxondu 2 days ago 0 replies      
As much as I want PWA to rule, web apps still give a noticeable lousy experience than native especially social apps with large feeds (Facebook, Twitter). After so many decades chasing the native experience, it appears HTML/CSS/DOM needs to be revamped/replaced in order for some hope. Maybe a brand new UX library build on top of web assembly? A cross-platform user interface library on top of Unity/Unreal Engine? Why must web apps rely on browser in order to run? If there is a UX component to docker/container, does it provide similar security mechanism as a browser? Maybe this world is not meant to have only one language/UX library/delivery mechanism for apps.
aedron 2 days ago 3 replies      
Since the article did not go into details, and many of the points seem nonsensical, can someone elaborate?

Why can I not "Create an app loading screen" without service workers? Why can I not "Create an initial app UI to load instantly"? Seems these are trivially possible with regular Javascript, but maybe I'm misunderstanding?

Similarly, "Use push notifications", "Add offline support" and "Prompt installation to the home screen" do not sound like APIs that are dependent on service workers, but I guess they are? (or the article makes no sense)

(By the way, the 300ms tap delay that he gripes about can be hacked away, see fastclick.js)

chasing 2 days ago 0 replies      
> Apple thinks you should learn a completely different and more complex programming language (Objective-C/Swift) and maintain a completely separate code base for iOS. This effectively hurts small dev shops, stifles innovation, makes startups much more difficult to get going.

ObjC/Swift may be somewhat more complex than Javascript (or whatever) as programming languages, but one thing I like about iOS development right now is the relatively stable and well-integrated toolset.

I love web development. It's how I got started in all of this. But. The web development world is (in my eyes) currently an over-complex mess of standards and practices and tools coming from twenty different directions and sometimes changing radically from one year to the next. And I have complained before about the fact that Javascript is the primary language for using all of these. (I know, you use XXXScript which transpiles into Javascript. But that kind of adds evidence to my point, no?)

Anyway, this is not a central point to the article linked, but just something that caught my eye.

ivanbakel 2 days ago 0 replies      
>Is this just capitalism? Looking out for their own well being? No. Apple is filthy, filthy rich.

Naive much? People and corporations don't tend to stop collecting wealth - that is, after all, how they became so filthy, filthy rich in the first place.

rimliu 2 days ago 4 replies      
I am starting to get a vibe that there is a new breed of programmers who think that knowing just one language is good enough and learning anything else is "stifling innovation".

I don't even want to start on "PWAs work more seamlessly than native". I just cannot take person making such claims seriously.

millstone 2 days ago 0 replies      
> From now on, I wont be building any more native apps. All my apps going forward will be progressive web apps.

To be sure, the guy who wrote that has never built a native app and knows nothing of native development. That is not actually a story of a native developer being converted by PWAs.

Jyaif 2 days ago 1 reply      
Fundamentally, it's Apple's refusal to allow real 3rd party browsers that is the problem.
Ninn 2 days ago 0 replies      
This is definitely true. But in addition to this, it is insane that it appears that none of the big browsers has begun implementing encrypted storage via touch and so forth.

One of the main arguments i see in my organisation to create apps for our ventures is the fact that it will enable touch login. I recon it should be rather simple to duplicate / wrap the localStorage API to do this?

archie_peach 2 days ago 2 replies      
A lot of people here seem to be advocating the superior experience that native apps provide, but forgetting how saturated the app market is and what a poor job Apple does to help its users discover new apps.

Further, the majority of US smartphone users download zero apps in a typical month. What's the point of making a "superior" app, if no one is ever going to see it?https://qz.com/253618/most-smartphone-users-download-zero-ap...

From a user perspective, I care less about whether the app is a PWA or native, and more about the "goal" I'm trying to achieve. If my goal is to find a new house, a PWA allows me to instantly see results (without first having to download an app), then use native-like features such as being notified when new properties are available. I can use these features after I visit a given website and am prompted to save the app to my homescreen.

Compare this to the random native apps that people accumulate on their phone until it slows down so much that they have to perform an "app purge".

anderber 2 days ago 0 replies      
Wow, I read a lot of hate for PWAs, I had no idea. I use them and enjoy a lot of them (mobile.twitter.com). It really depends on the app, some benefit from being PWA others would need to be native. But the idea that we shouldn't add a feature that Chrome and other browsers have just because you personally don't like push notifications, seems silly.
frusciante19 2 days ago 0 replies      
Well, I would argue the web is a detriment to the web. Apple will never prioritise dev experience to the... detriment of user experience, no matter how many devs tears are shed. The author is arguing for better web developer experience, from what I read.
spo81rty 2 days ago 0 replies      
Apple doesn't want web applications to somehow replace apps in the app store. They make way too much money from their app store. Some of these key features like push notifications are the only reason to even make a native app, for some types of apps.
pavlakoos 2 days ago 0 replies      
So the author of this post is saying a developer with 9 years experience needs 6 months to learn ReactNative?

That doesn't sound encouraging...

dmix 2 days ago 0 replies      

> The apps implementing the standard are called progressive web applications, not to be confused with confusingly similar terms like progressive enhancement or responsive apps.

Front-end moves at the speed of light, I reckon it's hard to come up with original names...

My brain already has to remember thousands of software library names and techniques and argument orders, etc. Not making your label meld into people's brains by being similar to other software names in the SAME niche is a good place to start though.

martijn_himself 2 days ago 0 replies      
I'm not naive and understand the sentiment that part of Apple's motivation behind not supporting these API's on mobile Safari is to protect its App Store ecosystem.

BUT I also believe that Apple cares deeply about quality and its MAIN reason to refuse support is to protect the quality of user experiences on its iOS platform and steer developers to use its native API's which produce vastly superior apps.

It would take Apple years of wasted effort to guarantee similar experiences in the browser.

summadat 2 days ago 1 reply      
"Apple's refusal to support my chosen development platform means that Apple is holding back the entire web" ...really?
nimish 2 days ago 0 replies      
PWA are still inferior to real native apps. The FT's webclip "app" is ass compared to the NYT's nice, native one.
jmull 2 days ago 0 replies      
Frankly, it seems like PWA is a solution for web developers looking to deploy LCD, "unnative" apps more widely, more easily.

That's fine for them, but ultimately, I think we've got far too many apps with crappy UIs.

So what's the the real value to the platform and the people who use it for another source of them?

ex3ndr 2 days ago 0 replies      
Why do I need to download 15mb js file for your fancy "offline" web app? Even native apps usually smaller.
perfectstorm 2 days ago 1 reply      
how good are these PWA ? are there any apps that are already out there on Android ? I'm curious to see how well it perform compared to a native iOS app.
velcro 2 days ago 2 replies      
Officially Apple's reasoning for barring Flash was that web should be pushed forward. Now, almost 8 years later when web is "almost there" - its still hindering real web-app experiences in the iOS browser. Its pretty clear what this was always about.

--(Please lets not do the fanboy "Flash is garbage" here - even if you do feel that it was heating up your CPU with ads - it would have taken a lot less than 8 years to fix that then to reinvent everything and find out that money still makes the world go round.) --

MaxLeiter 2 days ago 0 replies      
Kind of a different use case, but I work on a web-based IRC client (self-hosted IRC cloud) and if Apple support service workers we could have improved offline support, push notifications (for mentions, disconnects, etc), on-device caching of embeds (links and images are embedded in-line), an improved loading screen, and more.
gregblass 2 days ago 0 replies      
Author here. Pretty overwhelmed and astonished with all this. Can't wait to read through all these comments!
shmerl 2 days ago 0 replies      
Apple just need to mess things up for everyone. They wouldn't be Apple otherwise.
Pigo 2 days ago 1 reply      
Can someone explain the difference between progressive web apps and webRTC? Are they related, or completely separate technologies? I just heard about them around the same time, and it seems like they have some things in common.
wuliwong 2 days ago 1 reply      
I'm pretty late to this party, so it probably has already been asked but what specific things need to be supported by mobile Safari to run a PWA?
rezashirazian 2 days ago 0 replies      
I hope this never happens. I despise Javascript.
lurcio 2 days ago 1 reply      
Please.... anything but Active Desktop again
vbezhenar 2 days ago 0 replies      
Apple will do anything to keep control over iOS apps. Web won't allow them to get their 30% margin, so they will do anything to force developers stay in AppStore.
mrkrabo 2 days ago 0 replies      
Google thinking webpages can be as good as native applications is a detriment to the UX.
Sandsifter: find undocumented instructions and bugs on x86 CPU github.com
430 points by argorain  1 day ago   87 comments top 19
mcculley 1 day ago 3 replies      
This is great. That a program can learn about and exploit the CPU on which it is running from unprivileged userspace reminds me of the notion in Charlie Stross' Accelerando of running a timing attack against the universe to learn about the virtual machine in which we are being simulated.
_wmd 1 day ago 3 replies      
tl'dr of the slides:

 Found on one processor... instruction Single malformed instruction in ring 3 locks Tested on 2 Windows kernels, 3 Linux kernels Kernel debugging, serial I/O, interrupt analysis seem to confirm Unfortunately, not finished with responsible disclosure No details available [yet] on chip, vendor, or instructions
He's found a new f00f bug, winter 2017 is going to be interesting :)

hellbanner 1 day ago 2 replies      
Related: https://www.theregister.co.uk/2013/05/20/intel_chip_customiz...

"Everybody hates the golden screwdriver upgrade approach, where a feature is either hidden or activated through software, but the truth of the matter is that chip makers have been doing this sort of thing for decades and charging extra for it."

""We are moving rapidly in the direction of realizing that people want unique things and they are going to want them in silicon. In some cases, it will be done in software," said Waxman."

Also, Github says "several million" undocumented instructions.. is that right? I don't know much about assembly but that number sounds absurdly high.

dtx1 1 day ago 2 replies      
This is highly interesting. I assume a lot of those are going to be debug and instructions to help the binning process. Some of these might even unlock access to parts of the CPUs we aren't supposed to have access too, opening the doors to custom microcode (unlikely that anyone outside the CPU OEM can do that though) but may allow us to disable "security features" such as the Management Engine. This is a really interesting approach and i would love to see the results ported to other hardware/vendors. The same could potentially be done with GPUs, ARM-CPUs, etc.
fovc 1 day ago 0 replies      
SAI_Peregrinus 1 day ago 1 reply      
Christopher Domas does some very cool work. His System Management Mode exploit a few years back was quite nice. It will be interesting to see which processor it is that he found the ring 3 hard lockup instruction in...
brawny 5 hours ago 0 replies      
Out of curiosity, are there any toy compiler projects out there that try and make use of the incedental instructions? Could you possibly expect to see a with while performance boost (I'm thinking it would be unlikely...)
d33 1 day ago 2 replies      
...isn't the usability of the tool limited because it's running in userspace, which has fewer privileges in terms of what instructions can be ran?
partycoder 1 day ago 1 reply      
pbsd 1 day ago 0 replies      
For what it's worth, the size-prefixed jcc/call binutils bug had already been fixed a couple of years ago: https://sourceware.org/bugzilla/show_bug.cgi?id=18386
pwdisswordfish 1 day ago 1 reply      
The slides mention an 'apicall' opcode 0ffff0; searching the web turns up nothing but these same slides. Does anyone know anything about it?
ngneer 1 day ago 0 replies      
Chip vendors do the same in the course of validation, and technically even before any silicon has been fabricated, using simulators.
egberts1 1 day ago 1 reply      
found another that is QEMU-specific.


purpleidea 1 day ago 0 replies      
wow... anyone have a link to the video of his talk?
shdon 1 day ago 2 replies      
No instructions there to disable the IME?
pmarreck 1 day ago 1 reply      
Is this basically a CPU fuzzer?
rurban 19 hours ago 0 replies      
Regarding the ring 3 hard lockup he didn't disclose yet: isn't that the recent kaby lake/skylake error, released about a month ago?
partycoder 1 day ago 0 replies      
Lot of weird stuff done happening nowadays in CPUs.

There's a lot of mystery in microcode (equivalent to the CPU firmware), the "system management mode" aka protection ring -2, and the infamous management engine.

m00dy 1 day ago 0 replies      
Someone built a fuzzer for cpus
GNU Ring 1.0 released ring.cx
399 points by kilburn  1 day ago   184 comments top 27
kilburn 1 day ago 5 replies      
I've been testing it out, and it does not seem like an 1.0 release by any stretch of imagination.

- On a mac, the client crashes regularly. I've been able to register an account and make a video call, but there are several GUI issues (cut labels, missing text fields, etc.) and the name registration didn't seem to work.

- On android, the client acted really weirdly in the beginning. After a while it seems to have stabilized a bit, and I've been able to make a video call (to a mac). The video quality was fine, but the client did not handle screen orientation changes well (my own video feed ended up distorted).

- On linux I haven't been able to make a call, even though text chat worked. It may have been because I don't have a webcam...

All in all, the experience was far from what you would expect from an 1.0 release nowadays. It had major warts on all platforms I tested.

Also, if anyone is curious, you can login with the same account from several devices at the same time. Calls ring on all devices, but text messages are less reliable (they don't always reach all devices). Also, off line devices do not get the messages they missed when you fire the client later on.

I would love and push hard to replace skype/xmpp with a solution of this kind, but I just cannot in the current state of affairs :(

Rjevski 1 day ago 4 replies      
Every time I see "GNU" I fear that it'll be more about "freedom" than actual functionality. Is the product actually any good (or at least on par with Skype, Hangouts, etc) or is this just something for free software fans to brag about with no productive use-case?
djezer 1 day ago 2 replies      
This is the brainchild of one the the founders of Savoir-Faire Linux. I was an employee of theirs and had to use this software for internal communications. It rarely works, crashes a lot and employees would crack jokes everytime we were told to use it. The idea is good. The current state of the app is barely useable. They just fired around a third of their employees (after promising to double in size).
Galanwe 1 day ago 9 replies      
Disclaimer: ex Skype employee.

Looks like a Skype clone from 10 years ago to me.I cannot see this working in the long run. Many people naively think that Skype switched from full p2p to partially p2p to server centric because of some evil plot designed by Microsoft. This is all wrong. Skype abandonned full peer to peer because it does not work if you want something fast, reliable, and feature rich.

1. Asking users to enable upnp is a joke. I would never do that, and anyone doing so should consider the security implications of doing so. Unfortunately, since they want to stay pure p2p they have no other possibility to solve the "both clients behind a NAT router" problem. This is why Skype relies on STUN like protocols => not possible in pure p2p.

2. Peer discovery in pure p2p is SLOW. Skype understood that and switched to hosted "supernodes" with their IPs hard-coded in the client. It's the only way to have reliable peers to introduce you to the network.

3. You WANT dedicated peers with good connection and 100% uptime.

4. You cannot efficiently have shared states in pure p2p without an identity server. That would require the clients to bring their keys with them on every device, not very practical.

5. In case the network collapses, there is no way for it to go up again without supernodes.

chriswarbo 1 day ago 1 reply      
From https://tuleap.ring.cx/plugins/mediawiki/wiki/ring/index.php... I see the following under "Ring archive (export.gz)"

> Contains private account data.

> It's a JSON compressed and encrypted file.

> The JSON byte-stream is compressed using gzip algorithm.

> Then the gzip-stream is encrypted using AES-GCM-256 symmetric cipher with a 256-bits key.

Does this compress-then-encrypt combination introduce a security weakness? It's certainly a problem on the Web, since attackers can learn what's in an encrypted response by getting the server to insert their own strings; e.g. trying the same request many times with different query strings, and seeing which ones result in smaller responses, indicating that the given query string matches somewhere in the document.

It would require the attacker to be able to get their own strings in the payload, but since this JSON contains things like contact info that might be possible.

rvern 1 day ago 5 replies      
Unlike so many communication platforms created in this day and age, Ring provides something more than reinventing the wheel and following the latest trends. It is peer-to-peer, which XMPP and Matrix aren't. This is a step forward.

Edit: As some comments note, I previously wrote decentralized while meaning peer-to-peer.

onli 1 day ago 2 replies      
Does someone have that running and would share its current state? I tested ring at the beginning of this year and it was a disaster. Does it work now?
kwhitefoot 15 hours ago 0 replies      
Does anyone know how to install this on Linux Mint 18.2? It seems to depend on packages that are not available. As there were no instructions for Mint I tried the instructions for Ubuntu 17.10 but it fails:

Reading state information... Done

Some packages could not be installed. This may mean that you haverequested an impossible situation or if you are using the unstabledistribution that some required packages have not yet been createdor been moved out of Incoming.

The following information may help to resolve the situation:

The following packages have unmet dependencies:

ring : Depends: libebook-1.2-19 (>= 3.17) but it is not installable

 Depends: libedataserver-1.2-22 (>= 3.17) but it is not installable Depends: libqt5core5a (>= 5.7.0) but 5.5.1+dfsg-16ubuntu7.2 is to be installed Depends: ring-daemon (= 20170724.1.2088f8e~dfsg1-1) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

kk_cz 1 day ago 2 replies      
from the tutorial:

> Please note that you shouldn't forget your password as long as you are using the current account. If your forget it, you won't be able to change it or get another one.

I can already see it being mass-adopted by non-tech users. /s

nannal 1 day ago 0 replies      
Is there somewhere we can dump bug reports, this feels so unready for 1.0.
whoami_nr 1 day ago 0 replies      
This seems extremely ideal in a scenario where everyone has switched to IPv6 and punching through the NAT's is no longer a problem.
coo1k 11 hours ago 0 replies      
Is this similar to bitmessage?https://www.bitmessage.org/wiki/Main_Page
fulldecent 1 day ago 1 reply      
Is it just me or does anyone else think this will be a lame project just because it of GNU stewardship?
amingilani 1 day ago 1 reply      
If you're trying to check this out and don't have anyone to talk to, like me, here's my contact info:

Contact me using 'gilani' on the Ring distributed communication platform: https://ring.cx

BTW, on Android, I had to setup my username after creating my account.

anw 1 day ago 0 replies      
I am unable to create a public account. I get a spinning wheel when I input a public name, and it doesn't do anything else. The create button is disabled until (seemingly) I get a response back telling me my chosen name is okay or not.

Unfortunately, their Web site didn't seem to have any clear way to register an account.

Another point is that searching for contacts only works if you type in their last name. If you try searching for a contact by first name, then they won't show up.

gboudrias 1 day ago 0 replies      
> Savoir-faire Linux

Love these guys! They're based in Montreal, definitely the biggest Linux-only player I know around here.

> Libert, galit, Fraternit

That's a really bad name for a release. I speak French natively but... Nah.

The criticisms about missing features seem pretty reasonable as well, BUT I'm not afraid of this project being more ideological than practical. For one thing, SFL is in the money business, they are not a charity. For another, sometimes it takes someone to take the extreme "free" approach for someone else to approach the middle ground of "maybe not that free but still distributed".

mempko 19 hours ago 0 replies      
Seeing this makes me really want to add video support to my Firestr (http://firestr.com) project. Also a DHT so I can store public keys and have shorter payloads to share. Alas I am only one man.
kodfodrasz 1 day ago 0 replies      
Its not there yet, but seeing that skype is repositioning itself as a shitty wanabe snapchat/instagram, instead of the conferencing and telephony app, I hope it will mature and become a thing. (Hey microsoft, what will the office365 customers do with skype minutes, when you finish the repositioning?)

They could sell SIP minutes and make it simple to set up, and that could provide a revenue for them.

random3 1 day ago 0 replies      
It's a bit unexpected not to post the binaries signatures along with the downloads, given the motivation of the project..
scrumper 1 day ago 1 reply      
For those in the dark who don't want to do the digging I just did, Ring is "some sort of Skype or Hangout," toquote one of the project leaders.
out_of_protocol 1 day ago 3 replies      
Could anybody point me to docs? Can't find any explanation how it works exactly, the only explanation i can find is <list of buzzwords>
cyborgx7 18 hours ago 0 replies      
I've been reading the site and can't figure out what differentiates it from tox.
dna_polymerase 1 day ago 0 replies      
Apparently there is no release for Debian 8 Jessie. Is everyone on 9 already?
rufugee 1 day ago 2 replies      
For something that's free and not foisted upon anyone, there seems to be a lot of negativity here. Okay, so it's not as good as you want it to be. Roll up your sleeves and make it happen.
jonstokes 1 day ago 0 replies      
A friend told me that if you use the Ring then 7 days later all your files will be deleted.
yebyen 1 day ago 2 replies      
The Mac version warns me that I won't be able to run Ring because of my security settings and directs me to the Mac App Store to look for a newer version. Quite literally rolling on the floor laughing! (No, not literally)

In the Finder, locate the app you want to open. Press the Control key and click the app icon, then choose Open from the shortcut menu. Click Open. I have never seen any Mac app for which I have ever needed to do this. Apple thinks it should warn me that I might have downloaded malware.

Does this mean that GNU did not pay the Apple tax?

fiatjaf 1 day ago 3 replies      
There is a GNU cryptocurrency project that aims to give the State the power to tax the users of the currency. How can you trust anything with the GNU label after that?
Breaking open the Mt. Gox case, part 1 blog.wizsec.jp
370 points by pcorey  3 days ago   91 comments top 12
buryat 3 days ago 3 replies      
So according to the following, Vinnik was aware of the origin of bitcoins that were sold on BTC-e:

> Some of the funds moved to BTC-e seem to have moved straight to internal storage rather than customer deposit addresses, hinting at a relationship between Vinnik and BTC-e.

and he was stupid enough to deposit them back to his account on MtGox:

> Moving coins back onto MtGox was what let us identify Vinnik, as the MtGox accounts he used could be linked to his online identity "WME" http://archive.is/6cFcY

All in all, there a strong suggestion that he participated in money laundering and was involved in the whole scheme.

I wonder, if BTC-e somehow artificially pumped the bitcoin valuation leveraging the huge amount of bitcoins they put hands on, same as what MtGox did.

Also, it looks like that Mark Karpeles wasn't involved in the whole scheme, and the hack was that simple thanks to the low or no security and engineering culture at MtGox:

> In September 2011, the MtGox hot wallet private keys were stolen, in a case of a simple copied wallet.dat file.

> the shared keypool of the wallet.dat file lead to address reuse, which confused MtGox's systems into mistakenly interpreting some of the thief's spending as deposits, crediting multiple user accounts with large sums of BTC and causing MtGox's numbers to go further out of balance by about 40,000 BTC. None of these users seem to have reported their "sudden luck".

NelsonMinar 3 days ago 4 replies      
The coin flow graph is terrific: http://wizsec.jp/images/theft_flow.svg

Is this type of visualization common in Bitcoin? Is it a tool anyone can easily use?

Edit, let me restate my question. "Is there a tool that generates Sankey diagrams from blockchain data that is easy to use?"

Jabanga 3 days ago 5 replies      
This would have all been avoided if MtGox had transferred its coins to a new wallet after the 2011 breach. I guess they assumed that any attacker that got access to the private keys would have immediately emptied the wallet, and the fact that this hadn't happened proved that the private keys hadn't been compromised by the breach.

I have to admit, that is a reasonable assumption. This may show the limits of the usefulness of heuristics, and the importance of organizations like exchanges, that have very significant fiduciary duties, to undertake a systematic process after a security breach to eliminate all possible remaining vulnerabilities, no matter how unlikely and counterintuitive.

austenallred 3 days ago 2 replies      
Can't wait to get my refund :)

It's still insane to me that MtGox never moved coins to a wallet or acknowledged the breach until long after it was too late. You would think if you have billions of dollars sitting somewhere and you realize someone is starting to take them you would, you know, do something.

Pyxl101 3 days ago 3 replies      
It sounds like MtGox must have had no auditing of their wallets, or completely ineffective auditing.

How did they not at least perform a simple sum of coins held by their wallets and compare it against the amount expected by their databases? Or is the attack more sophisticated than this would detect?

If I were building a system like this, I'd want to run an auditing system continuously that looks for discrepancies, and then "shuts down everything" if they're detected.

dmix 3 days ago 2 replies      
> By mid 2013 [..] the thief had taken out about 630,000 BTC from MtGox.

630,000 BTC to USD = 1,560,069,000.00 US Dollars


$1.5 billion USD = 2.5% of Bitcoin's market cap ($40 billion) and someone stole it.

strgrd 3 days ago 1 reply      
I remember a time when BTC-e was the most logical exchange to use, especially in the fallout of MtGox. I really enjoyed how straightforward the exchange was, and how easy it was to get started using their API. I don't think they're coming back after this.
jron 3 days ago 2 replies      
Never a dull moment in Bitcoin.
zx2c4 3 days ago 1 reply      
Unrelated to the actual topic at hand, but anybody know which software generated this svg?


I like graphs like this. They remind me of Charles Joseph Minard's famous Napoleon graph:


scotty79 3 days ago 1 reply      
If they recover some coins, will they be transferred to mtgox bankruptcy trustee.
racecliffer 3 days ago 1 reply      
Is the diagram simplifying things? It looks like in a number of cases, coins were stolen, sent to a single wallet, and then sent to an exchange. That doesn't seem like a particularly ambitious attempt to launder. I must be missing something...
asdz 2 days ago 0 replies      
Until today, I'm still waiting for my Mt.Gox refund :(
Bollinger B1: An electric truck with 360HP and up to 200 mile range theverge.com
302 points by smacktoward  1 day ago   267 comments top 43
masklinn 1 day ago 3 replies      
Looks interesting, the front trunk and cut-down "UI" look especially great. This looks like an EV you could actually work on in your garage.

Vaporware until they get a production line though, and the absence of airbag is somewhat worrying when it advertises a top speed of 127mph and 0-60 in 4.5, at a GVWR 10klbs it's outside the light truck regs (8.5klbs GVWR) and thus doesn't require them but still...

Of note, the Verge article is light on useful pictures, there are other sites with interesting pics especially of the interior: http://www.motorauthority.com/news/1111790_bollinger-b1-the-...

And while it has the same dimensions as a Wrangler it avertises 2~3 times the curb weight and towing capacity and almost twice the cargo volume (rear seats stowed). And the maximum ground clearance is pretty ridiculous as well (advertised as adjustable from 10 to 20, most trucks seem to be between 8 and 12)

tyingq 1 day ago 9 replies      
I know it's a prototype, but I wonder how much thought was put into safety. The simplistic look makes you think there's probably no crumple zones. And there's clearly no driver's airbag, dashboard padding, etc.

Edit: The style seems heavily inspired by the original Ford Bronco. They even support the removable rear top. http://classicfordbroncos.com/builds/

kylehotchkiss 1 day ago 2 replies      
Wonder if they need a torque converter still to give it a little more oomph off road.

Also: "It also bucks the high-tech trend of new cars in general. There will be a radio with an AM/FM receiver, Bluetooth connectivity, and an AUX input, but theres no touchscreen." I hope this becomes a trend. Touchscreens in cars are horrible ux.

burger_moon 1 day ago 3 replies      
Can you recharge these on a normal gas generator? Something like a Miller engine driven generator[1] could probably do it but those are $$$ for the average joe. I only ask because a lot of people trailer their rock crawlers/mudders to more remote areas to go play and have fun, but when the electricity runs dry you'll need a way to power it back up. This thing looks like it'd be a lot of fun not only for daily use but also for backwoods offroading.

[1] https://www.millerwelds.com/equipment/welders/engine-driven/...

jay-anderson 1 day ago 0 replies      
> theres no touchscreen

I like this. Feels like many new cars are adding in a screen (touch or otherwise) while I prefer cars without it.

Animats 1 day ago 3 replies      
It's encouraging to see this. It's about time for electric pickup trucks. The price point ($60K) is going to be a problem for work trucks.

They talk about high speed, not low-speed high-torque. They don't say much about how the drivetrain behaves at low speed. Do they have locking differentials, or something that prevents wheel spin? It's a two-motor system. Does the motor control system know how to keep the front and back wheels in sync when traction is bad? You don't have a front-to-back differential; that's a software operation here. How good is very low speed, high-torque operation? There's no shifting, so you have to do low-speed control in software. With good software and differentials, this could be a good rock-crawler. Can you pull a stump with this thing? They should be able to do this, assuming they're using 3-phase motors like everybody else today.

Providing 120VAC power out is a nice feature. They don't say much about charging. It should carry a charger that can charge from 120/240VAC, so you could charge slowly from any power outlet if you have to. Or another Bollinger. You'd have a big charger at home base, but opportunistic charging is a necessity when you're far from charging stations.

Really needs air bags, and fewer sharp edges in the passenger compartment. Off-road that thing and you'll cut yourself on the door handles. Once they find a real manufacturer, they can clean up the interior.

Does it have a heater? That's a big problem with electrics, especially ones like this with no insulation.

[1] http://bollingermotors.com

aliston 1 day ago 1 reply      
I've been looking at buying an electric car recently and was surprised that the list of electic SUVs is really small. There's basically the Model X and not all that much more. The Rav4 got discontinued.

It seems to me that this is a huge market opportunity. The technology is right on the cusp of being very practical in terms of range. Soccer moms who commute to the grocery store and occasionally go on a trip to the mountains want a car with room and 4WD. If such a car existed, they would be shouting "take my money!" Not quite sure why the car manufacturers aren't building these things.

criddell 1 day ago 1 reply      
I wonder if the rise of electric vehicles is re-igniting the kit-car industry.

I still think about some of the kits from the 1970's.

For example:https://en.wikipedia.org/wiki/Kit_car#/media/File:3-4Nose.jp...

JohnJamesRambo 1 day ago 1 reply      
That looks amazing. I'd buy that in a heartbeat if I ever allowed myself to buy new cars.
jschwartzi 1 day ago 2 replies      
I've been wanting something like this for years. It doesn't seem like any car company is building an all-electric truck.
Vinalin 12 hours ago 0 replies      
I feel there's a huge lack of electric/hybrid vehicles in the truck/pickup space, although for understandable reason. However I've heard of a company that's working on a fleet version of an eletric pickup truck and I think they're now looking for client interest.[0]

The caveat is that it's not fully electric. 80 mile all-electric and then the generator kicks in, giving it 310 miles per tank. However pretty good gas mileage and safety was definitely a concern.

[0]: http://workhorse.com/

macintux 1 day ago 0 replies      
Jalopnik just posted a good analysis of the design: http://jalopnik.com/the-bollinger-electric-truck-uses-an-ide...
dghughes 1 day ago 1 reply      
His frustration with his trucks I bet it because they were powered by gas. Trucks should only be diesel you don't need horsepower (fast time to cover a distance) you need leverage aka torque.

A documentary on Sherman tanks amazed me because they were gas powered and when hit gasoline exploded. German tanks were powered by diesel. The US has hated diesel from day one it's amazing.

But electric has tons of torque by design it should be suitable. But I wonder if the horsepower can be dialed down for more range?

willvarfar 1 day ago 1 reply      
Given that it doesn't need a bonnet, its a shame it isn't more styled on https://en.wikipedia.org/wiki/Volvo_L3314

But I definitely want one! :)

donavanm 23 hours ago 0 replies      
I really want one. Theres no reasonable modern adventure/utility truck on the market. Icons are nice but $$$. Same for all the other modern after market conversions. Like many others Ive settled on a 30 year old truck (4runner/hilux surf) for this niche.

but... the complex suspension worries me. Fungibility or flexibility yes, but massive adjustability sounds fragile and complex. Dual drive sure, but it must have some sort of LSD. Which isnt mentuoned. 200 miles is a really short range. I can do 300+ on my stock tank and its not enough. Last 4 day weekend in the cascades/palouse/okanogan was about 700 miles. Practical recharging in the rural/wilds is .... unlikely.

As mentioned until theres real capital and manufacturing this is vaporware. Im also skeptical of $60,000, I'll bet real money against that. Icon, a small batch truck manufacturer with real product, is more like $100-150,00 and up.

Edit: entry and exit angles look nice. Real curious how that "plate" style chassis handles flex.

vivekd 1 day ago 0 replies      
I wonder why there aren't more EV trailers on the road, a trucking company would be more willing to absorb the higher initial costs of an electric truck in order to save on fuel down the line. Is it because EV can't effectively compete in terms of fuel costs against to long range you get with diesel. Or is it just short sightedness among manufacturers

EDIT: actually looks like I spoke too soon:




kevin_thibedeau 6 hours ago 0 replies      
Wonder what the range would be if it didn't have the aerodynamics of a brick.
6stringmerc 1 day ago 1 reply      
Fascinating approach and re-thinking of a utility vehicle. I'm thinking the 10,000 - 20,000 units is pretty ambitious. Hence why The Verge politely just mentions that Bollinger hasn't figured out a "final price" yet but fails to mention what a "current estimate of final price" might be.

When I think of utility vehicles, I think of Defender 90 and Toyota Hilux type vehicles - spartan, proven, reparable in many parts of the world. When I think of a new car model, even from large manufacturers, I get the jitters of being a first-adopter. So much gets learned and shaken out by real-world, human use. Nice idea, but I'm a dreamer at heart and through receiving lots of pragmatic feedback, I kind of see this through the same lens.

cr0sh 1 day ago 1 reply      
Well - it's nice to finally see another potential player in this arena; we've seen this one I think:


But both of these are well outside of my price range. But it has to start somewhere.

The thing I've feared/worried about when it has come to the push for electric, and self-driving vehicles, and the recent rumblings by France and the UK to ban ICE vehicles in the near future - is that those who enjoy off-roading are being left out.

carsongross 1 day ago 0 replies      
Dear Toyota: look at this truck, and at the FJ40, and get to work.
guntars 1 day ago 0 replies      
They should add a 3kW+ inverter option to use all your favorite electric tools in the field, making this basically a large battery on wheels.
athenot 1 day ago 0 replies      
Great low-speed torque and hydraulic suspension would be great features for offroading, especially crawling on really tricky/fun terrain.
0xbear 21 hours ago 0 replies      
That steering column will look mighty impressive when the driver impales herself on it in a crash. I wonder what NHTSA thinks of non-crumpling columns and steering wheels with no air bag.
simonb 1 day ago 0 replies      
Looks really interesting and promising, but why didn't they make it front control like the Land Rover FC101.
alkonaut 1 day ago 0 replies      
Cool. But it's DOA if it doesn't meet safety standards. People might accept 4/5 NCAP stars but not for a premium car. Lack of airbag is concerning but might be fixed before the production model is finished I suppose.
rhspeer 1 day ago 1 reply      
This could be a nice acquisition by Jeep/Chrysler since they're lagging behind in EV development due to lack of funds.

It would also help get the taste of the compass & patriot horseshit they've been peddling lately.

That's some beautiful vaporware, I hope they make it.

goneri 1 day ago 0 replies      
If you are also confused by the units:

360HP: 268kW, 200 mile: 321.869km

bitJericho 1 day ago 0 replies      
Is this the next DMC? I don't know. But I want one!
jacobmarble 1 day ago 1 reply      
"He just happens to be doing it in the middle of goddamned nowhere."

I left Southern California for this. My current employer is hiring software engineers in Sandpoint, Idaho.


geiseric 1 day ago 0 replies      
Looks like my Land Rover.
towndrunk 1 day ago 0 replies      
Needs a hood scoop. :)
flareback 1 day ago 2 replies      
It's not a truck
backtoyoujim 1 day ago 0 replies      
reminds me of Maurice Wilks early Land Rover designs.
olegkikin 1 day ago 2 replies      
Don't they need their own battery gigafactory to scale the production?
bobwaycott 1 day ago 0 replies      
Its an electric Land Rover Defender clone. Still cool, though. But definitely not original in design at all.
sabujp 1 day ago 0 replies      
was expecting a semi truck
dsfyu404ed 1 day ago 1 reply      
It had better be a lot cheaper than an F150.

Nobody who wants a truck for truck stuff is gonna put up with the downsides of electric and the NVH of a 60s panel van and 200mi range unless it costs much less than vehicles with equivalent performance.

The people who buy electric to make a statement about their preference in power sources are not the people who will buy a bare-bones truck.

frik 1 day ago 0 replies      
Looks like this is inspired by the famous Mercedes G/Puch G.

For more then 3 decades it is well known for its boxy style and its benefits: https://en.wikipedia.org/wiki/Mercedes-Benz_G-Class (scroll down for pictures)

Shivetya 1 day ago 0 replies      
still think the best place is school buses. you know where they will be parked and their exact routes. plus you get kids and parents used to electric vehicles on an every day use.

yes they are expensive but all it takes is a spike in gas prices to seriously hurt some districts who got hit hard the last time it went high.

there are many markets for vehicles which have set operation ranges and known routes. EV tech ain't near replacing combustion in many cases but in tightly controlled instances it does work. (range, charging, weather, and cost are the four areas all being worked on and all needing work)

yellowapple 1 day ago 0 replies      
I've been dreaming of a car like this for a long while now. Even down to its boxy look and the fact that it looks like it won't get stuck in an inch-high snow drift.

They won't even start accepting deposits until 2018, apparently. Gives me more time to save up for this beauty.

apl002 1 day ago 0 replies      
dat truck is sexy
frabbit 1 day ago 1 reply      
Hopefully these will be restricted to use on farmland instead of being inappropriately paraded in suburban areas.

Electric vehicles are not "clean", they're merely cleaner.

P&G Cuts More Than $100M in Largely Ineffective Digital Ads wsj.com
310 points by kawera  22 hours ago   248 comments top 37
jshelly 11 hours ago 15 replies      
In my own personal experience, I can honestly say I've never "intentionally" clicked on an ad in the past 20+ years I've been on the internet. I will say I've certainly looked at ads in magazines, billboards, tv commercials (before tivo) and even those small planes pulling banners at the beach.

I am not surprised that digital marketing is not that effective. What does surprise me is why its taken this long to figure that out.

bryananderson 11 hours ago 2 replies      
I formerly worked as a digital influencer across the usual list of content platforms.

One of my last influencer marketing gigs was for a major multinational company. You've heard of them and they are not amateurs when it comes to marketing.

I asked one of their top marketing people how they measure the impact of digital influencer campaigns like ours. The short answer is that they don't. They have no idea how to.

When trying to measure the impact of marketing upon sales, teasing the signal out of the noise is almost impossible to do with confidence, especially for huge companies running many campaigns at any given time. I suspect this is true for all advertising, not just influencer marketing.

With few truly reliable metrics, marketers fall back on conventional wisdom. For a long time, conventional wisdom has been that you have to pour a ton of your marketing budget into digital or you're being left behind.

A change in that conventional wisdom seems to be afoot. I saw it as a digital content creator - ad revenues per view have been declining for a while now. Aside from the short-term panic over ads appearing next to extremist content, there might be something more long-term that's changing in corporate marketing strategy.

It's hard to see how this, and not a challenge from a new startup, is not the greatest threat to the success of Google and Facebook. Their business is digital advertising. If spending in that field declines, it's probably rough times ahead for those giants.

jsemrau 19 hours ago 4 replies      
This reminds me of my experience with Google Adwords. My target was to increase signups for travellers to selected cities looking for 'events nearby'. So, I selected my cities and customer segments and had a limit set of 30 Dollars / day. Regularly, I paid for 2-5 Dollar more per day than my max price. I reduced the price to actually match my max price, but this would as a result out-price me of the relevant keywords. In addition, it never brought the clicks they charged me for. Yes, I was tracking the other side of it as well. I believe there is a whole world of click-fraud with Google and Facebook in this which noone is tracking. I am looking forward to a world where Silicon Valley is tackling the 'hard' problems of this world again (Space/ Marine Exploration, Artificial Intelligence, Big Data Analytics, etc) rather then the optimization of click bait.
ameister14 11 hours ago 3 replies      
I've worked in and around marketing/advertising for the last 6 years in different capacities and have found that the emphasis on audience hyper-segmentation and retargeting to the exclusion of other methods is the single biggest piece of bullshit out there. Targeting people based on what they are apparently interested in vs. places they go that reflect those interests doesn't give better results and can turn off your customers. It sounds cool to marketing teams and it works to get you contest entries, but it doesn't usually translate to more conversions than a well managed campaign would give.

If I buy a mattress, advertising more mattresses to me doesn't make me more likely to buy them; I bought the thing already. Advertising mattresses to a person on a mattress review website, though - that works. Of course, that's harder to do.

wyc 20 hours ago 5 replies      
Bob Hoffman at the Ad Contrarian called this in January:

"P&G To Online Ad World: We've Had Enough" - https://adcontrarian.blogspot.com/2017/01/p-to-online-ad-wor...

Digital advertising is rife with (what should be considered) fraud. Advertisers feel as though they are getting fleeced, and the advertising middlemen reap massive margins. The accountability isn't where it needs to be; there are websites that hide ads under other ads, still reporting displays for all ads per page load. I suspect moves like this one will help the ecosystem change for the better.

WalterBright 18 hours ago 3 replies      
As an ad exec once said, "half the money we spend on advertising is wasted. The trouble is, we don't know which half."
manigandham 18 hours ago 0 replies      
This isn't really a qualitative judgement against advertising so much as what happens in large mature industries as waste and inefficiency and perverse incentives pile up. Look at any government/military over-spending for similar effects.

P&G is one of the largest advertisers on the planet using hundreds of agencies with thousands of vendors with millions of placements across digital media, managed by thousands of people trying to make themselves look good and get that bonus. This is a typical cycle of cleaning house.

The industry itself is slowly getting better and will eventually fix many problems through technology and regulation but there's still a very long way to go for that.

AndrewKemendo 9 hours ago 2 replies      
Honestly, I'm waiting for the internet advertising apocalypse wherein retailers cut digital ad spending because ROI is too low - and only advertise on Facebook or other sites with super targeting.

That would effectively kill a good chunk of internet services.

[1] https://marketinginsidergroup.com/content-marketing/marketer...

colbyh 21 hours ago 3 replies      
A couple of things going on at once - it's hard for old guard companies to compete in digital marketing because consumers are being trained to buy based on reviews, price, and delivery times more than brand. And when you're spending $100M/quarter over a dozen brands all digital marketing is going to be brand marketing.

It also raises a question about conversion being a lagging indicator here. It's possible after a few more months of lower spend they will start to see consumers pulling back.

elorant 17 hours ago 3 replies      
I have to admit that at a deeper lever I'd love if advertisers get the fuck off of the web. I don't have a problem with advertising per se but the way it's used today hurts the medium in so many ways. Sites are bloated with ads, journalism is riffled with native advertising articles, malware is mainly spread through infected ads and on top of that we have a legion of companies out there which are collecting every kind of personal information imaginable without permission or any kind of regulation. Enough is enough.
joh-nan-drew 8 hours ago 1 reply      
Marketing is the price you pay to get attention. All marketing is a hack for attention. Being data-driven and figuring out the 1% of your digital ads that are working, then capitalizing on them, is a hack. Using a unique marketing distribution channel or method is a hack. Embedding the marketing into your product is a hack. These are all "growth" hacks.

Cutting in front of the line is a hack to get your lunch faster, but if everyone's doing it, the hack starts to lose effectiveness.

Not that digital ads today are ineffective, but I do think its methods have reached notable saturation points.

surferbayarea 20 hours ago 1 reply      
Hopefully a step in the direction towards cleaning the internet from the blotch of online ads. Make the internet a place to learn again and an open platform where people and businesses can exchange ideas(and data), not the silo'ed short-term profit-mongering mess it has become.
madetech 19 hours ago 1 reply      
Some of the responsibility for the failure of this should fall on the marketing managers and their lack of knowledge on what decent online advertising looks like.

I worked in AdLand for a while and remember the agencies impressing clients with bullshit results and pure vanity metrics.

Nothing about actual business results, just another thing marketing managers were seen to need to do.

bkj123 20 hours ago 2 replies      
Not sure what we can get from this article as there are so many variables... What "digital" spend was cut: paid search? online video? paid social media? brand vs. product oriented?

What was the impact of non-marketing drivers like distribution, price, promo, competition, and the economy?

What was the impact of (new) ad creative?

Maybe take it as they are under pressure to cut expenses and cutting marketing, digital and likely non-digital, certainly helps.

hyperpallium 20 hours ago 1 reply      
Online works better for PR, "astroturfing", manipulation of fundamental attitudes and opinions than for explicit ads.

Buy some reddit, facebook and twitter accounts, and with the right consultants, you will move the world.

ikeboy 11 hours ago 0 replies      
>After cutting back on certain digital ads, we didnt see a reduction in the growth rate,

>P&G, whose brands include Bounty, Crest, Tide and Pampers, spent $2.45 billion on U.S. advertising, not including spending on some digital platforms

So, even if digital advertising performed on par with everything else, it would only affect the growth rate by 5% of the effect other advertising had. Surely other factors contribute to variability at least enough that an overall effect cannot be determined using this data?

Xyik 5 hours ago 0 replies      
I work on an engineering growth team that focuses on large-scale digital advertising and can say it does work, for the right business, in the right context. You need a proper analytics team, engineering team, and experience to do it right. Most people who buy online ads have no idea what they are doing.
code4tee 4 hours ago 0 replies      
Anyone that's ever taken a serious look at online advertising knows that the elephant in the room is that most of it doesn't work. P&G is just the latest large firm to call that out.
kfk 21 hours ago 1 reply      
you can't track classic media ads roi that well for starters

they spend like 2 billion on ads, so all in this is a 5% cut

they sell all through distribution, so they probably can't match ads performance and growth that well in general

vit05 20 hours ago 1 reply      
"after finding that ultra-niche targeting compromises reach and has limited effectiveness" The bigger your brand, the more you need broad reach and less targeted media,

This is quite interesting. I see that other companies are cutting down on agency spending as well and some are focused on having an internal agency. The idea is to know the consumer and have a quick response to what is trending. So, apparently, the information that Facebook provides is not enough to put together a small niche group of people and say that they all would like that product. Or, at least, not worth the dollar invested. But knowing who the target consumer is, and building targeted advertising at it, but reaching a larger population has a more efficient return. Even when it reaches people who are not in the target audience of your product. Because it is a more general campaign about something that is happening, it helps in building the brand. And big companies care a lot about their brands and what people think about them.

JD557 15 hours ago 0 replies      
Slightly relevant to the discussion, since P&G seems to have started make some changes to their digital marketing strategy earlier this year (It seems to have been a major change, since one of the companies actually had to shut down).



wslh 11 hours ago 0 replies      
You can ask: if this is not working for P&G why will this work for you. I have mixed experiences. If I am attacking a niche where the user will act immediately after finding you exist then it works, if you are targetting a big market with a lot of competitors it is not worth the money and time except you discover new specific keywords.
kartan 15 hours ago 0 replies      
This is just one company. I worked for a big mobile games company, and their main complaint was how expensive where ads nowadays. They used to pump millions and get as many players as they wanted. Now you need to take a lot of care on how you spend your money, as the return of investment is not guaranteed if you pay too much.

If other companies follow suit, then we can talk about a more general issue. Maybe it is just that their campaigns were ineffective because were not good, or because their target users are not reached on digital ads.

nickhalfasleep 11 hours ago 0 replies      
How many brands could just cut out the traditional or sales-based advertising and go for quality and word of mouth growth like ANKER?

Nothing sells me on a product like a happy customer. I scroll past the adds and related items on sites and dive right for the comments. Or just ask around work for what people use for X.

chiefalchemist 9 hours ago 0 replies      
Make ya wonder how many pre internet TV and print ads they would have sacked if they had the ability to truly measure their effectiveness.

Ya also have to wonder how they got to $100,000,000 worth of ads before they decided to pull back.

mathattack 10 hours ago 0 replies      
People spend more time on devices than TVs so advertising will follow in the long term. In the short term it will take companies like this to force the ecosystem to keep clean.
olivermarks 21 hours ago 0 replies      
It's not clear whether this is old banner programmatic ads that were cut, or more sophisticated social data mined tracking. Assuming it was the former?
losteverything 12 hours ago 0 replies      
Can anyone enlighten me on P&G cost cutting and board activity?

I've read they are "hurting" wondering if this is just cost cutting and not a deep analysis of ad/$ performance.

raverbashing 16 hours ago 1 reply      
It seems the issue is "overtargeting" of ads

P&G ads don't work like that. Their products appeal to a broad range of people, same as their ads. Specialized targeting literally does nothing to improve conversion (and keeping their product in mind)

jondubois 17 hours ago 0 replies      
I think other companies might come to the same conclusion and also reduce their ad spending.

We're in an advertising bubble just like the dot com bubble except this time it's not stock prices that are frothy, it's the advertising revenue itself.

Steeeve 18 hours ago 0 replies      
It is very easy to waste big spends in online advertising. There are large swaths of revenue absorbing points that are completely useless or nearly useless.

There are also ways to do it effectively on limited spends. Just like anything else, it requires effort.

With as many channels as there are, and as many people who have found a way to avoid commercials, TV advertising is a shadow of what it used to be.

These days effective and valuable marketing, especially for large brands, is hard work. No one vendor is a complete solution, and you have to consistently experiment and determine what the best options are where your target customer eyeballs happen to be landing in an ever-changing landscape.

Advertising in general is ripe for disruption.

paulpauper 15 hours ago 0 replies      
It seems like a lot until you consider that the total annual ad spend (just for Google alone) in in the tens of billions
RodericDay 21 hours ago 6 replies      
I've often dreamed of coding up some kind of worm-virus, but instead of stealing data or demanding ransom or corrupting storage, it would just install uBlock Origin on infected computers.

Millions of infected people, with zero idea what an "ad-blocker" is, just wondering where all the YouTube ads went. And then, hopefully after a month or so of infection, companies realizing that their bottom-lines were unaffected, pulling out of digital advertising altogether. Previously-thought-of-as-invincible giant behemoths like Facebook and Google, just crumbling to dust over a short span of time.

Just a dream though.

jgalt212 11 hours ago 0 replies      
Does P&G have a substantial in house ad tech operation? They advertise so much that they could probably start their own DSP and license its services to others.
mtgx 17 hours ago 0 replies      
Glad to see all of that advanced internet surveillance technology is being put to good use...

So much for the argument that tracking is helping companies serve you better ads.

m-j-fox 16 hours ago 1 reply      
laythea 19 hours ago 2 replies      
Back in the olden days where ads where more sparse, they would have so much more impact. Nowadays after the awash of ads we have everywhere, companies are collectively loosing their ability to make ads impact. (by logic, the more we are exposed to it, the less effective it it).

Therefore they did it to themselves. They abused it, so that now people reject them where they can, and it becomes less profitable. No sympathy from me.

Successful Solo Founders medium.com
295 points by Tunecrew  2 days ago   57 comments top 22
got2surf 2 days ago 6 replies      
Instead of looking at "% of successful exits that had n founders", it seems more relevant to look at "% of startups with n founders that had a successful exit".

Without knowing the distribution of startups with 1, 2, 3, 4, 5+ etc founders, it's hard to tell how much more/less likely each group is to succeed.

lettergram 2 days ago 2 replies      
You know, I'd venture to say the vast majority of businesses are started by one core person. One person has the idea and convinces others to follow. That's the most important metric to look for, can they create a team, can they convince others, etc.

Personally, I've started projects alone and with others, but by far all my most successful businesses/projects (one of which I'm applying to YC with) have been initialized by myself, and then I brought in others as needed.

Unfortunately, that creates some issues. For example, my most recent partner had to step back for personal reasons. Now, the question is - does that look bad? Now, I'm in an even weaker position because it looks like I failed to convince them the project was worth it, or we had a falling out. Neither of which was the case, we're still good friends, we just had different priorities and risk / reward levels.

Now I'm again a solo founder, searching for another partner. I know I could use one, which is why I'm doing it. There's a lot of work, and I'd move faster with help. I feel that's the only time I'd search for a co-founder going forward.

I kind of doubt people can bring people in just to increase fundability. They still have to be convinced and provide value.

Danihan 2 days ago 1 reply      
In my opinion, VCs prefer their investments to have more than one founder because teams are generally easier to manipulate / more willing to compromise. Solo founders, almost by definition, are going to be much more gregarious and stubborn. That doesn't equate into investor board control, which can cause issues down the road (see Uber)
bdcravens 2 days ago 0 replies      
I always feel that when I read these articles that the author is referring to a "single founder" as a hacker banging away at their Uber for Skateboards node or Rails app, as then applying the success of someone like Bezos, as if he built Amazon in a glorious one-person hackathon.
Hasknewbie 2 days ago 1 reply      
These types of article often list Jeff Bezos or Frederick Smith (Fedex) as examples. These guys were already millionaires when they started their company, I don't think they should be counted. There are enough solo startup founders who started from scratch in their kitchen/bedroom/garage, if look for them. No need to list less relevant cases IMO.
bitL 2 days ago 0 replies      
There is this joke: how many partners should a company have? The best is to have an odd number of partners, and 3 is too much.
jedberg 2 days ago 0 replies      
I see a lot of people questioning who is a solo founder or not.

To me, a cofounder is someone who has enough equity to veto your decisions if they don't like them. Everyone else is an employee, whether compensated in cash, equity, or thank yous.

Most of the objections I see here are, "well, they had a support group of X and Y".

No one does it alone. The issue is whether you have ultimate authority (and therefore responsibility) for the success or failure of the company.

I'd say everyone on the list of solo founders was personally responsible for the success of their company.

jliptzin 2 days ago 1 reply      
An anecdote to support this: not every business I've started myself was successful, but all the successful businesses I've started were without partners. On the other hand, every business I've started with one or more partners has failed.
sebleon 2 days ago 1 reply      
Dropbox has 2 founders [1]

[1] https://www.dropbox.com/about

adventured 2 days ago 0 replies      
As others have noted, the solo founder list is filled full of people that had immense help from other people, typically from day one.

For example: Henry Ford

He had half a dozen people building his first vehicle for him, most of them contributing their time to help at no cost, while he directed the implementation/vision/ideas. This is the first version of his quadricycle vehicle [1] he built in his little shed. Ford did some early experimentation work on his own, it wasn't very long however before he invited some extremely talented specialists to join in helping him, just to basically see if they could all pull it off. Ford had a high talent for gathering skilled specialists to follow him (messianic leader, he managed to do it throughout his career), all of which were better at specific tasks than he was (whether blue print drafters, or metal workers). Solo founder? Ford Motor wouldn't exist without Ford and it wouldn't have existed without the critical day-one contributions of those particularly talented people (some of which stayed with him for many years). When Ford built the Model T, he pulled together a very small team of hyper talented people just like with the quadricycle, and they did the actual work / implementation, while he played general (to take nothing away from that role, it's at least as critical as the other roles).

Ford as a solo founder is a big stretch.

[1] https://en.wikipedia.org/wiki/Ford_Quadricycle

nathan_f77 2 days ago 0 replies      
How hard is it to get into YC as a single founder? I'm pretty sure I could easily find a cofounder, but I'm not sure if I actually want to. I'm also not sure if I want to join an incubator, since bootstrapping and going at my own pace sounds nice.
arikr 2 days ago 0 replies      
Buffett added Charlie Munger as a cofounder and credits Munger for a large portion of the success.
uiri 2 days ago 0 replies      
The post mentions startups running afoul of minimum wage and overtime laws. The linked PDF mentions that anyone who owns at least 20% of the business can be considered an exempt executive. How exactly do startups wind up running afoul of these laws? The minimum pay is under $25k/year, surely if the startup is covering each founder's living expenses, then it shouldn't be too hard to meet that especially with vesting stock.
tlogan 1 day ago 0 replies      
If your plan to grow your company by begging for money then you need have a co-founder: you need to convince somebody to work for free. That is first step toward convincing VCs to give you money.

If your plan to grow your company is thru business (actually making something) then having co-founder is not required: you can hire senior people since you are solving real problem.

mankash666 2 days ago 0 replies      
Then, there's the silicon valley religion of idol-worship. Whatever Paul Graham, Elon Musk ... say must be true, and hence canon.

Ironic for all the AI, machine learning, data-science toting startups to go in the exact opposite direction when it comes to canonizing obvious non-science.

sage76 2 days ago 0 replies      
Jeff bezos had 2 engineers working with him from the beginning. Maybe not the same as co-founders, but having a team and support structure can help.

Aaron Patzer, on the other, was truly on his own.

Grustaf 2 days ago 0 replies      
Regardless, it's so much more rewarding to share an experience like running a company, just like with most things.

In the end I would guess that the experience matters much more than the exact probability of success for most people.

muzani 2 days ago 0 replies      
Google for example could probably work with one person, but what would happen is that Sergey and Larry would have ended up inventing their own search engine companies and competed strongly with one another.

It wouldn't end up even half the size if it wasn't two equally intelligent cofounders working together. That's a huge advantage of the co-founder system: you absorb your competitor instead of fighting them.

Tunecrew 2 days ago 0 replies      
jmatthews 2 days ago 1 reply      
The myth of the solo founder. I would venture that every founder has a support system that tangibly enables a business venture, whether it be family or peers or mentors.
horsecaptin 2 days ago 0 replies      
Oh, shit! Time to update all the advice I've been spewing every time someone asks me "hey, what's a sign that my startup will fail?".

Switching from "if you don't have cofounders" to "if you have cofounders".

Done. 180 degree about face. Commence frenzy!

rokhayakebe 2 days ago 0 replies      
The Universe had one founder (one none depending on who you ask).
Phoenix 1.3.0 Released phoenixframework.org
422 points by chrismccord  1 day ago   130 comments top 28
slashdotdash 1 day ago 6 replies      
For anyone curious about Phoenix and Elixir, I can sincerely recommend the following resources to get you started:

- Programming Phoenix by Chris McCord, Bruce Tate, and Jos Valim [1]

- The Little Elixir & OTP Guidebook by Benjamin Tan Wei Hao [2]

- Elixir in Action by Saa Juri [3]

Phoenix initially attracted me to Elixir, I've stuck around for that and the OTP platform: pattern matching, process based concurrency (actor model), supervision, immutability, macros, and more.

"Elixir took the Erlang virtual machine, BEAM, and put a sensible face on it. It gives you all the power of Erlang plus a powerful macro system." Dave Thomas

[1] https://startlearningelixir.com/r/programming-phoenix

[2] https://startlearningelixir.com/r/the-little-elixir-and-otp-...

[3] https://startlearningelixir.com/r/elixir-in-action

s0l1dsnak3123 1 day ago 2 replies      
Weve been using Phoenix at my company in production for over a year now. So far the experience has been overwhelmingly positive, our team have totally come round to its adoption, our server costs have come down and our response times have gone down also.

Coming from Rails, the ecosystem isnt quite there yet, but it is far more mature than rails was this early on.

The hardest thing for us has been deployment, but weve solved that internally, including giving back by building exrm_deb (it works with distillery too!) to compile the entire project into a Debian package.

If you havent already looked at Phoenix (and Ecto!) give it a try :)

bnchrch 1 day ago 1 reply      
I've been working professionally in Elixir/Phoenix for the past 4 months.

Summary: It's amazingly productive, pleasant to work with and simple.

Coming from a background spanning Python/Django, C#/.net and Node/Express I really believe it blows them out of the water.

Thank you for all the hardwork of the Phoenix team and the amazing community you've made.

dmix 1 day ago 0 replies      
The directory reorganization is a good sign that Elixir/Phoenix are not simply rehashing Ruby/Rails for the sake of popularity but are willing to prioritize what makes the most sense for this particular language - and asking how they can improve upon what already exists.

I recently ported my app from 1.2->1.3 and moving away from Models to Contexts/Data was a simple transition that makes a lot of sense.

The `data` files (aka your new models) are basically where the schema for your model lives and the `context` (your models API) is the interface for your data.

For example when building a blog:

Instead of having User, Session, Post, and Comment models which contains your DB schema, business logic, and interfaces for getting/setting data all models directory ala Rails:

 blog/app/models/comment.rb blog/app/models/post.rb blog/app/models/session.rb blog/app/models/user.rb blog/app/controllers/... blog/app/views/...
you instead create a namespace for each group of data:

 lib/blog_app/accounts/accounts.ex lib/blog_app/accounts/session.ex lib/blog_app/accounts/user.ex lib/blog_app/blog/blog.ex lib/blog_app/blog/comment.ex lib/blog_app/blog/post.ex lib/blog_app/web/controllers/... lib/blog_app/web/views/...
And in your data file `lib/blog_app/blog/post.ex` for example, you'd keep just your schema defining the fields like "title, permalink, body, etc" and code to handle validations and virtual attributes.

Then in your context file `lib/blog_app/blog/blog.ex` you define the API that access your data. So from your controller instead of calling:

 Post.all Comment.all Comment.find(1) User.new({..})
You now call:

 Blog.list_posts Blog.list_comments Blog.get_comment(1) Accounts.create_user({..})
It makes for a very logical structure for your MVC code.

softwarelimits 1 day ago 5 replies      
Phoenix is great! I only wish there was one recommended way for authentication and authorization - there are so many [1] different libraries that I got stuck in researching the options - I am confused, do not know which one to use. What is your preferred way? I would like to avoid to implement every little detail on my own - to get security done right was the main reason for me using open source libraries.

It would be great if there was one official way to make it easier to implement app security with the framework. I feel that this is the only missing part in phoenix - but it is a very important one.

BTW: does anybody know some tool that generates a phoenix api from a json-schema? Thanks!

[0] https://github.com/h4cc/awesome-elixir#authentication

fareesh 1 day ago 3 replies      
I'm spending all my free time with Phoenix. I come from a Rails, Laravel, Django and a bit of .NET Core background. So far I am extremely impressed. I'm surprised it has not been adopted by that many folks in production.
srjilarious 1 day ago 0 replies      
Really excited to see this out. I've been learning Elixir and Phoenix with the 1.3rc and have really been enjoying it!

I'm a fan of Contexts myself as that is typically how I architect apps on mobile as well. I like having everything separated more explicitly and testable individually and Contexts seem to promote that in a really nice way.

tiffanyh 1 day ago 0 replies      

In the past few weeks:

- Erlang/OTP 20 released,

- Elixir 1.5 released

And Cowboy 2.0 is in Release Candidate phase.

Exciting times.

digitalzombie 1 day ago 0 replies      
Gonna do phoenix for a side project.

I'm just a bystander reading about erlang and elixir for awhile. Did web dev in php and a little bit of nodejs.

But I think what you guys doing are great. I'm glad Elixir and Phoenix came about it really helps drive the language into a field (web dev) and get people to notice.

And that one implementation of figuring out how people is log off or not that is in Phoenix was really sweet when you presented it.

gregpardo 1 day ago 0 replies      
I actually love the domain driven work done in this release. I think it was a bold move from the team and breaks them even further away from Rails on EVM that people tend to think.

I have been bit so many times with trying to figure out where to put things like authentication/registration in a traditional MVC rails like app.

playing_colours 1 day ago 7 replies      
Would you suggest to choose Elixir / Phoenix for an api for a startup? Is it too risky now, or good enough + very attractive?
jrs95 1 day ago 0 replies      
I've always been intrigued by Phoenix/Elixir but I was worried it may just be a fad. Seems like it's had solid growth over the last couple years though, so I may end up diving into it over the weekend.
Tistel 1 day ago 0 replies      
We are using Elixir and Phoenix. Its amazbalz. The properties of the erlang VM (100k processes, individually garbage collected etc) are going to make it a killer platform. (edited)
misterbowfinger 1 day ago 2 replies      
Are there any "here be dragons" for Phoenix? Does it play well with legacy systems? Support for different protocols, etc.
jaequery 23 hours ago 1 reply      
It's truly amazing when you see the numbers yourself, as Elixir/Phoenix produces some wicked TTFB(time to first byte) speed and concurrent performances you can't get from other languages.

I wouldn't be surprised to see one elixir server replacing 5x - 10x servers.

samtechie 1 day ago 1 reply      
Does Phoenix 1.3.0 fully support Elixir 1.5? I keep getting warnings when compiling since I upgraded to Elixir 1.5.
brightball 1 day ago 0 replies      
Great news! Been waiting for this so I could tinker and then make a pitch to my office where I think it's an ideal fit.
neya 23 hours ago 1 reply      
I use Phoenix with all my newer projects. The performance is stellar. I single-handedly was able to create what many startups out there have built with 100s of thousands of engineers[1] in a short period of time. This may be possible with Rails too, but then, I found a lot of things are much more convenient to get done in Phoenix than in Rails - For example, Contexts (nested models), Routes, etc.

When I started with Phoenix I was anxious that the experience was going to be just like when I first tried out Play/Scala, but no. To my surprise, my experience was fantastic. Truly, this framework allows you to focus on your business problems rather than fighting with configurations/conventions.

One of the best decisions the team has made is introducing the concept of contexts from DDD[2]. Initially, I was pretty confused, but now, I simply cannot imagine myself going back once that I've understood it. It's basically breaking down your business into smaller tiny modules, like I've done in [1]. The other thing I love about Phoenix is the concept of umbrella applications. I'm not sure if Rails has an equivalent, but I think this alone is worth exploring Phoenix for.

I don't even have micro-services in my architecture yet, but because of these patterns, I'll be able to break out and scale my application if I require to, in the future.

Phoenix has proven to me that it can not only scale performance-wise, but also architecture-wise. Last time I tried developing [1], it was in PHP and I had to hire 5 devs to get it done..6 months later and we still weren't done. However, in just a matter of weeks, I was able to finish a complete working prototype of this mammoth application, with UI and frontend. As for my production setup, I use Docker + AppEngine (using a custom VM) and it has served me really well. The performance is top notch and everything works so flawless.

As for the language itself, I really love Elixir. I simply cannot imagine going back. It really forces you to think differently about your code. Last time I tried to learn a functional language, it was Scala - also a beautiful language on top of the JVM. But, the problem is, it's so academic in the sense that even a good book on scala had 400+ pages. Some of them had 700+ pages. But Elixir isn't like that, you can pick up the language in a matter of weeks (YMMV, it took me 2) AND build a project in no time.

For Elixir, if you're coming from a Ruby background, you'll be able to pick it up fairly easy. However, you will find it challenging when you hit a situation where you would have used a traditional for loop, but in Elixir, you would be forced to re-architect your code. And that's a good thing.

[1] https://news.ycombinator.com/item?id=14785209

[2] https://martinfowler.com/bliki/BoundedContext.html

jonathanreinink 1 day ago 0 replies      
Been following Phoenix for a while now. It looks amazing! One small complaint: the lack of code highlighting in the documentation really bugs me.
Kiro 1 day ago 3 replies      
How are people hosting their Phoenix projects? I'm used to Heroku or Laravel Forge. I don't really want to mess too much with servers.
richjdsmith 9 hours ago 0 replies      
Awesome work Chris, thanks for everything you and the team are doing!
kornish 1 day ago 2 replies      
Does anyone have any favorite open-source Phoenix codebases?
charleshan 1 day ago 0 replies      
Awesome, nice work!
Gaelan 1 day ago 0 replies      
I had to switch to the home page and go below the fold to figure out what Phoenix was (a web framework in Elixir).
out_of_protocol 1 day ago 6 replies      
Quote interesting release, many useful features. `action_fallback` looks really nice. Contexts ... not so much imo
ranyefet 1 day ago 0 replies      
Thanks for the hard work! Looking for to upgrade
desireco42 21 hours ago 0 replies      
Oh finally! I've been using RC for quite a while now. Glad it is out.
miguelrochefort 1 day ago 2 replies      
How is it better than F# and Akka.NET?
Higher-paid, faster-growing tech jobs are concentrating in 8 US hubs hiringlab.org
283 points by fern12  2 days ago   262 comments top 21
ynniv 2 days ago 18 replies      
I get that you work with what you have (in this case, a corpus of job postings), but a ranking that places Baltimore in the top three tech hubs fails the sniff test. CBRE has a better list here (email registration wall): https://www.cbre.com/research-and-reports/Scoring-Tech-Talen...

I'm biased in that it places Atlanta unusually high, but overall it is a better, less surprising ranking:

 Bay Area Seattle New York Washington DC Atlanta Toronto Raleigh Austin Boston

jkw 2 days ago 2 replies      
Breaking out SF from "Silicon Valley" seems like an outdated approach to segment the data. I would say for the past decade, "Silicon Valley" includes SF, Peninsula through San Jose for all intents and purposes. I see people, who live in SF, commute down to Peninsula and vice versa. The job market in the Bay Area is all pretty fluid.
zw123456 1 day ago 11 replies      
Reasons for Seattle:1) take a long shower2) wash your car3) water your lawn4) cheap electrical rates5) enjoy the outdoors6) awesome IPA's7) pot is legal8) great culture9) moderate weather as global warming progresses

downside - traffic is horrible.

That is my take as a long time Seattlite.

Benjammer 2 days ago 1 reply      
They looked at tech job listings as a percentage of ALL job listings in cities with a population over 1 million. How does that show a "tech hub"?

I would bet NYC has more total tech jobs (as well as open listings) than a lot of the "tech hubs" on the list.

jeremynixon 2 days ago 1 reply      
I don't understand why Indeed breaks up San Jose / Sunnyvale / Santa Clara and San Francisco / Oakland / Hayward, and also fails to include Palo Alto, Mountain View, Menlo Park, Cupertino, etc. It completely distorts the proportion of fast growing jobs that are in these 8 tech hubs.
bit_logic 1 day ago 4 replies      
Disappointed Los Angeles didn't make the list but not surprising. LA has all the right things like colleges (UCLA USC Caltech and others) and same CA employment laws as Silicon Valley. It has big companies like Snapchat but just can't seem to cross that threshold into major tech hub. Maybe Hollywood is just too dominant here, similar to how NYC isn't on the list because finance dominates there.
vancan1ty 1 day ago 3 replies      
Whatever happened to telecommuting eventually making it relatively unimportant where you live? Will this happen in the forseeable future, or will the best tech jobs continue in this trend of centralizing around major hubs?
Nokinside 1 day ago 1 reply      
This is not US only phenomenon. Agglomeration externalities create large productivity differences and it seems that they are constantly being underestimated.

Cities have higher productivity than other areas and larger cities have much higher productivity than smaller cities (in the developing world). Cities are like brains where bigger city thinks qualitatively better.

Housing constraints in larger cities put limits to the aggregate growth. Recent paper: "Housing Constraints and Spatial Misallocation, Hsieh and Moretti." http://eml.berkeley.edu//~moretti/growth.pdf

>We quantify the amount of spatial misallocation of labor across US citiesand its aggregate costs. Misallocation arises because high productivity cities like New York and the San Francisco Bay Area have adopted stringent restrictions to new housing supply, effectively limiting the number of workers who have access to such high productivity. Using a spatial equilibrium model and data from 220 metropolitan areas we find that these constraints lowered aggregate US growth by more than 50% from 1964 to 2009.

paul6987 1 day ago 0 replies      
DC and Baltimore is the land of govt contracting where designers and developers can command hourly rates of 60 to 100 an hour based on skill-set. There's tons of demand too and the cost of living is fairly inexpensive.

I just left my high paying govt contract job as I tried working things out with a co-worker who suddenly became a real S#$t to work with .. tried one on one with him & then with management. Overall nothing changed after months so I left and will be starting a better paying job in 2 weeks. There's too much demand to sit and take crap from anyone.

rpazyaquian 1 day ago 3 replies      
Boston doesn't seem to be doing very well in the long-term. I moved here to take advantage of both the presence of tech jobs, and to live in an accepting, progressive blue state. If I want to stay in the area, what field should I be transitioning into?

I know the Boston area has a lot of medical/health companies around, and it might be worth it to start looking at those kinds of companies as a long-term solution. Are they still a good choice for MA tech jobs?

40acres 2 days ago 3 replies      
Can anyone speak to.the job market in the DC metro? I've been thinking a lot about moving back to the east coast and DC seems like a decent trade off between cost of living and interesting jobs (compared to my home NYC).

What kind of jobs are in DC, what's the salary range like?

Ologn 2 days ago 3 replies      
Baltimore and Raleigh are tech hubs, and New York is not?

In 2000 when the dot-com's went bust, things were not so bad for IT in New York because the other industries were still going along - media, advertising, fashion, and of course, finance. San Francisco has all its eggs in one basket.

Plus New York has Stack Overflow, Spotify, Computer Associates, IBM, Seamless, Rockstar Games, Kickstarter and companies like that as well.

mannykannot 2 days ago 1 reply      
There are some highly technical (and specifically information-techical) jobs in finance that don't seem to be included here. This may also be the case for other areas, as well.
Kinnard 1 day ago 0 replies      
A cost-of-living adjusted list would be more interesting . . .
maxdemarzi 1 day ago 4 replies      
Move to Round Rock folks! You can get a 4000 sq.ft. home, a half acre yard and a pool for less than a San Francisco studio. You pay $4000 a month to rent a 1 bedroom? You can rent a whole house here for half of that. Pay is the same if you just ask. Too many jobs and not enough local people to fill them.
AndrewKemendo 1 day ago 0 replies      
Rounding out the big eight, tech jobs in Washington, DC, Baltimore and Raleigh are more traditional and offer lower salaries, making these metros less like Silicon Valley than their fellow tech hubs.

Exactly. Here in DC it's mostly data center and infrastructure services growth that we're seeing.

rmason 1 day ago 2 replies      
I've seen two surveys in the past week, one where Detroit ranked second in IT job growth and this one by Forbes that ranked Detroit 9th.


Detroit didn't rank here because the cities population is below a million. But with the suburbs Detroit metro is 5 million and I believe that doesn't include Ann Arbor which just ranked as a top startup hub. So this particular survey is a little misleading.

bhewes 2 days ago 1 reply      
Yep those are all the cities my tech oriented friends either live in or dream of living in.
c3534l 1 day ago 0 replies      
So, basically in America's biggest cities. Thanks.
makosdv 1 day ago 0 replies      
It would have nice to see them compare salaries and cost of living in these hubs.
swampthinker 2 days ago 2 replies      
Without looking, I'm going to guess (in no particular order):

- Cambridge/Boston

- DC metro area

- Austin

- Bay area

- Seattle


- Philadelphia

- LA or San Diego


Hm, got most right. I forgot about the Triangle entirely, but I'm surprised Baltimore outpaced Philly.

A practical explanation of a Naive Bayes classifier monkeylearn.com
324 points by feconroses  1 day ago   40 comments top 10
moultano 1 day ago 3 replies      
A practical issue for Naive Bayes that also infects linear models is bias w.r.t. document length. Typically when you are detecting a rare, relatively compact class such as sports articles (or spam) you will tend to have a strongly negative prior, many positive features, and few negative ones. As a consequence, as the length of your text increases, not only does the variance of your prediction increase, but the mean tends to as well. This leads to all very long documents being classified as positive, regardless of their text. You can observe this by training your model and then classifying /usr/dict/words.

This is the most common mistake I've seen in production use of linear models on document text. Invariably, they'll misfire on any unusually long document.

superasn 1 day ago 0 replies      
I created a small program that finds the best sub-reddit given any title text[1] using this algorithm.

I'm a total ML noob but it was a interesting project and the results were pretty accurate.

I basically used reddit's Bigquery data for the dataset (it's huge!). If you need a practical example of this algo, the algorithm and code is here[2].

[1] https://storage.googleapis.com/superasn/script.html

[2] https://www.reddit.com/r/learnmachinelearning/comments/6hqd6...

mooman219 1 day ago 1 reply      
The examples other people are using are fairly narrow. I would like to substantiate that text categorization via naive bayes classifier is surprisingly accurate and simple. This paper[1] uses ngrams and a simple out of place measure to compare articles against different verticals and often sees greater than 99% accuracy for relatively small blocks of text. The out of place measure also adds a penalty to features not found in the document, which helps establish the individuality for the category classification. Raw matching performance is also fairly impressive; A less naive implementation is also highly parallelizable.

[1] http://odur.let.rug.nl/~vannoord/TextCat/textcat.pdf

rgarreta 1 day ago 1 reply      
I would add that another practical aspect about Naive Bayes classifiers is that you can make use of the conditional probabilities for each feature that contributes to the predictions. That gives you some introspection on how the model is working and it's useful when "debugging" classifiers by finding features that should/shouldn't be used.


schuetze 1 day ago 5 replies      
Considering the relative ease of implementation, classification accuracy with smaller datasets, and computational efficiency of Naive Bayes classifiers, I am surprised that they are not mentioned as often as other machine learning competitors, such as random forest.

Are there major drawbacks to Naive Bayes classifiers? Is it just that they aren't as accurate on large datasets?

mattbettinson 1 day ago 0 replies      

I wrote one of these in Ruby to classify links into tags! Was fun. I think it got me a job.

torbjorn 1 day ago 0 replies      
I just did an jupyter notebook on Naive Bayes for Siraj Ravel's Math of Intelligence YouTube course.


I used naive bayes to classify raps from Biggie and 2pac.

anthonysarkis 23 hours ago 0 replies      
C++ implementation for self driving car (school project) https://github.com/swirlingsand/self-driving-car-nanodegree-...
b_ttercup 1 day ago 2 replies      
Is Naive Bayes really ever the most practical choice? Yes it is a simple, fast algorithm, but it's usually a non trivial step below other simple models in my experience and doesn't seem to show any major advantages. The results shown here seem good but bag of words models usually do better than you might think on supervised NLP. So what's the motivation?
drefgert 1 day ago 0 replies      
Bayee does a great job of filtering spam but it drives me nuts that obvious spam still appears in my inbox.

Suffix trees would fix this in most cases, so why the heck isn't spam filtering using them to remove the obvious spam?

Announcing the Windows Bounty Program microsoft.com
275 points by el_duderino  3 days ago   115 comments top 17
tiffanyh 3 days ago 11 replies      
I wonder what impact this will have on open source software (OSS).

OSS can't afford to pay people to look for bugs and improve the overall software. But commercial companies can.

I wonder if there will exist a date/time in the future where closed-source software, because of these bug bounties, will yield better (less buggy) software vs OSS.

crsv 3 days ago 3 replies      
With the increasing number and value of these bounty programs, how viable is a career in professional free lance security bug hunting?
keithnz 3 days ago 1 reply      
I find the wording of this odd? they have had a bounty program for ages?

the list of active bounties is here https://technet.microsoft.com/en-us/security/dn425036

strictnein 3 days ago 2 replies      
> If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they couldve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)

Wow. I guess this kind of functions as hush money? To make sure they don't reveal the issue before MS patches it. But still, this seems like a good move.

a_imho 2 days ago 1 reply      
I still consider these fees way too low. I understand there are not too many legal buyers for Windows bugs, but wonder whether it is more profitable from a financial pov to just disclose bugs as an upfront investment and wait for a PR disaster to have some actual leverage to negotiate fair prices.
AngeloAnolin 3 days ago 0 replies      
Overall, I feel this is a good move by Microsoft. Admittedly from their side, they won't (or cannot) cover all security holes from their system. Asking help from external sources and rewarding them appropriately is also good, allowing them to patch their system. In turn, end users will (hopefully) get an OS that is secure. Win for everyone. Way to go MS!
monocasa 3 days ago 2 replies      
It's good to see the bounties increasing to the range you could get on the open market.
ourmandave 3 days ago 1 reply      
That max hyper-v payout of $250,000 reminds me of the TV Trope Just Cut Lex Luthor a Check


jumpkickhit 3 days ago 4 replies      
Bounties for Edge? Isn't it less than 5% in browser market share?

I like the fact they're offering a bounty program, I'm just surprised Edge was included I guess.

eitland 3 days ago 0 replies      
I reported an information leakage from password fields in Windows some moons ago (ctrl arrow would stop between different character classes in modern Windows style password fields.)

I don't think this was a big find but I remember I was still somewhat underwhelmed by the response.

xmodem 2 days ago 0 replies      
Nice. now can we please have a way of reporting phishing/malware hosted on Microsoft services (Onedrive, hosted Sharepoint, Azure, etc)? I have reported a few of these to Microsoft's CERT team and they just seem to get ignored.
grandalf 3 days ago 1 reply      
I've come to feel that a Windows 10 machine is more secure than an OSX machine, all else being equal.
oxide 3 days ago 1 reply      
Its about time. I hope the incentives stay strong enough, and dont require hoops to jump through. otherwise the gray/blackmarkets could out-bid the bounty and cut the red tape to incentivise their own acquisition of the exploits in question.
Principe 2 days ago 0 replies      
Damn. $250k for a RCE bug in Hyper-V. If that's on the legit market, I can't even imagine what it would sell for elsewhere.
seanhandley 3 days ago 0 replies      
Wow. About time.
kazinator 3 days ago 1 reply      
> Bounty payouts will range from $500 USD to $250,000 USD

I will need some $25K in cash upfront to be convinced to start using Windows 10.

v4n4d1s 3 days ago 4 replies      
Dear Microsoft

>Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customers privacy and security will receive a bounty

Windows 10 has a major design flaw which compromises your customers privacy and security. You call it Telemetry and it can't be disabled completely(definitely a bug! Nobody would make such a stupid decision, amiright?).

Please send me further instructions on how I can claim my 250k.

Also: Why is there nothing for Server 2016?

Robot cracks open safe live on Def Con's stage bbc.com
293 points by SirLJ  1 day ago   99 comments top 11
agumonkey 15 hours ago 5 replies      
Last month I had the disappointing surprise of finding a lock on my bike. I forgot I put it (it's been years since I last used it). And it's not a key lock.. so I'm screwed. Not willing to cut the cable.. I decided to brute force it. 999 space is fun. Luckily you quickly find similar tips than the alignment one to speed up the process. And since it's not a full rotary lock, I could also "DDR" the tests by testing when going from 0 to 9 then from 9 to 0. 5 minutes later and 800 attempts I was lifting my bike like a king. Until I realize the rear tire was dead. TL;DR; do not succomb to the seductive power of cryptanalysis.. check rubber first !
Pinckney 22 hours ago 3 replies      
It's a cool robot, but auto-dialers are a known tool in safecracking.

Additionally, the safe in question seems to be a SentrySafe SF082CS, which caries NO security rating from UL. The lowest test rating, RSC, only requires the safe survive a 5 minute attack with hand tools.

saalweachter 10 hours ago 0 replies      
I'm honestly a little disappointed it's "just" an automated safe cracker.

I wanted to see a hulking brute of a robot peel the safe like an apple with its powerful metal claws.

asciimo 22 hours ago 1 reply      
I love this frank response from the safe manufacturer:

'... speaking to Wired magazine earlier this month, when the team demonstrated its method on a smaller safe, a spokeswoman for the safe maker said: "In this environment, the product accomplished what it was designed to do."'

Animats 19 hours ago 1 reply      
Here's a commercial version. [1]

This seems to be an exhaustive-search combination lock solver. Someone else has built one that not only manipulates the lock, but uses a contact microphone to listen to it. But I can't find the reference.

[1] https://www.youtube.com/watch?v=fIavLorioys

dws 2 hours ago 0 replies      
SparkFun posted a full tutorial on their machine few months ago.


radarsat1 4 hours ago 1 reply      
> Some SentrySafe models come with an additional lock and key, but the team was able to unlock it by using a Bic pen.

Um.. that also seems like an important problem?

anindha 22 hours ago 1 reply      
So many people in SF leave their house keys in those 3 digit combination locks for Wag dog walkers. Something like this could crack that in seconds.
kumarvvr 12 hours ago 1 reply      
Those framing pieces of aluminum or steel look awesome. They look great for quick mechanical structural work.

Anyone have any idea where to buy them from ?

0xbear 22 hours ago 2 replies      
Aren't there a whole bunch of videos on YouTube of kids opening these with not much more than a length of steel wire and primitive hand tools? You decidedly do not want a safe that's not UL listed.
thesmallestcat 22 hours ago 3 replies      
Somebody dumb enough to leave a key to their house right next to their house in a city like SF deserves to get burglarized.
Facebook Profit Jumps 71% Year-over-Year wsj.com
254 points by JumpCrisscross  3 days ago   279 comments top 21
chollida1 3 days ago 11 replies      
Some fun Facebook facts from the earnings call/report

- Facebook has a massive, $35.5 billion hoard of cash, cash equivalents and marketable securities. It's the third biggest S&P 500 company by this metric that isn't paying a dividend, after Berkshire Hathaway and Alphabet.

- Facebook's headcount is now at 20,658. That's up 43 percent since last year

- Average Revenue Per User Rises 23% to $4.73, Down from 4Q 2016

- Facebook Offers No Break Out of Instagram Revenue

- 2Q Daily Active Users 1.32 Billion, Monthly Active Users 2.0 Billion

- Shares Up 1.6% After-Hours, Near Session Highs

- Zuckerberg: WhatsApp and Instagram Stories each have more than 250 million people using them daily. Each of those is a single SNAP whose entire daily user base is around 170 million.

Wow, this is a company that is killing it right now.

Facebook and Google combine to account for up to 99% of advertising growth.

As this relates to SNAP, I have to think that investors will spend atleast a year spending marketing budges with SNAP but after that, RIP Snap......

Also as a crazy aside, Meg Whitman just resigned from the HP Board and has been reported to be visiting Uber.....

StevePerkins 3 days ago 14 replies      
Maybe I live in a bubble, but I just assumed that Facebook would be on a decline trajectory by now.

Their website is almost meaningless to my day-to-day life at this point. I login once every couple of weeks, upload some pics of my kids for Grandma to look at, and then log off. I don't personally know anyone who still uses it regularly as we did back in 2007. I don't know a tactful way to put this... but it seems like mostly older people and Walmart shoppers, posting angry bumper sticker nonsense about Obama or Trump.

Am I just COMPLETELY out of touch? Or it is an Eternal September situation (https://en.wikipedia.org/wiki/Eternal_September), where the unwashed masses are still coming on board faster than people like me are leaving?

Even if it's the latter, aren't they near a saturation point by now? Once everybody's signed up, where's the growth come from? How do you squeeze out additional monetization from a platform once there are no new members coming in, and old ones trickle away because the content is so poor?

grandalf 3 days ago 4 replies      
Interestingly, I'm someone who does not click on ads, but the last 3 ads I've clicked on were on Facebook, and two resulted in purchases.

I can't help it when the ads are for cool things like a $20 USB endoscope.

jumpkickhit 3 days ago 1 reply      
I'll give them credit, Facebook figured out how to monetize themselves.

Versus say, Twitter, which i don't use and still don't understand how it even exists.

solomatov 3 days ago 2 replies      
Interesting thing is that GOOG's results which were released several days ago weren't so stellar. It's good to see real competition in advertisement market.
ZenoArrow 3 days ago 3 replies      
One thing I just can't get my head around... who is clicking on online ads? I click on maybe one a year, and probably less than that, and I don't think I've ever bought anything based on what I was shown in an online ad. Perhaps I'm an outlier, but considering the popularity of ad blockers I don't think my lack of engagement with online ads is that extreme.
vadym909 3 days ago 0 replies      
Hopefully their newly unionized cafeteria workers can extract a bit more from them, then Google would have to do the same to Google Express drivers, then Apple to its coach drivers, and this trickle down effect to non-tech jobs may actually work. http://www.mercurynews.com/2017/07/24/hundreds-of-facebook-c...
virtuexru 3 days ago 10 replies      
> Facebooks formidable ad business, along with Alphabet Inc.s Google, soaked up 99% of the online ad industrys growth last year, according to Pivotal Research.

Does that seem crazy to anyone else?

majani 3 days ago 0 replies      
Considering how Facebook still has so many giant monetization levers to pull(Groups, Events, Video, Whatsapp and Messenger) their financial performance is nothing short of amazing,regardless of opinion on the product itself.
corobo 2 days ago 0 replies      
I guess ruining videos is paying off then.

I'll be watching a video lets say it's a downbeat makes-you-feel sort of video. In the middle Facebook decides it's cash-in time and you get some zany wacky advert for something or other. Yeah cheers Facebook.

The overall effect is I realise I'm wasting time watching videos and exit out during the ad, I imagine eventually I'll just not bother watching videos at all.

I'm also aware most of the videos I'm watching out of convenience are freebooted too, it's a bit cheeky to profit on those.

benjaminbuttons 2 days ago 4 replies      
Anyone please explain what is the utility of FB. The newsfeed quality is terrible, with lots of spam and inaccurate content. I stopped using FB a while back, I don't get why a Billion people are still hooked on to this social media trap.
mcintyre1994 2 days ago 1 reply      
The insane thing to me is that they've barely gotten started on monetising outside the Facebook feed. They've taken that, injected ads and garbage until it's useless for me and almost everyone I know, and billions still use it every day. Me and almost everyone I know use some combination of instagram, WhatsApp and Messenger, and they could inject way more ads into all of those. I'd probably end up not using them any more, but that's clearly not representative. It's insane how much un-monetised space they have right now.
sidcool 2 days ago 1 reply      
I have met very very few people who actually like Facebook, and still it continues to make impressive strides, technologically and financially. May be I am living in a filter bubble where no one likes Facebook and there's a world somewhere where people are all the time hooked on FB, Instagram and WhatsApp.

P.S. I use WhatsApp and like it, so it makes me minor hypocrite.

pier25 3 days ago 1 reply      
I barely use Facebook anymore. Are there any reasons other than user growth to justify the profit jump?
recursion 3 days ago 0 replies      
Link to non-paywalled article: http://archive.is/h2465
em3rgent0rdr 2 days ago 0 replies      
I suspect a significant portion of this 71% spike is from people fuming about Trump.
nether 3 days ago 0 replies      
The new tobacco companies.
CephalopodMD 3 days ago 0 replies      
*since last year

The jump in EPS from the last earnings call a few months ago is just a few percent - nowhere near that. It's about 18% above expectations. This is good if you're a shareholder for sure, but the title is misleading.

ahassan 3 days ago 1 reply      
Is there an alternate article that isn't behind a paywall?
barce 3 days ago 7 replies      
How would you define "killing it" to a non-native, English speaker?
djakademiks 3 days ago 2 replies      
Show HN: Chromeless Headless Chrome Automation on AWS Lambda github.com
380 points by schickling  3 days ago   89 comments top 27
schickling 3 days ago 2 replies      
I'm really excited to finally open-source Chromeless. We've used NightmareJS and similar tools before to run integration tests but these basically added ~20min to each build. With Chromeless we were able to reduce this time to under a minute!

Here is btw a demo playground to try it out: https://chromeless.netlify.com/

Let me know if you have any questions :)

gowan 3 days ago 3 replies      
shamless plug: i've also written a high level api on top of the chrome remote debugger chrominator [1]

similar idea. chrominator use promises instead of a fluent api. it also follows the selenium w3c spec where possible. it does cool stuff with evaluate and evaluateAsync where it resolves the remote object to something usable.

to be fair there are a few other projects i know about that wrap chrome remote debugger with a high level api:

* autogcd [2]

* ghostjs [3]

[1] https://github.com/jesg/chrominator

[2] https://github.com/wirepair/autogcd

[3] https://github.com/KevinGrandon/ghostjs

cjr 3 days ago 0 replies      
This looks great! As the developer of an automated screenshot solution (https://urlbox.io), one of the major pain points when taking screenshots is font-rendering. I wonder how you could install/configure fonts on lambda?
titel 3 days ago 3 replies      
@schickling - When will the PDF support arrive?https://github.com/graphcool/chromeless/blob/master/docs/api...
shortj 3 days ago 2 replies      
This would have been awesome to have back when I was heavy in to the UI test automation game. Our best option at that point was a spot instance EC2 fleet and analyzing commits to determine which tests would be the most valuable to run. It's awesome being able to easily run hundreds or thousands of tests in parallel, completely segmented, and pay only on demand. A fantastic use of AWS Lambda! It suddenly becomes reasonable to do full integration tests on every merge request, or even commit, and get feedback to the developer in seconds.
kensoh 2 days ago 1 reply      
This is a really cool project, but looking closer at the API and issues raised it seems that the features are being over-promised.

- "Do pretty much everything you've used PhantomJS, NightmareJS or Selenium for before".

The main features of those tools plus their ability to handle a large range of edge cases are built up over the years in production use and do not seem to be already in Chromeless. Also, Lambda costs can be a significant point of consideration for professional test automation with large volume.

Nevertheless, there's no turning back as flood gates have been opened and many developers are noticing Chromeless. I believe, with enough dedication from Chromeless maintainers, they may be able to channel the attention and contributions to shape Chromeless to be the main challenger to existing test automation approaches. That will really be a blessing to the open-source community!

The only catch I believe, is it may be easier for those existing tools to be made working in Lambda or implement a similar form of parallelism while still having their mature API, than for Chromeless to catch up to the state of maturity of those tools. But as they say, growth solves almost every problem, so issues like these may be ironed out through collaborative efforts from contributors/maintainers.

yeldarb 3 days ago 1 reply      
I've been using serverless-chrome for the past few weeks and this looks like a big improvement in usability!


1024core 2 days ago 0 replies      
How do cookies work in Chromeless? Can I specify a cookiejar to use? Can I keep cookies separated?
afandian 3 days ago 4 replies      
I've got the impression that lots of sites block AWS IP addresses. I wonder if this would hamper the practical use of this on Lambda.

I'm doing something similar, and this concern was one motivation for running in our datacentre vs EC2.

Does anyone have concrete info on rates of bots blocked from AWS IPs?

pedrocls 2 days ago 0 replies      
How is this different from using a container/vm image which has chrome pre-installed and on request launch it in headless mode, accessing the instance via chrome-launcher and manipulating the browser with chrome-remote-interface?

You can then use the vm/container as a function to match AWS lambda.

Is it the that the api is more-user friendly or selenium w3c complaint?

Genuinely curious, don't know much about this project.

inertial 2 days ago 1 reply      
I'll just add some related projects I've used / tried in the past.

The promise of fast execution time in parallel is tempting with Chromeless. Thanks for sharing.

- https://github.com/webdriverio/webdriverio

- https://github.com/nightwatchjs/nightwatch

- https://github.com/assaf/zombie

- https://github.com/dhamaniasad/HeadlessBrowsers

biscarch 3 days ago 1 reply      
I've been super excited about Chrome headless but haven't had a chance to dig into using it yet. The api here looks amazing for getting started without getting lost in the weeds. It'd be fairly trivial to hook this up to a Slackbot and to get on-demand screenshots of various pages on my websites, etc.
coredog64 3 days ago 1 reply      
The last time I tried headless Chrome, file downloads were a PITA. Has anyone tried downloads with Chromeless?
shimon_e 2 days ago 0 replies      
Another platform that supports headless chrome: https://devexpress.github.io/testcafe/

The error report given by this are some of the best.

Vuneu 3 days ago 1 reply      
This is pretty nifty! I've been keeping an eye on Phantomium for a while, I wonder what's come out of it.
yamafaktory 3 days ago 0 replies      
Looks super promising, the API is really neat and running the tests in parallel is a big plus! Awesome work!
jotto 3 days ago 1 reply      
(Shameless promoting): for an API version of the prerendering functionality, with no warm-up latency, we're running a large cluster of Chrome headless instances here: https://www.prerender.cloud/
languagehacker 3 days ago 1 reply      
We've been using chrome-remote-interface for test automation in a project that makes heavy use of Lambda for a distributed event processing infrastructure. I'm looking forward to seeing whether we can implement this for running our test automation suite!
craptocurrency 3 days ago 0 replies      
Nice tool

Some API documentation says:

pdf() - Not implemented yet

Not implemented yet

How about you deprecate the API for now but reveal the purpose please.

iokevins 3 days ago 1 reply      
One minor housekeeping comment:

The first two examples seem to return 404, for me:


victorhooi 3 days ago 2 replies      
So to clarify - this is basically a Node.JS wrapper around Chrome headless, right? =_)

Seems pretty awesome.

My use case is to take screenshots of various pages - the docs don't mention the default viewport dimensions, btw.

polskibus 3 days ago 1 reply      
Can I use this somehow in a container? Farm out headless chrome + selenium on a local data center? I would be grateful for any hints.
hartator 3 days ago 0 replies      
Really awesome. Will definitely be usefull for a project I am working on.

Any plan to support other languages beside JS?

megamindbrian 3 days ago 0 replies      
Cool. Now can you use it with webdriver functions instead of re-inventing the API?
colordrops 3 days ago 0 replies      
Can any headless browser solution be considered complete without GPU support? A large percentage of sites use GPU enabled and accelerated features and without GPU support, headless options are worthless to many applications.
pknerd 2 days ago 1 reply      
Wish it had a python wrapper.
fizixer 3 days ago 0 replies      
naming gore.
Longest Lines of Sight on Earth beyondhorizons.eu
330 points by pilom  3 days ago   153 comments top 25
btilly 3 days ago 5 replies      
You can actually work out roughly how far away the horizon should be surprisingly easily. Just use the fact that if R is the radius of the Earth and you are at height h, then from you to the horizon to the center of the Earth back to you is a right angled triangle with one side of length R and the hypotenuse of length R+h. Therefore the distance to the horizon is sqrt(2Rh+h^2) which is roughly sqrt(2Rh).

The Earth is roughly 6370 km which is not far from 6400, so if your eyes are 2m = 0.002 km up then the horizon is about sqrt(264000.002) = sqrt(25.8) km away, which is roughly 5 km or a bit over 3 miles.

If you apply this to a 6 km tall mountain, the horizon is about sqrt(263706) km away which is about 276.5 km. So something of the same height at the opposite end of the horizon would be 553 km away. So the top distance of 538 km is pretty close to the maximum that we would expect.

What about an airplane? An airplane flies about 11 km up. So it can see around 375 km. If you work it out, that puts the horizon about 3.37 degrees below horizontal. This isn't much, but if you take a plumb line and a right angle on an commercial flight, it is enough to actually see that the horizon is below horizontal.

yread 2 days ago 1 reply      
The link in the "done" column doesn't work - it should point to


It's a report how they made an actual photograph of a sunrise over 443km far. Quite amazing!

BTW if you ever get the chance to go up Mt. Canigou, go for it. Since it's the first big mountain in Pyrenees from the east you have really spectacular views and it's not that difficult to hike up there. Plus they brew great beer (from iceberg water they say) in the refuge just under it.

kbenson 3 days ago 7 replies      
Mt. McKinley (6.194 m.)

What country uses '.' as the thousands separator but speaks English? Or is this someone mixing their native language thousands separator with English? Or is there some weird interaction between country and language that makes this the preferred, or at minimum an acceptable standard form? I'm actually hoping it's one of the latter options, that would be something new to me.

xxxxxxxx 3 days ago 3 replies      
This is very cool. I'm told you can see Mt Fuji from Tokyo on a clear day, but I never managed to see it. I did manage to see Mont Blanc from my Kitchen in Lausanne, Switzerland a few times - such a beautiful sight.
11thEarlOfMar 3 days ago 0 replies      
I can't resist... Reminds me of the Beacons of Minas Tirith from Return of the King, probably my favorite sequence in the entire trilogy:


jmcqk6 2 days ago 0 replies      
There are places in oregon where you can look North and see Mount Adams in washington, and look south and see Mount Shasta in california. So basically the entire heigth of oregon. I've personally done this on Paulina Peak on several occasions.
newman8r 3 days ago 1 reply      
very cool - I'd never even given this concept a second thought. I'd like to graph these and see how they overlap - would be cool to implement networks via something like https://en.wikipedia.org/wiki/Pseudolite

I'd also be curious to see how this would look if you could include manmade structures like towers or skyscrapers

prawn 3 days ago 2 replies      
K2 incorrectly listed as being in New Zealand?
marceldegraaf 2 days ago 0 replies      
Vsauce had a video about this recently: https://www.youtube.com/watch?v=mxhxL1LzKww
kovrik 3 days ago 2 replies      
Does this mean that there is no known place (point) on Earth from which you can see some other point that is more than 538km away?
my_first_acct 3 days ago 0 replies      
According to the local paper [1], from the top of Mount Diablo (east of SF Bay) it is possible to see Mount Lassen (approx 260 km away). "Although you cant see Mount Shasta directly, you might be able to see part of the peak, refracted by the atmosphere." (That would be 380 km).

[1] http://www.mercurynews.com/2015/11/24/bay-area-facts-what-ca...

a12jun 3 days ago 7 replies      
Surely the longest distance would be, from the top of the highest point on Earth (top of Everest), to the horizon?
vmarsy 3 days ago 0 replies      
Interesting, I'm not sure how the list was created, it seems to be missing entries such as the one mentioned in that March 2015 comment at the end of the post.
zeristor 3 days ago 1 reply      
So are there pictures of what a distant mountain actually looks like over 500km across the Earth; that is the point after all?

Or is there already a YouTube video of this?

amacbride 2 days ago 0 replies      
The Mount Hamilton to Half Dome in Yosemite (168 miles) is the view that blew my mind when I first saw it.


amacbride 2 days ago 1 reply      
The Mount Hamilton to Yosemite view (168 miles), is the one that blew my mind when I first saw it:


js8 2 days ago 2 replies      
OT: Is there an application that can generate panoramic view from some point of Earth based on map and altitude data (e.g. OpenStreetMaps)?
nprecup 2 days ago 1 reply      
You can see the sisters from Mt Adams, which is ~230 km away. I'm guessing there are several more of these that the site didn't catch. You can probably easily see Mt Rainier from 300 km+ standing at the right place. How were these determined? It would cool to see a write up on how it was done.
utoku 2 days ago 1 reply      
Reminds me of a habit I have which made me end up on tops of mountains occasionally. I guess the algorithm can be called "observable ascent":

1. Look around2. Find a relatively close high spot that is visible3. Plan and climb on top of it4. From the peak, find the next highest spot visible5. Repeat

Also works for other topologies.

dzdt 2 days ago 0 replies      
There are many more such pictures at http://theviewshed.com/views-list/ including some that boast greater distances than the original post.
analog31 3 days ago 1 reply      
I wonder if this is computable from a contour map of the earth, assuming optimal atmospheric conditions.
tomxor 2 days ago 1 reply      
And it's only from 5.971 m high... why people use decimals to indicate 3 orders of magnitude I will never understand... either that or they got the wrong SI unit.
mrb 3 days ago 2 replies      
And I thought seeing Mont Blanc from my town Le Creusot, France (a 216 km line of sight) was very long... not! Apparently it would only rank 6th from the bottom of this list!
foota 3 days ago 0 replies      
I'll make a tableau public viz with these when I get home
gwbas1c 2 days ago 0 replies      
I clicked on three pictures. Two are dead links.
Wasabi Simple storage solution wasabi.com
292 points by gglanzani  1 day ago   141 comments top 39
knobbytires 1 day ago 8 replies      
Some quick observations:

- Their performance claims are incredibly biased. Amazon S3 has far better write performance than their claims.

- They claim 100% S3 compatibility but it fails a large number of API calls using Cephs s3-test. I didnt dig into this too far but they do claim No need to change your S3-compatible application so changing my endpoint + credentials should have worked. To their credit - PUT, GET and DELETE did work but that is only 3 of 100s of APIs.

- Their durability claims are highly suspect. I would want to see a white paper breaking this down.

- Their first round was debt financing.

Why this business model doest work...

Most people dont use S3 alone. S3 is a source for other AWS services. That being said, Wasabi becomes a more expensive option as you have a 4 cent egress fee to access data from the rest of your AWS infrastructure. The only place Wasabi becomes cheaper is for those using S3 direct/alone which is a very small subset of S3 usage. AWS is very open about this in white papers, conferences, tech talks, etc.

Wasabi is an economy at scale play that cast way too far a net. There is opportunity in specific vertical markets to sell a solution (object paired with compute) but a pure S3 endpoint will never take substantial marketshare away from AWS.

ernsheong 1 day ago 5 replies      
There's also B2 (https://www.backblaze.com/b2/cloud-storage.html), which is I think the cheapest of them all.

UPDATE: Well, egress is cheaper. B2 is $0.005/GB storage with $0.02/GB egress. But one thing to consider is that B2 storage is located within one single datacenter.

(Disclaimer: I am not affiliated, but am in the process of deciding to use B2.)

caleblloyd 1 day ago 0 replies      
From the FAQ:

> 7. Your website indicates $.0039 per GB per month but the pricing comparison on the website indicates 1 TB is priced at $3.99 / month (instead of $3.90 / month for 1 TB). Why is that?

> The Wasabi monthly price is $.0039 GB / month. Given that there are 1024 GB in 1 TB (not 1000 GB), the price for 1 TB is $.0039 * 1024 or $3.99 per 1 TB per month.

Come on you are a digital storage company let's call things what they are. There are 1000 GB in a TB. There are 1024 GiB in a TiB.

mbleigh 1 day ago 1 reply      
I'm surprised the FAQ doesn't answer the question that immediately came to mind: why should I risk my data with an untested startup when the only benefit is claimed performance/price?

Or my second question: wait, doesn't this sound an awful lot like Pied Piper's product from the newest season of Silicon Valley?

tomovo 1 day ago 4 replies      
Wouldn't it be funny if this was just a market test/exercise, using actual S3 as a backend, just to see if it gets any traction before building own HW/SW solution?
kevan 1 day ago 1 reply      
They're claiming the same 11 9s durability that S3 does. I'd be pretty suspicious of that claim without a track record but it looks like Wasabi's founders come from Carbonite. Bring on the competition, commoditization of fundamental building blocks is great for everyone except people trying to make startup-scale returns on them.
mattl 1 day ago 2 replies      
I wonder how this compares to rsync.net, especially with their HN discount and http://rsync.net/products/attic.html if you're doing the kind of backups I'd imagine Glacier is used for.
sjbase 1 day ago 0 replies      
Has anyone here done a migration from S3 to Wasabi, and successfully realized the lower total cost Wasabi is claiming?
throwaway2016a 1 day ago 4 replies      
> Wasabi is built to be 100% AWS S3 bit-compatible (same AWS API constructs for storage & identity management). No need to change your S3-compatible application when using Wasabi

I often wonder how this works. With the whole Sun lawsuit with Google over the Java API making a clone of another platforms API sounds dangerous.

I'm curious what HN thinks.

I've wanted to have a "compatibility layer" that mimics my competitors APIs but have been scared of the possible repercussions.

ricardobeat 1 day ago 1 reply      
Lacking comparison with their closest competitor B2 ($0.005/GB, cheaper outbound at $0.02/GB). Also no information on DC location and zones.
cschmidt 1 day ago 2 replies      
> Wasabi storage costs a flat $.0039/GB/Month with a 1 TB minimum usage.

so the only "catch" is $3.90 a month minimum?

rdtsc 1 day ago 1 reply      
LeoFS: A stable and scalable S3 clone with NFS support?

That you can host on your own infrastructure


jakozaur 1 day ago 1 reply      
Storage is cheap on any cloud, the network egress is expensive.

1. Wasabi:Storage: $.0039/GB/MonthEgress: $.04/GB

2. AWS:Storage: $0.023/GB/MonthEgress: $.05-.09/GB (even lower if you're big)

Sending data one outside of AWS costs equivalent of 2-4 months of storage.

bzz01 1 day ago 0 replies      
75MB/5 sec benchmark results (using internal AWS network to pull from S3!) sound dubious. You can get 4Gbps+ down from S3 within the same region in my experience, that's 30x faster than these numbers.
gglanzani 1 day ago 1 reply      
Not affiliated, by just found out that's compatible with Arq and when I saw the prices I was stunned.
reiichiroh 1 day ago 3 replies      
On the same page on HN there's another Wasabi that's a fire alarm for deaf people.
inertial 8 hours ago 0 replies      
> 12. How reliable is Wasabi?

> The Wasabi infrastructure has been built using industry best practices for redundancy in data center design.

Sounds too generic. Maybe put in something concrete & technical.

loisaidasam 1 day ago 1 reply      
This looks great. Are there any client libraries for access, perhaps similar to AWS's `boto`? Having a hard time finding that on your website ..
tarikozket 18 hours ago 0 replies      
Neat job, keep up the great work! There is also OVH as competitor. Their panel and documentation is not the best but once you integrate, it works like a charm and I guess they are the cheapest object storage service out there in the market: https://www.ovh.com/us/public-cloud/storage/object-storage/
yuvadam 1 day ago 0 replies      
Depending on your access patterns, Backblaze B2 might be cheaper at $0.005/GB stored and $0.02/GB downloaded.
thoughtpalette 1 day ago 0 replies      
Would love to hear from someones perspective whom actually moved current infrastructure over to this provider. Would love a write-up and pros-cons after transitioning.
squid3 1 day ago 0 replies      
There is also NodeChef object storage. NodeChef charges only by the storage size of your instance. No Data transfer charges. No additional charges for PUT, GET, COPY, or other operations. https://www.nodechef.com/s3-compatible-object-storage
bogomipz 1 day ago 1 reply      
The article states:

"Wasabis durability is 11 x 9s, the same as Amazon S3. To put that in context, if you stored 1 million 1 GB files in Wasabi, you would expect on average to lose one file every 659,000 years"

Can someone walk me through the math here? I specifically curious about why the size of the file being 1 GB is relevant to the calculation.

mv4 1 day ago 1 reply      
I am curious what their strategy is.

Cloud storage by itself (just like delivery) is a commodity, and if you look at the pricing trends per GB, it's a race to the bottom (will be interesting to see which CDN decides to become "free" first).

So, without a suite of offerings a la AWS - how will they make money in this market?

jasonsync 1 day ago 1 reply      
Curious .. where (region) is the data stored?
mingabunga 1 day ago 0 replies      
Just came here to say I think the design of the website looks great, colors, spacing, type etc.
foofoofoofoofoo 1 day ago 0 replies      
For me, when choosing an object storage service, the most important question is WHERE is my data is stored. If I cannot choose where my data is stored, I won't use the service. Why? Because my clients will ask me the same question for their audits.
sreitshamer 1 day ago 0 replies      
We just added Wasabi as a destination option in Arq Backup. Seems to do that job well.
fweespeech 1 day ago 2 replies      
If the goal is price reduction:

https://www.ovh.com/us/public-cloud/storage/object-storage/ (S3-comparable performance)

$40/year minimum

Outgoing traffic: $0.011/GBStorage: $0.0112/month/GB

https://www.ovh.com/us/public-cloud/storage/cloud-archive/ (archival storage)

Incoming/Outgoing traffic: $0.011/GBStorage: $0.0023/month/GB

https://www.online.net/en/c14#pricingStorage: 0.005/Month

No traffic costs (because its archival storage)

The main downside is they are located in 1 physical area even tho they are labeled as multiple DCs.

But for high traffic uses, honestly, you can just double the storage costs (i.e. OVH CA and OVH France) to get redundancy while saving _massively_ on traffic costs.

Waterluvian 1 day ago 3 replies      
Am I doing the math wrong or is this $4/mo for me to dump 1TB of copies of my family albums and whatnot into for long term cold storage?
PaulRobinson 15 hours ago 0 replies      
The biggest reason why I use S3 is not price or performance. Competing with them on price or performance is not going to work.

I use S3 because of convenience. Build something more convenient, I'll switch.

ComputerGuru 1 day ago 7 replies      
Does anyone have a suggestion for a cheaper CloudFront, not S3?

Preferably an option that can do S3 upstream, and support for signed requests with expiry is a must.

jdwyah 1 day ago 0 replies      
Worth noting the opportunity cost of not being in S3. Something like Athena won't be yours for the asking. It's been saving my butt lately. Nice to be able to actually see what's in your S3 sometimes :) http://blog.ratelim.it/blog/log-aggregation-at-scale-for-che...
demas1252 1 day ago 0 replies      
If I am using Arq, will I have additional costs except '$.0039 per GB per month'?
ProAm 1 day ago 1 reply      
Isn't Wasabi a programming language from Fog Creek Software?
dutchbrit 1 day ago 1 reply      
What payment methods do they accept?
freedomben 1 day ago 0 replies      
Is there a web UI?
Piccollo 1 day ago 0 replies      
CobrastanJorji 1 day ago 0 replies      
CTRL+F "availability". 0 results found.
       cached 30 July 2017 02:11:01 GMT