That doesn't necessarily mean that the password is stored as plain-text. The customer support agent may have simply had the ability to initiate a process that decrypted it and sent an email notice to the customer.
Granted, it's always alarming to learn when companies either store plain-text or store reversible encrypted passwords where they hold the key, but it's not surprising. Sometimes, usability, convenience and customer experience are more important than IT security, thus mgt decides that these things are acceptable risks.
As a user, I assume the site is not going to do the right thing with my password. That's why I securely generate a new password for each site using a master passphrase. Oplop is a good, zero-install tool for doing this. http://pauladamsmith.com/blog/2010/12/oplop.html
It's definitely possible that they're storing the passwords using reversible encryption. However:
1) In my experience, it's often harder to set your app up to use reversible encryption instead of hashes, especially if you're using an existing authentication library. In a case like this, I would assume the path of least resistance is more likely.
2) Storing passwords as reversible encryption is almost as bad, as the person who compromises your security would likely have access to your application code (and therefore the key to decrypt the passwords), and the negligible benefits of being able to retrieve passwords are not usually worth the potential liability.
I'm developing a site right now in which I capture plaintext passwords on sign up within a separate table and then offload that data on an hourly basis to backup so that in case I ever need to change from BCrypt to some other encryption scheme, I have the plaintext passwords to easily make the switch. The passwords are never going back into the production db and someone would need to get physical access to my in house backup server to get these passwords.
From a customer service standpoint, I don't plan to ever let people know I am doing this because they will try to call me out on being evil about it.
Regardless of how they're stored, people should be worried that they're sending passwords via email. Passwords (especially ones that can cause financial harm) are considered PII and sending it via email (unencrypted transmission) is illegal in Massachusetts and probably a few dozen other states.
They obviously don't store a one-way hash if they just regurgitated it to you, but is this really enough information to conclude the password is stored in plaintext?
This just means the password is easily convertible to plaintext - either because it's stored in plaintext or because it's encrypted and their support folks are able to decrypt it. The former is completely indefensible, the latter is "just" very very bad.
I still dont get how you concluded that Newegg stores password in plain text.
All you did was talk to a Newegg rep, you said he mis understood you and email you your Newegg password. What evidence do you have and in what logical reasoning does that lead to Newegg storing passwords in plain text?
He could have used your info and looked it up in the Newegg system, probably clicked a check box that says "email password" the system could have decrypted it and sent you the password.
I've seen many sites that actually send you your username and current passwords if you forgot. It doesn't mean that when it's stored on their system it was not encrypted.
Edit: to clarify, my whole point is in reference to how the password is stored in plain text.
really? so you guys think they are rigid enough with security and willing to do all that extra work in order to two-way encrypt the password (and credit card data, theoryetically) just so their $8 an hour customer support reps can decrypt it for you?
Whether or not it's stored in "real" plain text is not the issue here. The real security issue is that they email you your password at all. So anyone who has access to your inbox, even for 5 minutes while you step out of the room, now has a way to find your newegg password. And for a significant percentage of people that will be the one password they use everywhere.
And an fyi, tigerdirect.com does this too. I don't know if it's reversible or plain text, but I'd still prefer to reset my password on the site rather than it being sent back to me.
Stories like this come up every couple months. The true story should be titled Jerry Asher doesn't understand basic security. It's pretty worrisome that developers don't understand the difference between encryption and hashing, and then symmetric vs asymmetric key encryption.
Of course, Newegg should adopt a strong hash policy since they've introduced a single point of failure.
Regarding the argument that doctors aren't lawyers, and they were just listening to so called experts:
There was a popular article last week discussing how doctors were ignoring evidence and logic because so-called experts in their fields hadn't instructed them what to do yet. They refused to think for themselves.
The idea that a doctor only used this form because an expert told them to, and didn't think about it for even a minute, does not fill me with confidence. Why would this thought process be confined to one area?
My prior comment posted about another link describing doctors behaving like this remains pertinent:
"I'm a doc. I have no idea of the legality of such "contracts", but it doesn't matter - such a practice is completely unethical.
"Nor is it going to help a physician when a patient makes a complaint to your medical licensing board.
"If you're doing your job as a physician you aren't a "provider" to "consumers" - you are hopefully a professional working in the best interests of a patient or population of patients regardless of your own personal interests - this horseshit obviously has nothing whatsoever to do with that goal."
These "copyright rights" violations are becoming egregious. I recently had to sign an addendum to my apartment lease stipulating that the management company owned my "copyright" and could broadcast, on the Internet, all security footage of me in the building.
What action should I take to get this clause removed? I don't care if they share the tapes with the police when they have a warrant. I do care if they end up on the Internet. I want to walk to my apartment, not have my life broadcast to strangers.
As a consumer, the way deal with this stuff is to cross out the objectionable provisions, sign, and hand it back without a word. Walk out if they put up a fuss, but they usually won't.
The funny thing is that this will lead to many more anonymous reviews " which will be much more nasty than folks who sign their actual name to a comment. So negative reviews will always outweigh any positive feedback. What's sad is that you can take negative feedback and use it to improve your practice (if you care about those things)...
I agree to the mutual privacy agreement and authorize the office to retain full copyrights to any communication or online posts related to my treatment and services.
People seem to be missing the most cogent point here...
"The agreement is based on a template supplied by an organization called Medical Justice, and similar agreements have been popping up in doctors' offices across the country. As we dug into the story, we began to wonder if Medical Justice was taking advantage of medical professionals' lack of sophistication about the law. Doctors and dentists are understandably worried about damage to their reputations from negative reviews, and medical privacy laws do make it tricky for them to respond when their work is unfairly maligned. Although Dr. Cirka declined repeated requests for an interview, his emailed statements (and the statements of his staff) suggest he doesn't understand the terms of the agreement he asks his patients to sign."
Doctors aren't lawyers. Most just want to stay in business and do their job without getting sued. That's where organizations like Medical Justice come in. Attacking the individual Doctors on an issue like this does no good. Because they weren't the people who thought up the chain of logic that led to the creation of this form. So they can't argue the pros and cons of its existence. Meaning they might agree with every counter point you present but still stick with the agreement because they are "trusting experts"
If Ars or anyone else wants to really make a difference in this arena they need to engage those "experts" and take the accusations to that organization (they clearly tried to do this, my issue is with their attack on the doctor)
The problem with the author calling-out an individual doctor is it makes a case for the agreement. By singling out one doctor and attacking him for an industry practice it says "patients can be irrational online" which will make doctors fear the online world more (and hence give more credence to organizations that claim the best way to deal with patients is to censor them)
It seems the obvious thing to do would be to have a site that collects the names and addresses of the doctors and dentists who are so incompetent that they fear reviews.
The internets don't provide much information for doctors to go off of. Lots of people who want to sell them mutual privacy agreements, lawyers that say "you should do it!", but nothing with any real facts about them.
Maybe EFF could do some SEO efforts to get on google's front page talking about what they really mean to balance everybody trying to sell them.
Well, I didnt sign any contract with this guy. I guess I'll head over to yelp now. :> I cant speak for his abilities as a dentist but having to sign something like this is good enough reason to find a different dentist.
I wasn't aware that Spirit had been incommunicado for a full year. Yep, time to give it up. We got great value out of it.
I must resist the temptation to anthropomorphize it. No, I don't feel sad for the poor rover stuck in a cold sandtrap on another planet, cruelly abandoned after years of faithful service. I do not feel sorry for it. I know that it's no more alive than the computer on which I'm typing this, that it's just a few random bits of electronics and some electric motors.
Imagine, in about 20-30 years time, humans land on Mars. If Spirit still has its data stored to disk, and we can retrieve it, then that would mean that the most expensive rescue operation in human history was made to rescue... a robot that was designed to last 90 days on the Martian surface.
Hmm. As a geek I like Gray code and think it has many useful applications, but this is not one of them: Iris stood against the post and the nurse adjusted the bracket to exactly the top of her head. Then she read off Iris's height from an attached display.
How is this an advance on looking at a conventionally numbered ruler (with a similar bracket to touch the top of the head) and writing down the number? It's technological and presumably expensive, but it isn't delivering any discernible benefit that I can see. Measuring height via computer vision + Gray code would be very useful in security applications where you want to log biometric information for a large number of people efficiently (camera + abstract-looking wall design in an access corridor or at a security checkpoint), but if you're paying a human to take the measurement you might as well use a scale that's easily human-readable (ie at a glance). I hope the doctor's scale was at least using bluetooth or similar to automatically update the patient's digital record...but I wouldn't bet on it.
A partially related topic(maybe many of you already know): I was learning about minimizing logic expressions the other day, and I learned about the Karnaugh Map, which uses Gray code for its axes. You can read more about it here: http://en.wikipedia.org/wiki/Karnaugh_map
This seems like as good a place as any to ask: I work at a company that's distributed all across the US and East Asia. We don't really have a coherent phone system. This isn't my area per se, but I'm curious to see what options are out there. What should I look at? Is Skype the way to go or are there better "corporate" options?
I wonder if they will see a huge spike in orders over the next 2 months... I am certainly more likely to buy it now, just in case I need it in the next 2 years.
FYI, this demo silently fails on the current Safari version in OS X 10.6.7. On Chrome and Firefox it renders a mesh in the top right hand corner of the page. Whilst I acknowledge the authors says "Various browsers will have glitches with this hack, as it's really a severe and gross hack", I'm getting rather tired of these examples that are, at best, domain specific browser kludges rather than general interesting cases of HTML/JS usage.
By these standards, the much derided IE specific features were a great thing for the web. Welcome to HTML 5, where "Best viewed in XXX" is the old new rage. I thought we'd left this behind in 2005?
One of my co-founders hacked something similar together in JS using an different technique a few years ago, but never got around to going anywhere with it: http://www.zettabytestorage.com/gloam/
I don't think it's been touched since sometime in 2008, but it's still fun. (Though notably more primitive)
Edit: The website for it is rather sparse and stale, but drop us a note at 'support' at the above domain name and it'll get to the original author of the code.
Edit: Also, not trying to steal your thunder or anything, what you're doing is different and new, what I linked is quite unmaintained. Just pointing out some similar work who's author I know well, and who might be fun to have chat with about it.
For some reason this reminds me of being 14 writting assembly to take over the graphic card and reading various LaMothe books on game programming. Looks nice on the new firefox, no display on ie9.
I think i'll stick to canvas but definetly a neat hack.
I think it's funny that everybody is jumping on the CSS3 animation bandwagon because flash is clunky and maxes out your CPU, and the results are these cool demos that... max out my CPU. Don't get me wrong; it's a cool trick, and I'm as happy to see Flash die as anyone, but the wave of Actionscript 3D engines that were released 3 years ago were better looking and more performant. I understand that it's an immature technology, but I have a terrible feeling that in another year every webpage I visit is going to feature CSS3 animated banners that will have my aging macbook hot enough to grill chorizos on.
I can see this being really useful for some simple 3D transitions within web apps, along the lines of the cylindrical date picker in Safari on the iPhones.
There's no such thing as a perfect design. Most experienced computer engineers I talked to agreed that absorbing this simple lesson constitutes the first step in learning how to get machines out the door. Often, they said, it is the most talented engineers who have the hardest time learning when to stop striving for perfection. West was the voice from the cave, supplying that information: “Ok. It's right. Ship it.”
He would bind his team with mutual trust, he had decided. When a person signed up to do a job for him, he would in turn trust that person to accomplish it; he wouldn't break it down into little pieces and make the task small, easy and dull.
With Tom, it's the last two percent that counts. What I now call ‘the ability to ship product' " to get it out the door.
RIP, Mr. West. I read the Kidder book in high-school, and it was definitely a factor that motivated me to get involved with computers and this industry. Feeling a tinge of nostalgia, I went back and re-read it a few months ago... and found that it stands the test of time well. It's a very interesting read, even if the technology has moved on considerably since the Data General days. And I still wish I'd had the chance to meet Tom West, but sadly, 'twas not to be.
"'What he told them was that if you win at this level, then your reward is that you get to play again at the next level, but guess what: The next level is more difficult,' said Don McDougall of Palo Alto, Calif., a former vice president of technical products at Data General."
That's great insight into how to motivate people to do their best.
I read the book The Soul of a New Machine many years ago, but already long enough after it was published that the technology sounded a bit primitive. It was a grippingly good read, a glimpse into how different personalities mesh to solve a tough technical problem.
I worked at DG during its last four years. I briefly encountered Mr. West a couple of times. His aura was palpable in the hallways. He remains a legend among DG alumni.
Around 1998, West started a new internet focused business unit called THiiNLINE. One of the unit's products was an embedded Linux based wireless router for the home. As a lucky beta-tester, I enjoyed wireless laptop access to my dialup internet connection well before such devices became common. At the time, THiiNLINE was considered a crazy venture. The past thirteen years have proven that West's vision was on the right track.
I had the extreme good fortune of having a Microkid as my mentor for seven years. I learned a ton from him and like to think that I picked up some of the "The Soul of a New Machine" ethos. For that, I will always be thankful to Mr. West and the Eagle group he created.
At some value in excess of ten billion dollars? I won't be buying.
Sure, they're making huge profits right now. But prices should reflect future earnings potential, and what are they going to be doing in ten, twenty, thirty years from now?
They were the first folks to stumble across the secret of making addictive social games. But I see these as a fad, not a long-term trend. There's only so many variations on [ * ]ville you can play before you get bored of it, and only so many times you can be talked into spamming all your friends.
Sure, maybe they'll keep on adapting and having hit after hit. But what are their real advantages? A few programmers who sort-of know how to make a sort-of good game, and some rather nebulous slice of social graph. Compare to some game publishers who have a lot of experience in making many profitable games instead of a little bit of experience making a couple of variations on just one:
Activision/Blizzard: $12.87 billion
Electronic Arts: $7.75 billion
Take Two Interactive: $1.38 billion
If it's 1967, you might want to buy RCA Records, but you don't want to buy The Monkees. The record company can keep on adapting to changing fashions and business conditions and will keep putting out hits for decades to come, but the band will have a brief revenue spike and then vanish.
Zynga, FB, Groupon are the big ones besides LinkedIn... who else? I've heard Twitter, but perhaps they won't yet, they have a huge valuation but little in the way of a business plan. I've also heard Yelp and Pandora. Anyone else?
Go public before people get bored with social networking as a whole! I think that's what we are seeing now -- people actually seeing a slowdown in the explosive segment.
I unfortunately know very little about their business model (advertising? pay-to-play? gifts/items?), but would be very curious to see how it all breaks down. Specifically, where their special-ness lies, and how high the barriers to competition really are.
I want to criticize the high valuation, but in fairness I don't know enough about the company or industry.
From a couple months ago, their estimated revenues for 2011 are $1.8 billion [1]. This is a completely different beast to linked in. I'm very interested in seeing how it goes.
It was sorta obvious after the success of LNKD last week that they were all going to pile in now. Profitable and related to social? By all means, after you..
Somebody had to test the market out.
If LNKD hit $12B then Zynga will hit .... a lot more.
"Thrudb is a set of simple services built on top of the Apache Thrift framework that provides indexing and document storage services for building and scaling websites. Its purpose is to offer web developers flexible, fast and easy-to-use services that can enhance or replace traditional data storage and access layers."
I did almost this exactly last fall, except I used JSON and JSON Schema instead instead of thrift. Called it hummingbird db. I submitted to YC but all I got was an email that it wasn't that interesting.
It seems like a strange thing to provide as a SAAS. Unless you're hosted in the same datacenter, the web latency would surely make the speed of it irrelevant. They mention they're "working on a way for developers to run ThriftDB locally" which might make it worth looking in to. I could see it being useful for some things, certainly, but it wouldn't provide enough benefit as a SAAS to make calls over the web.
If your solution is really so fast, then you must be making benchmarks continuously. How else would you know if you are improving and whether you are actually fast or just faster than [a tree | clouds | a ricecorn]. So either you lie about your performance or you choose to purposefully hide your incredibly well performing benchmarks.
ARM is generally a lot more sane than x86 when it comes to writing close to the metal, although there's a lot less info about stuff out there. Often reading the manuals for the chipset will get you what you want though..
I just wasted ~2 hours reading various pages of this wiki, it's a great resource.
My question is: Other than the obvious educational value, is there something concrete a beginner can do with a minimal kernel? What beginner projects would you recommend?
Whenever I hear about Operating Systems, it reminds me of a comic on how a programmer evaluates the resume of another programmer and one of the items is OS / Compiler development experience is highly valued.
So, on a related note, would you be suitably impressed with a resume if it lists that it has a bare bones file system / shell implemented ?
What a great site. Besides the subject matter, I like the general idea of focused breadth and participation.
Is anyone aware of a similar site for compilers? Or anything else? I've never liked wikipedia's wiki books, their coverage can be spotty, but I like that idea too.
This could be useful for embedded development. Booting a new kernel on any embedded device is tough. This could be handy if you're new trying to debug why your board isn't booting up.
My absolute favorite example of a reporter willfully twisting words is the following.
A reporter was trying to interview my mother about my sister. My mother said, "It's not that we don't think you're important but ...". This wound up in print as, "It's...that we dont think you're important."
Remember, it is the job of the media to get a compelling story out there. They don't care about the truth. They don't care about informing people. They want to create interesting stories that suck people in, and punish people who fail to give them access to information that they wanted (whether or not they had any right to pry).
When we see subjects that we understand misreported in the media, we invariably cringe. When you see subjects you don't know anything about reported in the media, your default assumption should be that if you knew the subject better, you would cringe, and the only reason you're not cringing is that you don't know better.
Here's the graf in the VF piece that has Langner so upset:
“If I did not have the background that I had, I don't think I would have had the guts to say what I said about Stuxnet,” Langner says now, finishing his second glass of wine during lunch at a Viennese restaurant in Hamburg. Langner studied psychology and artificial intelligence at the Free University of Berlin. He fell into control systems by accident and found that he loved the fiendishly painstaking work. Every control system is like a bespoke suit made from one-of-a-kind custom fabric"tailored precisely for the conditions of that industrial installation and no other. In a profession whose members have a reputation for being unable to wear matching socks, Langner is a bona fide dandy. “My preference is for Dolce & Gabbana shoes,” he says. “Did you notice, yesterday I wore ostrich?” Langner loves the attention that his theories have gotten. He is waiting, he says, for “an American chick,” preferably a blonde, and preferably from California, to notice his blog and ask him out.
This looks bad in isolation. But the piece is enormous; more than 60 grafs long. Langner's complaint makes it sound like a hit piece. It's not; it's simply using those (apparently misleading) details to add some color. The article is ostensibly not even about Langner, even though it quotes and discusses him warmly throughout.
I don't want to sound like I'm defending bad reporting, but the VF articles has substantive concerns about Langner as well --- for instance, his prevalence as a authoritative source for lots of other journalism about Stuxnet --- and one way to dodge that is to redirect attention to stupid stuff like what kinds of shoes he really prefers.
"My experience is that journalists report on the nearest-cliche algorithm, which is extremely uninformative because there aren't many cliches, the truth is often quite distant from any cliche, and the only thing you can infer about the actual event was that this was the closest cliche. I should write a separate post on this at some point.
It is simply not possible to appreciate the sheer awfulness of mainstream media reporting until someone has actually reported on you. It is so much worse than you think."
This is a good example of why specialists shouldn't talk to the media. Generally, the interests of (for example) the New York Times are opposed to the interests of (for example) a particle physicist. The incentive structure of mainstream dead-tree media is aligned against producing accurate summaries of specialized information. There are some good parts and some bad parts to this. The bad parts, though, are sufficiently bad that if manipulating the media isn't your actual job, you're probably better off outsourcing that task to a trusted third party. This is basically the same as talking to lawyers and the police: they will lie to you. There will always be some technical exception so that they can tell themselves and the people higher in their authority structure that they weren't really lying, but no, from the perspective of a layperson, they're liars. They lie all the time. So you need to either be the sort of person who can cope with that and tell them the lies in return that will get something resembling your actual views and statements into their publication, or you need a specialist - just like with talking to lawyers - on your side to do that job for you.
Never count on a reporter to act in good faith any more than you would count on that from the police or from a lawyer. They will disembowel you.
This advice is much less applicable, happily, to technical publications in your field, or to 'citizen journalism,' but you still have to be cautious there. The major difference is that with technical publications or citizen journalists, you may have some actual leverage, and they may have some idea what you're talking about. You have no leverage, as a specialist, over the NYT, so they don't care what harm they do to you - what the heck are you going to do to them? And the average reporter for, say, Fox News, doesn't know what the heck, say, Bruce Schneier is talking about. They are worse than laypeople, actually, because they have an incentive to misunderstand.
Don't talk to the mainstream media. They will lie to you, and they are not your friends.
For future reference: If you think you're being set up in an interview, in many cases you can legally record the interview using a voice recorder app on your phone without telling the other party.
The only US states that require all-party notification of a conversation being recorded are:
California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania and Washington.
All other states allow you to record a conversation without notifying the other party provided you are party to the conversation. If the conversation crosses state lines, Federal law applies which only requires one party to know the call is being recorded.
We rag on PR people a lot, but this is definitely a case where a tech company needed a good PR person or good PR company to back them up.
A PR rep being in the room during the interviews never would have let this get out of hand in the way that it did, and they would have framed the interview better to suit the tech company. This is just a case of an unsophisticated tech guy being trodden on by an experienced journalist in order to suit the journalists goals for the story.
PR might be 90% useless now, but there are good PR people out there who could have helped in this case.
Btw I am a huge fan of VF but I thought the Stuxnet piece was weak. I am surprised that some of the more experienced tech journalists are not all over the story releasing articles, books, touring lecture, etc. the mainstream mass market would eat up this story in a hurry (movie deal!)
This mirrors the story of McChrystal's treatment by Rolling Stone (http://www.rollingstone.com/politics/news/the-runaway-genera...). In both cases reporters pull specialists who are unaware and unprepared for the perils of such interviews to uncharted territory and then benefit from the results. I bet they can't pull such a fast one to one who's seasoned, e.g. Lady Gaga.
by a reporter whose work I used to see on my local TV news, explaining how subjects of news stories can turn the tables on reporters by understanding more of the news business. The tips in the book are frank and useful--including sometimes declining to be interviewed.
I've seen similarly bizarre malfeasance by a reporter from one of the most famous newspapers.
Their fact checking is completely useless. They don't check any of the most important or fundamental claims, only the very trivial. Editors apparently don't care or are incompetent.
In the case I'm intimately familiar with the reporter made no claim or attempt at impartiality. He was actively hostile and came close to threatening. He was on a witch hunt and continued his vendetta over a couple years of trumped up articles until he realized no one else bought his bullshit.
I pray for the day when shitty journalists can't hide under the umbrella of a "respected" brand like Vanity Fair. It's too much power with no effective checks or balances.
There have been times in the distant past where I was contacted by people from the mainstream media for interviews or TV appearances on well known shows. I always politely turned them down, because I feared similar exaggerations and distortions to those described in this article. Anything connected with AI or robotics tends to be reported on very poorly and in a highly sensationalised manner, and I didn't want to end up being misrepresented or be portrayed as a crude stereotype.
More interesting (in my mind) is - why are we reading this out of the google cache? The original site doesn't seem to be up. What's the back-story there?
Widespread instant communication is disruptive in a number of ways, that disruption is also a threat.
When I was in Boy Scouts and we visited a police station (which was trying to convince us that crime does not pay), they went to great lengths to explain how radio, and the ability for all of the officers to communicate, gave them a tremendous advantage over the criminal who was attempting to flee a crime scene.
Flash forward to Napster and complaints at how difficult it was for one law enforcement officer (or agency) to police a band of criminals with out-of-band communications infrastructure.
Then forward slightly further to Gulf War 1 where the key targets in the opening salvos were the communication hubs and infrastructure which enabled Iraqi forces to communicate both with headquarters and with each other. With communication out Iraqi units that were, on paper, 'stronger' than the coalition forces deployed against them in parts of the battlefield surrendering, in part because they weren't aware of supporting units nearby.
Finally Egypt, Libya, and Yemen are good examples of communication infrastructure favoring a disperse group in their efforts to overthrow an established presence.
It is no surprise that folks who have used communications superiority as an advantage against their adversaries are keenly aware of the disadvantage of not having the communication 'high ground.' Those folks will work tirelessly both in the open and underground to give themselves the advantage.
I think it's ironic that France is involved. The effect their three-strikes law has is to remove French culture from the Internet, which I was under the impression they liked trying to spread.
This is probably the single most discouraging thing I've ever read about startups, but at least it's honest. Entitlement? "Naughtiness"? I think after Google, the idea got out there that it's possible to succeed by just being good. Technically and morally. This sounds like a return to status quo. Not saying he's wrong. He's almost certainly right, it's just depressing.
It's interesting to see pg's opinion about what is important in founders evolve over the years. When I applied to YC in late 2008, I was told by alumni that YC was "looking for smart people." Although he's talked about discipline and determination as early as May 2004 in his essays those words were most commonly found next to the words "talent," "skill," or "smart," as if the two qualities were equally important.
Now it seems that YC has learned empirically that determination is the more important predictor of success (see intro to The Anatomy of Determination).
A concern for YC might be: with this new emphasis on determination, it might become the next thing applicants try to "fake" to get accepted?
"The total value of YC companies is now around $3 billion " YC has invested a total of around $5 million."
Damn, that's a good return, if you assume all positions were held and an 8% stake taken then that should yield $240 million, or an ROI (CAGR) of 116% since 2005. (This assumes the 5 million was all invested in 2005).
Anyone have a good metric to factor dilution from future rounds?
So at roughly a stake of 6% which YC takes, at a total $3 billion valuation, YC's stake is worth $180 million, from an investment of just $5 million. Not a bad payoff, surely to make a lot of Angels and VCs very envious.
Dropbox, the startup that most easily came to pg's mind, began with a single founder, who didn't already have a relationship with his co-founders. It was also a great idea, well-worked out from the beginning. Not undermining the five points, just saying that they're more guidelines.
It's crucial to look at the founders, because that's what does the work. Just as Catmull says of movies, a successful startup is made of many creative ideas; also, many implementation challenges, flexible adaptations and tests of determination that is very hard for one person to handle.
A startup is an on-going process, not a one-off event.
I think what Mr. Graham is saying is not only natural, but inspiring. Firstly success and opportunity generates itself, and the best way to generate that is to look for patterns. So if people like us are successful, then in looking for more success, we should look for people like us. Secondly, the fact that 'naughtiness' is one way to look outside of the status quo, doesn't diminish all the other ways of looking for solutions. Mr. Graham celebrates 'naughtiness', other 'like us' traits could include tenacity, perseverance, team oriented, data driven, and humility. So this is not about following the rules versus not following the rules, it's about being able to distinguish between necessary, even essential rules and problematic rules. Today Mr. Graham exhorts us to celebrate naughtiness in our quests, tomorrow we can celebrate mischievousness. There's plenty of time, and plenty of traits to success.
Meh... Y Combinator is a potential source of start-up funding. Just as important, Y Combinator is not exclusive of any other source of funding. The difference between YC and other sources of funding is that YC funds a lot of companies twice a year rather than on an as-needed basis so the whole process is very eventful.
As YC funds more companies, the value of the "We're a YC company" branding diminishes faster. Whatsmore, there's some curious economics in how YC companies do business with other YC companies. If the bulk of customers of YC companies are other YC companies, then you what you have is basically just a pyramid scheme. It's also kinda lame to hear Paul Graham play favorites and talk about how great Sam Altman is all the time.
Aside from the visual violation, nobody should hide their digits under socks in spring/summertime. All feet look good; nothing a good pedicure can't fix.
* The stable marriage problem (D. Gale and L. S. Shapley: "College Admissions and the Stability of Marriage", American Mathematical Monthly 69, 9-14, 1962.), http://en.wikipedia.org/wiki/Stable_marriage_problem
I've yet to see a compelling argument for why I should want a browser with WebP support. Unless images start out lossless, and then are encoded into WebP directly, all I'll ever get out of WebP is smaller images that have more encoder artifacts - and I don't want that. I've got plenty of bandwidth; I'd rather download images in their original JPEG or PNG formats, especially if that means I can then open them up in any image editor or viewer on my computer, instead of having to install some special (and likely buggy) new WebP viewer/converter.
I think if WebP offered useful features JPEG doesn't, like alpha channel support or support for higher bit depths or useful new metadata, that'd at least justify it, and people would be creating new demos that showed off the technology. We saw this with the uptake of support for PNG after people started showing how PNG's support for alpha transparency made it possible to do interesting things that you couldn't with JPEG/GIF. WebP has no such compelling feature.
The one time that I've found a practical application for WebP was when a client needed to fit a roughly 1-megapixel photograph in less than 5 kbytes of storage space. JPEG starts falling off a cliff in terms of image quality once you push it to extreme compression factors (like down near quality-0), but WebP degrades very gracefully and relatively linearly.
The test images we put together turned into nearly unrecognizable blocky messes when compressed with JPEG, if they fit at all. The same test images, compressed with WebP, looked surprisingly decent and were quite usable.
That said, if our photo storage budget had been 10 kbytes instead of 5 kbytes, JPEG would have been fine for the project's purposes. It was that last little squeeze that really killed JPEG.
I find that Jeff Muizelaar's argument (not Arstechnica but what they talked about) very weak. He said WebP is not good because:
* Jpeg has some fancy features not seen in WebP (4:4:4 YCrCb, CMYK support, etc)
* Jpeg's compression is "good enough", and nobody cares about diskspace (cited Facebook 85%, Flickr 96% quality level)
* If WebP, why not Jpeg XR?
* WebP has no alpha channel support!
* There are "low hanging fruit" in Jpeg optimization such as progressive encoding.
Each of these points in isolation may be valid, but together they give me the feeling that he was arguing surgically. He said Jpeg is already very good, Jpeg is actually bad but there are low hanging fruit to improve it, and whether Jpeg is good or bad doesn't matter because nobody cares.
Personally I feel the "75% is already very good" argument to be the weakness. Facebook pictures are very poor compared to the original, and if diskspace is not a problem they would have increased it to 96% like Flickr.
I hope Mozilla supports the format and let the users decide.
Google is essentially comparing WebP to JPEG right now like you would compare PDF to plain-text. They have a proof of concept ("look, the text appears on the screen!") that has a smaller file size but lacks any actual features. My concern is that once they implement all the features required of a mature image format (alpha, color modes, etc), size will be on par with another existing format.
Striving for a lower file size is inherently a good thing, but as disk space is becoming cheaper and cheaper and it's not as important anymore. Judging from the comparison gallery at http://code.google.com/speed/webp/gallery.html, it's not very impressing. The result is much more blocky and there is significant loss in detail in detail-concentrated areas.
Case in point: the first image of a landscape has two major noticeable artifacts: the shadow of the mountain (mid-right) reveals the blocky compression of WebP. Second, the compression algorithm tends to smooth out a lot of detail. Observe how the vegetation gets mushed out. The clouds as well (mostly on the top left).
Great for video, not so much for images (from the gallery above anyway). I would like to see a better comparison with WebP vs JPEG but compressed to about the same file size and with a RAW source (to remove any compression bias).
Despite working largely in the games industry I don't generally get excited by new game releases - other than Portal 2 which I massively enjoyed, I haven't really played any single player games in the last 6+ years.
But DNF does look like it's going to be really good, and I'm actually looking forward to play through it. The 2k (publishers) guys were at Gadget Show Live (a 100,000+ consumer event in the UK that I'm involved with), and spent quite a bit of time talking about the game there, as well as trying out the demo. (They claim that a colleague of mine and I were the first people not related to the developement to play it in the UK, which I'm slightly proud of).
It's obvious the amount of passion that's gone into the game, and it's obvious how hard they've tried not to let down the fans who have been waiting for so long. And, most importantly, it's obvious that they weren't afraid of making a FUN fps title, not a game that does it's best to make you think you're in a real-life situation.
Really hope it's as commercially successful as it deserves to be, and as I think it will be.
edit: To give an idea of how it will live up to people's hopes, here is a picture of Paul (my colleague mentioned above) http://lockerz.com/s/91561838 playing the game. He's 39 and doesn't have a huge amount of time for playing games now days. He was at E3 in 1999 (was it 98?) when they first demo'd DNF, and has been waiting since then - when I told him he could play it at Gadget Show Live, he was like a kid on Christmas morning. And he absolutely loved it, was blown away by how much fun it was. (Side note, if anyone reading this went to the event, you might recognise Paul as being the presenter from the main stage in the Game Zone hall =].)
"...they finally assembled the pieces to create an incredible, epic and cohesive gameplay experience."
Most game manufacturers don't tout cohesive as a feature... it's supposed to be a given. I hope I'm wrong, but given what I know about the development of DNF, I can't help but suspect that the reason they are mentioning it so loudly is because it isn't.
I would have much preferred a lackluster sequel 14 years ago than an amazing game today. I no longer own a Windows PC, play first person shooters, or use a mouse.
Isn't this a bit like Chinese Democracy by Guns 'n' Roses? Meaning that all that time and money invested have raised the expectations to levels than can never be satisfied?
I'm going to need a new vaporware joke now! This one has served me since the dot com bubble days.
Seriously, this looks great. I am afraid I am no longer the target audience but I'll probably try it for nostalgia's sake. I have the strangest feeling that - like rewatching Star Blazers now that I'm not ten - it's not going to hold up that well, but if anyone can do it right, it's Gearbox.
I remember playing Duke Nukem on my N64 when I was only 8/9 years old. I'm not a big gamer but it was one of the most fun games I ever played. I can't wait to get this. I'll be installing Windows 7 on my Mac just to play it.
Haha. I remember joking about the name of this game at the Naughty Dog offices when it was like 3 years late -- I swear it was in the 90s! Perhaps during the development of Crash Bandicoot Warped. Never ever pick a title with the word "forever" in it.
I don't want to put words into anyone else's mouth here, but if anyone ever made and wore a t-shirt containing a frequency count of the words in stuff I'd written, then I'd find it kinda creepy and weird.
Sort of off topic, but I wonder if you can copyright or otherwise do something legalish with specific word frequency distributions. It's not nearly enough information to, say, reconstruct a corpus, but it's often sufficient information to identify someone with precision (so I've heard, anyway).
I think its a great design coming from a designer myself, but I'm no lawyer and I don't think you can be making money off someones logo or brand. I dont think you need to be a lawyer to know that either.
Plain and simple, would you want to create a startup and someone make tshirts and make money off your brand or logo?
"the products use icons similar to those used by Apple," according to the report.
Can you patent icons? Aren't US software patents business process patents? I've read some number of software patents and can't remember a single one patenting things like a 4x4 grid of icons or colorful square pictures with rounded corners. Didn't Lotus v. Borland set precedent for a lack of look and feel copyright? [1]
From the picture in the article, the 4x4 with a bottom 4x1 fixed row is clearly a rip off. OTOH, the other devices are quite obvious. I remember seeing a keyboard with a connector on top like the one to the right for my Palm (not the WebOS one, the ancient Palm Professional)
And, quite frankly, I would really prefer a vanilla Android interface to this.
Yes, Wikipedia is a remarkable feat, but let's take a deep breath before we elevate it to the same status as the Great Wall of China, Notre Dame, Taj Mahal and Angkor Vat.
And think the idea through: If Wikipedia can get on, is there any reason, what so ever, that Facebook can't? And hasn't the world heritage list lost all meaning by then?
(i) "represents a masterpiece of human creative genius"
(ii) "exhibits an important interchange of human values, over a span of time, or within a cultural area of the world, on developments in architecture or technology, monumental arts, town-planning, or landscape design"
(iii) "bears a unique or exceptional testimony to a cultural tradition or to a civilization which is living or which has disappeared"
(iv) "is an outstanding example of a type of building, architectural, or technological ensemble or landscape which illustrates a significant stage in human history"
(v) "is an outstanding example of a traditional human settlement, land-use, or sea-use which is representative of a culture, or human interaction with the environment especially when it has become vulnerable under the impact of irreversible change"
(vi) "is directly or tangibly associated with events or living traditions, with ideas, or with beliefs, with artistic and literary works of outstanding universal significance"
I'd say Wikipedia passes all of these to an extent, although maybe it is a bit too soon to say so. Who are we to say that our current period is a "significant stage in human history"?
> This is why as a cross-border cultural achievement, WIKIPEDIA deserves recognition and protection as UNESCO's first digital World Cultural Heritage Site.
What, pray tell, is the point of any of this?
I get 'UNESCO' for, say, nice places that deserve recognition and protection, but... a web site? Are they going to cough up cash? Whose cash?
Main issue against this: Wikipedia is not in danger of any kind.
Although "need for protection" is not listed in the criteria for selection according to UNESCO's website (http://whc.unesco.org/en/criteria), the "Convention Concerning the Protection of the World Cultural and Natural Heritage" which established the concept of World Heritage Sites specifically states that World Heritage Sites are to be used for protection of threatened sites. Page 1 of http://whc.unesco.org/archive/convention-en.pdf states it all quite clearly.
My 2 cents on this is that the decision for something to be considered a worldwide heritage cannot be taken in such haste. Time averages and moderates the opinion. Sure Wikipedia is a nice achievement. But its merits, benefits and importance would have to stand the test of time. Perhaps our future generations can take such a decision, but for Wikipedia to propose that right now, is 'overly pompous' as someone commented.
EDIT: Downvoted for this! It stands to reason that a true measure of greatness comes with time. This is the reason that the 'pontification' process has these checks of time. To let reason and proper debate hold sway over other considerations.
Maybe I should have, but I didn't know what UNESCO was. In case you're like me here's a link to the World Heritage Convention which isn't on the wikipedia site: http://whc.unesco.org/en/list
wikipedia World Heritage? i believe not. 1. it is heavily biased. 2. censored. 3. not always as acurate as it could be. (down vote me, it will still not change the fact that for example what is deleted is someones priority, not necessary in accordance with academia.)
Granted, it's always alarming to learn when companies either store plain-text or store reversible encrypted passwords where they hold the key, but it's not surprising. Sometimes, usability, convenience and customer experience are more important than IT security, thus mgt decides that these things are acceptable risks.
1) In my experience, it's often harder to set your app up to use reversible encryption instead of hashes, especially if you're using an existing authentication library. In a case like this, I would assume the path of least resistance is more likely.
2) Storing passwords as reversible encryption is almost as bad, as the person who compromises your security would likely have access to your application code (and therefore the key to decrypt the passwords), and the negligible benefits of being able to retrieve passwords are not usually worth the potential liability.
From a customer service standpoint, I don't plan to ever let people know I am doing this because they will try to call me out on being evil about it.
Can we make one?
1: https://twitter.com/#!/igrigorik/status/69120340063825920
This just means the password is easily convertible to plaintext - either because it's stored in plaintext or because it's encrypted and their support folks are able to decrypt it. The former is completely indefensible, the latter is "just" very very bad.
All you did was talk to a Newegg rep, you said he mis understood you and email you your Newegg password. What evidence do you have and in what logical reasoning does that lead to Newegg storing passwords in plain text?
He could have used your info and looked it up in the Newegg system, probably clicked a check box that says "email password" the system could have decrypted it and sent you the password.
I've seen many sites that actually send you your username and current passwords if you forgot. It doesn't mean that when it's stored on their system it was not encrypted.
Edit: to clarify, my whole point is in reference to how the password is stored in plain text.
c'mon. really?
no. put my vote in the box marked 'plain text.'
m3mnoch.
If they leak my info, then I'll care.
Of course, Newegg should adopt a strong hash policy since they've introduced a single point of failure.
There are many available solutions that make it easy to have a different, secure password for each site you visit.