hacker news with inline top comments    .. more ..    7 Aug 2017 Best
home   ask   best   2 weeks ago   
1
Martin Shkreli is found guilty of securities fraud washingtonpost.com
744 points by fmihaila  2 days ago   580 comments top 45
1
jjxw 2 days ago 11 replies      
There seems to be a misconception regarding what Shkreli was found guilty of. The legal case here has very little to do with the pharmaceutical pricing controversy - it is a separate case based on a separate hedge fund that he managed. The gist of it is that he took people's money to start a hedge fund, lied to investors that the fund was doing fine when the hedge fund went belly up, but ended up returning everyone's money plus a sizable return when his separate pharmaceutical venture went well.

When fraud happens those affected don't usually get their money back much less a return on that money. However, it's pretty clear what he did is also fraud (false documents, not returning people's money when they asked for it) even if the fact that investors came out better makes the plaintiffs less sympathetic.

2
Clubber 2 days ago 18 replies      
I use to hate this guy, then I saw the Vice interview on him. It was nice to see his side of the story.

I don't know much about this case in particular. It was kinda sleazy to see the congress question him about his price increases when they knew damn well it was perfectly legal and they haven't done anything to stop it. Shkreli seems to be trying to expose this hypocrisy, but the news loves their stories.

Vice interview:https://www.youtube.com/watch?v=2PCb9mnrU1g

3
sp527 2 days ago 2 replies      
The government and media couldn't have asked for a better outcome. The actual criminals on Wall Street and in Big Pharma, who had the foresight to line the right pockets, go ignored and the outsider who drew the ire of the public - for a decidedly amoral business decision with poor optics - is very publicly castigated. It's a win all around for a monumentally corrupt establishment, which has once again deferred meaningful scrutiny.

Shkreli made the mistake of setting himself up as the perfect loudmouthed, flamboyant patsy.

4
discombobulate 2 days ago 9 replies      
I quite like Martin. I talked to him a few time on YouTube, whilst he was live streaming.

He's whip-smart & knowledgeable. He does, however, have a couple of major flaws. 1) He trolls. Hard. 2) It seems he lies. Which I picked up from a previous news article. (He claimed to have ~$50mm under management @ his previous hedge fund. It was more like $1.6mm. Something like that).

I can forgive the trolling. It's over the top, IMO. But it is what it is.

The lying is another kettle of fish. You can't go around bullshitting ppl. &, as he found out, you can't go around bullshitting investors.

I think he loves money too much. The thought of being poor may have pushed him to do something stupid (ultimately his call!).

I hope he doesn't have too hard a time in jail. Losing his fortune (I believe he loses his shares from Retrophin. ~$65mm. That's already a punishment.

Edit: I don't know why I'm being downvoted. I'm being honest. Fuck you people, frankly.

5
kabdib 2 days ago 3 replies      
A data point about medication:

I just paid for a pair of EpiPens; the generic version was $337 a pair (last I checked, the non-generic version was over $600). I have pretty good health insurance, so I didn't pay that much myself, but my employer paid the rest.

As a baseline, I had the pharmacist look up the equivalent medication for use with a syringe; a ten dose bottle was $5.99. I know, not the same thing. But this confirmed what I'd suspected for years.

I have to assume that the EpiPen delivery mechanism, which is really what we're paying for, is well debugged and optimized and essentially just a matter of ordering parts and assembling them; it would be mind boggling to have a COGs of more than a few dollars, or any significant conversion costs. The cost of the actual medication that the pens contain is apparently about sixty cents on top of that. Mylan is printing money.

Icing on the cake: The pens expire after a year. But you typically can't get pens that last that long, the ones I got already have a few months on them and will have to be replaced before the next school year ends or my son won't be able to attend class (the school is not allowed to administer "expired" medication).

This is an utter and corrupt racket. I'm writing my congressional representatives and senators. Again.

6
sqeaky 2 days ago 2 replies      
Putting people like Shkreli into prison for a long time is vital to the long term stability of society. I wish money didn't buy options to avoid prison and I wish that people with his behaviors didn't so often accrue large amounts of money.
7
setra 2 days ago 1 reply      
Note that this does not have anything to do with his pricing of pharmaceuticals. From a different article:

"Prosecutors say Shkreli looted his drug company to pay back investors in two failed hedge funds he ran. The defense says investors got their original investments back and even made hefty profits."

8
nodesocket 2 days ago 1 reply      
Unfortunately Martin was made a scapegoat and they made an example out of him because of his arrogance and vocal personality. How did the executives that caused the financial crisis of 2008 get off completely free but a relatively tiny hedge fund manager get the book thrown at him? This was a witch hunt, no doubt about it.
9
defen 2 days ago 1 reply      
I'd like someone to do a reading of Martin Shkreli as "satirist of neoliberalism", and suggest that the reason so many people hate him so much is that he's a scapegoat for our collective feelings of guilt. Can anyone offer a valid critique of his raising the price of Daraprim, within the frame of neoliberalism, that doesn't just reduce to "that guy's a real jerk!"?
10
circadiam 1 day ago 1 reply      
I first met Martin over a skype call and he was very humblehis identity online is just a brand.

2 years later, I stumbled into him again and asked him for advice on affording a cancer drug for a relative. He helped me find the charities and also introduced me to a contact at the pharma company.

The internet prefers headlines over reality.

11
fmihaila 2 days ago 0 replies      
For those who can access it, this NYT article has more detail: https://www.nytimes.com/2017/08/04/business/dealbook/martin-...

(Edit: I posted this comment while the WaPo article had only a few paragraphs; it's now fully fledged.)

12
0xbear 2 days ago 1 reply      
I think it's fair to say that Shkreli would be left to his own devices had he not shown the audacity to charge what the market will bear. Meanwhile another person who similarly jacked up the price of a lifesaving drug beyond what many could afford, Heather Bresch, received no negative legal attention whatsoever. Ever wonder why? Because her dad is Joe Manchin. The swamp needs draining so bad.
13
zokier 2 days ago 0 replies      
Gotta love the narrative here. Jack up the medicine price and become americas most hated for a moment by general behavior.. that's fine. Make a fool of couple of hedge fund investors.. oh boy, now you fucked up
14
dayaz36 1 day ago 0 replies      
Although technically true, the title is a bit misleading. He was acquitted from 5 of the 8 counts he was convicted of. Of the 8 counts, count 7 carried the biggest wait. This was in regards to the Retrophin securities fraud accusation where he was accused of a ponzi scheme amounting to over $10M. This was the only thing that would of brought him significant jail time but he was found not guilty. Count 7 carried more wait than all the other counts combined and was the heart of the case against him. Right now the case has gone from a felony to basically a parking ticket. All the articles talking about "facing 20 years" are sensationalist nonsense. That is a theoretical maximum. He will most likely receive NO jail time and will probably just have to pay a small fee.Of course you will not get any of this context from all the sensationalist headlines out there like "MARTIN SHKRELI FOUND GUILTY! FACING 20 YEARS PRISON SENTENCE!"...
15
norikki 2 days ago 0 replies      
Can we please have a conversation on the abuse of Federal plea bargains and insanely high sentencing guidelines? Thousands of Americans every year plead guilty in federal court to crimes they did not commit because they face insanely high prison terms if convicted. Often Federal sentences are several times longer than ones in state courts for the exact same crimes.
16
azm1 1 day ago 0 replies      
Why would this guy should go to prison when no one(except one guy in us) went to prison after the massive financial crisis in 2008?I know its naive/rhetorical question but thinking about it, its crazy to me.He did no financial harm too.
17
calafrax 2 days ago 0 replies      
Great. They convicted one low level autistic freak with no connections over a couple million dollars. Brave day for justice.

What about the daughter of a senator who is the CEO of the company that quadrupled the price of epipens? Yeah, right, mission accomplished, nothing to see there.

18
nsnick 2 days ago 0 replies      
His mistake was taking money from rich people. If he had stuck to stealing from and killing poor people, nothing would have happened to him.
19
aphextron 2 days ago 1 reply      
>Rarely has a white-collar criminal defendant evoked hatred and scorn from public in the way Shkreli has. Shkrelis willingness to lie, step on people, flaunt his wealth and look down on others made him a villain that many wanted to see go down in flames, said James Goodnow, an attorney with Fennemore Craig, a corporate defense firm.

This attitude is just disgusting, and indicative of precisely what has gone wrong with our society. "White collar" criminals who steal millions are deserving of leniency and mercy. But the "thug" who stole $20 from a 7/11 deserves 20 years.

20
grizzles 2 days ago 0 replies      
I find it hard to believe that he got a fair trial this time around. He was already tried and found guilty in a trial by media a few years back. This investigation & prosecution are a direct result of his legal actions that didn't play well politically. BOTH presidential candidates condemned him. To me it's sad. The sacrificial lambing of Shkreli instead of lawmakers addressing the underlying problem of costly pharma is probably the most Venezuela thing I've ever seen happen in the US. They made the system, he's just trying to prosper ffs.
21
ptr_void 2 days ago 1 reply      
He is live-streaming right now: https://www.youtube.com/watch?v=qvArpDQHf-Y
22
ajarmst 1 day ago 0 replies      
It's almost like you shouldn't trust people with narcissistic personality disorder with your money or nuclear launch codes.
23
forkLding 2 days ago 0 replies      
For those who haven't read the article, Martin is being charged on cheating his investors, he himself admits to his "broomsticks", not the immoral arguments he was previously known for.

Also that aside, he was quite a easy target.

24
slap_shot 2 days ago 0 replies      
FWIW, Shkreli has said several times on his YouTube channel that he predicted he was serve 2 years and be done. From what I've heard, he'll be sentenced 3-5 and and serve 80% with good behavior. He had an excellent defense and this was probably known from the beginning.

Interestingly, I don't think he pretends that what he did was right - it just understood it was a means to an end: two years in white collar "prison" for 30-70MM when he had less than $1,000 in the bank and owed creditors north of 1MM.

25
blizkreeg 2 days ago 0 replies      
I have no sympathy for him as he appears to have lied to his investors and moved money around, which seems to be outside the law.

Raising the price of a drug though, as long as he can get away with it, is no crime, no matter how big the increase.

This makes me question though, did he raise the price of Daraprim so he could return money to the investors of his hedge fund?? If so, his entire defense (from his videos) of raising the price to meet his fiduciary duties to Turing's investors falls flat.

26
michrassena 2 days ago 0 replies      
I've found him to be an interesting character, a potent symbol of the greed, arrogance, and indifference of the pharmaceutical industry. A PR firm couldn't have invented a better villain, young, brash, flouting decorum by his openly fleecing the public. He was the perfect scapegoat.

I think we all know nothing has changed, and his conviction today has no relationship to his role as CEO, but I wonder if public opinion of the industry will improve, as if the bad apple is rooted out.

27
thrillgore 2 days ago 0 replies      
Okay real talk -- who's gonna get that Wu-Tang album he has?
28
MistahKoala 2 days ago 1 reply      
I get the impression he isn't so much malevolent in his actions, rather he behaves as a libertine and someone who takes the view that the end justify the means.
29
jonplackett 1 day ago 0 replies      
Does anyone know if they were already in the process of prosecuting him for this or is it a way to get him on something in response to him buying and hiking he prices of aids drugs, since that wasn't actually illegal.
30
accountyaccount 1 day ago 1 reply      
Wait wait wait, he committed fraud... but everyone he defrauded actually ended up getting a 3X return on their investment because he just took money from another one of his ventures?

I mean, illegal sure, but seems like he still held up his end of the bargain.

32
donatj 1 day ago 0 replies      
I'm sure it's been said but was it ever possible for him to get a fair trial?
33
roel_v 2 days ago 0 replies      
So, are the gonna sell off his stuff and more in particular, is the Wu Tang album coming up for sale?
34
eurticket 2 days ago 1 reply      
hand over the wutang
35
ringaroundthetx 2 days ago 0 replies      
In the federal venue, can he appeal the securities counts in isolation of the things he was found not guilty of?

Conspiracy charges are always weak, if you can afford a constitutional law to argue on expression grounds.

Has he expressed interest in appealing?

36
balls187 2 days ago 0 replies      
> Prosecutors argued that Shkreli lied to investors in two hedge funds ... according to prosecutors.

If you were to scrutinize what founders of darling startups said to investors, how many "inconsistencies" would you find?

37
rajacombinator 2 days ago 0 replies      
Jail time for Goldman/JPM execs: 0 and counting ...
38
poisonarena 2 days ago 0 replies      
I entered a livestream question session with this clown and asked him his opinion on CRSPR tech and he replied "It has not future because 'it doesn't work'".. Thats when I knew he was full of crap
39
Alaura 2 days ago 0 replies      
Sound's like a good thing tho, i mean we have seen his history and his past, a lot of things kinda conspired to see this coming in the end.
40
jedberg 2 days ago 6 replies      
I understand that what he did was morally abhorrent, but I don't understand why it was illegal? Maybe a lawyer can give a quick summaray?
41
llcoolv 2 days ago 1 reply      
This really reminds me of "The stranger" by Albert Camus.
42
bobsgame 1 day ago 0 replies      
"Martin Shkreli is found innocent of 5/8 security fraud charges."
43
samgranieri 2 days ago 0 replies      
lol
44
stevenh 2 days ago 2 replies      
I wish people would stop using the word "modulo" like this.
45
petrikapu 2 days ago 1 reply      
2
Arrest of WannaCry researcher sends chill through security community thehill.com
649 points by rbanffy  2 days ago   330 comments top 32
1
watty 2 days ago 11 replies      
I've read a few articles but I feel like I'm missing something. What's with the sensational quotes like "I had folks afraid that their own involvement in investigating WannaCry would get them arrested."?

Everything I've read points that he created banking Malware "Kronos" which was sold on various "underground forums" (whatever that means). What's with the WannaCry conspiracies? He wasn't arrested for being a security research, he was arrested for being a malware creator selling malware. Why is this "sending a chill through the security community"?

2
Jtsummers 2 days ago 1 reply      
I feel like no one here remembers when Dmitry Sklyarov was arrested under similar circumstances. The US government has no obligation to seek out every potential arrestee no matter where they are in the world for every single crime that the US has laws for. But if the target of an investigation (whether they know it or not) sets foot in the US, then we shouldn't be surprised when they are arrested. And this is just another case with Def Con (so no, it's probably not moving out of the US, it didn't 15 years ago), I'm quite certain that these sorts of things happen frequently for other crimes of (relatively) low priority that are just outside our primary focus on this forum (technology).

And is the US any worse for this than other nations? Probably not. They just get more publicity when it happens. But every nation that has a legal system will do the same thing. If the Russians or the Brits or the Germans or the Swiss decide that Jtsummers is a suspect in a crime, and I visit and they realize it, I shouldn't be surprised to find myself arrested and barred from leaving the country.

[0] https://www.cnet.com/g00/news/russian-crypto-expert-arrested... - may not be the best article, it's the first one that came up on Google for me.

3
chasil 2 days ago 9 replies      
Realistically, DEF CON should move to the Caribbean.

Marcus Hutchins is a British citizen. Extradition before the event was feasible and would have been a far more honorable path than the snatch and grab that transpired.

British security experts might insist on Grand Cayman for any further conferences in the Americas.

4
devhead 2 days ago 1 reply      
If your code is used in an exploit and that is now a punishable crime, maybe next the NSA will be in the hot seat since the code that was used in wanacry was their own. Or perhaps Israel for their effort in Stuxnet.I hope he takes it to trial and we find out what is really happening here. Pretty suspicious that this happens years after the fact and only weeks after he helped prevent the further spread of wannaCry. WannaCry being created on top of the leaked NSA exploits they held on to instead of responsibly disclosing to Microsoft.
5
mnarayan01 2 days ago 1 reply      
As someone who's not sure where I stand on this, I feel like Hutchins supporters are doing themselves a disservice by overly-conflating this with WannaCry. I think there's potentially a good argument to be made along the lines of "Hutchins good work w.r.t. WannaCry is the only reason that anyone (including law enforcement) is aware of semi-historical Kronos, so going after him for Kronos is equivalent to going after him for WannaCry." Additionally, there may well be other arguments in his favor that I'm not even thinking of.

But those arguments need to be made (and the one I outlined would need decent factual details). That said...maybe glossing over (or even totally ignoring) Kronos is the best way for Hutchins supporters to go...but if it is, that seems an unfortunate reflection on society.

6
icpmacdo 2 days ago 0 replies      
Another piece of information that seems very shady from the US is they tried to say he was breaking felony gun laws going to the shooting ranges on the strip and using that as a reason to stop his bail

https://twitter.com/ChristyNews3LV/status/893603855266492416

7
thomble 11 hours ago 1 reply      
There's so much strange hand-wringing in a loud subset of the security community. The DoJ has a 93% conviction rate because they pursue strong cases that usually end in a plea-bargain. The FBI aren't spooks. The evidence will become public. If this guy profited off of banking trojans then I, for one, hope he ends up in the clink.
8
loteck 2 days ago 0 replies      
Lot's of comments about moving DEFCON out of US jurisdiction. DEFCON officially flaunts the fact that both criminals and law enforcement attend the event.[0] If that is the approach of the con, this interaction is built-in.

This isn't about DEFCON.

[0] https://defcon.org/html/links/dc-faq/dc-faq.html

9
calafrax 2 days ago 0 replies      
> The indictment does not say Hutchins designed Kronos or sold Kronos. Rather, it says that he provided computer code to a second party to update Kronos.

> Overt Acts in Furtherance of the Conspiracy

> a. Defendant MARCUS HUTCHINS created the Kronos malware.

https://www.documentcloud.org/documents/3912524-Kronos-Indic...

10
ajarmst 2 days ago 2 replies      
Why? The arrest of a mall cop who was also doing burglaries wouldn't send a chill through the security guard community, except perhaps for those who were moonlighting as burglars.
11
wepple 2 days ago 1 reply      
> It is unclear from the indictment if Hutchins would have been aware his work was being used maliciously

The indictment specifically states he sold the malware. Unless he was completely convinced the buyers of Kronos were using it for research into browser malware, it's pretty damned obvious.

I'd be interested to talk to malware researchers that are genuinely scared about this.

12
noshbrinken 1 day ago 0 replies      
Individual known for benevolent acts arrested on charges of other, malevolent acts chills community of benevolent actors?
13
qaq 2 days ago 0 replies      
I think one factor not being accounted for is cybersecurity is a fairly big priority for law enforcement yet in a very large number of cases they are never able to find or prosecute people responsible. So they need to "make the numbers" to show that they are being effective and the easiest strategy is to go for easy targets.
14
duxup 2 days ago 0 replies      
I guess I get the concern but it seems clear the accusation are unrelated to WannaCry and his involvement in another event.

We've seen bumbling investigations and misguided legal threats before... that didn't stop people and this one doesn't seem to yet be either of those.

15
betaby 2 days ago 0 replies      
No need to do any malice in order to be arrested on Def Con

https://www.cnet.com/news/russian-crypto-expert-arrested-at-...

16
throw2016 2 days ago 0 replies      
The lines between security researcher and malware creator is becoming increasingly murky.

When is it research, pretending to be a bad egg to get more info or actually being one?

As long as its was fun and games no one really minded, but now malware is used to hold schools and hospitals to ransom. Even criminals don't go after schools and hospitals. Extreme greed and criminality can't be minimized away as 'hacking'.

The infosec community likes to be edgy but they need to clean up their act and not give airtime and cover to criminals, and its difficult to believe they don't know who these are.

17
tryingagainbro 2 days ago 3 replies      
Is it me or the DOJ so the flight manifest and then went to a grand jury to indict? He did what he did in 2014-2015 and the charges were filed in July 2017, a couple of weeks before Defcon...
18
throwme_1980 2 days ago 0 replies      
Please read his indictment application, there is clearly a reason why he was arrested. If 'researchers" are allegedly selling malware then yes they should worry. Simple
19
csomar 2 days ago 0 replies      
The article is light on details and leave an important question's answer very vague: Did Hutchins sell his product in an underground market to an unknown identity? How much was the compensation?

These questions answered would make the case a "clear-cut".

And there is a big difference between selling your code in an underground market for $250k* with bitcoin, and open sourcing it for free.

*I come up with this number as an example.

20
mirimir 1 day ago 0 replies      
Leaving aside the particulars of this case, I must say that anyone who does anything that might plausibly be prosecuted ought to remain anonymous, and practice good OPSEC. In researching an article about such issues, just about every bust was the result of carelessness.
21
sqldba 1 day ago 1 reply      
It's a bit odd you can make a knife or gun and sell it but if you sell malware that's illegal.
22
shoefly 1 day ago 0 replies      
I hope they go easy on him. He's done some bad, but recently some good.
23
flipp3r 2 days ago 2 replies      
Sad to see it confirmed that it's not worth the risk going to America to visit DEFCON. I hope they'll host it in Europe someday.. To see no statement by DEFCON on this whole thing is almost equally sad.
24
purpleidea 1 day ago 0 replies      
Time to move the conference out of the United States to somewhere more Neutral. Canada would be a good suggestions. Montreal is excellent.
25
cagey_vet 1 day ago 0 replies      
what bothers me actually is how these correlations were made, and by what process of deduction, if its not a snitch related frame
26
thrillgore 2 days ago 1 reply      
I would not be shocked if Defcon moved out of the US.
27
bdcravens 2 days ago 0 replies      
Shouldn't it be "Arrest of malware creator sends chill through security community"?
28
known 1 day ago 0 replies      
Isn't he arrested for selling illegal key logger software?
29
celticninja 2 days ago 3 replies      
30
olegkikin 2 days ago 2 replies      
I hope it goes to trial, and he is not found guilty. Should be a relatively easy case to win.
31
DINKDINK 2 days ago 0 replies      
I wonder if the location of the arrest influenced the prosecutors' decision: "We 'caught' him at a hacker convention where they broke a voting machine!"
32
vkou 2 days ago 1 reply      
He's not indicted for doing security research, he's indicted for stealing people's bank accounts.

The indictment may end up being bullshit, but it has not been for any of his white-hat, or grey-hat activities.

3
Mozillas Send makes it easy to send a file from one person to another theverge.com
593 points by Tomte  3 days ago   311 comments top 52
1
pmlnr 3 days ago 16 replies      
Remember why we were able to use Skype for this?Pepperidge farm remembers!

Joke aside I transfered a lot of files inside instant messengers and they worked quite well. Nearly everyone had at least a yahoo/messenger/skype/icq account, which made this rather simple, and, because nobody had the capacity/wasn't insterested/was actually p2p, it was perfectly fine. A bummer if the modem connection went down or you had to hang up because the family wanted to make a call, but hey, it was glorious. (no, this is not sarcasm, it really did work.)

2
nneonneo 2 days ago 1 reply      
Neat. It uses client-side crypto (AES-128-GCM) to secure the file; the key is in the fragment portion of the URL so it doesn't automatically hit the server (assuming you trust the server JS).

The protocol is a little bit strange, though. The file metadata is transmitted as an X-File-Metadata header on upload, and includes the SHA256 hash of the original (unencrypted) file (as the "aad" parameter to the X-File-Metadata upload parameter). This is a little concerning for privacy; while the filename is easy to disguise, hiding the SHA256 sum requires modifying the file in some way. Of course, this might only be a concern for uploading known files, but it's still a bit of an infoleak.

It's also strange in that the key isn't checked in any way (even for sanity) before initiating a download, so if you mess up and leave it off (or corrupt some bits), you won't find out until the end of the download that you can't get the file. Worse, the file will be deleted, forcing you to ask your sender for another copy.

The client-side crypto has one other downside: there doesn't seem to be a standard way in JavaScript to stream a POST request yet. You could emulate it with e.g. WebSockets, but those are a lot more heavyweight and CPU-intensive (for the server) than simple POST requests. So, the current implementation just encrypts the entire file as one giant block, and then uploads it - placing the whole file in memory. Hence the 1GB soft-limit. Downloads are similarly limited.

Luckily, non-browser clients can do whatever they like, so I wrote a Python client that's compatible with the server, but uses streaming POST and on-the-fly en/decryption to save memory. Check it out at https://github.com/nneonneo/ffsend - feedback welcome!

3
supercanuck 3 days ago 9 replies      
It is kind of surreal that it is 2017 and we're still trying to solve such a basic computing problem.
4
falcolas 3 days ago 5 replies      
This is a bummer; using Safari:

Your browser is not supported.Unfortunately this browser does not support the web technology that powers Firefox Send. Youll need to try another browser. We recommend Firefox!

It would be nice to know what web tech they are using that isn't supported. Whatever it is, Chrome works.

EDIT: It requires support for the AES-GCM key type, with a size of 128.

5
dec0dedab0de 3 days ago 5 replies      
Otherwise technically illiterate people used to be able to do this with AIM direct connect over 15 years ago. It still blows my mind that AOL had a near monopoly in this space, and lost it by continually making the user experience worse.
6
false-mirror 3 days ago 2 replies      
I really hope Mozilla decides to expand on this.

One issue with the experiment is it has such a narrow use case. Disappearing after one download / 24hrs makes sending a file to multiple people--or just one person who drags their feet on the DL-- makes it really inconvenient to use. Even offering "1 download -OR- 24hrs" would make it far more useful.

7
mih 3 days ago 1 reply      
I always wonder how Opera Unite (in 12.x) versions would have fared had it gained traction. The sender had absolute control over what files were shared and how long they could be without needing to rely on a 3rd party to host content or setting up a complex service on localhost. Opera did kill it off the Unite service even before they migrated to Webkit/Blink, but it is something I remember fondly.
8
dmart 3 days ago 5 replies      
Hmm... it seems like most of the time when I want to transfer a large file to someone (or to another one of my own devices), I just want to do it immediately and only once, so there's no need to upload it to a third, temporary location.

Unfortunately it seems like most of the time a physical USB flash drive is the most efficient way to accomplish this. Seems absurd to me that in 2017 there's not a common, user-friendly way to just establish a direct connection between two web browsers and directly push files through.

9
amq 3 days ago 1 reply      
A really needed service, but I doubt it will last for long, because it's far from the core business and because it will potentially cost more than Mozilla is willing to dedicate.
10
Sjenk 3 days ago 1 reply      
I did a quick scan of the article but is there any difference with wetranfser? The only things I found is encryption and it is 1gb less. But since Wetransfer is a dutch company they are not allowed by law to look in those files you send if I am correct.
11
vit05 3 days ago 0 replies      
I really don't get why people are criticizing and saying that there are better alternatives to this. Of course there is. This was not built to be the best way to send files, just to be the most practical one. Some people don't even know there is life outside of Facebook, they will never know about alternatives to send a file they could not send using email or messager. And this shows that Mozilla is starting building services layers on Firefox.
12
JD557 3 days ago 5 replies      
From the repo, it appears that it depends on S3.

It would be nice to be able to self-host this on a small home server for friends and family. That way, even if they shut down their server, you could still share files with your friends.

13
Sir_Cmpwn 3 days ago 6 replies      
A better approach in 2017 is something like File Pizza: https://file.pizza/

This uses WebRTC to transfer files peer-to-peer.

14
redm 3 days ago 2 replies      
I find "burn after reading" downloads for a number of reasons, but generally, they often don't work as intended.

For example, modern email services (Google, MS, etc.) accessing links in emails and download the content and check it for malware. They probably mitigated this but its caveats like this that cause messages to be burned before the intended reading.

15
merpnderp 3 days ago 4 replies      
How is Mozilla going to keep this viable? Since they're using S3, it likely costs them roughly $.08/GB moved between users in bandwidth costs plus whatever fraction of a month the file is left there of the $.025 GB/month storage costs.
16
option_greek 3 days ago 2 replies      
They need to make the url human memorable. Something like /files/what/a/nice/day. This seems to be aimed more for sending over emails.
17
rythie 3 days ago 1 reply      
It's a nice idea, though I'd really like to just run one myself (inside the firewall), seems like that would be safer, at least in the eyes of users.
18
deanclatworthy 3 days ago 2 replies      
Surely this is going to be incredibly expensive in the long-run for Mozilla? I can't quite get what their play is with this service.
19
emcf 2 days ago 0 replies      
20
amelius 3 days ago 1 reply      
This will also be solved by IPFS, [1].

[1] https://ipfs.io/

21
LinuxBender 3 days ago 0 replies      
My personal preference are browser agnostic methods[1] and giving the sender the choice to use whatever method of encryption they wish. I prefer the simplicity of 7-zip / p7zip, but others may prefer PGP.

[1] https://tinyvpn.org/

22
varunramesh 3 days ago 0 replies      
I use https://transfer.sh/ for this kind of ephemeral file transfer. They have drag/drop through website, integration with ShareX, and even an alias that you can add to your shell.
23
booleanbetrayal 3 days ago 1 reply      
`brew install magic-wormhole`
24
kwelstr 3 days ago 2 replies      
Does anybody remember IRC's DCC send?
25
darkstar999 3 days ago 1 reply      
Can this link be changed away from clickbait Verge? Perhaps https://github.com/mozilla/send
26
pwaivers 3 days ago 5 replies      
Relevant XKCD: https://xkcd.com/949/
27
mtgx 3 days ago 0 replies      
Is this using WebRTC?

Either way looks like a good promotion trick for Firefox if many people end-up using. Good job whoever came up with it and convinced Mozilla leadership to deploy it.

28
masthead 2 days ago 0 replies      
Firefox is getting it right these days!From Container tabs to Snooze Tabs to Firefox send to Quick notes from the browser.This is all I wanted!
29
iuguy 2 days ago 0 replies      
Does anyone else find it ridiculous that a platform supposedly committed to open standards releases something that doesn't even work cross-browser?

For a cross-browser, self-hosted tried and tested alternative, there's 0bin: https://github.com/sametmax/0bin

30
nstart 3 days ago 0 replies      
Surprised no one mentioned file.io. They've been around for a while with the exact same use case + an API.
31
locusofself 3 days ago 1 reply      
Bittorrent "Sync" was a promising application until they tried to monetize it and made it worse (Resilio Sync).
32
Abishek_Muthian 2 days ago 2 replies      
If this picks up, email services (who own cloud sharing facilities) might put up a huge warning in red stating the security risk for their users in clicking that link. I wonder whether Mozilla feels having the file scanned by virustotal before encrypting violate user privacy.
33
millzlane 2 days ago 0 replies      
I prefer https://send-anywhere.com/ they have a 4GB limit.
34
hobbes78 2 days ago 0 replies      
I still believe instant.io is better, as it's P2P and uses bittorrent underneath (actually, a web version of it)...
35
izzydata 3 days ago 1 reply      
So what is this going to cost the user in the future? I can't imagine this will be a free service forever if Mozilla has nothing to gain from eating up tons of bandwidth.
36
akilism 2 days ago 0 replies      
37
ucho 2 days ago 0 replies      
Makes me wonder when Firefox will be able to resume interrupted file downloads without addons.
38
edgartaor 3 days ago 0 replies      
Some times I use volafile.org. Keep your files for two days.Although it's not suitable for private files it's easy to use.
39
amelius 3 days ago 0 replies      
Does this allow one to send a file to an iPhone, and let the user store it somewhere, and view/play it?
40
martinald 3 days ago 1 reply      
Is this not exactly the same as WeTransfer?
41
praveenkrs 3 days ago 0 replies      
This was the best feature I like about the google talk desktop client. And was sorry to see it leave.
42
dingo_bat 3 days ago 0 replies      
Looks like a web implementation of Samsung link sharing. Cool. Hope to use it often.
43
caffinatedmonk 3 days ago 0 replies      
I built DnD, a self hosted file transfer program. It's like scp with a UI. Check it out on github: https://github.com/0xcaff/dnd
44
emcf 2 days ago 0 replies      
Firefox Send is great service. Thank Firefox
45
cdnsteve 3 days ago 1 reply      
Is there an API developers can use to leverage this?
46
digitalengineer 2 days ago 0 replies      
www.wetranfer.com : just upload add email and send. They even have OSX intergration. (Up to 2 gb free)
47
longqzh 3 days ago 1 reply      
Can we access it from China?
48
altern8 3 days ago 0 replies      
Why, though.
49
albertgoeswoof 3 days ago 1 reply      
Well no, it's nothing like snapchat, what kind of title is this

Great that Mozilla are experimenting but this article literally adds nothing to the original Mozilla blog post and website and has no value whatsoever

50
whowouldathunk 3 days ago 3 replies      
Seems superfluous. In Windows 10 you can right click on a file > Share > choose any app or person to send the file. Or in the latest version you can just drag/drop a file on top of a person pinned to your taskbar.

Disclosure: I work at Microsoft.

51
brianberns 3 days ago 5 replies      
> Mozilla says it does not have the ability to access the content of your encrypted file.

This can't possibly be true. Since Mozilla is encrypting the file, they can also decrypt it (and must do so when the recipient downloads it).

Edit: I was wrong, but will leave this comment because the explanation is useful.

52
snakeanus 3 days ago 1 reply      
I don't really see the point. We have had temperately file hosting services for years. Moreover I find the fact that it requires JS and multiple 3rd party resources in order to work properly extremely annoying (all the other services that I know of do not require that).

I think that it would be better if Mozilla focused more on their important projects, such as Firefox, Servo and Rust.

4
Exa, a modern replacement for ls exa.website
733 points by r0muald  3 days ago   394 comments top 61
1
krat0sprakhar 3 days ago 3 replies      
Wow, the comments in this thread are quite harsh. Even though I might not use it, this looks like an awesome project - kudos to the author for finding (& implementing) ways to improve something as mundane as ls.

I've long been stuck on finding a suitable (perfect?) project idea to play with Rust but exa is making me think through again!

Thanks for sharing this and also for your screencasts. I'd definitely spend a lazy evening watching you program exa.

2
Perceptes 3 days ago 0 replies      
If you're interested in learning Rust by watching someone work, the author did several long screencasts of himself working on exa: https://www.youtube.com/channel/UCoBjY7TeCXzOULdiE40Ig1w
3
_jal 3 days ago 5 replies      
It is great to scratch an itch and make something behave exactly as you want it to be - kudos.

That said, this is very much not for me. Default-colorized is something I emphatically do not want; defaulting to relative units, ditto. It it were me, the first thing I would do is get rid of 'grid' display entirely - reading across just doesn't work for me. Etc.

More prosaically, `ls` is sort of like breathing for me - I do it so much during the average day that I don't even think about it. Can't say I immediately know every one of the switches, but probably 10 or so variants I use daily are pure muscle memory, and less frequently used things (extended attributes, symlink-deref options, etc.) I can remember without the man page.

So in that sense, `ls` is well into the same category as vi for me - I'm so accustomed to whatever warts there may be that switching would be much more painful than any efficiency gain.

4
SwellJoe 3 days ago 0 replies      
I just noticed the tests and the incredible lengths the author went to in order to effectively test exa. It's really impressive. GNU coreutils ls has a pretty good test suite, too ( http://git.savannah.gnu.org/cgit/coreutils.git/tree/tests/ls ), but this goes well above and beyond the call for something so new.
5
general_pizza 3 days ago 4 replies      
This is heavily influenced by personal taste, but I don't understand the value of having so many elements of the output colorized. File type seems a useful case, everything else in the output of `exa -l` just looks distracting to me. Just my 2 cents.
6
donatj 3 days ago 2 replies      
I set up $LS_COLORS like 15 years sgo in my .zshrc and haven't had to touch it since. Doesn't seem like a huge deal worth replacing it over.
7
khedoros1 3 days ago 9 replies      
> For example, exa prints human-readable file sizes by default (when would you not want that?)

When I've got two similar but non-identical files, and I think that the difference between their sizes might be important.

That's a silly nitpick, though. It's not like I lose ls by installing exa. Plus, it's a nice excuse to see if I can get cargo working around the corporate firewall.

8
otterpro 3 days ago 4 replies      
It feels like swiss army knife of 'ls' that tries to do everything in one, and I hope more features are added, such as showing directory size, which would be a killer feature. I hate using 'du' or 'ncdu'.

I installed in Ubuntu (and WSL) by downloading the zip file and also 1 dependency by `sudo apt-get install libgit2-24'

Edit: It's also fast, and I'm beginning to think Rust is really good for making speedy commandline tool, as I'm a big fan of 'ripgrep', another popular tool written in Rust.

9
untog 3 days ago 2 replies      
This is cool, but it doesn't solve (in fact, exacerbates) my usual complaint with `ls` - I don't know what the arguments are. The example on the site is:

 exa -bghHliS
Argh! I want to be able to say `ls --size` to get the file sizes. I don't want to remember a million arguments.

10
SwellJoe 3 days ago 0 replies      
I love it, but it's also kinda angry fruit salad.

Colors are good...too many colors is overwhelming. It might be that I'd come to recognize what the colors mean if I work with it every day, in the same way that I begin to recognize the flow of a program and when a color is "wrong" after using the same syntax highlighting in an editor for a long time. But, I couldn't tell you what any of the colors mean in my favorite editors.

It's more about recognizing when something has the wrong color compared to everything else with that "shape". e.g. a good example is that in shell scripts, I often put space between the var name, '=', and the value. That's not an assignment and can lead to subtle bugs (shellcheck will catch it, too, but I see it clearly in the editor because it doesn't highlight as a variable declaration).

So, what I'm getting at is that I'm pretty sure I'll always have to read the actual text to make any sense out of this output; the huge number of colors may just hinder readability. I don't know this for sure, but it's pretty jarring to look at even with a nice muted color scheme. I love colors in terminals, though, so I'll give it a go.

11
andrewflnr 2 days ago 1 reply      
There's only one problem with this thing: all the characters are on one hand with a qwerty keyboard! A bit more annoying than ls, where you can practically hit the keys simultaneously. (You want to nitpick the colors, do you? I'll show you what real bikeshedding is...) In all seriousness, though, it looks good.
12
mavhc 3 days ago 11 replies      
exa is hard to type, bad choice of name for something I'd be typing many times a day
13
renox 3 days ago 8 replies      
I find quite funny that the author is so convinced that the use of colors is the "right default".1) I'm colorblind so my view of colors is different from yours.2) I find that any tool which use many colors suck: there will be a color combination which will be hard to read (for example git log: the sha1 keys are dark red on black, unreadable) but using just a few color is very nice (git diff: 3 colors, one for +, one for - and a third one for the rest, nice!).

Also I've seen two times that the color bytes broke something: an expect script was broken by grep's colors and colleagues of mine were very confused when two similar commands gave different output, the reason? Colors!

So colors by default?Thanks but no thanks.

14
assafmo 3 days ago 4 replies      
The main problem I can think of is that I'm so used to type cd and then ls... But OTOH it's as simple to fix as alias ls=exa

EDIT:

"exa prints human-readable file sizes by default (when would you not want that?)"

I actually use bytes a lot for certain progress calculations.

Also I get an error "exa: error while loading shared libraries: libhttp_parser.so.2.1: cannot open shared object file: No such file or directory" (Ubuntu 17.04)

15
swift 3 days ago 3 replies      
The feature I'd be most interested in here is the integration with git, but I don't see an example on the site that demonstrates that. If the author is reading this, could you please add one? (Or maybe point it out, if I'm just missing it?)
16
pierrec 3 days ago 3 replies      
>although Rust is cross-platform, I dont have a Windows machine to develop on...

Well, Windows VMs aren't hard to come by and they work quite well on any host platform (contrarily to some other OSes coughMacOScough)

A native windows version would be interesting, though I believe people generally shun any prolonged interactive use the windows command line, this kind of tool might be one of the possible remedies against the pain of using it.

17
pbiggar 3 days ago 2 replies      
This is really cool - bringing the great treatment of `ack` to ls. And can confirm how fast it is!

The unix philosophy is a great idea, but it doesn't really lead to a good experience. Glad people are making more integrated tools!

Oh, and It's in homebrew already: `brew install exa`

18
amelius 3 days ago 4 replies      
Does it take into account the background color of my xterm so things do not become unreadable?
19
tadzik_ 3 days ago 5 replies      
> exa is written in Rust, so its small

I suspected this would be total bullshit, and it is. Its small binary is a mere 3.4 megabytes. I wonder if I misinterpreted the "small" part.

20
rc_kas 3 days ago 1 reply      
What do all the colors mean? I wish he would make a little page explaining what I'm looking at and what each color means.
21
pmarreck 2 days ago 0 replies      
Receive the feedback, but ignore the haters and do what you feel is right for your brainchild.

I've learned some commandline tricks just from reading the comments!

22
swah 2 days ago 0 replies      
Very interesting - thanks.

 /exa/src $ cloc . 41 text files. 41 unique files. 0 files ignored. http://cloc.sourceforge.net v 1.60 T=0.10 s (423.5 files/s, 64346.3 lines/s) ------------------------------------------------------------------------------- Language files blank comment code ------------------------------------------------------------------------------- Rust 41 1152 929 4149 ------------------------------------------------------------------------------- SUM: 41 1152 929 4149 -------------------------------------------------------------------------------

23
dsego 2 days ago 0 replies      
Looks very nice, I've been using K, which has some other cute features (https://github.com/supercrabtree/k), but I'll definitely add this to my arsenal.
24
TomK32 2 days ago 0 replies      
A multi-threaded program to list files. The times we are living in...

I'll give it a try for a few weeks.

25
tym0 2 days ago 1 reply      
I've been using k [1] to get pretty much the same functionalities but, being written in zsh, it's terribly slow. Your program looks nice but I would love to have an output closer to k in term of colour [2], at the moment it feels way to noisy to me.

[1] https://github.com/supercrabtree/k

[2] https://raw.githubusercontent.com/supercrabtree/k/gh-pages/f...

26
0x006A 3 days ago 2 replies      
so whats the replacement for sl in that case? can't live without it
27
0xTJ 3 days ago 0 replies      
This is cool, I was having trouble with libraries, so I'm switching my main Linux to Arch.
28
Dowwie 2 days ago 1 reply      
This is great. I'm switching to exa!

I had high hopes with this command but found the git features missing: exa -l --git --time-style=long-iso -T

Nonetheless, this displays

Hopefully, the author finds this worth the time to support..

29
rhianna86 3 days ago 0 replies      
This looks awesome. Anyone's gonna make a PR for ubuntu to add this?
30
hepek 3 days ago 4 replies      
./exa-linux-x86_64: error while loading shared libraries: libhttp_parser.so.2.1: cannot open shared object file: No such file or directory

Couldnt all the dependencies be statically linked for max portability?

31
sethammons 3 days ago 3 replies      
so... a mix up of the following:

which lsalias ls='ls --color=auto'/bin/ls

tree -L 2

git diff --stat

git status

32
Cockbrand 2 days ago 0 replies      
I really dig the very useful output, but I'd also muchly appreciate an `ls` compatibility mode. Thus, one could put something like `alias ls='axa --compat'` into .profile and wouldn't have to re-train their muscle memory. F.e., I'm personally using `ls -altr` very often, and `axa -altr` will yield me an error.
33
steventhedev 3 days ago 2 replies      
Is this intended as a full on ls replacement? As in, does it respect the envvars such as lscolors? Will it silently ignore -h, or will it die violently?
34
yosoyalejandro 3 days ago 0 replies      
Very cool project, will replace ls for exa :)
35
callaars 2 days ago 0 replies      
I used it now for a year (maybe more, I can't remember) and I find it fantastic. It's great, and I can't imagine using plain old ls any more. No matter what people say, I love it.
36
Froyoh 3 days ago 0 replies      
Wow Im quite overwhelmed by the colors
37
h1d 2 days ago 0 replies      
If you want colors, you can use grc to colorize command outputs not just ls, even MySQL terminal.

Some old HN thread.https://news.ycombinator.com/item?id=3858954

38
roadbeats 2 days ago 0 replies      
I already installed & replaced my ls config. Thanks for making it!
39
nightcracker 2 days ago 1 reply      
For a command that gets typed as often as 'ls', choosing 'exa', which is typed with one hand only, even worse, with a repeated finger, is kind of a poor choice.
40
d--b 2 days ago 0 replies      
i know this may sound trivial, but I'd probably never use this just because typing exa is a lot more annoying than typing ls. The three letters are on the left side of the keyboard and on the three rows. Sure I could rename it to something I like, but then I won't be able to get used to it, because I won't be able to find it when I log on to other computers. It's a silly thing that has a serious impact on usability...
41
kbutler 3 days ago 1 reply      
Interesting that they chose to keep the file name on the right-hand side like ls, and unlike every graphical file manager.

The name is the key field and so it should generally be the left-most column.

42
baby 2 days ago 0 replies      
This is amazing! Now:

* can you use unicode icons to replace `d` and others with icons of folders and such?

* where are the color signification explained?

43
nardi 3 days ago 0 replies      
My first thought is that "exa" has all three letters in the left hand. Not nearly as easy to type as "ls".
44
xaduha 3 days ago 0 replies      
No one invented anything better than Commander-type UI for dealing with files. For non-trivial tasks I'd fire up vifm.
45
TedHerman 2 days ago 0 replies      
Surprised no one has suggested replacing permissions display with emoticons.
46
lwindy 2 days ago 0 replies      
I honestly just like it, colors make it easier on my eyes
47
bsmit 3 days ago 3 replies      
What does "exa" stand for? That's what I want to know.
48
amelius 3 days ago 1 reply      
What is the usefulness/learning_effort ratio of this tool?
49
gesman 2 days ago 0 replies      
$ exa -bghHliS ????

How about:$ exa . -- with the same outcome? :)

50
rv77ax 2 days ago 0 replies      
The last thing I want in terminal is colours.
51
of 3 days ago 0 replies      
ohh i thought exa was a replacement for the word 'is'. i was like damn.... that's fucking cool.
52
torus 2 days ago 0 replies      
Nice, I like the -T option.
53
polote 3 days ago 0 replies      
Why do you want to replace ls?
54
dan-compton 2 days ago 0 replies      
The name is too long.
55
frahs 3 days ago 1 reply      
exa is harder to type than ls, but this looks really cool.
56
peacetreefrog 3 days ago 0 replies      
cool. i feel like this whole thread is the epitome of hacker news comments
57
git-pull 3 days ago 2 replies      
While it's not the intention to replace the binary itself, I'm just not a fan of the idea of substituting system built-ins in everyday behavior. Stuff like cd, ls, etc. I like to keep it to the basics.

Even just with PATHs or aliases, or a new binary entirely.

And I'm a person who is no stranger to dot-configs. I've never taken it as far as Z(1), https://github.com/rupa/z.

A system builtin is stuff you'd see stowed away in /bin. They are essential low level binaries you have to trust. If somehow a malicious ls got out there, nothing's stopping people from writing memory-safe malware that uploads your $HOME configs to some server in a far away land.

The more I say this, I guess defaulting to a substitute for a builtin command doesn't matter. The average developer relies on so much third party stuff in their shell, vim, package manifests, and so on that all these years could have done bad stuff, nothing has happened.

Maybe it's my defense mechanism firing that my own dot-config has grown so big I don't remember what the hell's in it anymore.

In fact, it's a common thing for terminal applications to accept environmental variables to use third party applications. For instance, $EDITOR, and less often (but no less useful): $PAGER. You can give it a shot with most(1) [1], I mention it in my book, The Tao of tmux [2] (available free to read online).

So also, regarding $EDITOR, if you prefer that being in GNU nano, Pico, Vim, or emacs, set it in your .bashrc/.zshrc:

export EDITOR=vim

Also, for git's editor, I don't remember if it falls back to $EDITOR, but you can do:

export GIT_EDITOR=vim

Another tool at your disposal for ls(1), which even FreeBSD supports, it $LS_COLORS:

http://man7.org/linux/man-pages/man5/dir_colors.5.html

edit: actually, BSD's ls(1) seems to be $LSCOLORS (https://www.freebsd.org/cgi/man.cgi?query=ls&sektion=1):

[1] http://www.jedsoft.org/most/

[2] https://leanpub.com/the-tao-of-tmux/read#leanpub-auto-read-t...

58
axaxs 2 days ago 0 replies      
i'm not going to be rude or hate exa, it looks really cool actually. I, for one, love the color coding. But trying to replace something as old and known as 'ls' probably isn't a realistic goal. I think talents would much better geared towards something missing, instead. Either way, keep up the good work.
59
jwilk 3 days ago 2 replies      
> Git support: View the staged and unstaged status of every file, right there in the standard view. Also works in tree view.

This is nearly impossible to implement securely.

Better don't run exa against untrusted directories.

60
tariandbari 2 days ago 1 reply      
To the author: As you are already making a much more user and human friendly version of ls (like making ls -h the default behavior) please consider placing the name of the file on the left most column

 inode Permissions Links Size Blocks User Group Date Modified Name
21214836 .rw-r--r-- 1 9.4Ki 24 ben staff 29 Jun 16:16 Cargo.lock

As a human I first care for the name, Currently I'm forced to scan the right most column (which position varies) and then travel back to the beginning of the line and read the rest of the metadata

61
kabdib 3 days ago 1 reply      
Color is one of the first things I turn off. So many tools color files in ways that are very difficult to read (dark blue against a black background, really?)

I'm colorblind, too, so your red/orange/green distinctions are utterly wasted on me. Raw color is a very flaky and low fidelity way to communicate to a user.

Animation, on the other hand: Give that super important file that's somehow busted or very active some kind of blink or a meaningful animation and you'll have my attention. I may hate the tool for it, but you'll have my attention...

5
HTML5 Version of the Tron:Legacy Boardroom Scene robscanlon.com
586 points by PleaseHelpMe  1 day ago   58 comments top 24
1
arscan 23 hours ago 7 replies      
Glad to see some people are getting a kick out of this. I built it a few years back while learning webgl, css3, node.js, redis, and modern (at the time) js tooling. Source over at https://github.com/arscan/encom-boardroom

I didn't build this with any real practical application in mind at the time. But some people have reused components in their own projects over the years, particularly the globe (https://github.com/arscan/encom-globe).

2
thatcherc 23 hours ago 2 replies      
Are there any efforts to make movie-type window styles for real use? The Tron:Legacy style would be a fun one to have, as well as the one used in the computers in Westworld (similar light-blue-on-black)[1] and Interstellar [2]. I'm sure it's a more difficult process than I'm imagining, but it would be really cool to be able to use the window and interface themes of the computers in your favorite show or movie, especially since some have such great designs.

[1] - https://www.youtube.com/watch?v=Ikup60uEg0c[2] - https://youtu.be/bmz9lMP6aQU?t=2m4s, visible for a brief second just after 2m4s

3
hughw 1 hour ago 1 reply      
My admiration is unbound. I have one reservation -- I wish it would handle history correctly. I wish each click e.g. github produced a new URL I could email to a friend so they could view the same scene. And then I wish I could hit "back" to recover the landing page. None of this diminishes how beautiful this is, and I'm sure it just wasn't part of what you were trying to explore.
4
kang 15 hours ago 0 replies      
5
DannyDaemonic 23 hours ago 1 reply      
This is beautiful. There needs to be a plugin api for this so we can make our own using charts using the built in command line and associated widgets.
6
thinkpad20 23 hours ago 0 replies      
The term "mad skills" comes to mind. I would love to see a breakdown of some of the techniques he used to construct this.
7
Splines 18 hours ago 0 replies      
Subreddit of movie-fake-UI: https://www.reddit.com/r/FUI/
8
collinmanderson 9 hours ago 1 reply      
Fun to see Event Source show up here. I feel like WebSockets are all the craze, but Event Source seems to be a really simple alternative that uses only HTTP.
9
emilioolivares 20 hours ago 1 reply      
What, the .js file for the globe itself is 43 thousand lines of code. Was this a weekend project? How do you find the time? Very well done my friend. (https://github.com/arscan/encom-globe/blob/master/build/enco...)
10
nautilus12 12 hours ago 0 replies      
If only we could get a version of this to render in the terminal so we could hack our workstations to actually look like this. I use tmux pretty heavily. Id love it if panes looked like this
11
raykanani99 23 hours ago 1 reply      
Holy cow. Did you use a charting framework for the stream feed? How did you get such a pretty globe?
12
bluescreenofwin 2 hours ago 0 replies      
Man this brings me back.. Thank you for creating this!
13
pmattos 23 hours ago 0 replies      
Very cool stuff... even `ls` works in the shell ;)
14
Kenji 16 hours ago 0 replies      
The funny thing is that it loads faster and has higher fps than many websites that display simple blogposts and a couple of images, but pull in literally megabytes of JavaScript and other bloat.

People, learn from this. Seriously. The web doesn't have to be slow if you put effort into it.

15
metmac 20 hours ago 0 replies      
So cool to see this revived. I remember stumbling upon it awhile back.
16
cjsuk 19 hours ago 0 replies      
You got in :)
17
mattnewton 23 hours ago 0 replies      
This is super cool, I love the from aesthetics (if not the movie).

How do you make you or tapping not zoom again? Is there a HTML meta tag or something? It would improve the usability of the keyboard on mobile.

18
baalimago 16 hours ago 1 reply      
I've not even seen tron since im too young... but all i can say is that i'm mighty impressed
19
jarym 23 hours ago 0 replies      
Really damn impressive!
20
fizixer 22 hours ago 1 reply      
You could add a video stream from a live online news channel on the top right? (on my side the top right was pretty much empty)
21
th0ma5 23 hours ago 0 replies      
They used Processing some I think in the movie which now has a WebGL version.
22
samgranieri 22 hours ago 0 replies      
Holy shit! This is amazing. Great job
23
cdevs 12 hours ago 0 replies      
I love this.
24
edpichler 23 hours ago 0 replies      
Wow, beautiful!
6
Operation Luigi: How I hacked my friend without her noticing defaultnamehere.tumblr.com
710 points by adamch  3 days ago   161 comments top 35
1
devwastaken 3 days ago 3 replies      
This is the best commentary on a real-life social engineering hack I've seen. Whats really interesting is how he was able to be undetected mostly, because services like linkedin only had an optional requirement for forcing all devices to re-login when a password was changed, and that the hacked individual wasn't using 2FA on her email.
2
shalmanese 3 days ago 13 replies      
One of my favorite low key social engineering hacks is that I used to have a keylogger installed on every machine I own. Whenever a friend needs to hop on my machine to show me something, they'd log into an account they own and I would have their password.

Then I'd do the same Luigi-like low key messing with them for a while. My favorite was when a friend had a VNC server running on their machine with control capabilities. I would sit next to them and subtly jerk the mouse pointer right before they were about to click on something and it drove them mad for a good 20 minutes before I couldn't hold onto the giggles anymore.

edit: To add a bit of context, this was in the Windows 98 era, before the age of social media where we started putting all of our secrets onto our machines. And it was among a group of friends where everyone was trying to hack everyone else and pretty much anything was considered fair game. All of us were high school kids so there wasn't some super serious reputation we had to protect.

3
raybb 3 days ago 3 replies      
This post was at bit hard to read with the buzzfeed-esque jokes and writing style.

Here's my summary:

 1. Someone gets permission to hack their friend 2. They find their email / phone number online 3. They lookup old password leaks for the email (passwords don't work) 4. They end up setting up a fake page to phish their friend (it works) 5. They wait until their friend falls asleep to reset the twitter password 6. They make their friend follow a bunch of fake Mario accounts on Twitter 7. Friend notices, they meetup to swap stories (the friend doesn't follow the fake Mario accounts)

4
iiv 3 days ago 10 replies      
While slightly enjoyable (for the first few paragraphs) I couldn't finish reading it. The author is trying _way_ too hard to be funny.

I suppose it is written to another audience, perhaps the people that use tumblr find this funnier.

5
adtac 3 days ago 1 reply      
Quite long ago, I read a fairly similar article (without this ridiculous commentary, of course). It went something like this:

- a friend asks author to try and hack him

- author tries a bunch of things in vain, finally decides to use a rogue wireless AP and does a MITM

- identifies that notepad++ has automatic updates turned on and that it's over HTTP

- creates a custom executable and writes a script (or something) to serve this payload when notepad++ tries to download a EXE

- fakes an update (by returning true when notepad++ queries an HTTP endpoint for the latest version on startup)

I'd be really thankful if someone could link me to this post. My usually powerful google-fu has let me down this time (I tried all _sorts_ of things). Notepad++ and MITM are the only things I strongly remember.

6
darth_mastah 3 days ago 0 replies      
I found it really enjoyable and rather funny. I really liked the attention to detail as well, e.g. replicating last 5 searches in order to stay stealthy. I imagine that lots of effort went into the hacking exercise and the write-up. Nicely done.
7
apathetic 3 days ago 0 replies      
> I use the incredibly cutting edge Inspect Element feature of the popular hacking software, Google Chrome, to edit the text of the email but keep the look.

I used do this to fake screenshots as well. People assumed I edited them with Photoshop!

8
pepelondono 3 days ago 0 replies      
I actually found this post really good. The buzzfeed-esque jokes are made this way with the only purpose of helping raise awareness about online security and how anyone with a minimum knowledge of the Internet can easily breach into your accs.
9
Jonnax 3 days ago 4 replies      
Social Engineering is a thing to watch out for.I've learnt to never answer honestly when they're asking stuff like "Where were you born?" "What's your first pet" etc.

Instead I've made up some answers that I'll never tell anyone else.

However that doesn't really make those details secure.2FA is where it's at.

10
misingnoglic 3 days ago 1 reply      
This is the same guy who did a great blog post about finding his friends tinder accounts by spoofing a new tinder service. They're absolutely hysterical, and I hope he keeps doing more.
11
sleazybae 3 days ago 6 replies      
my notes from this article:

 * don't use linkedin * don't use hotmail * always use 2FA * use complicated and different passwords * security questions matter * avocado toast? * change passwords periodically

12
chefandy 3 days ago 2 replies      
"Hello and welcome to a blog post. I am writing it and you are reading it. Its amazing what we can do with computers these days."

Ugh. And I'm closing the tab. Appreciate the effort with humor, but you really should concentrate on being able to write something that's informative and enjoyable to read, and THEN try your hand at making your writing funny. The first sentence/paragraph needs to be a hook to get people interested, not some meta jokey blurb that doesn't have anything to do with anything.

13
taiar 3 days ago 0 replies      
I had no problems with the humor parts. Good article.
14
fiatpandas 3 days ago 2 replies      
It's possible to discover this girls full name, twitter, Instagram, Linkedin, etc (full identity) based on a few careless clues left by the author. Very irresponsible considering he has revealed her password habits and other personal vulnerabilities.

Loved the write up though.

15
nobleach 3 days ago 0 replies      
>There are entire criminal industries built on the idea that people use the same password all over the place because nobody cares enough to remember more than a few passwords because theyve got things to scroll on their phone okay.

Or... because having to remember more than 3 random combinations of arbitrary letters, numbers, and a subset of extended ASCII, is not a tenable solution. Of course people use things like l33tspeak. We can remember words. I wouldn't say laziness has anything to do with it.

16
refrigerator 3 days ago 0 replies      
If you liked this, the same guy has also written other stuff in the past - https://defaultnamehere.tumblr.com/post/139351766005/graphin...
17
TazeTSchnitzel 3 days ago 1 reply      
An opsec screwup in that post has told me what's possibly the real first name of Diana.

Opsec is hard.

18
peterwwillis 3 days ago 1 reply      
So basically we've learned that the best defense to getting hacked is to not become a target of bored script kiddies, because those bastards are as ingenious as they are terrible writers.
19
20
modalduality 3 days ago 1 reply      
If there was no salt in the database, it looks Tumblr used a secret "pepper" (https://en.wikipedia.org/wiki/Pepper_(cryptography))? Why wouldn't they include a salt as well? Or did the database dump just not have the salt column?
21
djvdorp 3 days ago 0 replies      
This has gotta be the funniest blogpost in years, yet so legit that it makes one sad how easy it is to pull this off.
22
cypher303 2 days ago 0 replies      
Hey, I use inspect! I've run untrusted code every computing day of my life, so I guess that makes me a script kiddie. My advice, keep on script kiddie'ing, because it will definitely pay off.
23
kutkloon7 3 days ago 0 replies      
I don't know if I'm in an especially good mood today, but it's quite a while ago I read something that I found as amusing as this.

I'm actually really impressed by the phishing approach.

24
trustworthy 2 days ago 0 replies      
Well I enjoyed reading it, a little bit too much cringe, but still interesting articel!
25
h2onock 3 days ago 0 replies      
I really enjoyed this despite it being veeeeeeerry long, nice work!
26
cwkoss 3 days ago 0 replies      
I hope they tried '3ertyui'.
27
rlglwx 3 days ago 0 replies      
Even with her permission he is still breaking the law. Unlawful access to a system is not the user's prerogative but the system operator's.
28
nsnick 3 days ago 0 replies      
So phishing?. He did it with phishing.
29
megamindbrian 3 days ago 0 replies      
I like the personality here.
30
AJRF 2 days ago 0 replies      
VZerbst
31
saae 3 days ago 0 replies      
It is just great. Did you write that as it happened? It really unfolds like a novel.
32
jchw 3 days ago 0 replies      
This has been posted 3 times in the past 24 hours. And so has the last thing this person has posted.
33
callesgg 3 days ago 2 replies      
Can help it but i find the article kind of creepy.

Is he hacking her cause of romantic interests?

Is he hacking her for the thrill?

Is he hacking her to be able to write the article?

Is he hacking her to show her that he can?, or to show her that it is possible, or to show her the world she is living in?

34
tomxor 3 days ago 0 replies      
Hacked? cool, so what new unintended abilities has you friend gained?... yes i'm futilely rejecting the twisted definition perpetuated by the media and co.
35
westmeal 3 days ago 0 replies      
The part that perturbed me the most about his account is he didn't even backtrace the IP floppy disk log via the DHCP authenication backtrace. It's a rookie mistake, but so is misspelling 'nothin personnel kid'.
7
Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con vice.com
566 points by Shinkirou  3 days ago   254 comments top 27
1
dang 3 days ago 1 reply      
Since https://news.ycombinator.com/item?id=14922563 adds significant new information (or at least I assume it does), the discussion can shift there now.
2
maxerickson 3 days ago 0 replies      
CNN got the indictment:

On Wednesday, 22-year-old Marcus Hutchins -- also known as MalwareTech -- was arrested in Las Vegas for "his role in creating and distributing the Kronos banking Trojan," according to a spokesperson from the U.S. Department of Justice.

The charges relate to alleged conduct occurring between July 2014 and July 2015.

According to an indictment provided to CNN Tech, Hutchins created the malware and shared it online.

http://money.cnn.com/2017/08/03/technology/culture/malwarete...

3
jstanley 3 days ago 6 replies      
> "I've spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we've been trying to get in contact with Marcus for 18 hours and nobody knows where he's been taken," the person added. "We still don't know why Marcus has been arrested and now we have no idea where in the US he's been taken to and we're extremely concerned for his welfare."

What the hell? How does something like this even happen? Surely they can't just take somebody away and keep it a secret?

4
downandout 3 days ago 5 replies      
FYI, if you've committed any form of cybercrime in the previous 3 years (edit: the statute of limitations is 5 years for most federal computer crimes, as pointed out below), you should avoid such conferences in the US for exactly this reason. You probably aren't as smart as you think, and there may be a sealed arrest warrant for you.

The FBI waits for these kinds of conferences to do exactly what they did here. Another Las Vegas DEF CON victim was Dmitry Sklyarov [1]. They won't bother with all of the problems associated with international arrest warrants and extradition if they know you're coming to them.

[1] https://en.wikipedia.org/wiki/United_States_v._Elcom_Ltd.

5
mnm1 3 days ago 4 replies      
No good deed goes unpunished. But why is DefCon still in the US? I think the creators of the conference might want to seriously think about holding it somewhere that isn't so hostile to pretty much everyone who attends.
6
samwillis 3 days ago 2 replies      
The Guardian has more:

https://www.theguardian.com/technology/2017/aug/03/researche...

He may have a shady past:

 According to an indictment released by the US Department of Justice, Hutchins is accused of having helped to spread and maintain the banking trojan Kronos between 2014 and 2015"

7
QUFB 3 days ago 3 replies      
This sends a clear message to the global whitehat security community: travel to the US at your own peril.
8
mholt 3 days ago 1 reply      
Bitcoin wallets associated with WannaCry have been emptied: https://arstechnica.com/gadgets/2017/08/wannacry-operator-em...
9
holtalanm 3 days ago 3 replies      
I'm curious what charges are being brought against him. For all we know, this detention is completely unrelated to WannaCry. We shall see.
10
sajal83 3 days ago 2 replies      
UK's National Cyber Security Centre on MalwareTech's arrest: "We are aware of the situation. This is a law enforcement matter and it would be inappropriate to comment further."

https://twitter.com/josephfcox/status/893160214664445952

11
cromwellian 3 days ago 3 replies      
Reading the indictment, it seems like his partner ratted him out. Curious though, the indictment seems to list the redacted partner as doing most of the incriminating things (posting a video demonstration, advertising the sale on AlphaBay, etc), it merely accused Marcus as being the author and co-conspirator.

I wonder if his partner/friend got caught, and plea bargained to turn state's evidence against Marcus.

13
djvdorp 3 days ago 0 replies      
Maybe this is the reason he did not appreciate people revealing his identity online (basically DOXing him for fun, some journalist did it if I recall correctly). It really sucks when somebody that is trying to do well (stopping the WannaCry Ransomware as he did) is detained, even though we don't know more details at this points, this hits him rather personally and probably not for the good, I am very sorry for him and I hope he gets out soon and that all is well.
14
jessaustin 3 days ago 3 replies      
They're surprisingly clever, to arrest after DefCon. Typical stupid USA LEOs would arrest ASAP, so the unjust detention could be a cause clbre hyped up by half the talks.
15
danesparza 3 days ago 2 replies      
This reminds me of Kevin Mitnick: https://en.wikipedia.org/wiki/Kevin_Mitnick#Arrest.2C_convic...

Do we need to create some "Free Marcus" bumper stickers?

16
rocky1138 3 days ago 7 replies      
Why in heaven's name did he travel to the US?
17
c-slice 3 days ago 0 replies      
The bitcoin ransom wallets for WannaCry were just emptied today as well. What was the time difference between these two events? It seems possible that Hutchins could have had control of the wallets and fed seized the coins.
18
cjsuk 3 days ago 3 replies      
I'd like to know on what grounds?
19
abhi3 3 days ago 5 replies      
Why are people in this thread so outraged without knowing any of the facts? For all we know there might be a legitimate charge on which he was arrested.

As per him being untraceable, if he was not read his rights then the FBI just jeopardized their own case. If no one knows where he is, it's more likely that it's what Marcus wants at the moment rather than what the FBI wants.

20
mzs 3 days ago 0 replies      
better summary: http://www.reuters.com/article/us-usa-cyber-arrest-idUSKBN1A...

insightful thread also delving into wannacry: https://twitter.com/3L3V3NTH/status/893181445824446464

edit: there is a nice HN discussion already about the bitcoin: https://news.ycombinator.com/item?id=14918545

21
moomin 3 days ago 1 reply      
Maybe he violated WannaCry's terms of service. The DoJ are pretty down on that kind of thing.
22
cnkk 3 days ago 2 replies      
yeaaah let us arrest the good guys...
23
elorm 3 days ago 5 replies      
As much as this article contains very little information,this sounds very much like something the US will do.

Whenever someone has to be the butt of some global joke .....somehow the US has to be the one to step up. Taking someone into custody for 18 hours without giving the family or press any information. How different is this from Iran or North Korea?

Two things could've happened here IMO. They asked for the domain to turned over to them and were politely refused, or they're about to punish an accidental hero for white hat work/previous black hat work not related to WannaCry

24
featherverse 3 days ago 0 replies      
This is some seriously shady shit. The smart bet is we're not getting the whole story.

"Buy guns, lock your doors." - Bill Hicks

25
BigChiefSmokem 3 days ago 0 replies      
Trump's Dept of Justice is out of control.
26
AndrewKemendo 3 days ago 4 replies      
--
27
Traytorz 3 days ago 3 replies      
I like how this malware writer/researcher claims he "found" the address and "miraculously saved" everyone by grabbing the domain.

Not sure why everyone says he isn't the malware writer. What proof do you have that he didn't write it? Maybe he left a trail that you missed.

8
Cheap Beijing Flights With a Dangerous Catch seat31b.com
565 points by msh  20 hours ago   235 comments top 45
1
greenyoda 19 hours ago 14 replies      
Companies like this have been around for years, and whenever I read about them I'm surprised that people would risk going to prison (or worse) just to get a discounted air fare. I wouldn't even carry a package for a friend unless I could see exactly what was inside, let alone carry a suitcase full of unknown stuff for a total stranger.

Also, an inevitable question when going through security checkpoints in some countries is "did you pack your own luggage". I assume that if you answer "no", you'd be subjected to a very thorough search for bombs or contraband.

Calling a company "Airmule" seems to be a particularly bad choice, since the term "mule" is commonly used to denote a person who carries smuggled drugs (sometimes concealed inside their body).

2
Someone 15 hours ago 2 replies      
https://www.airmule.com/terms-of-service/:

"Please note that, as stated above, the site, application and services are intended to be used to facilitate travelers and senders connecting and arranging item transportation directly with each other. Airmule cannot and does not control the content contained in any package and the condition, legality or suitability of any items and luggage. Airmule strongly advises each traveler to inspect each item carefully. If a traveler does suspects an item is illicit, do not transport and contact airmule. Airmule is not responsible for and disclaims any and all liability related to any and all available transportation. Accordingly, any inquiries will be made or accepted at the members own risk."

I don't know how long that has been there, but it is clear. They are brokers, but don't accept any liability.

3
wjnc 18 hours ago 2 replies      
I cringe when I read such Trumpian tweets from a founder. The journalist reached out a few times and the response was unclear. So he writes his piece with a pretty clear warning to future customers. Get your PR and compliance straight if you want to avoid such pieces, don't complain afterwards while calling names.

Caveat emptor. Just those responses are a red flag, if the subject is legal risk surrounding smuggling to PRC. They don't want you to know.

4
jimjimjim 18 hours ago 4 replies      
If you can't answer a yes no question without wishy-washy flim-flam pr doublespeak then you don't get to complain that an article doesn't have facts.

and while i'm ranting. what is with founders presenting them selves as "bro's at the bar"?If the founders had bios that looked like they were from upper management at ibm i might be more likely to use their service.

5
kaishiro 18 hours ago 2 replies      
I find responses like those given from the co-founder here infuriating for some reason - far more so than I realistically should. I've always valued transparency when it comes to business, so when I see people dancing around straight answers and then lashing out when people take issue with said responses it just seems so remarkably childish.
6
zbjornson 17 hours ago 2 replies      
I don't know anything about airmule's operation or China's customs/security, but the on-board courier industry is a legitimate one that has regulations and procedures that it's not clear the author of this article is aware of.

> "We have found contraband in [courier] shipments," says U.S. Customs official Bob Fischler, "but percentage-wise it is infinitisemal. And in any seizure we made, it was obvious that the on-board courier had nothing to do with it." In fact, at New York' JFK and at London's Heathrow airport, because of the sheer volume of courier shipments, all courier pouches go to a central location for clearance. The courier is typically dismissed before customs physically inspects the shipments.

- From Air Courier Bargains by Kelly Monaghan.

7
inertial 15 hours ago 1 reply      
Quite a few companies operate in this space. This business idea & its risks have been discussed on HN more than once. I'm surprised that some of these are still around. A likely pivot for these could be to carry specific goods where there are no "dangerous" side effects e.g. importing smartphones, laptops etc. Although they still are not exactly legal.

- https://grabr.io/en/

- http://www.entrusters.com/

- https://backpackbang.com/home

- https://www.piggybee.com/en/

- https://worldcraze.com/

- http://www.canubring.com/

- https://www.manyship.com/

8
Sapph 10 hours ago 2 replies      
There's another company that lets travelers subsidize their flight ticket / earn money for delivering US products to their destination:

https://grabr.io/travel

Key difference is:

You buy the products locals ordered (locals pay for item + delivery fee upfront into escrow) so there's no risk of a third party hiding drugs or illegal materials.

9
jstoja 16 hours ago 1 reply      
Founder of a startup, having a major article killing your company and "don't have time on a Saturday with my family to engage".

I understand that family is important, but isn't a situation like this so important that you - at least - replace some time next week by 2hours now to answer to this article?!

Edit: made me think about this xkcd https://xkcd.com/386/

10
marcosscriven 18 hours ago 0 replies      
I can just see it at the airport. "Did you pack your bags yourself?". I guess at 40 I'm not the target audience for this, but I'd be worried a younger person trying to save money might end up paying a high price.The name 'airmule' doesn't do it any favours either.
11
Animats 18 hours ago 3 replies      
It's significant that the business is about shipments from the US to China. That seems to be hard. Getting stuff shipped from China to the US seems to be ridiculously easy and fast. You can order stuff off Alibaba and get fast delivery via China Packet, which is a postal service with really good rates for China to the US. Delivery in the US is via the USPS.The other direction is much more expensive and slower.

The US needs to renegotiate postal rates with China. China is still getting the "developing country" discount from the USPS.

12
reuven 7 hours ago 0 replies      
I'm glad that the author of this travel blog is warning people against using Airmule. Someone is going to get in a heckuva lot of trouble.

First: I can only imagine, when checking my bags, getting the question, "Did anyone give you anything to bring on the flight?" and answering, "Yes, my entire 2nd bag belongs to someone else who is paying for half of my ticket."

That alone would be enough to give you extra-special scrutiny when checking in.

But let's assume that you get through security, go on your flight, and arrive. I've traveled to China many times, and have thus put my bag through the customs/airport scanner many times. If they find anything illegal -- and in China, that can mean all sorts of stuff -- you are in Big Trouble. I haven't ever seen anyone pulled aside when going through customs in China, but I don't envy them.

And sure, Airmule can say that they've inspected things, and that this is safe and fun, etc. Just try telling the Chinese customs officials that the drugs don't belong to you, but rather to a startup in Silicon Valley. I'm sure they'll be very attentive.

Airmule's site attempts to calm potential couriers' nerves by saying, "Read this Wikitravel article." (Reference: http://wikitravel.org/en/Air_courier) However, the article says, very clearly:

> You need to be very careful about the legitimacy of the jobs you take. The last thing you want is to be caught > transporting contraband (or worse) on a plane. A good way to avoid this is to use an agent (usually a > representative of the service you are working for), who will take you through customs and clear the contents.> Always check the reputation of the courier company before booking. None which are reliable and legitimate > would ever try to ship anything illegal.

Airmule doesn't promise to have an agent on the arrival side. They do promise that they'll "walk you through" things, but that's very different from physically being there in China and claiming the luggage and any responsibility for it.

The idea is a good one in theory, but as executed, it's half baked -- and might lead to executions of a more literal sort, if people aren't careful.

13
chx 15 hours ago 0 replies      
It was not so long ago that the CBP stopped a business courier off a flight from Guatemala who happened to carry nine pounds of heroin. Because he was a courier, he was not criminally charged, nonetheless he was barred from entry and banned for at least five years. And that's the USA, not China.

http://www.loudountimes.com/news/article/cbp_officers_seize_...

14
nebabyte 17 hours ago 0 replies      
> Plus, you really have to love the founders of this company. I mean, as a startup founder myself, Im rooting for them. One is a hardcore gamer, the other is a former backup dancer for Gucci Mane, and the third loves beer more than you do. Im not making this upthis is what they say about themselves on their Web page

This guy clearly doesn't get it. Your startup page is where you post a phip relatable quirky attribute, whereas your actual qualifications go in single-phrase sentences on your twitter bio and after your name on quora answers

/s, hopefully obviously

15
skrause 16 hours ago 0 replies      
Before clicking on the article I thought that the dangerous catch was that you have to sit in seat 31B and wondered why. The article's title and site name should really be differentiated better in HN's title.
16
bogomipz 8 hours ago 0 replies      
From their FAQ:

"We don't just ship any item that comes through our front door. Airmule only partners with TSA certified shipping companies.

"Under their Certified Cargo Screening Program, the TSA certifies cargo screening facilities throughout the United States to screen cargo prior to providing it to airlines for shipment on passenger flights." [1]

The TSA however does not search for drugs however from the TSA's site:

"TSA security officers do not search for marijuana or other drugs."[2]

[1] https://airmule.zendesk.com/hc/en-us/articles/115005116068--...

[2] https://apps.tsa.dhs.gov/mytsa/cib_results.aspx?search=marij...

17
BayesStreet 17 hours ago 1 reply      
On their website they state "Airmule then manually inspects and verifies each item prior to packaging for a traveler."but I doubt this company that started last year has more experience finding contraband than law enforcement doing it their whole lives who have seen everything. Pretty asymmetric risk profile, save a couple hundred bucks for potentially your life.
18
csomar 16 hours ago 0 replies      
The founder is lame and as /u/wjnc mentioned he has a trump-like behavior. The question is very simple: If there is drugs in the shipment, does the traveller get a FREE pass?

The article is lengthy and kind of make this question vague. In my understanding it is a single question: Who bares the responsibility?

Well, it is you the poor traveller. There is no way in hell you can accept such a deal even if you are flying for Free. In fact, if you are, ask yourself the question: Do free meals really exist?

19
smsm42 17 hours ago 1 reply      
Looks quite shady, especially given we're talking about China. Anything being wrong with the package - not even drugs - that'd be insanely bad - but I'm sure there are many other things which require special papers to get into China, or are prohibited, and if something is wrong, it's the courier's ass on the line. I don't see how it could be worth the risk of being imprisoned in China. I mean it's one thing to be in a "gray area" as an American in the US, with all legal protections and ACLU and so on, and another thing doing the same in China...

And I wonder what TSA thinks about people transporting things that they have little idea about in their luggage?

20
jfoutz 17 hours ago 2 replies      
This makes me super curious about the pre flight baggage controls. How do they handle someone who picks up the extra bag, but winds up not taking the flight?

With baby formula, i'd just return the bag and apologize, eating the $99. Heroin on the other hand, i could probably move at a steep discount. $1k or so, not worth the risk. $10 or $20k? hmm. The bag needs to be worth at least $1000 in the target country, just to break even.

it seems like pretending to be a stoner, and setting up enough to buy a plane ticket could get you a lot of money for $99. Fake id and a prepaid credit card aren't that hard to come by. It's not like the ID needs to pass TSA inspection, as you're not taking the flight.

Seems like a very risky business. If your customers are willing to be pasties, it'll be ok. but just a couple of sharks completely change the risk profile. Doing stuff that precludes government enforcement of contracts is just crazy crazy risky.

21
zupa-hu 17 hours ago 0 replies      
So, they claim they can have the cake and eat it too - as in, ship the bag as non-personal carrier stuff to avoid prison, and ship it as personal non-carrier stuff to pass customs. Bold.
22
micah94 12 hours ago 0 replies      
Wait...let me get this straight: You carry a package on a plane to China given to you by someone you don't even know? This is a joke, right?
23
grecy 17 hours ago 0 replies      
I frequently fly international with zero checked bags and about 5lbs of carry on.

I would love to be able to do so for $99 if someone wants to on-sell my checked allowance.

After reading the article I see the pitfalls I had never thought of, and would obviously want some extremely, extremely clear legalities to make it very clear the bags are not mine, and I'm not bringing them into any country.

No, I did not pack them and, no, I am not bringing them into your country.

24
fencepost 10 hours ago 0 replies      
I haven't heard about air couriers for years, but I don't travel much. That said, I was under the impression that for basically all of them the package being couriered was never in the possession of the traveler but was instead packaged as freight and was delivered to the airline as such and handled as such at the receiving end. If the "courier" in question wanted to drop it off or pick it up themselves they'd still have to go to the appropriate air freight terminal.

If these folks are providing packages to travelers to be checked directly by the traveler then they're idiots and so is anyone who takes them up on the offer. If not for the defensive tweets, etc. I'd feel that (as someone else noted) this must be a satire of the 'gig' economy.

25
skinnymuch 9 hours ago 0 replies      
Soylent being tongue in cheek with their name is one thing. But Airmule? Why would they want to associate themselves with the most common border crossing association with mules - drug mules? Besides the whole arrangement seeming bad, the name choice is horrible.
26
bisRepetita 14 hours ago 0 replies      
Real life example of a Guatemalan OBC unknowingly bringing heroin into the US: he was deemed not responsible quickly, and got expelled right away with no right to come back for 5 years.

http://www.loudountimes.com/news/article/cbp_officers_seize_...

27
srathi 3 hours ago 0 replies      
From their FAQ

Airmule then manually inspects and verifies each item prior to packaging for a traveler. We also guarantee that 100% of the items shipped through our service are safe for travel on commercial aviation.

This is classic lawyer speech (notice the words "safe for travel on commercial aviation"). This just means that there are no harmful things to a plane, but they don't say anything about 'safe for customs'.

28
asdfologist 18 hours ago 0 replies      
Risk of a death penalty for accidentally smuggling heroin? They couldn't pay me to take this flight.
29
overcast 10 hours ago 0 replies      
I don't carry checked bags for the specific reason that I don't want to deal with checked bags. I guess this is for people who want to be as cheap as possible, while simultaneously being as inconvenienced as possible.
30
thedogeye 6 hours ago 0 replies      
31
chrischen 11 hours ago 0 replies      
Why not just specifically operate in the market of importing baby formula in China.

You can easily subsidize a flight ticket with a checked luggage full of baby formula and for extra security the mule can go buy the formula him or herself.

32
Karliss 15 hours ago 0 replies      
If airplane companies take into account that certain percentage of passengers will not arrive and overbook flights wouldn't they also take into account that most passengers will have less than maximum allowed baggage?
33
icbm504 18 hours ago 0 replies      
I like the idea but in the world we live in (post 9/11), it is a major security violation.
34
jliptzin 12 hours ago 1 reply      
If someone came to me with this business idea I'd chuckle and say haha, good one. Of course assuming that it is some joke. It boggles my mind that apparently 3 (presumably reasonable?) people have decided to seriously pursue this idea. It's so bad on so many different levels it may actually be the worst business idea I have ever heard.
35
blisterpeanuts 18 hours ago 1 reply      
When I was studying in Taiwan in the early 80s, the island's high tariffs motivated travelers to carry suitcases full of stuff--Walkmans, cameras, Italian shoes, etc. Contact a guy in Hong Kong, he gives you a bag, a guy in Taipei picks it up and gives you NT5000, enough to pay for your ticket.

I never got up the courage to try it myself, but friends did. My girlfriend did it once.

Looking back, I realize how exceedingly stupid this was. Had there been heroin inside that camera, you were going to prison for the rest of your life. They didn't (and still don't) screw around.

I heard all sorts of stories. An Australian backpacker was caught at Korean customs with 50 Rolex watches stuffed in his shirt. He was sent up for ten years. Numerous young Americans and Europeans busted for drug smuggling were rotting in prison in Taiwan, Korea, and Japan. At the time, with these countries technically allied with us against Red China, execution was not a politically feasible alternative.

This Mule thing is just another respin of an old practice. Best to avoid.

36
rpmcmurphy 11 hours ago 0 replies      
Some startups just need to die in a fire. This is one of them. (Theranos is another one).
37
smegel 17 hours ago 0 replies      
"We'll pay you to take this bag on the airplane for us.".

Yeah...nah.

38
gweinberg 5 hours ago 0 replies      
What are the odds the whole thing is an elaborate joke?
39
bberrry 17 hours ago 5 replies      
Is 31B a reference I'm missing? It didn't come up in the article body.
40
illuminati1911 18 hours ago 2 replies      
While I agree with most of the article, I don't understand the part where the author is complaining about the bios of the founders/managers.

It's a startup, not old slow mega-corporation where making a joke will get you fired.

41
m3kw9 10 hours ago 0 replies      
So if they missed a small pack of drugs that some slipped in there, some ones life is ruined
42
skrebbel 7 hours ago 0 replies      
Could this be performance art?
43
baybal2 12 hours ago 0 replies      
China United Airlines once did the route for CNY488 with carry on only
44
exabrial 12 hours ago 0 replies      
This is 100% illegal no doubt
45
erikrothoff 18 hours ago 4 replies      
Besides the quite unnecessary personal attack on the founders ("One is a hardcore gamer, the other is a former backup dancer for Gucci Mane, and the third loves beer more than you do. Im not making this upthis is what they say about themselves on their Web page") I feel the writer did nothing to back up his claim. The "clear as mud" answer from the founder "same as all OBCs" was a really weird thing to leave up to interpretation of the reader. Nowhere did the writer enlighten me about the actual rights of an On Board Courier. I found this article really lacking in substance, sorry.
9
Summer Reading List ycombinator.com
462 points by craigcannon  3 days ago   271 comments top 38
1
jackschultz 3 days ago 13 replies      
I know this is a technical site, but for all of these I always get a little sad with how few fictional books are listed on these types of posts. Going over it, seems like there's just one, "The Nix" (may be more where I just missed them).

I like seeing fictional books since I can relate to the people writing them. If I enjoyed some of the fictional books that people talk about, then I'll go along with their non-fiction recommendations. Also, reading fiction shouldn't be treated like time wasted! I see that comment a lot by people who only read the non-fiction books, but I highly disagree with that thought. For another comment I guess.

One way to do that is to have different sections, one for fiction and one non-fiction. I'd love to see that here.

On that note, I've actually experienced that here, with some of the book recommendation threads, finding comments with books I also like and then reading the others. Always fun to talk to people who read the same as you.

2
ThomPete 3 days ago 1 reply      
If I may recommend a book that really will make most people change their perspectives it's "The End of Alchemy: Money, Banking, and the Future of the Global Economy"

Rarely have I read a book which made me think about a subject I thought I had a pretty good understanding of completely different. And if that is not enough it's probably one of the few books which doesn't have a moral/ethical agenda but merely seeks to inform about how the crisis happened (and what money really is)

For me it's one now on my list of books about important fundamentals in this world.

https://www.amazon.com/End-Alchemy-Banking-Future-Economy/dp...

3
orthoganol 3 days ago 3 replies      
Sapiens is a very preachy, low-on-citations work... the Goodreads reviews are interestingly divided ("Dude it changed my whole world!" to "This is not a serious work."), but the early sections on pre historical humans are still interesting to read, and seemed mostly correct from what I remember from my college anthropology class.
4
baldfat 3 days ago 5 replies      
So I really like the description of "The Righteous Mind" WHY is it $2.50 more to get the Kindle version then to have a paperback book shipped to my home!

Kindle Version - $11.99

Paperback (Prime) - $9.32

https://www.amazon.com/Righteous-Mind-Divided-Politics-Relig...

5
capocannoniere 3 days ago 6 replies      
Am I the only one who would actually prefer these Amazon links to be affiliate links?

Affiliate links make me feel like I'm paying back the curator(s) for the awesome recommendations I'm thankful for. However minor that might be.

Do people feel like recommendations would be biased if the links were affiliate links?

6
makmanalp 3 days ago 3 replies      
Every time I see Sarno's book recommended, it's always controversial, with the "woo-woo" camp and the "it worked for me so I don't care" camp, though I think the people-who-I-respect-who-recommend-this ratio is way higher than most crank books, so it's interesting in that regard. Thoughts? (I haven't read it)
7
kilroy123 3 days ago 22 replies      
Slightly off topic, but how many books do you all read a month? I have a hard time getting past 1 a month.
8
DanielleMolloy 3 days ago 0 replies      
I'd like to recommend these lists of short reviews of books neuroscientist Christof Koch has (recently) read: http://www.klab.caltech.edu/koch/books-i-read.htmlhttps://alleninstitute.org/what-we-do/brain-science/about/te...

They are a captivating mixture of science, scientific theory, cognitive science, AI, science fiction and the like and quite an interesting inspiration for future books to read.

9
mehrzad 3 days ago 1 reply      
Do they ever choose any radical literature to test their beliefs? Kropotkin's The Conquest of Bread would be a good choice.
10
The_Hoff 3 days ago 0 replies      
https://blog.ycombinator.com/yc-summer-reading/ is the link to last year's. Anyone else sites would make their URLs consistent? It's always pleasant when you can go to the URL and change the 2017->2016 and it takes you where you want to go.
11
icco 3 days ago 1 reply      
For a far better reading list, longform.org + mailchimp put out a great one this year: http://readthissummer.com/
12
filiwickers 3 days ago 8 replies      
If you struggle to get diverse voices inside your field, maybe you should read from diverse voices outside your field. I understand it is hard and I also gravitate towards comfortable reading, usually meaning from people that look like me. This is the problem. Start being accountable to yourself about it.

2 of 19 the books in the list are by female authors (both recommended by women). Looking for some good books from women? Check out these:

Nonfiction:

* Radical Acceptance, Tara Brach

* The Death and Life of Great American Cities, Jane Jacobs

* Freedom Is a Constant Struggle, Angela Davis

* Rising Strong, Bren Brown

* Cleopatra, Stacy Shiff

* The New Jim Crow, Michelle Alexander

Fiction:

* Anything by Ursula Le Guin

* Ancillary Justice, Ann Leckie

* Too Like the Lightning, Ada Palmer

* Citizen: An American Lyric, Claudia Rankine

... so many more

13
idlewords 3 days ago 2 replies      
Pretty cool to see Sheck Exley on this list. He's a pioneer of cave diving, which has a lot of great (and terrifying) lessons about safety, risk, and human factors for programmers to steal.
14
arnioxux 3 days ago 3 replies      
No opinion on "The Man Who Knew" but kind of bummed that it will now beat "The Man Who Knew Infinity: A Life of the Genius Ramanujan" in autocompletion.
15
Dowwie 3 days ago 1 reply      
These are safe books. Where's Marx's "A Critique of Political Economy"?
16
thisrod 2 days ago 0 replies      
I'm currently reading Southeast Asia in the Age of Commerce by Anthony Reid. It's well written history, and the topic has some interesting aspects.

The view of Europe from 20 thousand kilometres is quite insightful. The big patterns stand out, as power shifts from the Spanish to the Dutch and then to the British. The different things that those people are trying to achieve in Asia neatly summarise the different things that they might have valued at home.

It's also interesting to see a long term situation where land is abundant, and labor is the scarce resource. Women get liberated (or so Reid claims). Battles are fought in order to take the other army from its land, not the land from the army. Labour productivity is so high, and construction materials so easily available; 3 days after an event like Hurricane Katrina, the city has been rebuilt and life is back to normal.

17
adamnemecek 3 days ago 0 replies      
I wish there were also a reading list for technical books/textbooks.
18
b_emery 3 days ago 1 reply      
I haven't read Behave by Robert Sapolsky, but I did read 'A Primate's Memoir' a while back and it was fantastic. A memoir of his time in Africa studying baboons, well written and entertaining. One of those books that I was sad to finish. You can learn a lot about human behavior and society by studying baboons.

Two books I've read this summer that would fit on this list are This will make you smarter from edge.org, and Waking Up by Sam Harris. The first is a collection of the essays from edge.org about what everyone should have in their cognitive toolkit [1]. Consider it a list of a) the many ways one can go wrong when trying to think scientifically, and b) some of the many concepts to consider when trying to solve a problem or understand something. Waking Up was good from the point of view of understanding the science behind 'the self' and meditation. I've started meditating because of this book, and it's a useful guide for avoiding the, shall I say, less rational aspects that are out there.

[1] https://www.edge.org/responses/what-scientific-concept-would...

19
ryanjodonnell 3 days ago 1 reply      
I would add "The Three Body Problem" and following two books in its trilogy to the list. Sci-fi series by Liu Cixin. Won the Hugo award and is recommended by Obama and Zuck. I felt so small after reading that one :)
20
gordon_freeman 3 days ago 3 replies      
'Healing back pain' is an interesting entry to the list. I just recalled my friend lent me this book and a reminder to now read it. Anyone who has read this book can share their thoughts?
21
rosstex 3 days ago 0 replies      
Does anyone have recommendations for summer reading for teaching assistants to undergraduates? I want to become more engaged with current pedagogy techniques.
22
desireco42 3 days ago 1 reply      
HomoDeus is really most excellent continuation of already epic Sapiens.

If you didn't read any of those, they are long but well worth the time.

23
ThomPete 3 days ago 0 replies      
One of the most intriguing lists I have ever read was this one:

http://spacecollective.org/wilfriedhoujebek/4076/Summery-Boo...

I still have a few books left to read but most of these are amazing books.

24
champagnepapi 3 days ago 0 replies      
Chaos Monkeys: Obscene Fortune and Random Failure in Silicon Valley by Antonio Garca Martnez

Read this recently. Thought it was pretty good.

25
moonka 3 days ago 0 replies      
Powerhouse is an incredible book. The author does a great job of weaving in interviews as well as narration to paint a good story of how CAA came to power. I highly recommend Powerhouse as well as his other books, Live From New York (about SNL) and These Guys Have All The Fun (about ESPN).
26
matahwoosh 3 days ago 0 replies      
compiled in a Goodreads list (https://www.goodreads.com/list/show/114264.YC_s_2017_Summer_...) like you were going to actually read those ;)
27
cschmidt 3 days ago 1 reply      
It looks like an interesting list. Anyone else remember the Global Business Network (GBN) book club, with Stewart Brand? It was a great resource for so many years. Sadly, it seems to have dropped off the internet with the demise of GBN.
28
jdp23 3 days ago 1 reply      
17 books by guys.2 books by women. Both recommended by women.
29
jonbarker 3 days ago 0 replies      
Summer is almost over. Just a nit-pick. I'd like to add to this list "The Master Algorithm" by Pedro Domingos
30
spicylad 3 days ago 0 replies      
If you haven't read Infinite Jest, you should. I admit it isn't for everyone, but it's definitely worth suffering for.
31
eizo 3 days ago 0 replies      
Recently read and highly recommended:- Platform Revolution- The Economic Singularity- Benjamin Franklin: An American Life
32
gonzofish 3 days ago 0 replies      
Nexus was an awesome read, haven't started book 2, but it's free for Kindle & Prime users
33
notadoc 3 days ago 1 reply      
I'd love a good HN summer fiction reading list, particularly with a sci-fi focus
34
romanovcode 3 days ago 1 reply      
Summer is nearly over BTW.
35
bbleciel 2 days ago 0 replies      
money and technology, self-help, and the arc of humanity. wish programmers would read things that challenge their views rather than just reaffirm _
36
esseti 2 days ago 0 replies      
it would be good to know why each book is worth reading.
37
kentt 3 days ago 9 replies      
I'd consider Healing Back Pain: The Mind-Body Connection to be fiction as well. Too long, shouldn't read: if you believe, your back pain will go away. I'm surprised to see the anti-scientific pseudoscience promoted.
38
soneca 3 days ago 2 replies      
Do americans only read books on summer?
10
Monsanto leaks suggest it tried to kill cancer research about weed killer baumhedlundlaw.com
352 points by givan  3 days ago   116 comments top 18
1
ourmandave 3 days ago 1 reply      
Isn't this right out of the Big Tobacco playbook when they "scientists" in lab coats producing studies that smoking was healthy?

The Tobacco Industry: The Pioneer of Fake News

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5402187/

2
eadz 3 days ago 5 replies      
It is a real shame not to be able to trust "science" anymore. We'll have to come up with a new word for what we used to call science because I don't think corporations and media set on manipulating public opinion and laws will give it back.
3
Zarath 2 days ago 1 reply      
It's weed killer. Literally poison. Can we just curb our faith in science just a little bit and use some common sense. It's incredibly likely that ingesting poison is bad for you. Let's leave open the possibility that it isn't, but I personally require that people prove it's safe rather than continuing to ingest it until proven otherwise.

It's honestly just baffling to me that people find it surprising that consistent, low doses of poison may cause cancer.

4
tptacek 3 days ago 7 replies      
I don't know what Monsanto did or didn't do and don't have any particular rooting interest for Monsanto, but I think it's worth noting that the published science for the carcinogenicity of glyphosate (the "weed killer" we're talking about here) is extremely flimsy.

Most publicity about "cancer" and "Monsanto" is traceable back to an IARC report that the World Health Organization (IARC's parent) essentially retracted. The report itself concerned dozens of different pesticides and herbicides and mentioned glyphosate only in passing. The studies it referred to equivocated about any link between glyphosate and human cancer.

(I'm going from memory here and someone will probably correct me on this, which will be great!)

It would be surprising if glyphosate turned out to be toxic, because it straightforwardly targets a metabolic pathway that plants have and the entire kingdom of Animalia lacks.

California recently added glyphosate to its list of chemicals that it's required to alert consumers about. But of course, that list is long and includes substances that virtually nobody controls their own exposure to, such as acrylamide --- a known human carcinogen --- which is universally present in cooked foods.

Finally, and this is obvious, but we're reading articles on a plaintiff lawyer's website. That's fine, but you're clearly not going to get the whole story from them. For instance, the lawyers are happy to leave you with a headline about Monsanto trying to "retract a cancer study". But they're of course going to leave out the fact that the study in question was the Sralini study, of "Sralini affair" fame; you can look this up in Wikipedia to see what I'm referring to.

5
akvadrako 2 days ago 0 replies      
Y'all should take this with a grain of salt. Monsanto is hated as a company; the media just loves to vilify them. I've been suspicious of any anti-Monsanto news since looking into their lawsuit[1] against a farmer who grew illegally obtained patented seeds. The media and commenters made a big deal about predatory behavior but they it was clearly the farmer being an asshole. Anti-science/GMO nuts just latch on to anything without a care where the evidence points.

[1] Monsanto Canada Inc v Schmeiser

6
olliej 3 days ago 0 replies      
Given the number of ghost written publications shouldn't there be a slew of retractions?

It's unethical, and generally a violation of journal rules to publish another's work listed with yourself as an author.

Then there's a journal editor that they pay, who they worked with to get a paper retracted, surely that should result in a re-review of everything involved there as well?

Has anyone done the work to determine which papers are involved and start the retraction notification process?

7
mgh2 2 days ago 0 replies      
Here is a study of 12 diseases correlated with glyphosate, it is not official as in a published journal, but given that even pubmed states there are not enough toxicity studies, that most safety papers are not independently funded, and scientists who dare to say the contrary are shut down, I rather be more cautious than sorry: https://people.csail.mit.edu/seneff/glyphosate/NancySwanson....
8
tnorgaard 2 days ago 0 replies      
I see there is a few posts repeating the common interpretation that glyphosate is not dangerous because it only targets metabolic pathway only animals has, so for the sake of discussion here is another viewpoint: https://www.youtube.com/watch?v=kVolljHmqEs (disregard the clickbait title), summary: Glyphosate is not bad for your body, but it does kill everything in your stomach, and that is not so awesome.
9
jonplackett 3 days ago 0 replies      
News-flash, company people have known was evil for ages, actually is still evil.
10
_Codemonkeyism 2 days ago 0 replies      
It's interesting how the discussion of Monsanto shifted. The discussion was about how Monsanto changed the seed/weed business from a buy model to a subscription/license model for farmers - which is a disruptive fundamental change.Now the discussion is mainly ab Glyphosate.
11
_Codemonkeyism 2 days ago 0 replies      
Walking by a Bayer - Monsanto owner pending regulatory approval - building every morning, with people streaming in and I'm reminded most people will work for anyone who pays them.
12
jgalvez 3 days ago 1 reply      
Michael Clayton anyone?
13
nerpderp83 3 days ago 0 replies      
Shouldn't this be illegal in some form? It is morally reprehensible to use "money as free speech" to suppress scientific truth.
14
brndnmg 3 days ago 0 replies      
yawn, oh no they wouldn't do that would they? sips coffee
15
ionised 2 days ago 0 replies      
Colour me surprised.
16
43224gg252 3 days ago 2 replies      
Of course they did. Anyone on the internet about a year - 2 years ago remembers every time you mentioned monsanto they would send shills in to defend them and call you a tin-foil hat conspiracy theorist.
17
ada1981 3 days ago 3 replies      
Who actually likes Monstanto? I imagine a vast majority of the American people would support an outright shutdown of their business.
18
znpy 3 days ago 2 replies      
Uh... My grandpa used to use Roundup in order to kill weeds in his cultivation land.
11
Inside Patreon, the economic engine of internet culture theverge.com
396 points by panic  3 days ago   401 comments top 23
1
pillowkusis 3 days ago 11 replies      
I have seen so many content creators go full time and create awesome work because Patreon gives them a format to incentivize their followers to pay them. The economics are beautiful turns out just 1,000 people (a pittance on internet mass media websites) donating $5 a month will totally change the way you run your life. And even better, these artists are independent in a way no artist has ever been before. Youre not beholden to advertizers. Youre not beholden to the whims of a few patrons (church or people). You only need the loyalty of people who value your work.

Before Patreon, internet content creators (from the BBC to a little indie band) were in a dangerous place. Paygates couldn't sustain growth but ad-supported free media couldn't sustain revenue (now more than ever with ad-blockers). Now there is an answer.

I am totally convinced Patreon (or the patreon model) is the future of content creation. Ethical, decentralized, economically viable flourishing of the arts.

If anyone at Patreon reads this, I would love to come work for you, please contact me sparrowmaxx at googles email service. :)

2
neaden 3 days ago 9 replies      
I like patreon but at the same time I'm a bit uncomfortable with how the interaction aspect of it sometimes works. Lots of artists are essentially charging for interaction with them rather than a product. From the article: "In this system, its almost impossible to separate a work of art from its creator or, at least, its creators public persona. Is there a future for someone who wants to be a musician, but not a personality? No. I dont think so, Hollens says. I dont think the reclusive thing is going to happen anymore. Thats not the world we live in." While that works for plenty of artists I'm sure there are others that can't handle it. In addition it seems really exhausting.
3
AmIFirstToThink 3 days ago 2 replies      
barf. yuck.

I found that article physically repulsive.

Patreon, if you are listening, don't buy into all the power that the article wants to shower upon you. They want you to influence your exercise of that power, and they want you to use that power to do their bidding in limiting free debate of ideas.

Patrons and the person that they support, that's it, that's all there is to it. The silver coin is being given by hands of patrons and taken by hands of one that is being supported, that silver coin shouldn't have opinions, emotions and desires. Stay neutral, that is the greatest challenge of our time, stay neutral. If a crime is being committed then co-operate fully with law enforcement, but don't give in to the pressures from lobbying groups with their own agenda.

Don't get carried away into the corrupting power the platforms like youtube, facebook, twitter exercise on the discussion carried out on these platforms. They have absolute power, and you can see that once you use it, it's addictively corrupting. Stay neutral, it is going to be hard to do, I hope you find the power within you to do so.

Good luck.

4
raesene9 3 days ago 0 replies      
Personally I like the patreon model, and think it works really well.

Bundling together payments for different creators into one place is handy and I'm guessing helps reduce fees, so smaller payments work better.

I only have to provide payment details to one site, so that's nice and easy too.

I get to support creators who's work I enjoy without having to endure web ads, which I dislike.

From the creators standpoint it seems to provide a nice even revenue stream. Whilst I don't know any personally, I'd guess it must be nice to have an idea of the base income you're going to get in a month, rather than relying on something more variable like advertising or ad-hoc tips.

5
drewg123 3 days ago 13 replies      
Unless I'm missing something, they seem to only have a monthly contribution model.

There are many times where I find a content creator helpful (for example a video tutorial on how to fix my broken washing machine), and I'd like to reward them. But I don't want to do it monthly, as I'll probably never watch another thing from them. So I'd like to be able to easily leave a one-time tip.

Can Patreon do this, and it's just not obvious?

6
nilved 3 days ago 3 replies      
A lot of creators I appreciate use Patreon, so I signed up to donate to them. They started sending me spam emails. It was like I was paying extra (giving Patreon a cut) for the privilege of getting annoying emails. Now I just donate directly to the creators, and I have a checklist that I go through every month.

I think something like Patreon is a great idea, but having a centralized company handle it and take a cut is not the way to go about it.

7
fernly 3 days ago 1 reply      
The article is well-done but speaks mostly from the artist's side. From the patron-side, I think an important factor in Patreon success is that it gives the donors the good feels for very little cost. I fund several web-comic artists whose work I enjoy at a trivial level, $0.25 per new comic for instance, or for some, the minimum $1/month. For a few $ a month, I get regular doses of warm fuzzies from knowing I am actually helping good artists continue to make art.
8
Sir_Cmpwn 3 days ago 4 replies      
Patreon is starting to take off for open source, too, which is great. I set one up and it offsets a good deal of the infrastructure costs for my projects. Many FOSS Patreons have pretty low figures - please go looking for them and support your tools!
9
just2n 3 days ago 1 reply      
I'm in favor of directly funding creators. I hate everything about ads. That said, I don't see any real value Patreon provides over other payment services, especially given their cost.

I definitely don't want politically driven judgement calls made on my behalf as to whether or not that creator should even be allowed to have my money, when that person hasn't actually done anything illegal. It's my money, and no business has any business telling me who I can and can't give money to, or why, and to step into that position is to trivialize competition. It's a bad move on Patreon's part, and it's completely antithetical to the service they should be providing: making it easier to find content you like by creators you like and then fund it so there's more. They don't do the former, and the latter is more and more only for "Patreon approved" creators. What is it they do that makes them invaluable or irreplaceable, because I'm not seeing it.

I've given thousands through Patreon but I've stopped using it for many reasons. I feel pretty justified in that decision just looking at their behavior, both lately and in the past. They've allowed pages to remain up for people who are provably doing nothing but harassing others (and advertising that behavior as the "activism" their Patreon page is funding), but taken others down just because they run a service which on principle refuses to police discussion but which isn't breaking any law because Patreon dislikes what people on that service say/do. Now they've removed someone because they disagree with something that person has done unrelated to their content creation being funded through Patreon (again, not even illegal behavior), and it looks entirely politically motivated.

I don't support Lauren and never have, but this kind of moral grandstanding and virtue signaling from Patreon just isn't acceptable to me, and definitely not from what is a glorified payment processing web interface. Tim Pool as usual has a fairly solid take on it, and I mostly agree with him: https://www.youtube.com/watch?v=3_yIp7eQO1c.

This piece looks like a pretty desperate PR move.

10
dugditches 3 days ago 11 replies      
I asked this before, but it wasn't really the place:

1.To those who donate to Patreons, how do you budget/think about/justify your donations?

2.Do you have a set budget? What if you really want to support someone suddenly, do you stop supporting someone else to do so, or reduce how much you give them?

3.When do you stop/reduce Patreon support? How long do you typically support someone? Until you feel they no longer need it?

11
vinceguidry 3 days ago 2 replies      
If anybody at Patreon is reading this, here's some feedback.

I spend maybe $20 a month on Patreon. The main thing keeping me from spending more is the interface makes artists appear more money-grubbing than they might want to.

I don't want to scroll down someone's feed only to find half of the content is locked. This is a negative user experience and makes me want to click off the site and go do something else.

Suggested fix is a checkbox or setting that allows me to hide content that I'm not at the right patron level to see.

12
__s 3 days ago 0 replies      
I've got a pretty niche patreon where I post a stream of consciousness devlog for Luwa. Only 1 subscriber, but it keeps me motivated having an outlet & knowing _someone_ thinks it's worth 5 dollars a month for me to flail around hand writing WebAssembly after work
13
jmcgough 3 days ago 0 replies      
What I've found interesting is the number of smut games and comics creators that are thriving (sometimes making their creator 6 figures a year) because of patreon.
14
cdcox 3 days ago 0 replies      
I do wonder how Google, Facebook and the ad sphere sees Patreon. A fair number of creators I've seen use Patreon to go ad free. It seems small but growing with strong network effects, and a clear path to profitability. In a lot of places on the internet it's almost a household name. It also is relatively platform agnostic and there is a lot of room for it to grow into. This seems like it might be a deep threat to the current power players of the internet and the current structure of the internet.

On the other hand, you could have said the same thing about Kickstarter a few years ago, but then it hit its growth limits and became just another, still slowly growing but no longer earth changing, feature of the internet landscape.

15
kareldonk 3 days ago 2 replies      
There should be no middle men. Only a direct P2P model will truly benefit everyone.
16
vijayr 3 days ago 1 reply      
this article (no affiliation with the author, just happen to enjoy his work) is also worth a read

https://gaps.com/patreon-earners/

17
RangerScience 3 days ago 0 replies      
There's a part of me that just wants to set up a Patreon, link to it from a few places with enough content to have a profile (Github, Medium; if I ever finish an article), and if it starts getting traffic, do more of that content. See what happens.

(Unlikely to be anything without marketing, but, why not? Cost of the effort is low.)

18
gregjw 2 days ago 0 replies      
Patreon's office caught fire yesterday! But everyone and everything is completely fine.

https://twitter.com/jackconte/status/892888675570208769

19
contingencies 2 days ago 0 replies      
I think the hyperbolic title needs an injection of reality. My 2c. Patreon ... added it 1 year ago to a commercial-friendly (LGPL3) library, in finance of all areas, that I've ploughed hundreds of hours in to over 8 years ... 14,000+ downloads per month ... and nobody has ever given a cent.
20
bcheung 3 days ago 0 replies      
It's funny, and a bit unfair, how they can get away with having adult content and not being labeled `high-risk`.

Most adult credit card processing takes 10-15% before the business even sees anything, and they are only taking 5% total and providing a service.

In many ways it's an anti-trust issue because competitor platforms geared specifically towards adult content can't get those same rates.

21
Jerry2 3 days ago 2 replies      
How long before Youtube bans private videos and destroys Pateron's business?
22
Applejinx 2 days ago 0 replies      
I'm https://www.patreon.com/airwindows and I'm writing audio DSP plugins in AU and VST form, for a living. Here are my observations over the past year of relative success on Patreon.

I'm in the top 3.2% of all Patreon, sitewide. That amounts to only a little over $700 a month (I'm using it to replace a for-pay business model that wildly oscillated from $400 to $3000 a month). It's growing.

I'm having to put out twice or three times the work, but I'm happier with a 'free/patronage' model because what was happening to me under the for-pay model was, I got locked into a 'hype cycle' versus other developers and companies. The sense I had was, my industry sector is dying. The way we treat customers is worsening, and it's a race to DRM-based, extremely invasive monthly software rental and a degree of dishonesty that didn't sit well with me. I feel that I bailed 'in time' to turn my ten years of reputation and experience into just-barely a subsistence using Patreon, and that if I hadn't done so, I would have been run out of business by competitors using every sort of deceptive and customer-abusing practice, and the epitaph would've been 'A shame, he was one of the good ones. Tough business'.

As such I feel I have a real-world view of what Patreon actually is. It's a form of payment processor that can let you bill for basically 'goodwill': the strong point is, it lets you render your income more predictable, at the cost of not being able to exploit individual creations which might be more valuable.

Never, NEVER get sucked into the 'just 0.1% of all living humans donating one cent a month will make you rich!' argument. If you have a hundred thousand known fans, MAYBE you can get a hundredth of them to give to you. You've got no control over what 'the crowd' will do. I don't know how many times I've revealed on HN that I'm creating mass quantities of code with an open-source (planned MIT license) future, on Patreon, and of the 347 patrons I've got, ALL of them are from my existing connections who already use my software. I'm looking to do an experiment with Facebook ads where I literally link to my entire library as a free zip to download and say 'I'm paying Facebook to tell you that I made this for you'. Haven't done it yet, don't have high hopes for it.

ALL your traction on Patreon comes organically from what you're already doing. In no way does it find you patrons: it's your shopping cart software. That does have one unusual consequence: since they aggregate patronage together and bill people in a lump sum, I've never seen anything more effective at enabling content that is routinely censored by credit card companies. Anyone who knows anyone who's tried to run an internet content business with NSFW material as part of the mix (I know a bunch of cartoonists) knows the dangers of getting banned by Visa and Mastercard (IIRC, particularly Visa won't touch you if you're dirty-minded). Patreon is a layer of abstraction that has enabled a startling opening up of opportunity for censored content, and that's shown in the NSFW side of Patreon. It's still not a 'free ticket to money' as you still have to generate your own attention, but obviously if you're good at NSFW content and distributing it free then the internet will beat a path to your door, and Patreon is accepted (in fact, the paywall model seems popular among NSFW creators with few objections to the idea. Premium content may not last long before being 'liberated' but I rarely see objection to the basic concept of a paywall around the freshest source of the creator's output).

I've been keeping records of what constitutes the top 1% of all Patreon, because I was keeping records of where I stood (started out at top 10% almost immediately because I had ten years of existing relationships w. customers). About a year ago, the 1% mark sat at around $2350 a month, with total creators between 41,000 and 45,000. It's been dropping, and as Patreon approaches 78,000 creators the 1% mark is dropping below $1890. This is while key patreon accounts are hitting new records for monthly income. It's definitely the internet power-law thing in action: the number of participants doubles, but most people are doing worse: the distribution is NOT staying the same, it's getting more skewed towards the outliers. I'm guessing this is partly caused by a flood of people who think it's an internet lottery ticket and not a way to bill masses of existing customers

Summary: Patreon is probably even less prone to 'discovery of worthwhile projects' than Kickstarter, because the mode of engagement is different: rather than seek out 'discoveries' it's a method of inserting benevolent digital leeches onto people's credit cards, very much like DRM-based rental schemes but less coercive. Because it can be used in a 'strictly voluntary' way, the revenue you'll get seems to be a quarter to a tenth what you'd get on a 'direct sales' model, but the consistency of a massed small-donation model combined with billing people's credit cards gives you a steadiness of income that is a LOT more easy to live with than boom-and-bust product development (which I did for a decade, pre-Patreon).

If you can budget for a growth month-over-month that's a little better than, say, the growth of index funds, and you've got created product with a decent number of people already aware of what you do, it's great. I have no regrets about going Patreon. I passed up an opportunity to do my whole 'for-pay' model over again to a market at least twice the size of my original (my whole decade of for-pay work was Mac only, and I relaunched targeting PC VST) but I'm glad I did. It let me double down on my positioning as a product maker, and completely avoid spending any time on being an internet cop. I just give everything away now, and the patronage gradually gets closer to minimum wage ;)

For now, I am your audio DSP waitress, on roller-skates. I always figured that was what ten years of creative work was worth ;)

23
model_m_warrior 3 days ago 2 replies      
In my years on the internet I find the content works itself out, so I'm unsure why I'd pay anyone anything. Half the reason I like most of it is because it's free.
12
There Have Always Existed People Whove Simply Wanted to Be Alone hazlitt.net
391 points by fern12  1 day ago   157 comments top 26
1
nabla9 1 day ago 9 replies      
Being alone and hiking and camping in the wilderness without human contact for longer period can be amazing experience. There can be initial anxiety and intense desire to go back after romance goes away and your internal shit comes to light. When there is constant need for do chores to survive but also free time and no human contact, no books, radio or music, mind gradually settles into itself.

It's like coming from bright light into a dark room. Gradually your eyes adjust and you start to see more. Coming back into the civilization is similar to someone pointing flashlight into your eyes. So much external triggers for behaviour. Realizing that I'm not actually me with other people and I'm disappearing into network of others. Me with others is mainly just bunch of triggers that fire based on conditioning.

If I can feel intense otherworldliness from just week or month alone, I imagine that if someone spends decades alone, civilization might seem like miserable alien ant colony. Everybody is responding to commands from others and carrying stuff they don't care about.

ps. It also can trigger psycosis, panic or some kind of madness (prairie fever, cabin fever) in some people. Romanticizing it as escape from all your problems might give people the wrong idea.

2
white-flame 1 day ago 3 replies      
It baffles me that people think it's so shockingly outlandish that there are people who don't reactionarily buy into the tribalistic pressures around us to simply act like everyone else. Humanity is not homogeneous, yet some notions like these are always projected out to be considered an immutable, inescapable constant. I can only guess that's that same fear of being different shining through.

I presume that on sites like this, there's a higher percentage of people who attempt to be more intentionally decisive about themselves and their lives. We don't necessarily have to toss out everything like Knight did, but looking at life and all the weird social rituals and expectations built up, the dichotomy between those and what seems actually beneficial becomes apparent. That conflict causes a choice, we would seek to do the "better" thing, and that draws many people outside the superficial social norms.

I especially bristle at this quote: "Why dont we want to be alone? Because the stuff thats down there is stuff you dont want to see." Anybody who tries to intentionally better themselves knows what's down there. You have to assess what you are if you're going to change. Sure, you can deny and hide from all that and simply find comfort in floating along with everybody else in social inertia, but that seems to me to be a shameful waste of those conceptual abilities which (apparently) make us uniquely human.

3
evervevdww221 1 day ago 5 replies      
I have the impulse to become a hermit myself, fundamentally because I'm tired of living up to other people's ideologies: going through schools and finding a job in a cubical. getting married at the right age and then raising the right amount kids, saving for their college fund and then for retirement.

but why?

I can't help but compare with my surroundings, even I have quit Facebook for many years. I can't be myself when I'm around others, but become a money maker for things I don't need. I can't concentrate on what makes me happy.

I recall what made me happy. it was when I finally understood some papers, some equations, some code. I just want to find a quiet place to do these. I hope to become an awesome painter and a guitar player too.

I just want to have enough to survive and focus my energy on these things. I don't care if I have successful kids or fancy cars.

4
grabcocque 1 day ago 5 replies      
The idea of introverts and extraverts being distinct groups of people with completely different neurological responses to social situations is a largely false one, created by self-help woo merchants to unhelpfully pathologise the feeling that EVERYONE has from time to time that they want to be left the fuck alone.

You know what? It's a normal, neurotypical part of life as a homo sapiens to want to be by yourself sometimes. And equally, it's a normal, neurotypical part of life as a homo sapiens to want to socialise sometimes.

We're a weird species like that, the way sometimes we want something and other times we want the opposite.

5
Mikeb85 1 day ago 3 replies      
The title IMO is far more interesting and thought provoking than the actual story. So this guy lived in the woods somewhat near people, and stole to get by...

I've personally always been fascinated by the topic as I have met several hermit monks, have a friend who lived as one for half a year, and contemplated it for myself. The history of religious asceticism and hermits is quite interesting, and many of history's most famous philosophers/religious leaders/prophets were either hermits, or had periods of reclusion. And nearly every single religion has these hermit figures.

Anyhow, the downside is that being alone is tough. Physically and mentally. Humans are social creatures. However I have personally benefited from periods of isolation and reflection, even if I'd much rather be around others.

6
factsaresacred 1 day ago 5 replies      
> Years ago, I went to India for a ten-day, silent retreat. I wanted to make myself go where I was afraid to godeep down, inside my own head. I found it terrifying. Why dont we want to be alone? Because the stuff thats down there is stuff you dont want to see.

We live in a world in which who we are is defined by what we do. We are a role - parent, engineer, carer. Strip that away and all that remains is a who. That's the reward of solitude: a situation wherein you have nobody to bounce your 'self' off, nobody to define yourself in relation to, allowing you to surface.

Turns out that who you are is simply a sequence of reactions to experience - the external kind as well as that which bubbles up internally. Rather than terrifying, this should be seen as profoundly liberating.

7
tray5 1 day ago 4 replies      
My personal theory for explaining hermits throughout history is simple, these people had/have aspergers. I have aspergers myself, and I can very easily see someone who has aspergers who for whatever reason no longer wants to socialize anymore getting up and doing their own thing out in isolation. I don't truly believe that any neurotypical person, and for that matter many aspies could do it, but if you're brain is wired in a way that socialization doesn't provide that reward that it does for most other people, either because you don't understand social interaction and have no desire to learn the rules so you can play the game, or simply because you have discovered the rules and simply have no interest exhausting the effort, going out into isolation and spending the rest of your days pursuing other things that give you fulfillment.
8
dahart 1 day ago 1 reply      
Snap Judgement did a nice podcast version of this story. http://snapjudgment.org/north-pond-hermit

The letters Knight & Finkel exchanged add an interesting angle.

Can't say I'm a fan of the author's choice for title of this post. It's Chris Knight's story, and nothing in this post presents any evidence for anyone else at any other time, aside from this single sentence "Think of Jesus, Mohammed, and Buddha: they all spent very long periods of time alone before introducing their religions." I totally believe there have always been people who want to be alone sometimes. Pretty much everyone wants to be alone sometimes. But ugh, this sentence & title seem to strain credulity and are so completely unnecessary and tangential to this story.

9
cJ0th 14 hours ago 0 replies      
> Years ago, I went to India for a ten-day, silent retreat. I wanted to make myself go where I was afraid to godeep down, inside my own head. I found it terrifying. Why dont we want to be alone? Because the stuff thats down there is stuff you dont want to see.

I find it interesting that silent retreats work for so many people. While I do get some benefits from meditation it doesn't really lead me to terrifying situations. From time to time it feels like I am having some epiphanies wrt to my shortcomings but meditation seems too gentle to call those moments a confrontation. There is always this nice, cool distance between me and my thoughts. Throwing me into an impro theater group might be more beneficial (and terrifying).The required spontaneity would force the "actual me" to live through uncomfortable situations and perhaps grow.

10
booleandilemma 1 day ago 4 replies      
He portrays a man who, without a shred of formal outdoor training, survived through ingenuity and remarkable self-discipline

The man burglarized people's houses for supplies.

11
Chiba-City 18 hours ago 1 reply      
FWIW, hundreds of thousands of Christian and Buddhist monks alive today all over our world live near to one another in cells or caves. A farming monastery in Arizona started 20 years ago is just beautiful and thriving. WV now has a Buddhist monastery. Buddhist monks are considered "ordained" but not most Christian monks. Lives of quiet or social Renunciation are everywhere and growing in number. Some even have fast WiFi. Go look on YouTube. I have been considering and schematically budgeting an urban ecumenical working monastery in Washington DC that would support itself with OSS testing, documentation and language localization.
12
dr_bloodmoney 1 day ago 2 replies      
I read about this man when the story first broke and found it extremely fascinating. I can relate to wanting to be alone and living an isolated existence. I love being in nature, away from the world and have often thought about pursuing such an existence permanently. But I just cannot comprehend his methods. Move to Alaska. Learn to hunt. Carve out a place for yourself somewhere. What he did tells me he was just insane - live near people and steal. To put it bluntly, this is fucking nuts.
13
KhanMahGretsch 14 hours ago 1 reply      
This looks like a good thread to recommend one of my favourite YouTube channels, "Primitive Technology", which features all manner of tools and dwellings built caveman-style.

It's creator is a hacker in the truest sense; his forge-blower contraption, for instance, is simply ingenious.

Don't forget to turn on captions, the subtitles describe what he's doing :)

https://www.youtube.com/channel/UCAL3JXZSzSm8AlZyD3nQdBA

14
FrozenVoid 21 hours ago 1 reply      
I don't want to live in a wilderness, but i would want to greatly reduce mandatory social interactions i have to do daily. Its emotionally draining and stressful.Almost everything we do can be automated, but people still insist on face-to-face interaction(or at minimum voice/video chat) and there is this herding behavior that forces people to adjust their beliefs and thoughts to conform to current in-group paradigms(the comparison with ant colonies ITT is on point).All the 24/7 media exposure and rat race of consumerism eventually take their toll on mental health(the polar opposite of "hermit slowly losing their minds") with people becoming psychotic and dependent on pills to function.
15
DannyDaemonic 1 day ago 2 replies      
There's an evolutionary advantage to having people who are isolated from the rest of the community. And not just in terms of sickness transmission. Things such as war, famine, and natural disasters can wipe out whole population groups.
16
Zuider 23 hours ago 0 replies      
"Man is by nature a social animal; an individual who is unsocial naturally and not accidentally is either beneath our notice or more than human. Society is something that precedes the individual. Anyone who either cannot lead the common life or is so self-sufficient as not to need to, and therefore does not partake of society, is either a beast or a god"

From Aristotle, The Politics.

17
taw55 12 hours ago 1 reply      
Here is another, longer form article about Chris Knight by the same author.

http://www.gq.com/story/the-last-true-hermit

18
asherkosaraju 18 hours ago 0 replies      
And there is nothing wrong with it. Most people think being alone is equivalent to being antisocial. A common misconception that needs to be addressed. The person doesn't need therapy, they just want to be left alone.
19
mark_l_watson 23 hours ago 0 replies      
Great story. I wonder how spiritual/ religious Chris is. I understand being alone in nature and the desire for solitude but Chris's life style probably has a strong spiritual component. I am going to have to read the book.
20
mkhalil 1 day ago 2 replies      
"Why dont we want to be alone? Because the stuff thats down there is stuff you dont want to see."

This really resonates with me. The "Fear of missing out" is something I try to avoid like the plague, but sometimes I wonder why do I even care?

edit: replaced the acronym FOMA

21
Indolat 11 hours ago 0 replies      
A man can be himself only so long as he is alone; and if he does not love solitude, he will not love freedom; for it is only when he is alone that he is really free.

Arthur Schopenhauer

22
mythrwy 1 day ago 0 replies      
Maybe "introvert" or "extrovert" depends largely on the potential company.

All people (and cultural groups for that matter) are not equally pleasant to be around.

23
lngnmn 10 hours ago 0 replies      
Since the time Vedic seers, I suppose...

BTW, prolonged solitude has been considered by most major Eastern schools (both Hindu and Buddhist) as necessarily precursor for spiritual transformations.

24
aaron695 23 hours ago 0 replies      
There have always existed people who have suffered from severe depression. There have always existed people who are sucidial.

I find the title a bit dangerous, but an interesting topic.

25
JumpCrisscross 1 day ago 0 replies      
How does one find, or plan, such retreats?
26
stcredzero 1 day ago 0 replies      
True story: in the early 90's, I walked up to and witnessed this: There was a young woman running a "Museum of Elvis" in a storefront in Portland. She wasn't making it financially, so unable to pay off her student loans, she took to sitting in the storefront in a chair, with a sign and a donation box saying, "I just want to be left a loan."
13
832 TB ZFS on Linux jonkensy.com
301 points by beagle3  1 day ago   152 comments top 18
1
rsync 1 day ago 4 replies      
"I ended up between the Supermicro SSG-6048R-E1CR60L or the SSG-6048R-E1CR90L the E1CR60L is a 60-bay 4U chassis while the E1CR90L is a 90-bay 4U chassis. This nice part is that no matter which platform you choose Supermicro sells this only as a pre-configured machine this means that their engineers are going to make sure that the hardware you choose to put in this is all from a known compatibility list. Basically, you cannot buy this chassis empty and jam your own parts in"

This is a major departure from the Supermicro business model and practices and basically broke all of our next generation expansion roadmaps.

This was not a technical decision - it is the same old economic decision that every large VAR/integrator/supplier has succumbed to for the last 30 years. They aren't the first ones to try this trick and they won't be the last.

We (rsync.net) are not playing ball, however. After 16 years of deploying solely on supermicro hardware (server chassis and JBODs) we bought our first non-supermicro JBOD last month.

2
kev009 23 hours ago 1 reply      
There are a couple needful tweaks to this BOM for anyone wanting to follow this..

Only populate one CPU socket. Zone allocation between two NUMA nodes is kind of hard, especially since Ubuntu 16.04 zfs is pre- OpenZFS ABD where memory fragmentation is reality.

I would recommend better NICs like a Chelsio T5 or T6. Aside from better drivers and a responsive vendor, you can experiment with some of the iscsi offloads or zero copy TCP.

Supermicro seriously under-provisioned I/O on that chassis. I'd add LSI/Avago/now Broadcom cards so you can get native ports to every drive. Even if it's just a cold storage box, it will help with rebuild and scrub times and peace of mind. The cost of this is not bad compared to the frustration of SAS expander firmwares. 2x24 or 3x16 and 4 drives on the onboard if you can skip the backplane expander. Supermicro will usually do things like this if you insist, or an integrator like ixSystems can handle it.

More subjectively, I would also recommend FreeBSD. It seems their main justification for Ubuntu was paid support, which can be had from ixSystems who sell and support an entire stack (Supermicro servers, FreeBSD or FreeNAS or TrueNAS, and grok ZFS and storage drivers to the tune that they have done quite a bit of development.

3
twiss 1 day ago 0 replies      
> I purchased these units through a vendor we like to use and they hooked us up, so I wont be able to share my specific pricing. (...) If you build the systems out on there youll find that they come in around $35,000 (USD) each.

That devided by 52 x 8 = 416TB is 0.084$/GB. For comparison, the Backblaze Storage Pod 6.0 [1] claims 0.06$/GB for the version with the same hard drives. Although this version has a bunch of extra features like 2 x 800GB SSD's for ZFS SLOG, 8x more RAM for a total of 256GB, etc.

[1]: https://www.backblaze.com/blog/open-source-data-storage-serv...

4
sandGorgon 1 day ago 2 replies      
The most important line for me was "Today, you can run ZFS on Ubuntu 16.0.4.2 LTS with standard repositories and Canonicals Ubuntu Advantage Advanced Support. That makes the decision easy."

Its highly interesting that Canonical does this with ZFS. I'm not sure why they dont market this more.

5
yest 10 hours ago 1 reply      
>Its hard if not impossible to beat the $/GB and durability that Amazon is able to provide with their object storage offering.

what the actual fuck?? AWS S3 is a abominable rip off. After I rented to my own dedicated server, I am paying several times less.

6
jjirsa 1 day ago 9 replies      
Zfs on linux and huge single servers, what could go wrong?

It's like a blog written by a 22 year old straight out of college that's never dealt with a real production deployment/failure

Zfs on Linux has data loss bugs. There's at least one unpatched and there are bound to be more.

Single huge servers eventually fail. Maybe it'll be a drive controller. Maybe it'll be CPU or ram with bit flips as a side effect. Downtime would be the least painful part of the eventual failure.

7
BigIQ 3 hours ago 0 replies      
Biggest question: why?

At that scale something like Ceph would be more reasonable. Just because ZFS can handle those filesystem sizes doesn't necessarily mean that it's the best tool for the job. There's a reason why all big players like Google, Amazon and Facebook go for the horizontal scaling approach.

8
vc00000 7 hours ago 0 replies      
We bought our initial 2 TrueNAS servers from IX Systems (SuperMicro) back in 2011, have been upgrading over the years and they have been very reliable servers.

Currently each server has 63 drives (4TB HGST NL-SAS) with 1 hot spare, configured as RAIDZ.

Right now there is 200TB of usable storage, we initially started with 29TB and have been expanding as needed when it hits about 79%, I buy 18 drives roughly every 6-8 months, 9 drives per server and expand the pool.

To say that we never had issues is lying, we did have some major issues when upgrading from versions, but this was early on, now it is a rock solid storage system.

Although there is less than 300 active users connecting to the primary server, there is a lot of very important pre & post production high dev videos.

Reboot with 63 drives is around 10 minutes or less.

Resilvering could take 24-48 hours, depending on load, depending on how much data the failed drive contained.

Performance has been great, reliability has been great, support has been great.

Sadly IX Systems can no longer provide support after the end of this year, they've extended support beyond the expected lifetime of the hardware.

9
guroot 1 day ago 2 replies      
Can I just ask.Why not use FreeBSD?
10
mikekij 1 day ago 0 replies      
Almost big enough to archive SoundCloud!
11
jaytaylor 1 day ago 1 reply      
What about cooling? Will the lifespan of the high-capacity platter-dense hard drives be drastically reduced by clumping them together like that with what looks like little airflow?
12
4ad 1 day ago 6 replies      

 you can run ZFS on Ubuntu [...] You could also build this on Solaris with necessary licensing if you wanted to that route but itd be more expensive.
I find it bewildering the author didn't even consider illumos or FreeBSD, where ZFS is a first class citizen.

13
z3t4 1 day ago 3 replies      
Anyone else addicted to acquiring servers and high bandwidth connections ? Any ideas on what to do with the over capacity ?
14
SoMisanthrope 1 day ago 0 replies      
Very impressive! It's amazing what people are doing with OTS technology.
15
notyourday 1 day ago 0 replies      
Very good experience with 45drives.com storinator XLs.
16
cmurf 1 day ago 1 reply      
Do either of these project spec hardware that would work for this use case?

opencompute.orgBackblaze storage pod, they're up to v 6.0 now

(Netflix open connect specs supermicro hardware)

Others?

17
rurban 18 hours ago 0 replies      
I'm not a HW guy but those drives seems to be far too close together. A few more millimeters space will keep the temperature down much better I assume.
18
andreiw 1 day ago 1 reply      
I wish Supermicro had a similar chassis around the Cavium ThunderX. That would make a lot of sense for network-attached storage, regardless of whether one goes with SATA or drops in a SAS adapter or two. Does anyone know if any of the Cavium accelerators (crypto or compression) can improve ZFS perf?
14
To Protect Voting, Use Open-Source Software nytimes.com
280 points by evanb  3 days ago   240 comments top 28
1
pedrocr 3 days ago 7 replies      
Don't, use pen and paper instead. Previous HN discussion on it:

https://news.ycombinator.com/item?id=14891266

2
yosito 3 days ago 6 replies      
The number of comments here that assume paper ballots are inherently unhackable is disturbing. Paper is a technology like any other and subject to being manipulated by clever folks. The only way to have secure, trustworthy voting systems is to have them constantly being designed, updated, understood and publicly auditable. The only downside inherent to digital vs paper systems is that they're more complex and harder for people to understand and therefore audit, but there are plenty of upsides and the downsides can be mitigated through education. Open source is absolutely important for the auditability of voting software, but the same openness and transparency is just as vital with paper. tl;dr, it's not hard to hack paper!
3
rectang 3 days ago 3 replies      
Open source voting software will never replace proprietary voting software, because open discussion of voting software security will reveal that it's impossible to build hack-proof voting terminals.

Paper ballots are a superior technology.

4
cwyers 3 days ago 2 replies      
Haven't we gotten past the "open source == secure" mindset yet? Yes, open source software can be audited. But secure software is also really really expensive. "With enough eyes, all bugs are shallow" has been pretty well repudiated. Finding security bugs and fixing them in open source products is exactly the sort of drudgery that people don't tend to do on their own; it's not fun like adding new features is. Open source is not a silver bullet to add security where other forces are pushing against it. Android is open source, iOS isn't. Which is more secure? I'm not saying that iOS is more secure because it's closed source, I'm just saying that "open source == secure" is overly simplistic.
5
Kpourdeilami 3 days ago 1 reply      
Even if they use open source software, what guarantee is there that version of the software deployed on the machines is the same as one people can inspect?
6
ivanbakel 3 days ago 1 reply      
A natural extension of the industry requirement for crypto implementations to be open-sourced. How can you rely on the security of a system you cannot inspect? The trouble is that security through obscurity is the physical standard - you can't keep a lock everyone knows the cut for - so the non-technical approach is sticking with what you know.

It's disturbing that a major corporation has the lobbying power to back that kind of unsafe position for its own gain, though.

7
mipmap04 3 days ago 1 reply      
Or use paper ballots.

Additionally, if you really wanted to protect voting and still use computers, use an open ballot and also allow voters to audit their own vote.

8
jangerhofer 3 days ago 4 replies      
I have two open-ended questions on the subject of technology in U.S. voting.

(1) Why doesn't our electoral system require public disclosure of each voter's record? What would the ramifications of publishing each voter's identity & ballot online be? My thinking, like other comments here, is that a transparent voting system would make results more easily verifiable, if not easy to verify.

(2) At what point could we transition toward more of a democracy (in contrast to the representative, republican system) through the use of digital voting, which has a lower "barrier to entry" than turning out to a polling center? Particularly on nationwide issues like healthcare, I presume there are relatively few technological barriers to letting every citizen vote individually on a bill and immense political and social consequences. I can't fathom the outcomes -- do you know of any discussion of such a system?

Non sequitur: I've always wanted to see a "name brand" professional sports team run, down to the minutiae, by online fan voting. I know it's out there in small leagues already.

9
bearcobra 3 days ago 0 replies      
This seems like a problem that requires multiple approaches to fix. Since the election, I've been thinking that a system with these features would be ideal

1. Electronic machines powered by OSS - Provides fast counting, and potentially better UX in scenarios with large number of items to vote on - Ability for the public to review the code2. Machines print copy of ballot that voter can verify before being placed in a secure ballot box - Provides auditable backup record3. Machines give the option to print a second copy of the ballot with a unique code. This code can be used to verify selections later via some kind of online interface. - Gives the user one more check on ballot integrity - Allows voter to keep voting record anonymous if they choose

I think this would balance pros/cons of pure paper vs. electronic voting systems

10
SomeStupidPoint 3 days ago 2 replies      
....Or just be reasonable and use paper ballots.

They're not actually that hard to count, they leave a hard to alter record, they require more effort to fake, etc.

The under investment in voting and the focus on mechanizing it has been a disaster in the US and is teetering on the edge of being incredibly dangerous to the well-being of the country.

Electronic voting has none of the features we want and all the failure modes we don't. Return to entirely paper.

(For what it's worth, my area seems to basically use those test scanning systems on paper mail-in ballots. That's still more electronics than I like involved in the process, but is much better than fully electronic and we might be stuck with that as long as we use mail-in ballots -- which is a separate debate.)

11
tzs 2 days ago 0 replies      
If you need open source voting software in order to trust that your voting system is working reliably, you have already lost, because that implies your voting system is depending on software working correctly.

Look at Scantegrity [1]. It provides end to end independent verifiability of elections and lets voters check to see if their vote was counted correctly, without depending on the voting software functioning correctly.

[1] https://en.wikipedia.org/wiki/Scantegrity

12
khrm 3 days ago 0 replies      
I find Rivest's video( https://www.youtube.com/watch?v=BYRTvoZ3Rho ) on homomorphic encryption as voting mechanism quite interesting. It looks more secure than pen and paper.

All user get a receipt which they can verify is same during vote counting.They themselves can vote count using all others receipt.At the same time, they can't sell their vote as it's encrypted.

13
uncletaco 3 days ago 1 reply      
Use paper voting, or if you want everyone to have easier access use mail-in paper voting.
14
GlitchMr 3 days ago 0 replies      
There was once a GNU project for electronic voting (https://www.gnu.org/software/free/), but it was stopped after realizing they were trying to do was almost impossible to do and changed the direction into recommending to not use electronic voting systems at all.
15
dilap 3 days ago 5 replies      
Give each vote a uuid. Give the voter a receipt with their uuid and results. Post the full results online by uuid; voters can verify the recorded online result is faithful.

Label the online results by voting site. Keep a count at each site of the number of people that voted. Verify this count more or less matches the results posted online.

16
zAy0LfpBZLC8mAC 3 days ago 1 reply      
Just no.

Very relevant to this topic: Ken Thompson's "Reflections on Trusting Trust":

https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thomp...

17
marcoperaza 3 days ago 0 replies      
The most computerization I'm comfortable with for voting is having machines count paper ballots.
18
denom 3 days ago 0 replies      
Paper and pen is the way to go. It provides a verifiable record of votes cast and means you need physical/personal access to to tamper with the result. That also means people with no special skills can provide security for all segments the voting process.
19
jjawssd 3 days ago 3 replies      
I think a lot of you guys mentioning paper ballots are also missing something very important: what is counting the paper ballots? Is a Scantron machine reading the ballots? If so, the firmware could be compromised to bias results in a particular direction in a stealthy manner.

Please observe a real world example of this: https://www.youtube.com/watch?v=8mBMHPxdljE

20
digikata 3 days ago 0 replies      
Open source voting software is not sufficient. Paper ballots are better, but I suspect that electronic + verified paper receipt + an audit process is a fuller solution. Paper alone can be more easily locally subverted, electronic alone can be more globally. But if you have to alter both an electronic record/reporting and the paper ballots in a way that correlates then you have a better resistance than either paper/electronic alone.
21
fapjacks 3 days ago 0 replies      
I would take it one step further: I should be able to build my own voting machine from the open source plans, and cast my vote with it this way, which prints out a receipt for me that I have verified matches the (paper) printout on the receiving end.
22
Findeton 3 days ago 0 replies      
Whether we like it or not, electronic voting has probably arrived to stay. So perhaps the best way of proceeding is trying to harden the electronic voting systems as best as we can instead of letting other less informed people try.
23
jgamman 3 days ago 0 replies      
why don't you mix the two and have electronic as 'indicative' with paper being the ultimate decider. no way i want 100% e-voting but having a machine spit out a picture of the person i'm voting for that i deposit in a box seems fine - the instant-news cycle gets it's data realtime, the data is then fact checked over the next 24 hours. what's the downside? i like democracy, i think a bit of belt-and-braces to its mechanics is a Very Good Idea.
24
wolfgang42 3 days ago 0 replies      
I see lots of debate on paper vs electronic voting, but I don't see anyone who's mentioned another option: mechanical voting machines. For those who haven't encountered one, here's how they work:

1. You go to your local polling place, show the volunteer your ID, and sign a book next to your name. They check your signature, then walk you to a voting machine and unlock it.

2. You go into the voting booth and pull the operating lever to the right. This closes the curtain, increments a counter, and unlocks the vote levers.

3. You make your vote selections on the voting levers. The machine prevents spoiled ballots with a mechanical interlocking: if the ballot says "pick any two", the other vote levers will be locked out once you've selected two of them.

4. Once finished, pull the operating lever to the left. This increments various counters for your votes, clears the voting levers, opens the curtain, and relocks the machine.

At the end of the night, the election volunteers open the back of each machine and read off the values of each counter, then report the results to the election board. There, the numbers are subtracted from the original counter values (the counters are non-resettable) and cross-checked to ensure validity (casting a vote increments both a vote counter and various 'checksum' counters), then aggregated with the other machines to get the final result.

This system has, in my view, most of the advantages of the other two systems: it is very difficult to tamper with (all the voting machines, once configured, are cross-checked and sealed; the seal is on the side of the machine and can be inspected by any voter to detect tampering), anonymous (all votes are aggregated in-machine), and provides fast counting (all of the counter values are entered into a digital system at the end of the night).

Unfortunately, they were banned by the Help America Vote Act, and are sometimes panned as difficult to use. (I never got a chance to use them myself, as New York replaced them shortly before I became eligible to vote, but I got to go into the voting booth with my parents and even as a nine-year-old they didn't seem especially confusing to me.) Also, the machines are complex mechanical beasts, with some 28,000 moving parts, and they're probably becoming increasingly difficult to repair.

Even if mechanical voting machines are a thing of the past, I think it's important to at least look at them to see how they provided for the important aspects of a voting system, and possibly take some of the ideas to be used in current and future systems.

26
vmarshall23 3 days ago 0 replies      
Open Source Voting Machines - with a take-away symmetric key paper receipts for auditing.
27
soufron 3 days ago 0 replies      
To protect voting, keep up with transparent urns and paper ballots
28
Dowwie 3 days ago 0 replies      
Paper and Rust.
15
Detecting Chrome headless antoinevastel.github.io
341 points by avastel  1 day ago   149 comments top 24
1
westoque 1 day ago 10 replies      
Your solutions in detecting Chrome headless is good.

But someone who really wants to do web scraping or anything similar will use a real browser like Firefox or Chrome run it through xvfb and control it using webdriver and maybe expose it through an API. I find these to be almost undetectable.. The only way you can mitigate this is to do more interesting mitigation techniques. Liie IP detection, Captchas, etc.

edit: when I say real browser, I mean running the full browser process including extensions etc.

2
shakna 1 day ago 3 replies      
> ... to automate malicious tasks. The most common cases are web scraping...

I really don't think scraping should fall onto that list.

There isn't even a consensus in the IT world whether or not scraping should be able to be legally restricted.

3
stevefeinstein 1 day ago 2 replies      
So again someone wants to punish all the legitimate people using a web site to get some marginal benefit from detecting the remaining <1%. The inevitable false positives don't affect the "malicious" users. Only the legitimate ones.And how much will this bloat the page load by? Adding more code to an already overly large page isn't helping anyone.

Just let the web be the web, and stop trying to control it.

4
JoshTriplett 1 day ago 2 replies      
This looks like a list of bugs that need fixing; ideally, headless Chrome should be completely indistinguishable from ordinary Chrome, so that it gets an identical view of the web.
5
josteink 19 hours ago 0 replies      
> Beyond the two harmless use cases given previously, a headless browser can also be used to automate malicious tasks. The most common cases are web scraping

I guess I disagree with the premise of this article.

How is web scraping fundamental malicious?

What rights/expectations can you have that a publicly accessible website you create must be used by humans only?

6
sorenbs 1 day ago 0 replies      
Leaving aside for a moment that many "malicious" use cases are actually fairly common and totally legitimate.

Headless Chrome is awesome and such a step up from previous automation tools.

The Chromeless project provides a nice abstraction and received 8k start in its first two weeks on Github: https://github.com/graphcool/chromeless

7
fforflo 1 day ago 1 reply      
Since when is web scraping a "malicious task"?
8
XCSme 1 day ago 2 replies      
If someone wants to scrape your site he will do it, just find workarounds against your "protection". It is impossible to tell the difference between a real user and an automated scrape request, you can only make their job a bit harder.
9
tyingq 1 day ago 1 reply      
I wonder how many of these were deliberate, and how many were missed. Google has a vested interest in bot detection.

And by releasing headless chrome, they killed off some of the competition. (https://groups.google.com/forum/#!topic/phantomjs/9aI5d-LDuN...)

10
PascLeRasc 1 day ago 2 replies      
I don't want to start an argument here, but can someone explain why web scraping is considered malicious?
11
tomatsu 1 day ago 0 replies      
> var body = document.getElementsByTagName("body")[0];

You can just use document.body.

I also suggest to use a data URL instead. E.g. "data:," is an empty plain text file, which, as you can imagine, won't be interpreted as a valid image.

 let image = new Image(); image.onerror = () => { console.log(image.width); // 0 -> headless }; document.body.appendChild(image); image.src = 'data:,';
> In case of a vanilla Chrome, the image has a width and height that depends on the zoom of the browser

The zoom doesn't affect this. It's always in CSS "pixels".

12
tscs37 17 hours ago 0 replies      
I do hope that these methods get patched, I tend to archive my bookmark collection with chrome headless to prevent loosing content when such a site goes offline. I hate it when a website requires me to play special snowflake to scrape them for this purpose.
13
netsharc 1 day ago 1 reply      
Shouldn't the first block of code have "HeadlessChrome" instead of just "Chrome" as the search term?
14
jdc0589 9 hours ago 0 replies      
dumb question from someone who's written a ton of scrapers and scraping based "products" for fun:

at what point does it make more sense for companies to just start offering open APIs or data exports? Obviously it would never make sense for a company who's value IS their data, but for retail platforms, auction sites, forum platforms, etc... that have a scraper problem, it seems like just providing their useful data through a more controlled, and optimized, avenue could be worth it.

The answer is probably "never", it's just something that comes to mind sometimes.

15
skinnymuch 1 day ago 2 replies      
How many of these can be faked with some additional code with Chrome headless?

Regardless as others are saying, using complete Chrome or Firefox with webdriver solves all these, right? Is there a way to detect the webdriver extension? That's the only difference I think from a normal browser.

16
hossbeast 21 hours ago 0 replies      
"Beyond the two harmless use cases given previously, a headless browser can also be used to automate malicious tasks. The most common cases are web scraping, increase advertisement impressions or look for vulnerabilities on a website."

Cheating an advertiser I'll grant you, but the other two are 100% legitimate.

17
askvictor 1 day ago 0 replies      
All of these could quite easily be overcome by compiling your own headless chrome. It wouldn't surprise me if there is a fork to this effect soon.
18
DannyDaemonic 1 day ago 0 replies      
I'd be willing to bet that missing image size variance is more of a bug or oversight, and is something that will be fixed.
19
userbinator 1 day ago 0 replies      
Those who want a more "authentic" experience would do better to use a real normal browser, and control it from outside.
20
assafmo 1 day ago 0 replies      
"... a headless browser can also be used to automate malicious tasks. The most common cases are web scraping... "

Since when web scraping considered malicious? Companies like Google are doing billions because they use web scraping.

21
fiatjaf 1 day ago 1 reply      
Isn't it possible to detect a bot by tracking some events like random mouse moving, scrolling, clicking etc.? Why weren't these kinds of detection tried in place of captchas, for example?
22
codedokode 1 day ago 2 replies      
What about mining cryptocurrency on a page load as a solution against scrapers?
23
revelation 1 day ago 1 reply      
The irony of using JavaScript to detect scraping or bots when the majority of them not used to trick ads don't ever execute any of it because they are a better curl.
24
asveikau 1 day ago 1 reply      
16
US Supreme Court will require electronic filings and post them free online washingtonpost.com
255 points by scott00  2 days ago   32 comments top 5
1
avs733 2 days ago 2 replies      
This seems like an unmitigated good. The law, in all forms, should be freely and publicly accessible[1].

Part of me struggles with the abject misunderstandings about law I see in both the media and the public...legal jargon and process are inherently dense/anachronistic. That being said, this seems like an opportunity both for SCOTUS to role model transparency and to try and shorten the process by which the interpretation of the sacred texts are communicated to the people.

[1] this includes things like building codes and professional standards which while legally in the public domain are still claimed as copyright and sold by organizations like the American Society of Mechanical Engineers. The EFF has some resources on this: https://www.eff.org/deeplinks/2014/01/law-belongs-public-dom...

2
k-mcgrady 2 days ago 4 replies      
OT: The Supreme Court in the UK has a YouTube channel [1] where videos of judgements are posted (usually very soon after they take place). I'd be interested to know if the SCOTUS has a similar service. I can't find it on YouTube but maybe they can be accessed elsewhere?

[1] https://www.youtube.com/user/UKSupremeCourt

Edit:

Thanks to the below commenters.

3
piker 2 days ago 3 replies      
While this idea seems great, requiring court staff to submit pro se litigants' petitions may be a non-trivial burden. Something like 40% of federal appellate work is responding to (often meritless, often incomprehensible) pro se habeas petitions[0]. I wonder if a side effect of this is additional legislation intended to dampen that burden[1] at the expense of real human liberty. I hope not, but we should balance this issue and be cautious about chilling less fortunate peoples' access to these basic civil mechanisms.

[0] http://www.lclark.edu/live/files/777[1] See, e.g., https://en.wikipedia.org/wiki/Antiterrorism_and_Effective_De...

4
clamprecht 2 days ago 1 reply      
What will pro se prisoners do? I assume there's some provision for that. If not, they can't even appeal the rule itself!
5
kevin_thibedeau 1 day ago 1 reply      
So SCOTUS runs its own system and the rest of the federal courts lock their public records behind the PACER paywall. Very consistent.
17
The Loyal Engineers Steering NASAs Voyager Probes Across the Universe nytimes.com
300 points by gaius  2 days ago   50 comments top 13
1
laydn 2 days ago 7 replies      
You know, getting these electronics systems ready, sending out to deep space and communicating with these systems is an incredible feat.

But, for me, another amazing thing about these long term projects is the sheer amount of knowledge that needs to be maintained and passed on to new people, over the course of several decades. To pull it off, this need of knowledge management and transfer must be so deeply engraved in the culture of the organization. How do they do it in this day and age of "FAQs", "Forums" and "Helpdesks"? :)

In all seriousness, what do you do to maintain "knowledge" in your organization?

2
bitexploder 2 days ago 1 reply      
There is so much cool stuff in this article. The engineers stuck in the 70s with modern tools to aid them, but that only gets them so far. The love and dedication to this spacecraft. These engineers believe in the mission of space so deeply they married themselves to Voyager. A marriage more substantial than many real marriages. Just thinking about this dedication and how space exploration is, in my opinion, one of the few ways we can truly advance as a species beyond our ruts here on Earth gave me chills. There is something, existential, poetic, and sad about the lonely work these engineers have done for so long.

If you didn't read this article the portraits of the engineers and snapshots of the lives is moving.

3
sehugg 2 days ago 1 reply      
... its oscillator, which allows it to accept a wide range of frequencies, had quit, essentially shrinking the target for transmissions from Earth. Assuming a much narrower bandwidth, and manually subtracting the Doppler effect, they recalibrated their signal. It worked but to this day, the same calculation must precede every command.

IIRC from an old SciAm article, the temperature of the spacecraft's electronics is also taken into account when doing this calculation.

4
rootbear 2 days ago 1 reply      
A lot of what has been said here about software documentation and process is true of NASA flight projects, especially manned. Outside of flight, not so much. In some cases, it's a bit more like grad-school-project-that-escaped. An exception would be the modeling code used for things like weather simulation on supercomputers. The scientists need to know that their code actually matches the model they're testing and that things like numerical precision and error bounds are being handled properly. I'll add that the above is anecdotal, based on my experiences at NASA Goddard.
5
rodgerd 2 days ago 2 replies      
I recommend seeing The Farthest (https://www.youtube.com/watch?v=znTdk_de_K8) if you have any interest at all in this.
6
dingo_bat 2 days ago 5 replies      
How do you retain such talented people for such a long time? These people could get jobs in the most cutting-edge company in their respective fields. Still they choose to stay at the same place for decades.
7
rbanffy 2 days ago 0 replies      
In the end, the engineer's prayer is probably a lot like the astronaut's.

"Please, dear God, don't let me fuck up."

8
yourapostasy 2 days ago 0 replies      
> ...[the heliosphere] blocks 75 percent of cosmic radiation...

It sounds like a solar system-scale Van Allen belt [1] when described like this. So we have at least three layers of cosmic radiation protection identified (heliosphere, outer VAB, inner VAB).

If the heliosphere has implications for high-precision, high-accuracy independent-of-Earth interplanetary spaceflight similar to gravimetric and magnetic readings on Earth do for submarines today, then mapping the heliosphere would be a future asset.

[1] https://en.wikipedia.org/wiki/Van_Allen_radiation_belt

9
danesparza 2 days ago 0 replies      
This article is pretty dang cool. Looking over the pictures of the NASA engineers I couldn't help but think "Damn, that engineer looks TIRED". Did anybody else think the same thing?
10
nlh 2 days ago 0 replies      
One thing I've always been amazed at when reading about spacecraft is the incredibly detailed level of control the scientists have over the craft.

It's something I'm not used to here on earth -- when something breaks, I've learned you either crack it open and replace the part or buy a new device :)

Can someone talk (or provide a link) about how this sort of system design works?

11
mrunkel 2 days ago 0 replies      
I read far too far into the article before I realized it was the mobile site. :)

In the mid 1980's I went on a tour of JPL in Pasadena and actually saw the computers that were (at the time) in charge of recording and storing the telemetry data. I'm vague on the exact details, but apparently the computers were donated from the US Army and were field models (early "portable" computers) and they operated on 48V DC power. So not only were the computers themselves large fridge sized units, they had near matching transformers that were fairly unreliable.

I recall reading that in the mid 90s NASA replaced all the mission control systems for the space shuttle with a single Sun Workstation, so I assume that JPL also at some point replaced the downlink computers for V'ger.

My hat is off to these many fine people who stuck it out with jobs that were probably long periods of drudgery interspersed with moments of sheer terror.

12
CocoaGeek 2 days ago 1 reply      
Love the Sun workstation on Enrique Medina's desk 8)
13
odammit 2 days ago 0 replies      
I didn't know Sammy Hagar was moon-lighting at NASA. Very impressive.
18
Indictment of Marcus Hutchins aka "Malwaretech" documentcloud.org
307 points by ryanlol  3 days ago   195 comments top 19
1
syshum 2 days ago 5 replies      
Outside of the clear concerns about if this person is falsely accused of creating malware for the purposes of victimizing people one concern I still have not seen addressed widely is the issue of US enforcing laws on an international level

Even if all of the charges are true, these "crimes" would have taken place in the UK or where ever this person is living outside the US, so how then can the US justify charging them with violation of US law.

I know this is not the first time this has happened, nor will it be the last time this happens, but it is increasingly concerning that crimes completely committed online are open to US Jurisdiction and sets a TERRIBLE precedent.

As a US Citizen I do not want to be held to another nations laws, laws I may not be familiar with, because of my online activities.

It is only a matter of time before a EU nation attempts to extradite or arrest a US Citizen traveling abroad for a hate speech law violation or some other violation that occurred online from the US which is not a violation of US law but is a violation of EU Law.

2
danso 3 days ago 1 reply      
The Guardian has some more context (for those of us not keeping track of previous events, such as AlphaBay's takedown a few weeks ago): https://www.theguardian.com/technology/2017/aug/03/researche...
3
imroot 3 days ago 4 replies      
Even for an indictment, this is...surprisingly bare.

(For example, this is an Alphabay seller who was selling and distributing fentanyl in Cincinnati two months ago).

https://www.dropbox.com/s/sbsiebzsd6r0f28/bozworth-grace-arr...

It looks like they put together the minimum needed to indict, put together a grand jury, indicted and arrested. This was the prosecutor's "ham sandwich" of the week.

4
r721 2 days ago 0 replies      
"This raises an interesting legal question: Is it a crime to create and sell malware?

The indictment asserts that Hutchins created the malware and an unnamed co-conspirator took the lead in selling it. The indictment charges a slew of different crimes for that: (1) conspiracy to violate the Computer Fraud and Abuse Act; (2) three counts of violating 18 U.S.C. 2512, which prohibits selling and advertising wiretapping devices; (3) a count of wiretapping; and (4) a count of violating the Computer Fraud and Abuse Act through accomplice liability basically, aiding and abetting a hacking crime.

Do the charges hold up? Just based on a first look at the case, my sense is that the governments theory of the case is fairly aggressive. It will lead to some significant legal challenges. Its hard to say, at this point, how those challenges will play out. The indictment is pretty bare bones, and we dont have all the facts or even what the government thinks are the facts. So while we cant say that this indictment is clearly an overreach, we can say that the government is pushing the envelope in some ways and may or may not have the facts it needs to make its case. As always, well have to stay tuned.

Heres an overview of the six counts in the indictment, together with my tentative thoughts on them."

https://www.washingtonpost.com/news/volokh-conspiracy/wp/201...

5
ajarmst 3 days ago 1 reply      
Given that the Alphabay takedown (and law enforcement's control of the servers for at least six weeks) was more than a month ago, Huthchins' blithely travelling to the States for Blackhat seems a level of confidence completely at odds with known facts and the apparent allegations of the indictment.
6
outworlder 2 days ago 2 replies      
We can't know anything at this stage, but from the looks of it, it doesn't seem like the guy wasn't anything but a white hat.

There's also this:

> Hutchins employer, cybersecurity firm Kryptos Logic, had been working closely with the US authorities to help them investigate the WannaCry malware. Hutchins handed over information on the kill switch to the FBI the day after he discovered it, and the chief executive of the firm, Salim Neino, testified in from of the US House of Representatives Committee on Science, Space & Technology the following month.

If true, then the guy would have to be incredibly stupid and naive to live such a double life. Not to mention traveling to the US.

Anything is possible, of course. The problem is that the guy has become well-known, and retracting such a mistake would be politically costly. This guy will probably have the book thrown at him.

It's also a very bad thing for cyber security if researchers cannot do their jobs out of fear.

7
benevol 3 days ago 2 replies      
It makes one wonder why anyone who has cyber dirt on their hands would step foot on US ground, after the Snowden/NSA revelations which made it clear to everybody on this planet that the NSA is literally everywhere.
8
Powerofmene 3 days ago 0 replies      
When a website is seized off the dark web by the government, you can bet that it is a treasure trove of information for new and existing investigations. This is probably just the first of many indictments that we will see connected to AlphaBay.
9
ngold 3 days ago 1 reply      
This does not make a lot of sense since he has been in the public eye for awhile now. But who knows. I wonder if he had a presentation to give at Defcon. So far his actions have been very whitehat.
10
dang 3 days ago 0 replies      
Previous related discussion: https://news.ycombinator.com/item?id=14921018.
11
makomk 3 days ago 7 replies      
It's an oddly uninformative document. It says that they believe he created the Kronos malware but gives absolutely no clue why they think that. All the other overt acts listed appear to have been carried out by his unnamed alleged co-conspirator alone. What makes this particularly bizarre is that he was begging on Twitter for a sample of the malware in question at around the same time: https://twitter.com/MalwareTechBlog/status/48837379416825446...
12
PhasmaFelis 3 days ago 3 replies      
> The operation included the arrest on 5 July of of suspected AlphaBay founder Alexandre Cazes, a Canadian citizen detained on behalf of the US in Thailand. Cazes, 25, died a week later while in Thai custody.

What's this about? The US told Thailand to arrest a Canadian tourist, who they subsequently murdered? People don't die by accident in police custody.

13
toyg 2 days ago 2 replies      
Why is DEFCON still hold in the US? At this point it's basically the biggest IRL honeypot on the planet. It should probably be moved somewhere a bit safer, like Toronto, shouldn't it?
14
UK-AL 2 days ago 0 replies      
Mostly likely the US confusing investigation with being involved with the criminal activity.

They probably didn't even know about his job or previous good deeds when they arrested him. It's probably a blanket arrest based on communication metadata and relationships between involved parties. They're probably trying save face right now.

15
betagiraffe 2 days ago 0 replies      
Ironic that some sources suspect he authored Kronos too, haha.

That's the best joke I've heard all day. Keep in mind MT is the guy who made a blog article about HVNC and was like "yeah, sorry, can't release my own implementation because.. reasons.. (hehe winkface; tips black fedora)" and then links his GitHub, where a terrible example of CreateDesktop's usage can be found. This guy's profession is to open up IDA Pro and use the pseudo-C output plugin and then vaguely stay on-top of "threat intelligence". Here's my threat intelligence for these people: don't run with scissors.

MT is a dreadful programmer. There's logs of MT in his IRC telling people "you can't use the -> operator on references in C++!". He also said he's been writing formgrabbers since before other members of the IRC were born (seriously, nonchalantly). He's barely a programmer at all; never mind a programmer capable of completing malware projects.

MT's past is pretty shady. He's been mixed around with other skids for years with actual ill-intent and that's why this incident has happened.

The fact people take MT, and people in his league like MalwareUnicorn, seriously is completely beyond me. They're all literal skids. It seems anyone with a twitter handle and the ability to retweet real researchers' work is an "infosec researcher". The 'profession' has devolved into something worthy of a meme. And before you try defend these people, just remember that the "whitepapers" people so often love to reference when defending such Twitter skids are literally just 5 page pamphlets where they advertise their employer and talk about things that were discovered in 2004.

Next thing you know, LinkCabin will be giving his rundown of the events. Every moron likes to get involved when they know nothing of MT nor

Also, as far as the "TouchMyMalware" alias is concerned: that alias was taken by someone else (who has no vested interests in malware) long after MT abandoned it. So, any recent activity you see relevant to that alias isn't MT. If you want MT's old aliases, you're gonna have to beat the real ones out of him.

The state of information security is in total disarray.In 2017, security research is just unskilled skids on Twitter engaging in a giant circle-jerk. Shame, where did it all go wrong?

16
banku_brougham 2 days ago 2 replies      
The confusing part for me is I thought malware was an establish (albeit evil) business i which the US govt and many others did a brisk business. For example Gamma Group [1].

So is this just someone without the right connections?

[1]: https://en.m.wikipedia.org/wiki/Gamma_Group

17
calafrax 3 days ago 1 reply      
Interesting that the WannaCry bitcoin account was emptied at about the same time.

https://qz.com/1045270/wannacry-update-the-hackers-behind-ra...

Makes me wonder about this guy's real connection to that.

19
jgalt212 3 days ago 2 replies      
Count 5 sounds a lot like Kite's Atom plug-in.

> knowingly and inentionaly endeavored to intercept and procure certain electronic communications, namely computer keystrokes of others without the knowledge or consent of said others.

19
The slow currentTimeMillis() pzemtsov.github.io
318 points by jsnell  2 days ago   51 comments top 21
1
amluto 2 days ago 1 reply      
This post has a confused notion of why the TSC isn't used. It has nothing to do with integration with NTP -- it's because the kernel thinks the TSC doesn't work right on the machine in question. The kernel logs should explain why. Also, on some hypervisors, there are TSC problems, but the situation is slowly improving.

Also:

> The second value is the nanoseconds time, relative to the last second, shifted left by gtod->shift, Or, rather, it the time measured in some units, which becomes the nanosecond time when shifted right by gtod->shift, which, in our case, is 25. This is very high precision. One nanosecond divided by 225 is about 30 attoseconds. Perhaps, Linux kernel designers looked far ahead, anticipating the future when well need such accuracy for our time measurement.

That's not what's going on. This is straightforward fixed point arithmetic, where the point just happens to be variable.

2
heinrichhartman 2 days ago 0 replies      
Theo Schlossnagle and Riley Berton have recently implemented and discussed timing functions with the following performance characteristics (25-50ns):

 Operating System Call System Call Time Mtev-variant CallSpeedup Linux 3.10.0 gettimeofday 35.7 ns/op 35.7 ns/op x1.00 Linux 3.10.0 gethrtime 119.8 ns/op 40.4 ns/op x2.96 OmniOS r151014 gettimeofday 304.6 ns/op 47.6 ns/op x6.40 OmniOS r151014 gethrtime 297.0 ns/op 39.9 ns/op x7.44
Here is the article: https://www.circonus.com/2016/09/time-but-faster/

They also use TSC and (CPU-bound) background threads to update shared memory.

The implementation is available as C library for Linux and Illumos/OmniOS:https://github.com/circonus-labs/libmtev/blob/master/src/uti...

3
the8472 2 days ago 1 reply      
Related and required reading if you're doing microbenchmarking: https://shipilev.net/blog/2014/nanotrusting-nanotime/

Also the, tsc CPU flag is not sufficient since early tsc implementations had issues that made them unusuable for walltime measurements. There's also constant_tsc and nonstop_tsc which are relevant because they indicate that tsc keeps ticking independent of frequency scaling and CPU low power modes, only then do they become usable for low-overhead userspace timekeeping.

hotspot and the linux vDSO generally take care of doing the right thing, depending on CPU flags, so the TSC is used for currentTimeMillis and nanoTime if it can determine that it is reliable, otherwise more expensive but accurate methods are used.

The article's own conclusion:

> The title isnt completely correct: currentTimeMillis() isnt always slow. However, there is a case when it is.

It only happens under circumstances where the TSCs are not used.

4
curun1r 2 days ago 0 replies      
Is this really new? I remember when System.nanoTime was introduced in the early 2000s largely because of the reasons stated here. System.currentTimeMillis was slow and had jitter which made it non-monotonic but it was the best method to call if your timestamp needed to interact with the world outside the JVM. In contrast, if all you cared about was relative times, you'd get a speed and accuracy boost from using System.nanoTime since it actually was monotonic and while a single nanosecond value was pretty meaningless, the difference between two nanosecond values was basically accurate.

Benchmarks are a class of problems where the overall time doesn't matter, only the relative time (end - start). The fact that he's using System.currentTimeMillis for his start and end values doesn't give me confidence that he's very knowledgeable about what's to follow.

5
brendangregg 2 days ago 0 replies      
Good analysis, and yet again, this is why we use TSC at Netflix. I benchmarked them all a while ago. I also put "clocksource" on my tools diagram, so people remember that clocksource is a thing: http://www.brendangregg.com/Perf/linux_perf_tools_full.png
6
hyperpape 2 days ago 0 replies      
"The way to test the performance of System.currentTimeMillis() is straightforward"

I'd be worried about that claim. The article executes System.currentTimeMillis in a loop and sums the values. That takes care of dead code elimination, but it will still be subject to other distortionary effects (https://shipilev.net/#benchmarking-1). Maybe the fact that System.currentTimeMillis() is implemented using native code reduces some of the JIT induced benchmarking pitfalls, but I would still prefer to try and use JMH to test.

I'm also surprised that performance of System.currentTimeMillis can fall down so far under some circumstances. In one of Cliff Click's talks (maybe https://www.youtube.com/watch?v=-vizTDSz8NU), he mentions that some JVM benchmarks run it many millions of times a second.

7
jwilk 2 days ago 0 replies      
> The vDSO is mapped to a new address each time (probably, some security feature). However, the function is always placed at the same address as above (0x00007ffff7ffae50) when run under gdb (Im not sure what causes this).

GDB ( 7) disables ASLR by default:

https://sourceware.org/gdb/current/onlinedocs/gdb/Starting.h...

8
msluyter 2 days ago 0 replies      
This is especially relevant if you're running in the cloud.

We've recently run into slow performance with gettimeofday on Xen systems, such as EC2 (see: https://blog.packagecloud.io/eng/2017/03/08/system-calls-are...) This hits particularly hard if you're running instrumented code. Switching the clocksource from xen to tsc seems to help and we're still evaluating the ramifications of doing so (various sources including the above seem to suggest that tsc is unsafe and prone to clock skew, but others suggest that it's ok on more modern processors.)

9
js2 2 days ago 0 replies      
Most Android developers will know this already, but currentTimeMillis() is probably not the call you want for event timing:

https://developer.android.com/reference/android/os/SystemClo...

10
pjc50 2 days ago 3 replies      
The Windows version is absolutely brilliant: a shared area mapped into every process. Because of the way page tables work, this costs only one page (4k) of RAM and only has to be written once by the OS.
11
bitcharmer 2 days ago 1 reply      
On a properly configured environment TSC is the default clocksource. I have no idea why one would want to precisely measure time with any other clock source.

On relatively contemporary systems clock_gettime(CLOCK_REALTIME) will give you a nanosecond resolution wall clock time and the cost of going through JNI will cost you around 11-13ns, so with a simple native wrapper in java the cost is negligible. Although interesting, the whole study of the cost of obtaining the current time in Java with currentTimeMillis() with clock sources other than TSC is somewhat irrelevant.

12
blauditore 2 days ago 0 replies      
For what it's worth, currentTimeMillis() shouldn't be used for interval measurements anyway, as it might not be continuous in some scenarios. A better alternative is System.nanoTime().
13
loeg 2 days ago 0 replies      
So there's a performance bug in Java's currentTimeMillis() implementation on Linux, where it uses gettimeofday() instead of clock_gettime() with a coarse timer (even the TSC method is ~3x slower or worse than the coarse timer, which has sufficient precision for currentTimeMillis()). Is there a bug filed for this? It seems to warrant one.
14
Ensorceled 2 days ago 1 reply      
People have been discovering and rediscovering gettimeofday is really slow for a long time now. I remember switching to OS specific equivalents for AIX, SunOS, Ultrix, HP-UX, etc. back in the late 80s and early 90s.
15
fokinsean 2 days ago 0 replies      
I started off being able to mostly comprehend what's going on, but about half way down I got lost in the assembly and realized I barely remember much from my OS/Architecture courses in school.

This was a solid reminder my every day work sits atop the shoulders of giants and I am much appreciative.

16
kodablah 2 days ago 0 replies      
An easy way to do this from the outside would be to create a JVMTI agent, and make currentTimeMillis call into your JNI version. Here's an example in Rust of me doing it for a bit more involved purpose: https://github.com/cretz/stackparam. Then people only have to pass your shared lib as a cli arg to get the benefit.
17
amelius 2 days ago 1 reply      
> Some background thread regularly updates three double-words there, which contain the high part of the value, the low part, and the high part again.

So to implement a clock, they are using a different thread that updates a counter every millisecond or so? Isn't this a bit inefficient?

18
dingo_bat 2 days ago 3 replies      
Really love these kind of in depth investigations. However, I still want to know how windows manages to update the value in the shared memory so consistently without any impact to system performance.
19
ramgorur 2 days ago 0 replies      
I think I've also read somewhere about a bug in the java Random class, it was something about after N iterations, the number starts from iteration 1 where N is not very big (i.e. clearly visible pattern/cyclic repeat in the numbers). But I can't find it anymore, if someone knows its whereabouts, please let me know.
20
empath75 2 days ago 4 replies      
It's sort of amazing that 600 ns is considered slow.
21
pzemtsov 1 day ago 0 replies      
I've added an update on the nanoTime() to the article
20
Rest and vest: engineers who get paid and barely work businessinsider.com
277 points by SQL2219  6 hours ago   177 comments top 39
1
boulos 5 hours ago 4 replies      
There seems to be conflation in this article between two very different groups.

Group A is folks who are acquired and have outsized grants that say vest over N years (N between 2 and 4). It turns out the acquisition was probably a mistake, but the acquiring company made it (and won't own up to it). That's what's described in the Facebook and Microsoft examples. This is the classic "rest and vest" scenario (Note: an acquisition is not required, just any outsized grant).

Group B is "just" engineers at Google, Facebook, etc. getting paid really well for not doing much, while hanging out with the lavish perks. I've never heard of anyone refer to this as "rest and vest". In particular, I found this quote disturbing:

> There are a lot 'coasters' who reached a certain level and don't want to work any harder. They just do a 9-5 job, wont work to get promoted, dont want to get promoted.

At Google (and elsewhere), it's considered fine to reach a senior / terminal level and stay there. Is a VP or Director of Engineering lazy if they never move up? Of course not. The same is true of individual contributors.

Finally, the numbers mentioned for compensation are normal for very senior engineers at Google (and again, Facebook, Microsoft, etc.). This isn't "rest and vest", it's just business as usual. I don't particularly agree with the folks who spend their days in classes, taking long lunches, etc. but if they get their work done, what do I care?

2
lisper 5 hours ago 3 replies      
It's not just SV that has this phenomenon. I worked at the NASA Jet Propulsion Lab from 1988 to 2000. I had risen to the rank of Senior Member of the Technical Staff, the second-highest rung on the technical career ladder. Beyond that there is the rank of Principal, which is very hard to attain. It's essentially the equivalent of getting tenure. It requires peer review. Most engineers never attain it, and I was not optimistic that I ever would. So in 2000 I decided my JPL career had peaked, and so I quit to go work for an obscure little Silicon Valley startup in Mountain View. ;-)

To my surprise, when I announced my departure, a bunch of people suddenly came out of the woodwork to tell me that they really didn't want me to go, including a number of very senior managers. So I used that as leverage to negotiate a deal for myself: I would come back after a year on the condition that I be promoted to Principal. Which is what happened.

The problem was that my promotion did not in any way coincide with JPL's strategic needs for my skills. One of the reasons I had left was because I had been on the losing side of huge political fight (http://www.flownet.com/gat/jpl-lisp.html) and when I returned I couldn't find a project that was willing to take me on. But they couldn't fire me because I was a Principal. So I basically spent the next three years getting paid for doing nothing, and getting pretty depressed about it. It's actually not fun to feel like a parasite, at least it wasn't for me.

3
asah 5 hours ago 1 reply      
Can confirm.

But it's not a nefarious thing and the people aren't slackers: 90% of the people who end up in this position are ass-kickers who strive to have impact and get bored: most feel bad about slacking but their bodies and minds simply need a rest. They created BILLIONS in value and even providing tech support, they "pay for themselves" many times over -- that's why companies like Google keep them around.

Subtly: the kind of people who end up resting-and-vesting are precisely the kind of hyper-ambitious people who develop unique knowledge and skills.

4
geff82 5 hours ago 4 replies      
Ok, thanks for sharing this. I made this observation for the last 3 years myself, not as an employee even, but as a contractor. I had three positions at two companies, all paying quite high (150k$/year). I changed the positions because the workload was so low that I had an hour of work a day, then pretending I was doing work for the rest of the day which I can't stand for more than a few months. Now I changed again in the hopes of having real work to do, comes out that they contracted me only for "if there will be work in a few months". Interviewing several people on what I can do for them: essentially nothing. "Maybe you could google if using docker would make sense". On the one hand this kind of "work" feeds my family and hives me lots of freedom, but on the other hand it leads to nothing. And I am usually not the only one who has no idea why they are going to work.
5
WalterBright 4 hours ago 1 reply      
I attended Caltech in the era that Feynman was a professor there. I heard he was paid XXX a year. I opined that was ridiculous, who could possibly be worth that much?

An upperclassman laughed and told me that Feynman was worth that much to the university even if he did nothing. Attaching his name to the university brought in donations, grants, and top talent.

Of course, Feynman being Feynman, worked like hell anyway.

6
ChuckMcM 3 hours ago 0 replies      
And they wonder why house prices in the bay area are so high. :-(

I started work at Sun Microsystems on the Monday after they had IPO'ed (the previous Friday). It was about a year later when all of the various restrictions on personal stock sales had been lifted that I clued in that some people just didn't care any more about work and it was quietly explained to my shocked ears that these people were now multi-millionaires and working was no longer 'for a living' it was 'for the fun of it.' Or not. And I asked why they didn't just leave and the answer was simple, because it gave them something to do and their friends all worked here. Further many of them had been given additional "refresher" options and the more the stock went up the more they were worth thousands a month in additional value down the road.

I was fascinated to see how the different people responded to that new found wealth and the options it brought with it. For the good ones, it empowers a sort of fearlessness to do the right thing even if you boss doesn't think its the right thing. Or to advocate for an important point that might be politically inconvenient for the company. For some it affected their opinion of everyone else as if they were somehow so much "more" than folks who hadn't been there pre-IPO.

Fortunately most of the latter types left fairly quickly.

I could see how it could easily be the 'best' management choice to have someone like that not putting in too much face time at work. Bad managers control their reports by threatening to fire them, if you can't control them they are a threat to the bad manager, better to keep them far away from anything that could set them off.

That said, if you find yourself in this place the absolute worse thing you can do is to do nothing. Get healthy, learn something, use that 'free' time productively. It isn't like you can get it back later.

7
zw123456 5 hours ago 1 reply      
Yes, but the Wall Street CEO's are sooooo hard working. Give me a break. I once worked for a company whose CEO completely ran the thing into the ground and eventually got fired but got paid millions anyhow. I jokingly said I could have ruined the company for half what they paid that meathead.

I think the real scandal is the ridiculous amounts of money CEO's get paid for doing nothing in a lot of cases. The money these "high paid engineers" are getting is peanuts compared to the sums these CEO's are getting.

Sorry for the rant, but it just stuck in my craw a little.

8
icelancer 5 hours ago 0 replies      
>Medina said he experienced the high-pay, no-work situation early in his career when he was a software engineer in grad school. He finished his project months early, and warned his company he would be leaving after graduation.

>They kept him on for the remaining months to train others on his software but didn't want him to start a new coding project. His job during those months involved hanging out at the office writing a little documentation and being available to answer questions, he recalls.

This isn't a good example. The company budgeted X dollars over Y months for a total comp package of Z for an engineer they knew had a discrete timeline, and the engineer finished in Y-3 months. What should the company do, fire the engineer and save delta-Z? The company got what it wanted and more by having him stick around and answer questions and do documentation work for 8-10 hours a week of "free" labor.

9
bane 3 hours ago 1 reply      
I did the work-from-home (wfh) thing for about 5 years across two different jobs. The first job was the worst kind of wfh situation because there simply weren't any boundaries between work and home and day work bled into night into weekends.

The second was the other worst kind, paid very well to do almost nothing, and again day nothing bled into night nothing into weekend nothing. I tried to use it to study things or learn other topics, but every once in a while I'd be needed for a few days, go and put a fire out and be back home doing not much at all. The reason for the situation was a disastrous corporate management. However, the situation was so great in theory (get paid top-10 metro senior pay to do nothing at all) that I actually had a hard time changing jobs because I kept telling myself I actually enjoyed screwing around.

Given a binary choice of one or the other I'd actually choose the second job again, but I'd structure my days very differently and try to be much more productive. The good news is that life isn't binary, and I'm in a place now where I work most days in an office, but can wfh when I need to, and rigorously control my schedule so work and home-life don't intersect. I took a pay cut, but I love this current work much more than either of those two jobs (and my wife is much happier as well) -- lessons learned I guess.

10
WalterBright 1 hour ago 1 reply      
There's something corrosive to the soul about having no purpose in life.

I retired once. It lasted about 6 weeks, then I decided to create the D programming language. I plan to work until my mind no longer functions. I'm not interested in retiring.

11
YANT2017 4 hours ago 0 replies      
This article is very misleading. It's not uncommon for engineers who've been instrumental to a key product or development to be given a light duty afterwards. This is primarily because these folks bust their ass and quite literally are exhausted once their project ships. The time with light duty is meant to retain this key talent and give them back some work-life balance. Also if your thing lands and it's big enough you usually get promoted and they want you to focus on soft skill development, literally making friends, so you can go on to do something bigger. My last half, my manager told me that all he wanted me to do this half was make friends. This is because he was giving me space to find the next big thing. When you shift from task oriented work to bigger picture stuff, you can't just start building stuff thinking people will use it. You have to spend time talking to people about what problems they have and see if you can come up with a way to solve them. It's really not unlike a startup in that regard.

There's also the old joke of the mechanic that comes to fix the machine by knowing where to tap with a hammer. So having people around who know where to tap is key. They are well worth what they are getting because sites like Google, Facebook, Amazon, etc... can't go down and if they do millions of dollars are burning for each minute those sites are down.

12
ChemicalWarfare 3 hours ago 0 replies      
The article lumps few different scenarios under the sensationalist "look, ppl are making shit ton of $$$ and are barely working!!!" umbrella.

None of the scenarios are unique to SV or even IT world in general, the only "shock factor" is the compensation figures.

But again, most of the scenarios are pretty typical to corporate environments. Unless you're on some "kick ass all-star" team, once you start growing you can cruise if you choose to.

What struck me as odd is the "Just dont talk about it and everyone will assume you're on someone elses team" bit. Can't really picture an environment where a person doesn't show up the next day and everyone just "assumes" they are on a different team now...

13
capkutay 5 hours ago 3 replies      
These engineers are worth more to them just sitting around relaxing, being content with their lives instead of taking a high octane job at a competitor or startup that will eventually compete with one of their smaller services (mail, ad analytics, etc).
14
IBM 4 hours ago 2 replies      
This is probably why Apple, a hardware company, has operating margins that are higher than Google and Microsoft (even though their gross margins are almost half of Google's and Microsoft's).

The only person I can think of that might have this arrangement at Apple is Scott Forstall. I think that's why he's been radio silent until very recently (or he could just be very loyal to Apple). Maybe Katie Cotton when they changed their approach to PR from wartime to peacetime, but that could just be a regular retirement.

I mostly don't understand how Google and Microsoft employ so many people, or what they even do.

>"I've actually had a number of people, including today at Google X, ... send me pictures of themselves on a roof, kicking back doing nothing, with the hashtag 'unassigned' or 'rest and vest.' It's something that really happens, and apparently, somewhat often," the actor Brener told Business Insider's Melia Robinson last year.

Called it a year ago [1]:

>I've speculated for a long time that basically anything interesting Google says they're doing is essentially meant to be a jobs program to keep employees from leaving, PR for external stakeholders like investors, media, being attractive to potential employees, etc. They seem to have lots of formal ways to keep employees from leaving/close as well including investments off of Google's balance sheet (not GV or Google Capital) into ex-employee startups and just flat out paying people not to leave (which is the arrangement I'm guessing that Matt Cutts is under). It all seems very Microsoft of old.Can anyone at Google (or ex-employees) tell me if this is true?

[1] https://news.ycombinator.com/item?id=12410662

15
pixelmonkey 3 hours ago 3 replies      
One of the interesting trends of the past 10 years is the degree to which "big tech" has replaced "big finance" as the place for the elite to go to collect huge paychecks for relatively "nice" white collar work.

It makes total sense for top SV engineers to get paid well, IMO. But I am afraid working for these big tech firms is starting to have that feeling of "elite pedigree" that pervades complacent industries, like finance.

In 2002-2006, one could have written a similar article, but about top staff at Goldman, Morgan, UBS, etc. There were plenty of $300k-$500k salaries being paid for maintenance work for profitable business lines.

Options and RSUs are an interesting twist in Silicon Valley. To compete with the stock option packages given out by startups to early employees, Google and Facebook grant RSUs (and similar) instead. In Wall Street, the "golden handcuffs" used to be a near-guarantee of a year-on-year raise, an end-of-year cash bonus, and a track toward promotions that had built-in pay increases. No one wanted to throw away their time invested in a single firm. SV firms are different in that turnover is high, so vesting acts to counteract that. They have such fast-growing stock values, the stock grants can also be used in lieu of bonuses. Plus, to management, it really is "funny money" that does not actually increase operating expense.

Anyway, though the mechanics are different, it seems the net result is the same. "Golden handcuffs" are as real in tech as they are in finance.

The saddest reflection I have on reading this article is on how capitalism seems to value different professions wrongly.

These salaries are bigger than top specialist physician salaries. And physicians need 12-17 years of post-undergrad training, as well as often requiring $200k of medical school student loan debt.

It just seems like if Google and Facebook can afford to pay this price for engineers (who add leveraged value via their software contributions), capitalism should figure out how to pay doctors more, as well.

And go down the list of other "non-BS, but comparatively underpaid" professions like teachers, firefighters, etc. They could all use a compensation upgrade.

But what is the exact mechanism that is making it so finance and tech are among the only fields where labor compensation is commensurate with leveraged value-add?

16
ghettoimp 1 hour ago 0 replies      
So working 9-5 is "coasting"...? Fuck you. I've got kids.
17
seattle_spring 2 hours ago 1 reply      
I would argue that the vast majority of software engineers in the US are actually overworked and make close to middle-class wages. It's really unfortunate seeing articles like this, because it reinforces everyone outside of tech's stereotypes that us engineers are lazy, overpaid slobs.
18
user5994461 2 hours ago 1 reply      
> There are a lot 'coasters' who reached a certain level and don't want to work any harder. They just do a 9-5 job, wont work to get promoted, dont want to get promoted.

Finally someone who understands how being an employee works. You are paid to be present ~ 40 hours a week, as stated in your contract.

Working twice as hard and killing your week end has no point and you won't get promoted. Don't bother.

19
lettersdigits 5 hours ago 1 reply      
> "Most of my friends at Google work four hours a day. They are senior engineers and don't work hard. They know the Google system, know when to kick into gear. They are engineers, so they optimized the performance cycles of their own jobs," one engineer described.

Is this really prevalent at Google?

edit:quotes

20
kelvin0 1 hour ago 0 replies      
Legendary slacker story:http://www.cnn.com/2013/01/17/business/us-outsource-job-chin...

Don't work hard, work smart :)

21
jokoon 5 hours ago 2 replies      
I wonder what kind of work they do that makes them so unique and indispensable. I also heard stories about engineers who did not share how their code worked, so that the company would not risk firing them.
22
shoefly 1 hour ago 0 replies      
This happened to me once. I ended up coding my own personal projects at the "host" company to pass the time. Otherwise, I would have gone nuts.
23
hendzen 5 hours ago 0 replies      
I wonder how much of this is due to non-voting shares being sold to the public that prevent an activist investor from being able to push the board to trim the fat?
24
natch 5 hours ago 0 replies      
I've posted before that I suspect this is the trouble with a lot of Google services that don't always seem to get the love they deserve. People who are well on their way to vesting just aren't hungry anymore, and can't be bothered to care. Not limited to Google of course.
25
rb808 5 hours ago 1 reply      
Google is sounding more like IBM every year.
26
cylinder 5 hours ago 2 replies      
All's good when the stock price is inflated. The reckoning (cost cutting) will come.
27
maxxxxx 2 hours ago 0 replies      
I think it's not only engineers. I know several people who are either corporate lawyers or other long-time managers who pretty much go to meetings the whole day because they have nothing real to do. They all are pulling good money but feeling like they are not doing much seems to take a psychological toll.
28
JohnJamesRambo 35 minutes ago 0 replies      
Why are programmers called engineers these days? An engineer has an engineering degree and does something completely different than computer programming.
29
freyir 5 hours ago 3 replies      
> "They are really good engineers, really indispensable. And then they start to pull 9-5 days"

Worthless slackers.

30
adamnemecek 5 hours ago 2 replies      
So what exactly does indispensable engineer mean? How many people making more than 1M a year are at each of these companies?
31
NTDF9 5 hours ago 0 replies      
Reminds me of the common saying,

"The hardest thing about working at Google was the job interview to get the job in the first place."

32
jaequery 2 hours ago 0 replies      
I think this happens to EVERY companies out there. The higher up you go, there are just less to do since all you are doing is delegating your jobs.

It becomes a problem though when problems do arise and you coasted for so long that you have no idea what is going on and where.

33
feelin_googley 3 hours ago 0 replies      
"It's a defensive measure."

"That's Microsoft Research's whole model."

?

34
k__ 4 hours ago 2 replies      
Aren't companies like McKinsey more efficient?

They have the rule that you either get better and a promotion or you will be fired.

So they only keep people that improve every year or they get new people.

35
p0nce 4 hours ago 0 replies      
Sad to see tech giants not recapturing carbon with their unlimited money.
36
Swizec 5 hours ago 3 replies      
> she had been killing herself to make it more successful and protect her people from losing their jobs over it.

> As tired as she was, she couldn't just quit this job. She owed a big chunk of money in taxes thanks to that stock and needed her salary to pay those taxes.

> after getting violently ill at the thought of going to work

Burned out and trapped by debt. Not a great place to be even with the $1mm/year compensation. Most of which is illiquid I assume.

37
loeg 5 hours ago 0 replies      
Where do I sign up for that job?
38
liveoneggs 1 hour ago 0 replies      
to all of the lottery winners out there- Fuck You

> sincerely- > the wage slaves

39
mklarmann 4 hours ago 0 replies      
It pains me that the article speaks obviously of a female manager. But then often the writer unwillingly mixes it up, and makes her a male. It smells a bit like gender bias.
21
A Dinosaur So Well Preserved It Looks Like a Statue theatlantic.com
307 points by brisance  3 days ago   26 comments top 10
1
mirimir 2 days ago 1 reply      
> Those hands belonged to technician Mark Mitchell, who compares the process of separating dinosaur from rock to chipping concrete chunks from a surface as soft as compressed talcum powder. It took him 7,000 hours over 5.5 years, during which he did little else. For that reason, the dinosaur carries his nameBorealopelta markmitchelli. (The first half comes from the Latin for northern shield.)

So basically, preparing a fossil is rather like sculpting a statue. The outline is there, but following it isn't so trivial.

2
BartSaM 2 days ago 1 reply      
Actually kudos to the mine workers and mine management for halting operations and letting archaeologists access the site.

The cost involved here is enormous with this, so such an operations often decide to ignore the bones instead.

3
DarkTree 2 days ago 0 replies      
Cool blog post about how NatGeo's 3D tour of the fossil was created using Three.js in the browser.

https://source.opennews.org/articles/resurrecting-dragon/

4
m_st 2 days ago 0 replies      
Original post from 3 months ago: https://news.ycombinator.com/item?id=14326913
5
tomkat0789 2 days ago 0 replies      
I wonder if they'll get a good image of the dinosaur's insides! What could they use to see through the rock?
6
meri_dian 2 days ago 1 reply      
I wish in the headlining photo a person was standing next to the fossil to give a sense of scale. That thing is probably > 10 feet long! No wonder it took 7000 hours to separate from the rock.
7
nthcolumn 2 days ago 0 replies      
Had it before but a different article and photo. Showed this to my daughter who is dino-crazy a few months ago - she went '>gasp< WOW!' genuine agape awe. Amazing. Isn't it fantastic that the operator was trained and cared enough to stop working? It would have been really cool though if prior to expetrification that the block was MRI'ed and a 3D model created from the MRI which could then be 3D printed in schools all over the world.
8
partycoder 2 days ago 1 reply      
Note: birds are technically dinosaurs

http://tolweb.org/Dinosauria/14883

9
avenoir 2 days ago 0 replies      
10
Dodgeit 2 days ago 0 replies      
>So paleontologists have debated whether giant dinosaurs had trunks

That's my biggest takeaway from the article

22
Roman Ruins Found in France Are Called Exceptional nytimes.com
270 points by whocansay  2 days ago   142 comments top 10
1
cpr 2 days ago 6 replies      
Some beautiful timber-framed tithe barns from the 800's survive in England.

https://www.google.com/search?q=english+tithe+barns+timber-f...

Build with massive timbers (no nails), keep the wood dry (and watch for beetles), and your beautiful, practical structure can last many centuries.

http://www.atlasobscura.com/places/oak-beams-new-college-oxf...

A friend of ours recently built a large tithe barn replica (including the masterful traditional English joinery, more complex than American) in North Guilford, CT at the Dominican Sisters' convent (unfortunately, can't find it on the web anywhere), and it's truly an eighth wonder of the world (at least in the timber framing business).

(Timber-framing is my (somewhat now dormant) hobby, and also a convenient hobby-horse here. ;-)

2
Koshkin 2 days ago 7 replies      
I wonder if anything from today will still be around in 2000 years, it is such a long time by today's standards.

The humankind progressed very slowly from the early time of Babylon (some five thousand years ago) through the time of Rome - both civilizations seem equally ancient to us. But today, even one hundred years seems an incredibly long time.

On the other hand - and somehow it is hard to believe - hundreds or thousands of years ago people were the same as now, with the individual and cultural differences from us probably being smaller than the differences that exist between us right now.

3
RubberMullet 2 days ago 0 replies      
Every time I read about one of these discoveries I'm reminded of Zeugma[1] and the effort to save the artifacts and mosaics[2] discovered there before it was flooded. The BBC made a great documentary[3] about it.

[1] https://en.wikipedia.org/wiki/Zeugma,_Commagene

[2] http://cdn.sci-news.com/images/enlarge/image_2307_1e-Zeugma-...

[3] https://www.youtube.com/watch?v=HkluUBePzNc

4
erikpukinskis 2 days ago 0 replies      
5
hourislate 2 days ago 14 replies      
I find it amazing that you can find Roman mosaics that have survived 2000 years without any significant damage but the tile installation in your bathroom barely last 10-15 years without maintenance or renovation.

In 2000 years they will still be finding Roman Ruins but nothing from the 20 + century will survive.

6
blahman2 2 days ago 1 reply      
Such discoveries (yes, of similar or greater quality) are made so frequently in the southern parts of the Balkans / Italy that they are almost skipped in the news. Yet, when it happens in France it makes the NYT and the event is 'exceptional'.
7
coss 2 days ago 1 reply      
I wish I could go and help at an excavation. Anyone know if there's volunteer programs?
8
soufron 2 days ago 0 replies      
The oldest timber-frame that I have seen was in France at the Hotel-Dieu in Tonnerre, Burgundy. With 90m meters long, it's a sight: https://hoteldieudetonnerre.jimdo.com/
9
spodek 2 days ago 1 reply      
Look on my works, ye Mighty, and despair!
10
HelloNurse 2 days ago 2 replies      
I don't get how this excavation is exceptional, compared to sites like Veleia or Barcelona with similarly buried buildings or really well preserved sites like Pompeii.
23
More people riding bikes makes cycling safer for everyone, major new study finds cyclingweekly.com
213 points by okket  1 day ago   165 comments top 15
1
awjr 1 day ago 4 replies      
Denmark just worked out it stopped 55,000 sick days and where able to persuade 34% of car drivers that tried an eBike to switch to an eBike. https://cyclingindustry.news/danish-study-outlines-economic-...

Cycling can reduce risk of death by 41%, death by cancer 45% and death from heart disease by 46% http://www.bbc.co.uk/news/health-39641122

A single 10ft cycle track can carry the same number of people as 7 lanes of car traffic.

Netherlands is currently at 10% obesity and going down to 8.5% by 2030. The UK is at 27% and predicted to go up to 35%.

So cycling really does appear be to that miracle solution for urban transport but you absolutely cannot 'share space'. Absolutely key to segregate. A good end to end network is only as good as its weakest link and too many times, town planners give in to politicians and local residents and deliver stuff that really is does not provide inclusive ages 8-80 cycle routes.

2
gregdoesit 1 day ago 1 reply      
Come to Amsterdam to see first hand proof of this study. Virtually no one wears helmets... because you don't have to. Infrastructure is designed to be bikers first. Drivers are constantly aware of bikes and also receive training to avoid the most common accidents (hitting a biker when opening the door - see the Dutch Reach).

The biggest threat to a biker in this city is another (often less experienced) biker, pedestrians not looking around or trying to cross tram tracks parallel. However, it did take almost 40 years to get here though, changes starting in the 1970s - I do hope many cities will follow a similar route.

3
moonka 1 day ago 2 replies      
I believe it. After picking up cycling a couple years ago, I've noticed I am a lot more aware of bikes on the road, and drive with more care. I've also noticed my family driving more carefully around bikes as I've mentioned close calls I've had. I imagine it also leads to more willingness to invest in cycling infrastructure, which tends to make things safer as well.
4
u801e 22 hours ago 0 replies      
I think a lot of the problems that cyclists have when riding amongst motor vehicles have to do with existing laws (such as riding as far right as practicable when going less than the normal speed of traffic).

In reality, most traffic lanes are not wide enough for a cyclist and a car to travel side by side with sufficient clearance between the two vehicles. A cyclist is about 2.5 to 3 feet wide and many states have laws requiring at least feet of distance between them and the cyclist. The cyclist will also ride about 2 to 3 feet from the right edge of the lane. A car is a little less than 6 feet wide on average.

If you add those distances up, you end up with a total of 14 to 15 feet. Even on interstate highways, lanes may only 12 feet wide. On surface streets, they may only be 10 feet wide. Because of this, you end up with the situation where cars will "lane split" while passing a cyclist and frequently misjudge how far they are from the cyclist when passing them. Also, the lane splitting car cannot leave enough room for cars in the adjacent lane because the lanes do not have sufficient width to accommodate a vehicle and half of another vehicle.

Another problem is that cyclists riding to the right aren't as visible to traffic as opposed to those who are "taking the lane". They're more vulnerable to collisions such as "right-hooks", traffic entering from side streets and opposing left turning traffic who didn't see them.

The laws should be changed to say that cyclists are like slow moving vehicles who are entitled to the full use of the lane they're riding in and passing traffic must move completely into the adjacent lane, when safe to do so, to pass the cyclist and only return to their original lane of travel after they have sufficient clearance. The law should also allow vehicles to pass cyclists on a double-yellow when its safe to do so with the same conditions as above.

This will legally sanction the "take the lane" type of riding and make cyclists more visible to the rest of traffic.

5
ilaksh 1 day ago 4 replies      
You mean less dangerous. To me, San Diego and Ft. Worth are average areas. In these places bicycles are relatively rare compared to cars. I am always surprised when I see them.

Cars weigh thousands of pounds. Consider the safety precautions for cars with air bags, crumple zones, and crash testing. There is no protection from cars for someone on a bicycle.

They try to say riding on the sidewalk with a bike is more dangerous because cars do not look out for bicycles at driveways and such.

But personally in most areas I don't feel safe biking on the street, and would rather stay on the sidewalk like I did when I was a kid. I would just have to pause to check before crossing driveways and intersections.

I believe that there will eventually be something like a smart safe city where 2000+ pounds vehicles do not freely mix with pedestrians, cyclists, and baby strollers. There should be physical barriers or totally separate walkways.

Think about it. They can't even sell a car without an airbag anymore. Yet what chance do you have from a physics standpoint to be truly safe when the other vehicle exceeds your mass by 2000+ pounds?

6
astrostl 6 hours ago 0 replies      
I love the concept, but no way would I try to pull it off in 99% of the USA. I know a lot of road biking, bike to work, etc. enthusiasts and every damned one of 'em has some horrific hit-and-run story :-/
7
anonu 6 hours ago 0 replies      
I ride in NYC and have for almost a decade now. The city has taken major leaps forward at becoming more bicycle friendly, thanks in part to Citi Bike proliferation and the addition of more protected bike paths. I think there's still a long way to go - especially in terms of education of riders around proper biking etiquette, especially towards pedestrians
8
stordoff 21 hours ago 0 replies      
Not to dismiss the study (because other studies have certainly found counter-intuitive results before), but I've always thought this would be an obvious result. If other road users are used to dealing with cyclists, and expecting them to be there at all, it's hard to see how that would make cycling less safe.
9
projektir 1 day ago 4 replies      
I'm still deeply uncomfortable about riding a bike next to / in front of a car compared to the sidewalk, and I'm not sure how to overpower that fear...
10
newy 1 day ago 0 replies      
I've always believed this. More bikers on the road creates more awareness from drivers, and also more investment by cities into bike infrastructure, including dedicated and protected bike lanes.

More bikes available also means more bikers, something we're working on at Spin for US cities. Get in touch (email in profile) if this seems like a problem space interesting to you :)

11
trevyn 19 hours ago 0 replies      
Or, generalized, more people doing X makes X safer for everyone. :)
12
Theodores 1 day ago 2 replies      
More people riding also makes it normal. 15 years ago, working for a cycling wholesale distributor I was the only one that cycled to work. Yet I felt I had to explain why I cycled just so people didn't think I was a banned drink driver.

In 2017 I am glad to say that all the bike parking is taken at 8.55 in the morning and there are bike to work posters in the kitchen.

There is nothing new in this study. Perceptions have changed though and I thank all who have participated in this.

13
discombobulate 1 day ago 0 replies      
Bike network effects!
14
zeep 21 hours ago 0 replies      
if everyone was riding a bicycle, bicycle riders would be safe indeed...
15
Alex3917 1 day ago 5 replies      
This doesn't show that biking has gotten safer. It may have, but later adopters of biking are also less likely to engage in risky behavior.

Similarly, as the percentage of folks who use heroin increases, the relative rate of overdoses declines. But that doesn't mean that heroin itself has become any more or less safe.

24
A tall chimney to facilitate heat exchange in the atmosphere superchimney.org
279 points by chr1  2 days ago   186 comments top 37
1
lend000 1 day ago 1 reply      
For those skeptical of the science, note that there are large caves that exhibit this property, such as:https://en.wikipedia.org/wiki/P%C4%B1narg%C3%B6z%C3%BC_Cave#...

It seems like if the inside of the chimney column had a spiral shape, similar to a screw socket, the upward air pressure might alleviate some of the stress and make the column more structurally feasible. Granted, it would also dissipate some of the energy as heat.

2
saalweachter 1 day ago 1 reply      
So my question is "why wouldn't this just rip in half from the forces it's under?"

The upward force for the 20m chimney is calculated at ~600 tons. 600 tons is not a lot for a building to support in the downward direction, but quite a bit for a fabric tube to support, in tension. It's the rope/(space) elevator problem - you need a super material to handle that much force, don't you?

But aside from worrying that our wacky inflatable tube of death will rip free from its tethers and tumble freely in the wind, killing thousands, I actually really like this idea, as geo-engineering. It is a process that can be stopped and started relatively cheaply, unlike a lot of other proposals. If the tube has unforseen effects, it could be deflated and reeled in, unlike eg throwing particulate into the upper atmosphere.

3
vmarsy 2 days ago 2 replies      
This reminds me of Solar updraft tower prototypes [1], which concentrates heat at the bottom of the chimney instead of expecting cold air at the top of the chimney.

There's still a delta of temperature between the top and the bottom, but instead of

 T_bottom_chimney = T_hot_ambient_air_bottom T_top_chimney = T_cold_ambient_air_top
it is :

 T_bottom_chimney = T_much_hotter_than_ambient_air_top T_top_chimney = T_ambient_air_top
Everytime I start reading things like this, I wish I had a home with similar 'magic', like Solar chimneys[2] and other techniques[3],

[1] https://en.wikipedia.org/wiki/Solar_updraft_tower

[2] https://en.wikipedia.org/wiki/Solar_chimney

[3] https://en.wikipedia.org/wiki/Ground-coupled_heat_exchanger

4
the_rosentotter 1 day ago 2 replies      
So five kilometers of flailing inflatable tube man.

I get that the upwards wind force can sustain the fabric structure, but it is hard to imagine that it could also carry a bunch of huge turbines, as well as the cabling required to carry the generated electricity. Not to mention safety concerns. Does this seem unrealistic to anyone else?

Also, would it be possible to do a proof-of-concept using an existing man made structure like Burj Khalifa class skyscrapers? Presumably it would be easier to deploy a tube off the top of one of these than to build one from scratch.

5
smoyer 1 day ago 0 replies      
If the column of air is really moving at 300 MPH, they'd better diffuse that at the bottom so people (and things) aren't sucked into the chimney (it would suck to be ejected at the top without a parachute but you could probably sell a ride to the top to the wing-suiters).
6
mikeash 2 days ago 4 replies      
"The inside and outside air will be rising up. However, the air outside will be cooling adiabatically, so its temperature will be dropping. The air inside will be not affected by adiabatic cooling and will maintain its energy, so it will be warmer and less dense than outside air."

Is this a joke, or a crazy person? Air in the tube will expand and cool just like air outside the tube does.

7
datadata 1 day ago 1 reply      
Engineering issues aside, to evaluate if a super chimney would be energetically viable you need to understand the concept of "Convective available potential energy" or CAPE--https://en.wikipedia.org/wiki/Convective_available_potential.... CAPE has dimensions of energy/mass and a describes how much energy is released by raising a mass of air to some higher elevation.

CAPE is used to forecast storm development, as updrafts can more likely spontaneously form when there is more energy released by the updraft. CAPE values can also be zero or negative, in which case there would be no available energy to sustain an updraft. From my understanding, CAPE is the only factor that would determine if a super chimney could work at a given time.

I have not found a good resource on global CAPE patterns including daily patterns, but it seems very likely that there is any fixed location and fixed elevation that always has a positive CAPE value. It would be an absolute requirement to find such a location for this project to work.

You should also be able to calculate a crude bound on the maximum updraft velocity simply as a conversion of potential energy to kinetic energy. Wikipedia says that exceptionally high CAPE values proceeding extreme thunderstorms are around 5kj/kg, which would accelerate a mass from rest to 100m/s (220mph). Of course this is an extreme value, typical values are more like 1kj/kg, which correspond to a velocity of 44m/s (100mph).

Here is a really good paper on CAPE and atmospheric convection heat engines: http://journals.ametsoc.org/doi/pdf/10.1175/1520-0469%281996...

8
robocat 1 day ago 1 reply      
9
yohann305 2 days ago 1 reply      
Anyone here could run a super tall chimney software simulation ?

I'm super interested in seeing someone confirm or debunk this.Anyone else interested, upvote please

10
jcrawfordor 2 days ago 1 reply      
The short story "Shortstack" by Walt Richmond and Leigh Richmond depicts this idea and was published in Analog in '64. Likely coincidental, but amusing to see '60s science fiction apparently made flesh.
11
humanfromearth 2 days ago 2 replies      
For the 5km chimney it needs to hold on 500km/h winds. For scale a category 5 hurricane is 250 km/h. Is it even possible to have that kind of structure with existing materials?
12
gtt 1 day ago 1 reply      
I've tried to simulate 1km chimney in Comsol, but I cannot make it converge to a solution. If anyone is interested, the model is here https://mega.nz/#!jFgBxI6J!jdxloYFwcuk_YyGcIMlOmJTKcPbxyD2B4... (may be I'm doing something wrong with simulation parameters, help would be very much appreciated!)
13
randyrand 2 days ago 1 reply      
This will also function as a hell of a bird vacuum.
14
toddh 6 hours ago 0 replies      
Would it be possible to make these into skyscrapers to house people and businesses? That would handle the financing part of it.
15
foota 2 days ago 1 reply      
Here's my analysis from maybe wrong principles. If you have slightly more dense air beneath slightly less dense air, the air will experience a net force upwards. If this net force is stronger than gravity, then the air will experience upwards acceleration. This will continue as long as there is a difference strong enough. At the top of the tube, there is no more force since the density will be the same since the air will spread out after exiting. (If it's not already at the same density after going through the tube).

Looking at it this way this seems sound to me, am I wrong?

16
ChuckMcM 2 days ago 3 replies      
Presumably you just lay a pipe that goes up the side of Everest and free power!

I wonder if the author asked the question "Why don't we have tornadoes all the time?"

If they had, that would have lead them to the physics of tornadoes. In my case it was the physics of so called 'dust devils' in the desert which are much smaller phenomena but based on the same ideas. Warm air rising through cooler air.

You might ask, but why don't we have them all the time? And the answer is that as air goes up, it spreads out, and as it spreads out it becomes less dense, and the lack of density is perceived as a colder 'temperature' even though the air molecules still have more kinetic energy and are thus 'hotter'.

In the video the tube is supposed to constrain the air (which it will) and the warmer air will rise inside of it, but without an energy source the warm air rises until its 'weight' is equivalent to the un-risen air underneath it, at which point it stops rising and the system is stable. If you were to cool off the bottom the air would start sinking again.

This has been experienced time and again by inexperienced makers of fires in their fireplaces. If you don't put enough energy into the air to make it rise, it comes back down the chimney and fills your living space with smoke. A fireplace is a remarkable little machine, where the fire heats the air, which pulls in more air as the air above rises, which puts more oxygen into the fire and increases its energy output etc. But without the fire burning in the fireplace the air stops moving.

Tornadoes benefit from a mass of really cold air sitting on top of warm air. This does two things, one the cold air above pushes down on the warm air to pressurize it, and two when a "hole" begins forming in the cold air mass it operates like an inverted tub drain and the warm air starts draining out of the tub. The energy source for a tornado is the temperature differential that is set up by the result of moisture condensing out of the air and super cooling the air around it.

Similarly a hurricane is powered by the temperature differential between the ocean and the air above it.

All three systems (fireplace, tornado, hurricane) share a common theme, there has to be a source of energy for them to operate. Without it, the air reaches equilibrium and just sits there. No magic allowed.

That said, if instead you built a tunnel, then you could connect two different air masses and extract energy from two different pressure differentials. The most interesting ideas have a tunnel under the Rockies or under the Sierras between the Mojave desert on one side and the milder (and moister) climate on the other. To the delta you can get from that is linear with respect to distance and/or a geographic feature that can inhibit the natural balancing of the air masses (like a range of tall mountains).

Sadly neither super chimneys nor lighter than air vacuum balloons are workable ideas.

Edit: It occurs to me that if you could make the chimney high enough you could put the top in the underside of the jetstream, then you could suck air up using the venturi effect.

17
Tarrosion 2 days ago 1 reply      
So many signals suggesting this is a wild physics-defying idea that could never work, e.g. how many websites claiming 'this one neat trick solves global warming' really hold the key to solving global warming?

I hope that's not the case and by this time next decade we're all laughing about that century and a half where we put so much carbon in the atmosphere wow wasn't that a hoot...

Realistically, I am sympathetic to the idea that geoengineering, massive structures and engineering projects enabled by modern materials, etc. deserve more thought.

18
shoefly 1 day ago 0 replies      
Whatever we do, it's important that we learn how to control the "ingredients" of our atmosphere. There are so many things that could go wrong with our atmosphere and result in mass extinction. Global warming, ice ages, massive volcanic eruptions, etc. If we can find a way to quickly filter out the crap and rebuild our atmosphere... well, this technology could be used for protecting our Earth and future pursuits in space.
19
mbfg 1 day ago 0 replies      
If you search 'solar tower' on youtube, you will see all kinds of videos of existing installations of things that are similar, albeit most are not as tall, nor are they flexible. But the basic concept appears to be the same. Quite a few of them are from many years ago. So it would seem the idea works to some extent, and perhaps the the idea of a much taller, and flexible variant is the crucial difference that will make a big difference.
20
mbfg 1 day ago 0 replies      
Given this, if successful, is creating storms at the top, won't it continually and repeatedly be hit by lightning? And given that it is some kind of fabric, cause havoc?
21
dghughes 1 day ago 0 replies      
Wouldn't such a chimney take off like a Chinese lantern?
22
pdonis 2 days ago 1 reply      
We already have something that does the same thing as this claims to (facilitate heat transfer from the surface to the upper atmosphere): it's called the hydrologic cycle.
23
fastball 1 day ago 1 reply      
Would the radiant heat from the ground be enough to continue this effect at the same rate during the nighttime?
24
SubiculumCode 2 days ago 0 replies      
Watched the video. Sounds miraculous :) Anyone here knowledgeable of atmospheric thermodynamics?
25
animex 2 days ago 1 reply      
This model must be able to be simulated somehow! To Minecraft!
26
kpil 1 day ago 1 reply      
Is it really a good idea to move more water vapor, a potent greenhouse gas, significantly higher up in the atmosphere?
27
unabridged 1 day ago 1 reply      
Things like this are the reason I don't think global warming will ever be a problem. Even if this example turns out to be a pipe dream, we will eventually figure out a way to lower the temperature or remove co2 from the atmosphere.
28
stephengillie 2 days ago 2 replies      
Would this be an efficient source of air pressure for the Hyperloop?
29
chroem- 2 days ago 3 replies      
Whoever made this assumes that the chimney wall would be a perfect insulator, which absolutely cannot be the case if it's supposed to be a thin cloth or film barrier. The air would cool to the same temperature as the surrounding atmosphere.

This will not work.

30
foota 2 days ago 1 reply      
Any idea how tall one of these would need to be in theory to support itself? I think that would be a cool sight to see and a great way to prove feasibility.
31
pmoriarty 2 days ago 4 replies      
How much will one of these cost?
32
scythe 1 day ago 0 replies      
These geoengineering proposals should be understood as mitigation strategies to be implemented after we have reduced carbon emissions, since even then we still have a problem. But this one seems very dubious.

>Speaking in terms of thermodynamic, we can say that chimney prevents adiabatic cooling of a rising parcel of air. Normally, when hot air freely rises in atmosphere, it expands as it gets higher and pushes the surrounding air. That causes surrounding air to heat and rising air to cool. That process continues until equilibrium is reached. At that point air stops its ascending. Unlike freely rising parcel of air, the air in the chimney is restricted in its horizontal expansion and thus, it is not free rising. When air rises in the chimney it also expands but only into upper direction. It compresses the layer of air above it, heats it up and loses its own heat. At the same time air below does the same thing. And thats how it goes all the way until the chimney exit: layers of air are being pushed and push themselves. That results in maintaining the same amount of heat in every layer of air, and that is how the chimney works.

This explanation ignores gravity. Air above you exerts more pressure on you than air below you, albeit by a tiny amount. But when the only thing moving is air in a 5-kilometer chimney, you can't get something for nothing. For intuition, just imagine the chimney is full of water. The water at the bottom is obviously under more pressure than the water at the top. The chimney faces the same consideration, but the ideal gas law applies.

Furthermore, the equation used in the "Calculations" section:

>q = dh2 /4 [ (2 g (po - pr) h ) / ( (l pr / dh) + pr ) ]

is sourced from this website:

http://www.engineeringtoolbox.com/natural-draught-ventilatio...

which rather obviously works from the assumption that the chimney is placed inside of a heated house.

This all seems to be a sort of Sokal effect in climate science, I'm afraid. The paper 'SubiculumCode cited does not really analyze the thermodynamics used for the chimney and points more to the unrealistic dimensions (1 kilometer diameter and 10 kilometers high).

33
desireco42 1 day ago 0 replies      
I think this, however flawed some of the explanation of the effect might be, is something we can try and experiment with fairly easily. Either it can be done, or not. And I believe it can.

Now, we can't let Musk do all the cool things, maybe someone else could step in and fund a project to explore application of updraft towers.

34
hossbeast 2 days ago 1 reply      
Unreadable on mobile
35
codecamper 1 day ago 0 replies      
Hate to be a downer, but out of 157 comments so far, nobody has mentioned ocean acidification. If there was a way to build these chimneys... we could then go on burning fossil fuels & so then the oceans would become more acidic, possibly leading to the inability of krill to form exoskeletons, removing a one of the main oceanic bottom of the food chain food sources.
36
stefantalpalaru 2 days ago 2 replies      
If a constant air flow is needed to keep the chimney upright, what will happen during the night, when the desert cools down?
37
ryanobjc 1 day ago 1 reply      
A spelling error makes it hard for me to take the proposal seriously.

For something as important as this, the details count. A loose approach to spelling is disturbing.

25
Update on Bitcoin Cash coinbase.com
272 points by ahoang18  3 days ago   224 comments top 28
1
phodo 2 days ago 11 replies      
I have been a long time coinbase user. I have been very unhappy with their support. I have been unable to add additional funds to buy both additional ethereum and btc from their site, even after contacting them repeatedly about this ... but never getting a reply. I did multiple identity verifications and connected bank and credit cards. No luck in being able to transact properly. Bitcoin Cash was a forcing function and last week I sent my funds to a private wallet. I am also buying additional crypto on Gemini and other exchanges. To give an idea of my frustration with them, I first tried to buy ethereum thru then at $40. I gave them benefit of the doubt in solving my issues ... and waited and waited. By the time I realized that they were not listening to me, ether had shot up to more than $200. I ultimately bought on Gemini. This was their business to lose and they did exactly that.
2
colept 3 days ago 14 replies      
Is there a viable alternative to Coinbase? Their support is absurdly awful. Two months and they sent two auto-replies to a simple ticket that couldn't be answered by the knowledge base. They don't care about your money - so long as it's already in their vault.
3
gragas 2 days ago 6 replies      
Honestly, I don't understand why everyone trashes Coinbase.

I work very closely with numerous crypto exchanges for a living (I write code which interfaces with them). Outside of work, I've personally chosen to open a Coinbase account and trade on GDAX.

Coinbase is, in my opinion, the most reputable exchange out there by far.

4
qhwudbebd 2 days ago 0 replies      
Coinbase is a horrific company: they give the superficial impression of being a reputable place to hold money, but one can go months at a time without a human response to support queries despite holding a substantial balance with them.

I cannot warn other potential victims of Coinbase strongly enough; hopefully the chaos and incompetence around BCC will alert people more publicly about the dangers of getting entangled with them. Hold your cryptocurrency in your own wallet that you control yourself.

5
duren 3 days ago 4 replies      
Say what you will about Coinbase, but I really appreciate their willingness to adapt and respond to customer feedback.

I personally didn't want to take on the risk of creating a paper wallet and having to move my small amount of BTC from my Coinbase vault, so this is great news for me.

6
aedron 2 days ago 2 replies      
Coinbase could easily avoid, or be unable to, provide BCH balances to their bitcoin holding customers.

There's no telling how Coinbase operates internally. You can't just assume that 1 customer == 1 permanent bitcoin address in Coinbase's backend. Perhaps they shift funds around all the time into new addresses, without keeping references/keys to the old ones. In that case, BCH balances would be lost, with no way to restore them to the 'owner' at the time of the fork.

Luckily (for would-be BCH holders) that seems to not be the case, but I think Coinbase deserves credit for going the extra mile when they could justifiably say that it is not their problem to deal with.

7
Snackchez 2 days ago 4 replies      
Maybe I'm just not getting something in my slow brain, hopefully someone here can explain. How does taking out my BTC out of CoinBase ensure I will receive an equivalent amount of BCH?

I bought 200$ worth of BTC in the past from CB, and promptly moved to an Exchange. Does that mean I will get whatever amount of BTC I purchased back then in BCH? If so, why? I understand there was a fork, but I don't get why I'm entitled to the same amount of BCH... what if there are more forks in the future, I'll just keep getting more of those offshoot coins as well?

8
koolba 3 days ago 2 replies      
So does this mean the cost of a lawsuit was deemed greater than the cost of adding support for BCC?
9
robinj6 3 days ago 4 replies      
Dumb question:

Supposing BCC eventually becomes of comparable value to BTC, does this mean everyone's fortune was just doubled?

10
obilgic 3 days ago 2 replies      
so inflation comes in terms of forks in the realm of crypto currencies.

Isn't it how it started with gold-based government currencies as well? every government created their own currency/fork of gold.

edit: typo, inflation

11
user5994461 3 days ago 0 replies      
Summary:

"Over the last several days, weve examined all of the relevant issues and have decided to work on adding support for bitcoin cash for Coinbase customers. We are planning to have support for bitcoin cash by January 1, 2018, assuming no additional risks emerge during that time."

12
mmastrac 3 days ago 3 replies      
Does this mean that customers in a short position owe Bitcoin Cash?
13
mlindner 2 days ago 1 reply      
So many people in this thread complaining about coinbase when I've had no issues with them. You people complaining about coinbase must have not been around when Mt.Gox was the only option. If you want to talk about lack of support... Now that's lack of support.
14
BusinessInsider 2 days ago 0 replies      
At first I was like, why a whole year?!

Then I realized there is a little less than 5 months left of 2017... Time is fucking flying!

15
Animats 2 days ago 3 replies      
"We are planning to have support for bitcoin cash by January 1, 2018, assuming no additional risks emerge during that time. Once supported, customers will be able to withdraw bitcoin cash."

They are so going to get sued if the price of Bitcoin Cash crashes by the end of the year. Where do they get off telling customers they can't withdraw an asset for five months?

This is what lawyers call "conversion"[1]. A person who knowingly or intentionally exerts unauthorized control over property of another person commits criminal conversion. The element of knowledge is found when the accused person engages in the conduct and he/she is aware of a high probability that he/she is doing so. An essential element of criminal conversion is that the property must be owned by another and the conversion thereof must be without the consent and against the will of the party, to whom the property belongs, coupled with the fraudulent intent to deprive the owner of the property.

It's legally equivalent to theft.[2] The typical example of conversion is renting something and then refusing to return it.

Coinbase execs, you really need to be talking to good securities lawyers.

[1] https://conversion.uslegal.com/criminal-conversion/[2] https://www.justice.gov/usam/criminal-resource-manual-1317-n...

16
Strategizer 2 days ago 0 replies      
When Ethereum Classic hit the markets Coinbase did the same, ignoring it first, then giving in, however it turned out because of missing replay protection (thanks to vitalik) Coinbase had to buy back ETC on other markets first. Feel free to draw your conclusions based on this information.
17
sputknick 3 days ago 1 reply      
Do you think this mean they will support ethereum classic? I don't see how the two are different.
18
kristopolous 2 days ago 0 replies      
Good on them. Finally some integrity in the cryptocoin exchange market.
19
boynamedsue 2 days ago 1 reply      
Where do I buy Bitcoin Cash today from a reputable exchange?
20
bayonetz 2 days ago 3 replies      
What an inconvenient waste of time trying to be proactive and moving my BTC out of Coinbase ahead of the fork -- just like Coinbase said to. Would have been nice if they could have decided this before hand...
21
discombobulate 2 days ago 0 replies      
Can we stop with this Coinbase spam?
22
Keeeeeeeks 3 days ago 1 reply      
Question: if Coinbase never claimed the Bitcoin Cash, would there be any grounds for a lawsuit?
23
localcdn 3 days ago 2 replies      
And all it took was the threat of a lawsuit.
24
la_oveja 2 days ago 1 reply      
coinbase's android app is utter shit. sorry but had to say it
25
Temasik 2 days ago 0 replies      
lost my faith with bitcoin and ethereum due to chain split

Ripple's XRP will win

26
luke3butler 3 days ago 4 replies      
Bitcoin cash is BCH not BCC.
27
chmike 2 days ago 1 reply      
I'm a blockchain money noob. From my stand point this virtual money looks like pure speculation. Nice to see that ressource limitation can be bypassed by forking. So this speculation seams doomed to me.
28
thinkmassive 3 days ago 2 replies      
They reversed stance so quickly, it seems plausible this was a calculated move to increase news coverage of Coinbase.
26
Kids Pass Just Reminded Us How Hard Responsible Disclosure Is troyhunt.com
265 points by ohjeez  1 day ago   83 comments top 14
1
ScottBurson 1 day ago 11 replies      
I have trouble understanding this mindset. It's like, if you were walking away from your car in a parking lot, and someone said "Hey! You've left your car unlocked!", and you yelled at them angrily "Stop looking at my car!!!". It makes no sense at all, and yet it's practically the universal response from people who don't know what they're doing.

People occasionally suggest that software engineers should be professionally licensed. I have a different proposal: I think that people who want to manage a business involving software development should have to get trained and licensed.

ETA: while my proposal is somewhat facetious when considered about all software development, perhaps it's not completely inconceivable that we could require businesses collecting any personal information from users to be licensed and audited. We already have PCI-DSS compliance rules for businesses using credit cards; this would be analogous, though it would have to be enforced by the government, as credit cards wouldn't necessarily be involved.

2
sam_goody 1 day ago 1 reply      
Heh! Nothing new in the behavior.

Mr. Feynman famously found you could lift the combo off a safe [with the a-bomb's secrets] when it was empty. When he alerted the Colonel not to leave his safe open, the response was to:

send a note around to everyone in the plant which said, During his last visit, was Mr. Feyman at any time in your office, near your office, or a walking through your office? Some people answered yes; others said no. The ones who said yes got another note: Please change the combination of your safe. That was his solution. _I_ was the danger!

3
swang 1 day ago 2 replies      
BBC posted a followup...

1. Kidspass spokeswoman said that it was their off-hours crew that blocked Alex and Troy. They were unblocked 10 hours later.

2. They will institute a vulnerability policy as a result of this.

http://www.bbc.co.uk/news/40776512

4
avaer 1 day ago 3 replies      
Putting text on a page isn't hard stuff. The hard stuff is teaching computer security to an organization that mistakes responsible disclosure for a hack attempt, and thinks a Twitter block will protect them.

It's probably also hard to know what a good security audit looks like, unless you grasp basic security in the first place.

I have no idea what the solution is.

5
coldcode 1 day ago 0 replies      
After so many decades in this industry nothing surprises me at all. Security is usually an afterthought that barely warrants spending more that a token amount. I once did a contract at a public university and found the app that every department used to verify with the state that money was appropriately spent used incrementing id's in the url and used GET to handle the delete button. I wound up fixing it for them on the way out (after weeks of telling me it wasn't a concern). A simple command line script would have deleted the entire database leaving the university with no budget for the upcoming year. Another place I worked kept production passwords in the code repository; when I complained they told me they passed their audits every year so it didn't matter. HIPAA company in the US no less.
6
bvv 16 hours ago 0 replies      
This seems like an area where a trusted organization (perhaps the EFF?) could do a lot of good by creating a "for dummies" webpage where the vulnerability disclosure process is explained in layman's terms (i.e. with suitable car analogies...) from a website owner's perspective. Those who discover a vulnerability in a company's IT infrastructure can then submit a link to this page with their reports.
7
confounded 1 day ago 2 replies      
Very few companies that use technology are technology companies.

Is there no open-source standard for authentication and user-data management? Do companies really need to roll their own each time?

8
S_A_P 1 day ago 1 reply      
All I can imagine that is happening there is panic. Defensive behavior such as this indicates either they don't really know how to fix this quickly, or they just don't care.
9
reitanqild 1 day ago 2 replies      
Related - but only to the blocking:

A friend of mine who works with one of the really expensive consulting companies witnessed someone lashing out on twitter about how bad such and such people where.

So he answered along the lines of: I grew up in such and such home, my experience is totally different and I'll be happy to buy you lunch.

Answer: blocked.

Blocking is a power thing for some people. IIRC it used to be a thing in the old Usenet and of course it existed before that in other forms.

10
rmellow 9 hours ago 0 replies      
Sometimes we forget the entrepreneurs behind these services can be technologically illiterate. When they realize they have a problem they don't understand, they get scared, and can easily get confrontational and try to dodge any liability (e.g. by getting the police involved).

How can we teach these entrepreneurs to act? Perhaps by creating an accessible and gently worded guide on how to act; an FAQ from a reputable organization that you can link to every time you disclose a vulnerability? IEEE, EFF I'm looking at both of you.

11
tarr11 1 day ago 1 reply      
What is a good way to implement responsible disclosure for single developer / side projects?

Eg, when you don't have the resources to pay for bug bounties etc.

12
z3t4 16 hours ago 2 replies      
Writing "They have a serious vuln" on twitter is not responsible. Try to hack those who have bounties, please leave the others alone, or at least contact them privately when you find a vuln. Give them a chance to fix it, and if you want to be helpful also tell them what the issue is.
13
notyourday 23 hours ago 1 reply      
The solution to this is simple. Disclose everything. Have these companies destroyed. Have everyone who works for them fired and become unhirable. Have their houses foreclosed on because they cannot afford to pay the mortgages or rent.

That's the only way to ensure that the security is taken seriously.

14
DanBC 1 day ago 1 reply      
One of the benefits of the oppressive regime in the UK is the proliferation of regulators.

The Information Commissioner is the regulator for this kind of thing.

https://ico.org.uk/

They do take action on this kind of thing.

27
Insiders say Google was interested in buying Snap for at least $30B last year businessinsider.com
209 points by SirLJ  3 days ago   96 comments top 18
1
naturalgradient 3 days ago 6 replies      
I am the only one thinking of http://www.paulgraham.com/submarine.html?

Why place an over one year old alleged offer in the media today?

Because the shares are free-falling, user growth quarter-over-quarter will likely be abysmal and float will drastically increase in 2 weeks.

The only possible sliver of hope for shareholders right now is a potential buyout. Remember how many times Twitter rallied on 'chatter' of a Google bid?

https://www.theguardian.com/technology/2015/apr/08/twitter-s...

https://www.cnet.com/uk/news/twitter-buyout-rumors-google-sa...

Edit: interesting number of down votes, is this such a far fetched conspiracy theory? If it was such an open secret at Snap, why has this not come out yet?

2
askafriend 3 days ago 2 replies      
I wouldn't take this seriously.

It sounds like they were just internal rumors that spread around and then eventually got to a journalist.

Unless the internal sources directly and verifiably worked on drafting the proposal or discussing the concrete deal being purported - it's most likely inaccurate, overly optimistic hearsay.

Let's use our best judgement here and not humor the journalist for clicks and outrage.

3
josteink 3 days ago 2 replies      
True or not, Google clearly needed yet another messaging service, which they in about a year's time would have messed up and deprecated.

How about they just unify what they already have on offer, and get it working properly (and maybe worldwide this time!) before messing with yet another service?

sigh

4
chollida1 3 days ago 5 replies      
Many years ago Microsoft was trying to purchase Yahoo for $45 a share. Every company has their Yahoo moment, where they consider making an over the top purchase offer for a company, that in hind site looks like a terrible idea.

I'm not sure how far the talks went, though given that this is just coming out now, I'm guessing they didn't go very far. Would be interesting to know if the offer is still actually on the table like the article hints at.

This is the price you pay for giving up all voting rights. If Evan doesn't want to sell no sale, no matter how good of an offer is on the table. With voting rights atleast someone can hold the CEO's feet to the fire to make them consider the idea.

5
mikehines 3 days ago 3 replies      
Snapchat is consistently the top 5 free apps in the US. I think it's worth the 30B for Google to break into that.
6
tedunangst 3 days ago 2 replies      
Why be the next Instagram when you can be the next GroupOn?
7
ChrisBland 3 days ago 0 replies      
Glorified article meant to inflate the stock price.
8
bpodgursky 3 days ago 1 reply      
Well, if Google had acquired Snap last year, at least they'd have a decent Android app, which couldn't possibly hurt their user numbers.
9
dmix 3 days ago 0 replies      
Could the investors/founders have cashed out as easily (or for more money) through this type of acquisition vs an IPO?

That's basically the only relevant question here. I doubt Snap would have been a better consumer product under Google's direction. They have a consistent habit of killing them off.

10
mandeepj 3 days ago 1 reply      
This high value only because facebook bought whatsapp for almost $19 billion. Google offered $10b for whatsapp. They gave up for anything beyond it thinking it is too much only to realize later it was not.
11
adventured 3 days ago 1 reply      
Well, SNAP is currently trading for $15 billion. If they can get $20 to $22.5 billion for the company right now in an acquisition by eg Google, they should immediately take it.

Twitter is the picture of where they're going, best case scenario (the difference in risk of course being, Instagram isn't a serious threat to Twitter's existence). Twitter has four times the sales (annualized run-rate), more cash, a lower quarterly burn rate (now), with 23% less market cap.

12
bedhead 3 days ago 1 reply      
Yeah, and Google also reportedly offered to buy Groupon for $7 billion, a year before it went public. Not sure what kind of consolation that gives to shareholders now...
13
fareesh 3 days ago 0 replies      
Does Google really need another messaging app?
14
zitterbewegung 3 days ago 0 replies      
Yea, people said the same thing about Digg. TBH Google is probably interested in buying anything remotely social. Digg had the reason of not accepting their corporate "culture". Either that or Google figures out that they just have to wait and hire the CEO once the company fails (this happened to Digg).
15
notadoc 3 days ago 3 replies      
Do kids still use Snapchat?
16
sidcool 2 days ago 0 replies      
Looking at Snap's condition right now, and how Instagram is routing it, they made a smart decision not buying it for that ridiculous amount of money.
17
tanilama 2 days ago 0 replies      
Good, now, they can buy it with 50% discount. What a steal!
18
whipoodle 3 days ago 2 replies      
It's not just farfetched, it also doesn't really add up or make any sense.
28
Can a Living Creature Be as Big as a Galaxy? nautil.us
258 points by dnetesn  1 day ago   183 comments top 31
1
stareatgoats 1 day ago 4 replies      
The question is not correctly formed: what we really want to know is if there are life-like beings that could operate on a totally different scale than ours (both time and size wise, including viruses and whales here). Self centered thinking, i.e. restricting our inquiry to only include protein-based lifeforms or other qualities required on our scale obviously prevents us from having the required open minded mindset.
2
tsunamifury 1 day ago 5 replies      
It's answer of "No" is predicated on two assumptions: that the lifeform is not colonial in nature and that time is not a localized phenomenon. While on the surface that later assumption might sound absurd, our universe could very well be a Local Bubble of time. Time could even be a biological function of a higher dimensional being that is the size of the universe. There is also no way to disprove that without observing beyond the universe, which may get a bit dicey.
3
bitL 1 day ago 3 replies      
We still don't know if the Universe itself isn't a living organism with us playing the role of tiny viruses that require intelligence/consciousness to fulfill certain tasks, like what gut bacteria does for us.
4
hypertexthero 11 hours ago 0 replies      
> Stars are best regarded as living organisms, but organisms which are physiologically and psychologically of a very peculiar kind. The outer and middle layers of a mature star apparently consist of tissues woven of currents of incandescent gases. These gaseous tissues live and maintain the stellar consciousness by intercepting part of the immense flood of energy that wells from the congested and furiously active interior of the star. The innermost of the vital layers must be a kind of digestive apparatus which transmutes the crude radiation into forms required for the maintenance of the stars life. Outside this digestive area lies some sort of coordinating layer, which may be thought of as the stars brain. The outermost layers, including the corona, respond to the excessively faint stimuli of the stars cosmical environment, to light from neighboring stars, to cosmic rays, to the impact of meteors, to tidal stresses caused by the gravitational influence of planets or of other stars. These influences could not, of course, produce any clear impression but for a strange tissue of gaseous sense organs, which discriminate between them in respect of quality and direction, and transmit information to the correlating brain layer.

From Star Maker by Olaf Stapledon, Chapter 11, Stars and Vermin

https://ebooks.adelaide.edu.au/s/stapledon/olaf/star/chapter...

5
mirimir 18 hours ago 0 replies      
It's a thoughtful article, and I love the reference to Burroughs' Soft Machine. But it doesn't distinguish clearly enough between self-conscious organisms and the rest. It's true that consciousness and evolution thereof likely crap out when latency goes over a few hundred milliseconds.

However, I see no limit to the size of zero-gravity organisms like the honey fungus. Fungi are filamentous, so there's no unsurmountable problem with heat dissipation.

And even for self-conscious organisms, I can imagine hierarchical organization, such as Rajaniemi's "metaself" or Watts' Bicameral Order.

6
Koshkin 1 day ago 4 replies      
Since proteins cannot exist in space, then, using the currently accepted definition of "life" at the basic level as the complex of processes that allow protein molecules to exist, then the answer must be 'no'.

On the other hand, it is an interesting mental exercise to also consider other reasons why such creature might be impossible. One reason could be because the time needed for such creature to grow from something much, much smaller (as it usually happens in biology) would be longer than the age of the universe.

Another one is that nerve impulses travel slower than the speed of light, and so, again, it would take forever for a signal to reach the central nervous system. One could argue that the creature can be "decentralized", i.e. look more like a large colony of smaller organisms, but then the question arises as to what makes it a single creature in the first place.

Yet another issue concerns what drives the evolution of this particular species, and, again, the time it takes.

So far, all these considerations unavoidably lead to the answer 'no'.

7
Balgair 8 hours ago 1 reply      
Quick reminder: We don't know what the majority of the mass/energy of the universe is. Dark matter is ~20% of the universe and pretty much all we know about it is that 'it falls down'. Dark Energy is ~75% of the universe and all we know about it is that it makes galaxies accelerate away from each other. So, defining life or intelligence as we do is maybe not the best idea for long term thinking.
8
axplusb 1 day ago 1 reply      
I'm surprised to find no mention of Solaris by Stanislaw Lem among the fiction references. In this novel, a whole planet is somehow a living organism, truly alien to human conception of life.
9
kindadumb 1 day ago 0 replies      
This theory was once proven in a famous documentary http://www.youtube.com/watch?v=AJOVUF-HaDw&t=0m37s
10
alexpetralia 1 day ago 0 replies      
Does a group of people have an emergent consciousness in its own right that no one person can individually experience?

Perhaps certain parts of the brain too "think" they are conscious but can't individually experience the same consciousness we as people experience.

11
jeffdavis 1 day ago 0 replies      
Related: On Being the Right Size

https://irl.cs.ucla.edu/papers/right-size.html

12
dwaltrip 1 day ago 0 replies      
A bit of tangent -- the article talks about powers of ten, and hints at how powerful a tool it is for analyzing everything around us. This resonates very strongly with me. The entire known universe, from the smallest particle to the width of the cosmos itself, fits within several dozen points on this scale. It's incredible.

Personally, the last few years, I have felt that working to understand how all phenomena can be sketched out on the log scale has helped me gain a deeper understanding of the world. Of course, this goes hand in hand with related ideas, such as having a generally skeptical mindset, seeking first principles, etc.

These ideas has been very powerful for me, and I thought it might be worth sharing.

P.S. the book "The Black Cloud", mentioned in the article, is a really fun and quick read. I recommend it for any sci-fi fans.

13
Poc 1 day ago 0 replies      
It make me think of Von neuman probe. If we can consider that a robot or something with connections similar to our neurons can be a living creature. Then maybe if something like Von Neuman probes existed it could have colonized the whole galaxy (actually it could be done in a few hundred millions years) then those probes, while each one have is own brain, could communicate with the other probes and even if two probes at two opposite sides of the galaxy couldn't communicate, they would still be connected. Then maybe this network could be consider as a living creature.
14
visarga 19 hours ago 0 replies      
When thinking about such things, you've got to ask yourself: under what circumstances would such a creature appear and under what circumstances could it die? What does it need? What constitutes a good or bad thing for it. How does it learn? How does it perceive? How does it act out its intentions? Does it have a self preserving instinct?

It doesn't make much sense for a creature the size of the galaxy. If it did, it would be extremely slow and alien to us.

A more plausible way would be if a human-scale civilization would create self replicating probes that would spread in the galaxy and bootstrap some sort of large biological or AI civilization.

15
sebastianconcpt 8 hours ago 0 replies      
Aren't creature body sizes a function of some combination of food size and quantity? If so, what this hypothetical creature would eat?
16
sriku 21 hours ago 0 replies      
"Exhalation" by Ted Chiang is, I think, a great literary exploration of this topic and brings the essence of what is required for life, though it doesn't get into what life is as opposed to other phenomena. For those who've not read it, I may be giving off too much if I said anything more.

It is certainly more insightful (again imho) than this article.

http://www.nightshadebooks.com/Downloads/Exhalation%20-%20Te...

17
andy_ppp 19 hours ago 0 replies      
Sort of tangentially related is the physicist Geoffrey West, who decided to try to apply the thinking of a theoretical physicist to biological systems. His book Scale is excellent, and this is one of the most interesting podcasts I've ever heard:

https://www.samharris.org/podcast/item/from-cells-to-cities

18
SCHiM 1 day ago 0 replies      
I love topics like this :)

If yes, the next question might be:

> Imagine a creature that is as big as the galaxy, imagine its organ that is analogous to our brain is as efficient and big as is possible, what is the most complex concept that that brain can fully comprehend?

19
11thEarlOfMar 1 day ago 2 replies      
It's a different topic, but related. I was marveling at the diversity of life on Earth, which led me wonder: to what extent does sustained life on Earth depend on that diversity? I.e., what would be required or different for a planet to host and sustain a single species of life?

Given the nature of evolution, and that one subscribes to it, life on Earth started with a single organism that replicated. From that point until a replication modified the organism into a different species, there would have been one species. But was it necessary to have multiple species in order to sustain life?

20
cardigan 18 hours ago 0 replies      
Hmm, but what if the living creature had a density of neural circuitry similar to ours, and mainly interacted with things inside itself, and had slow propagation of knowledge? Not sure I understand this except under the hidden assumption of having a similar number of neural circuit elements
21
FrozenVoid 20 hours ago 1 reply      
The comparison about surface areas is wrong.A creature could drastically increase its surface area by having many tendril-like appendages (i.e. hairy surface) and limiting the core body to consist of thin shapes.A fractal web of tendrils would dissipate energy far more effectively.
22
rcthompson 18 hours ago 0 replies      
If anyone is interested in a sci-fi novel series that explores these kinds of themes for intelligent life, I highly recommend Ancillary Justice by Ann Leckie. (I've left the statement above intentionally vague to avoid excessive spoilers.)
23
nils-m-holm 18 hours ago 0 replies      
Why only as big as a galaxy? Why not the entire universe?

http://www.geoffreylandis.com/infinite.htp

(Geoffrey Landis, the Melancholy of Infinite Space)

24
asah 1 day ago 0 replies      
re heat dissipation - the author assumes a mostly-convex form, but if the life form as concave spaces (e.g. tentrils) then the surface-area-to-volume ratio can be arbitrary.
25
brunomarx1 14 hours ago 0 replies      
What if the galaxxy itself were a living being, but we are so small to grasp this form of life
26
jfoutz 23 hours ago 0 replies      
So this requires a few things,

First off, single organisms can have pretty advanced local processing of control. An octopus has a nerve cluster for each tentacle that can operate independently of the main brain [1]. So in at least one case, biological brains delegate work out to another region of the body. An argonaut octopus actually detaches part of it body, which as far as i can tell, keeps living for a while. it's kind of creepy. The only thing i can't find an example of, is remote control. A detachable body part, with a nerve cluster, that responds to light or sound seems like what would be needed for the base creature. Evolution hasn't stumbled on that trifecta here on earth. But it sure seems like something that could have come about.

The latency argument isn't compelling. If i can send one message, i can send another hundred billion messages along with it. So, sure only a few thousand round trips, but a fabulous amount of information transferred. There's no actual biological equivalent to a semi autonomous drone, so i'm not sure what that would look like before the creature took to the stars.

There's also no real obvious way for this lone detatched tentacle to consume the resources of a planet. But whatever. I think one entity with those three features might have a chance.

Also, is the creature smart? Does it get to genetically engineer itself? do cyborgs count? That greatly simplifies things as well. The detachable parts could have detachable parts, and recurse down to whatever arbitrary degree is useful.

Alternatively if you admit superorganisms, then everything is much easier.

So anyway, you don't really need to send many messages when the message is "here are the latest designs for industrial architecture to dismantle a solar system and send the resources back" It's up to the billions of lone tenticles and their machines to execute the will of the super brain.

On the other hand, yeah, there's not going to be a galaxy sized amoeba or panther or anything like that. maybe an incredibly fine mist of fungus or mold, but i think it'd be too hard to keep a system like that from collapsing in on itself from too much mass. a galaxy sized ring of spider silk orbiting a black hole sounds like great science fiction. but i can't imagine that working.

[1] https://en.wikipedia.org/wiki/Octopus#Nervous_system_and_sen...[2] https://en.wikipedia.org/wiki/Argonaut_(animal)#Sexual_dimor...[3] https://en.wikipedia.org/wiki/Superorganism

27
danaan1003 1 day ago 0 replies      
Yeah, your mom
28
mbrookes 1 day ago 0 replies      
No.
29
baron816 1 day ago 0 replies      
Challenge accepted
30
mcappleton 1 day ago 1 reply      
Look, the vast majority of a galaxy is empty space. A living creature is obviously not empty space, so all that space would have to be filled with the creature's matter. Well, if you put that much matter so close together, it will all collapse on itself and create a black hole.

So no, you could not have a living creature as big as a galaxy.

31
devoply 1 day ago 5 replies      
This article does not take into account quantum phenomenon. It's possible that instead of being limited by the speed of light transmissions, such a system uses quantum phenomenon for communication. Which then would make the whole argument that this article makes invalid. It's based on the premise that life would be based on the same sort of physics as life on Earth... which does not make sense as such life if it exists would evolve using a different set of rules which would include things such as limits on speed of light transmission in such large systems... so it would've learned to exploit quantum phenomenon for transmission.

edit:

Superluminal, or faster than light, communication is said not to work because it allows information to be sent into the past. There is however non-locality which is not the same thing. Sorry not an expert on this, but this seems to apply to the exact discussion.

https://en.wikipedia.org/wiki/Bell%27s_theorem#Importance_of...

29
A Candle Loses Nothing by Lighting Another Candle stephaniehurlburt.com
263 points by ingve  2 days ago   72 comments top 29
1
rrdharan 2 days ago 3 replies      
I liked the analogy, though I'll confess I clicked the link expecting to see a layman explanation of some interesting physics trivia.
2
te_platt 2 days ago 3 replies      
I have a little brother and a brother in law who each went from bad financial situations to making a lot of money in a relatively short time. By a lot I mean much more than I make, and I do pretty well. I found it strange that I was both happy for them and resentful at the same time. We got along well before and after their success and I never felt like they became arrogant or condescending. I think my resentment came from having to face up to my own mistakes and weaknesses. Maybe there were reasons they were more successful than I was; that it wasn't just luck. Thankfully the resentment has long since faded.

The experience also made me think what would happen if you were at a party with a large group of friends. God appears and gives everyone with a birthday on an odd numbered day a million dollars then leaves with no explanation. How happy for their friends are the people who didn't get anything? They are no worse off but I can't help thinking they would be happy.

3
Hnrobert42 2 days ago 4 replies      
I hate to admit it, but I fall into the resentment camp. I don't belittle others, but I do envy their success. I know this attitude is counterproductive, but that doesn't motivate me to change. I suppose this is one of the many reasons the author is successful, and I am not.
4
Shank 2 days ago 2 replies      
> He told me that that was pretty easy, boring work, but I guess good enough to pay the bills.

I've been told a lot in my side projects a similar thing: that the problem I solved wasn't the "valuable" one to solve, and that other people were far ahead in the "real" problem. It drives me absolutely insane. People diminish the success of others just so their project can be "superior," despite when it's actually far behind in the department that one excels at.

5
avaer 2 days ago 2 replies      
The author rightfully acknowledges that "it is a decision that cost me some short term profits early on".

But I also know people and companies that were so nice and generous that people and customers learned to bleed them to figurative death. It's worth noting there might be some survivorship bias here.

6
bjd2385 1 day ago 0 replies      
I've seen this in employers as well. I worked for a textile mill that was technologically stuck in the Stone age, drilled you all day long for nearly minimum wage. Then I got a break and they made me a line lead, a reward for being such a good worker. But they found a way to take that position away when they found out I was using the extra money to pay for college courses and attend conferences. Needless to say, I quit, and I found a job at a technology-oriented company. They supported it from day one, and I'd be happy to stay with them and apply for more effective jobs.
7
ImSkeptical 1 day ago 0 replies      
The only part of this essay I didn't like was the bit about how good people:

"Ask me how they can help me. Give without expecting to receive if they're in a position to do so."

If you're in my immediate family, or you're a close friend, I'd help you for the sake of helping. If you're a random person I'm meeting, I don't think you should feel entitled to my generosity.

8
voidhorse 2 days ago 0 replies      
This was a nice metaphor, but remember!--matches must light candles first:

"Oh, hard! that to fire others, the match itself must needs be wasting!" -- Moby Dick (Chapter 37, Sunset)

If you truly believe in something--be ready to lose a lot. One of those things you may lose is freedom from the scope and bile of other's jealousy.

9
keithwhor 2 days ago 0 replies      
The issue is social signals. "Resentment" is perfectly natural, and is a result of social status posturing. Party A views Party B as socially competitive and the result is discomfort, an attempt to pull B back towards the status quo or block them from succeeding, and of course, resentment.

I think the "lighting another candle" group are naturally wired more pragmatically; they're confident enough (or otherwise differently programmed) so that they don't feel socially competitive, and instead focus on growth. They focus on complementary aspects of Party B's success and act within reasonable social contexts to help propel Party B forward, understanding that if they're able to play a role in doing so, they'll likely be rewarded (be it financially, socially or otherwise).

I would posit that Silicon Valley can only exist because of a surplus of the latter category; it's the underpinning of VC as an industry, and business development as a branch of a corporation. In fact, it's downright dangerous for an investor to be socially competitive with founders - if you're expecting power law returns, you, by definition, have to invest in somebody that's likely going to end up more individually successful than you are and it's your job to make sure they get there.

All that said, there's definitely grey area. I'm sure that the "pragmatic" / "candle" group can still easily succumb to envy when the party they're interfacing with is quite literally competitive in a vertical they're operating in. None of us are perfect, so I think creating a delineation is a little dangerous. In-group vs. out-group thinking is only going to increase the social resentment factors (we can see it in this thread already).

10
CM30 1 day ago 0 replies      
I'm not really a resentful person myself, and am generally quite happy when someone succeeds. That's pretty much why I post all those articles about underrated channels and content creators, to bring more attention to them in the hope that my opinion on the quality of their work will eventually become the prevailing one and that they'll do well from their efforts.

However, I still have to admit I feel resentment in some cases. And that's usually if:

1. The person/creator/organisation didn't seemingly try very hard to succeed and just coasted their way through life. The people running those prank channels on YouTube and making thousands of dollars through low effort content that purely became big because of a YouTube algorithm change... those are people I might resent. Especially if they're doing better than people I consider much better artists or creators. Same goes for those creating fake news sites or what not.

2. The person or organisation becomes selfish, throws everyone that helped them under the bus and thinks they're some big shot that the world should worship. This is surprisingly rare, with my experience being a lot of successful people do tend to be pretty nice on a personality level (in contrast to cliches about only sociopaths succeeding in life).

But for the most part, I'm happy when people succeed. Only makes sense, why not be happy for anyone who succeeds through hard work and determination? It makes you feel there's a certain amount of fairness in a world that can sometimes seem very random.

11
free_everybody 2 days ago 0 replies      
This was so beautiful! So glad to see it on Hacker News. I find myself in the resentment camp too often, and I'm reminded that little can be accomplished by pushing others down. We're all stronger when we form a web of support. Greater heights can be reached.
12
throwaway13337 1 day ago 0 replies      
What she described reminded me of the people I knew while living in Seattle.

It was no surprise to me that it's where the author lives.

It's more of the tech community attitude there.

People are afraid of being judged as not as smart so put others down as a defense. It's sad.

13
Scaevolus 1 day ago 1 reply      
Some people resent people that find success in modest startups. Selling useful libraries to developers won't make you a billionaire, but it can create a comfortable, steady revenue stream-- RAD game tools (in Seattle) has been doing this for a long time, selling things like video codecs and profilers and animation systems.

You could write a basic version of these tools in a few months, so it's easy for some programmers to dismiss-- but companies can do basic math, and understand that a $5,000 licensing fee is much cheaper than 3 months of developer time!

14
markisus 1 day ago 2 replies      
I agree with the author that we should avoid feelings of resentment towards people who are successful. However it bothers me that the author classifies trace of a matrix as math trivia. I think sometimes people will categorize their current knowledge as "the important stuff", and everything else is "just trivia". This can be a dangerous trap that prevents personal improvement.
15
user5994461 2 days ago 1 reply      
With javascript disabled, the page is displayed fine while it's loading, then it all fades away into a blank page. It's disturbing.
16
luord 1 day ago 0 replies      
Another option to avoid turning off the candle is not talking to people, or wait for them to bring up the subject. I'm awkward so I often end up doing this.
17
lutorm 2 days ago 0 replies      
Long-term that's true ... but just like you can make a fire go out by putting too much fuel on it too early, if you try to light too large a candle, the candle might go out.
18
Kenji 2 days ago 0 replies      
If you fall into the resentment camp, you are exhibiting a defensive reaction because you are in denial about your own flaws and that will be a hindrance to your success.
19
Lagged2Death 1 day ago 1 reply      
I'm established now. I own a great company. I love my work and have happy customers and supportive people in my life. So I can see straight through the resentment for what it is...

It's likely enough the author is observing something real in at least some cases, but it's laughable to imagine that perspective and deep insights into the minds of others (i.e., empathy) comes with success and comfort. All evidence is that the opposite is true. It's not farfetched to suppose that he sometimes reads something else (like frustration) as resentment.

20
ronilan 2 days ago 0 replies      
Also the candle burns out long before the legend ever does. Everybody knows that's how it goes.
21
danjoc 2 days ago 3 replies      
Seems like a humblebrag.
22
vostok 2 days ago 0 replies      
I know this isn't related to the article, but I'm also surprised that the author had never worked with the trace given that they work in graphics, their company is called Binomial, and their product is called Basis.
23
carsongross 1 day ago 0 replies      
Well, if is someone is paying you for your light...
24
justonepost 2 days ago 0 replies      
A fundamental underpinning of open source.
25
ageofwant 1 day ago 0 replies      
A candle loses half of the attention when it lits another, all candles know that. Some just choose to revel in the doubling of the light.
26
honestoHeminway 1 day ago 0 replies      
We need DRM on Candles..
27
grogenaut 2 days ago 2 replies      
actually usually when I light 2 candles you have to tip one and so it burns more to a side and then they burn extra hot for a second so you do actually lose some.

what is the sound of one hand clapping?

28
tj-teej 2 days ago 1 reply      
Technically it loses potential oxygen out of its possibly finite supply required to stay alight.

But I like the sentiment :)

29
throw2016 2 days ago 0 replies      
It's a tad unrealistic to expect positive interactions at all times. There is a whole social behavior called 'negging'.

But it's always a good idea to cut off negativity where you have control.

30
JetBrains Web UI components open-sourced jetbrains.com
281 points by uptown  2 days ago   86 comments top 16
1
adamnemecek 2 days ago 7 replies      
JetBrains is kinda crushing it. I've spent the last two days looking into Kotlin. I didn't realize not only that Kotlin can compile to JS but also that you can interact with say React from it. So you can build a full stack app in it, without ever touching JS. (I think that the JS compilation is still technically in beta but w/e).

https://github.com/Kotlin/kotlin-fullstack-sample

Combined with the fact that you can use Quasar for Erlang style processes, I think that I found my next web language.

I guess you could achieve this with Scala too but I could never get over the compilation times. Also the Kotlin integration seems somewhat more straightforward.

I also like that the company that makes my IDE also makes the ORM (https://github.com/JetBrains/Exposed) and web framework (https://github.com/Kotlin/ktor). Idk how good these are but I imagine pretty decent.

2
raybb 2 days ago 5 replies      
It's under the Apache License and the components look pretty good.

I particularly like the Date Picker:http://www.jetbrains.org/ring-ui/date-picker.html

3
Robdel12 2 days ago 1 reply      
This great! I'm sad that _none_ of these components were built with accessibility in mind.
4
j_s 2 days ago 2 replies      
GitHub repo: https://github.com/JetBrains/ring-ui

It's only linked in the comments; also - they're dogfooding issues in their own YouTrack thing. It looks like JetBrains does this for all their open source projects. Can anyone with some experience compare against GitHub's issues?

5
wslh 2 days ago 2 replies      
I hope JetBrains or others launch a Web UI Designer that doesn't make you miss Visual Basic 6.0.
6
michaelthiessen 2 days ago 2 replies      
If you hit "next page" on the Table component enough times it throws an error and the component becomes unresponsive.

It looks like the example data isn't correctly set up.

http://www.jetbrains.org/ring-ui/table.html

7
chiefalchemist 2 days ago 0 replies      
Am I missing something or do most of these not consider accessibility? Or is that up to you to when you use them?
8
toddkazakov 2 days ago 0 replies      
Palantir's blueprint is also a great UI kit for react. I'm surprised nobody brought it up.
9
EGreg 2 days ago 1 reply      
Looks great! But for desktop. Too bad they don't work on mobile very well (I tried them).
10
virgil_disgr4ce 2 days ago 1 reply      
Looks like their site is getting hammeredwhere is a good place to see the different components in action?
11
mhd 2 days ago 0 replies      
This almost looks like something able to replace ExtJs
12
the-dude 2 days ago 0 replies      
I browsed the components : is a slider missing? I need those, good ones ( min, max, step, scale ).
13
tyteen4a03 2 days ago 0 replies      
Can't say I'm a fan of their buttons, but the date picker is refreshing.
14
thejosh 1 day ago 0 replies      
Too bad it doesn't work with npm 5..?
15
mstijak 2 days ago 0 replies      
I would recommend CxJS to people looking for advanced data widgets, e.g. data tables, date pickers, charts, ...

Here are a couple of sample pages based on CxJS widgets:

- https://worldoscope.cxjs.io/4v5b3k2

- https://starter.cxjs.io/dashboards/sales

Full disclosure: It's a commercial framework, I'm the author.

https://cxjs.io/

https://github.com/codaxy/cxjs

16
scierama 2 days ago 4 replies      
It looks like this is Ring UI. It looks like that is React. It also looks like it only runs on NodeJS. So this could be good news if you're willing to use JavaScript (NodeJS) as the server and use or switch to React style, JavaScript dedicated, back-end work. Is this something the Enterprise is willing to do?
       cached 7 August 2017 02:11:01 GMT